Author Topic: Need help with reversing an old auth algo  (Read 2956 times)

0 Members and 1 Guest are viewing this topic.

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Need help with reversing an old auth algo
« on: October 16, 2023, 09:18:52 am »
Trying to reverse an obsolete device's auth algorithm which transforms 7-byte words into 8-byte responses.
At first look it does not look like an advanced crypto - i can see some patterns.
I am able to send any challenge and look at the response.

- algo is not rolling -  same word will always output same response
- since it runs on an old embedded PIC16 platform i assumed simple math and bitwise operations like and, or, xor, mod, bit shifting. Polynomials/CRC maybe?
- it looks like response consists of four "core" bytes (first+second and fifth+sixth), other four are derivatives from first by adding/subtracting values from input word
- i believe first byte of answer is generated from second, fourth and sixth byte of input
- input number order matters, for example 0102020 and 0201020 challenge will yield different output

What i tried already:
-simple add/multiply/xoring
-crcreveng - no champagne
-no matches on crccalc.com
Comm dump attached. Would appreciate any advice on tools/approaches regarding this riddle.

Code: [Select]
challenge         response
0 0 0 0 0 0 0 EA C6 EA C6 4C E6 4C E6
0 0 0 0 0 0 1 EA F3 EA F3 4C 76 4C 77
0 0 0 0 0 0 2 EA 1C EA 1C 4C 56 4C 58
0 0 0 0 0 0 3 EA 79 EA 79 4C E6 4C E9
0 0 0 0 0 0 4 EA 7A EA 7A 4C 36 4C 3A
0 0 0 0 0 0 5 EA F7 EA F7 4C C6 4C CB
0 0 0 0 0 0 6 EA C0 EA C0 4C 26 4C 2C
0 0 0 0 0 0 7 EA 3D EA 3D 4C B6 4C BD
0 0 0 0 0 0 8  EA BE EA BE 4C 06 4C 0E
0 0 0 0 0 0 9 EA 8B EA 8B 4C 56 4C 5F
0 0 0 0 0 0 A EA 54 EA 54 4C F6 4C 00
0 0 0 0 0 0 B EA 31 EA 31 4C 46 4C 51
0 0 0 0 0 0 C EA 92 EA 92 4C 16 4C 22 
0 0 0 0 0 0 D EA 4F EA 4F 4C 26 4C 33
0 0 0 0 0 0 E EA 58 EA 58 4C C6 4C D4 
0 0 0 0 0 0 F EA 55 EA 55 4C D6 4C E5 
0 0 0 0 0 0 10 EA 56 EA 56 4C 66 4C 76

0 0 0 0 0 1 0 D3 86 D3 86 68 89 69 89
0 0 0 0 0 2 0 78 3D 78 3D D4 52 D6 52
0 0 0 0 0 3 0 41 37 41 37 40 E2 43 E2
0 0 0 0 0 4 0 56 39 56 39 EC 14 F0 14
0 0 0 0 0 5 0 DF 7F DF 7F E8 91 ED 91
0 0 0 0 0 6 0 64 DE 64 DE B4 FF BA FF
0 0 0 0 0 7 0 FD 63 FD 63 C0 26 C7 26
0 0 0 0 0 8 0 B2 90 B2 90 AC E3 B4 E3
0 0 0 0 0 9 0 3B DE 3B DE 08 12 11 12
0 0 0 0 0 A 0 80 47 80 47 74 A6 7E A6
0 0 0 0 0 B 0 A9 D1 A9 D1 20 F1 2B F1
0 0 0 0 0 C 0 1E E0 1E E0 CC 73 D8 73
0 0 0 0 0 D 0 87 3F 87 3F 48 5A 55 5A
0 0 0 0 0 E 0 2C CB 2C CB D4 C8 E2 C8
0 0 0 0 0 F 0 C5 E2 C5 E2 E0 D7 EF D7
0 0 0 0 0 10 0 9A 0E 9A 0E 4C B3 5C B3

0 0 0 0 1 0 0 EA F3 EA F3 4C 77 4C 76
0 0 0 0 2 0 0 EA 1C EA 1C 4C 58 4C 56
0 0 0 0 3 0 0 EA 79 EA 79 4C E9 4C E6
0 0 0 0 4 0 0 EA F7 EA F7 4C CB 4C C6
0 0 0 0 5 0 0 EA F7 EA F7 4C CB 4C C6
0 0 0 0 6 0 0 EA C0 EA C0 4C 2C 4C 26
0 0 0 0 7 0 0 EA 3D EA 3D 4C BD 4C B6
0 0 0 0 8 0 0 EA BE EA BE 4C 0E 4C 06
0 0 0 0 9 0 0 EA 8B EA 8B 4C 5F 4C 56
0 0 0 0 A 0 0 EA 54 EA 54 4C 00 4C F6
0 0 0 0 B 0 0 EA 31 EA 31 4C 51 4C 46
0 0 0 0 C 0 0 EA 92 EA 92 4C 22 4C 16
0 0 0 0 D 0 0 EA 4F EA 4F 4C 33 4C 26
0 0 0 0 E 0 0 EA 58 EA 58 4C D4 4C C6
0 0 0 0 F 0 0 EA 55 EA 55 4C E5 4C D6
0 0 0 0 10 0 0 EA 56 EA 56 4C 76 4C 66

0 0 0 1 0 0 0 D3 86 D3 86 69 89 68 89
0 0 0 2 0 0 0 78 3D 78 3D D6 52 D4 52
0 0 0 3 0 0 0 41 37 41 37 43 E2 40 E2
0 0 0 4 0 0 0 56 39 56 39 F0 14 EC 14
0 0 0 5 0 0 0 DF 7F DF 7F ED 91 E8 91
0 0 0 6 0 0 0 64 DE 64 DE BA FF B4 FF
0 0 0 7 0 0 0 FD 63 FD 63 C7 26 C0 26
0 0 0 8 0 0 0 B2 90 B2 90 B4 E3 AC E3
0 0 0 9 0 0 0 3B DE 3B DE 11 12 08 12
0 0 0 A 0 0 0 80 47 80 47 7E A6 74 A6 
0 0 0 B 0 0 0 A9 D1 A9 D1 2B F1 20 F1
0 0 0 C 0 0 0 1E E0 1E E0 D8 73 CC 73
0 0 0 D 0 0 0 87 3F 87 3F 55 5A 48 5A
0 0 0 E 0 0 0 2C CB 2C CB E2 C8 D4 C8
0 0 0 F 0 0 0 C5 E2 C5 E2 EF D7 E0 D7
0 0 0 10 0 0 0 9A 0E 9A 0E 5C B3 4C B3

0 0 1 0 0 0 0 EA 2C EA 2D 4C 2D 4C 2D
0 0 2 0 0 0 0 EA E2 EA E4 4C B0 4C B0
0 0 3 0 0 0 0 EA A8 EA AB 4C D7 4C D7
0 0 4 0 0 0 0 EA FE EA 02 4C 3A 4C 3A
0 0 5 0 0 0 0 EA 24 EA 29 4C C1 4C C1
0 0 6 0 0 0 0 EA 3A EA 40 4C F4 4C F4   
0 0 7 0 0 0 0 EA A0 EA A7 4C AB 4C AB
0 0 8 0 0 0 0 EA B6 EA BE 4C 5E 4C 5E
0 0 9 0 0 0 0 EA DC EA E5 4C 85 4C 85
0 0 A 0 0 0 0 EA 12 EA 1C 4C 68 4C 68  
0 0 B 0 0 0 0 EA 18 EA 23 4C CF 4C CF
0 0 C 0 0 0 0 EA EE EA FA 4C 52 4C 52
0 0 D 0 0 0 0 EA 54 EA 61 4C 19 4C 19
0 0 E 0 0 0 0 EA 6A EA 78 4C 0C 4C 0C
0 0 F 0 0 0 0 EA 10 EA 1F 4C 23 4C 23
0 0 10 0 0 0 0 EA 26 EA 36 4C 56 4C 56 

0 1 0 0 0 0 0 DC 83 DD 83 FB AA FB AA
0 2 0 0 0 0 0 E6 F2 E8 F2 62 5B 62 5B
0 3 0 0 0 0 0 68 1F 6B 1F 99 C2 99 C2
0 4 0 0 0 0 0 C2 4C C6 4C 70 0C 70 0C     
0 5 0 0 0 0 0 74 59 79 59 BF CE BF CE
0 6 0 0 0 0 0 9E 5F A4 5F C6 7D C6 7D
0 7 0 0 0 0 0 60 20 67 20 6D 56 6D 56
0 8 0 0 0 0 0 7A 45 82 45 A4 1A A4 1A
0 9 0 0 0 0 0 2C B1 35 B1 33 94 33 94 
0 A 0 0 0 0 0 F6 0D 00 0E FA FF FA FF  
0 B 0 0 0 0 0 38 21 43 21 11 51 11 51
0 C 0 0 0 0 0 92 F4 9E F4 48 26 48 26
0 D 0 0 0 0 0 44 BF 51 BF 77 76 77 76
0 E 0 0 0 0 0 EE F0 FC F0 1E AF 1E AF
0 F 0 0 0 0 0 70 5A 7F 5A 65 BD 65 BD
0 10 0 0 0 0 0 CA F9 DA F9 5C 3D 5C 3D

1 0 0 0 0 0 0 EA 2D EA 2C 4C 2D 4C 2D
2 0 0 0 0 0 0 EA E4 EA E2 4C B0 4C B0
3 0 0 0 0 0 0 EA AB EA A8 4C D7 4C D7 
4 0 0 0 0 0 0 EA 02 EA FE 4C 3A 4C 3A    
5 0 0 0 0 0 0 EA 29 EA 24 4C C1 4C C1
6 0 0 0 0 0 0 EA 40 EA 3A 4C F4 4C F4 
7 0 0 0 0 0 0 EA A7 EA A0 4C AB 4C AB 
8 0 0 0 0 0 0 EA BE EA B6 4C 5E 4C 5E 
9 0 0 0 0 0 0 EA E5 EA DC 4C 85 4C 85
A 0 0 0 0 0 0 EA 1C EA 12 4C 68 4C 68 
B 0 0 0 0 0 0 EA 23 EA 18 4C CF 4C CF
C 0 0 0 0 0 0 EA FA EA EE 4C 52 4C 52   
D 0 0 0 0 0 0 EA 61 EA 54 4C 19 4C 19
E 0 0 0 0 0 0 EA 78 EA 6A 4C 0C 4C 0C   
F 0 0 0 0 0 0 EA 1F EA 10 4C 23 4C 23 
10 0 0 0 0 0 0 EA 36 EA 26 4C 56 4C 56

1 1 1 1 1 1 1 EE 12 EF 12 2C 01 2C 01
2 2 2 2 2 2 2 82 20 84 20 54 1E 54 1E
3 3 3 3 3 3 3 B6 33 B9 33 C4 33 C4 33
4 4 4 4 4 4 4 5A 09 5E 09 94 27 94 27
5 5 5 5 5 5 5 BE 3C C3 3C D4 97 D4 97
6 6 6 6 6 6 6 B2 50 B8 50 DC BC DC BC
7 7 7 7 7 7 7 C6 10 CD 10 FC DF FC DF
8 8 8 8 8 8 8 4A B3 52 B3 2C 1C 2C 1C
9 9 9 9 9 9 9 0E 20 17 20 6C 63 6C 63
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #1 on: October 16, 2023, 10:24:37 am »
If those challenges are “7-byte words”, why do you stop at 0x10?

In other words why no challenges like these say?

Code: [Select]
0 0 0 0 0 0 11
0 0 0 0 0 0 20
0 0 0 0 0 0 FF
FF FF FF FF FF FF FF

I think I’m missing something...
« Last Edit: October 16, 2023, 10:28:38 am by ozcar »
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #2 on: October 16, 2023, 11:03:49 am »
If those challenges are “7-byte words”, why do you stop at 0x10?
That simply was an initial data set i've managed to prepare so far, just to have some overview. Dumping all possible combinations would be a very time-consuming task.
« Last Edit: October 16, 2023, 01:04:00 pm by twizzter »
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #3 on: October 16, 2023, 11:11:27 am »
Shifting a single bit through each position may give some clue:

Code: [Select]
80 00 00 00 00 00 00
40 00 00 00 00 00 00
20 00 00 00 00 00 00
10 00 00 00 00 00 00
08 00 00 00 00 00 00
04 00 00 00 00 00 00
02 00 00 00 00 00 00
01 00 00 00 00 00 00
00 80 00 00 00 00 00

00 00 00 00 00 00 04
00 00 00 00 00 00 02
00 00 00 00 00 00 01

Or maybe just add to the confusion.
 

Offline AndyBeez

  • Frequent Contributor
  • **
  • Posts: 856
  • Country: nu
Re: Need help with reversing an old auth algo
« Reply #4 on: October 18, 2023, 12:21:10 pm »
Challenge "10" ?

