Talk:Seeds: Difference between revisions
Jump to navigation
Jump to search
(→sc_iso) |
(→sb_iso) |
||
Line 55: | Line 55: | ||
k3: 30479D4B80E89E2B59E5C9145E1064A9 | k3: 30479D4B80E89E2B59E5C9145E1064A9 | ||
k4: 64E30D19A16941D677E32EEBE07F45D2 | k4: 64E30D19A16941D677E32EEBE07F45D2 | ||
== sv_iso == | |||
k1: 17C0750CF94A32F15B761DEAD5213E86 |
Revision as of 17:55, 14 February 2014
Further Help on finding the crypto ocurrences in N's twitter (and other ones aswell)
It is necessary to do some investigation, and these things might help:
- unselfing every self possible and seek for hardcoded data inside the elf
- read the metadata of the self using readself(2) and encoded print_hash function
- print_hash accepts two parameters (offset,length) where offset is where you want to localize the position and length is the lenght printed in bytes
- reverse engineering (whoever is capable of this and wants to give it a try is welcome to do so)
If i wasn't dumb to look for this, then certainly you, whomever you are, are not, and you're welcome to give it a shot at this :)
Good Luck
Theory about EID1 and EID4
- EID4 shows the omac of the decrypted values in plain form when in encrypted state
example:
ENCRYPTED
AA F3 F9 3F CB 2C 10 97 C1 24 6A C7 1B 72 79 0B 88 B1 00 0E 9B 0D 95 A3 D7 3E 3E 9C 6F 40 32 D0 04 33 3E 57 7E 1C ED 87 FA 92 56 09 28 48 34 31
DECRYPTED
02 0F 2A 40 2F 6B 0F 38 47 CB AC 2A B2 E1 5B D9 C1 BC 45 64 6D C5 E7 DB 51 3A 4C B7 FF 7B 4E F3
the 3rd 16 byte value in the encrypted section is the hash in cmac-mode of the decrypted 32 bytes
- the same happens in EID1
assuming this, are we safe to say eid1 is ALREADY decrypted OR does it contain aditional crypto layers? if it IS decrypted, what is inside it? they're exactly 640 bytes. that'd give room to 40 16 byte keys or 10 64 byte seeds.
Other undocumented crypto stuff
sc_iso
k1: 3B050A7CA2961582228EE8029E4159D5 k2: C367A9AA6A166128B794883E61588B48 pub: 97A66090C2B61AC166162FBD85652EF3D3C040A81A9F7BD51006DD1D3F3E2E2B726F985014577D4B
sb_iso
k1: 2B05F7C7AFD1B169D62586503AEA9798 k2: 74FF7E5D1D7B96943BEFDCFA81FC2007 k3: 30479D4B80E89E2B59E5C9145E1064A9 k4: 64E30D19A16941D677E32EEBE07F45D2
sv_iso
k1: 17C0750CF94A32F15B761DEAD5213E86