yeh i would like to see the code, why C# why not C or C++ you would have
finnished the cycle by far quicker. But any way. Good work.
On 9/27/07, Jeremy Prater <[EMAIL PROTECTED]> wrote:
>
> That's a good question. What makes me so sure its rc4. I don't have any
> real proof, just speculation. I appreciate all the cpu power you guys have
> thrown out for me to use. Im going on previous ipod data gathered from 5g
> aupd encryption that was broken. It was rc4,partial key was in the security
> header (google rc4 on linux4nano). Right now im 3.9% thru the keyspace
> running at 14k keys/sec doing a very very small search of the beginning of
> the data area for a valid arm-9 instruction sequence. Im making a ton of
> assumptions about arm-9 and im assuming that the initial instruction is a
> 1110xxxx xxxxxxxx xxxxxxxx xxxxxxxx meaning the conditional is an 'always'
> execute command (being the first command in the osos data It would make
> sense to be always execute). So I have 3.3days eta on a 100% keysearch. Im
> running 7 threads which split up evenly thru 2^32 keyspace like this.
>
>
>
> Uint32 start = 0;
>
> Uint32 interval = 2^32 / numthreads;
>
> For (int d=0;d<numthreads;d++) {
>
> Startdecyptthread (start);
>
> Start += interval;
>
> }
>
> So im searching many keyspace areas at once. I chose 7 threads as an
> arbitrary number to split up the keyspace oddly. More than 7 threads (eg.
> 15,19,20,…) I think that the cpu scheduling will be impacted and reduce my
> kps. I think 14xxx kps its pretty fast, true im not decoding the entire 6mb
> osos just the first few bytes for check for an arm opcode. So far no hits,
> if anyone wants my entire code ill post it (its c# .net 2.0 vs2005). Lemme
> know what you guys think. -- Jeremy
>
>
>
> *From:* mat h [mailto:[EMAIL PROTECTED]
> *Sent:* Thursday, September 27, 2007 4:19 PM
> *To:* Hardware and developpement mailing list.
> *Subject:* Re: [Linux4nano-dev] Update to rc4 key search (optimized)
>
>
>
> ok, just give me a bell if you need cpu power.
>
> Anyway what makes you so sure that the key is RC4?
>
> On 9/27/07, *Martin Sandsmark* < [EMAIL PROTECTED]> wrote:
>
> I don't think CPU power will be a problem, I have access to quite a few
> servers (if I ask nicely, and nice it down, I can run it 24x7;)), and my
> laptop is a 2.2ghz dual core (theoretically 24x7 too).
>
> martin
>
> On Friday 28 September 2007 01:10:46 mat h wrote:
> > i can use 12 hours at night on my core 2 duo e6700 and a bit of time
> > on my e6300 to generate keys.