Looking at your data I get what you are doing - 10 is a hex field ::)

I note repetition of bytes on the odd order challenges.

x 0 x 0 x 0 x is always EA xx EA xx 4C xx 4C xx

This might be revealing a bit mask.

A hashing function would not generate repetitions, unless it was broken.

I think you have to hack into the PICs program space.
« Last Edit: October 18, 2023, 08:05:36 pm by AndyBeez »
 

Offline DavidAlfa

  • Super Contributor
  • ***
  • Posts: 5907
  • Country: es
Re: Need help with reversing an old auth algo
« Reply #5 on: October 18, 2023, 01:43:23 pm »
Have you checked if the pic16 is read protected?
Hantek DSO2x1x            Drive        FAQ          DON'T BUY HANTEK! (Aka HALF-MADE)
Stm32 Soldering FW      Forum      Github      Donate
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #6 on: October 18, 2023, 09:01:33 pm »
Shifting a single bit through each position may give some clue
Or maybe just add to the confusion.

Well, i won't be more confused than i have been so far ;)
Code: [Select]
80 00 00 00 00 00 00 EA 46 EA C6 4C 66 4C 66
40 00 00 00 00 00 00 EA 86 EA 46 4C 26 4C 26
20 00 00 00 00 00 00 EA 26 EA 06 4C 86 4C 86 
10 00 00 00 00 00 00 EA 36 EA 26 4C 56 4C 56
08 00 00 00 00 00 00 EA BE EA B6 4C 5E 4C 5E
04 00 00 00 00 00 00 EA 02 EA FE 4C 3A 4C 3A   
02 00 00 00 00 00 00 EA E4 EA E2 4C B0 4C B0 
01 00 00 00 00 00 00 EA 2D EA 2C 4C 2D 4C 2D
     
00 80 00 00 00 00 00 EA 47 6A 48 CC 18 CC 18
00 40 00 00 00 00 00 6A 9E AA 9E 0C 6D 0C 6D
00 20 00 00 00 00 00 AA 5E CA 5E 2C 76 2C 76
00 10 00 00 00 00 00 CA F9 DA F9 5C 3D 5C 3D
00 08 00 00 00 00 00 7A 45 82 45 A4 1A A4 1A
00 04 00 00 00 00 00 C2 4C C6 4C 70 0C 70 0C 
00 02 00 00 00 00 00 E6 F2 E8 F2 62 5B 62 5B
00 01 00 00 00 00 00 DC 83 DD 83 FB AA FB AA

00 00 80 00 00 00 00 EA C6 EA 46 4C 66 4C 66
00 00 40 00 00 00 00 EA 46 EA 86 4C 26 4C 26
00 00 20 00 00 00 00 EA 06 EA 26 4C 86 4C 86
00 00 10 00 00 00 00 EA 26 EA 36 4C 56 4C 56
00 00 08 00 00 00 00 EA B6 EA BE 4C 5E 4C 5E
00 00 04 00 00 00 00 EA FE EA 02 4C 3A 4C 3A 
00 00 02 00 00 00 00 EA E2 EA E4 4C B0 4C B0
00 00 01 00 00 00 00 EA 2C EA 2D 4C 2D 4C 2D

00 00 00 80 00 00 00 6A 6B 6A 6B CC 8A 4C 8A
00 00 00 40 00 00 00 AA 14 AA 14 8C 47 4C 47
00 00 00 20 00 00 00 8A C0 8A C0 6C F1 4C F1
00 00 00 10 00 00 00 9A 0E 9A 0E 5C B3 4C B3 
00 00 00 08 00 00 00 B2 90 B2 90 B4 E3 AC E3
00 00 00 04 00 00 00 56 39 56 39 F0 14 EC 14
00 00 00 02 00 00 00 78 3D 78 3D D6 52 D4 52
00 00 00 01 00 00 00 D3 86 D3 86 69 89 68 89

00 00 00 00 80 00 00 EA 46 EA 46 4C 66 4C E6
00 00 00 00 40 00 00 EA 06 EA 06 4C 26 4C E6   
00 00 00 00 20 00 00 EA 66 EA 66 4C 06 4C E6
00 00 00 00 10 00 00 EA 56 EA 56 4C 76 4C 66
00 00 00 00 08 00 00 EA BE EA BE 4C 0E 4C 06
00 00 00 00 04 00 00 EA 7A EA 7A 4C 3A 4C 36
00 00 00 00 02 00 00 EA 1C EA 1C 4C 58 4C 56 
00 00 00 00 01 00 00 EA F3 EA F3 4C 77 4C 76 

00 00 00 00 00 80 00 6A 6B 6A 6B 4C 8A CC 8A
00 00 00 00 00 40 00 AA 14 AA 14 4C 47 8C 47
00 00 00 00 00 20 00 8A C0 8A C0 4C F1 6C F1 
00 00 00 00 00 10 00 9A 0E 9A 0E 4C B3 5C B3
00 00 00 00 00 08 00 B2 90 B2 90 AC E3 B4 E3
00 00 00 00 00 04 00 56 39 56 39 EC 14 F0 14 
00 00 00 00 00 02 00 78 3D 78 3D D4 52 D6 52
00 00 00 00 00 01 00 D3 86 D3 86 68 89 69 89

00 00 00 00 00 00 80 EA 46 EA 46 4C E6 4C 66
00 00 00 00 00 00 40 EA 06 EA 06 4C E6 4C 26
00 00 00 00 00 00 20 EA 66 EA 66 4C E6 4C 06
00 00 00 00 00 00 10 EA 56 EA 56 4C 66 4C 76   
00 00 00 00 00 00 08 EA BE EA BE 4C 06 4C 0E 
00 00 00 00 00 00 04 EA 7A EA 7A 4C 36 4C 3A
00 00 00 00 00 00 02 EA 1C EA 1C 4C 56 4C 58
00 00 00 00 00 00 01 EA F3 EA F3 4C 76 4C 77



Challenge "10" ?

Looking at your data I get what you are doing - 10 is a hex field ::)

I note repetition of bytes on the odd order challenges.

x 0 x 0 x 0 x is always EA xx EA xx 4C xx 4C xx

This might be revealing a bit mask.

That's right. All are hex.
If we name dumped datasets as:
Code: [Select]
[challenge]                         [response]
C0 C1 C2 C3 C4 C5 C6      R0 R1 R2 R3 R4 R5 R6 R7
                                       

some pattern can be seen:
C6 = R7-R5
C5 = R6-R4
C4 = R5-R7
C3 = R4-R6
C2 = R3-R1
C1 = R2-R0
C0 = R1-R3

That's why we observe repetitions there.
I believe crucial response bytes are R0+R1 and R4+R5. Remaining bytes are calculated simply by adding/substracting values from challenge bytes.

Additionally:
Code: [Select]
R0 =0xEA, always  if C1, C3, C5 = 0

03 00 03 00 03 00 03    EA 3B EA 3B 4C BB 4C BB
0F 00 0F 00 0F 00 0F    EA 4F EA 4F 4C FF 4C FF

« Last Edit: October 18, 2023, 09:21:21 pm by twizzter »
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #7 on: October 19, 2023, 10:16:48 pm »
some pattern can be seen:
Code: [Select]
C6 = R7-R5
C5 = R6-R4
C4 = R5-R7
C3 = R4-R6
C2 = R3-R1
C1 = R2-R0
C0 = R1-R3


Maybe I’m still not getting some of what you say, but those assertions don’t seem to be true. Well, they are true for some of the challenge/response pairs, and maybe that in itself gives some clues, but at this stage I don’t know what.

This is my view:

(The yes/no is whether your “pattern” is there or not, but maybe I misunderstood what you said or I made a mistake. The extra 8 bytes is the bit-wise difference between the response for all zero challenge, and the response for that particular challenge. There are some repetitions - I just copied chunks of what you posted.)

