Maybe this could help? :-) (way to crack AES?) - DSLR Hack development - CHDK Forum

Maybe this could help? :-) (way to crack AES?)

  • 3 Replies
  • 3780 Views
Maybe this could help? :-) (way to crack AES?)
« on: 05 / May / 2009, 09:39:58 »
Advertisements
Cryptool (http://www.cryptool.com/download/SetupCrypTool_1_4_30_beta_03_en.exe) has the ability to Brute force AES including using known common parts of the key.  It also has advanced techniques for analyzing encrypted data.

Hope someone will find this useful.

Re: Maybe this could help? :-) (way to crack AES?)
« Reply #1 on: 06 / May / 2009, 16:02:16 »
Quote
15. Approximately how big are the AES key sizes?

The AES will specify three key sizes: 128, 192 and 256 bits. In decimal terms, this means that there are approximately:

3.4 x 1038 possible 128-bit keys;
6.2 x 1057 possible 192-bit keys; and
1.1 x 1077 possible 256-bit keys.

In comparison, DES keys are 56 bits long, which means there are approximately
7.2 x 1016 possible DES keys. Thus, there are on the order of 1021 times more AES 128-bit keys than DES 56-bit keys.


16. What is the chance that someone could use the "DES Cracker"-like hardware to crack an AES key?

In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.

Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
Canon 50D - Canon 60mm f2.8 Macro / Tamron 17-50mm f2.8 /  Seatool Underwaterhousing
Canon 800IS

Re: Maybe this could help? :-) (way to crack AES?)
« Reply #2 on: 11 / May / 2009, 15:25:44 »
While I admire your enthusiasm, it is clear that you A) Did not read my entire post, and B) Did not check out the software.  Your post is barely relevant to what I was proposing and in reference to what the software can do.  If you have some known parts of the key the AES brute force algorithm will run much faster (and will do far more than 255 keys a second); although I realize that brute forcing may be unlikely, it couldn't hurt.  I also mentioned in my post that the software provides advanced techniques for analyzing encrypted data, this could be useful in trying to discover the keys used to encrypt the data we are trying to access. 

So thanks, for the cut and paste info.  You really know how to use a mouse.

Re: Maybe this could help? :-) (way to crack AES?)
« Reply #3 on: 11 / May / 2009, 16:25:40 »
There should be at least 2 AES keys.

(Im using the D1000 1.0.5 firmware as i only own a D1000. But the other images use the same way to
decrypt the header)

First some infos about the TABLES that will get used from the payload_header:

Code: [Select]
               RAW         VA      LEN
data_head: 0x001A0190  0x009A0190  ?
data     : 0x001A01A8  0x009A01A8  ?
TABLE1   : 0x001A01AC  0x009A01AC  0x10
TABLE2   : 0x001A01BC  0x009A01BC  0x20
TABLE3   : 0x001A01DC  0x009A01DC  0x10
TABLE4   : 0x001A01A8  0x009A01A8  0x4
TABLE5   : 0x001A01A0  0x009A01A0  0x4

The 1. AES key is the SHA1 256bit hash that you get as the output of the array :

Code: [Select]
TABLE4                 sp+0x10 - 0x14
HEADEROPERATION OUTPUT sp+0x14 - 0x34
TABLE5                 sp+0x34 - 0x38

The hash will get used as AES key to decrypt the first 0x20 bytes of the array TABLE1 + TABLE2
in operation mode 2 which could be CBC or ECB ...

possible attacks are:

1. attack) trying to reverse the unknown operation on the header which will get used to create 0x20bytes for the hash.
    (unknown_operation_on_header). then the calculation of the hash and the decryption of the table isnt a big deal.

Code: [Select]
ROM:0080D150 0A 00 A0 E1                 MOV     R0, R10         ; R0 = e6kr5105.fir_0_header.bin <- unsure
ROM:0080D154 14 10 8D E2                 ADD     R1, SP, #0x14
ROM:0080D158 08 20 A0 E1                 MOV     R2, R8
ROM:0080D15C 0B 1D 00 EB                 BL      unknown_operation_on_header
ROM:0080D160 04 10 87 E2                 ADD     R1, R7, #4      ; R1 = 0x9A019C + 0x4
ROM:0080D164 34 00 8D E2                 ADD     R0, SP, #0x34   ; TABLE_5
ROM:0080D168 04 20 A0 E3                 MOV     R2, #4
ROM:0080D16C 6D 11 06 EB                 BL      bcopy_0         ; R1 = ptrData, R2 = LEN, R0 = DESTINATION
ROM:0080D170 C4 40 8D E2                 ADD     R4, SP, #0xC4
ROM:0080D174 28 10 A0 E3                 MOV     R1, #0x28
ROM:0080D178 04 20 A0 E1                 MOV     R2, R4
ROM:0080D17C 05 00 A0 E1                 MOV     R0, R5
ROM:0080D180 08 1D 00 EB                 BL      HASH_SHA1_256
ROM:0080D184 0C A0 8D E2                 ADD     R10, SP, #0xC
ROM:0080D188 06 30 A0 E1                 MOV     R3, R6          ; R6 = TABLE_1 + TABLE_2
ROM:0080D18C 04 10 A0 E1                 MOV     R1, R4          ; R4 = HASH_RETURN
ROM:0080D190 02 60 A0 E3                 MOV     R6, #2          ; R2 = OPERATION_MODE (CBC ? ECB ?)
ROM:0080D194 0A 00 A0 E1                 MOV     R0, R10         ; OUTPUT BUFFER
ROM:0080D198 08 20 A0 E1                 MOV     R2, R8          ; LEN = 0x20
ROM:0080D19C 00 60 8D E5                 STR     R6, [SP]
ROM:0080D1A0 B1 1C 00 EB                 BL      call_call_run_aes
ROM:0080D1A4 00 00 50 E3                 CMP     R0, #0
ROM:0080D1A8 47 00 00 1A                 BNE     decryption_failed


2. attack) ive checked the dumper for the 5D2/40D/50d firmware. i tried to get it working for the 1000d.

Code: [Select]
case 0x80000254: // 1000D
// 1000D updater 1.0.5 params
// 00807128 tUpdMgr
open = (ft_open) 0x00916B48;
creat = (ft_creat) 0x00916A84;
write = (ft_write) 0x00916D7C;
close = (ft_close) 0x00916E34;
shdn = (ft_shutdown) 0x00807874;
// ROM params
rom_start = (void *)ROM0_ADDRESS;
rom_size = ROM0_SIZE;
rom1_start = (void *)ROM1_ADDRESS;
rom1_size = ROM1_SIZE;
break;

but i dont get a file created. i also tried to play with diffrent calling arguments.
as the functions i found use diffrent arguments (os is vxworks as firmware loader).
so if maybe someone can help me out to get the dumping working it would be
possible to patch the code right befor and after the aes decryption. so we could
grab the aes keys or decrytped header ... maybe someone has a clue how to get
the vxworks functions to create a file on the sd card :/ i can also upload the dumper
ive done for the d1000 if someone would like to play around.



 

Related Topics