Hi,
First congratulation for your document concerning cryptography, it is
really well done.
I agree that encryption algorithm seems to be a strong one (AES or
stream cipher).
Do you succeed to break the firmware encryption ?
I can try to help you if needed.
Next my hypothesis :
- If the encryption key is in a separated ROM the only way to find it is
to perform a hardware attack (sniff the memory output for instance)
- If the key is in the firmware we should be able to find it ... manually
I wish to try to find it in the firmware. To make me win time can you
answer the following :
- which algorithms do you try ?
- with which key ?
- does each ipod's firmware are identical (ie encrypted with the same key) ?
I think that something in the firmware looks like a key (just after FF
blocks) :
00006FD0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
................
00006FE0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
................
00006FF0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
................
00007000 38 37 32 30 32 2E 30 03 00 00 00 00 78 98 03 00
87202.0.....x...
00007010 E3 A4 03 00 00 99 03 00 E3 0B 00 00 00 00 00 00
................
00007020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00007030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
................
00007040 *57 DD 56 15 69 12 80 C9 7B 19 CC D5 20 45 36 02*
W.V.i...{... E6.
00007050 *DE 66 41 06* 00 00 00 00 00 00 00 00 00 00 00 00
.fA.............
Since it is a 160bit key maybe they use the SEAL algorithm (streamcipher)
http://en.wikipedia.org/wiki/SEAL_(cipher)
http://www.cacr.math.uwaterloo.ca/hac/about/chap6.pdf
I think also that before trying to decrypt we may perform a byte-reordering.
Best regards
_______________________________________________
Linux4nano-dev mailing list
[email protected]
https://mail.gna.org/listinfo/linux4nano-dev
http://www.linux4nano.org