Code: [Select]
00 00 00 00 00 00 00   ea c6 ea c6 4c e6 4c e6   00 00 00 00 00 00 00 00 yes
80 00 00 00 00 00 00   ea 46 ea c6 4c 66 4c 66   00 80 00 00 00 80 00 80 no
40 00 00 00 00 00 00   ea 86 ea 46 4c 26 4c 26   00 40 00 80 00 c0 00 c0 no
20 00 00 00 00 00 00   ea 26 ea 06 4c 86 4c 86   00 e0 00 c0 00 60 00 60 no
10 00 00 00 00 00 00   ea 36 ea 26 4c 56 4c 56   00 f0 00 e0 00 b0 00 b0 no
08 00 00 00 00 00 00   ea be ea b6 4c 5e 4c 5e   00 78 00 70 00 b8 00 b8 no
04 00 00 00 00 00 00   ea 02 ea fe 4c 3a 4c 3a   00 c4 00 38 00 dc 00 dc no
02 00 00 00 00 00 00   ea e4 ea e2 4c b0 4c b0   00 22 00 24 00 56 00 56 no
01 00 00 00 00 00 00   ea 2d ea 2c 4c 2d 4c 2d   00 eb 00 ea 00 cb 00 cb no
00 80 00 00 00 00 00   ea 47 6a 48 cc 18 cc 18   00 81 80 8e 80 fe 80 fe no
00 40 00 00 00 00 00   6a 9e aa 9e 0c 6d 0c 6d   80 58 40 58 40 8b 40 8b yes
00 20 00 00 00 00 00   aa 5e ca 5e 2c 76 2c 76   40 98 20 98 60 90 60 90 yes
00 10 00 00 00 00 00   ca f9 da f9 5c 3d 5c 3d   20 3f 30 3f 10 db 10 db yes
00 08 00 00 00 00 00   7a 45 82 45 a4 1a a4 1a   90 83 68 83 e8 fc e8 fc yes
00 04 00 00 00 00 00   c2 4c c6 4c 70 0c 70 0c   28 8a 2c 8a 3c ea 3c ea yes
00 02 00 00 00 00 00   e6 f2 e8 f2 62 5b 62 5b   0c 34 02 34 2e bd 2e bd yes
00 01 00 00 00 00 00   dc 83 dd 83 fb aa fb aa   36 45 37 45 b7 4c b7 4c yes
00 00 80 00 00 00 00   ea c6 ea 46 4c 66 4c 66   00 00 00 80 00 80 00 80 no
00 00 40 00 00 00 00   ea 46 ea 86 4c 26 4c 26   00 80 00 40 00 c0 00 c0 no
00 00 20 00 00 00 00   ea 06 ea 26 4c 86 4c 86   00 c0 00 e0 00 60 00 60 no
00 00 10 00 00 00 00   ea 26 ea 36 4c 56 4c 56   00 e0 00 f0 00 b0 00 b0 no
00 00 08 00 00 00 00   ea b6 ea be 4c 5e 4c 5e   00 70 00 78 00 b8 00 b8 no
00 00 04 00 00 00 00   ea fe ea 02 4c 3a 4c 3a   00 38 00 c4 00 dc 00 dc no
00 00 02 00 00 00 00   ea e2 ea e4 4c b0 4c b0   00 24 00 22 00 56 00 56 no
00 00 01 00 00 00 00   ea 2c ea 2d 4c 2d 4c 2d   00 ea 00 eb 00 cb 00 cb no
00 00 00 80 00 00 00   6a 6b 6a 6b cc 8a 4c 8a   80 ad 80 ad 80 6c 00 6c no
00 00 00 40 00 00 00   aa 14 aa 14 8c 47 4c 47   40 d2 40 d2 c0 a1 00 a1 no
00 00 00 20 00 00 00   8a c0 8a c0 6c f1 4c f1   60 06 60 06 20 17 00 17 no
00 00 00 10 00 00 00   9a 0e 9a 0e 5c b3 4c b3   70 c8 70 c8 10 55 00 55 no
00 00 00 08 00 00 00   b2 90 b2 90 b4 e3 ac e3   58 56 58 56 f8 05 e0 05 no
00 00 00 04 00 00 00   56 39 56 39 f0 14 ec 14   bc ff bc ff bc f2 a0 f2 no
00 00 00 02 00 00 00   78 3d 78 3d d6 52 d4 52   92 fb 92 fb 9a b4 98 b4 no
00 00 00 01 00 00 00   d3 86 d3 86 69 89 68 89   39 40 39 40 25 6f 24 6f no
00 00 00 00 80 00 00   ea 46 ea 46 4c 66 4c e6   00 80 00 80 00 80 00 00 no
00 00 00 00 40 00 00   ea 06 ea 06 4c 26 4c e6   00 c0 00 c0 00 c0 00 00 no
00 00 00 00 20 00 00   ea 66 ea 66 4c 06 4c e6   00 a0 00 a0 00 e0 00 00 no
00 00 00 00 10 00 00   ea 56 ea 56 4c 76 4c 66   00 90 00 90 00 90 00 80 no
00 00 00 00 08 00 00   ea be ea be 4c 0e 4c 06   00 78 00 78 00 e8 00 e0 no
00 00 00 00 04 00 00   ea 7a ea 7a 4c 3a 4c 36   00 bc 00 bc 00 dc 00 d0 no
00 00 00 00 02 00 00   ea 1c ea 1c 4c 58 4c 56   00 da 00 da 00 be 00 b0 no
00 00 00 00 01 00 00   ea f3 ea f3 4c 77 4c 76   00 35 00 35 00 91 00 90 no
00 00 00 00 00 80 00   6a 6b 6a 6b 4c 8a cc 8a   80 ad 80 ad 00 6c 80 6c no
00 00 00 00 00 40 00   aa 14 aa 14 4c 47 8c 47   40 d2 40 d2 00 a1 c0 a1 no
00 00 00 00 00 20 00   8a c0 8a c0 4c f1 6c f1   60 06 60 06 00 17 20 17 no
00 00 00 00 00 10 00   9a 0e 9a 0e 4c b3 5c b3   70 c8 70 c8 00 55 10 55 no
00 00 00 00 00 08 00   b2 90 b2 90 ac e3 b4 e3   58 56 58 56 e0 05 f8 05 no
00 00 00 00 00 04 00   56 39 56 39 ec 14 f0 14   bc ff bc ff a0 f2 bc f2 no
00 00 00 00 00 02 00   78 3d 78 3d d4 52 d6 52   92 fb 92 fb 98 b4 9a b4 no
00 00 00 00 00 01 00   d3 86 d3 86 68 89 69 89   39 40 39 40 24 6f 25 6f no
00 00 00 00 00 00 80   ea 46 ea 46 4c e6 4c 66   00 80 00 80 00 00 00 80 no
00 00 00 00 00 00 40   ea 06 ea 06 4c e6 4c 26   00 c0 00 c0 00 00 00 c0 no
00 00 00 00 00 00 20   ea 66 ea 66 4c e6 4c 06   00 a0 00 a0 00 00 00 e0 no
00 00 00 00 00 00 10   ea 56 ea 56 4c 66 4c 76   00 90 00 90 00 80 00 90 no
00 00 00 00 00 00 08   ea be ea be 4c 06 4c 0e   00 78 00 78 00 e0 00 e8 no
00 00 00 00 00 00 04   ea 7a ea 7a 4c 36 4c 3a   00 bc 00 bc 00 d0 00 dc no
00 00 00 00 00 00 02   ea 1c ea 1c 4c 56 4c 58   00 da 00 da 00 b0 00 be no
00 00 00 00 00 00 01   ea f3 ea f3 4c 76 4c 77   00 35 00 35 00 90 00 91 no
00 00 00 00 00 00 00   ea c6 ea c6 4c e6 4c e6   00 00 00 00 00 00 00 00 yes
00 00 00 00 00 00 01   ea f3 ea f3 4c 76 4c 77   00 35 00 35 00 90 00 91 no
00 00 00 00 00 00 02   ea 1c ea 1c 4c 56 4c 58   00 da 00 da 00 b0 00 be no
00 00 00 00 00 00 03   ea 79 ea 79 4c e6 4c e9   00 bf 00 bf 00 00 00 0f no
00 00 00 00 00 00 04   ea 7a ea 7a 4c 36 4c 3a   00 bc 00 bc 00 d0 00 dc no
00 00 00 00 00 00 05   ea f7 ea f7 4c c6 4c cb   00 31 00 31 00 20 00 2d no
00 00 00 00 00 00 06   ea c0 ea c0 4c 26 4c 2c   00 06 00 06 00 c0 00 ca no
00 00 00 00 00 00 07   ea 3d ea 3d 4c b6 4c bd   00 fb 00 fb 00 50 00 5b no
00 00 00 00 00 00 08   ea be ea be 4c 06 4c 0e   00 78 00 78 00 e0 00 e8 no
00 00 00 00 00 00 09   ea 8b ea 8b 4c 56 4c 5f   00 4d 00 4d 00 b0 00 b9 no
00 00 00 00 00 00 0a   ea 54 ea 54 4c f6 4c 00   00 92 00 92 00 10 00 e6 no
00 00 00 00 00 00 0b   ea 31 ea 31 4c 46 4c 51   00 f7 00 f7 00 a0 00 b7 no
00 00 00 00 00 00 0c   ea 92 ea 92 4c 16 4c 22   00 54 00 54 00 f0 00 c4 no
00 00 00 00 00 00 0d   ea 4f ea 4f 4c 26 4c 33   00 89 00 89 00 c0 00 d5 no
00 00 00 00 00 00 0e   ea 58 ea 58 4c c6 4c d4   00 9e 00 9e 00 20 00 32 no
00 00 00 00 00 00 0f   ea 55 ea 55 4c d6 4c e5   00 93 00 93 00 30 00 03 no
00 00 00 00 00 00 10   ea 56 ea 56 4c 66 4c 76   00 90 00 90 00 80 00 90 no
00 00 00 00 00 01 00   d3 86 d3 86 68 89 69 89   39 40 39 40 24 6f 25 6f no
00 00 00 00 00 02 00   78 3d 78 3d d4 52 d6 52   92 fb 92 fb 98 b4 9a b4 no
00 00 00 00 00 03 00   41 37 41 37 40 e2 43 e2   ab f1 ab f1 0c 04 0f 04 no
00 00 00 00 00 04 00   56 39 56 39 ec 14 f0 14   bc ff bc ff a0 f2 bc f2 no
00 00 00 00 00 05 00   df 7f df 7f e8 91 ed 91   35 b9 35 b9 a4 77 a1 77 no
00 00 00 00 00 06 00   64 de 64 de b4 ff ba ff   8e 18 8e 18 f8 19 f6 19 no
00 00 00 00 00 07 00   fd 63 fd 63 c0 26 c7 26   17 a5 17 a5 8c c0 8b c0 no
00 00 00 00 00 08 00   b2 90 b2 90 ac e3 b4 e3   58 56 58 56 e0 05 f8 05 no
00 00 00 00 00 09 00   3b de 3b de 08 12 11 12   d1 18 d1 18 44 f4 5d f4 no
00 00 00 00 00 0a 00   80 47 80 47 74 a6 7e a6   6a 81 6a 81 38 40 32 40 no
00 00 00 00 00 0b 00   a9 d1 a9 d1 20 f1 2b f1   43 17 43 17 6c 17 67 17 no
00 00 00 00 00 0c 00   1e e0 1e e0 cc 73 d8 73   f4 26 f4 26 80 95 94 95 no
00 00 00 00 00 0d 00   87 3f 87 3f 48 5a 55 5a   6d f9 6d f9 04 bc 19 bc no
00 00 00 00 00 0e 00   2c cb 2c cb d4 c8 e2 c8   c6 0d c6 0d 98 2e ae 2e no
00 00 00 00 00 0f 00   c5 e2 c5 e2 e0 d7 ef d7   2f 24 2f 24 ac 31 a3 31 no
00 00 00 00 00 10 00   9a 0e 9a 0e 4c b3 5c b3   70 c8 70 c8 00 55 10 55 no
00 00 00 00 01 00 00   ea f3 ea f3 4c 77 4c 76   00 35 00 35 00 91 00 90 no
00 00 00 00 02 00 00   ea 1c ea 1c 4c 58 4c 56   00 da 00 da 00 be 00 b0 no
00 00 00 00 03 00 00   ea 79 ea 79 4c e9 4c e6   00 bf 00 bf 00 0f 00 00 no
00 00 00 00 04 00 00   ea f7 ea f7 4c cb 4c c6   00 31 00 31 00 2d 00 20 no
00 00 00 00 05 00 00   ea f7 ea f7 4c cb 4c c6   00 31 00 31 00 2d 00 20 no
00 00 00 00 06 00 00   ea c0 ea c0 4c 2c 4c 26   00 06 00 06 00 ca 00 c0 no
00 00 00 00 07 00 00   ea 3d ea 3d 4c bd 4c b6   00 fb 00 fb 00 5b 00 50 no
00 00 00 00 08 00 00   ea be ea be 4c 0e 4c 06   00 78 00 78 00 e8 00 e0 no
00 00 00 00 09 00 00   ea 8b ea 8b 4c 5f 4c 56   00 4d 00 4d 00 b9 00 b0 no
00 00 00 00 0a 00 00   ea 54 ea 54 4c 00 4c f6   00 92 00 92 00 e6 00 10 no
00 00 00 00 0b 00 00   ea 31 ea 31 4c 51 4c 46   00 f7 00 f7 00 b7 00 a0 no
00 00 00 00 0c 00 00   ea 92 ea 92 4c 22 4c 16   00 54 00 54 00 c4 00 f0 no
00 00 00 00 0d 00 00   ea 4f ea 4f 4c 33 4c 26   00 89 00 89 00 d5 00 c0 no
00 00 00 00 0e 00 00   ea 58 ea 58 4c d4 4c c6   00 9e 00 9e 00 32 00 20 no
00 00 00 00 0f 00 00   ea 55 ea 55 4c e5 4c d6   00 93 00 93 00 03 00 30 no
00 00 00 00 10 00 00   ea 56 ea 56 4c 76 4c 66   00 90 00 90 00 90 00 80 no
00 00 00 01 00 00 00   d3 86 d3 86 69 89 68 89   39 40 39 40 25 6f 24 6f no
00 00 00 02 00 00 00   78 3d 78 3d d6 52 d4 52   92 fb 92 fb 9a b4 98 b4 no
00 00 00 03 00 00 00   41 37 41 37 43 e2 40 e2   ab f1 ab f1 0f 04 0c 04 no
00 00 00 04 00 00 00   56 39 56 39 f0 14 ec 14   bc ff bc ff bc f2 a0 f2 no
00 00 00 05 00 00 00   df 7f df 7f ed 91 e8 91   35 b9 35 b9 a1 77 a4 77 no
00 00 00 06 00 00 00   64 de 64 de ba ff b4 ff   8e 18 8e 18 f6 19 f8 19 no
00 00 00 07 00 00 00   fd 63 fd 63 c7 26 c0 26   17 a5 17 a5 8b c0 8c c0 no
00 00 00 08 00 00 00   b2 90 b2 90 b4 e3 ac e3   58 56 58 56 f8 05 e0 05 no
00 00 00 09 00 00 00   3b de 3b de 11 12 08 12   d1 18 d1 18 5d f4 44 f4 no
00 00 00 0a 00 00 00   80 47 80 47 7e a6 74 a6   6a 81 6a 81 32 40 38 40 no
00 00 00 0b 00 00 00   a9 d1 a9 d1 2b f1 20 f1   43 17 43 17 67 17 6c 17 no
00 00 00 0c 00 00 00   1e e0 1e e0 d8 73 cc 73   f4 26 f4 26 94 95 80 95 no
00 00 00 0d 00 00 00   87 3f 87 3f 55 5a 48 5a   6d f9 6d f9 19 bc 04 bc no
00 00 00 0e 00 00 00   2c cb 2c cb e2 c8 d4 c8   c6 0d c6 0d ae 2e 98 2e no
00 00 00 0f 00 00 00   c5 e2 c5 e2 ef d7 e0 d7   2f 24 2f 24 a3 31 ac 31 no
00 00 00 10 00 00 00   9a 0e 9a 0e 5c b3 4c b3   70 c8 70 c8 10 55 00 55 no
00 00 01 00 00 00 00   ea 2c ea 2d 4c 2d 4c 2d   00 ea 00 eb 00 cb 00 cb no
00 00 02 00 00 00 00   ea e2 ea e4 4c b0 4c b0   00 24 00 22 00 56 00 56 no
00 00 03 00 00 00 00   ea a8 ea ab 4c d7 4c d7   00 6e 00 6d 00 31 00 31 no
00 00 04 00 00 00 00   ea fe ea 02 4c 3a 4c 3a   00 38 00 c4 00 dc 00 dc no
00 00 05 00 00 00 00   ea 24 ea 29 4c c1 4c c1   00 e2 00 ef 00 27 00 27 no
00 00 06 00 00 00 00   ea 3a ea 40 4c f4 4c f4   00 fc 00 86 00 12 00 12 no
00 00 07 00 00 00 00   ea a0 ea a7 4c ab 4c ab   00 66 00 61 00 4d 00 4d no
00 00 08 00 00 00 00   ea b6 ea be 4c 5e 4c 5e   00 70 00 78 00 b8 00 b8 no
00 00 09 00 00 00 00   ea dc ea e5 4c 85 4c 85   00 1a 00 23 00 63 00 63 no
00 00 0a 00 00 00 00   ea 12 ea 1c 4c 68 4c 68   00 d4 00 da 00 8e 00 8e no
00 00 0b 00 00 00 00   ea 18 ea 23 4c cf 4c cf   00 de 00 e5 00 29 00 29 no
00 00 0c 00 00 00 00   ea ee ea fa 4c 52 4c 52   00 28 00 3c 00 b4 00 b4 no
00 00 0d 00 00 00 00   ea 54 ea 61 4c 19 4c 19   00 92 00 a7 00 ff 00 ff no
00 00 0e 00 00 00 00   ea 6a ea 78 4c 0c 4c 0c   00 ac 00 be 00 ea 00 ea no
00 00 0f 00 00 00 00   ea 10 ea 1f 4c 23 4c 23   00 d6 00 d9 00 c5 00 c5 no
00 00 10 00 00 00 00   ea 26 ea 36 4c 56 4c 56   00 e0 00 f0 00 b0 00 b0 no
00 01 00 00 00 00 00   dc 83 dd 83 fb aa fb aa   36 45 37 45 b7 4c b7 4c yes
00 02 00 00 00 00 00   e6 f2 e8 f2 62 5b 62 5b   0c 34 02 34 2e bd 2e bd yes
00 03 00 00 00 00 00   68 1f 6b 1f 99 c2 99 c2   82 d9 81 d9 d5 24 d5 24 yes
00 04 00 00 00 00 00   c2 4c c6 4c 70 0c 70 0c   28 8a 2c 8a 3c ea 3c ea yes
00 05 00 00 00 00 00   74 59 79 59 bf ce bf ce   9e 9f 93 9f f3 28 f3 28 yes
00 06 00 00 00 00 00   9e 5f a4 5f c6 7d c6 7d   74 99 4e 99 8a 9b 8a 9b yes
00 07 00 00 00 00 00   60 20 67 20 6d 56 6d 56   8a e6 8d e6 21 b0 21 b0 yes
00 08 00 00 00 00 00   7a 45 82 45 a4 1a a4 1a   90 83 68 83 e8 fc e8 fc yes
00 09 00 00 00 00 00   2c b1 35 b1 33 94 33 94   c6 77 df 77 7f 72 7f 72 yes
00 0a 00 00 00 00 00   f6 0d 00 0e fa ff fa ff   1c cb ea c8 b6 19 b6 19 no
00 0b 00 00 00 00 00   38 21 43 21 11 51 11 51   d2 e7 a9 e7 5d b7 5d b7 yes
00 0c 00 00 00 00 00   92 f4 9e f4 48 26 48 26   78 32 74 32 04 c0 04 c0 yes
00 0d 00 00 00 00 00   44 bf 51 bf 77 76 77 76   ae 79 bb 79 3b 90 3b 90 yes
00 0e 00 00 00 00 00   ee f0 fc f0 1e af 1e af   04 36 16 36 52 49 52 49 yes
00 0f 00 00 00 00 00   70 5a 7f 5a 65 bd 65 bd   9a 9c 95 9c 29 5b 29 5b yes
00 10 00 00 00 00 00   ca f9 da f9 5c 3d 5c 3d   20 3f 30 3f 10 db 10 db yes
01 00 00 00 00 00 00   ea 2d ea 2c 4c 2d 4c 2d   00 eb 00 ea 00 cb 00 cb no
02 00 00 00 00 00 00   ea e4 ea e2 4c b0 4c b0   00 22 00 24 00 56 00 56 no
03 00 00 00 00 00 00   ea ab ea a8 4c d7 4c d7   00 6d 00 6e 00 31 00 31 no
04 00 00 00 00 00 00   ea 02 ea fe 4c 3a 4c 3a   00 c4 00 38 00 dc 00 dc no
05 00 00 00 00 00 00   ea 29 ea 24 4c c1 4c c1   00 ef 00 e2 00 27 00 27 no
06 00 00 00 00 00 00   ea 40 ea 3a 4c f4 4c f4   00 86 00 fc 00 12 00 12 no
07 00 00 00 00 00 00   ea a7 ea a0 4c ab 4c ab   00 61 00 66 00 4d 00 4d no
08 00 00 00 00 00 00   ea be ea b6 4c 5e 4c 5e   00 78 00 70 00 b8 00 b8 no
09 00 00 00 00 00 00   ea e5 ea dc 4c 85 4c 85   00 23 00 1a 00 63 00 63 no
0a 00 00 00 00 00 00   ea 1c ea 12 4c 68 4c 68   00 da 00 d4 00 8e 00 8e no
0b 00 00 00 00 00 00   ea 23 ea 18 4c cf 4c cf   00 e5 00 de 00 29 00 29 no
0c 00 00 00 00 00 00   ea fa ea ee 4c 52 4c 52   00 3c 00 28 00 b4 00 b4 no
0d 00 00 00 00 00 00   ea 61 ea 54 4c 19 4c 19   00 a7 00 92 00 ff 00 ff no
0e 00 00 00 00 00 00   ea 78 ea 6a 4c 0c 4c 0c   00 be 00 ac 00 ea 00 ea no
0f 00 00 00 00 00 00   ea 1f ea 10 4c 23 4c 23   00 d9 00 d6 00 c5 00 c5 no
10 00 00 00 00 00 00   ea 36 ea 26 4c 56 4c 56   00 f0 00 e0 00 b0 00 b0 no
01 01 01 01 01 01 01   ee 12 ef 12 2c 01 2c 01   04 d4 05 d4 60 e7 60 e7 no
02 02 02 02 02 02 02   82 20 84 20 54 1e 54 1e   68 e6 6e e6 18 f8 18 f8 no
03 03 03 03 03 03 03   b6 33 b9 33 c4 33 c4 33   5c f5 53 f5 88 d5 88 d5 no
04 04 04 04 04 04 04   5a 09 5e 09 94 27 94 27   b0 cf b4 cf d8 c1 d8 c1 no
05 05 05 05 05 05 05   be 3c c3 3c d4 97 d4 97   54 fa 29 fa 98 71 98 71 no
06 06 06 06 06 06 06   b2 50 b8 50 dc bc dc bc   58 96 52 96 90 5a 90 5a no
07 07 07 07 07 07 07   c6 10 cd 10 fc df fc df   2c d6 27 d6 b0 39 b0 39 no
08 08 08 08 08 08 08   4a b3 52 b3 2c 1c 2c 1c   a0 75 b8 75 60 fa 60 fa no
09 09 09 09 09 09 09   0e 20 17 20 6c 63 6c 63   e4 e6 fd e6 20 85 20 85 no
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #8 on: October 20, 2023, 09:40:49 am »
Thanks for pointing it out. It seems i got excited too quickly about discovered pattern, testing it on a small dataset.
I relied on manual analysis of the following (my remarks below each block):
Code: [Select]
  challenge response
C0    C6   R0       R7