> >
> > On 9/27/07, Jeremy Prater <[EMAIL PROTECTED]> wrote:
> > > So I slimmed my app way way down and made it multithreaded, here is
> > > what its doing right no
> > >
> > >
> > >
> > > Time
> > >
> > > KeysProc
> > >
> > > dTime
> > >
> > > dKeys
> > >
> > > kps
> > >
> > > KeysLeft
> > >
> > > ETA Seconds
> > >
> > > ETA Minutes
> > >
> > > ETA Hours
> > >
> > > ETA Days
> > >
> > > Num Threads
> > >
> > > Thread 0 Counter
> > >
> > > 9/27/2007 12:01:31
> > >
> > > 33
> > >
> > > 0:00:11
> > >
> > > 15018
> > >
> > > 1365.273
> > >
> > > 4294967263
> > >
> > > 3145867.635
> > >
> > > 52431.12724
> > >
> > > 873.8521207
> > >
> > > 36.41050503
> > >
> > >
> > > 9/27/2007 12:01:42
> > >
> > > 15051
> > >
> > > 0:00:59
> > >
> > > 82201
> > >
> > > 1393.237
> > >
> > > 4294952245
> > >
> > > 3082714.107
> > >
> > > 51378.56845
> > >
> > > 856.3094741
> > >
> > > 35.67956142
> > >
> > > 4
> > >
> > > 14
> > >
> > > 9/27/2007 12:02:41
> > >
> > > 97252
> > >
> > > 0:01:04
> > >
> > > 90292
> > >
> > > 1410.813
> > >
> > > 4294870044
> > >
> > > 3044252.894
> > >
> > > 50737.54823
> > >
> > > 845.6258038
> > >
> > > 35.23440849
> > >
> > > 4
> > >
> > > 3158
> > >
> > > 9/27/2007 12:03:45
> > >
> > > 187544
> > >
> > > 0:04:54
> > >
> > > 417813
> > >
> > > 1421.133
> > >
> > > 4294779752
> > >
> > > 3022082.242
> > >
> > > 50368.03737
> > >
> > > 839.4672896
> > >
> > > 34.97780373
> > >
> > > 4
> > >
> > > 21070
> > >
> > > 9/27/2007 12:08:39
> > >
> > > 605357
> > >
> > > 0:04:17
> > >
> > > 362125
> > >
> > > 1409.047
> > >
> > > 4294361939
> > >
> > > 3047707.331
> > >
> > > 50795.12218
> > >
> > > 846.5853697
> > >
> > > 35.2743904
> > >
> > > 4
> > >
> > > 41084
> > >
> > > 9/27/2007 12:12:56
> > >
> > > 967482
> > >
> > > 0:05:59
> > >
> > > 505800
> > >
> > > 1408.914
> > >
> > > 4293999814
> > >
> > > 3047738.107
> > >
> > > 50795.63512
> > >
> > > 846.5939186
> > >
> > > 35.27474661
> > >
> > > 4
> > >
> > > 136086
> > >
> > > 9/27/2007 12:18:55
> > >
> > > 1473282
> > >
> > > 0:03:17
> > >
> > > 278268
> > >
> > > 1412.528
> > >
> > > 4293494014
> > >
> > > 3039581.703
> > >
> > > 50659.69506
> > >
> > > 844.3282509
> > >
> > > 35.18034379
> > >
> > > 4
> > >
> > > 220830
> > >
> > > 9/27/2007 12:22:12
> > >
> > > 1751550
> > >
> > > 0:03:13
> > >
> > > 271989
> > >
> > > 1409.269
> > >
> > > 4293215746
> > >
> > > 3046412.312
> > >
> > > 50773.53853
> > >
> > > 846.2256422
> > >
> > > 35.25940176
> > >
> > > 4
> > >
> > > 338699
> > >
> > > 9/27/2007 12:25:25
> > >
> > > 2023539
> > >
> > > 0:17:54
> > >
> > > 1523321
> > >
> > > 1418.362
> > >
> > > 4292943757
> > >
> > > 3026690.761
> > >
> > > 50444.84601
> > >
> > > 840.7474335
> > >
> > > 35.03114306
> > >
> > > 4
> > >
> > > 462360
> > >
> > > 9/27/2007 12:43:19
> > >
> > > 3546860
> > >
> > > 0:09:59
> > >
> > > 824726
> > >
> > > 1376.838
> > >
> > > 4291420436
> > >
> > > 3116866.499
> > >
> > > 51947.77499
> > >
> > > 865.7962498
> > >
> > > 36.07484374
> > >
> > > 4
> > >
> > > 818799
> > >
> > > 9/27/2007 12:53:18
> > >
> > > 4371586
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > 4
> > >
> > > 1010076
> > >
> > >
> > >
> > > Keysproc is the total number of keys processed, dTime and dKeys are
> > > 'delta' values from subtracting the previous row , kps is keys per
> > > second. Keys left… 2^32 hah. And the eta. It an excel spread sheet I
> > > just copy and paste the values into from the app.
