Cryptography Tricks: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
Here are some cryptography tricks that i've learned with some important people and that helped made this page. They helped a lot with the Keys and Seeds page construction. Use them wisely :)
Here are some cryptography tricks that I have learned with some important people and that helped to make this page. They helped a lot with the Keys and Seeds page construction. Use them wisely :) - Zecoxao


= AES-CTR tricks =
= AES-CTR tricks =


* Recovery of partial plaintext with two ciphertexts encrypted with same key and iv by knowing where zeroes (\x00) are located
* Recovery of partial plaintext with two ciphertexts encrypted with same key and iv pair by knowing where zeroes (\x00) are located. This trick was used in the recovery of the PS3 ebootrom keys. Xoring these ciphertexts will reveal plaintext where in both locations there are zeroes in one place and plaintext in the other.
* This trick was used in the recovery of the ebootrom keys
* AES-CTR encryption is the exact same operation as decryption. If you can make the hardware (black box) decrypt for you, you can also make it encrypt.
* Xoring these ciphertexts will reveal plaintext where in both locations there are zeroes in one place and plaintext in the other


= AES-CBC tricks =
= AES-CBC tricks =


* The iv of a CBC operation is always the previous 0x10 block of the ciphered text when decrypting it into the plaintext, UNLESS it's the starting operation. in this case it is specified by the end-user
* The iv of a CBC operation is always the previous 0x10 block of the ciphered text when decrypting it into the plaintext, UNLESS it is the starting operation. In this case it is specified by the end-user.


= AES-ECB tricks =
= AES-ECB tricks =


* If cbc is used on a block and if the attacker knows where 16 bytes of zeroes are located in known plaintext with given ciphertext location, he can use AES-ECB with the guessed key on that location. if there is a match of the previous 16 bytes as result, the attacker automatically knows the guessed key is the correct key
* If CBC is used on a block and if the attacker knows where 16 bytes of zeroes are located in known plaintext with given ciphertext location, the attacker can use AES-ECB with the guessed key on that location. If there is a match of the previous 16 bytes as result, the attacker automatically knows that the guessed key is the correct key. This means that the first 16 bytes of the ciphered text will be equal to the second 16 bytes of the plaintext of the ECB decryption, if the plaintext is supposed to have zeroes in the CBC decryption and the ECB/CBC key is correct. ?Do you precisely mean "block" instead of "location" and "16 bytes"?
* this means that the first 0x10 bytes of the ciphered text will be equal to the second 0x10 bytes of the plaintext of the ecb decryption, if the plaintext is supposed to have zeroes in the cbc decryption and the ecb/cbc key is correct.
 
= AES-CTR and AES-CBC tricks =
 
* If the plaintext starting 0x10 byte block contains zeroes only and is encrypted with AES-CBC, one can also use AES-CTR to know if the key and iv are both correct. Simply attempt to AES-CTR decrypt said block using the given key and iv, and if it turns out zeroes, then it is the correct key and iv. This only works if the starting block is 0x10 zeroes.


= AES-CTR && AES-CBC tricks =


* If the plaintext starting 0x10 byte block contains zeroes only and is encrypted with AES-CBC, one can also use AES-CTR to know if the key and iv are both correct. simply attempt to decrypt said block using the given key and iv, and if it turns out zeroes, then it'll be the correct keys. this only works if the starting block is 0x10 zeroes.
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>

Revision as of 23:58, 21 August 2021

Here are some cryptography tricks that I have learned with some important people and that helped to make this page. They helped a lot with the Keys and Seeds page construction. Use them wisely :) - Zecoxao

AES-CTR tricks

  • Recovery of partial plaintext with two ciphertexts encrypted with same key and iv pair by knowing where zeroes (\x00) are located. This trick was used in the recovery of the PS3 ebootrom keys. Xoring these ciphertexts will reveal plaintext where in both locations there are zeroes in one place and plaintext in the other.
  • AES-CTR encryption is the exact same operation as decryption. If you can make the hardware (black box) decrypt for you, you can also make it encrypt.

AES-CBC tricks

  • The iv of a CBC operation is always the previous 0x10 block of the ciphered text when decrypting it into the plaintext, UNLESS it is the starting operation. In this case it is specified by the end-user.

AES-ECB tricks

  • If CBC is used on a block and if the attacker knows where 16 bytes of zeroes are located in known plaintext with given ciphertext location, the attacker can use AES-ECB with the guessed key on that location. If there is a match of the previous 16 bytes as result, the attacker automatically knows that the guessed key is the correct key. This means that the first 16 bytes of the ciphered text will be equal to the second 16 bytes of the plaintext of the ECB decryption, if the plaintext is supposed to have zeroes in the CBC decryption and the ECB/CBC key is correct. ?Do you precisely mean "block" instead of "location" and "16 bytes"?

AES-CTR and AES-CBC tricks

  • If the plaintext starting 0x10 byte block contains zeroes only and is encrypted with AES-CBC, one can also use AES-CTR to know if the key and iv are both correct. Simply attempt to AES-CTR decrypt said block using the given key and iv, and if it turns out zeroes, then it is the correct key and iv. This only works if the starting block is 0x10 zeroes.