(C6)
0 0 0 0 0 0 0 EA C6 EA C6 4C E6 4C E6
0 0 0 0 0 0 1 EA F3 EA F3 4C 76 4C 77
0 0 0 0 0 0 2 EA 1C EA 1C 4C 56 4C 58
0 0 0 0 0 0 3 EA 79 EA 79 4C E6 4C E9
0 0 0 0 0 0 4 EA 7A EA 7A 4C 36 4C 3A
0 0 0 0 0 0 5 EA F7 EA F7 4C C6 4C CB
0 0 0 0 0 0 6 EA C0 EA C0 4C 26 4C 2C
0 0 0 0 0 0 7 EA 3D EA 3D 4C B6 4C BD
0 0 0 0 0 0 8  EA BE EA BE 4C 06 4C 0E
0 0 0 0 0 0 9 EA 8B EA 8B 4C 56 4C 5F
0 0 0 0 0 0 A EA 54 EA 54 4C F6 4C 00
0 0 0 0 0 0 B EA 31 EA 31 4C 46 4C 51
0 0 0 0 0 0 C EA 92 EA 92 4C 16 4C 22 
0 0 0 0 0 0 D EA 4F EA 4F 4C 26 4C 33
0 0 0 0 0 0 E EA 58 EA 58 4C C6 4C D4 
0 0 0 0 0 0 F EA 55 EA 55 4C D6 4C E5 
0 0 0 0 0 0 10 EA 56 EA 56 4C 66 4C 76
can we assume C6=R7-R5?

(C5)
0 0 0 0 0 1 0 D3 86 D3 86 68 89 69 89
0 0 0 0 0 2 0 78 3D 78 3D D4 52 D6 52
0 0 0 0 0 3 0 41 37 41 37 40 E2 43 E2
0 0 0 0 0 4 0 56 39 56 39 EC 14 F0 14
0 0 0 0 0 5 0 DF 7F DF 7F E8 91 ED 91
0 0 0 0 0 6 0 64 DE 64 DE B4 FF BA FF
0 0 0 0 0 7 0 FD 63 FD 63 C0 26 C7 26
0 0 0 0 0 8 0 B2 90 B2 90 AC E3 B4 E3
0 0 0 0 0 9 0 3B DE 3B DE 08 12 11 12
0 0 0 0 0 A 0 80 47 80 47 74 A6 7E A6
0 0 0 0 0 B 0 A9 D1 A9 D1 20 F1 2B F1
0 0 0 0 0 C 0 1E E0 1E E0 CC 73 D8 73
0 0 0 0 0 D 0 87 3F 87 3F 48 5A 55 5A
0 0 0 0 0 E 0 2C CB 2C CB D4 C8 E2 C8
0 0 0 0 0 F 0 C5 E2 C5 E2 E0 D7 EF D7
0 0 0 0 0 10 0 9A 0E 9A 0E 4C B3 5C B3
C5=R6-R4?

(C4)
0 0 0 0 1 0 0 EA F3 EA F3 4C 77 4C 76
0 0 0 0 2 0 0 EA 1C EA 1C 4C 58 4C 56
0 0 0 0 3 0 0 EA 79 EA 79 4C E9 4C E6
0 0 0 0 4 0 0 EA F7 EA F7 4C CB 4C C6
0 0 0 0 5 0 0 EA F7 EA F7 4C CB 4C C6
0 0 0 0 6 0 0 EA C0 EA C0 4C 2C 4C 26
0 0 0 0 7 0 0 EA 3D EA 3D 4C BD 4C B6
0 0 0 0 8 0 0 EA BE EA BE 4C 0E 4C 06
0 0 0 0 9 0 0 EA 8B EA 8B 4C 5F 4C 56
0 0 0 0 A 0 0 EA 54 EA 54 4C 00 4C F6
0 0 0 0 B 0 0 EA 31 EA 31 4C 51 4C 46
0 0 0 0 C 0 0 EA 92 EA 92 4C 22 4C 16
0 0 0 0 D 0 0 EA 4F EA 4F 4C 33 4C 26
0 0 0 0 E 0 0 EA 58 EA 58 4C D4 4C C6
0 0 0 0 F 0 0 EA 55 EA 55 4C E5 4C D6
0 0 0 0 10 0 0 EA 56 EA 56 4C 76 4C 66
C4=R5-R7?

(C3)
0 0 0 1 0 0 0 D3 86 D3 86 69 89 68 89
0 0 0 2 0 0 0 78 3D 78 3D D6 52 D4 52
0 0 0 3 0 0 0 41 37 41 37 43 E2 40 E2
0 0 0 4 0 0 0 56 39 56 39 F0 14 EC 14
0 0 0 5 0 0 0 DF 7F DF 7F ED 91 E8 91
0 0 0 6 0 0 0 64 DE 64 DE BA FF B4 FF
0 0 0 7 0 0 0 FD 63 FD 63 C7 26 C0 26
0 0 0 8 0 0 0 B2 90 B2 90 B4 E3 AC E3
0 0 0 9 0 0 0 3B DE 3B DE 11 12 08 12
0 0 0 A 0 0 0 80 47 80 47 7E A6 74 A6 
0 0 0 B 0 0 0 A9 D1 A9 D1 2B F1 20 F1
0 0 0 C 0 0 0 1E E0 1E E0 D8 73 CC 73
0 0 0 D 0 0 0 87 3F 87 3F 55 5A 48 5A
0 0 0 E 0 0 0 2C CB 2C CB E2 C8 D4 C8
0 0 0 F 0 0 0 C5 E2 C5 E2 EF D7 E0 D7
0 0 0 10 0 0 0 9A 0E 9A 0E 5C B3 4C B3
C3=R4-R6?

(C2)
0 0 1 0 0 0 0 EA 2C EA 2D 4C 2D 4C 2D
0 0 2 0 0 0 0 EA E2 EA E4 4C B0 4C B0
0 0 3 0 0 0 0 EA A8 EA AB 4C D7 4C D7
0 0 4 0 0 0 0 EA FE EA 02 4C 3A 4C 3A
0 0 5 0 0 0 0 EA 24 EA 29 4C C1 4C C1
0 0 6 0 0 0 0 EA 3A EA 40 4C F4 4C F4   
0 0 7 0 0 0 0 EA A0 EA A7 4C AB 4C AB
0 0 8 0 0 0 0 EA B6 EA BE 4C 5E 4C 5E
0 0 9 0 0 0 0 EA DC EA E5 4C 85 4C 85
0 0 A 0 0 0 0 EA 12 EA 1C 4C 68 4C 68  
0 0 B 0 0 0 0 EA 18 EA 23 4C CF 4C CF
0 0 C 0 0 0 0 EA EE EA FA 4C 52 4C 52
0 0 D 0 0 0 0 EA 54 EA 61 4C 19 4C 19
0 0 E 0 0 0 0 EA 6A EA 78 4C 0C 4C 0C
0 0 F 0 0 0 0 EA 10 EA 1F 4C 23 4C 23
0 0 10 0 0 0 0 EA 26 EA 36 4C 56 4C 56
C2=R3-R1?