> > >
> > >
> > >
> > > Im searching osos for the string "MTOOL399". Im only searching the
> > > first 0x800 of the data area (>0x800). Ive based this assumption on
> > > the rsrc.fwfile that has mtool399 written in it at 0x0e03. I guess
> > > this is the ipod's partition / filestructure marker. Im using 32-bit
> > > rc4 with the small chunk of data so its faster. I started the
> > > decryption at 0x800. Hmm reading the crypto synth I see that
> > > MTOOL399 is probably not in the data portion. So new approach. Im
> > > going to get the first 20 instructions. 20x4 bytes. And verify that
> > > the opcode portion of the instruction bitmap is a valid opcode. This
> > > method will probably return many false keys. Im going to do some
> > > more coding. I expect the performance (kps) to increase because im
> > > only rc4 decoding the first 80 bytes not 2048 now. Ill update soon.
> > >
> > >
> > >
> > > Once I get the app able to actually be functional enough to find the
> > > correct key would people be willing to split up the keyspace so we
> > > could get the result sooner. If my core 2 duo 1.83ghz can do the
> > > entire osos in 36 days… get a few more people on it and boom maybe a
> > > week or so. But we all need to agree on what a 'correct' key would
> > > be. Wasting all the cpu time on a decyption scheme that is flawed is
> > > a big waste. Well im going to hunt down a set of arm opcodes. Later.
> > > -- Jeremy
> > >
> > > _______________________________________________
> > > Linux4nano-dev mailing list
> > > [email protected]
> > > https://mail.gna.org/listinfo/linux4nano-dev
> > > http://www.linux4nano.org
>
>
>
> _______________________________________________
> Linux4nano-dev mailing list
> [email protected]
> https://mail.gna.org/listinfo/linux4nano-dev
> http://www.linux4nano.org
>
>
>
>
> --
> We explore... and you call us criminals.
> We seek after knowledge... and you call us criminals.
> We exist without skin color, without nationality, without religious
> bias... and you call us criminals.
> You build atomic bombs, you wage wars, you murder, cheat, and lie to us
> and try to make us believe it's for our own good...
> ...yet we're the criminals.
>
> ____________WAUSHARE ROX ______________
> Join the dark side we've got cheese
> Annoying people since 1992
> If you hate me, I love you too. It ain't my fault I'm better than you
> Save Water, Drink Beer
> God Made Women First, Then He Had A Better Idea.
> If Barbie is soo popular...how come you have to buy her friends?
> Don't play stupid with me... I'm better at it!
> You were so cute when you were a baby...What happened?
> My folks were always asking me to wear underpants. What am I, the pope?
> I'm calling the police!... Right after I flush some tings.
> Join the army, see the world, meet interesting people, and kill them.
>
> _______________________________________________
> Linux4nano-dev mailing list
> [email protected]
> https://mail.gna.org/listinfo/linux4nano-dev
> http://www.linux4nano.org
>
--
We explore... and you call us criminals.
We seek after knowledge... and you call us criminals.
We exist without skin color, without nationality, without religious bias...
and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us and
try to make us believe it's for our own good...
....yet we're the criminals.
____________WAUSHARE ROX ______________
Join the dark side we've got cheese
Annoying people since 1992
If you hate me, I love you too. It ain't my fault I'm better than you
Save Water, Drink Beer
God Made Women First, Then He Had A Better Idea.
If Barbie is soo popular...how come you have to buy her friends?
Don't play stupid with me... I'm better at it!
You were so cute when you were a baby...What happened?
My folks were always asking me to wear underpants. What am I, the pope?
I'm calling the police!... Right after I flush some tings.
Join the army, see the world, meet interesting people, and kill them.
_______________________________________________
Linux4nano-dev mailing list
[email protected]
https://mail.gna.org/listinfo/linux4nano-dev
http://www.linux4nano.org
