Hi, Apage43 wrote: > I tried XORing two encrypted osos images, as I had had the same > suspicion (key reuse), but the "entropy" tool in the linxu4nano svn > still gave a high number (7.9 at least) for the output, which it > shouldn't have if the key was reused, a stream cipher was used, and I > xor'd the files properly.
This is very interesting. Just to be sure, could you briefly try all the combinations between the four firmwares we got (it's 12 combination), extract the entropy number for each of them, give the procedure you used and, finally, send the results here. We wouldn't like to be misleaded by some statistical weirdness based on only one trial. :) This result is crucial because this should definitely rule out the stream cipher and push forward a block cipher encryption (maybe AES as stated in: "In Mac OS X 10.4.x, an apple-protected binary is a Mach-O file containing one or more AES-encrypted segments." See: http://www.osxbook.com/book/bonus/chapter7/binaryprotection/). But once more, I would like to have a really complete analysis that anybody can reproduce before getting down to the conclusion. We can even try to xor aupd.fw and osos.fw payload together to see what happen (just in case there is a unique key for all the system). > However, since the checksums don't seem to be > checked, it would seem that code injection (if we knew part of the > plaintext and its location), is in fact possible. I mention this in > comments on the crypto synthesis page. You must be talking about aupd.fw. Yes, this is definitely an option. I already thought about it but didn't investigate further. But don't forget that my assumptions about the role of aupd.fw and osos.fw are almost random guesses. I have no proof that it's for real (if someone can think about a way to check this I would be extremely pleased). Regards -- Emmanuel Fleury | Office: 261 Associate Professor, | Phone: +33 (0)5 40 00 69 34 LaBRI, Domaine Universitaire | Fax: +33 (0)5 40 00 66 69 351, Cours de la Libération | email: [EMAIL PROTECTED] 33405 Talence Cedex, France | URL: http://www.labri.fr/~fleury _______________________________________________ Linux4nano-dev mailing list [EMAIL PROTECTED] https://mail.gna.org/listinfo/linux4nano-dev http://www.linux4nano.org