(C1)
0 1 0 0 0 0 0 DC 83 DD 83 FB AA FB AA
0 2 0 0 0 0 0 E6 F2 E8 F2 62 5B 62 5B
0 3 0 0 0 0 0 68 1F 6B 1F 99 C2 99 C2
0 4 0 0 0 0 0 C2 4C C6 4C 70 0C 70 0C     
0 5 0 0 0 0 0 74 59 79 59 BF CE BF CE
0 6 0 0 0 0 0 9E 5F A4 5F C6 7D C6 7D
0 7 0 0 0 0 0 60 20 67 20 6D 56 6D 56
0 8 0 0 0 0 0 7A 45 82 45 A4 1A A4 1A
0 9 0 0 0 0 0 2C B1 35 B1 33 94 33 94 
0 A 0 0 0 0 0 F6 0D 00 0E FA FF FA FF  
0 B 0 0 0 0 0 38 21 43 21 11 51 11 51
0 C 0 0 0 0 0 92 F4 9E F4 48 26 48 26
0 D 0 0 0 0 0 44 BF 51 BF 77 76 77 76
0 E 0 0 0 0 0 EE F0 FC F0 1E AF 1E AF
0 F 0 0 0 0 0 70 5A 7F 5A 65 BD 65 BD
0 10 0 0 0 0 0 CA F9 DA F9 5C 3D 5C 3D
C1=R2-R0?

(C0)
1 0 0 0 0 0 0 EA 2D EA 2C 4C 2D 4C 2D
2 0 0 0 0 0 0 EA E4 EA E2 4C B0 4C B0
3 0 0 0 0 0 0 EA AB EA A8 4C D7 4C D7 
4 0 0 0 0 0 0 EA 02 EA FE 4C 3A 4C 3A    
5 0 0 0 0 0 0 EA 29 EA 24 4C C1 4C C1
6 0 0 0 0 0 0 EA 40 EA 3A 4C F4 4C F4 
7 0 0 0 0 0 0 EA A7 EA A0 4C AB 4C AB 
8 0 0 0 0 0 0 EA BE EA B6 4C 5E 4C 5E 
9 0 0 0 0 0 0 EA E5 EA DC 4C 85 4C 85
A 0 0 0 0 0 0 EA 1C EA 12 4C 68 4C 68 
B 0 0 0 0 0 0 EA 23 EA 18 4C CF 4C CF
C 0 0 0 0 0 0 EA FA EA EE 4C 52 4C 52   
D 0 0 0 0 0 0 EA 61 EA 54 4C 19 4C 19
E 0 0 0 0 0 0 EA 78 EA 6A 4C 0C 4C 0C   
F 0 0 0 0 0 0 EA 1F EA 10 4C 23 4C 23 
10 0 0 0 0 0 0 EA 36 EA 26 4C 56 4C 56
C0=R1-R3?
Although these equations seem to be valid here, it appears that i may have missed something else.


Have you checked if the pic16 is read protected?
Program and data regions are locked. Did some googling and it appears there is no easy way to extract those from PIC16F. 
« Last Edit: October 21, 2023, 07:53:54 pm by twizzter »
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #9 on: October 22, 2023, 04:06:45 am »
The fact that there are any “patterns” at all hints to me that it could be something simple, but I’m no expert.

I note that one of the patterns, C1 = R2-R0, does seem to be true for all the challenges you posted.

Also true for all posted is C5 = R6-R4+C3.

True for "almost" all posted are C6 = R7-R5+C4, and C2 = R3-R1+C0. I sort-of feel the exceptions offer some clues, but what?

Other challenges I’d be interested to see the response for would maybe include:
Code: [Select]
55 55 55 55 55 55 55
aa aa aa aa aa aa aa
ff ff ff ff ff ff ff
7f ff ff ff ff ff ff
bf ff ff ff ff ff ff
df ff ff ff ff ff ff
ef ff ff ff ff ff ff

but then I don’t really know the best approach.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6260
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #10 on: October 22, 2023, 12:23:45 pm »
If you exclusive-or away the zero pattern, the results are informative:
Code: [Select]
00 00 00  00 00 00 00  ⇒  EA C6  EA C6  4C E6  4C E6  :  00 00  00 00  00 00  00 00

80 00 00  00 00 00 00  ⇒  EA 46  EA C6  4C 66  4C 66  :  00 80  00 00  00 80  00 80
40 00 00  00 00 00 00  ⇒  EA 86  EA 46  4C 26  4C 26  :  00 40  00 80  00 C0  00 C0
20 00 00  00 00 00 00  ⇒  EA 26  EA 06  4C 86  4C 86  :  00 E0  00 C0  00 60  00 60
10 00 00  00 00 00 00  ⇒  EA 36  EA 26  4C 56  4C 56  :  00 F0  00 E0  00 B0  00 B0
08 00 00  00 00 00 00  ⇒  EA BE  EA B6  4C 5E  4C 5E  :  00 78  00 70  00 B8  00 B8
04 00 00  00 00 00 00  ⇒  EA 02  EA FE  4C 3A  4C 3A  :  00 C4  00 38  00 DC  00 DC
02 00 00  00 00 00 00  ⇒  EA E4  EA E2  4C B0  4C B0  :  00 22  00 24  00 56  00 56
01 00 00  00 00 00 00  ⇒  EA 2D  EA 2C  4C 2D  4C 2D  :  00 EB  00 EA  00 CB  00 CB
00 80 00  00 00 00 00  ⇒  EA 47  6A 48  CC 18  CC 18  :  00 81  80 8E  80 FE  80 FE
00 40 00  00 00 00 00  ⇒  6A 9E  AA 9E  0C 6D  0C 6D  :  80 58  40 58  40 8B  40 8B
00 20 00  00 00 00 00  ⇒  AA 5E  CA 5E  2C 76  2C 76  :  40 98  20 98  60 90  60 90
00 10 00  00 00 00 00  ⇒  CA F9  DA F9  5C 3D  5C 3D  :  20 3F  30 3F  10 DB  10 DB
00 08 00  00 00 00 00  ⇒  7A 45  82 45  A4 1A  A4 1A  :  90 83  68 83  E8 FC  E8 FC
00 04 00  00 00 00 00  ⇒  C2 4C  C6 4C  70 0C  70 0C  :  28 8A  2C 8A  3C EA  3C EA
00 02 00  00 00 00 00  ⇒  E6 F2  E8 F2  62 5B  62 5B  :  0C 34  02 34  2E BD  2E BD
00 01 00  00 00 00 00  ⇒  DC 83  DD 83  FB AA  FB AA  :  36 45  37 45  B7 4C  B7 4C
00 00 80  00 00 00 00  ⇒  EA C6  EA 46  4C 66  4C 66  :  00 00  00 80  00 80  00 80
00 00 40  00 00 00 00  ⇒  EA 46  EA 86  4C 26  4C 26  :  00 80  00 40  00 C0  00 C0
00 00 20  00 00 00 00  ⇒  EA 06  EA 26  4C 86  4C 86  :  00 C0  00 E0  00 60  00 60
00 00 10  00 00 00 00  ⇒  EA 26  EA 36  4C 56  4C 56  :  00 E0  00 F0  00 B0  00 B0
00 00 08  00 00 00 00  ⇒  EA B6  EA BE  4C 5E  4C 5E  :  00 70  00 78  00 B8  00 B8
00 00 04  00 00 00 00  ⇒  EA FE  EA 02  4C 3A  4C 3A  :  00 38  00 C4  00 DC  00 DC
00 00 02  00 00 00 00  ⇒  EA E2  EA E4  4C B0  4C B0  :  00 24  00 22  00 56  00 56
00 00 01  00 00 00 00  ⇒  EA 2C  EA 2D  4C 2D  4C 2D  :  00 EA  00 EB  00 CB  00 CB

00 00 00  80 00 00 00  ⇒  6A 6B  6A 6B  CC 8A  4C 8A  :  80 AD  80 AD  80 6C  00 6C
00 00 00  40 00 00 00  ⇒  AA 14  AA 14  8C 47  4C 47  :  40 D2  40 D2  C0 A1  00 A1
00 00 00  20 00 00 00  ⇒  8A C0  8A C0  6C F1  4C F1  :  60 06  60 06  20 17  00 17
00 00 00  10 00 00 00  ⇒  9A 0E  9A 0E  5C B3  4C B3  :  70 C8  70 C8  10 55  00 55
00 00 00  08 00 00 00  ⇒  B2 90  B2 90  B4 E3  AC E3  :  58 56  58 56  F8 05  E0 05
00 00 00  04 00 00 00  ⇒  56 39  56 39  F0 14  EC 14  :  BC FF  BC FF  BC F2  A0 F2
00 00 00  02 00 00 00  ⇒  78 3D  78 3D  D6 52  D4 52  :  92 FB  92 FB  9A B4  98 B4
00 00 00  01 00 00 00  ⇒  D3 86  D3 86  69 89  68 89  :  39 40  39 40  25 6F  24 6F
00 00 00  00 80 00 00  ⇒  EA 46  EA 46  4C 66  4C E6  :  00 80  00 80  00 80  00 00
00 00 00  00 40 00 00  ⇒  EA 06  EA 06  4C 26  4C E6  :  00 C0  00 C0  00 C0  00 00
00 00 00  00 20 00 00  ⇒  EA 66  EA 66  4C 06  4C E6  :  00 A0  00 A0  00 E0  00 00
00 00 00  00 10 00 00  ⇒  EA 56  EA 56  4C 76  4C 66  :  00 90  00 90  00 90  00 80
00 00 00  00 08 00 00  ⇒  EA BE  EA BE  4C 0E  4C 06  :  00 78  00 78  00 E8  00 E0
00 00 00  00 04 00 00  ⇒  EA 7A  EA 7A  4C 3A  4C 36  :  00 BC  00 BC  00 DC  00 D0
00 00 00  00 02 00 00  ⇒  EA 1C  EA 1C  4C 58  4C 56  :  00 DA  00 DA  00 BE  00 B0
00 00 00  00 01 00 00  ⇒  EA F3  EA F3  4C 77  4C 76  :  00 35  00 35  00 91  00 90
00 00 00  00 00 80 00  ⇒  6A 6B  6A 6B  4C 8A  CC 8A  :  80 AD  80 AD  00 6C  80 6C
00 00 00  00 00 40 00  ⇒  AA 14  AA 14  4C 47  8C 47  :  40 D2  40 D2  00 A1  C0 A1
00 00 00  00 00 20 00  ⇒  8A C0  8A C0  4C F1  6C F1  :  60 06  60 06  00 17  20 17
00 00 00  00 00 10 00  ⇒  9A 0E  9A 0E  4C B3  5C B3  :  70 C8  70 C8  00 55  10 55
00 00 00  00 00 08 00  ⇒  B2 90  B2 90  AC E3  B4 E3  :  58 56  58 56  E0 05  F8 05
00 00 00  00 00 04 00  ⇒  56 39  56 39  EC 14  F0 14  :  BC FF  BC FF  A0 F2  BC F2
00 00 00  00 00 02 00  ⇒  78 3D  78 3D  D4 52  D6 52  :  92 FB  92 FB  98 B4  9A B4
00 00 00  00 00 01 00  ⇒  D3 86  D3 86  68 89  69 89  :  39 40  39 40  24 6F  25 6F
00 00 00  00 00 00 80  ⇒  EA 46  EA 46  4C E6  4C 66  :  00 80  00 80  00 00  00 80
00 00 00  00 00 00 40  ⇒  EA 06  EA 06  4C E6  4C 26  :  00 C0  00 C0  00 00  00 C0
00 00 00  00 00 00 20  ⇒  EA 66  EA 66  4C E6  4C 06  :  00 A0  00 A0  00 00  00 E0
00 00 00  00 00 00 10  ⇒  EA 56  EA 56  4C 66  4C 76  :  00 90  00 90  00 80  00 90
00 00 00  00 00 00 08  ⇒  EA BE  EA BE  4C 06  4C 0E  :  00 78  00 78  00 E0  00 E8
00 00 00  00 00 00 04  ⇒  EA 7A  EA 7A  4C 36  4C 3A  :  00 BC  00 BC  00 D0  00 DC
00 00 00  00 00 00 02  ⇒  EA 1C  EA 1C  4C 56  4C 58  :  00 DA  00 DA  00 B0  00 BE
00 00 00  00 00 00 01  ⇒  EA F3  EA F3  4C 76  4C 77  :  00 35  00 35  00 90  00 91

00 00 00  00 00 00 00  ⇒  EA C6  EA C6  4C E6  4C E6  :  00 00  00 00  00 00  00 00
The format is input bytesoutput bytes : output exclusive-or'd with zero input output.
I've added spaces and empty lines to highlight the patterns I find most informative.

It seems obvious that the core algorithm uses little-endian 16-bit unsigned integer 'words' at its core, splitting the result into two pairs of two words.
It also seems obvious that the input should be treated as if it had a zero prepended, because then
    00 00 00 00  00 00 00 00  ⇒  EA C6  EA C6  4C E6  4C E6  :  00 00  00 00  00 00  00 00

    00 80 00 00  00 00 00 00  ⇒  EA 46  EA C6  4C 66  4C 66  :  00 80  00 00  00 80  00 80
    00 00 00 00  00 80 00 00  ⇒  EA 46  EA 46  4C 66  4C E6  :  00 80  00 80  00 80  00 00

    00 40 00 00  00 00 00 00  ⇒  EA 86  EA 46  4C 26  4C 26  :  00 40  00 80  00 C0  00 C0
    00 00 00 00  00 40 00 00  ⇒  EA 06  EA 06  4C 26  4C E6  :  00 C0  00 C0  00 C0  00 00

    00 20 00 00  00 00 00 00  ⇒  EA 26  EA 06  4C 86  4C 86  :  00 E0  00 C0  00 60  00 60
    00 00 00 00  00 20 00 00  ⇒  EA 66  EA 66  4C 06  4C E6  :  00 A0  00 A0  00 E0  00 00

    00 10 00 00  00 00 00 00  ⇒  EA 36  EA 26  4C 56  4C 56  :  00 F0  00 E0  00 B0  00 B0
    00 00 00 00  00 01 00 00  ⇒  EA F3  EA F3  4C 77  4C 76  :  00 35  00 35  00 91  00 90
and so on, down to
    00 00 00 01  00 00 00 00  ⇒  EA 2C  EA 2D  4C 2D  4C 2D  :  00 EA  00 EB  00 CB  00 CB
    00 00 00 00  00 00 00 01  ⇒  EA F3  EA F3  4C 76  4C 77  :  00 35  00 35  00 90  00 91

If one converts the above to binary representation (I can do that, if you don't mind my looong 'draft dissertation' posts; many do mind), the shifting patterns become much clearer.

If you create a program that starts with the result pattern corresponding to all input zeros, and exclusive-or it with each of the above (rightmost) patterns when the corresponding bit in the input is set, you get close, but not exact results.  There are both missing bits, and significant differences, indicating that bit shifts and additions and/or subtractions are used (instead of bit rotations and only exclusive-or operations).  Here are a few examples of what that yields given random inputs:
    F6 0B 67 1F 83 D4 F3  =>  73 D6 84 47 76 0C 2D 3C
    67 DB 00 CE EA 1E 53  =>  50 35 F7 21 AB 6A FB 13
    90 F4 11 67 F2 73 63  =>  EE 5A DA D4 9F 70 93 E1
    23 89 EE 7D A3 FF 5A  =>  5E EF 27 55 FE 00 7C B9
    CA 79 7E 15 64 19 FB  =>  48 3B 01 77 6E 51 6A CA
    B1 CA 65 5B 2D 3D D6  =>  F8 76 4E D5 B9 AB 47 1C
    32 4E 71 4B BC 22 3C  =>  9F 99 AD 5E E9 33 10 B3
    F0 26 4D 47 D0 74 13  =>  35 C8 5F 8D 5D 37 6E 78
    6C B6 6A F8 14 06 7A  =>  08 CB F2 3E 1E DE 68 F4
    E5 12 30 5E D0 57 91  =>  A7 01 B9 AC 60 CD 79 0C
and when exactly one random bit in each byte is set:
    40 04 40 20 02 40 08  =>  E2 FA E6 FA 50 E4 B0 E2
    80 04 08 40 01 80 40  =>  02 36 06 BE B0 68 F0 A9
    02 04 20 40 80 08 01  =>  DA 9F DE B9 50 8E 88 0F
    02 20 40 02 01 80 40  =>  B8 5F D8 99 B6 A9 34 68
    04 02 04 02 10 20 10  =>  14 F3 1A F3 F8 E8 DA E8
    02 01 02 04 08 04 40  =>  DC 3D DD 3D E7 42 E7 8A
    10 08 20 80 20 04 02  =>  46 5D BE 6D 84 04 18 EA
    20 10 80 10 01 80 80  =>  3A C9 2A 69 4C 75 DC F4
    04 04 10 02 80 20 04  =>  30 A9 34 45 EA 93 C8 1F
    08 10 10 04 08 01 01  =>  4F 93 5F 8B C4 D0 D9 D9

It is by no means an untractable problem; more a dull diligent search for the shifts and additions that will likely just take many hours.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6260
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #11 on: October 22, 2023, 01:29:19 pm »
Anyway, if you prepend a zero byte to the input, and convert it to four 16-bit little-endian words, the result in similar four 16-bit little endian words exclusive-or'ed with the result for all zeros, you get
Code: [Select]
0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000

0000000000000000 0000000000000000 0000000000000000 0000000000000001 : 0100000000111001 0100000000111001 0110111100100100 0110111100100101
0000000000000000 0000000000000000 0000000000000000 0000000000000010 : 1111101110010010 1111101110010010 1011010010011000 1011010010011010
0000000000000000 0000000000000000 0000000000000000 0000000000000100 : 1111111110111100 1111111110111100 1111001010100000 1111001010111100
0000000000000000 0000000000000000 0000000000000000 0000000000001000 : 0101011001011000 0101011001011000 0000010111100000 0000010111111000
0000000000000000 0000000000000000 0000000000000000 0000000000010000 : 1100100001110000 1100100001110000 0101010100000000 0101010100010000
0000000000000000 0000000000000000 0000000000000000 0000000000100000 : 0000011001100000 0000011001100000 0001011100000000 0001011100100000
0000000000000000 0000000000000000 0000000000000000 0000000001000000 : 1101001001000000 1101001001000000 1010000100000000 1010000111000000
0000000000000000 0000000000000000 0000000000000000 0000000010000000 : 1010110110000000 1010110110000000 0110110000000000 0110110010000000
0000000000000000 0000000000000000 0000000000000000 0000000100000000 : 0011010100000000 0011010100000000 1001000000000000 1001000100000000
0000000000000000 0000000000000000 0000000000000000 0000001000000000 : 1101101000000000 1101101000000000 1011000000000000 1011111000000000
0000000000000000 0000000000000000 0000000000000000 0000010000000000 : 1011110000000000 1011110000000000 1101000000000000 1101110000000000
0000000000000000 0000000000000000 0000000000000000 0000100000000000 : 0111100000000000 0111100000000000 1110000000000000 1110100000000000
0000000000000000 0000000000000000 0000000000000000 0001000000000000 : 1001000000000000 1001000000000000 1000000000000000 1001000000000000
0000000000000000 0000000000000000 0000000000000000 0010000000000000 : 1010000000000000 1010000000000000 0000000000000000 1110000000000000
0000000000000000 0000000000000000 0000000000000000 0100000000000000 : 1100000000000000 1100000000000000 0000000000000000 1100000000000000
0000000000000000 0000000000000000 0000000000000000 1000000000000000 : 1000000000000000 1000000000000000 0000000000000000 1000000000000000

0000000000000000 0000000000000000 0000000000000001 0000000000000000 : 0100000000111001 0100000000111001 0110111100100101 0110111100100100
0000000000000000 0000000000000000 0000000000000010 0000000000000000 : 1111101110010010 1111101110010010 1011010010011010 1011010010011000
0000000000000000 0000000000000000 0000000000000100 0000000000000000 : 1111111110111100 1111111110111100 1111001010111100 1111001010100000
0000000000000000 0000000000000000 0000000000001000 0000000000000000 : 0101011001011000 0101011001011000 0000010111111000 0000010111100000
0000000000000000 0000000000000000 0000000000010000 0000000000000000 : 1100100001110000 1100100001110000 0101010100010000 0101010100000000
0000000000000000 0000000000000000 0000000000100000 0000000000000000 : 0000011001100000 0000011001100000 0001011100100000 0001011100000000
0000000000000000 0000000000000000 0000000001000000 0000000000000000 : 1101001001000000 1101001001000000 1010000111000000 1010000100000000
0000000000000000 0000000000000000 0000000010000000 0000000000000000 : 1010110110000000 1010110110000000 0110110010000000 0110110000000000
0000000000000000 0000000000000000 0000000100000000 0000000000000000 : 0011010100000000 0011010100000000 1001000100000000 1001000000000000
0000000000000000 0000000000000000 0000001000000000 0000000000000000 : 1101101000000000 1101101000000000 1011111000000000 1011000000000000
0000000000000000 0000000000000000 0000010000000000 0000000000000000 : 1011110000000000 1011110000000000 1101110000000000 1101000000000000
0000000000000000 0000000000000000 0000100000000000 0000000000000000 : 0111100000000000 0111100000000000 1110100000000000 1110000000000000
0000000000000000 0000000000000000 0001000000000000 0000000000000000 : 1001000000000000 1001000000000000 1001000000000000 1000000000000000
0000000000000000 0000000000000000 0010000000000000 0000000000000000 : 1010000000000000 1010000000000000 1110000000000000 0000000000000000
0000000000000000 0000000000000000 0100000000000000 0000000000000000 : 1100000000000000 1100000000000000 1100000000000000 0000000000000000
0000000000000000 0000000000000000 1000000000000000 0000000000000000 : 1000000000000000 1000000000000000 1000000000000000 0000000000000000

0000000000000000 0000000000000001 0000000000000000 0000000000000000 : 0100010100110110 0100010100110111 0100110010110111 0100110010110111
0000000000000000 0000000000000010 0000000000000000 0000000000000000 : 0011010000001100 0011010000000010 1011110100101110 1011110100101110
0000000000000000 0000000000000100 0000000000000000 0000000000000000 : 1000101000101000 1000101000101100 1110101000111100 1110101000111100
0000000000000000 0000000000001000 0000000000000000 0000000000000000 : 1000001110010000 1000001101101000 1111110011101000 1111110011101000
0000000000000000 0000000000010000 0000000000000000 0000000000000000 : 0011111100100000 0011111100110000 1101101100010000 1101101100010000
0000000000000000 0000000000100000 0000000000000000 0000000000000000 : 1001100001000000 1001100000100000 1001000001100000 1001000001100000
0000000000000000 0000000001000000 0000000000000000 0000000000000000 : 0101100010000000 0101100001000000 1000101101000000 1000101101000000
0000000000000000 0000000010000000 0000000000000000 0000000000000000 : 1000000100000000 1000111010000000 1111111010000000 1111111010000000
0000000000000000 0000000100000000 0000000000000000 0000000000000000 : 1110101000000000 1110101100000000 1100101100000000 1100101100000000
0000000000000000 0000001000000000 0000000000000000 0000000000000000 : 0010010000000000 0010001000000000 0101011000000000 0101011000000000
0000000000000000 0000010000000000 0000000000000000 0000000000000000 : 0011100000000000 1100010000000000 1101110000000000 1101110000000000
0000000000000000 0000100000000000 0000000000000000 0000000000000000 : 0111000000000000 0111100000000000 1011100000000000 1011100000000000
0000000000000000 0001000000000000 0000000000000000 0000000000000000 : 1110000000000000 1111000000000000 1011000000000000 1011000000000000
0000000000000000 0010000000000000 0000000000000000 0000000000000000 : 1100000000000000 1110000000000000 0110000000000000 0110000000000000
0000000000000000 0100000000000000 0000000000000000 0000000000000000 : 1000000000000000 0100000000000000 1100000000000000 1100000000000000
0000000000000000 1000000000000000 0000000000000000 0000000000000000 : 0000000000000000 1000000000000000 1000000000000000 1000000000000000

0000000100000000 0000000000000000 0000000000000000 0000000000000000 : 1110101100000000 1110101000000000 1100101100000000 1100101100000000
0000001000000000 0000000000000000 0000000000000000 0000000000000000 : 0010001000000000 0010010000000000 0101011000000000 0101011000000000
0000010000000000 0000000000000000 0000000000000000 0000000000000000 : 1100010000000000 0011100000000000 1101110000000000 1101110000000000
0000100000000000 0000000000000000 0000000000000000 0000000000000000 : 0111100000000000 0111000000000000 1011100000000000 1011100000000000
0001000000000000 0000000000000000 0000000000000000 0000000000000000 : 1111000000000000 1110000000000000 1011000000000000 1011000000000000
0010000000000000 0000000000000000 0000000000000000 0000000000000000 : 1110000000000000 1100000000000000 0110000000000000 0110000000000000
0100000000000000 0000000000000000 0000000000000000 0000000000000000 : 0100000000000000 1000000000000000 1100000000000000 1100000000000000
1000000000000000 0000000000000000 0000000000000000 0000000000000000 : 1000000000000000 0000000000000000 1000000000000000 1000000000000000

0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000
Whether the algorithm is a 4-by-4 matrix multiplication on 16-bit words followed by an addition, i.e.
    result0 = 0xC6EA + (source0*unknown00 + source1*unknown01 + source2*unknown02 + source3*unknown03);
    result1 = 0xC6EA + (source0*unknown10 + source1*unknown11 + source2*unknown12 + source3*unknown13);
    result2 = 0xE64C + (source0*unknown20 + source1*unknown21 + source2*unknown22 + source3*unknown23);
    result3 = 0xE64C + (source0*unknown30 + source1*unknown31 + source2*unknown32 + source3*unknown33);
or such a multiplication against a vector sum,
    result0 = (source0 + unknown0)*unknown00 + (source1+unknown1)*unknown01 + (source2+unknown2)*unknown02 + (source3+unknown3)*unknown03;
    result1 = (source0 + unknown0)*unknown10 + (source1+unknown1)*unknown11 + (source2+unknown2)*unknown12 + (source3+unknown3)*unknown13;
    result2 = (source0 + unknown0)*unknown20 + (source1+unknown1)*unknown21 + (source2+unknown2)*unknown22 + (source3+unknown3)*unknown23;
    result3 = (source0 + unknown0)*unknown30 + (source1+unknown1)*unknown31 + (source2+unknown2)*unknown32 + (source3+unknown3)*unknown33;
I have not checked.  Based on the bit patterns, they (and similar variants) look worth investigating.
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #12 on: October 22, 2023, 07:49:45 pm »
If you exclusive-or away the zero pattern, the results are informative:

That is exactly what I did further back, and while the results were “interesting” I remained mostly uninformed. I’ll have to study your findings...
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #13 on: October 23, 2023, 05:58:37 pm »
Thanks for all the answers and participation in this puzzle.


Other challenges I’d be interested to see the response for would maybe include:
[...]

Responses are:
Code: [Select]
55 55 55 55 55 55 55 7E D8 D3 D8 74 82 74 82 
aa aa aa aa aa aa aa A2 41 4C 42 54 1C 54 1C
ff ff ff ff ff ff ff 26 BD 25 BE 5C 75 5C 75 
7f ff ff ff ff ff ff 26 3D 25 BE 5C F5 5C F5
bf ff ff ff ff ff ff 26 FD 25 3E 5C 35 5C 35
df ff ff ff ff ff ff 26 5D 25 7E 5C D5 5C D5   
ef ff ff ff ff ff ff 26 CD 25 DE 5C 85 5C 85 



Whether the algorithm is a 4-by-4 matrix multiplication on 16-bit words followed by an addition, i.e.
    result0 = 0xC6EA + (source0*unknown00 + source1*unknown01 + source2*unknown02 + source3*unknown03);
    result1 = 0xC6EA + (source0*unknown10 + source1*unknown11 + source2*unknown12 + source3*unknown13);
    result2 = 0xE64C + (source0*unknown20 + source1*unknown21 + source2*unknown22 + source3*unknown23);
    result3 = 0xE64C + (source0*unknown30 + source1*unknown31 + source2*unknown32 + source3*unknown33);
or such a multiplication against a vector sum,
    result0 = (source0 + unknown0)*unknown00 + (source1+unknown1)*unknown01 + (source2+unknown2)*unknown02 + (source3+unknown3)*unknown03;
    result1 = (source0 + unknown0)*unknown10 + (source1+unknown1)*unknown11 + (source2+unknown2)*unknown12 + (source3+unknown3)*unknown13;
    result2 = (source0 + unknown0)*unknown20 + (source1+unknown1)*unknown21 + (source2+unknown2)*unknown22 + (source3+unknown3)*unknown23;
    result3 = (source0 + unknown0)*unknown30 + (source1+unknown1)*unknown31 + (source2+unknown2)*unknown32 + (source3+unknown3)*unknown33;
I have not checked.  Based on the bit patterns, they (and similar variants) look worth investigating.
Sounds like a perfect plan for long autumn evenings ;) Impressive write-up! I'll be snooping in that direction.
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #14 on: October 23, 2023, 09:01:19 pm »
This is what I see for the additional responses. Some of the pattern assertions are still true for all so far.

Code: [Select]
00000000000000  ea c6 ea c6 4c e6 4c e6   00 00 00 00 00 00 00 00 C6=R7-R5+C4 C5=R6-R4+C3 C2=R3-R1+C0 C1=R2-R0
55555555555555  7e d8 d3 d8 74 82 74 82   94 1e 39 1e 38 64 38 64 C6=R7-R5+C4 C5=R6-R4+C3 C2=R3-R1+C0 C1=R2-R0
aaaaaaaaaaaaaa  a2 41 4c 42 54 1c 54 1c   48 87 a6 84 18 fa 18 fa C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
ffffffffffffff  26 bd 25 be 5c 75 5c 75   cc 7b cf 78 10 93 10 93 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
7fffffffffffff  26 3d 25 be 5c f5 5c f5   cc fb cf 78 10 13 10 13 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
bfffffffffffff  26 fd 25 3e 5c 35 5c 35   cc 3b cf f8 10 d3 10 d3 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
dfffffffffffff  26 5d 25 7e 5c d5 5c d5   cc 9b cf b8 10 33 10 33 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
efffffffffffff  26 cd 25 de 5c 85 5c 85   cc 0b cf 18 10 63 10 63 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0

This is with the difference to the response to all FF challenge instead of to all 00 challenge.

Code: [Select]
55555555555555  7e d8 d3 d8 74 82 74 82   58 65 f6 66 28 f7 28 f7 C6=R7-R5+C4 C5=R6-R4+C3 C2=R3-R1+C0 C1=R2-R0
aaaaaaaaaaaaaa  a2 41 4c 42 54 1c 54 1c   84 fc 69 fc 08 69 08 69 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
ffffffffffffff  26 bd 25 be 5c 75 5c 75   00 00 00 00 00 00 00 00 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
7fffffffffffff  26 3d 25 be 5c f5 5c f5   00 80 00 00 00 80 00 80 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
bfffffffffffff  26 fd 25 3e 5c 35 5c 35   00 40 00 80 00 40 00 40 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
dfffffffffffff  26 5d 25 7e 5c d5 5c d5   00 e0 00 c0 00 a0 00 a0 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
efffffffffffff  26 cd 25 de 5c 85 5c 85   00 70 00 60 00 f0 00 f0 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0

I think PIC16 does not have hardware multiply? Maybe that would have influenced what they did.

 

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #15 on: October 24, 2023, 07:22:59 am »
I think PIC16 does not have hardware multiply?
I guess not. I couldn't find any information about hardware multiplication/presence of math accel peripherial in the PIC16F877A datasheet.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6260
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #16 on: October 24, 2023, 10:05:18 am »
I think PIC16 does not have hardware multiply?
I guess not. I couldn't find any information about hardware multiplication/presence of math accel peripherial in the PIC16F877A datasheet.
A sequence of left shifts and additions is equivalent to multiplication.  For example, a*10 is exactly equivalent to (a<<1)+(a<<3), when a is any unsigned integer type with overflow ignored.  The result is slightly different, if instead of an addition, exclusive or (^) is used.
(When using both addition and subtraction and a constant N-bit multiplier, at most N/2 operations are needed.  For example, a*15 is exactly equivalent to (a<<4)-a when a is any integer type with modular/wraparound overflow.  Again, results are slightly different when exclusive or is used instead of subtraction.)

The behaviour when treated as little-endian unsigned 16-bit words, each bit only changing that bit position and more significant positions, indicates that any combination of shifts stay on the more significant side, i.e. there are at least as many left shifts as there are right shifts.

The behaviour when only the highest bits of the word are set (resulting in all zeros in specific result words) indicates that there likely is a right shift by one or two bits (depending on which of the four result words is involved) at the combine stage.

In any case, the problem at hand is not to replicate the sequence of instructions of how the PIC calculates the cryptographic hash, but to discover the mathematical representation of that calculation.  Because of the many equivalences (like multiplication being decomposable to shifts and additions, or shifts and additions and subtractions, and vice versa), and because this algorithm does not look like a proper cryptographic hash (since its output evinces clear patterns; in a proper cryptographic hash, almost half the bits should change whenever a single bit in the input changes; so called 'avalanche effect') but written by someone not versed in cryptography at all, it is basically guaranteed the mathematical representation is much simpler than the code itself.



As a comparison, consider my favourite random number generator, Xorshift 64*, by George Marsaglia.  It uses a single 64-bit nonzero number x as its state.  The state is updated and a new pseudorandom 64-bit number y generated using simply
    x = x ^ (x >> 12);
    x = x ^ (x << 25);
    x = x ^ (x >> 27);
    y = x * 2685821657736338717;

Even though it is this simple (and horribly fast, compared to other generators), the sequence of y is fairly random, surpassing many currently used pseudorandom number generators touted as "best".  Indeed, if we use only the 32 most significant bits z of those y,
    z = y >> 32;
the sequence of outputs passes the most stringent statistical randomness tests currently widely used: the BigCrush tests of the TestU01 framework.
In fact, up to 40 most significant bits can be used.  The full 64-bit output only fails the MatrixRank test of BigCrush.

In comparison, Mersenne Twister (MT19937) fails two tests in the BigCrush test set.  A modified TinyMT does pass BigCrush test set also, but has seen much less investigation than the Xorshift family of functions.

However, most of the choices of the shift sizes and the final multiplier in such linear-feedback shift register pseudorandom number generators, do not yield good results.  In practice, they need to be tested for randomness and patterns.  This is why pseudorandom number generator investigators and specialists say one should not just try to create their own variant: most choices are bad, and you're unlikely to hit a good combination without proper verification.

The step from randomness to cryptographic hashes is huge, and involves irreversibility: making it impossible to derive any source value (plaintext) from the result value (ciphertext).  When two source values yield the same result, it is called a collision.  Various attack models, like appending a short stub to a source value to force a collision, exist.  This is why cryptographic hashes are often designed from ground up using different models, and exhibit features like a change in any single bit in the source value changes half the bits on average in the result value.

Fortunately, none of that is evident here: this is not a proper cryptograhic hash, just a hash that shows clear patterns.
If it was a proper cryptographic hash, I wouldn't even bother trying to reverse it.  Even when the algorithm itself is known, but not the initialization vector or secret that is mixed with the plaintext (depending on the algorithm type), reverse-engineering can be impossible within a human lifetime.
(I am not a cryptographer myself, and only know enough to write secure software using proper cryptographic principles and techniques without failing horribly.)
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6260
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #17 on: October 24, 2023, 03:48:22 pm »
twizzter, if you have/can automate the hashing, getting the results for patterns
    hh 00 hh 00 00 00 00 00
    00 hh 00 hh 00 hh 00
    00 00 00 hh 00 hh 00
    00 00 00 00 hh 00 hh
for hh in 80 40 20 10 08 04 02 01, would be very useful.
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #18 on: October 24, 2023, 05:37:46 pm »
Sure! Results are:
Code: [Select]
80 00 80 00 00 00 00 EA 46 EA 46 4C E6 4C E6
40 00 40 00 00 00 00 EA 06 EA 06 4C 66 4C 66
20 00 20 00 00 00 00 EA 66 EA 66 4C 26 4C 26
10 00 10 00 00 00 00 EA 16 EA 16 4C C6 4C C6
08 00 08 00 00 00 00 EA AE EA AE 4C D6 4C D6
04 00 04 00 00 00 00 EA 1A EA 1A 4C CE 4C CE
02 00 02 00 00 00 00 EA D0 EA D0 4C 9A 4C 9A
01 00 01 00 00 00 00 EA 1B EA 1B 4C 64 4C 64

00 80 00 80 00 80 00 EA CC 6A CD 4C 61 4C 61
00 40 00 40 00 40 00 EA 47 2A 48 4C 35 4C 35
00 20 00 20 00 20 00 EA E5 0A E6 4C 8D 4C 8D
00 10 00 10 00 10 00 AA 16 BA 16 EC 0A EC 0A
00 08 00 08 00 08 00 4A DB 52 DB 2C E4 2C E4
00 04 00 04 00 04 00 5A CD 5E CD 94 3B 94 3B
00 02 00 02 00 02 00 82 8A 84 8A 54 A8 54 A8
00 01 00 01 00 01 00 EE 43 EF 43 2C 92 2C 92

00 00 00 80 00 80 00 EA 37 EA 37 CC 72 CC 72
00 00 00 40 00 40 00 6A 82 6A 82 8C 06 8C 06
00 00 00 20 00 20 00 2A 60 2A 60 6C 2E 6C 2E
00 00 00 10 00 10 00 4A 10 4A 10 5C 98 5C 98
00 00 00 08 00 08 00 7A 8E 7A 8E D4 46 D4 46
00 00 00 04 00 04 00 C2 25 C2 25 D0 2D D0 2D 
00 00 00 02 00 02 00 06 B7 06 B7 EE 89 EE 89
00 00 00 01 00 01 00 BC 93 BC 93 9D 22 9D 22

00 00 00 00 80 00 80 EA C6 EA C6 4C 66 4C 66
00 00 00 00 40 00 40 EA 46 EA 46 4C 26 4C 26
00 00 00 00 20 00 20 EA 06 EA 06 4C 06 4C 06
00 00 00 00 10 00 10 EA E6 EA E6 4C 76 4C 76
00 00 00 00 08 00 08 EA B6 EA B6 4C 2E 4C 2E
00 00 00 00 04 00 04 EA AE EA AE 4C 4A 4C 4A
00 00 00 00 02 00 02 EA 52 EA 52 4C 38 4C 38
00 00 00 00 01 00 01 EA C0 EA C0 4C 87 4C 87

 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #19 on: October 29, 2023, 02:05:56 am »
Did you make any further progress with this?

I noted previously that there were several sum/difference patterns that were true for most but not all of the samples given. I threw together some code to search for patterns, and observed that many of the patterns found were true for all but one sample, and suspiciously it was the same sample showing up as the exception. My input is just a concatenation of the samples cut & pasted from the various posts here, so some duplicate challenges are possible, and it turns out that the challenge causing the exception, was present in another sample, but with a different response provided.

I added code to check for conflicting input, and it identified only one conflict:

Code: [Select]
conflicting input for 38 and 93:
0000000000040000 ea7aea7a4c3a4c36 <> 0000000000040000 eaf7eaf74ccb4cc6

(challenge has a zero byte prepended, making it 8 bytes there)

Source of those:

Code: [Select]
       0 0 0 0 4 0 0    EA F7 EA F7 4C CB 4C C6   (in first post here)
00 00 00 00 04 00 00 EA 7A EA 7A 4C 3A 4C 36   (from reply #6)

I’d say that the first of those is wrong, for whatever reason. The response given there happens to be the same as the response for the next challenge. In any event, I have discarded it, but it does leave me wondering if all the other responses given are to be trusted (most challenges have only been given once).

With that change to the input data, this is the result of the sum/difference pattern search:

Code: [Select]
R0 = +R2-C2
R0 = +R2+R4-R6+C6-C2-C4
R0 = +R2+R5-R7+C7-C2-C5
R0 = +R2+R4+R5-R6-R7+C6+C7-C2-C4-C5
R0 = +R2+R6-R4+C4-C2-C6
R0 = +R2+R5+R6-R4-R7+C4+C7-C2-C5-C6
R0 = +R2+R7-R5+C5-C2-C7
R0 = +R2+R4+R7-R5-R6+C5+C6-C2-C4-C7
R0 = +R2+R6+R7-R4-R5+C4+C5-C2-C6-C7
R2 = +R0+C2
R2 = +R0+R4-R6+C2+C6-C4
R2 = +R0+R5-R7+C2+C7-C5
R2 = +R0+R4+R5-R6-R7+C2+C6+C7-C4-C5
R2 = +R0+R6-R4+C2+C4-C6
R2 = +R0+R5+R6-R4-R7+C2+C4+C7-C5-C6
R2 = +R0+R7-R5+C2+C5-C7
R2 = +R0+R4+R7-R5-R6+C2+C5+C6-C4-C7
R2 = +R0+R6+R7-R4-R5+C2+C4+C5-C6-C7
R4 = +R6+C4-C6
R4 = +R0+R6-R2+C2+C4-C6
R4 = +R2+R6-R0+C4-C2-C6
R4 = +R5+R6-R7+C4+C7-C5-C6
R4 = +R0+R5+R6-R2-R7+C2+C4+C7-C5-C6
R4 = +R2+R5+R6-R0-R7+C4+C7-C2-C5-C6
R4 = +R6+R7-R5+C4+C5-C6-C7
R4 = +R0+R6+R7-R2-R5+C2+C4+C5-C6-C7
R4 = +R2+R6+R7-R0-R5+C4+C5-C2-C6-C7
R5 = +R7+C5-C7
R5 = +R0+R7-R2+C2+C5-C7
R5 = +R2+R7-R0+C5-C2-C7
R5 = +R4+R7-R6+C5+C6-C4-C7
R5 = +R0+R4+R7-R2-R6+C2+C5+C6-C4-C7
R5 = +R2+R4+R7-R0-R6+C5+C6-C2-C4-C7
R5 = +R6+R7-R4+C4+C5-C6-C7
R5 = +R0+R6+R7-R2-R4+C2+C4+C5-C6-C7
R5 = +R2+R6+R7-R0-R4+C4+C5-C2-C6-C7
R6 = +R4+C6-C4
R6 = +R0+R4-R2+C2+C6-C4
R6 = +R2+R4-R0+C6-C2-C4
R6 = +R4+R5-R7+C6+C7-C4-C5
R6 = +R0+R4+R5-R2-R7+C2+C6+C7-C4-C5
R6 = +R2+R4+R5-R0-R7+C6+C7-C2-C4-C5
R6 = +R4+R7-R5+C5+C6-C4-C7
R6 = +R0+R4+R7-R2-R5+C2+C5+C6-C4-C7
R6 = +R2+R4+R7-R0-R5+C5+C6-C2-C4-C7
R7 = +R5+C7-C5
R7 = +R0+R5-R2+C2+C7-C5
R7 = +R2+R5-R0+C7-C2-C5
R7 = +R4+R5-R6+C6+C7-C4-C5
R7 = +R0+R4+R5-R2-R6+C2+C6+C7-C4-C5
R7 = +R2+R4+R5-R0-R6+C6+C7-C2-C4-C5
R7 = +R5+R6-R4+C4+C7-C5-C6
R7 = +R0+R5+R6-R2-R4+C2+C4+C7-C5-C6
R7 = +R2+R5+R6-R0-R4+C4+C7-C2-C5-C6

Note that due to the extra zero byte in front of the challenge, the challenge byte numbers are one greater than given before, and C0 is omitted as it is always zero. Most of those are just saying the same thing in different, and sometimes long-winded ways, but it does seem that three of the response bytes can be calculated from three others (together with the challenge). Useful? I don’t know.

Another observation is that R0, R2, R4 & R6 appear to be functions of only C2 C4 & C6. Plus, when C2 is zero, interchanging C4 and C6 causes R0 and R2 to be interchanged, and also R4 and R6 to be interchanged. At least from looking at the available samples, I did not check the interchange assertion programmatically.
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #20 on: October 29, 2023, 01:03:34 pm »
Did you make any further progress with this?
I have written several sets of equations using patterns from post #13, but so far without success.
Unfortunately, looks like i made a mistake while copying and pasting data from the console.
I'll run dump again and verify all data i have posted here, to make sure that sets are correct - this is a crucial matter.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6260
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #21 on: October 29, 2023, 03:28:03 pm »
Please include the patterns
    hh 00 00 00 00 00 00
    00 hh 00 00 00 00 00
    00 00 hh 00 00 00 00
    00 00 00 hh 00 00 00
    00 00 00 00 hh 00 00
    00 00 00 00 00 hh 00
    00 00 00 00 00 00 hh
    hh 00 hh 00 00 00 00
    00 hh 00 hh 00 00 00
    00 00 hh 00 hh 00 00
    00 00 00 hh 00 hh 00
    00 00 00 00 hh 00 hh
    hh 00 hh 00 hh 00 00
    00 hh 00 hh 00 hh 00
    00 00 hh 00 hh 00 hh
    hh 00 hh 00 hh 00 hh
each for hh in 80, 40, 20, 10, 08, 04, 02, 01, FF, AA, 55, 7F, BF, DF, EF, F7, FB, FD, FE, F0, 0F, C0, 03, if you can.

I took a look at the PIC instruction set (as I don't use PICs myself), and realized that the instruction set has very likely guided the algorithm author because of its simplicity.

I'd like to investigate this further, but need more data.  For example, as 16-bit values, the ciphertext words stay unchanged up to the least significant bit set in the plaintext words.  Is this an artefact, or a real property of the algorithm?  To find out, I'd need the results of patterns like
    00 00 00 20 00 40 00
    00 00 00 04 00 02 00
    00 00 00 08 00 80 00
    00 00 00 80 00 08 00
and
    40 00 02 00 00 00 00
    02 00 40 00 00 00 00
for comparison to the above large hh set.

For brute-forcing various possible operation sequences, random sources and especially random sources with each plaintext word having at most just one bit set, would help.  (I.e., each of the seven bytes has value 80, 40, 20, 10, 08, 04, 02, 01, or 00, randomly.)

The SWAPF instruction means a 4-bit substitution box construction would be very feasible (via FSR and INDF registers).  It is basically just a look-up table with 16 entries, for every possible nibble value.  However, we don't see 4-bit granularity in the ciphertext patterns, making its direct use unlikely.  (The table would have to be constructed such that (0b1111 & S[i]) ≥ i, which is possible, but unlikely.)

The fact that PIC loop construction uses DECFSZ, INCFSZ, BTFSC, or BTFSS followed by a GOTO to the start of the next iteration, is likely significant.  One possibility is that the plaintext word is rotated into the ciphertext word using
        CLR    dstlo
        CLR    dsthi
        CLRW
    loop:
        RLF    srclo, 1
        RLF    srchi, 1
        RRF    dsthi, 1
        RRF    dstlo, 1
        ADDWF  srchi, 1
        BTFSS  STATUS, ZERO
        GOTO   loop
        ADDWF  srclo, 1
        BTFSS  STATUS, ZERO
        GOTO   loop
for all four words first (using only 10 bytes of RAM, since the source plaintext is not needed afterwards).  That has the "benefit" of reversing the bits, while having at least as many least significant zero bits in the ciphertext words as were in the plaintext words.  The six last lines simply loop until the plaintext is zero, relying on the fact that the W register is zero, and adding zero to a byte will set carry and zero flags when appropriate.
Following that transformation, the words could be "mixed" together using the W register and some RLF, ADDWF and XORWF operations.
Thing is, with sufficient plaintext → ciphertext pairs, we can write a brute force explorer, which tests a large number of such mixing operation combinations. 

That initial solution space is huge, but the symmetries observed –– like swapping first and second, or third and fourth 16-bit plaintext words, just swaps the corresponding 16-bit ciphertext words –– and other details revealed by the systematic plaintext → ciphertext patterns, may limit the solution space so that brute force verification of the remaining possibilities becomes feasible.

All this also means I was wrong :-[: It is not better to look at the mathematical operations here, to find out the algorithm!  In fact, it is better to look at the PIC instruction set possibilities, because those and PIC memory are much more limited than the possibilities of ordinary binary arithmetic.  Apologies for the misguided suggestion earlier.
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 322
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #22 on: October 30, 2023, 11:22:12 am »
Unfortunately, looks like i made a mistake while copying and pasting data from the console.

Console? So how do you pass the challenge to this device?

I'm guessing some serial communication, but then how does the device know the entire challenge has been passed?

Really getting at whether it might be possible that the challenge could be (optionally) longer than 7 bytes? I have in mind the hints that the challenge might be handled as four 16-bit words. If there is some way to give it 8 bytes, then there would be some challenges to try as extensions to those already suggested.

Also, what is this magic device, and what purpose does the challenge-response serve?
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 20
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #23 on: October 30, 2023, 08:01:03 pm »
Console? So how do you pass the challenge to this device?

I'm using console to interface with eval board, which acts as a host and composes proper challenge frame (header, body and chksum) which is then sent by second uart to mentioned device.

Whole thing is an automotive stuff - an extension/sandwich board used to reprogram ecu by usb.
After ignition is switched on, ecu sends challenge by its uart (and so does my eval), flasher board sends back response. Bad response or no response = ecu will get a limp mode.
I'm trying to find if ecu is able to run properly without sandwich, cause after flashing is done, theoreeeeetically ecu does not need piggy anymore.
I'll get back with new datasets soon - need to rewrite eval firmware to make it more flexible.

 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6260
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #24 on: October 31, 2023, 07:47:53 am »
I'm using console to interface with eval board, which acts as a host and composes proper challenge frame (header, body and chksum) which is then sent by second uart to mentioned device.
What do you mean by console?  A serial terminal or terminal emulator?  Or something that has separate display and a hex keyboard ?

I'll get back with new datasets soon - need to rewrite eval firmware to make it more flexible.
Ah, I think I understand: your current eval board interface is an interactive one, exposed via a serial connection, I guess?

If this was me, I'd probably use a text-based protocol, connecting the eval board to a separate microcontroller (that is connected to a computer via e.g. USB serial) with one UART connected to the eval board console UART, and another UART with RX connected to the eval board outgoing TX to receive a copy of the challenge frames.  That helper microcontroller would take queries of form
    ? hh hh hh hh hh hh hh
that if acceptable, would forward the data to the eval board, which would generate a challenge frame, which would be peeked at, and result in a response of form
    ? hh hh hh hh hh hh hh = hh hh hh hh hh hh hh hh
If not acceptable or an error occurs, the response would be
    ! error message
It's simple to parse (no need to buffer input, it can be handled online, character by character as it arrives), easy to extend, and reporting back both the plaintext and the corresponding ciphertext avoids copy-paste errors.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf