Author Topic: Need help with reversing an old auth algo  (Read 3581 times)

0 Members and 1 Guest are viewing this topic.

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Need help with reversing an old auth algo
« on: October 16, 2023, 09:18:52 am »
Trying to reverse an obsolete device's auth algorithm which transforms 7-byte words into 8-byte responses.
At first look it does not look like an advanced crypto - i can see some patterns.
I am able to send any challenge and look at the response.

- algo is not rolling -  same word will always output same response
- since it runs on an old embedded PIC16 platform i assumed simple math and bitwise operations like and, or, xor, mod, bit shifting. Polynomials/CRC maybe?
- it looks like response consists of four "core" bytes (first+second and fifth+sixth), other four are derivatives from first by adding/subtracting values from input word
- i believe first byte of answer is generated from second, fourth and sixth byte of input
- input number order matters, for example 0102020 and 0201020 challenge will yield different output

What i tried already:
-simple add/multiply/xoring
-crcreveng - no champagne
-no matches on crccalc.com
Comm dump attached. Would appreciate any advice on tools/approaches regarding this riddle.

Code: [Select]
challenge         response
0 0 0 0 0 0 0 EA C6 EA C6 4C E6 4C E6
0 0 0 0 0 0 1 EA F3 EA F3 4C 76 4C 77
0 0 0 0 0 0 2 EA 1C EA 1C 4C 56 4C 58
0 0 0 0 0 0 3 EA 79 EA 79 4C E6 4C E9
0 0 0 0 0 0 4 EA 7A EA 7A 4C 36 4C 3A
0 0 0 0 0 0 5 EA F7 EA F7 4C C6 4C CB
0 0 0 0 0 0 6 EA C0 EA C0 4C 26 4C 2C
0 0 0 0 0 0 7 EA 3D EA 3D 4C B6 4C BD
0 0 0 0 0 0 8  EA BE EA BE 4C 06 4C 0E
0 0 0 0 0 0 9 EA 8B EA 8B 4C 56 4C 5F
0 0 0 0 0 0 A EA 54 EA 54 4C F6 4C 00
0 0 0 0 0 0 B EA 31 EA 31 4C 46 4C 51
0 0 0 0 0 0 C EA 92 EA 92 4C 16 4C 22 
0 0 0 0 0 0 D EA 4F EA 4F 4C 26 4C 33
0 0 0 0 0 0 E EA 58 EA 58 4C C6 4C D4 
0 0 0 0 0 0 F EA 55 EA 55 4C D6 4C E5 
0 0 0 0 0 0 10 EA 56 EA 56 4C 66 4C 76

0 0 0 0 0 1 0 D3 86 D3 86 68 89 69 89
0 0 0 0 0 2 0 78 3D 78 3D D4 52 D6 52
0 0 0 0 0 3 0 41 37 41 37 40 E2 43 E2
0 0 0 0 0 4 0 56 39 56 39 EC 14 F0 14
0 0 0 0 0 5 0 DF 7F DF 7F E8 91 ED 91
0 0 0 0 0 6 0 64 DE 64 DE B4 FF BA FF
0 0 0 0 0 7 0 FD 63 FD 63 C0 26 C7 26
0 0 0 0 0 8 0 B2 90 B2 90 AC E3 B4 E3
0 0 0 0 0 9 0 3B DE 3B DE 08 12 11 12
0 0 0 0 0 A 0 80 47 80 47 74 A6 7E A6
0 0 0 0 0 B 0 A9 D1 A9 D1 20 F1 2B F1
0 0 0 0 0 C 0 1E E0 1E E0 CC 73 D8 73
0 0 0 0 0 D 0 87 3F 87 3F 48 5A 55 5A
0 0 0 0 0 E 0 2C CB 2C CB D4 C8 E2 C8
0 0 0 0 0 F 0 C5 E2 C5 E2 E0 D7 EF D7
0 0 0 0 0 10 0 9A 0E 9A 0E 4C B3 5C B3

0 0 0 0 1 0 0 EA F3 EA F3 4C 77 4C 76
0 0 0 0 2 0 0 EA 1C EA 1C 4C 58 4C 56
0 0 0 0 3 0 0 EA 79 EA 79 4C E9 4C E6
0 0 0 0 4 0 0 EA F7 EA F7 4C CB 4C C6
0 0 0 0 5 0 0 EA F7 EA F7 4C CB 4C C6
0 0 0 0 6 0 0 EA C0 EA C0 4C 2C 4C 26
0 0 0 0 7 0 0 EA 3D EA 3D 4C BD 4C B6
0 0 0 0 8 0 0 EA BE EA BE 4C 0E 4C 06
0 0 0 0 9 0 0 EA 8B EA 8B 4C 5F 4C 56
0 0 0 0 A 0 0 EA 54 EA 54 4C 00 4C F6
0 0 0 0 B 0 0 EA 31 EA 31 4C 51 4C 46
0 0 0 0 C 0 0 EA 92 EA 92 4C 22 4C 16
0 0 0 0 D 0 0 EA 4F EA 4F 4C 33 4C 26
0 0 0 0 E 0 0 EA 58 EA 58 4C D4 4C C6
0 0 0 0 F 0 0 EA 55 EA 55 4C E5 4C D6
0 0 0 0 10 0 0 EA 56 EA 56 4C 76 4C 66

0 0 0 1 0 0 0 D3 86 D3 86 69 89 68 89
0 0 0 2 0 0 0 78 3D 78 3D D6 52 D4 52
0 0 0 3 0 0 0 41 37 41 37 43 E2 40 E2
0 0 0 4 0 0 0 56 39 56 39 F0 14 EC 14
0 0 0 5 0 0 0 DF 7F DF 7F ED 91 E8 91
0 0 0 6 0 0 0 64 DE 64 DE BA FF B4 FF
0 0 0 7 0 0 0 FD 63 FD 63 C7 26 C0 26
0 0 0 8 0 0 0 B2 90 B2 90 B4 E3 AC E3
0 0 0 9 0 0 0 3B DE 3B DE 11 12 08 12
0 0 0 A 0 0 0 80 47 80 47 7E A6 74 A6 
0 0 0 B 0 0 0 A9 D1 A9 D1 2B F1 20 F1
0 0 0 C 0 0 0 1E E0 1E E0 D8 73 CC 73
0 0 0 D 0 0 0 87 3F 87 3F 55 5A 48 5A
0 0 0 E 0 0 0 2C CB 2C CB E2 C8 D4 C8
0 0 0 F 0 0 0 C5 E2 C5 E2 EF D7 E0 D7
0 0 0 10 0 0 0 9A 0E 9A 0E 5C B3 4C B3

0 0 1 0 0 0 0 EA 2C EA 2D 4C 2D 4C 2D
0 0 2 0 0 0 0 EA E2 EA E4 4C B0 4C B0
0 0 3 0 0 0 0 EA A8 EA AB 4C D7 4C D7
0 0 4 0 0 0 0 EA FE EA 02 4C 3A 4C 3A
0 0 5 0 0 0 0 EA 24 EA 29 4C C1 4C C1
0 0 6 0 0 0 0 EA 3A EA 40 4C F4 4C F4   
0 0 7 0 0 0 0 EA A0 EA A7 4C AB 4C AB
0 0 8 0 0 0 0 EA B6 EA BE 4C 5E 4C 5E
0 0 9 0 0 0 0 EA DC EA E5 4C 85 4C 85
0 0 A 0 0 0 0 EA 12 EA 1C 4C 68 4C 68  
0 0 B 0 0 0 0 EA 18 EA 23 4C CF 4C CF
0 0 C 0 0 0 0 EA EE EA FA 4C 52 4C 52
0 0 D 0 0 0 0 EA 54 EA 61 4C 19 4C 19
0 0 E 0 0 0 0 EA 6A EA 78 4C 0C 4C 0C
0 0 F 0 0 0 0 EA 10 EA 1F 4C 23 4C 23
0 0 10 0 0 0 0 EA 26 EA 36 4C 56 4C 56 

0 1 0 0 0 0 0 DC 83 DD 83 FB AA FB AA
0 2 0 0 0 0 0 E6 F2 E8 F2 62 5B 62 5B
0 3 0 0 0 0 0 68 1F 6B 1F 99 C2 99 C2
0 4 0 0 0 0 0 C2 4C C6 4C 70 0C 70 0C     
0 5 0 0 0 0 0 74 59 79 59 BF CE BF CE
0 6 0 0 0 0 0 9E 5F A4 5F C6 7D C6 7D
0 7 0 0 0 0 0 60 20 67 20 6D 56 6D 56
0 8 0 0 0 0 0 7A 45 82 45 A4 1A A4 1A
0 9 0 0 0 0 0 2C B1 35 B1 33 94 33 94 
0 A 0 0 0 0 0 F6 0D 00 0E FA FF FA FF  
0 B 0 0 0 0 0 38 21 43 21 11 51 11 51
0 C 0 0 0 0 0 92 F4 9E F4 48 26 48 26
0 D 0 0 0 0 0 44 BF 51 BF 77 76 77 76
0 E 0 0 0 0 0 EE F0 FC F0 1E AF 1E AF
0 F 0 0 0 0 0 70 5A 7F 5A 65 BD 65 BD
0 10 0 0 0 0 0 CA F9 DA F9 5C 3D 5C 3D

1 0 0 0 0 0 0 EA 2D EA 2C 4C 2D 4C 2D
2 0 0 0 0 0 0 EA E4 EA E2 4C B0 4C B0
3 0 0 0 0 0 0 EA AB EA A8 4C D7 4C D7 
4 0 0 0 0 0 0 EA 02 EA FE 4C 3A 4C 3A    
5 0 0 0 0 0 0 EA 29 EA 24 4C C1 4C C1
6 0 0 0 0 0 0 EA 40 EA 3A 4C F4 4C F4 
7 0 0 0 0 0 0 EA A7 EA A0 4C AB 4C AB 
8 0 0 0 0 0 0 EA BE EA B6 4C 5E 4C 5E 
9 0 0 0 0 0 0 EA E5 EA DC 4C 85 4C 85
A 0 0 0 0 0 0 EA 1C EA 12 4C 68 4C 68 
B 0 0 0 0 0 0 EA 23 EA 18 4C CF 4C CF
C 0 0 0 0 0 0 EA FA EA EE 4C 52 4C 52   
D 0 0 0 0 0 0 EA 61 EA 54 4C 19 4C 19
E 0 0 0 0 0 0 EA 78 EA 6A 4C 0C 4C 0C   
F 0 0 0 0 0 0 EA 1F EA 10 4C 23 4C 23 
10 0 0 0 0 0 0 EA 36 EA 26 4C 56 4C 56

1 1 1 1 1 1 1 EE 12 EF 12 2C 01 2C 01
2 2 2 2 2 2 2 82 20 84 20 54 1E 54 1E
3 3 3 3 3 3 3 B6 33 B9 33 C4 33 C4 33
4 4 4 4 4 4 4 5A 09 5E 09 94 27 94 27
5 5 5 5 5 5 5 BE 3C C3 3C D4 97 D4 97
6 6 6 6 6 6 6 B2 50 B8 50 DC BC DC BC
7 7 7 7 7 7 7 C6 10 CD 10 FC DF FC DF
8 8 8 8 8 8 8 4A B3 52 B3 2C 1C 2C 1C
9 9 9 9 9 9 9 0E 20 17 20 6C 63 6C 63
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #1 on: October 16, 2023, 10:24:37 am »
If those challenges are “7-byte words”, why do you stop at 0x10?

In other words why no challenges like these say?

Code: [Select]
0 0 0 0 0 0 11
0 0 0 0 0 0 20
0 0 0 0 0 0 FF
FF FF FF FF FF FF FF

I think I’m missing something...
« Last Edit: October 16, 2023, 10:28:38 am by ozcar »
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #2 on: October 16, 2023, 11:03:49 am »
If those challenges are “7-byte words”, why do you stop at 0x10?
That simply was an initial data set i've managed to prepare so far, just to have some overview. Dumping all possible combinations would be a very time-consuming task.
« Last Edit: October 16, 2023, 01:04:00 pm by twizzter »
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #3 on: October 16, 2023, 11:11:27 am »
Shifting a single bit through each position may give some clue:

Code: [Select]
80 00 00 00 00 00 00
40 00 00 00 00 00 00
20 00 00 00 00 00 00
10 00 00 00 00 00 00
08 00 00 00 00 00 00
04 00 00 00 00 00 00
02 00 00 00 00 00 00
01 00 00 00 00 00 00
00 80 00 00 00 00 00

00 00 00 00 00 00 04
00 00 00 00 00 00 02
00 00 00 00 00 00 01

Or maybe just add to the confusion.
 

Offline AndyBeez

  • Frequent Contributor
  • **
  • Posts: 856
  • Country: nu
Re: Need help with reversing an old auth algo
« Reply #4 on: October 18, 2023, 12:21:10 pm »
Challenge "10" ?

Looking at your data I get what you are doing - 10 is a hex field ::)

I note repetition of bytes on the odd order challenges.

x 0 x 0 x 0 x is always EA xx EA xx 4C xx 4C xx

This might be revealing a bit mask.

A hashing function would not generate repetitions, unless it was broken.

I think you have to hack into the PICs program space.
« Last Edit: October 18, 2023, 08:05:36 pm by AndyBeez »
 

Offline DavidAlfa

  • Super Contributor
  • ***
  • Posts: 6169
  • Country: es
Re: Need help with reversing an old auth algo
« Reply #5 on: October 18, 2023, 01:43:23 pm »
Have you checked if the pic16 is read protected?
Hantek DSO2x1x            Drive        FAQ          DON'T BUY HANTEK! (Aka HALF-MADE)
Stm32 Soldering FW      Forum      Github      Donate
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #6 on: October 18, 2023, 09:01:33 pm »
Shifting a single bit through each position may give some clue
Or maybe just add to the confusion.

Well, i won't be more confused than i have been so far ;)
Code: [Select]
80 00 00 00 00 00 00 EA 46 EA C6 4C 66 4C 66
40 00 00 00 00 00 00 EA 86 EA 46 4C 26 4C 26
20 00 00 00 00 00 00 EA 26 EA 06 4C 86 4C 86 
10 00 00 00 00 00 00 EA 36 EA 26 4C 56 4C 56
08 00 00 00 00 00 00 EA BE EA B6 4C 5E 4C 5E
04 00 00 00 00 00 00 EA 02 EA FE 4C 3A 4C 3A   
02 00 00 00 00 00 00 EA E4 EA E2 4C B0 4C B0 
01 00 00 00 00 00 00 EA 2D EA 2C 4C 2D 4C 2D
     
00 80 00 00 00 00 00 EA 47 6A 48 CC 18 CC 18
00 40 00 00 00 00 00 6A 9E AA 9E 0C 6D 0C 6D
00 20 00 00 00 00 00 AA 5E CA 5E 2C 76 2C 76
00 10 00 00 00 00 00 CA F9 DA F9 5C 3D 5C 3D
00 08 00 00 00 00 00 7A 45 82 45 A4 1A A4 1A
00 04 00 00 00 00 00 C2 4C C6 4C 70 0C 70 0C 
00 02 00 00 00 00 00 E6 F2 E8 F2 62 5B 62 5B
00 01 00 00 00 00 00 DC 83 DD 83 FB AA FB AA

00 00 80 00 00 00 00 EA C6 EA 46 4C 66 4C 66
00 00 40 00 00 00 00 EA 46 EA 86 4C 26 4C 26
00 00 20 00 00 00 00 EA 06 EA 26 4C 86 4C 86
00 00 10 00 00 00 00 EA 26 EA 36 4C 56 4C 56
00 00 08 00 00 00 00 EA B6 EA BE 4C 5E 4C 5E
00 00 04 00 00 00 00 EA FE EA 02 4C 3A 4C 3A 
00 00 02 00 00 00 00 EA E2 EA E4 4C B0 4C B0
00 00 01 00 00 00 00 EA 2C EA 2D 4C 2D 4C 2D

00 00 00 80 00 00 00 6A 6B 6A 6B CC 8A 4C 8A
00 00 00 40 00 00 00 AA 14 AA 14 8C 47 4C 47
00 00 00 20 00 00 00 8A C0 8A C0 6C F1 4C F1
00 00 00 10 00 00 00 9A 0E 9A 0E 5C B3 4C B3 
00 00 00 08 00 00 00 B2 90 B2 90 B4 E3 AC E3
00 00 00 04 00 00 00 56 39 56 39 F0 14 EC 14
00 00 00 02 00 00 00 78 3D 78 3D D6 52 D4 52
00 00 00 01 00 00 00 D3 86 D3 86 69 89 68 89

00 00 00 00 80 00 00 EA 46 EA 46 4C 66 4C E6
00 00 00 00 40 00 00 EA 06 EA 06 4C 26 4C E6   
00 00 00 00 20 00 00 EA 66 EA 66 4C 06 4C E6
00 00 00 00 10 00 00 EA 56 EA 56 4C 76 4C 66
00 00 00 00 08 00 00 EA BE EA BE 4C 0E 4C 06
00 00 00 00 04 00 00 EA 7A EA 7A 4C 3A 4C 36
00 00 00 00 02 00 00 EA 1C EA 1C 4C 58 4C 56 
00 00 00 00 01 00 00 EA F3 EA F3 4C 77 4C 76 

00 00 00 00 00 80 00 6A 6B 6A 6B 4C 8A CC 8A
00 00 00 00 00 40 00 AA 14 AA 14 4C 47 8C 47
00 00 00 00 00 20 00 8A C0 8A C0 4C F1 6C F1 
00 00 00 00 00 10 00 9A 0E 9A 0E 4C B3 5C B3
00 00 00 00 00 08 00 B2 90 B2 90 AC E3 B4 E3
00 00 00 00 00 04 00 56 39 56 39 EC 14 F0 14 
00 00 00 00 00 02 00 78 3D 78 3D D4 52 D6 52
00 00 00 00 00 01 00 D3 86 D3 86 68 89 69 89

00 00 00 00 00 00 80 EA 46 EA 46 4C E6 4C 66
00 00 00 00 00 00 40 EA 06 EA 06 4C E6 4C 26
00 00 00 00 00 00 20 EA 66 EA 66 4C E6 4C 06
00 00 00 00 00 00 10 EA 56 EA 56 4C 66 4C 76   
00 00 00 00 00 00 08 EA BE EA BE 4C 06 4C 0E 
00 00 00 00 00 00 04 EA 7A EA 7A 4C 36 4C 3A
00 00 00 00 00 00 02 EA 1C EA 1C 4C 56 4C 58
00 00 00 00 00 00 01 EA F3 EA F3 4C 76 4C 77



Challenge "10" ?

Looking at your data I get what you are doing - 10 is a hex field ::)

I note repetition of bytes on the odd order challenges.

x 0 x 0 x 0 x is always EA xx EA xx 4C xx 4C xx

This might be revealing a bit mask.

That's right. All are hex.
If we name dumped datasets as:
Code: [Select]
[challenge]                         [response]
C0 C1 C2 C3 C4 C5 C6      R0 R1 R2 R3 R4 R5 R6 R7
                                       

some pattern can be seen:
C6 = R7-R5
C5 = R6-R4
C4 = R5-R7
C3 = R4-R6
C2 = R3-R1
C1 = R2-R0
C0 = R1-R3

That's why we observe repetitions there.
I believe crucial response bytes are R0+R1 and R4+R5. Remaining bytes are calculated simply by adding/substracting values from challenge bytes.

Additionally:
Code: [Select]
R0 =0xEA, always  if C1, C3, C5 = 0

03 00 03 00 03 00 03    EA 3B EA 3B 4C BB 4C BB
0F 00 0F 00 0F 00 0F    EA 4F EA 4F 4C FF 4C FF

« Last Edit: October 18, 2023, 09:21:21 pm by twizzter »
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #7 on: October 19, 2023, 10:16:48 pm »
some pattern can be seen:
Code: [Select]
C6 = R7-R5
C5 = R6-R4
C4 = R5-R7
C3 = R4-R6
C2 = R3-R1
C1 = R2-R0
C0 = R1-R3


Maybe I’m still not getting some of what you say, but those assertions don’t seem to be true. Well, they are true for some of the challenge/response pairs, and maybe that in itself gives some clues, but at this stage I don’t know what.

This is my view:

(The yes/no is whether your “pattern” is there or not, but maybe I misunderstood what you said or I made a mistake. The extra 8 bytes is the bit-wise difference between the response for all zero challenge, and the response for that particular challenge. There are some repetitions - I just copied chunks of what you posted.)

Code: [Select]
00 00 00 00 00 00 00   ea c6 ea c6 4c e6 4c e6   00 00 00 00 00 00 00 00 yes
80 00 00 00 00 00 00   ea 46 ea c6 4c 66 4c 66   00 80 00 00 00 80 00 80 no
40 00 00 00 00 00 00   ea 86 ea 46 4c 26 4c 26   00 40 00 80 00 c0 00 c0 no
20 00 00 00 00 00 00   ea 26 ea 06 4c 86 4c 86   00 e0 00 c0 00 60 00 60 no
10 00 00 00 00 00 00   ea 36 ea 26 4c 56 4c 56   00 f0 00 e0 00 b0 00 b0 no
08 00 00 00 00 00 00   ea be ea b6 4c 5e 4c 5e   00 78 00 70 00 b8 00 b8 no
04 00 00 00 00 00 00   ea 02 ea fe 4c 3a 4c 3a   00 c4 00 38 00 dc 00 dc no
02 00 00 00 00 00 00   ea e4 ea e2 4c b0 4c b0   00 22 00 24 00 56 00 56 no
01 00 00 00 00 00 00   ea 2d ea 2c 4c 2d 4c 2d   00 eb 00 ea 00 cb 00 cb no
00 80 00 00 00 00 00   ea 47 6a 48 cc 18 cc 18   00 81 80 8e 80 fe 80 fe no
00 40 00 00 00 00 00   6a 9e aa 9e 0c 6d 0c 6d   80 58 40 58 40 8b 40 8b yes
00 20 00 00 00 00 00   aa 5e ca 5e 2c 76 2c 76   40 98 20 98 60 90 60 90 yes
00 10 00 00 00 00 00   ca f9 da f9 5c 3d 5c 3d   20 3f 30 3f 10 db 10 db yes
00 08 00 00 00 00 00   7a 45 82 45 a4 1a a4 1a   90 83 68 83 e8 fc e8 fc yes
00 04 00 00 00 00 00   c2 4c c6 4c 70 0c 70 0c   28 8a 2c 8a 3c ea 3c ea yes
00 02 00 00 00 00 00   e6 f2 e8 f2 62 5b 62 5b   0c 34 02 34 2e bd 2e bd yes
00 01 00 00 00 00 00   dc 83 dd 83 fb aa fb aa   36 45 37 45 b7 4c b7 4c yes
00 00 80 00 00 00 00   ea c6 ea 46 4c 66 4c 66   00 00 00 80 00 80 00 80 no
00 00 40 00 00 00 00   ea 46 ea 86 4c 26 4c 26   00 80 00 40 00 c0 00 c0 no
00 00 20 00 00 00 00   ea 06 ea 26 4c 86 4c 86   00 c0 00 e0 00 60 00 60 no
00 00 10 00 00 00 00   ea 26 ea 36 4c 56 4c 56   00 e0 00 f0 00 b0 00 b0 no
00 00 08 00 00 00 00   ea b6 ea be 4c 5e 4c 5e   00 70 00 78 00 b8 00 b8 no
00 00 04 00 00 00 00   ea fe ea 02 4c 3a 4c 3a   00 38 00 c4 00 dc 00 dc no
00 00 02 00 00 00 00   ea e2 ea e4 4c b0 4c b0   00 24 00 22 00 56 00 56 no
00 00 01 00 00 00 00   ea 2c ea 2d 4c 2d 4c 2d   00 ea 00 eb 00 cb 00 cb no
00 00 00 80 00 00 00   6a 6b 6a 6b cc 8a 4c 8a   80 ad 80 ad 80 6c 00 6c no
00 00 00 40 00 00 00   aa 14 aa 14 8c 47 4c 47   40 d2 40 d2 c0 a1 00 a1 no
00 00 00 20 00 00 00   8a c0 8a c0 6c f1 4c f1   60 06 60 06 20 17 00 17 no
00 00 00 10 00 00 00   9a 0e 9a 0e 5c b3 4c b3   70 c8 70 c8 10 55 00 55 no
00 00 00 08 00 00 00   b2 90 b2 90 b4 e3 ac e3   58 56 58 56 f8 05 e0 05 no
00 00 00 04 00 00 00   56 39 56 39 f0 14 ec 14   bc ff bc ff bc f2 a0 f2 no
00 00 00 02 00 00 00   78 3d 78 3d d6 52 d4 52   92 fb 92 fb 9a b4 98 b4 no
00 00 00 01 00 00 00   d3 86 d3 86 69 89 68 89   39 40 39 40 25 6f 24 6f no
00 00 00 00 80 00 00   ea 46 ea 46 4c 66 4c e6   00 80 00 80 00 80 00 00 no
00 00 00 00 40 00 00   ea 06 ea 06 4c 26 4c e6   00 c0 00 c0 00 c0 00 00 no
00 00 00 00 20 00 00   ea 66 ea 66 4c 06 4c e6   00 a0 00 a0 00 e0 00 00 no
00 00 00 00 10 00 00   ea 56 ea 56 4c 76 4c 66   00 90 00 90 00 90 00 80 no
00 00 00 00 08 00 00   ea be ea be 4c 0e 4c 06   00 78 00 78 00 e8 00 e0 no
00 00 00 00 04 00 00   ea 7a ea 7a 4c 3a 4c 36   00 bc 00 bc 00 dc 00 d0 no
00 00 00 00 02 00 00   ea 1c ea 1c 4c 58 4c 56   00 da 00 da 00 be 00 b0 no
00 00 00 00 01 00 00   ea f3 ea f3 4c 77 4c 76   00 35 00 35 00 91 00 90 no
00 00 00 00 00 80 00   6a 6b 6a 6b 4c 8a cc 8a   80 ad 80 ad 00 6c 80 6c no
00 00 00 00 00 40 00   aa 14 aa 14 4c 47 8c 47   40 d2 40 d2 00 a1 c0 a1 no
00 00 00 00 00 20 00   8a c0 8a c0 4c f1 6c f1   60 06 60 06 00 17 20 17 no
00 00 00 00 00 10 00   9a 0e 9a 0e 4c b3 5c b3   70 c8 70 c8 00 55 10 55 no
00 00 00 00 00 08 00   b2 90 b2 90 ac e3 b4 e3   58 56 58 56 e0 05 f8 05 no
00 00 00 00 00 04 00   56 39 56 39 ec 14 f0 14   bc ff bc ff a0 f2 bc f2 no
00 00 00 00 00 02 00   78 3d 78 3d d4 52 d6 52   92 fb 92 fb 98 b4 9a b4 no
00 00 00 00 00 01 00   d3 86 d3 86 68 89 69 89   39 40 39 40 24 6f 25 6f no
00 00 00 00 00 00 80   ea 46 ea 46 4c e6 4c 66   00 80 00 80 00 00 00 80 no
00 00 00 00 00 00 40   ea 06 ea 06 4c e6 4c 26   00 c0 00 c0 00 00 00 c0 no
00 00 00 00 00 00 20   ea 66 ea 66 4c e6 4c 06   00 a0 00 a0 00 00 00 e0 no
00 00 00 00 00 00 10   ea 56 ea 56 4c 66 4c 76   00 90 00 90 00 80 00 90 no
00 00 00 00 00 00 08   ea be ea be 4c 06 4c 0e   00 78 00 78 00 e0 00 e8 no
00 00 00 00 00 00 04   ea 7a ea 7a 4c 36 4c 3a   00 bc 00 bc 00 d0 00 dc no
00 00 00 00 00 00 02   ea 1c ea 1c 4c 56 4c 58   00 da 00 da 00 b0 00 be no
00 00 00 00 00 00 01   ea f3 ea f3 4c 76 4c 77   00 35 00 35 00 90 00 91 no
00 00 00 00 00 00 00   ea c6 ea c6 4c e6 4c e6   00 00 00 00 00 00 00 00 yes
00 00 00 00 00 00 01   ea f3 ea f3 4c 76 4c 77   00 35 00 35 00 90 00 91 no
00 00 00 00 00 00 02   ea 1c ea 1c 4c 56 4c 58   00 da 00 da 00 b0 00 be no
00 00 00 00 00 00 03   ea 79 ea 79 4c e6 4c e9   00 bf 00 bf 00 00 00 0f no
00 00 00 00 00 00 04   ea 7a ea 7a 4c 36 4c 3a   00 bc 00 bc 00 d0 00 dc no
00 00 00 00 00 00 05   ea f7 ea f7 4c c6 4c cb   00 31 00 31 00 20 00 2d no
00 00 00 00 00 00 06   ea c0 ea c0 4c 26 4c 2c   00 06 00 06 00 c0 00 ca no
00 00 00 00 00 00 07   ea 3d ea 3d 4c b6 4c bd   00 fb 00 fb 00 50 00 5b no
00 00 00 00 00 00 08   ea be ea be 4c 06 4c 0e   00 78 00 78 00 e0 00 e8 no
00 00 00 00 00 00 09   ea 8b ea 8b 4c 56 4c 5f   00 4d 00 4d 00 b0 00 b9 no
00 00 00 00 00 00 0a   ea 54 ea 54 4c f6 4c 00   00 92 00 92 00 10 00 e6 no
00 00 00 00 00 00 0b   ea 31 ea 31 4c 46 4c 51   00 f7 00 f7 00 a0 00 b7 no
00 00 00 00 00 00 0c   ea 92 ea 92 4c 16 4c 22   00 54 00 54 00 f0 00 c4 no
00 00 00 00 00 00 0d   ea 4f ea 4f 4c 26 4c 33   00 89 00 89 00 c0 00 d5 no
00 00 00 00 00 00 0e   ea 58 ea 58 4c c6 4c d4   00 9e 00 9e 00 20 00 32 no
00 00 00 00 00 00 0f   ea 55 ea 55 4c d6 4c e5   00 93 00 93 00 30 00 03 no
00 00 00 00 00 00 10   ea 56 ea 56 4c 66 4c 76   00 90 00 90 00 80 00 90 no
00 00 00 00 00 01 00   d3 86 d3 86 68 89 69 89   39 40 39 40 24 6f 25 6f no
00 00 00 00 00 02 00   78 3d 78 3d d4 52 d6 52   92 fb 92 fb 98 b4 9a b4 no
00 00 00 00 00 03 00   41 37 41 37 40 e2 43 e2   ab f1 ab f1 0c 04 0f 04 no
00 00 00 00 00 04 00   56 39 56 39 ec 14 f0 14   bc ff bc ff a0 f2 bc f2 no
00 00 00 00 00 05 00   df 7f df 7f e8 91 ed 91   35 b9 35 b9 a4 77 a1 77 no
00 00 00 00 00 06 00   64 de 64 de b4 ff ba ff   8e 18 8e 18 f8 19 f6 19 no
00 00 00 00 00 07 00   fd 63 fd 63 c0 26 c7 26   17 a5 17 a5 8c c0 8b c0 no
00 00 00 00 00 08 00   b2 90 b2 90 ac e3 b4 e3   58 56 58 56 e0 05 f8 05 no
00 00 00 00 00 09 00   3b de 3b de 08 12 11 12   d1 18 d1 18 44 f4 5d f4 no
00 00 00 00 00 0a 00   80 47 80 47 74 a6 7e a6   6a 81 6a 81 38 40 32 40 no
00 00 00 00 00 0b 00   a9 d1 a9 d1 20 f1 2b f1   43 17 43 17 6c 17 67 17 no
00 00 00 00 00 0c 00   1e e0 1e e0 cc 73 d8 73   f4 26 f4 26 80 95 94 95 no
00 00 00 00 00 0d 00   87 3f 87 3f 48 5a 55 5a   6d f9 6d f9 04 bc 19 bc no
00 00 00 00 00 0e 00   2c cb 2c cb d4 c8 e2 c8   c6 0d c6 0d 98 2e ae 2e no
00 00 00 00 00 0f 00   c5 e2 c5 e2 e0 d7 ef d7   2f 24 2f 24 ac 31 a3 31 no
00 00 00 00 00 10 00   9a 0e 9a 0e 4c b3 5c b3   70 c8 70 c8 00 55 10 55 no
00 00 00 00 01 00 00   ea f3 ea f3 4c 77 4c 76   00 35 00 35 00 91 00 90 no
00 00 00 00 02 00 00   ea 1c ea 1c 4c 58 4c 56   00 da 00 da 00 be 00 b0 no
00 00 00 00 03 00 00   ea 79 ea 79 4c e9 4c e6   00 bf 00 bf 00 0f 00 00 no
00 00 00 00 04 00 00   ea f7 ea f7 4c cb 4c c6   00 31 00 31 00 2d 00 20 no
00 00 00 00 05 00 00   ea f7 ea f7 4c cb 4c c6   00 31 00 31 00 2d 00 20 no
00 00 00 00 06 00 00   ea c0 ea c0 4c 2c 4c 26   00 06 00 06 00 ca 00 c0 no
00 00 00 00 07 00 00   ea 3d ea 3d 4c bd 4c b6   00 fb 00 fb 00 5b 00 50 no
00 00 00 00 08 00 00   ea be ea be 4c 0e 4c 06   00 78 00 78 00 e8 00 e0 no
00 00 00 00 09 00 00   ea 8b ea 8b 4c 5f 4c 56   00 4d 00 4d 00 b9 00 b0 no
00 00 00 00 0a 00 00   ea 54 ea 54 4c 00 4c f6   00 92 00 92 00 e6 00 10 no
00 00 00 00 0b 00 00   ea 31 ea 31 4c 51 4c 46   00 f7 00 f7 00 b7 00 a0 no
00 00 00 00 0c 00 00   ea 92 ea 92 4c 22 4c 16   00 54 00 54 00 c4 00 f0 no
00 00 00 00 0d 00 00   ea 4f ea 4f 4c 33 4c 26   00 89 00 89 00 d5 00 c0 no
00 00 00 00 0e 00 00   ea 58 ea 58 4c d4 4c c6   00 9e 00 9e 00 32 00 20 no
00 00 00 00 0f 00 00   ea 55 ea 55 4c e5 4c d6   00 93 00 93 00 03 00 30 no
00 00 00 00 10 00 00   ea 56 ea 56 4c 76 4c 66   00 90 00 90 00 90 00 80 no
00 00 00 01 00 00 00   d3 86 d3 86 69 89 68 89   39 40 39 40 25 6f 24 6f no
00 00 00 02 00 00 00   78 3d 78 3d d6 52 d4 52   92 fb 92 fb 9a b4 98 b4 no
00 00 00 03 00 00 00   41 37 41 37 43 e2 40 e2   ab f1 ab f1 0f 04 0c 04 no
00 00 00 04 00 00 00   56 39 56 39 f0 14 ec 14   bc ff bc ff bc f2 a0 f2 no
00 00 00 05 00 00 00   df 7f df 7f ed 91 e8 91   35 b9 35 b9 a1 77 a4 77 no
00 00 00 06 00 00 00   64 de 64 de ba ff b4 ff   8e 18 8e 18 f6 19 f8 19 no
00 00 00 07 00 00 00   fd 63 fd 63 c7 26 c0 26   17 a5 17 a5 8b c0 8c c0 no
00 00 00 08 00 00 00   b2 90 b2 90 b4 e3 ac e3   58 56 58 56 f8 05 e0 05 no
00 00 00 09 00 00 00   3b de 3b de 11 12 08 12   d1 18 d1 18 5d f4 44 f4 no
00 00 00 0a 00 00 00   80 47 80 47 7e a6 74 a6   6a 81 6a 81 32 40 38 40 no
00 00 00 0b 00 00 00   a9 d1 a9 d1 2b f1 20 f1   43 17 43 17 67 17 6c 17 no
00 00 00 0c 00 00 00   1e e0 1e e0 d8 73 cc 73   f4 26 f4 26 94 95 80 95 no
00 00 00 0d 00 00 00   87 3f 87 3f 55 5a 48 5a   6d f9 6d f9 19 bc 04 bc no
00 00 00 0e 00 00 00   2c cb 2c cb e2 c8 d4 c8   c6 0d c6 0d ae 2e 98 2e no
00 00 00 0f 00 00 00   c5 e2 c5 e2 ef d7 e0 d7   2f 24 2f 24 a3 31 ac 31 no
00 00 00 10 00 00 00   9a 0e 9a 0e 5c b3 4c b3   70 c8 70 c8 10 55 00 55 no
00 00 01 00 00 00 00   ea 2c ea 2d 4c 2d 4c 2d   00 ea 00 eb 00 cb 00 cb no
00 00 02 00 00 00 00   ea e2 ea e4 4c b0 4c b0   00 24 00 22 00 56 00 56 no
00 00 03 00 00 00 00   ea a8 ea ab 4c d7 4c d7   00 6e 00 6d 00 31 00 31 no
00 00 04 00 00 00 00   ea fe ea 02 4c 3a 4c 3a   00 38 00 c4 00 dc 00 dc no
00 00 05 00 00 00 00   ea 24 ea 29 4c c1 4c c1   00 e2 00 ef 00 27 00 27 no
00 00 06 00 00 00 00   ea 3a ea 40 4c f4 4c f4   00 fc 00 86 00 12 00 12 no
00 00 07 00 00 00 00   ea a0 ea a7 4c ab 4c ab   00 66 00 61 00 4d 00 4d no
00 00 08 00 00 00 00   ea b6 ea be 4c 5e 4c 5e   00 70 00 78 00 b8 00 b8 no
00 00 09 00 00 00 00   ea dc ea e5 4c 85 4c 85   00 1a 00 23 00 63 00 63 no
00 00 0a 00 00 00 00   ea 12 ea 1c 4c 68 4c 68   00 d4 00 da 00 8e 00 8e no
00 00 0b 00 00 00 00   ea 18 ea 23 4c cf 4c cf   00 de 00 e5 00 29 00 29 no
00 00 0c 00 00 00 00   ea ee ea fa 4c 52 4c 52   00 28 00 3c 00 b4 00 b4 no
00 00 0d 00 00 00 00   ea 54 ea 61 4c 19 4c 19   00 92 00 a7 00 ff 00 ff no
00 00 0e 00 00 00 00   ea 6a ea 78 4c 0c 4c 0c   00 ac 00 be 00 ea 00 ea no
00 00 0f 00 00 00 00   ea 10 ea 1f 4c 23 4c 23   00 d6 00 d9 00 c5 00 c5 no
00 00 10 00 00 00 00   ea 26 ea 36 4c 56 4c 56   00 e0 00 f0 00 b0 00 b0 no
00 01 00 00 00 00 00   dc 83 dd 83 fb aa fb aa   36 45 37 45 b7 4c b7 4c yes
00 02 00 00 00 00 00   e6 f2 e8 f2 62 5b 62 5b   0c 34 02 34 2e bd 2e bd yes
00 03 00 00 00 00 00   68 1f 6b 1f 99 c2 99 c2   82 d9 81 d9 d5 24 d5 24 yes
00 04 00 00 00 00 00   c2 4c c6 4c 70 0c 70 0c   28 8a 2c 8a 3c ea 3c ea yes
00 05 00 00 00 00 00   74 59 79 59 bf ce bf ce   9e 9f 93 9f f3 28 f3 28 yes
00 06 00 00 00 00 00   9e 5f a4 5f c6 7d c6 7d   74 99 4e 99 8a 9b 8a 9b yes
00 07 00 00 00 00 00   60 20 67 20 6d 56 6d 56   8a e6 8d e6 21 b0 21 b0 yes
00 08 00 00 00 00 00   7a 45 82 45 a4 1a a4 1a   90 83 68 83 e8 fc e8 fc yes
00 09 00 00 00 00 00   2c b1 35 b1 33 94 33 94   c6 77 df 77 7f 72 7f 72 yes
00 0a 00 00 00 00 00   f6 0d 00 0e fa ff fa ff   1c cb ea c8 b6 19 b6 19 no
00 0b 00 00 00 00 00   38 21 43 21 11 51 11 51   d2 e7 a9 e7 5d b7 5d b7 yes
00 0c 00 00 00 00 00   92 f4 9e f4 48 26 48 26   78 32 74 32 04 c0 04 c0 yes
00 0d 00 00 00 00 00   44 bf 51 bf 77 76 77 76   ae 79 bb 79 3b 90 3b 90 yes
00 0e 00 00 00 00 00   ee f0 fc f0 1e af 1e af   04 36 16 36 52 49 52 49 yes
00 0f 00 00 00 00 00   70 5a 7f 5a 65 bd 65 bd   9a 9c 95 9c 29 5b 29 5b yes
00 10 00 00 00 00 00   ca f9 da f9 5c 3d 5c 3d   20 3f 30 3f 10 db 10 db yes
01 00 00 00 00 00 00   ea 2d ea 2c 4c 2d 4c 2d   00 eb 00 ea 00 cb 00 cb no
02 00 00 00 00 00 00   ea e4 ea e2 4c b0 4c b0   00 22 00 24 00 56 00 56 no
03 00 00 00 00 00 00   ea ab ea a8 4c d7 4c d7   00 6d 00 6e 00 31 00 31 no
04 00 00 00 00 00 00   ea 02 ea fe 4c 3a 4c 3a   00 c4 00 38 00 dc 00 dc no
05 00 00 00 00 00 00   ea 29 ea 24 4c c1 4c c1   00 ef 00 e2 00 27 00 27 no
06 00 00 00 00 00 00   ea 40 ea 3a 4c f4 4c f4   00 86 00 fc 00 12 00 12 no
07 00 00 00 00 00 00   ea a7 ea a0 4c ab 4c ab   00 61 00 66 00 4d 00 4d no
08 00 00 00 00 00 00   ea be ea b6 4c 5e 4c 5e   00 78 00 70 00 b8 00 b8 no
09 00 00 00 00 00 00   ea e5 ea dc 4c 85 4c 85   00 23 00 1a 00 63 00 63 no
0a 00 00 00 00 00 00   ea 1c ea 12 4c 68 4c 68   00 da 00 d4 00 8e 00 8e no
0b 00 00 00 00 00 00   ea 23 ea 18 4c cf 4c cf   00 e5 00 de 00 29 00 29 no
0c 00 00 00 00 00 00   ea fa ea ee 4c 52 4c 52   00 3c 00 28 00 b4 00 b4 no
0d 00 00 00 00 00 00   ea 61 ea 54 4c 19 4c 19   00 a7 00 92 00 ff 00 ff no
0e 00 00 00 00 00 00   ea 78 ea 6a 4c 0c 4c 0c   00 be 00 ac 00 ea 00 ea no
0f 00 00 00 00 00 00   ea 1f ea 10 4c 23 4c 23   00 d9 00 d6 00 c5 00 c5 no
10 00 00 00 00 00 00   ea 36 ea 26 4c 56 4c 56   00 f0 00 e0 00 b0 00 b0 no
01 01 01 01 01 01 01   ee 12 ef 12 2c 01 2c 01   04 d4 05 d4 60 e7 60 e7 no
02 02 02 02 02 02 02   82 20 84 20 54 1e 54 1e   68 e6 6e e6 18 f8 18 f8 no
03 03 03 03 03 03 03   b6 33 b9 33 c4 33 c4 33   5c f5 53 f5 88 d5 88 d5 no
04 04 04 04 04 04 04   5a 09 5e 09 94 27 94 27   b0 cf b4 cf d8 c1 d8 c1 no
05 05 05 05 05 05 05   be 3c c3 3c d4 97 d4 97   54 fa 29 fa 98 71 98 71 no
06 06 06 06 06 06 06   b2 50 b8 50 dc bc dc bc   58 96 52 96 90 5a 90 5a no
07 07 07 07 07 07 07   c6 10 cd 10 fc df fc df   2c d6 27 d6 b0 39 b0 39 no
08 08 08 08 08 08 08   4a b3 52 b3 2c 1c 2c 1c   a0 75 b8 75 60 fa 60 fa no
09 09 09 09 09 09 09   0e 20 17 20 6c 63 6c 63   e4 e6 fd e6 20 85 20 85 no
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #8 on: October 20, 2023, 09:40:49 am »
Thanks for pointing it out. It seems i got excited too quickly about discovered pattern, testing it on a small dataset.
I relied on manual analysis of the following (my remarks below each block):
Code: [Select]
  challenge response
C0    C6   R0       R7

(C6)
0 0 0 0 0 0 0 EA C6 EA C6 4C E6 4C E6
0 0 0 0 0 0 1 EA F3 EA F3 4C 76 4C 77
0 0 0 0 0 0 2 EA 1C EA 1C 4C 56 4C 58
0 0 0 0 0 0 3 EA 79 EA 79 4C E6 4C E9
0 0 0 0 0 0 4 EA 7A EA 7A 4C 36 4C 3A
0 0 0 0 0 0 5 EA F7 EA F7 4C C6 4C CB
0 0 0 0 0 0 6 EA C0 EA C0 4C 26 4C 2C
0 0 0 0 0 0 7 EA 3D EA 3D 4C B6 4C BD
0 0 0 0 0 0 8  EA BE EA BE 4C 06 4C 0E
0 0 0 0 0 0 9 EA 8B EA 8B 4C 56 4C 5F
0 0 0 0 0 0 A EA 54 EA 54 4C F6 4C 00
0 0 0 0 0 0 B EA 31 EA 31 4C 46 4C 51
0 0 0 0 0 0 C EA 92 EA 92 4C 16 4C 22 
0 0 0 0 0 0 D EA 4F EA 4F 4C 26 4C 33
0 0 0 0 0 0 E EA 58 EA 58 4C C6 4C D4 
0 0 0 0 0 0 F EA 55 EA 55 4C D6 4C E5 
0 0 0 0 0 0 10 EA 56 EA 56 4C 66 4C 76
can we assume C6=R7-R5?

(C5)
0 0 0 0 0 1 0 D3 86 D3 86 68 89 69 89
0 0 0 0 0 2 0 78 3D 78 3D D4 52 D6 52
0 0 0 0 0 3 0 41 37 41 37 40 E2 43 E2
0 0 0 0 0 4 0 56 39 56 39 EC 14 F0 14
0 0 0 0 0 5 0 DF 7F DF 7F E8 91 ED 91
0 0 0 0 0 6 0 64 DE 64 DE B4 FF BA FF
0 0 0 0 0 7 0 FD 63 FD 63 C0 26 C7 26
0 0 0 0 0 8 0 B2 90 B2 90 AC E3 B4 E3
0 0 0 0 0 9 0 3B DE 3B DE 08 12 11 12
0 0 0 0 0 A 0 80 47 80 47 74 A6 7E A6
0 0 0 0 0 B 0 A9 D1 A9 D1 20 F1 2B F1
0 0 0 0 0 C 0 1E E0 1E E0 CC 73 D8 73
0 0 0 0 0 D 0 87 3F 87 3F 48 5A 55 5A
0 0 0 0 0 E 0 2C CB 2C CB D4 C8 E2 C8
0 0 0 0 0 F 0 C5 E2 C5 E2 E0 D7 EF D7
0 0 0 0 0 10 0 9A 0E 9A 0E 4C B3 5C B3
C5=R6-R4?

(C4)
0 0 0 0 1 0 0 EA F3 EA F3 4C 77 4C 76
0 0 0 0 2 0 0 EA 1C EA 1C 4C 58 4C 56
0 0 0 0 3 0 0 EA 79 EA 79 4C E9 4C E6
0 0 0 0 4 0 0 EA F7 EA F7 4C CB 4C C6
0 0 0 0 5 0 0 EA F7 EA F7 4C CB 4C C6
0 0 0 0 6 0 0 EA C0 EA C0 4C 2C 4C 26
0 0 0 0 7 0 0 EA 3D EA 3D 4C BD 4C B6
0 0 0 0 8 0 0 EA BE EA BE 4C 0E 4C 06
0 0 0 0 9 0 0 EA 8B EA 8B 4C 5F 4C 56
0 0 0 0 A 0 0 EA 54 EA 54 4C 00 4C F6
0 0 0 0 B 0 0 EA 31 EA 31 4C 51 4C 46
0 0 0 0 C 0 0 EA 92 EA 92 4C 22 4C 16
0 0 0 0 D 0 0 EA 4F EA 4F 4C 33 4C 26
0 0 0 0 E 0 0 EA 58 EA 58 4C D4 4C C6
0 0 0 0 F 0 0 EA 55 EA 55 4C E5 4C D6
0 0 0 0 10 0 0 EA 56 EA 56 4C 76 4C 66
C4=R5-R7?

(C3)
0 0 0 1 0 0 0 D3 86 D3 86 69 89 68 89
0 0 0 2 0 0 0 78 3D 78 3D D6 52 D4 52
0 0 0 3 0 0 0 41 37 41 37 43 E2 40 E2
0 0 0 4 0 0 0 56 39 56 39 F0 14 EC 14
0 0 0 5 0 0 0 DF 7F DF 7F ED 91 E8 91
0 0 0 6 0 0 0 64 DE 64 DE BA FF B4 FF
0 0 0 7 0 0 0 FD 63 FD 63 C7 26 C0 26
0 0 0 8 0 0 0 B2 90 B2 90 B4 E3 AC E3
0 0 0 9 0 0 0 3B DE 3B DE 11 12 08 12
0 0 0 A 0 0 0 80 47 80 47 7E A6 74 A6 
0 0 0 B 0 0 0 A9 D1 A9 D1 2B F1 20 F1
0 0 0 C 0 0 0 1E E0 1E E0 D8 73 CC 73
0 0 0 D 0 0 0 87 3F 87 3F 55 5A 48 5A
0 0 0 E 0 0 0 2C CB 2C CB E2 C8 D4 C8
0 0 0 F 0 0 0 C5 E2 C5 E2 EF D7 E0 D7
0 0 0 10 0 0 0 9A 0E 9A 0E 5C B3 4C B3
C3=R4-R6?

(C2)
0 0 1 0 0 0 0 EA 2C EA 2D 4C 2D 4C 2D
0 0 2 0 0 0 0 EA E2 EA E4 4C B0 4C B0
0 0 3 0 0 0 0 EA A8 EA AB 4C D7 4C D7
0 0 4 0 0 0 0 EA FE EA 02 4C 3A 4C 3A
0 0 5 0 0 0 0 EA 24 EA 29 4C C1 4C C1
0 0 6 0 0 0 0 EA 3A EA 40 4C F4 4C F4   
0 0 7 0 0 0 0 EA A0 EA A7 4C AB 4C AB
0 0 8 0 0 0 0 EA B6 EA BE 4C 5E 4C 5E
0 0 9 0 0 0 0 EA DC EA E5 4C 85 4C 85
0 0 A 0 0 0 0 EA 12 EA 1C 4C 68 4C 68  
0 0 B 0 0 0 0 EA 18 EA 23 4C CF 4C CF
0 0 C 0 0 0 0 EA EE EA FA 4C 52 4C 52
0 0 D 0 0 0 0 EA 54 EA 61 4C 19 4C 19
0 0 E 0 0 0 0 EA 6A EA 78 4C 0C 4C 0C
0 0 F 0 0 0 0 EA 10 EA 1F 4C 23 4C 23
0 0 10 0 0 0 0 EA 26 EA 36 4C 56 4C 56
C2=R3-R1?

(C1)
0 1 0 0 0 0 0 DC 83 DD 83 FB AA FB AA
0 2 0 0 0 0 0 E6 F2 E8 F2 62 5B 62 5B
0 3 0 0 0 0 0 68 1F 6B 1F 99 C2 99 C2
0 4 0 0 0 0 0 C2 4C C6 4C 70 0C 70 0C     
0 5 0 0 0 0 0 74 59 79 59 BF CE BF CE
0 6 0 0 0 0 0 9E 5F A4 5F C6 7D C6 7D
0 7 0 0 0 0 0 60 20 67 20 6D 56 6D 56
0 8 0 0 0 0 0 7A 45 82 45 A4 1A A4 1A
0 9 0 0 0 0 0 2C B1 35 B1 33 94 33 94 
0 A 0 0 0 0 0 F6 0D 00 0E FA FF FA FF  
0 B 0 0 0 0 0 38 21 43 21 11 51 11 51
0 C 0 0 0 0 0 92 F4 9E F4 48 26 48 26
0 D 0 0 0 0 0 44 BF 51 BF 77 76 77 76
0 E 0 0 0 0 0 EE F0 FC F0 1E AF 1E AF
0 F 0 0 0 0 0 70 5A 7F 5A 65 BD 65 BD
0 10 0 0 0 0 0 CA F9 DA F9 5C 3D 5C 3D
C1=R2-R0?

(C0)
1 0 0 0 0 0 0 EA 2D EA 2C 4C 2D 4C 2D
2 0 0 0 0 0 0 EA E4 EA E2 4C B0 4C B0
3 0 0 0 0 0 0 EA AB EA A8 4C D7 4C D7 
4 0 0 0 0 0 0 EA 02 EA FE 4C 3A 4C 3A    
5 0 0 0 0 0 0 EA 29 EA 24 4C C1 4C C1
6 0 0 0 0 0 0 EA 40 EA 3A 4C F4 4C F4 
7 0 0 0 0 0 0 EA A7 EA A0 4C AB 4C AB 
8 0 0 0 0 0 0 EA BE EA B6 4C 5E 4C 5E 
9 0 0 0 0 0 0 EA E5 EA DC 4C 85 4C 85
A 0 0 0 0 0 0 EA 1C EA 12 4C 68 4C 68 
B 0 0 0 0 0 0 EA 23 EA 18 4C CF 4C CF
C 0 0 0 0 0 0 EA FA EA EE 4C 52 4C 52   
D 0 0 0 0 0 0 EA 61 EA 54 4C 19 4C 19
E 0 0 0 0 0 0 EA 78 EA 6A 4C 0C 4C 0C   
F 0 0 0 0 0 0 EA 1F EA 10 4C 23 4C 23 
10 0 0 0 0 0 0 EA 36 EA 26 4C 56 4C 56
C0=R1-R3?
Although these equations seem to be valid here, it appears that i may have missed something else.


Have you checked if the pic16 is read protected?
Program and data regions are locked. Did some googling and it appears there is no easy way to extract those from PIC16F. 
« Last Edit: October 21, 2023, 07:53:54 pm by twizzter »
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #9 on: October 22, 2023, 04:06:45 am »
The fact that there are any “patterns” at all hints to me that it could be something simple, but I’m no expert.

I note that one of the patterns, C1 = R2-R0, does seem to be true for all the challenges you posted.

Also true for all posted is C5 = R6-R4+C3.

True for "almost" all posted are C6 = R7-R5+C4, and C2 = R3-R1+C0. I sort-of feel the exceptions offer some clues, but what?

Other challenges I’d be interested to see the response for would maybe include:
Code: [Select]
55 55 55 55 55 55 55
aa aa aa aa aa aa aa
ff ff ff ff ff ff ff
7f ff ff ff ff ff ff
bf ff ff ff ff ff ff
df ff ff ff ff ff ff
ef ff ff ff ff ff ff

but then I don’t really know the best approach.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #10 on: October 22, 2023, 12:23:45 pm »
If you exclusive-or away the zero pattern, the results are informative:
Code: [Select]
00 00 00  00 00 00 00  ⇒  EA C6  EA C6  4C E6  4C E6  :  00 00  00 00  00 00  00 00

80 00 00  00 00 00 00  ⇒  EA 46  EA C6  4C 66  4C 66  :  00 80  00 00  00 80  00 80
40 00 00  00 00 00 00  ⇒  EA 86  EA 46  4C 26  4C 26  :  00 40  00 80  00 C0  00 C0
20 00 00  00 00 00 00  ⇒  EA 26  EA 06  4C 86  4C 86  :  00 E0  00 C0  00 60  00 60
10 00 00  00 00 00 00  ⇒  EA 36  EA 26  4C 56  4C 56  :  00 F0  00 E0  00 B0  00 B0
08 00 00  00 00 00 00  ⇒  EA BE  EA B6  4C 5E  4C 5E  :  00 78  00 70  00 B8  00 B8
04 00 00  00 00 00 00  ⇒  EA 02  EA FE  4C 3A  4C 3A  :  00 C4  00 38  00 DC  00 DC
02 00 00  00 00 00 00  ⇒  EA E4  EA E2  4C B0  4C B0  :  00 22  00 24  00 56  00 56
01 00 00  00 00 00 00  ⇒  EA 2D  EA 2C  4C 2D  4C 2D  :  00 EB  00 EA  00 CB  00 CB
00 80 00  00 00 00 00  ⇒  EA 47  6A 48  CC 18  CC 18  :  00 81  80 8E  80 FE  80 FE
00 40 00  00 00 00 00  ⇒  6A 9E  AA 9E  0C 6D  0C 6D  :  80 58  40 58  40 8B  40 8B
00 20 00  00 00 00 00  ⇒  AA 5E  CA 5E  2C 76  2C 76  :  40 98  20 98  60 90  60 90
00 10 00  00 00 00 00  ⇒  CA F9  DA F9  5C 3D  5C 3D  :  20 3F  30 3F  10 DB  10 DB
00 08 00  00 00 00 00  ⇒  7A 45  82 45  A4 1A  A4 1A  :  90 83  68 83  E8 FC  E8 FC
00 04 00  00 00 00 00  ⇒  C2 4C  C6 4C  70 0C  70 0C  :  28 8A  2C 8A  3C EA  3C EA
00 02 00  00 00 00 00  ⇒  E6 F2  E8 F2  62 5B  62 5B  :  0C 34  02 34  2E BD  2E BD
00 01 00  00 00 00 00  ⇒  DC 83  DD 83  FB AA  FB AA  :  36 45  37 45  B7 4C  B7 4C
00 00 80  00 00 00 00  ⇒  EA C6  EA 46  4C 66  4C 66  :  00 00  00 80  00 80  00 80
00 00 40  00 00 00 00  ⇒  EA 46  EA 86  4C 26  4C 26  :  00 80  00 40  00 C0  00 C0
00 00 20  00 00 00 00  ⇒  EA 06  EA 26  4C 86  4C 86  :  00 C0  00 E0  00 60  00 60
00 00 10  00 00 00 00  ⇒  EA 26  EA 36  4C 56  4C 56  :  00 E0  00 F0  00 B0  00 B0
00 00 08  00 00 00 00  ⇒  EA B6  EA BE  4C 5E  4C 5E  :  00 70  00 78  00 B8  00 B8
00 00 04  00 00 00 00  ⇒  EA FE  EA 02  4C 3A  4C 3A  :  00 38  00 C4  00 DC  00 DC
00 00 02  00 00 00 00  ⇒  EA E2  EA E4  4C B0  4C B0  :  00 24  00 22  00 56  00 56
00 00 01  00 00 00 00  ⇒  EA 2C  EA 2D  4C 2D  4C 2D  :  00 EA  00 EB  00 CB  00 CB

00 00 00  80 00 00 00  ⇒  6A 6B  6A 6B  CC 8A  4C 8A  :  80 AD  80 AD  80 6C  00 6C
00 00 00  40 00 00 00  ⇒  AA 14  AA 14  8C 47  4C 47  :  40 D2  40 D2  C0 A1  00 A1
00 00 00  20 00 00 00  ⇒  8A C0  8A C0  6C F1  4C F1  :  60 06  60 06  20 17  00 17
00 00 00  10 00 00 00  ⇒  9A 0E  9A 0E  5C B3  4C B3  :  70 C8  70 C8  10 55  00 55
00 00 00  08 00 00 00  ⇒  B2 90  B2 90  B4 E3  AC E3  :  58 56  58 56  F8 05  E0 05
00 00 00  04 00 00 00  ⇒  56 39  56 39  F0 14  EC 14  :  BC FF  BC FF  BC F2  A0 F2
00 00 00  02 00 00 00  ⇒  78 3D  78 3D  D6 52  D4 52  :  92 FB  92 FB  9A B4  98 B4
00 00 00  01 00 00 00  ⇒  D3 86  D3 86  69 89  68 89  :  39 40  39 40  25 6F  24 6F
00 00 00  00 80 00 00  ⇒  EA 46  EA 46  4C 66  4C E6  :  00 80  00 80  00 80  00 00
00 00 00  00 40 00 00  ⇒  EA 06  EA 06  4C 26  4C E6  :  00 C0  00 C0  00 C0  00 00
00 00 00  00 20 00 00  ⇒  EA 66  EA 66  4C 06  4C E6  :  00 A0  00 A0  00 E0  00 00
00 00 00  00 10 00 00  ⇒  EA 56  EA 56  4C 76  4C 66  :  00 90  00 90  00 90  00 80
00 00 00  00 08 00 00  ⇒  EA BE  EA BE  4C 0E  4C 06  :  00 78  00 78  00 E8  00 E0
00 00 00  00 04 00 00  ⇒  EA 7A  EA 7A  4C 3A  4C 36  :  00 BC  00 BC  00 DC  00 D0
00 00 00  00 02 00 00  ⇒  EA 1C  EA 1C  4C 58  4C 56  :  00 DA  00 DA  00 BE  00 B0
00 00 00  00 01 00 00  ⇒  EA F3  EA F3  4C 77  4C 76  :  00 35  00 35  00 91  00 90
00 00 00  00 00 80 00  ⇒  6A 6B  6A 6B  4C 8A  CC 8A  :  80 AD  80 AD  00 6C  80 6C
00 00 00  00 00 40 00  ⇒  AA 14  AA 14  4C 47  8C 47  :  40 D2  40 D2  00 A1  C0 A1
00 00 00  00 00 20 00  ⇒  8A C0  8A C0  4C F1  6C F1  :  60 06  60 06  00 17  20 17
00 00 00  00 00 10 00  ⇒  9A 0E  9A 0E  4C B3  5C B3  :  70 C8  70 C8  00 55  10 55
00 00 00  00 00 08 00  ⇒  B2 90  B2 90  AC E3  B4 E3  :  58 56  58 56  E0 05  F8 05
00 00 00  00 00 04 00  ⇒  56 39  56 39  EC 14  F0 14  :  BC FF  BC FF  A0 F2  BC F2
00 00 00  00 00 02 00  ⇒  78 3D  78 3D  D4 52  D6 52  :  92 FB  92 FB  98 B4  9A B4
00 00 00  00 00 01 00  ⇒  D3 86  D3 86  68 89  69 89  :  39 40  39 40  24 6F  25 6F
00 00 00  00 00 00 80  ⇒  EA 46  EA 46  4C E6  4C 66  :  00 80  00 80  00 00  00 80
00 00 00  00 00 00 40  ⇒  EA 06  EA 06  4C E6  4C 26  :  00 C0  00 C0  00 00  00 C0
00 00 00  00 00 00 20  ⇒  EA 66  EA 66  4C E6  4C 06  :  00 A0  00 A0  00 00  00 E0
00 00 00  00 00 00 10  ⇒  EA 56  EA 56  4C 66  4C 76  :  00 90  00 90  00 80  00 90
00 00 00  00 00 00 08  ⇒  EA BE  EA BE  4C 06  4C 0E  :  00 78  00 78  00 E0  00 E8
00 00 00  00 00 00 04  ⇒  EA 7A  EA 7A  4C 36  4C 3A  :  00 BC  00 BC  00 D0  00 DC
00 00 00  00 00 00 02  ⇒  EA 1C  EA 1C  4C 56  4C 58  :  00 DA  00 DA  00 B0  00 BE
00 00 00  00 00 00 01  ⇒  EA F3  EA F3  4C 76  4C 77  :  00 35  00 35  00 90  00 91

00 00 00  00 00 00 00  ⇒  EA C6  EA C6  4C E6  4C E6  :  00 00  00 00  00 00  00 00
The format is input bytesoutput bytes : output exclusive-or'd with zero input output.
I've added spaces and empty lines to highlight the patterns I find most informative.

It seems obvious that the core algorithm uses little-endian 16-bit unsigned integer 'words' at its core, splitting the result into two pairs of two words.
It also seems obvious that the input should be treated as if it had a zero prepended, because then
    00 00 00 00  00 00 00 00  ⇒  EA C6  EA C6  4C E6  4C E6  :  00 00  00 00  00 00  00 00

    00 80 00 00  00 00 00 00  ⇒  EA 46  EA C6  4C 66  4C 66  :  00 80  00 00  00 80  00 80
    00 00 00 00  00 80 00 00  ⇒  EA 46  EA 46  4C 66  4C E6  :  00 80  00 80  00 80  00 00

    00 40 00 00  00 00 00 00  ⇒  EA 86  EA 46  4C 26  4C 26  :  00 40  00 80  00 C0  00 C0
    00 00 00 00  00 40 00 00  ⇒  EA 06  EA 06  4C 26  4C E6  :  00 C0  00 C0  00 C0  00 00

    00 20 00 00  00 00 00 00  ⇒  EA 26  EA 06  4C 86  4C 86  :  00 E0  00 C0  00 60  00 60
    00 00 00 00  00 20 00 00  ⇒  EA 66  EA 66  4C 06  4C E6  :  00 A0  00 A0  00 E0  00 00

    00 10 00 00  00 00 00 00  ⇒  EA 36  EA 26  4C 56  4C 56  :  00 F0  00 E0  00 B0  00 B0
    00 00 00 00  00 01 00 00  ⇒  EA F3  EA F3  4C 77  4C 76  :  00 35  00 35  00 91  00 90
and so on, down to
    00 00 00 01  00 00 00 00  ⇒  EA 2C  EA 2D  4C 2D  4C 2D  :  00 EA  00 EB  00 CB  00 CB
    00 00 00 00  00 00 00 01  ⇒  EA F3  EA F3  4C 76  4C 77  :  00 35  00 35  00 90  00 91

If one converts the above to binary representation (I can do that, if you don't mind my looong 'draft dissertation' posts; many do mind), the shifting patterns become much clearer.

If you create a program that starts with the result pattern corresponding to all input zeros, and exclusive-or it with each of the above (rightmost) patterns when the corresponding bit in the input is set, you get close, but not exact results.  There are both missing bits, and significant differences, indicating that bit shifts and additions and/or subtractions are used (instead of bit rotations and only exclusive-or operations).  Here are a few examples of what that yields given random inputs:
    F6 0B 67 1F 83 D4 F3  =>  73 D6 84 47 76 0C 2D 3C
    67 DB 00 CE EA 1E 53  =>  50 35 F7 21 AB 6A FB 13
    90 F4 11 67 F2 73 63  =>  EE 5A DA D4 9F 70 93 E1
    23 89 EE 7D A3 FF 5A  =>  5E EF 27 55 FE 00 7C B9
    CA 79 7E 15 64 19 FB  =>  48 3B 01 77 6E 51 6A CA
    B1 CA 65 5B 2D 3D D6  =>  F8 76 4E D5 B9 AB 47 1C
    32 4E 71 4B BC 22 3C  =>  9F 99 AD 5E E9 33 10 B3
    F0 26 4D 47 D0 74 13  =>  35 C8 5F 8D 5D 37 6E 78
    6C B6 6A F8 14 06 7A  =>  08 CB F2 3E 1E DE 68 F4
    E5 12 30 5E D0 57 91  =>  A7 01 B9 AC 60 CD 79 0C
and when exactly one random bit in each byte is set:
    40 04 40 20 02 40 08  =>  E2 FA E6 FA 50 E4 B0 E2
    80 04 08 40 01 80 40  =>  02 36 06 BE B0 68 F0 A9
    02 04 20 40 80 08 01  =>  DA 9F DE B9 50 8E 88 0F
    02 20 40 02 01 80 40  =>  B8 5F D8 99 B6 A9 34 68
    04 02 04 02 10 20 10  =>  14 F3 1A F3 F8 E8 DA E8
    02 01 02 04 08 04 40  =>  DC 3D DD 3D E7 42 E7 8A
    10 08 20 80 20 04 02  =>  46 5D BE 6D 84 04 18 EA
    20 10 80 10 01 80 80  =>  3A C9 2A 69 4C 75 DC F4
    04 04 10 02 80 20 04  =>  30 A9 34 45 EA 93 C8 1F
    08 10 10 04 08 01 01  =>  4F 93 5F 8B C4 D0 D9 D9

It is by no means an untractable problem; more a dull diligent search for the shifts and additions that will likely just take many hours.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #11 on: October 22, 2023, 01:29:19 pm »
Anyway, if you prepend a zero byte to the input, and convert it to four 16-bit little-endian words, the result in similar four 16-bit little endian words exclusive-or'ed with the result for all zeros, you get
Code: [Select]
0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000

0000000000000000 0000000000000000 0000000000000000 0000000000000001 : 0100000000111001 0100000000111001 0110111100100100 0110111100100101
0000000000000000 0000000000000000 0000000000000000 0000000000000010 : 1111101110010010 1111101110010010 1011010010011000 1011010010011010
0000000000000000 0000000000000000 0000000000000000 0000000000000100 : 1111111110111100 1111111110111100 1111001010100000 1111001010111100
0000000000000000 0000000000000000 0000000000000000 0000000000001000 : 0101011001011000 0101011001011000 0000010111100000 0000010111111000
0000000000000000 0000000000000000 0000000000000000 0000000000010000 : 1100100001110000 1100100001110000 0101010100000000 0101010100010000
0000000000000000 0000000000000000 0000000000000000 0000000000100000 : 0000011001100000 0000011001100000 0001011100000000 0001011100100000
0000000000000000 0000000000000000 0000000000000000 0000000001000000 : 1101001001000000 1101001001000000 1010000100000000 1010000111000000
0000000000000000 0000000000000000 0000000000000000 0000000010000000 : 1010110110000000 1010110110000000 0110110000000000 0110110010000000
0000000000000000 0000000000000000 0000000000000000 0000000100000000 : 0011010100000000 0011010100000000 1001000000000000 1001000100000000
0000000000000000 0000000000000000 0000000000000000 0000001000000000 : 1101101000000000 1101101000000000 1011000000000000 1011111000000000
0000000000000000 0000000000000000 0000000000000000 0000010000000000 : 1011110000000000 1011110000000000 1101000000000000 1101110000000000
0000000000000000 0000000000000000 0000000000000000 0000100000000000 : 0111100000000000 0111100000000000 1110000000000000 1110100000000000
0000000000000000 0000000000000000 0000000000000000 0001000000000000 : 1001000000000000 1001000000000000 1000000000000000 1001000000000000
0000000000000000 0000000000000000 0000000000000000 0010000000000000 : 1010000000000000 1010000000000000 0000000000000000 1110000000000000
0000000000000000 0000000000000000 0000000000000000 0100000000000000 : 1100000000000000 1100000000000000 0000000000000000 1100000000000000
0000000000000000 0000000000000000 0000000000000000 1000000000000000 : 1000000000000000 1000000000000000 0000000000000000 1000000000000000

0000000000000000 0000000000000000 0000000000000001 0000000000000000 : 0100000000111001 0100000000111001 0110111100100101 0110111100100100
0000000000000000 0000000000000000 0000000000000010 0000000000000000 : 1111101110010010 1111101110010010 1011010010011010 1011010010011000
0000000000000000 0000000000000000 0000000000000100 0000000000000000 : 1111111110111100 1111111110111100 1111001010111100 1111001010100000
0000000000000000 0000000000000000 0000000000001000 0000000000000000 : 0101011001011000 0101011001011000 0000010111111000 0000010111100000
0000000000000000 0000000000000000 0000000000010000 0000000000000000 : 1100100001110000 1100100001110000 0101010100010000 0101010100000000
0000000000000000 0000000000000000 0000000000100000 0000000000000000 : 0000011001100000 0000011001100000 0001011100100000 0001011100000000
0000000000000000 0000000000000000 0000000001000000 0000000000000000 : 1101001001000000 1101001001000000 1010000111000000 1010000100000000
0000000000000000 0000000000000000 0000000010000000 0000000000000000 : 1010110110000000 1010110110000000 0110110010000000 0110110000000000
0000000000000000 0000000000000000 0000000100000000 0000000000000000 : 0011010100000000 0011010100000000 1001000100000000 1001000000000000
0000000000000000 0000000000000000 0000001000000000 0000000000000000 : 1101101000000000 1101101000000000 1011111000000000 1011000000000000
0000000000000000 0000000000000000 0000010000000000 0000000000000000 : 1011110000000000 1011110000000000 1101110000000000 1101000000000000
0000000000000000 0000000000000000 0000100000000000 0000000000000000 : 0111100000000000 0111100000000000 1110100000000000 1110000000000000
0000000000000000 0000000000000000 0001000000000000 0000000000000000 : 1001000000000000 1001000000000000 1001000000000000 1000000000000000
0000000000000000 0000000000000000 0010000000000000 0000000000000000 : 1010000000000000 1010000000000000 1110000000000000 0000000000000000
0000000000000000 0000000000000000 0100000000000000 0000000000000000 : 1100000000000000 1100000000000000 1100000000000000 0000000000000000
0000000000000000 0000000000000000 1000000000000000 0000000000000000 : 1000000000000000 1000000000000000 1000000000000000 0000000000000000

0000000000000000 0000000000000001 0000000000000000 0000000000000000 : 0100010100110110 0100010100110111 0100110010110111 0100110010110111
0000000000000000 0000000000000010 0000000000000000 0000000000000000 : 0011010000001100 0011010000000010 1011110100101110 1011110100101110
0000000000000000 0000000000000100 0000000000000000 0000000000000000 : 1000101000101000 1000101000101100 1110101000111100 1110101000111100
0000000000000000 0000000000001000 0000000000000000 0000000000000000 : 1000001110010000 1000001101101000 1111110011101000 1111110011101000
0000000000000000 0000000000010000 0000000000000000 0000000000000000 : 0011111100100000 0011111100110000 1101101100010000 1101101100010000
0000000000000000 0000000000100000 0000000000000000 0000000000000000 : 1001100001000000 1001100000100000 1001000001100000 1001000001100000
0000000000000000 0000000001000000 0000000000000000 0000000000000000 : 0101100010000000 0101100001000000 1000101101000000 1000101101000000
0000000000000000 0000000010000000 0000000000000000 0000000000000000 : 1000000100000000 1000111010000000 1111111010000000 1111111010000000
0000000000000000 0000000100000000 0000000000000000 0000000000000000 : 1110101000000000 1110101100000000 1100101100000000 1100101100000000
0000000000000000 0000001000000000 0000000000000000 0000000000000000 : 0010010000000000 0010001000000000 0101011000000000 0101011000000000
0000000000000000 0000010000000000 0000000000000000 0000000000000000 : 0011100000000000 1100010000000000 1101110000000000 1101110000000000
0000000000000000 0000100000000000 0000000000000000 0000000000000000 : 0111000000000000 0111100000000000 1011100000000000 1011100000000000
0000000000000000 0001000000000000 0000000000000000 0000000000000000 : 1110000000000000 1111000000000000 1011000000000000 1011000000000000
0000000000000000 0010000000000000 0000000000000000 0000000000000000 : 1100000000000000 1110000000000000 0110000000000000 0110000000000000
0000000000000000 0100000000000000 0000000000000000 0000000000000000 : 1000000000000000 0100000000000000 1100000000000000 1100000000000000
0000000000000000 1000000000000000 0000000000000000 0000000000000000 : 0000000000000000 1000000000000000 1000000000000000 1000000000000000

0000000100000000 0000000000000000 0000000000000000 0000000000000000 : 1110101100000000 1110101000000000 1100101100000000 1100101100000000
0000001000000000 0000000000000000 0000000000000000 0000000000000000 : 0010001000000000 0010010000000000 0101011000000000 0101011000000000
0000010000000000 0000000000000000 0000000000000000 0000000000000000 : 1100010000000000 0011100000000000 1101110000000000 1101110000000000
0000100000000000 0000000000000000 0000000000000000 0000000000000000 : 0111100000000000 0111000000000000 1011100000000000 1011100000000000
0001000000000000 0000000000000000 0000000000000000 0000000000000000 : 1111000000000000 1110000000000000 1011000000000000 1011000000000000
0010000000000000 0000000000000000 0000000000000000 0000000000000000 : 1110000000000000 1100000000000000 0110000000000000 0110000000000000
0100000000000000 0000000000000000 0000000000000000 0000000000000000 : 0100000000000000 1000000000000000 1100000000000000 1100000000000000
1000000000000000 0000000000000000 0000000000000000 0000000000000000 : 1000000000000000 0000000000000000 1000000000000000 1000000000000000

0000000000000000 0000000000000000 0000000000000000 0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000
Whether the algorithm is a 4-by-4 matrix multiplication on 16-bit words followed by an addition, i.e.
    result0 = 0xC6EA + (source0*unknown00 + source1*unknown01 + source2*unknown02 + source3*unknown03);
    result1 = 0xC6EA + (source0*unknown10 + source1*unknown11 + source2*unknown12 + source3*unknown13);
    result2 = 0xE64C + (source0*unknown20 + source1*unknown21 + source2*unknown22 + source3*unknown23);
    result3 = 0xE64C + (source0*unknown30 + source1*unknown31 + source2*unknown32 + source3*unknown33);
or such a multiplication against a vector sum,
    result0 = (source0 + unknown0)*unknown00 + (source1+unknown1)*unknown01 + (source2+unknown2)*unknown02 + (source3+unknown3)*unknown03;
    result1 = (source0 + unknown0)*unknown10 + (source1+unknown1)*unknown11 + (source2+unknown2)*unknown12 + (source3+unknown3)*unknown13;
    result2 = (source0 + unknown0)*unknown20 + (source1+unknown1)*unknown21 + (source2+unknown2)*unknown22 + (source3+unknown3)*unknown23;
    result3 = (source0 + unknown0)*unknown30 + (source1+unknown1)*unknown31 + (source2+unknown2)*unknown32 + (source3+unknown3)*unknown33;
I have not checked.  Based on the bit patterns, they (and similar variants) look worth investigating.
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #12 on: October 22, 2023, 07:49:45 pm »
If you exclusive-or away the zero pattern, the results are informative:

That is exactly what I did further back, and while the results were “interesting” I remained mostly uninformed. I’ll have to study your findings...
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #13 on: October 23, 2023, 05:58:37 pm »
Thanks for all the answers and participation in this puzzle.


Other challenges I’d be interested to see the response for would maybe include:
[...]

Responses are:
Code: [Select]
55 55 55 55 55 55 55 7E D8 D3 D8 74 82 74 82 
aa aa aa aa aa aa aa A2 41 4C 42 54 1C 54 1C
ff ff ff ff ff ff ff 26 BD 25 BE 5C 75 5C 75 
7f ff ff ff ff ff ff 26 3D 25 BE 5C F5 5C F5
bf ff ff ff ff ff ff 26 FD 25 3E 5C 35 5C 35
df ff ff ff ff ff ff 26 5D 25 7E 5C D5 5C D5   
ef ff ff ff ff ff ff 26 CD 25 DE 5C 85 5C 85 



Whether the algorithm is a 4-by-4 matrix multiplication on 16-bit words followed by an addition, i.e.
    result0 = 0xC6EA + (source0*unknown00 + source1*unknown01 + source2*unknown02 + source3*unknown03);
    result1 = 0xC6EA + (source0*unknown10 + source1*unknown11 + source2*unknown12 + source3*unknown13);
    result2 = 0xE64C + (source0*unknown20 + source1*unknown21 + source2*unknown22 + source3*unknown23);
    result3 = 0xE64C + (source0*unknown30 + source1*unknown31 + source2*unknown32 + source3*unknown33);
or such a multiplication against a vector sum,
    result0 = (source0 + unknown0)*unknown00 + (source1+unknown1)*unknown01 + (source2+unknown2)*unknown02 + (source3+unknown3)*unknown03;
    result1 = (source0 + unknown0)*unknown10 + (source1+unknown1)*unknown11 + (source2+unknown2)*unknown12 + (source3+unknown3)*unknown13;
    result2 = (source0 + unknown0)*unknown20 + (source1+unknown1)*unknown21 + (source2+unknown2)*unknown22 + (source3+unknown3)*unknown23;
    result3 = (source0 + unknown0)*unknown30 + (source1+unknown1)*unknown31 + (source2+unknown2)*unknown32 + (source3+unknown3)*unknown33;
I have not checked.  Based on the bit patterns, they (and similar variants) look worth investigating.
Sounds like a perfect plan for long autumn evenings ;) Impressive write-up! I'll be snooping in that direction.
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #14 on: October 23, 2023, 09:01:19 pm »
This is what I see for the additional responses. Some of the pattern assertions are still true for all so far.

Code: [Select]
00000000000000  ea c6 ea c6 4c e6 4c e6   00 00 00 00 00 00 00 00 C6=R7-R5+C4 C5=R6-R4+C3 C2=R3-R1+C0 C1=R2-R0
55555555555555  7e d8 d3 d8 74 82 74 82   94 1e 39 1e 38 64 38 64 C6=R7-R5+C4 C5=R6-R4+C3 C2=R3-R1+C0 C1=R2-R0
aaaaaaaaaaaaaa  a2 41 4c 42 54 1c 54 1c   48 87 a6 84 18 fa 18 fa C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
ffffffffffffff  26 bd 25 be 5c 75 5c 75   cc 7b cf 78 10 93 10 93 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
7fffffffffffff  26 3d 25 be 5c f5 5c f5   cc fb cf 78 10 13 10 13 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
bfffffffffffff  26 fd 25 3e 5c 35 5c 35   cc 3b cf f8 10 d3 10 d3 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
dfffffffffffff  26 5d 25 7e 5c d5 5c d5   cc 9b cf b8 10 33 10 33 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
efffffffffffff  26 cd 25 de 5c 85 5c 85   cc 0b cf 18 10 63 10 63 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0

This is with the difference to the response to all FF challenge instead of to all 00 challenge.

Code: [Select]
55555555555555  7e d8 d3 d8 74 82 74 82   58 65 f6 66 28 f7 28 f7 C6=R7-R5+C4 C5=R6-R4+C3 C2=R3-R1+C0 C1=R2-R0
aaaaaaaaaaaaaa  a2 41 4c 42 54 1c 54 1c   84 fc 69 fc 08 69 08 69 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
ffffffffffffff  26 bd 25 be 5c 75 5c 75   00 00 00 00 00 00 00 00 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
7fffffffffffff  26 3d 25 be 5c f5 5c f5   00 80 00 00 00 80 00 80 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
bfffffffffffff  26 fd 25 3e 5c 35 5c 35   00 40 00 80 00 40 00 40 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
dfffffffffffff  26 5d 25 7e 5c d5 5c d5   00 e0 00 c0 00 a0 00 a0 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0
efffffffffffff  26 cd 25 de 5c 85 5c 85   00 70 00 60 00 f0 00 f0 C6=R7-R5+C4 C5=R6-R4+C3             C1=R2-R0

I think PIC16 does not have hardware multiply? Maybe that would have influenced what they did.

 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #15 on: October 24, 2023, 07:22:59 am »
I think PIC16 does not have hardware multiply?
I guess not. I couldn't find any information about hardware multiplication/presence of math accel peripherial in the PIC16F877A datasheet.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #16 on: October 24, 2023, 10:05:18 am »
I think PIC16 does not have hardware multiply?
I guess not. I couldn't find any information about hardware multiplication/presence of math accel peripherial in the PIC16F877A datasheet.
A sequence of left shifts and additions is equivalent to multiplication.  For example, a*10 is exactly equivalent to (a<<1)+(a<<3), when a is any unsigned integer type with overflow ignored.  The result is slightly different, if instead of an addition, exclusive or (^) is used.
(When using both addition and subtraction and a constant N-bit multiplier, at most N/2 operations are needed.  For example, a*15 is exactly equivalent to (a<<4)-a when a is any integer type with modular/wraparound overflow.  Again, results are slightly different when exclusive or is used instead of subtraction.)

The behaviour when treated as little-endian unsigned 16-bit words, each bit only changing that bit position and more significant positions, indicates that any combination of shifts stay on the more significant side, i.e. there are at least as many left shifts as there are right shifts.

The behaviour when only the highest bits of the word are set (resulting in all zeros in specific result words) indicates that there likely is a right shift by one or two bits (depending on which of the four result words is involved) at the combine stage.

In any case, the problem at hand is not to replicate the sequence of instructions of how the PIC calculates the cryptographic hash, but to discover the mathematical representation of that calculation.  Because of the many equivalences (like multiplication being decomposable to shifts and additions, or shifts and additions and subtractions, and vice versa), and because this algorithm does not look like a proper cryptographic hash (since its output evinces clear patterns; in a proper cryptographic hash, almost half the bits should change whenever a single bit in the input changes; so called 'avalanche effect') but written by someone not versed in cryptography at all, it is basically guaranteed the mathematical representation is much simpler than the code itself.



As a comparison, consider my favourite random number generator, Xorshift 64*, by George Marsaglia.  It uses a single 64-bit nonzero number x as its state.  The state is updated and a new pseudorandom 64-bit number y generated using simply
    x = x ^ (x >> 12);
    x = x ^ (x << 25);
    x = x ^ (x >> 27);
    y = x * 2685821657736338717;

Even though it is this simple (and horribly fast, compared to other generators), the sequence of y is fairly random, surpassing many currently used pseudorandom number generators touted as "best".  Indeed, if we use only the 32 most significant bits z of those y,
    z = y >> 32;
the sequence of outputs passes the most stringent statistical randomness tests currently widely used: the BigCrush tests of the TestU01 framework.
In fact, up to 40 most significant bits can be used.  The full 64-bit output only fails the MatrixRank test of BigCrush.

In comparison, Mersenne Twister (MT19937) fails two tests in the BigCrush test set.  A modified TinyMT does pass BigCrush test set also, but has seen much less investigation than the Xorshift family of functions.

However, most of the choices of the shift sizes and the final multiplier in such linear-feedback shift register pseudorandom number generators, do not yield good results.  In practice, they need to be tested for randomness and patterns.  This is why pseudorandom number generator investigators and specialists say one should not just try to create their own variant: most choices are bad, and you're unlikely to hit a good combination without proper verification.

The step from randomness to cryptographic hashes is huge, and involves irreversibility: making it impossible to derive any source value (plaintext) from the result value (ciphertext).  When two source values yield the same result, it is called a collision.  Various attack models, like appending a short stub to a source value to force a collision, exist.  This is why cryptographic hashes are often designed from ground up using different models, and exhibit features like a change in any single bit in the source value changes half the bits on average in the result value.

Fortunately, none of that is evident here: this is not a proper cryptograhic hash, just a hash that shows clear patterns.
If it was a proper cryptographic hash, I wouldn't even bother trying to reverse it.  Even when the algorithm itself is known, but not the initialization vector or secret that is mixed with the plaintext (depending on the algorithm type), reverse-engineering can be impossible within a human lifetime.
(I am not a cryptographer myself, and only know enough to write secure software using proper cryptographic principles and techniques without failing horribly.)
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #17 on: October 24, 2023, 03:48:22 pm »
twizzter, if you have/can automate the hashing, getting the results for patterns
    hh 00 hh 00 00 00 00 00
    00 hh 00 hh 00 hh 00
    00 00 00 hh 00 hh 00
    00 00 00 00 hh 00 hh
for hh in 80 40 20 10 08 04 02 01, would be very useful.
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #18 on: October 24, 2023, 05:37:46 pm »
Sure! Results are:
Code: [Select]
80 00 80 00 00 00 00 EA 46 EA 46 4C E6 4C E6
40 00 40 00 00 00 00 EA 06 EA 06 4C 66 4C 66
20 00 20 00 00 00 00 EA 66 EA 66 4C 26 4C 26
10 00 10 00 00 00 00 EA 16 EA 16 4C C6 4C C6
08 00 08 00 00 00 00 EA AE EA AE 4C D6 4C D6
04 00 04 00 00 00 00 EA 1A EA 1A 4C CE 4C CE
02 00 02 00 00 00 00 EA D0 EA D0 4C 9A 4C 9A
01 00 01 00 00 00 00 EA 1B EA 1B 4C 64 4C 64

00 80 00 80 00 80 00 EA CC 6A CD 4C 61 4C 61
00 40 00 40 00 40 00 EA 47 2A 48 4C 35 4C 35
00 20 00 20 00 20 00 EA E5 0A E6 4C 8D 4C 8D
00 10 00 10 00 10 00 AA 16 BA 16 EC 0A EC 0A
00 08 00 08 00 08 00 4A DB 52 DB 2C E4 2C E4
00 04 00 04 00 04 00 5A CD 5E CD 94 3B 94 3B
00 02 00 02 00 02 00 82 8A 84 8A 54 A8 54 A8
00 01 00 01 00 01 00 EE 43 EF 43 2C 92 2C 92

00 00 00 80 00 80 00 EA 37 EA 37 CC 72 CC 72
00 00 00 40 00 40 00 6A 82 6A 82 8C 06 8C 06
00 00 00 20 00 20 00 2A 60 2A 60 6C 2E 6C 2E
00 00 00 10 00 10 00 4A 10 4A 10 5C 98 5C 98
00 00 00 08 00 08 00 7A 8E 7A 8E D4 46 D4 46
00 00 00 04 00 04 00 C2 25 C2 25 D0 2D D0 2D 
00 00 00 02 00 02 00 06 B7 06 B7 EE 89 EE 89
00 00 00 01 00 01 00 BC 93 BC 93 9D 22 9D 22

00 00 00 00 80 00 80 EA C6 EA C6 4C 66 4C 66
00 00 00 00 40 00 40 EA 46 EA 46 4C 26 4C 26
00 00 00 00 20 00 20 EA 06 EA 06 4C 06 4C 06
00 00 00 00 10 00 10 EA E6 EA E6 4C 76 4C 76
00 00 00 00 08 00 08 EA B6 EA B6 4C 2E 4C 2E
00 00 00 00 04 00 04 EA AE EA AE 4C 4A 4C 4A
00 00 00 00 02 00 02 EA 52 EA 52 4C 38 4C 38
00 00 00 00 01 00 01 EA C0 EA C0 4C 87 4C 87

 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #19 on: October 29, 2023, 02:05:56 am »
Did you make any further progress with this?

I noted previously that there were several sum/difference patterns that were true for most but not all of the samples given. I threw together some code to search for patterns, and observed that many of the patterns found were true for all but one sample, and suspiciously it was the same sample showing up as the exception. My input is just a concatenation of the samples cut & pasted from the various posts here, so some duplicate challenges are possible, and it turns out that the challenge causing the exception, was present in another sample, but with a different response provided.

I added code to check for conflicting input, and it identified only one conflict:

Code: [Select]
conflicting input for 38 and 93:
0000000000040000 ea7aea7a4c3a4c36 <> 0000000000040000 eaf7eaf74ccb4cc6

(challenge has a zero byte prepended, making it 8 bytes there)

Source of those:

Code: [Select]
       0 0 0 0 4 0 0    EA F7 EA F7 4C CB 4C C6   (in first post here)
00 00 00 00 04 00 00 EA 7A EA 7A 4C 3A 4C 36   (from reply #6)

I’d say that the first of those is wrong, for whatever reason. The response given there happens to be the same as the response for the next challenge. In any event, I have discarded it, but it does leave me wondering if all the other responses given are to be trusted (most challenges have only been given once).

With that change to the input data, this is the result of the sum/difference pattern search:

Code: [Select]
R0 = +R2-C2
R0 = +R2+R4-R6+C6-C2-C4
R0 = +R2+R5-R7+C7-C2-C5
R0 = +R2+R4+R5-R6-R7+C6+C7-C2-C4-C5
R0 = +R2+R6-R4+C4-C2-C6
R0 = +R2+R5+R6-R4-R7+C4+C7-C2-C5-C6
R0 = +R2+R7-R5+C5-C2-C7
R0 = +R2+R4+R7-R5-R6+C5+C6-C2-C4-C7
R0 = +R2+R6+R7-R4-R5+C4+C5-C2-C6-C7
R2 = +R0+C2
R2 = +R0+R4-R6+C2+C6-C4
R2 = +R0+R5-R7+C2+C7-C5
R2 = +R0+R4+R5-R6-R7+C2+C6+C7-C4-C5
R2 = +R0+R6-R4+C2+C4-C6
R2 = +R0+R5+R6-R4-R7+C2+C4+C7-C5-C6
R2 = +R0+R7-R5+C2+C5-C7
R2 = +R0+R4+R7-R5-R6+C2+C5+C6-C4-C7
R2 = +R0+R6+R7-R4-R5+C2+C4+C5-C6-C7
R4 = +R6+C4-C6
R4 = +R0+R6-R2+C2+C4-C6
R4 = +R2+R6-R0+C4-C2-C6
R4 = +R5+R6-R7+C4+C7-C5-C6
R4 = +R0+R5+R6-R2-R7+C2+C4+C7-C5-C6
R4 = +R2+R5+R6-R0-R7+C4+C7-C2-C5-C6
R4 = +R6+R7-R5+C4+C5-C6-C7
R4 = +R0+R6+R7-R2-R5+C2+C4+C5-C6-C7
R4 = +R2+R6+R7-R0-R5+C4+C5-C2-C6-C7
R5 = +R7+C5-C7
R5 = +R0+R7-R2+C2+C5-C7
R5 = +R2+R7-R0+C5-C2-C7
R5 = +R4+R7-R6+C5+C6-C4-C7
R5 = +R0+R4+R7-R2-R6+C2+C5+C6-C4-C7
R5 = +R2+R4+R7-R0-R6+C5+C6-C2-C4-C7
R5 = +R6+R7-R4+C4+C5-C6-C7
R5 = +R0+R6+R7-R2-R4+C2+C4+C5-C6-C7
R5 = +R2+R6+R7-R0-R4+C4+C5-C2-C6-C7
R6 = +R4+C6-C4
R6 = +R0+R4-R2+C2+C6-C4
R6 = +R2+R4-R0+C6-C2-C4
R6 = +R4+R5-R7+C6+C7-C4-C5
R6 = +R0+R4+R5-R2-R7+C2+C6+C7-C4-C5
R6 = +R2+R4+R5-R0-R7+C6+C7-C2-C4-C5
R6 = +R4+R7-R5+C5+C6-C4-C7
R6 = +R0+R4+R7-R2-R5+C2+C5+C6-C4-C7
R6 = +R2+R4+R7-R0-R5+C5+C6-C2-C4-C7
R7 = +R5+C7-C5
R7 = +R0+R5-R2+C2+C7-C5
R7 = +R2+R5-R0+C7-C2-C5
R7 = +R4+R5-R6+C6+C7-C4-C5
R7 = +R0+R4+R5-R2-R6+C2+C6+C7-C4-C5
R7 = +R2+R4+R5-R0-R6+C6+C7-C2-C4-C5
R7 = +R5+R6-R4+C4+C7-C5-C6
R7 = +R0+R5+R6-R2-R4+C2+C4+C7-C5-C6
R7 = +R2+R5+R6-R0-R4+C4+C7-C2-C5-C6

Note that due to the extra zero byte in front of the challenge, the challenge byte numbers are one greater than given before, and C0 is omitted as it is always zero. Most of those are just saying the same thing in different, and sometimes long-winded ways, but it does seem that three of the response bytes can be calculated from three others (together with the challenge). Useful? I don’t know.

Another observation is that R0, R2, R4 & R6 appear to be functions of only C2 C4 & C6. Plus, when C2 is zero, interchanging C4 and C6 causes R0 and R2 to be interchanged, and also R4 and R6 to be interchanged. At least from looking at the available samples, I did not check the interchange assertion programmatically.
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #20 on: October 29, 2023, 01:03:34 pm »
Did you make any further progress with this?
I have written several sets of equations using patterns from post #13, but so far without success.
Unfortunately, looks like i made a mistake while copying and pasting data from the console.
I'll run dump again and verify all data i have posted here, to make sure that sets are correct - this is a crucial matter.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #21 on: October 29, 2023, 03:28:03 pm »
Please include the patterns
    hh 00 00 00 00 00 00
    00 hh 00 00 00 00 00
    00 00 hh 00 00 00 00
    00 00 00 hh 00 00 00
    00 00 00 00 hh 00 00
    00 00 00 00 00 hh 00
    00 00 00 00 00 00 hh
    hh 00 hh 00 00 00 00
    00 hh 00 hh 00 00 00
    00 00 hh 00 hh 00 00
    00 00 00 hh 00 hh 00
    00 00 00 00 hh 00 hh
    hh 00 hh 00 hh 00 00
    00 hh 00 hh 00 hh 00
    00 00 hh 00 hh 00 hh
    hh 00 hh 00 hh 00 hh
each for hh in 80, 40, 20, 10, 08, 04, 02, 01, FF, AA, 55, 7F, BF, DF, EF, F7, FB, FD, FE, F0, 0F, C0, 03, if you can.

I took a look at the PIC instruction set (as I don't use PICs myself), and realized that the instruction set has very likely guided the algorithm author because of its simplicity.

I'd like to investigate this further, but need more data.  For example, as 16-bit values, the ciphertext words stay unchanged up to the least significant bit set in the plaintext words.  Is this an artefact, or a real property of the algorithm?  To find out, I'd need the results of patterns like
    00 00 00 20 00 40 00
    00 00 00 04 00 02 00
    00 00 00 08 00 80 00
    00 00 00 80 00 08 00
and
    40 00 02 00 00 00 00
    02 00 40 00 00 00 00
for comparison to the above large hh set.

For brute-forcing various possible operation sequences, random sources and especially random sources with each plaintext word having at most just one bit set, would help.  (I.e., each of the seven bytes has value 80, 40, 20, 10, 08, 04, 02, 01, or 00, randomly.)

The SWAPF instruction means a 4-bit substitution box construction would be very feasible (via FSR and INDF registers).  It is basically just a look-up table with 16 entries, for every possible nibble value.  However, we don't see 4-bit granularity in the ciphertext patterns, making its direct use unlikely.  (The table would have to be constructed such that (0b1111 & S[i]) ≥ i, which is possible, but unlikely.)

The fact that PIC loop construction uses DECFSZ, INCFSZ, BTFSC, or BTFSS followed by a GOTO to the start of the next iteration, is likely significant.  One possibility is that the plaintext word is rotated into the ciphertext word using
        CLR    dstlo
        CLR    dsthi
        CLRW
    loop:
        RLF    srclo, 1
        RLF    srchi, 1
        RRF    dsthi, 1
        RRF    dstlo, 1
        ADDWF  srchi, 1
        BTFSS  STATUS, ZERO
        GOTO   loop
        ADDWF  srclo, 1
        BTFSS  STATUS, ZERO
        GOTO   loop
for all four words first (using only 10 bytes of RAM, since the source plaintext is not needed afterwards).  That has the "benefit" of reversing the bits, while having at least as many least significant zero bits in the ciphertext words as were in the plaintext words.  The six last lines simply loop until the plaintext is zero, relying on the fact that the W register is zero, and adding zero to a byte will set carry and zero flags when appropriate.
Following that transformation, the words could be "mixed" together using the W register and some RLF, ADDWF and XORWF operations.
Thing is, with sufficient plaintext → ciphertext pairs, we can write a brute force explorer, which tests a large number of such mixing operation combinations. 

That initial solution space is huge, but the symmetries observed –– like swapping first and second, or third and fourth 16-bit plaintext words, just swaps the corresponding 16-bit ciphertext words –– and other details revealed by the systematic plaintext → ciphertext patterns, may limit the solution space so that brute force verification of the remaining possibilities becomes feasible.

All this also means I was wrong :-[: It is not better to look at the mathematical operations here, to find out the algorithm!  In fact, it is better to look at the PIC instruction set possibilities, because those and PIC memory are much more limited than the possibilities of ordinary binary arithmetic.  Apologies for the misguided suggestion earlier.
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #22 on: October 30, 2023, 11:22:12 am »
Unfortunately, looks like i made a mistake while copying and pasting data from the console.

Console? So how do you pass the challenge to this device?

I'm guessing some serial communication, but then how does the device know the entire challenge has been passed?

Really getting at whether it might be possible that the challenge could be (optionally) longer than 7 bytes? I have in mind the hints that the challenge might be handled as four 16-bit words. If there is some way to give it 8 bytes, then there would be some challenges to try as extensions to those already suggested.

Also, what is this magic device, and what purpose does the challenge-response serve?
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #23 on: October 30, 2023, 08:01:03 pm »
Console? So how do you pass the challenge to this device?

I'm using console to interface with eval board, which acts as a host and composes proper challenge frame (header, body and chksum) which is then sent by second uart to mentioned device.

Whole thing is an automotive stuff - an extension/sandwich board used to reprogram ecu by usb.
After ignition is switched on, ecu sends challenge by its uart (and so does my eval), flasher board sends back response. Bad response or no response = ecu will get a limp mode.
I'm trying to find if ecu is able to run properly without sandwich, cause after flashing is done, theoreeeeetically ecu does not need piggy anymore.
I'll get back with new datasets soon - need to rewrite eval firmware to make it more flexible.

 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #24 on: October 31, 2023, 07:47:53 am »
I'm using console to interface with eval board, which acts as a host and composes proper challenge frame (header, body and chksum) which is then sent by second uart to mentioned device.
What do you mean by console?  A serial terminal or terminal emulator?  Or something that has separate display and a hex keyboard ?

I'll get back with new datasets soon - need to rewrite eval firmware to make it more flexible.
Ah, I think I understand: your current eval board interface is an interactive one, exposed via a serial connection, I guess?

If this was me, I'd probably use a text-based protocol, connecting the eval board to a separate microcontroller (that is connected to a computer via e.g. USB serial) with one UART connected to the eval board console UART, and another UART with RX connected to the eval board outgoing TX to receive a copy of the challenge frames.  That helper microcontroller would take queries of form
    ? hh hh hh hh hh hh hh
that if acceptable, would forward the data to the eval board, which would generate a challenge frame, which would be peeked at, and result in a response of form
    ? hh hh hh hh hh hh hh = hh hh hh hh hh hh hh hh
If not acceptable or an error occurs, the response would be
    ! error message
It's simple to parse (no need to buffer input, it can be handled online, character by character as it arrives), easy to extend, and reporting back both the plaintext and the corresponding ciphertext avoids copy-paste errors.
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #25 on: November 01, 2023, 09:30:40 pm »
I'm back with new information. While re-examining data frames and my code, it turned out that i made a mistake. Gyus - you were right. Challenge frame is indeed 8 bytes long.
Apologies for that.

What did i do wrong?
Challenge frame itself contains more adjacent, random value bytes* for obfuscation purposes. In order to preserve data consistency, challenge frames generated by me were stuffed with zeros on those places, so the code was always sending 0x00 in place of actual first challenge byte. However previously dumped data should be valid, since we assumed zeros there.

* those does not contribute in challenge-response generation procedure


Attached a txt with new, requested data set, expanded to full 8-byte frame length.
-challenge+response in one line, no human-copy-pasting-merging ;)
-FW does a CRC check on received frame


What do you mean by console?  A serial terminal or terminal emulator?  Or something that has separate display and a hex keyboard ?
My wiring looks like that:
Putty on PC <-> USB-to-uart on eval board <-> (MCU_uart1, MCU_uart2) <-> levelshifters <-> PIC_uart
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #26 on: November 02, 2023, 04:54:48 am »
This being automotive (something I know next to nothing about), are there not better places to be asking about it?

So R0, R2, R4 and R6 still appear to not be influenced by all the challenge bytes, but are affected by C0 (as well as C2, C4 and C6 as seen before).

Running the sum/difference search now, and it no longer finds a way to calculate R5 given R7 (or the other way around). Also the relationship between R0 and R2 includes C0 (I sort-of suspected it might). Omitting the verbose versions:

Code: [Select]
R0 = +R2+C0-C2
R2 = +R0+C2-C0
R4 = +R6+C4-C6
R6 = +R4+C6-C4

Response for all 0xAA, all 0x55 and all 0xFF maybe? Not that I expect those to lead to some dramatic breakthrough.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #27 on: November 02, 2023, 08:59:27 am »
The new data confirms the following:
  • Swapping first and second 16-bit challenge words only swaps first and second 16-bit response words
  • Swapping third and fourth 16-bit challenge words only swaps third and fourth 16-bit response words
  • Swapping first and second, and third and fourth 16-bit challenge words, only swaps the response words similarly
  • When all challenge words have at least N least significant bits all zeroes, then the N least significant bits in all response words match those in the zero response (0xC6EA, 0xC6EA, 0xE64C, 0xE64C).
If we assume the final operation the hashing/encryption routine does in subtract 0xC6EA from the first two words, and 0xE64C from the last two words, then we can find some very interesting and suspicious patterns:
Code: [Select]
     Challenge               Response          Response pre sub                             Challenge in binary                                           Response prior to subtraction in binary

0000 0000 0000 F000  =  36EA 36EA 664C 564C : 9000 9000 8000 9000 | 0000000000000000 0000000000000000 0000000000000000 1111000000000000 . 1001000000000000 1001000000000000 1000000000000000 1001000000000000
0000 0000 0000 FF00  =  45EA 45EA D64C D54C : 8100 8100 1000 1100 | 0000000000000000 0000000000000000 0000000000000000 1111111100000000 . 1000000100000000 1000000100000000 0001000000000000 0001000100000000

0000 0000 F000 0000  =  36EA 36EA 564C 664C : 9000 9000 9000 8000 | 0000000000000000 0000000000000000 1111000000000000 0000000000000000 . 1001000000000000 1001000000000000 1001000000000000 1000000000000000
0000 0000 FF00 0000  =  45EA 45EA D54C D64C : 8100 8100 1100 1000 | 0000000000000000 0000000000000000 1111111100000000 0000000000000000 . 1000000100000000 1000000100000000 0001000100000000 0001000000000000

0000 F000 0000 0000  =  E6EA D6EA B64C B64C : E000 F000 3000 3000 | 0000000000000000 1111000000000000 0000000000000000 0000000000000000 . 1110000000000000 1111000000000000 0011000000000000 0011000000000000
0000 FF00 0000 0000  =  30EA 2FEA F34C F34C : 9600 9700 F300 F300 | 0000000000000000 1111111100000000 0000000000000000 0000000000000000 . 1001011000000000 1001011100000000 1111001100000000 1111001100000000

F000 0000 0000 0000  =  D6EA E6EA B64C B64C : F000 E000 3000 3000 | 1111000000000000 0000000000000000 0000000000000000 0000000000000000 . 1111000000000000 1110000000000000 0011000000000000 0011000000000000
FF00 0000 0000 0000  =  2FEA 30EA F34C F34C : 9700 9600 F300 F300 | 1111111100000000 0000000000000000 0000000000000000 0000000000000000 . 1001011100000000 1001011000000000 1111001100000000 1111001100000000

0000 F000 F000 0000  =  16EA 06EA 664C 764C : B000 C000 8000 7000 | 0000000000000000 1111000000000000 1111000000000000 0000000000000000 . 1011000000000000 1100000000000000 1000000000000000 0111000000000000
0000 FF00 FF00 0000  =  D3EA D2EA 524C 534C : F300 F400 9400 9300 | 0000000000000000 1111111100000000 1111111100000000 0000000000000000 . 1111001100000000 1111010000000000 1001010000000000 1001001100000000

0000 0000 F000 F000  =  A6EA A6EA 564C 564C : 2000 2000 9000 9000 | 0000000000000000 0000000000000000 1111000000000000 1111000000000000 . 0010000000000000 0010000000000000 1001000000000000 1001000000000000
0000 0000 FF00 FF00  =  D4EA D4EA 354C 354C : F200 F200 B100 B100 | 0000000000000000 0000000000000000 1111111100000000 1111111100000000 . 1111001000000000 1111001000000000 1011000100000000 1011000100000000

F000 F000 0000 0000  =  76EA 76EA 864C 864C : 5000 5000 6000 6000 | 1111000000000000 1111000000000000 0000000000000000 0000000000000000 . 0101000000000000 0101000000000000 0110000000000000 0110000000000000
FF00 FF00 0000 0000  =  51EA 51EA 304C 304C : 7500 7500 B600 B600 | 1111111100000000 1111111100000000 0000000000000000 0000000000000000 . 0111010100000000 0111010100000000 1011011000000000 1011011000000000

0000 F000 F000 F000  =  46EA 36EA 264C 264C : 8000 9000 C000 C000 | 0000000000000000 1111000000000000 1111000000000000 1111000000000000 . 1000000000000000 1001000000000000 1100000000000000 1100000000000000
0000 FF00 FF00 FF00  =  E6EA E5EA FA4C FA4C : E000 E100 EC00 EC00 | 0000000000000000 1111111100000000 1111111100000000 1111111100000000 . 1110000000000000 1110000100000000 1110110000000000 1110110000000000

F000 F000 F000 0000  =  E6EA E6EA 764C 864C : E000 E000 7000 6000 | 1111000000000000 1111000000000000 1111000000000000 0000000000000000 . 1110000000000000 1110000000000000 0111000000000000 0110000000000000
FF00 FF00 FF00 0000  =  70EA 70EA 2F4C 304C : 5600 5600 B700 B600 | 1111111100000000 1111111100000000 1111111100000000 0000000000000000 . 0101011000000000 0101011000000000 1011011100000000 1011011000000000
To investigate further, the following 194 patterns would be useful to know:
Code: [Select]
00 00 00 00 00 00 00 E0
00 00 00 00 00 00 00 F8
00 00 00 00 00 00 00 FC
00 00 00 00 00 00 80 FF
00 00 00 00 00 00 C0 FF
00 00 00 00 00 00 E0 FF
00 00 00 00 00 00 F0 FF
00 00 00 00 00 00 F8 FF
00 00 00 00 00 00 FC FF
00 00 00 00 00 00 FE FF
00 00 00 00 00 00 FF FF
00 00 00 00 00 E0 00 00
00 00 00 00 00 E0 00 E0
00 00 00 00 00 F8 00 00
00 00 00 00 00 F8 00 F8
00 00 00 00 00 FC 00 00
00 00 00 00 00 FC 00 FC
00 00 00 00 80 FF 00 00
00 00 00 00 80 FF 80 FF
00 00 00 00 C0 FF 00 00
00 00 00 00 C0 FF C0 FF
00 00 00 00 E0 FF 00 00
00 00 00 00 E0 FF E0 FF
00 00 00 00 F0 FF 00 00
00 00 00 00 F0 FF F0 FF
00 00 00 00 F8 FF 00 00
00 00 00 00 F8 FF F8 FF
00 00 00 00 FC FF 00 00
00 00 00 00 FC FF FC FF
00 00 00 00 FE FF 00 00
00 00 00 00 FE FF FE FF
00 00 00 00 FF FF 00 00
00 00 00 00 FF FF FF FF
00 00 00 80 00 00 00 80
00 00 00 C0 00 00 00 C0
00 00 00 E0 00 00 00 00
00 00 00 E0 00 00 00 E0
00 00 00 E0 00 E0 00 00
00 00 00 E0 00 E0 00 E0
00 00 00 F0 00 00 00 F0
00 00 00 F8 00 00 00 00
00 00 00 F8 00 00 00 F8
00 00 00 F8 00 F8 00 00
00 00 00 F8 00 F8 00 F8
00 00 00 FC 00 00 00 00
00 00 00 FC 00 00 00 FC
00 00 00 FC 00 FC 00 00
00 00 00 FC 00 FC 00 FC
00 00 00 FE 00 00 00 FE
00 00 00 FF 00 00 00 FF
00 00 80 FF 00 00 00 00
00 00 80 FF 00 00 80 FF
00 00 80 FF 80 FF 00 00
00 00 80 FF 80 FF 80 FF
00 00 C0 FF 00 00 00 00
00 00 C0 FF 00 00 C0 FF
00 00 C0 FF C0 FF 00 00
00 00 C0 FF C0 FF C0 FF
00 00 E0 FF 00 00 00 00
00 00 E0 FF 00 00 E0 FF
00 00 E0 FF E0 FF 00 00
00 00 E0 FF E0 FF E0 FF
00 00 F0 FF 00 00 00 00
00 00 F0 FF 00 00 F0 FF
00 00 F0 FF F0 FF 00 00
00 00 F0 FF F0 FF F0 FF
00 00 F8 FF 00 00 00 00
00 00 F8 FF 00 00 F8 FF
00 00 F8 FF F8 FF 00 00
00 00 F8 FF F8 FF F8 FF
00 00 FC FF 00 00 00 00
00 00 FC FF 00 00 FC FF
00 00 FC FF FC FF 00 00
00 00 FC FF FC FF FC FF
00 00 FE FF 00 00 00 00
00 00 FE FF 00 00 FE FF
00 00 FE FF FE FF 00 00
00 00 FE FF FE FF FE FF
00 00 FF FF 00 00 00 00
00 00 FF FF 00 00 FF FF
00 00 FF FF FF FF 00 00
00 00 FF FF FF FF FF FF
00 80 00 00 00 00 00 80
00 80 00 00 00 80 00 00
00 80 00 00 00 80 00 80
00 80 00 80 00 00 00 80
00 80 00 80 00 80 00 80
00 C0 00 00 00 00 00 C0
00 C0 00 00 00 C0 00 00
00 C0 00 00 00 C0 00 C0
00 C0 00 C0 00 00 00 C0
00 C0 00 C0 00 C0 00 C0
00 E0 00 00 00 00 00 00
00 E0 00 00 00 00 00 E0
00 E0 00 00 00 E0 00 00
00 E0 00 00 00 E0 00 E0
00 E0 00 E0 00 00 00 00
00 E0 00 E0 00 00 00 E0
00 E0 00 E0 00 E0 00 00
00 E0 00 E0 00 E0 00 E0
00 F0 00 00 00 00 00 F0
00 F0 00 00 00 F0 00 00
00 F0 00 00 00 F0 00 F0
00 F0 00 F0 00 00 00 F0
00 F0 00 F0 00 F0 00 F0
00 F8 00 00 00 00 00 00
00 F8 00 00 00 00 00 F8
00 F8 00 00 00 F8 00 00
00 F8 00 00 00 F8 00 F8
00 F8 00 F8 00 00 00 00
00 F8 00 F8 00 00 00 F8
00 F8 00 F8 00 F8 00 00
00 F8 00 F8 00 F8 00 F8
00 FC 00 00 00 00 00 00
00 FC 00 00 00 00 00 FC
00 FC 00 00 00 FC 00 00
00 FC 00 00 00 FC 00 FC
00 FC 00 FC 00 00 00 00
00 FC 00 FC 00 00 00 FC
00 FC 00 FC 00 FC 00 00
00 FC 00 FC 00 FC 00 FC
00 FE 00 00 00 00 00 FE
00 FE 00 00 00 FE 00 00
00 FE 00 00 00 FE 00 FE
00 FE 00 FE 00 00 00 FE
00 FE 00 FE 00 FE 00 FE
00 FF 00 00 00 00 00 FF
00 FF 00 00 00 FF 00 00
00 FF 00 00 00 FF 00 FF
00 FF 00 FF 00 00 00 FF
00 FF 00 FF 00 FF 00 FF
80 FF 00 00 00 00 00 00
80 FF 00 00 00 00 80 FF
80 FF 00 00 80 FF 00 00
80 FF 00 00 80 FF 80 FF
80 FF 80 FF 00 00 00 00
80 FF 80 FF 00 00 80 FF
80 FF 80 FF 80 FF 00 00
80 FF 80 FF 80 FF 80 FF
C0 FF 00 00 00 00 00 00
C0 FF 00 00 00 00 C0 FF
C0 FF 00 00 C0 FF 00 00
C0 FF 00 00 C0 FF C0 FF
C0 FF C0 FF 00 00 00 00
C0 FF C0 FF 00 00 C0 FF
C0 FF C0 FF C0 FF 00 00
C0 FF C0 FF C0 FF C0 FF
E0 FF 00 00 00 00 00 00
E0 FF 00 00 00 00 E0 FF
E0 FF 00 00 E0 FF 00 00
E0 FF 00 00 E0 FF E0 FF
E0 FF E0 FF 00 00 00 00
E0 FF E0 FF 00 00 E0 FF
E0 FF E0 FF E0 FF 00 00
E0 FF E0 FF E0 FF E0 FF
F0 FF 00 00 00 00 00 00
F0 FF 00 00 00 00 F0 FF
F0 FF 00 00 F0 FF 00 00
F0 FF 00 00 F0 FF F0 FF
F0 FF F0 FF 00 00 00 00
F0 FF F0 FF 00 00 F0 FF
F0 FF F0 FF F0 FF 00 00
F0 FF F0 FF F0 FF F0 FF
F8 FF 00 00 00 00 00 00
F8 FF 00 00 00 00 F8 FF
F8 FF 00 00 F8 FF 00 00
F8 FF 00 00 F8 FF F8 FF
F8 FF F8 FF 00 00 00 00
F8 FF F8 FF 00 00 F8 FF
F8 FF F8 FF F8 FF 00 00
F8 FF F8 FF F8 FF F8 FF
FC FF 00 00 00 00 00 00
FC FF 00 00 00 00 FC FF
FC FF 00 00 FC FF 00 00
FC FF 00 00 FC FF FC FF
FC FF FC FF 00 00 00 00
FC FF FC FF 00 00 FC FF
FC FF FC FF FC FF 00 00
FC FF FC FF FC FF FC FF
FE FF 00 00 00 00 00 00
FE FF 00 00 00 00 FE FF
FE FF 00 00 FE FF 00 00
FE FF 00 00 FE FF FE FF
FE FF FE FF 00 00 00 00
FE FF FE FF 00 00 FE FF
FE FF FE FF FE FF 00 00
FE FF FE FF FE FF FE FF
FF FF 00 00 00 00 00 00
FF FF 00 00 00 00 FF FF
FF FF 00 00 FF FF 00 00
FF FF 00 00 FF FF FF FF
FF FF FF FF 00 00 00 00
FF FF FF FF 00 00 FF FF
FF FF FF FF FF FF 00 00
They form the rest of the combinations where each challenge word is either zero, or has N most significant bits set.
« Last Edit: November 02, 2023, 09:08:20 am by Nominal Animal »
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #28 on: November 02, 2023, 04:08:33 pm »
To investigate further, the following 194 patterns would be useful to know:
Sure, new datasets below:
Code: [Select]
0000 0000 0000 0000 0000 0000 0000 00E0     00EA 0026 00EA 0026 004C 00E6 004C 00C6
0000 0000 0000 0000 0000 0000 0000 00F8     00EA 002E 00EA 002E 004C 0006 004C 00FE
0000 0000 0000 0000 0000 0000 0000 00FC     00EA 0082 00EA 0082 004C 0096 004C 0092
0000 0000 0000 0000 0000 0000 0080 00FF     006A 00FA 006A 00FA 004C 00D2 00CC 00D1
0000 0000 0000 0000 0000 0000 00C0 00FF     002A 0078 002A 0078 004C 00AB 000C 00AB
0000 0000 0000 0000 0000 0000 00E0 00FF     00CA 001A 00CA 001A 004C 0006 002C 0006
0000 0000 0000 0000 0000 0000 00F0 00FF     007A 00A5 007A 00A5 004C 00E4 003C 00E4
0000 0000 0000 0000 0000 0000 00F8 00FF     0002 003B 0002 003B 002C 0064 0024 0064
0000 0000 0000 0000 0000 0000 00FC 00FF     006E 0075 006E 0075 004C 0019 0048 0019
0000 0000 0000 0000 0000 0000 00FE 00FF     007C 0074 007C 0074 0054 0005 0052 0005
0000 0000 0000 0000 0000 0000 00FF 00FF     0055 0012 0055 0012 0060 0049 005F 0049
0000 0000 0000 0000 0000 00E0 0000 0000     00EA 0026 00EA 0026 004C 00C6 004C 00E6
0000 0000 0000 0000 0000 00E0 0000 00E0     00EA 0086 00EA 0086 004C 00C6 004C 00C6
0000 0000 0000 0000 0000 00F8 0000 0000     00EA 002E 00EA 002E 004C 00FE 004C 0006
0000 0000 0000 0000 0000 00F8 0000 00F8     00EA 0016 00EA 0016 004C 009E 004C 009E
0000 0000 0000 0000 0000 00FC 0000 0000     00EA 0082 00EA 0082 004C 0092 004C 0096
0000 0000 0000 0000 0000 00FC 0000 00FC     00EA 00FE 00EA 00FE 004C 0082 004C 0082
0000 0000 0000 0000 0080 00FF 0000 0000     006A 00FA 006A 00FA 00CC 00D1 004C 00D2
0000 0000 0000 0000 0080 00FF 0080 00FF     00EA 004D 00EA 004D 00CC 00B1 00CC 00B1
0000 0000 0000 0000 00C0 00FF 0000 0000     002A 0078 002A 0078 000C 00AB 004C 00AB
0000 0000 0000 0000 00C0 00FF 00C0 00FF     006A 00ED 006A 00ED 000C 00EA 000C 00EA
0000 0000 0000 0000 00E0 00FF 0000 0000     00CA 001A 00CA 001A 002C 0006 004C 0006
0000 0000 0000 0000 00E0 00FF 00E0 00FF     00AA 00DA 00AA 00DA 002C 003A 002C 003A
0000 0000 0000 0000 00F0 00FF 0000 0000     007A 00A5 007A 00A5 003C 00E4 004C 00E4
0000 0000 0000 0000 00F0 00FF 00F0 00FF     000A 007A 000A 007A 003C 001C 003C 001C
0000 0000 0000 0000 00F8 00FF 0000 0000     0002 003B 0002 003B 0024 0064 002C 0064
0000 0000 0000 0000 00F8 00FF 00F8 00FF     001A 00B1 001A 00B1 00C4 000A 00C4 000A
0000 0000 0000 0000 00FC 00FF 0000 0000     006E 0075 006E 0075 0048 0019 004C 0019
0000 0000 0000 0000 00FC 00FF 00FC 00FF     0032 009A 0032 009A 00C8 00B1 00C8 00B1
0000 0000 0000 0000 00FE 00FF 0000 0000     007C 0074 007C 0074 0052 0005 0054 0005
0000 0000 0000 0000 00FE 00FF 00FE 00FF     00AE 0055 00AE 0055 00AA 00AE 00AA 00AE
0000 0000 0000 0000 00FF 00FF 0000 0000     0055 0012 0055 0012 005F 0049 0060 0049
0000 0000 0000 0000 00FF 00FF 00FF 00FF     0080 0038 0080 0038 001B 00C9 001B 00C9
0000 0000 0000 0080 0000 0000 0000 0080     00EA 0046 00EA 00C6 004C 0066 004C 00E6
0000 0000 0000 00C0 0000 0000 0000 00C0     00EA 0006 00EA 00C6 004C 00A6 004C 0066
0000 0000 0000 00E0 0000 0000 0000 0000     00EA 0086 00EA 0066 004C 0046 004C 0046
0000 0000 0000 00E0 0000 0000 0000 00E0     00EA 00E6 00EA 00C6 004C 00C6 004C 00A6
0000 0000 0000 00E0 0000 00E0 0000 0000     00EA 00E6 00EA 00C6 004C 00A6 004C 00C6
0000 0000 0000 00E0 0000 00E0 0000 00E0     00EA 0046 00EA 0026 004C 0026 004C 0026
0000 0000 0000 00F0 0000 0000 0000 00F0     00EA 0016 00EA 0006 004C 0076 004C 0066
0000 0000 0000 00F8 0000 0000 0000 0000     00EA 00D6 00EA 00CE 004C 00EE 004C 00EE
0000 0000 0000 00F8 0000 0000 0000 00F8     00EA 007E 00EA 0076 004C 008E 004C 0086
0000 0000 0000 00F8 0000 00F8 0000 0000     00EA 007E 00EA 0076 004C 0086 004C 008E
0000 0000 0000 00F8 0000 00F8 0000 00F8     00EA 0026 00EA 001E 004C 0026 004C 0026
0000 0000 0000 00FC 0000 0000 0000 0000     00EA 000E 00EA 000A 004C 00A2 004C 00A2
0000 0000 0000 00FC 0000 0000 0000 00FC     00EA 007A 00EA 0076 004C 0032 004C 002E
0000 0000 0000 00FC 0000 00FC 0000 0000     00EA 007A 00EA 0076 004C 002E 004C 0032
0000 0000 0000 00FC 0000 00FC 0000 00FC     00EA 0066 00EA 0062 004C 001E 004C 001E
0000 0000 0000 00FE 0000 0000 0000 00FE     00EA 0084 00EA 0082 004C 00C4 004C 00C2
0000 0000 0000 00FF 0000 0000 0000 00FF     00EA 00D3 00EA 00D2 004C 0053 004C 0052
0000 0000 0080 00FF 0000 0000 0000 0000     00EA 00D1 006A 00D1 00CC 00ED 00CC 00ED
0000 0000 0080 00FF 0000 0000 0080 00FF     006A 00CB 00EA 00CA 00CC 00DB 004C 00DB
0000 0000 0080 00FF 0080 00FF 0000 0000     006A 00CB 00EA 00CA 004C 00DB 00CC 00DB
0000 0000 0080 00FF 0080 00FF 0080 00FF     00EA 008C 006A 008C 004C 0015 004C 0015
0000 0000 00C0 00FF 0000 0000 0000 0000     006A 00DD 002A 00DD 008C 0062 008C 0062
0000 0000 00C0 00FF 0000 0000 00C0 00FF     00AA 00BF 006A 00BF 008C 004C 004C 004C
0000 0000 00C0 00FF 00C0 00FF 0000 0000     00AA 00BF 006A 00BF 004C 004C 008C 004C
0000 0000 00C0 00FF 00C0 00FF 00C0 00FF     00EA 0011 00AA 0011 004C 0060 004C 0060
0000 0000 00E0 00FF 0000 0000 0000 0000     002A 003F 000A 003F 006C 0007 006C 0007
0000 0000 00E0 00FF 0000 0000 00E0 00FF     000A 009F 00EA 009E 006C 00FC 004C 00FC
0000 0000 00E0 00FF 00E0 00FF 0000 0000     000A 009F 00EA 009E 004C 00FC 006C 00FC
0000 0000 00E0 00FF 00E0 00FF 00E0 00FF     00EA 0040 00CA 0040 004C 008B 004C 008B
0000 0000 00F0 00FF 0000 0000 0000 0000     000A 00EE 00FA 00ED 007C 0042 007C 0042
0000 0000 00F0 00FF 0000 0000 00F0 00FF     005A 0046 004A 0046 007C 0079 006C 0079
0000 0000 00F0 00FF 00F0 00FF 0000 0000     005A 0046 004A 0046 006C 0079 007C 0079
0000 0000 00F0 00FF 00F0 00FF 00F0 00FF     00AA 0027 009A 0027 00EC 003B 00EC 003B
0000 0000 00F8 00FF 0000 0000 0000 0000     009A 00DF 0092 00DF 0014 00C3 0014 00C3
0000 0000 00F8 00FF 0000 0000 00F8 00FF     00D2 00D2 00CA 00D2 0094 00CB 008C 00CB
0000 0000 00F8 00FF 00F8 00FF 0000 0000     00D2 00D2 00CA 00D2 008C 00CB 0094 00CB
0000 0000 00F8 00FF 00F8 00FF 00F8 00FF     000A 008E 0002 008E 000C 00B3 000C 00B3
0000 0000 00FC 00FF 0000 0000 0000 0000     0032 004D 002E 004D 00F8 00EA 00F8 00EA
0000 0000 00FC 00FF 0000 0000 00FC 00FF     0056 003C 0052 003C 0098 00FD 0094 00FD
0000 0000 00FC 00FF 00FC 00FF 0000 0000     0056 003C 0052 003C 0094 00FD 0098 00FD
0000 0000 00FC 00FF 00FC 00FF 00FC 00FF     007A 0034 0076 0034 00F4 008A 00F4 008A
0000 0000 00FE 00FF 0000 0000 0000 0000     000E 00A9 000C 00A9 000E 00BE 000E 00BE
0000 0000 00FE 00FF 0000 0000 00FE 00FF     0030 00FE 002E 00FE 008E 00D0 008C 00D0
0000 0000 00FE 00FF 00FE 00FF 0000 0000     0030 00FE 002E 00FE 008C 00D0 008E 00D0
0000 0000 00FE 00FF 00FE 00FF 00FE 00FF     0092 00C0 0090 00C0 00FC 0097 00FC 0097
0000 0000 00FF 00FF 0000 0000 0000 0000     0010 0031 000F 0031 0015 0013 0015 0013
0000 0000 00FF 00FF 0000 0000 00FF 00FF     00D3 00F9 00D2 00F9 000D 009E 000C 009E
0000 0000 00FF 00FF 00FF 00FF 0000 0000     00D3 00F9 00D2 00F9 000C 009E 000D 009E
0000 0000 00FF 00FF 00FF 00FF 00FF 00FF     0026 00AC 0025 00AC 005C 0098 005C 0098
0000 0080 0000 0000 0000 0000 0000 0080     00EA 00C6 00EA 0046 004C 0066 004C 00E6
0000 0080 0000 0000 0000 0080 0000 0000     00EA 00C6 00EA 0046 004C 00E6 004C 0066
0000 0080 0000 0000 0000 0080 0000 0080     00EA 0046 00EA 00C6 004C 00E6 004C 00E6
0000 0080 0000 0080 0000 0000 0000 0080     00EA 00C6 00EA 00C6 004C 00E6 004C 0066
0000 0080 0000 0080 0000 0080 0000 0080     00EA 0046 00EA 0046 004C 0066 004C 0066
0000 00C0 0000 0000 0000 0000 0000 00C0     00EA 00C6 00EA 0006 004C 00A6 004C 0066
0000 00C0 0000 0000 0000 00C0 0000 0000     00EA 00C6 00EA 0006 004C 0066 004C 00A6
0000 00C0 0000 0000 0000 00C0 0000 00C0     00EA 0086 00EA 00C6 004C 0066 004C 0066
0000 00C0 0000 00C0 0000 0000 0000 00C0     00EA 0046 00EA 0046 004C 0066 004C 0026
0000 00C0 0000 00C0 0000 00C0 0000 00C0     00EA 0006 00EA 0006 004C 0026 004C 0026
0000 00E0 0000 0000 0000 0000 0000 0000     00EA 0066 00EA 0086 004C 0046 004C 0046
0000 00E0 0000 0000 0000 0000 0000 00E0     00EA 00C6 00EA 00E6 004C 00C6 004C 00A6
0000 00E0 0000 0000 0000 00E0 0000 0000     00EA 00C6 00EA 00E6 004C 00A6 004C 00C6
0000 00E0 0000 0000 0000 00E0 0000 00E0     00EA 0026 00EA 0046 004C 0026 004C 0026
0000 00E0 0000 00E0 0000 0000 0000 0000     00EA 0026 00EA 0026 004C 00A6 004C 00A6
0000 00E0 0000 00E0 0000 0000 0000 00E0     00EA 0086 00EA 0086 004C 00A6 004C 0086
0000 00E0 0000 00E0 0000 00E0 0000 0000     00EA 0086 00EA 0086 004C 0086 004C 00A6
0000 00E0 0000 00E0 0000 00E0 0000 00E0     00EA 00E6 00EA 00E6 004C 0086 004C 0086
0000 00F0 0000 0000 0000 0000 0000 00F0     00EA 0006 00EA 0016 004C 0076 004C 0066
0000 00F0 0000 0000 0000 00F0 0000 0000     00EA 0006 00EA 0016 004C 0066 004C 0076
0000 00F0 0000 0000 0000 00F0 0000 00F0     00EA 0036 00EA 0046 004C 0026 004C 0026
0000 00F0 0000 00F0 0000 0000 0000 00F0     00EA 00E6 00EA 00E6 004C 0086 004C 0076
0000 00F0 0000 00F0 0000 00F0 0000 00F0     00EA 0056 00EA 0056 004C 00F6 004C 00F6
0000 00F8 0000 0000 0000 0000 0000 0000     00EA 00CE 00EA 00D6 004C 00EE 004C 00EE
0000 00F8 0000 0000 0000 0000 0000 00F8     00EA 0076 00EA 007E 004C 008E 004C 0086
0000 00F8 0000 0000 0000 00F8 0000 0000     00EA 0076 00EA 007E 004C 0086 004C 008E
0000 00F8 0000 0000 0000 00F8 0000 00F8     00EA 001E 00EA 0026 004C 0026 004C 0026
0000 00F8 0000 00F8 0000 0000 0000 0000     00EA 005E 00EA 005E 004C 00F6 004C 00F6
0000 00F8 0000 00F8 0000 0000 0000 00F8     00EA 0046 00EA 0046 004C 0016 004C 000E
0000 00F8 0000 00F8 0000 00F8 0000 0000     00EA 0046 00EA 0046 004C 000E 004C 0016
0000 00F8 0000 00F8 0000 00F8 0000 00F8     00EA 00AE 00EA 00AE 004C 00AE 004C 00AE
0000 00FC 0000 0000 0000 0000 0000 0000     00EA 000A 00EA 000E 004C 00A2 004C 00A2
0000 00FC 0000 0000 0000 0000 0000 00FC     00EA 0076 00EA 007A 004C 0032 004C 002E
0000 00FC 0000 0000 0000 00FC 0000 0000     00EA 0076 00EA 007A 004C 002E 004C 0032
0000 00FC 0000 0000 0000 00FC 0000 00FC     00EA 0062 00EA 0066 004C 001E 004C 001E
0000 00FC 0000 00FC 0000 0000 0000 0000     00EA 00B2 00EA 00B2 004C 005E 004C 005E
0000 00FC 0000 00FC 0000 0000 0000 00FC     00EA 00CE 00EA 00CE 004C 008E 004C 008A
0000 00FC 0000 00FC 0000 00FC 0000 0000     00EA 00CE 00EA 00CE 004C 008A 004C 008E
0000 00FC 0000 00FC 0000 00FC 0000 00FC     00EA 00AA 00EA 00AA 004C 00BA 004C 00BA
0000 00FE 0000 0000 0000 0000 0000 00FE     00EA 0082 00EA 0084 004C 00C4 004C 00C2
0000 00FE 0000 0000 0000 00FE 0000 0000     00EA 0082 00EA 0084 004C 00C2 004C 00C4
0000 00FE 0000 0000 0000 00FE 0000 00FE     00EA 001C 00EA 001E 004C 00FA 004C 00FA
0000 00FE 0000 00FE 0000 0000 0000 00FE     00EA 002E 00EA 002E 004C 00E2 004C 00E0
0000 00FE 0000 00FE 0000 00FE 0000 00FE     00EA 00C0 00EA 00C0 004C 0000 004C 0000
0000 00FF 0000 0000 0000 0000 0000 00FF     00EA 00D2 00EA 00D3 004C 0053 004C 0052
0000 00FF 0000 0000 0000 00FF 0000 0000     00EA 00D2 00EA 00D3 004C 0052 004C 0053
0000 00FF 0000 0000 0000 00FF 0000 00FF     00EA 00E5 00EA 00E6 004C 00FA 004C 00FA
0000 00FF 0000 00FF 0000 0000 0000 00FF     00EA 0070 00EA 0070 004C 0030 004C 002F
0000 00FF 0000 00FF 0000 00FF 0000 00FF     00EA 005F 00EA 005F 004C 000F 004C 000F
0080 00FF 0000 0000 0000 0000 0000 0000     006A 00D1 00EA 00D1 00CC 00ED 00CC 00ED
0080 00FF 0000 0000 0000 0000 0080 00FF     00EA 00CA 006A 00CB 00CC 00DB 004C 00DB
0080 00FF 0000 0000 0080 00FF 0000 0000     00EA 00CA 006A 00CB 004C 00DB 00CC 00DB
0080 00FF 0000 0000 0080 00FF 0080 00FF     006A 008C 00EA 008C 004C 0015 004C 0015
0080 00FF 0080 00FF 0000 0000 0000 0000     006A 0070 006A 0070 004C 0035 004C 0035
0080 00FF 0080 00FF 0000 0000 0080 00FF     00EA 00A3 00EA 00A3 004C 004D 00CC 004C
0080 00FF 0080 00FF 0080 00FF 0000 0000     00EA 00A3 00EA 00A3 00CC 004C 004C 004D
0080 00FF 0080 00FF 0080 00FF 0080 00FF     006A 0027 006A 0027 00CC 0098 00CC 0098
00C0 00FF 0000 0000 0000 0000 0000 0000     002A 00DD 006A 00DD 008C 0062 008C 0062
00C0 00FF 0000 0000 0000 0000 00C0 00FF     006A 00BF 00AA 00BF 008C 004C 004C 004C
00C0 00FF 0000 0000 00C0 00FF 0000 0000     006A 00BF 00AA 00BF 004C 004C 008C 004C
00C0 00FF 0000 0000 00C0 00FF 00C0 00FF     00AA 0011 00EA 0011 004C 0060 004C 0060
00C0 00FF 00C0 00FF 0000 0000 0000 0000     00AA 00A1 00AA 00A1 00CC 00C2 00CC 00C2
00C0 00FF 00C0 00FF 0000 0000 00C0 00FF     00EA 00A2 00EA 00A2 00CC 00A1 008C 00A1
00C0 00FF 00C0 00FF 00C0 00FF 0000 0000     00EA 00A2 00EA 00A2 008C 00A1 00CC 00A1
00C0 00FF 00C0 00FF 00C0 00FF 00C0 00FF     002A 0048 002A 0048 008C 00DA 008C 00DA
00E0 00FF 0000 0000 0000 0000 0000 0000     000A 003F 002A 003F 006C 0007 006C 0007
00E0 00FF 0000 0000 0000 0000 00E0 00FF     00EA 009E 000A 009F 006C 00FC 004C 00FC
00E0 00FF 0000 0000 00E0 00FF 0000 0000     00EA 009E 000A 009F 004C 00FC 006C 00FC
00E0 00FF 0000 0000 00E0 00FF 00E0 00FF     00CA 0040 00EA 0040 004C 008B 004C 008B
00E0 00FF 00E0 00FF 0000 0000 0000 0000     004A 00E7 004A 00E7 008C 0096 008C 0096
00E0 00FF 00E0 00FF 0000 0000 00E0 00FF     002A 00C7 002A 00C7 008C 0094 006C 0094
00E0 00FF 00E0 00FF 00E0 00FF 0000 0000     002A 00C7 002A 00C7 006C 0094 008C 0094
00E0 00FF 00E0 00FF 00E0 00FF 00E0 00FF     000A 00E7 000A 00E7 006C 00E6 006C 00E6
00F0 00FF 0000 0000 0000 0000 0000 0000     00FA 00ED 000A 00EE 007C 0042 007C 0042
00F0 00FF 0000 0000 0000 0000 00F0 00FF     004A 0046 005A 0046 007C 0079 006C 0079
00F0 00FF 0000 0000 00F0 00FF 0000 0000     004A 0046 005A 0046 006C 0079 007C 0079
00F0 00FF 0000 0000 00F0 00FF 00F0 00FF     009A 0027 00AA 0027 00EC 003B 00EC 003B
00F0 00FF 00F0 00FF 0000 0000 0000 0000     009A 009C 009A 009C 00AC 00F6 00AC 00F6
00F0 00FF 00F0 00FF 0000 0000 00F0 00FF     00AA 004B 00AA 004B 00AC 005D 009C 005D
00F0 00FF 00F0 00FF 00F0 00FF 0000 0000     00AA 004B 00AA 004B 009C 005D 00AC 005D
00F0 00FF 00F0 00FF 00F0 00FF 00F0 00FF     00BA 001A 00BA 001A 009C 0093 009C 0093
00F8 00FF 0000 0000 0000 0000 0000 0000     0092 00DF 009A 00DF 0014 00C3 0014 00C3
00F8 00FF 0000 0000 0000 0000 00F8 00FF     00CA 00D2 00D2 00D2 0094 00CB 008C 00CB
00F8 00FF 0000 0000 00F8 00FF 0000 0000     00CA 00D2 00D2 00D2 008C 00CB 0094 00CB
00F8 00FF 0000 0000 00F8 00FF 00F8 00FF     0002 008E 000A 008E 000C 00B3 000C 00B3
00F8 00FF 00F8 00FF 0000 0000 0000 0000     0082 009E 0082 009E 00DC 00A9 00DC 00A9
00F8 00FF 00F8 00FF 0000 0000 00F8 00FF     005A 004A 005A 004A 00FC 008F 00F4 008F
00F8 00FF 00F8 00FF 00F8 00FF 0000 0000     005A 004A 005A 004A 00F4 008F 00FC 008F
00F8 00FF 00F8 00FF 00F8 00FF 00F8 00FF     0032 00D0 0032 00D0 0054 007B 0054 007B
00FC 00FF 0000 0000 0000 0000 0000 0000     002E 004D 0032 004D 00F8 00EA 00F8 00EA
00FC 00FF 0000 0000 0000 0000 00FC 00FF     0052 003C 0056 003C 0098 00FD 0094 00FD
00FC 00FF 0000 0000 00FC 00FF 0000 0000     0052 003C 0056 003C 0094 00FD 0098 00FD
00FC 00FF 0000 0000 00FC 00FF 00FC 00FF     0076 0034 007A 0034 00F4 008A 00F4 008A
00FC 00FF 00FC 00FF 0000 0000 0000 0000     0036 0000 0036 0000 0064 008F 0064 008F
00FC 00FF 00FC 00FF 0000 0000 00FC 00FF     005A 00AC 005A 00AC 0024 0001 0020 0001
00FC 00FF 00FC 00FF 00FC 00FF 0000 0000     005A 00AC 005A 00AC 0020 0001 0024 0001
00FC 00FF 00FC 00FF 00FC 00FF 00FC 00FF     003E 00FF 003E 00FF 0060 0019 0060 0019
00FE 00FF 0000 0000 0000 0000 0000 0000     000C 00A9 000E 00A9 000E 00BE 000E 00BE
00FE 00FF 0000 0000 0000 0000 00FE 00FF     002E 00FE 0030 00FE 008E 00D0 008C 00D0
00FE 00FF 0000 0000 00FE 00FF 0000 0000     002E 00FE 0030 00FE 008C 00D0 008E 00D0
00FE 00FF 0000 0000 00FE 00FF 00FE 00FF     0090 00C0 0092 00C0 00FC 0097 00FC 0097
00FE 00FF 00FE 00FF 0000 0000 0000 0000     0090 0017 0090 0017 0070 0021 0070 0021
00FE 00FF 00FE 00FF 0000 0000 00FE 00FF     0072 00C2 0072 00C2 0048 00BF 0046 00BF
00FE 00FF 00FE 00FF 00FE 00FF 0000 0000     0072 00C2 0072 00C2 0046 00BF 0048 00BF
00FE 00FF 00FE 00FF 00FE 00FF 00FE 00FF     00B4 0024 00B4 0024 006E 00DB 006E 00DB
00FF 00FF 0000 0000 0000 0000 0000 0000     000F 0031 0010 0031 0015 0013 0015 0013
00FF 00FF 0000 0000 0000 0000 00FF 00FF     00D2 00F9 00D3 00F9 000D 009E 000C 009E
00FF 00FF 0000 0000 00FF 00FF 0000 0000     00D2 00F9 00D3 00F9 000C 009E 000D 009E
00FF 00FF 0000 0000 00FF 00FF 00FF 00FF     0025 00AC 0026 00AC 005C 0098 005C 0098
00FF 00FF 00FF 00FF 0000 0000 0000 0000     00F5 00E6 00F5 00E6 001E 003E 001E 003E
00FF 00FF 00FF 00FF 0000 0000 00FF 00FF     00B0 0017 00B0 0017 001A 004F 0019 004F
00FF 00FF 00FF 00FF 00FF 00FF 0000 0000     00B0 0017 00B0 0017 0019 004F 001A 004F


 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #29 on: November 02, 2023, 10:22:29 pm »
The patterns are definitely interesting.  If we assume the final operation in the hash algorithm is to add C6EA to first two response words and E64C to the last two response words, then:
Code: [Select]
     Challenge        Response before Add                           Challenge in binary                                           Response before addition in binary
8000 0000 0000 0000 + 8000 0000 8000 8000 : 1000000000000000 0000000000000000 0000000000000000 0000000000000000 + 1000000000000000 0000000000000000 1000000000000000 1000000000000000
C000 0000 0000 0000 + 4000 8000 C000 C000 : 1100000000000000 0000000000000000 0000000000000000 0000000000000000 + 0100000000000000 1000000000000000 1100000000000000 1100000000000000
E000 0000 0000 0000 + A000 C000 6000 6000 : 1110000000000000 0000000000000000 0000000000000000 0000000000000000 + 1010000000000000 1100000000000000 0110000000000000 0110000000000000
F000 0000 0000 0000 + 1000 2000 D000 D000 : 1111000000000000 0000000000000000 0000000000000000 0000000000000000 + 0001000000000000 0010000000000000 1101000000000000 1101000000000000
F800 0000 0000 0000 + 0800 1000 0800 0800 : 1111100000000000 0000000000000000 0000000000000000 0000000000000000 + 0000100000000000 0001000000000000 0000100000000000 0000100000000000
FC00 0000 0000 0000 + 4400 4800 BC00 BC00 : 1111110000000000 0000000000000000 0000000000000000 0000000000000000 + 0100010000000000 0100100000000000 1011110000000000 1011110000000000
FE00 0000 0000 0000 + 4200 4400 F600 F600 : 1111111000000000 0000000000000000 0000000000000000 0000000000000000 + 0100001000000000 0100010000000000 1111011000000000 1111011000000000
FF00 0000 0000 0000 + 6900 6A00 0D00 0D00 : 1111111100000000 0000000000000000 0000000000000000 0000000000000000 + 0110100100000000 0110101000000000 0000110100000000 0000110100000000
FF80 0000 0000 0000 + 0A80 0B00 0780 0780 : 1111111110000000 0000000000000000 0000000000000000 0000000000000000 + 0000101010000000 0000101100000000 0000011110000000 0000011110000000
FFC0 0000 0000 0000 + 1640 1680 7C40 7C40 : 1111111111000000 0000000000000000 0000000000000000 0000000000000000 + 0001011001000000 0001011010000000 0111110001000000 0111110001000000
FFE0 0000 0000 0000 + 7820 7840 2120 2120 : 1111111111100000 0000000000000000 0000000000000000 0000000000000000 + 0111100000100000 0111100001000000 0010000100100000 0010000100100000
FFF0 0000 0000 0000 + 2710 2720 5C30 5C30 : 1111111111110000 0000000000000000 0000000000000000 0000000000000000 + 0010011100010000 0010011100100000 0101110000110000 0101110000110000
FFF8 0000 0000 0000 + 18A8 18B0 DCC8 DCC8 : 1111111111111000 0000000000000000 0000000000000000 0000000000000000 + 0001100010101000 0001100010110000 1101110011001000 1101110011001000
FFFC 0000 0000 0000 + 8644 8648 04AC 04AC : 1111111111111100 0000000000000000 0000000000000000 0000000000000000 + 1000011001000100 1000011001001000 0000010010101100 0000010010101100
FFFE 0000 0000 0000 + E222 E224 D7C2 D7C2 : 1111111111111110 0000000000000000 0000000000000000 0000000000000000 + 1110001000100010 1110001000100100 1101011111000010 1101011111000010
FFFF 0000 0000 0000 + 6A25 6A26 2CC9 2CC9 : 1111111111111111 0000000000000000 0000000000000000 0000000000000000 + 0110101000100101 0110101000100110 0010110011001001 0010110011001001


If you have a bash shell (and basic utilities like sed, mktemp, awk), you can save the following as say gen.sh and run it via ./gen.sh dump*.txt to generate various files (including known.h for experimentation in C).  This is what I use for initial mangling.
Code: [Select]
#!/bin/bash
# SPDX-License-Identifier: CC0-1.0
export LANG=C LC_ALL=C

# Usage
if [ $# -lt 1 ] || [ ":$*" = ":-h" ] || [ ":$*" = ":--help" ]; then
    exec >&2
    printf '\n'
    printf 'Usage: %s [ -h | --help ]\n' "$0"
    printf '       %s BYTE-PATTERN-FILE(s)...\n' "$0"
    printf '\n'
    printf 'This reads in hexadecimal input consisting of 16 bytes,\n'
    printf 'whitespace-separated, forming a challenge-response pair.\n'
    printf '\n'
    printf 'After reading all inputs, the three following files are generated:\n'
    printf '    bytes.txt, containing all unique patterns of\n'
    printf '        "HH HH HH HH HH HH HH HH = HH HH HH HH HH HH HH HH"\n'
    printf '    words.txt, above reformatted to little-endian 16-bit words,\n'
    printf '        "HHHH HHHH HHHH HHHH = HHHH HHHH HHHH HHHH"\n'
    printf '    words-sub.txt, the above assuming final substraction by zero response,\n'
    printf '        "HHHH HHHH HHHH HHHH - HHHH HHHH HHHH HHHH : BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB - BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB\n'
    printf '    words-add.txt, the above assuming final addition by zero response,\n'
    printf '        "HHHH HHHH HHHH HHHH + HHHH HHHH HHHH HHHH : BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB + BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB\n'
    printf '    words-xor.txt, the above assuming final exclusive-or by zero response,\n'
    printf '        "HHHH HHHH HHHH HHHH ^ HHHH HHHH HHHH HHHH : BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB ^ BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB\n'
    printf '    known.h, a C header file exposing these patterns\n'
    printf '\n' >&2
    exit 0
fi

# Auto-deleted temporary directory for work files
Work=$(mktemp -d) || exit 1
trap "rm -rf '$Work'" EXIT

# Transmogrify inputs into hex bytes only
sed -e 's|[\t\r\v\f ][\t\r\v\f ]*| |g' \
    -e '/^[#;]/ d' \
    -e 's|^ *| |; s| *$||' \
    -e 's| 00*\([0-9A-Fa-f][0-9A-Fa-f]\)| \1|g' \
    "$@" | sort -g > "$Work/input" || exit 1

# Reformat to 'HH HH HH HH HH HH HH HH = HH HH HH HH HH HH HH HH'
awk '(NF >= 15) {
        challenge = $1 " " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8
        response = $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16
        if (challenge in known) {
            if (known[challenge] != response) {
                printf "Warning: Challenge %s has conflicting responses %s and %s!\n", challenge, known[challenge], response > "/dev/stderr"
            }
        } else {
            known[challenge] = response
            printf "%s = %s\n", challenge, response
        }
     }' < "$Work/input" | sort -n > "$Work/bytes" || exit 1

# Reformat to 'HHHH HHHH HHHH HHHH = HHHH HHHH HHHH HHHH'
awk '(NF >= 16) {
        printf "%s%s %s%s %s%s %s%s = %s%s %s%s %s%s %s%s\n", $2,$1, $4,$3, $6,$5, $8,$7,  $11,$10, $13,$12, $15,$14, $17,$16
     }' < "$Work/bytes" | sort -n > "$Work/words"

# Ensure the first challenge is all ones.
first=($(sed -ne '1 p' "$Work/words"))
if [ "${first[0]}:${first[1]}:${first[2]}:${first[3]}" != "0000:0000:0000:0000" ]; then
    printf 'There is no response for a zero challenge in the input dataset!\n' >&2
    exit 1
else
    zero1="${first[5]}"
    zero2="${first[6]}"
    zero3="${first[7]}"
    zero4="${first[8]}"
fi

# Generate known.h
(
    sed -ne 's|^        ||p; s|^ *$||p' <<'    END'
        // SPDX-License-Identifier: CC0-1.0
        #ifndef   KNOWN_H
        #define   KNOWN_H
        #include <stdint.h>

        /* DO NOT MODIFY!
         *
         * This file is autogenerated by gen.sh script.
        */

        #ifdef   HELPER_FUNC
        #define  KNOWN_HELPER  HELPER_FUNC
        #else
        #define  KNOWN_HELPER  __attribute__((__unused__)) static
        #endif

        // String returned by format_()  functions if the buffer is too short.
        static const char  BUFFER_TOO_SHORT[] = "...";

        // Hexadecimal digits
        static const char  hex_digit[16] = {
            '0', '1', '2', '3', '4', '5', '6', '7',
            '8', '9', 'A', 'B', 'C', 'D', 'E', 'F',
        };

        // Challenge or response token.
        typedef struct {
            union {
                uint64_t    val;
                uint64_t    u64[1];
                uint32_t    u32[2];
                uint16_t    u16[4];
                uint8_t     u8[8];
                char        c[8];
            };
        } token;

        static const struct {
            union {
                const uint64_t  cval;
                const token     c;
                const uint64_t  c64[1];
                const uint32_t  c32[2];
                const uint16_t  c16[4];
                const uint8_t   c8[8];
                const char      cc[8];
            };
            union {
                const uint64_t  rval;
                const token     r;
                const uint64_t  r64[1];
                const uint32_t  r32[2];
                const uint16_t  r16[4];
                const uint8_t   r8[8];
                const char      rc[8];
            };
        } known[] = {
            // First dataset corresponds to the zero challenge.
    END

    # Zero challenge.
    printf '    { .c16 = { 0x0000, 0x0000, 0x0000, 0x0000 }, .r16 = { 0x%s, 0x%s, 0x%s, 0x%s } },\n' $zero1 $zero2 $zero3 $zero4

    # All other challenges.
    awk '($1 != "0000" || $2 != "0000" || $3 != "0000" || $4 != "0000") {
            printf "    { .c16 = { 0x%s, 0x%s, 0x%s, 0x%s }, .r16 = { 0x%s, 0x%s, 0x%s, 0x%s } },\n", $1, $2, $3, $4, $6, $7, $8, $9
         }' "$Work/words" | sort -n -k 5

    sed -ne 's|^        ||p; s|^ *$||p' <<'    END'
        };
        #undef   knowns
        #define  knowns  (sizeof known / sizeof known[0])

        // Return the index of the matching challenge, or -1 if not found.
        KNOWN_HELPER int  index_of_challenge(const token c)
        {
            int  k = knowns;
            while (k-->0)
                if (known[k].cval == c.val)
                    return k;
            return -1;
        }

        // Return the index of the matching response, or -1 if not found.
        KNOWN_HELPER int  index_of_response(const token r)
        {
            int  k = knowns;
            while (k-->0)
                if (known[k].rval == r.val)
                    return k;
            return -1;
        }

        // Return 1 if the specified challenge matches the response,
        //        0 if the challenge does not match the response or vice versa,
        //       -1 if the specified challenge and response are unknown
        KNOWN_HELPER int  verify_challenge_response(const token c, const token r)
        {
            int  k = knowns;
            while (k-->0) {
                if (known[k].cval == c.val) {
                    return (known[k].rval == r.val);
                } else
                if (known[k].rval == r.val) {
                    return 0;
                }
            }
            return -1;
        }

        // Format token t as binary bytes into n-character buffer b.
        KNOWN_HELPER const char *format_bin8(char *const b, const size_t n, const token t)
        {
            char  *p = b;

            // Eight items, each eight characters plus delimiter (space or NUL)
            if (n < 8*(8+1))
                return BUFFER_TOO_SHORT;

            for (int i = 0; i < 8; i++) {
                if (i)
                    *(p++) = ' ';

                for (unsigned int m = 0x80; m != 0; m >>= 1)
                    *(p++) = '0' + !!(t.u8[i] & m);
            }

            *p = '\0';
            return (const char *)b;
        }

        // Format token t as hexadecimal bytes into n-character buffer b.
        KNOWN_HELPER const char *format_hex8(char *const b, const size_t n, const token t)
        {
            char  *p = b;

            // Eight items, each two characters plus delimiter (space or NUL)
            if (n < 8*(2+1))
                return BUFFER_TOO_SHORT;

            for (int i = 0; i < 8; i++) {
                if (i)
                    *(p++) = ' ';

                *(p++) = hex_digit[ (t.u8[i] >> 4) & 15 ];
                *(p++) = hex_digit[  t.u8[i]       & 15 ];
            }

            *p = '\0';
            return (const char *)b;
        }

        // Format token t as binary 16-bit words into n-character buffer b.
        KNOWN_HELPER const char *format_bin16(char *const b, const size_t n, const token t)
        {
            char  *p = b;

            // Four items, each sixteen characters plus delimiter (space or NUL)
            if (n < 4*(16+1))
                return BUFFER_TOO_SHORT;

            for (int i = 0; i < 4; i++) {
                if (i)
                    *(p++) = ' ';

                for (unsigned int m = 0x8000; m != 0; m >>= 1)
                    *(p++) = '0' + !!(t.u16[i] & m);
            }

            *p = '\0';
            return (const char *)b;
        }

        // Format token t as hexadecimal 16-bit words into n-character buffer b.
        KNOWN_HELPER const char *format_hex16(char *const b, const size_t n, const token t)
        {
            char  *p = b;

            // Four items, each four characters plus delimiter (space or NUL)
            if (n < 4*(4+1))
                return BUFFER_TOO_SHORT;

            for (int i = 0; i < 4; i++) {
                if (i)
                    *(p++) = ' ';

                *(p++) = hex_digit[ (t.u16[i] >> 12) & 15 ];
                *(p++) = hex_digit[ (t.u16[i] >>  8) & 15 ];
                *(p++) = hex_digit[ (t.u16[i] >>  4) & 15 ];
                *(p++) = hex_digit[  t.u16[i]        & 15 ];
            }

            *p = '\0';
            return (const char *)b;
        }

        #undef   KNOWN_HELPER

        #endif /* KNOWN_H */
    END
) > "known.h" || exit 1
printf 'Generated "known.h" successfully.\n' >&2

cat "$Work/bytes" > "bytes.txt" || exit 1
printf 'Generated "bytes.txt" successfully.\n' >&2

cat "$Work/words" > "words.txt" || exit 1
printf 'Generated "words.txt" successfully.\n' >&2

awk -v z1=$[0x$zero1] -v z2=$[0x$zero2] -v z3=$[0x$zero3] -v z4=$[0x$zero4] \
    -v outadd="$Work/words-add" \
    -v outsub="$Work/words-sub" \
    -v outxor="$Work/words-xor" \
   'function unadd(v_, z_) { return sprintf("%04X", and(65536 + strtonum("0x" v_) - z_, 65535)) }
    function unsub(v_, z_) { return sprintf("%04X", and(65536 - strtonum("0x" v_) + z_, 65535)) }
    function unxor(v_, z_) { return sprintf("%04X", and(xor(strtonum("0x" v_), z_), 65535)) }

    function binary(h_) {
        r_ = ""
        v_ = and(65535, int(strtonum("0x" h_)))
        for (i_ = 0; i_ < 16; i_++) {
            r_ = and(v_, 1) r_
            v_ = int(v_ / 2)
        }
        return r_
    }

    {
        a1 = unadd($6, z1) ; a2 = unadd($7, z2) ; a3 = unadd($8, z3) ; a4 = unadd($9, z4)
        s1 = unsub($6, z1) ; s2 = unsub($7, z2) ; s3 = unsub($8, z3) ; s4 = unsub($9, z4)
        x1 = unxor($6, z1) ; x2 = unxor($7, z2) ; x3 = unxor($8, z3) ; x4 = unxor($9, z4)
        printf "%s %s %s %s + %s %s %s %s : %s %s %s %s + %s %s %s %s\n", $1, $2, $3, $4, a1, a2, a3, a4, binary($1), binary($2), binary($3), binary($4), binary(a1), binary(a2), binary(a3), binary(a4) >> outadd
        printf "%s %s %s %s - %s %s %s %s : %s %s %s %s - %s %s %s %s\n", $1, $2, $3, $4, s1, s2, s3, s4, binary($1), binary($2), binary($3), binary($4), binary(s1), binary(s2), binary(s3), binary(s4) >> outsub
        printf "%s %s %s %s ^ %s %s %s %s : %s %s %s %s ^ %s %s %s %s\n", $1, $2, $3, $4, x1, x2, x3, x4, binary($1), binary($2), binary($3), binary($4), binary(x1), binary(x2), binary(x3), binary(x4) >> outxor
    }' < "$Work/words" || exit 1

for name in add sub xor ; do
    cat "$Work/words-$name" > "words-$name.txt" || exit 1
    printf 'Generated "%s" successfully.\n' "words-$name.txt" >&2
done


(Let me know if you'd prefer to see that in Python or C instead.)
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #30 on: November 03, 2023, 10:21:24 am »
Thank you very much for these valuable guidelines! Although i'm not a Linux/WSL user, but i think i'll handle it. At least i'll gain some new experience ;)
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #31 on: November 04, 2023, 07:48:01 pm »
You have probably noticed this yourself, but when looking at the challenge & response in terms of 16-bit words (0, 1, 2, and 3) rather than bytes, there are also sum/difference patterns. As before, this is omitting some longer patterns that don't reveal anything more, as they can be derived from the shorter ones:

Code: [Select]
RW0 = +RW1+CW0-CW1
RW1 = +RW0+CW1-CW0
RW2 = +RW3+CW2-CW3
RW3 = +RW2+CW3-CW2

I don't know what to make of the dominance of low-order zeroes in the challenge words. My initial thought was that this could be due to multiplying "something" by the challenge words, but that did not get me anywhere. So far I don't see any pattern there at all.

Perhaps shifting a single bit through each of the challenge words while keeping the low order bit 1 will show something. In terms of your byte input, something like these challenges:

Code: [Select]
01 00 00 00 00 00 00 00
01 80 00 00 00 00 00 00
01 40 00 00 00 00 00 00
01 20 00 00 00 00 00 00
01 10 00 00 00 00 00 00
01 08 00 00 00 00 00 00
01 04 00 00 00 00 00 00
01 02 00 00 00 00 00 00
01 01 00 00 00 00 00 00
81 00 00 00 00 00 00 00
41 00 00 00 00 00 00 00
21 00 00 00 00 00 00 00
11 00 00 00 00 00 00 00
09 00 00 00 00 00 00 00
05 00 00 00 00 00 00 00
03 00 00 00 00 00 00 00

00 00 01 00 00 00 00 00
00 00 01 80 00 00 00 00
00 00 01 40 00 00 00 00
00 00 01 20 00 00 00 00
...
00 00 00 00 00 00 09 00
00 00 00 00 00 00 05 00
00 00 00 00 00 00 03 00

I'm wondering whether there could be some "real" crypto going on there, which is going to be near impossible to guess, but with some poor rearrangement/expansion happening afterwards leading to the clear patterns that are evident.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #32 on: November 05, 2023, 05:11:11 am »
Ozcar's point that Rw1=Rw2+Cw1-Cw2, Rw2=Rw1+Cw2-Cw1, Rw3=Rw4+Cw3-Cw4, and Rw4=Rw3+Cw4-Rw3, is correct for all challenge-response pairs I have.
I think this is a key observation here.  Another way to put this is Rw1 - Cw1 = Rw2 - Cw2 and Rw3 - Cw3 = Rw4 - Cw4, for each challenge.

It does mean that only the first and third result words, Rw1 and Rw3, have meaningful information, because
    Rw2 = Rw1 - Cw1 + Cw2
    Rw4 = Rw3 - Cw3 + Cw4

One way to describe the algorithm we see is
    Rw1 = Hw12(Cw1, Cw2) + Aw34(Cw3, Cw4) + Cw1 + C6EA
    Rw2 = Hw12(Cw1, Cw2) + Aw34(Cw3, Cw4) + Cw2 + C6EA = Rw1 - Cw1 + Cw2
    Rw3 = Hw34(Cw3, Cw4) + Aw12(Cw1, Cw2) + Cw3 + E64C
    Rw4 = Hw34(Cw3, Cw4) + Aw12(Cw1, Cw2) + Cw4 + E64C = Rw3 - Cw3 + Cw4
where all four functions are associative:
    Hw12(A, B) = Hw12(B, A)
    Hw34(A, B) = Hw34(B, A)
    Aw12(A, B) = Aw12(B, A)
    Aw34(A, N) = Aw34(B, A)
and zero when both arguments are zero,
    Hw12(0, 0) = 0
    Aw12(0, 0) = 0
and if (A|B) has N least significant bits zero, then Hw12(A, B) and Hw34(A, B) have N least significant bits zero as well.

This means this is a hash algorithm, not encryption; many possible sources hash to the same result values, because the four functions above yield 16-bit results.  (Thus far, all Hw12(X,0) and Hw34(X,0) values I know are even.  That is, if X has N least significant bits zero, Hw12(X,0) and Hw34(X,0) have N+1 least significant bits zero.)

(Essentially, Hw12(A, B) and Hw34(A, B) map (2¹⁶)(1+2¹⁶)/2 = 2,147,516,416 distinct inputs, 0 <= A <= 255, 0 <= B <= A, to 65536 outputs.
If each request-response pair took 1 millisecond to obtain –– 1000 pairs per second ––, each of the functions would take 25 days to fully map.)

For the 65536 challenge-response pairs
    xx yy 00 00 00 00 00 0 0= zz ww ?? ?? ?? ?? ?? ??
or equivalent pairs (only differing at ??)
    00 00 xx yy 00 00 00 00 = ?? ?? zz ww ?? ?? ?? ??
we have
    Hw12(yyxx, 0) = Hw12(0, yyxx) = wwzz - yyxx - C6EA

Similarly, for the 65536 challenge-response pairs
    00 00 00 00 xx yy 00 00 = ?? ?? ?? ?? zz ww ?? ??
or equivalent pairs (only differing at ??)
    00 00 00 00 00 00 xx yy = ?? ?? ?? ?? ?? ?? zz ww
we have
    Hw34(yyxx, 0) = Hw34(0, yyxx) = wwzz - yyxx - E64C

@twizzter, would it be possible to get all responses for the 256×256 = 65536 challenges of form
    xx yy 00 00 00 00 00 00
as these should provide enough information to crack Hw12()?
It is a lot, I know.  How long does it take to get each challenge-response pair?
« Last Edit: November 05, 2023, 05:52:19 am by Nominal Animal »
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #33 on: November 05, 2023, 06:16:47 am »
I don't know what to make of the dominance of low-order zeroes in the challenge words. My initial thought was that this could be due to multiplying "something" by the challenge words, but that did not get me anywhere. So far I don't see any pattern there at all.
We know it is not a simple multiplication, because the number of leading zeroes changes the actual pattern; it does not just shift it:
Code: [Select]
Cw1  Rw1              Cw1            Rw1-C6EA             Rw1-C6EA-Cw1
0001 83DD  0000000000000001    1011'1100'1111'0011    1011'1100'1111'0010
0002 F2E8   000000000000001 0   001'0101'1111'1111 0   001'0101'1111'1110 0
0004 4CC6    00000000000001 00   10'0001'0111'0111 00   10'0001'0111'0110 00
0008 4582     0000000000001 000   0'1111'1101'0011 000   0'1111'1101'0010 000
0010 F9DA      000000000001 0000    0011'0010'1111 0000    0011'0010'1110 0000
0020 5ECA       00000000001 00000    100'1011'1111 00000    100'1011'1110 00000
0040 9EAA        0000000001 000000    11'0101'1111 000000    11'0101'1110 000000
0080 486A         000000001 0000000    1'0000'0011 0000000    1'0000'0010 0000000
0100 2DEA          00000001 00000000     0110'0111 00000000     0110'0110 00000000
0200 E4EA           0000001 000000000     000'1111 000000000     000'1110 000000000
0400 02EA            000001 0000000000     00'1111 0000000000     00'1110 0000000000
0800 BEEA             00001 00000000000     1'1111 00000000000     1'1110 00000000000
1000 36EA              0001 000000000000      0111 000000000000      0110 000000000000
2000 26EA               001 0000000000000      011 0000000000000      010 0000000000000
4000 86EA                01 00000000000000      11 00000000000000      10 00000000000000
8000 46EA                 1 000000000000000      1 000000000000000      0 000000000000000
and similarly the entire pattern changes depending on the number of leading ones:
Code: [Select]
Cw1  Rw1                          Cw1                 Rw1-C6EA             Rw1-C6EA-Cw1
8000 46EA                 1 000000000000000      1 000000000000000      0 000000000000000
C000 06EA                11 00000000000000      01 00000000000000      10 00000000000000
E000 66EA               111 0000000000000      101 0000000000000      110 0000000000000
F000 D6EA              1111 000000000000      0001 000000000000      0010 000000000000
F800 CEEA             11111 00000000000     0'0001 00000000000     0'0010 00000000000
FC00 0AEA            111111 0000000000     01'0001 0000000000     01'0010 0000000000
FE00 08EA           1111111 000000000     010'0001 000000000     010'0010 000000000
FF00 2FEA          11111111 00000000     0110'1001 00000000     0110'1010 00000000
FF80 D16A         111111111 0000000    0'0001'0101 0000000    0'0001'0110 0000000
FFC0 DD2A        1111111111 000000    00'0101'1001 000000    00'0101'1010 000000
FFE0 3F0A       11111111111 00000    011'1100'0001 00000    011'1100'0010 00000
FFF0 EDFA      111111111111 0000    0010'0111'0001 0000    0010'0111'0010 0000
FFF8 DF92     1111111111111 000   0'0011'0001'0101 000   0'0011'0001'0110 000
FFFC 4D2E    11111111111111 00   10'0001'1001'0001 00   10'0001'1001'0010 00
FFFE A90C   111111111111111 0   111'0001'0001'0001 0   111'0001'0001'0010 0
FFFF 310F  1111111111111111    0110'1010'0010'0101    0110'1010'0010'0110
At this point, I suspect we'll need a lot more responses for challenges
    xx yy 00 00 00 00 00 00
to be able to discover more.  If we had all 65536 of them, we could do shenanigans.
Even if the function cannot be discovered, with 131,072 bytes of Flash, one can just store the function as a look-up table.

The other set needed would be
    00 00 00 00 xx yy 00 00
so that the other hash function (used for Cw3 and Cw4) could be similarly properly explored.
Currently, we only have 58 of each of those patterns in dump1.txt (from reply #25) and dump2.txt (from reply #28).
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #34 on: November 05, 2023, 09:03:15 am »
How long does it take to get each challenge-response pair?
That might be a problem here.
While the response calculation time is very short, the board allows only one challenge query after ignition. Therefore i need to reset the PIC after each operation.
The board's startup takes about one second before it's ready to communicate.
 

Online ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #35 on: November 05, 2023, 10:22:57 pm »
There being more than 0xffff seconds in a day, if your MCU could pull the PIC /MCLR down, or perhaps reset it by cutting power to it off, then you might be able to spin through all possibilities for a 16-bit challenge word in a day or so.

However has it been established how big lookup table results can be combined? Say for example, how do you go from knowing the first two of these to the third?

Code: [Select]
ffff 0000 0000 0000  310f 3110 1315 1315
0000 0000 ffff 0000  1255 1255 495f 4960
ffff 0000 ffff 0000  f9d2 f9d3 9e0c 9e0d
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #36 on: November 06, 2023, 06:33:06 am »
However has it been established how big lookup table results can be combined?
No.

I also discovered by examining challenges 'xx yy 00 00 00 00 00 00', '00 00 00 00 xx yy 00 00', and 'xx yy 00 00 xx yy 00 00' for yyxx in 8000 C000 E000 F000 F800 FC00 FE00 FF00 ... FFF0 FFF8 FFFC FFFE, that the hash function cannot described as an addition between the two functions; the mixing step is more complicated.

It is possible that a mask is constructed from each challenge word, using
    Mw = Cw1 | Cw2 | Cw3 | Cw4
    Mw = Mw | (Mw << 1) | (Mw << 2) | ... | (Mw << 14) | (Mw << 15)
so that all bits above the least significant set bits are always set in the mask.  The result words would be calculated using three cryptographic hash functions S(A,B), H(A,B), and G(A, B) via
    Rw1 = 0xC6EA + Cw1 + (Mw & S(H(Cw1, Cw2), G(Cw3, Cw4)))
    Rw2 = 0xC6EA + Cw2 + (Mw & S(H(Cw1, Cw2), G(Cw3, Cw4))) = Rw1 - Cw1 + Cw2
    Rw3 = 0xE64C + Cw3 + (Mw & S(H(Cw3, Cw4), G(Cw1, Cw2)))
    Rw3 = 0xE64C + Cw4 + (Mw & S(H(Cw3, Cw4), G(Cw1, Cw2))) = Rw3 - Cw3 + Cw4
The use of such a mask would be extremely odd, because it only weakens the security of the system.  It really is a hash function that takes 64 bit input and yields a 32-bit output.

We do know that H() is associative: H(A,B) = H(B,A).  We also know that H() is not a simple addition, subtraction, or exclusive-OR of its arguments.  We do not have enough challenge-response pairs to tell if H(A,B) is actually H(A+B) or H(A^B), i.e. really a 16-bit to 16-bit function.
« Last Edit: November 06, 2023, 08:28:26 am by Nominal Animal »
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #37 on: November 06, 2023, 08:27:59 am »
The information in each challenge-response pairs (as bytes)
    C1 C2 C3 C4 C5 C6 C7R1 R2 R3 R4 R5 R6 R7 R8
can be described as four 16-bit challenge and response words,
    C2C1 C4C3 C6C5 C8C7R2R1 R4R3 R6R5 R8R7
but the response itself only contains 32 bits of meaningful information,
    Rw12 = R2R1 - C2C1 - 0xC6EA = R4R3 - C4C3 - 0xC6EA
    Rw34 = R6R5 - C6C5 - 0xE64C = R8R7 - C8C7 - 0xE64C
and the other 32 bits (interleaved) is just superfluous information.

This is why I call this a 64-bit hash function with a 32-bit result.

Converting to this form, the current dataset we have is attached as dataset-12.txt (in hexadecimal and in binary).

We can derive key observations from the following patterns:
Code: [Select]
C2C1 C4C3 C6C5 C8C7 │ Rw12 Rw34 ║    C2        C1          C4        C3          C6        C5          C8        C7     │        Rw12                  Rw34
════════════════════╪═══════════╬═══════════════════════════════════════════════════════════════════════════════════════╪═══════════════════════════════════════════
0000 0000 0000 0000 │ 0000 0000 ║ 0000'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000 │ 0000'0000 0000'0000   0000'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFFF 0000 FFFF 0000 │ 32E9 B7C1 ║ 1111'1111 1111'1111   0000'0000 0000'0000   1111'1111 1111'1111   0000'0000 0000'0000 │ 0011'0010 1110'1001   1011'0111 1100'0001
0000 FFFF 0000 FFFF │ 32E9 B7C1 ║ 0000'0000 0000'0000   1111'1111 1111'1111   0000'0000 0000'0000   1111'1111 1111'1111 │ 0011'0010 1110'1001   1011'0111 1100'0001
FFFF 0000 0000 FFFF │ 32E9 B7C1 ║ 1111'1111 1111'1111   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'1111 │ 0011'0010 1110'1001   1011'0111 1100'0001
0000 FFFF FFFF 0000 │ 32E9 B7C1 ║ 0000'0000 0000'0000   1111'1111 1111'1111   1111'1111 1111'1111   0000'0000 0000'0000 │ 0011'0010 1110'1001   1011'0111 1100'0001
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
8000 0000 8000 0000 │ 8000 8000 ║ 1000'0000 0000'0000   0000'0000 0000'0000   1000'0000 0000'0000   0000'0000 0000'0000 │ 1000'0000 0000'0000   1000'0000 0000'0000
0000 8000 0000 8000 │ 8000 8000 ║ 0000'0000 0000'0000   1000'0000 0000'0000   0000'0000 0000'0000   1000'0000 0000'0000 │ 1000'0000 0000'0000   1000'0000 0000'0000
8000 0000 0000 8000 │ 8000 8000 ║ 1000'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1000'0000 0000'0000 │ 1000'0000 0000'0000   1000'0000 0000'0000
0000 8000 8000 0000 │ 8000 8000 ║ 0000'0000 0000'0000   1000'0000 0000'0000   1000'0000 0000'0000   0000'0000 0000'0000 │ 1000'0000 0000'0000   1000'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
C000 0000 C000 0000 │ 4000 C000 ║ 1100'0000 0000'0000   0000'0000 0000'0000   1100'0000 0000'0000   0000'0000 0000'0000 │ 0100'0000 0000'0000   1100'0000 0000'0000
0000 C000 0000 C000 │ 4000 C000 ║ 0000'0000 0000'0000   1100'0000 0000'0000   0000'0000 0000'0000   1100'0000 0000'0000 │ 0100'0000 0000'0000   1100'0000 0000'0000
C000 0000 0000 C000 │ 4000 C000 ║ 1100'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1100'0000 0000'0000 │ 0100'0000 0000'0000   1100'0000 0000'0000
0000 C000 C000 0000 │ 4000 C000 ║ 0000'0000 0000'0000   1100'0000 0000'0000   1100'0000 0000'0000   0000'0000 0000'0000 │ 0100'0000 0000'0000   1100'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
E000 0000 E000 0000 │ 2000 E000 ║ 1110'0000 0000'0000   0000'0000 0000'0000   1110'0000 0000'0000   0000'0000 0000'0000 │ 0010'0000 0000'0000   1110'0000 0000'0000
0000 E000 0000 E000 │ 2000 E000 ║ 0000'0000 0000'0000   1110'0000 0000'0000   0000'0000 0000'0000   1110'0000 0000'0000 │ 0010'0000 0000'0000   1110'0000 0000'0000
E000 0000 0000 E000 │ 2000 E000 ║ 1110'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1110'0000 0000'0000 │ 0010'0000 0000'0000   1110'0000 0000'0000
0000 E000 E000 0000 │ 2000 E000 ║ 0000'0000 0000'0000   1110'0000 0000'0000   1110'0000 0000'0000   0000'0000 0000'0000 │ 0010'0000 0000'0000   1110'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
F000 0000 F000 0000 │ 5000 9000 ║ 1111'0000 0000'0000   0000'0000 0000'0000   1111'0000 0000'0000   0000'0000 0000'0000 │ 0101'0000 0000'0000   1001'0000 0000'0000
0000 F000 0000 F000 │ 5000 9000 ║ 0000'0000 0000'0000   1111'0000 0000'0000   0000'0000 0000'0000   1111'0000 0000'0000 │ 0101'0000 0000'0000   1001'0000 0000'0000
F000 0000 0000 F000 │ 5000 9000 ║ 1111'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'0000 0000'0000 │ 0101'0000 0000'0000   1001'0000 0000'0000
0000 F000 F000 0000 │ 5000 9000 ║ 0000'0000 0000'0000   1111'0000 0000'0000   1111'0000 0000'0000   0000'0000 0000'0000 │ 0101'0000 0000'0000   1001'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
F800 0000 F800 0000 │ B800 A800 ║ 1111'1000 0000'0000   0000'0000 0000'0000   1111'1000 0000'0000   0000'0000 0000'0000 │ 1011'1000 0000'0000   1010'1000 0000'0000
0000 F800 0000 F800 │ B800 A800 ║ 0000'0000 0000'0000   1111'1000 0000'0000   0000'0000 0000'0000   1111'1000 0000'0000 │ 1011'1000 0000'0000   1010'1000 0000'0000
F800 0000 0000 F800 │ B800 A800 ║ 1111'1000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1000 0000'0000 │ 1011'1000 0000'0000   1010'1000 0000'0000
0000 F800 F800 0000 │ B800 A800 ║ 0000'0000 0000'0000   1111'1000 0000'0000   1111'1000 0000'0000   0000'0000 0000'0000 │ 1011'1000 0000'0000   1010'1000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FC00 0000 FC00 0000 │ B400 4C00 ║ 1111'1100 0000'0000   0000'0000 0000'0000   1111'1100 0000'0000   0000'0000 0000'0000 │ 1011'0100 0000'0000   0100'1100 0000'0000
0000 FC00 0000 FC00 │ B400 4C00 ║ 0000'0000 0000'0000   1111'1100 0000'0000   0000'0000 0000'0000   1111'1100 0000'0000 │ 1011'0100 0000'0000   0100'1100 0000'0000
FC00 0000 0000 FC00 │ B400 4C00 ║ 1111'1100 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1100 0000'0000 │ 1011'0100 0000'0000   0100'1100 0000'0000
0000 FC00 FC00 0000 │ B400 4C00 ║ 0000'0000 0000'0000   1111'1100 0000'0000   1111'1100 0000'0000   0000'0000 0000'0000 │ 1011'0100 0000'0000   0100'1100 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FE00 0000 FE00 0000 │ BE00 DE00 ║ 1111'1110 0000'0000   0000'0000 0000'0000   1111'1110 0000'0000   0000'0000 0000'0000 │ 1011'1110 0000'0000   1101'1110 0000'0000
0000 FE00 0000 FE00 │ BE00 DE00 ║ 0000'0000 0000'0000   1111'1110 0000'0000   0000'0000 0000'0000   1111'1110 0000'0000 │ 1011'1110 0000'0000   1101'1110 0000'0000
FE00 0000 0000 FE00 │ BE00 DE00 ║ 1111'1110 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1110 0000'0000 │ 1011'1110 0000'0000   1101'1110 0000'0000
0000 FE00 FE00 0000 │ BE00 DE00 ║ 0000'0000 0000'0000   1111'1110 0000'0000   1111'1110 0000'0000   0000'0000 0000'0000 │ 1011'1110 0000'0000   1101'1110 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FF00 0000 FF00 0000 │ 0D00 6D00 ║ 1111'1111 0000'0000   0000'0000 0000'0000   1111'1111 0000'0000   0000'0000 0000'0000 │ 0000'1101 0000'0000   0110'1101 0000'0000
0000 FF00 0000 FF00 │ 0D00 6D00 ║ 0000'0000 0000'0000   1111'1111 0000'0000   0000'0000 0000'0000   1111'1111 0000'0000 │ 0000'1101 0000'0000   0110'1101 0000'0000
FF00 0000 0000 FF00 │ 0D00 6D00 ║ 1111'1111 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 0000'0000 │ 0000'1101 0000'0000   0110'1101 0000'0000
0000 FF00 FF00 0000 │ 0D00 6D00 ║ 0000'0000 0000'0000   1111'1111 0000'0000   1111'1111 0000'0000   0000'0000 0000'0000 │ 0000'1101 0000'0000   0110'1101 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FF80 0000 FF80 0000 │ 0480 F580 ║ 1111'1111 1000'0000   0000'0000 0000'0000   1111'1111 1000'0000   0000'0000 0000'0000 │ 0000'0100 1000'0000   1111'0101 1000'0000
0000 FF80 0000 FF80 │ 0480 F580 ║ 0000'0000 0000'0000   1111'1111 1000'0000   0000'0000 0000'0000   1111'1111 1000'0000 │ 0000'0100 1000'0000   1111'0101 1000'0000
FF80 0000 0000 FF80 │ 0480 F580 ║ 1111'1111 1000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1000'0000 │ 0000'0100 1000'0000   1111'0101 1000'0000
0000 FF80 FF80 0000 │ 0480 F580 ║ 0000'0000 0000'0000   1111'1111 1000'0000   1111'1111 1000'0000   0000'0000 0000'0000 │ 0000'0100 1000'0000   1111'0101 1000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFC0 0000 FFC0 0000 │ F8C0 6640 ║ 1111'1111 1100'0000   0000'0000 0000'0000   1111'1111 1100'0000   0000'0000 0000'0000 │ 1111'1000 1100'0000   0110'0110 0100'0000
0000 FFC0 0000 FFC0 │ F8C0 6640 ║ 0000'0000 0000'0000   1111'1111 1100'0000   0000'0000 0000'0000   1111'1111 1100'0000 │ 1111'1000 1100'0000   0110'0110 0100'0000
FFC0 0000 0000 FFC0 │ F8C0 6640 ║ 1111'1111 1100'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1100'0000 │ 1111'1000 1100'0000   0110'0110 0100'0000
0000 FFC0 FFC0 0000 │ F8C0 6640 ║ 0000'0000 0000'0000   1111'1111 1100'0000   1111'1111 1100'0000   0000'0000 0000'0000 │ 1111'1000 1100'0000   0110'0110 0100'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFE0 0000 FFE0 0000 │ D820 1620 ║ 1111'1111 1110'0000   0000'0000 0000'0000   1111'1111 1110'0000   0000'0000 0000'0000 │ 1101'1000 0010'0000   0001'0110 0010'0000
0000 FFE0 0000 FFE0 │ D820 1620 ║ 0000'0000 0000'0000   1111'1111 1110'0000   0000'0000 0000'0000   1111'1111 1110'0000 │ 1101'1000 0010'0000   0001'0110 0010'0000
FFE0 0000 0000 FFE0 │ D820 1620 ║ 1111'1111 1110'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1110'0000 │ 1101'1000 0010'0000   0001'0110 0010'0000
0000 FFE0 FFE0 0000 │ D820 1620 ║ 0000'0000 0000'0000   1111'1111 1110'0000   1111'1111 1110'0000   0000'0000 0000'0000 │ 1101'1000 0010'0000   0001'0110 0010'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFF0 0000 FFF0 0000 │ 7F70 9330 ║ 1111'1111 1111'0000   0000'0000 0000'0000   1111'1111 1111'0000   0000'0000 0000'0000 │ 0111'1111 0111'0000   1001'0011 0011'0000
0000 FFF0 0000 FFF0 │ 7F70 9330 ║ 0000'0000 0000'0000   1111'1111 1111'0000   0000'0000 0000'0000   1111'1111 1111'0000 │ 0111'1111 0111'0000   1001'0011 0011'0000
FFF0 0000 0000 FFF0 │ 7F70 9330 ║ 1111'1111 1111'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'0000 │ 0111'1111 0111'0000   1001'0011 0011'0000
0000 FFF0 FFF0 0000 │ 7F70 9330 ║ 0000'0000 0000'0000   1111'1111 1111'0000   1111'1111 1111'0000   0000'0000 0000'0000 │ 0111'1111 0111'0000   1001'0011 0011'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFF8 0000 FFF8 0000 │ 0BE8 E548 ║ 1111'1111 1111'1000   0000'0000 0000'0000   1111'1111 1111'1000   0000'0000 0000'0000 │ 0000'1011 1110'1000   1110'0101 0100'1000
0000 FFF8 0000 FFF8 │ 0BE8 E548 ║ 0000'0000 0000'0000   1111'1111 1111'1000   0000'0000 0000'0000   1111'1111 1111'1000 │ 0000'1011 1110'1000   1110'0101 0100'1000
FFF8 0000 0000 FFF8 │ 0BE8 E548 ║ 1111'1111 1111'1000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'1000 │ 0000'1011 1110'1000   1110'0101 0100'1000
0000 FFF8 FFF8 0000 │ 0BE8 E548 ║ 0000'0000 0000'0000   1111'1111 1111'1000   1111'1111 1111'1000   0000'0000 0000'0000 │ 0000'1011 1110'1000   1110'0101 0100'1000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFFC 0000 FFFC 0000 │ 756C 174C ║ 1111'1111 1111'1100   0000'0000 0000'0000   1111'1111 1111'1100   0000'0000 0000'0000 │ 0111'0101 0110'1100   0001'0111 0100'1100
0000 FFFC 0000 FFFC │ 756C 174C ║ 0000'0000 0000'0000   1111'1111 1111'1100   0000'0000 0000'0000   1111'1111 1111'1100 │ 0111'0101 0110'1100   0001'0111 0100'1100
FFFC 0000 0000 FFFC │ 756C 174C ║ 1111'1111 1111'1100   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'1100 │ 0111'0101 0110'1100   0001'0111 0100'1100
0000 FFFC FFFC 0000 │ 756C 174C ║ 0000'0000 0000'0000   1111'1111 1111'1100   1111'1111 1111'1100   0000'0000 0000'0000 │ 0111'0101 0110'1100   0001'0111 0100'1100
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFFE 0000 FFFE 0000 │ 3746 EA42 ║ 1111'1111 1111'1110   0000'0000 0000'0000   1111'1111 1111'1110   0000'0000 0000'0000 │ 0011'0111 0100'0110   1110'1010 0100'0010
0000 FFFE 0000 FFFE │ 3746 EA42 ║ 0000'0000 0000'0000   1111'1111 1111'1110   0000'0000 0000'0000   1111'1111 1111'1110 │ 0011'0111 0100'0110   1110'1010 0100'0010
FFFE 0000 0000 FFFE │ 3746 EA42 ║ 1111'1111 1111'1110   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'1110 │ 0011'0111 0100'0110   1110'1010 0100'0010
0000 FFFE FFFE 0000 │ 3746 EA42 ║ 0000'0000 0000'0000   1111'1111 1111'1110   1111'1111 1111'1110   0000'0000 0000'0000 │ 0011'0111 0100'0110   1110'1010 0100'0010

Because Rw12 and Rw34 are the same regardless of swapping C2C1C4C3 and C6C5C8C7, we can define the hash algorithm as
    Rw12 = Mw & S1(H1(C2C1, C4C3), G1(C6C5, C8C7))
    Rw34 = Mw & S2(H2(C6C5, C8C7), G2(C2C1, C4C3))
where H1(), H2(), S1(), S2(), G1(), and G2() are functions that take two 16-bit arguments, and return one 16-bit result, and Mw is a mask where all bits above the least significant bit set in any challenge word are set, i.e.
    M' = C2C1 | C4C3 | C6C5 | C8C7
    Mw = M' | (M'<<1) | (M'<<2) | ... | (M'<<14) | (M'<<15)
which is easy to generate even on a small PIC.  The actual responses are then constructed from Rw12 and Rw34,
    R2R1 = Rw12 + C2C1 + 0xC6EA
    R4R3 = Rw12 + C4C3 + 0xC6EA
    R6R5 = Rw34 + C6C5 + 0xE64C
    R8R7 = Rw34 + C8C7 + 0xE64C
which fulfills the symmetries and patterns we have thus far observed.  I have also verified that addition (+) and not exclusive-or matches the current dataset.  (Adding 0xC6EA is equivalent to substracting 0x3916, and adding 0xE64C is equivalent to substracting 0x19B4, using 16-bit modular (wraparound) arithmetic.)

Similarities indicate that the functions are very likely similar, for example only differing by some 16-bit seed value; i.e. that they all are actually just F(A, B, seed).

We do not yet know enough challenge-response pairs to determine if some/any of the functions are actually just 16-bit in, 16-bit out: Fn(A, B) = Fn(A B) for some arithmetic operator ⊕ like addition, subtraction, or exclusive-OR.  If it is, then patterns
    C1 C2 C3 C4 00 00 00 00
    C5 C6 00 00 00 00 00 00
will have the exact same response result Rw12 when
    C6C5 = C2C1 C4C3
and similarly for Rw34 when the leading four bytes of each challenge are zeroes.
If we find any pair where the responses differ, that immediately excludes that particular arithmetic operator ⊕, so C2C1 and C4C3 should have relatively random bit patterns, so we don't accidentally assume false proof based on other quirks of the functions.

Here are a six such challenge sets for addition, subtraction, xor, and or each, in case twizzter could work these through:
Code: [Select]
48 1D 09 B8 00 00 00 00 # 0x1D48 + 0xB809 = 0xD551
51 D5 00 00 00 00 00 00
00 00 00 00 48 1D 09 B8
00 00 00 00 51 D5 00 00
BB 24 B1 40 00 00 00 00 # 0x24BB + 0x40B1 = 0x656C
6C 65 00 00 00 00 00 00
00 00 00 00 BB 24 B1 40
00 00 00 00 6C 65 00 00
2D 91 3E DD 00 00 00 00 # 0x912D + 0xDD3E = 0x6E6B
6B 6E 00 00 00 00 00 00
00 00 00 00 2D 91 3E DD
00 00 00 00 6B 6E 00 00
D6 90 DE 46 00 00 00 00 # 0x90D6 + 0x46DE = 0xD7B4
B4 D7 00 00 00 00 00 00
00 00 00 00 D6 90 DE 46
00 00 00 00 B4 D7 00 00
38 85 74 D4 00 00 00 00 # 0x8538 + 0xD474 = 0x59AC
AC 59 00 00 00 00 00 00
00 00 00 00 38 85 74 D4
00 00 00 00 AC 59 00 00
8A BA 64 FD 00 00 00 00 # 0xBA8A + 0xFD64 = 0xB7EE
EE B7 00 00 00 00 00 00
00 00 00 00 8A BA 64 FD
00 00 00 00 EE B7 00 00
14 91 B3 D2 00 00 00 00 # 0x9114 - 0xD2B3 = 0xBE61
61 BE 00 00 00 00 00 00
00 00 00 00 14 91 B3 D2
00 00 00 00 61 BE 00 00
35 97 20 9C 00 00 00 00 # 0x9735 - 0x9C20 = 0xFB15
15 FB 00 00 00 00 00 00
00 00 00 00 35 97 20 9C
00 00 00 00 15 FB 00 00
AA 48 3C DB 00 00 00 00 # 0x48AA - 0xDB3C = 0x6D6E
6E 6D 00 00 00 00 00 00
00 00 00 00 AA 48 3C DB
00 00 00 00 6E 6D 00 00
75 5C AE 4B 00 00 00 00 # 0x5C75 - 0x4BAE = 0x10C7
C7 10 00 00 00 00 00 00
00 00 00 00 75 5C AE 4B
00 00 00 00 C7 10 00 00
25 29 85 CE 00 00 00 00 # 0x2925 - 0xCE85 = 0x5AA0
A0 5A 00 00 00 00 00 00
00 00 00 00 25 29 85 CE
00 00 00 00 A0 5A 00 00
DB 04 2F A8 00 00 00 00 # 0x04DB - 0xA82F = 0x5CAC
AC 5C 00 00 00 00 00 00
00 00 00 00 DB 04 2F A8
00 00 00 00 AC 5C 00 00
75 5F 54 E7 00 00 00 00 # 0x5F75 ^ 0xE754 = 0xB821
21 B8 00 00 00 00 00 00
00 00 00 00 75 5F 54 E7
00 00 00 00 21 B8 00 00
13 22 85 62 00 00 00 00 # 0x2213 ^ 0x6285 = 0x4096
96 40 00 00 00 00 00 00
00 00 00 00 13 22 85 62
00 00 00 00 96 40 00 00
9D 16 18 5F 00 00 00 00 # 0x169D ^ 0x5F18 = 0x4985
85 49 00 00 00 00 00 00
00 00 00 00 9D 16 18 5F
00 00 00 00 85 49 00 00
1A EC 65 91 00 00 00 00 # 0xEC1A ^ 0x9165 = 0x7D7F
7F 7D 00 00 00 00 00 00
00 00 00 00 1A EC 65 91
00 00 00 00 7F 7D 00 00
6D A2 CF 50 00 00 00 00 # 0xA26D ^ 0x50CF = 0xF2A2
A2 F2 00 00 00 00 00 00
00 00 00 00 6D A2 CF 50
00 00 00 00 A2 F2 00 00
F9 A2 45 FC 00 00 00 00 # 0xA2F9 ^ 0xFC45 = 0x5EBC
BC 5E 00 00 00 00 00 00
00 00 00 00 F9 A2 45 FC
00 00 00 00 BC 5E 00 00
AA 1F 52 23 00 00 00 00 # 0x1FAA | 0x2352 = 0x3FFA
FA 3F 00 00 00 00 00 00
00 00 00 00 AA 1F 52 23
00 00 00 00 FA 3F 00 00
B9 5F A1 21 00 00 00 00 # 0x5FB9 | 0x21A1 = 0x7FB9
B9 7F 00 00 00 00 00 00
00 00 00 00 B9 5F A1 21
00 00 00 00 B9 7F 00 00
E6 80 A5 66 00 00 00 00 # 0x80E6 | 0x66A5 = 0xE6E7
E7 E6 00 00 00 00 00 00
00 00 00 00 E6 80 A5 66
00 00 00 00 E7 E6 00 00
70 EA 2B B2 00 00 00 00 # 0xEA70 | 0xB22B = 0xFA7B
7B FA 00 00 00 00 00 00
00 00 00 00 70 EA 2B B2
00 00 00 00 7B FA 00 00
30 F0 3D A3 00 00 00 00 # 0xF030 | 0xA33D = 0xF33D
3D F3 00 00 00 00 00 00
00 00 00 00 30 F0 3D A3
00 00 00 00 3D F3 00 00
E5 82 50 7B 00 00 00 00 # 0x82E5 | 0x7B50 = 0xFBF5
F5 FB 00 00 00 00 00 00
00 00 00 00 E5 82 50 7B
00 00 00 00 F5 FB 00 00

Basically, this set is a fishing expedition: if it succeeds, we've discovered something that hugely simplifies the algorithm – but it might say no, too.
« Last Edit: November 06, 2023, 08:40:58 am by Nominal Animal »
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #38 on: November 06, 2023, 05:14:14 pm »
Here are a six such challenge sets for addition, subtraction, xor, and or each, in case twizzter could work these through:
[...]
Basically, this set is a fishing expedition: if it succeeds, we've discovered something that hugely simplifies the algorithm – but it might say no, too.
Little fishes (hopefully) below:
Code: [Select]
0048 001D 0009 00B8 0000 0000 0000 0000     0084 00C0 0045 005B 00AB 0095 00AB 0095
0051 00D5 0000 0000 0000 0000 0000 0000     008D 0063 003C 008E 004B 0007 004B 0007
0000 0000 0000 0000 0048 001D 0009 00B8     0063 00F3 0063 00F3 0030 00AE 00F1 0048
0000 0000 0000 0000 0051 00D5 0000 0000     0083 00D8 0083 00D8 0039 0028 00E8 0052
00BB 0024 00B1 0040 0000 0000 0000 0000     0015 0086 000B 00A2 0058 0050 0058 0050
006C 0065 0000 0000 0000 0000 0000 0000     003E 00BF 00D2 0059 0068 0099 0068 0099
0000 0000 0000 0000 00BB 0024 00B1 0040     00E2 0020 00E2 0020 006F 00E6 0065 0002
0000 0000 0000 0000 006C 0065 0000 0000     007E 00AF 007E 00AF 0038 00CF 00CC 0069
002D 0091 003E 00DD 0000 0000 0000 0000     0005 0033 0016 007F 0081 00F0 0081 00F0
006B 006E 0000 0000 0000 0000 0000 0000     00E3 00A8 0078 003A 00B1 002F 00B1 002F
0000 0000 0000 0000 002D 0091 003E 00DD     0079 003C 0079 003C 006D 00AF 007E 00FB
0000 0000 0000 0000 006B 006E 0000 0000     0089 003D 0089 003D 008B 0073 0020 0005
00D6 0090 00DE 0046 0000 0000 0000 0000     0018 0068 0020 001E 00F8 0073 00F8 0073
00B4 00D7 0000 0000 0000 0000 0000 0000     0096 0001 00E2 0029 0020 002F 0020 002F
0000 0000 0000 0000 00D6 0090 00DE 0046     00E6 005D 00E6 005D 00E2 00FE 00EA 00B4
0000 0000 0000 0000 00B4 00D7 0000 0000     0066 0077 0066 0077 00A0 002E 00EC 0056
0038 0085 0074 00D4 0000 0000 0000 0000     004A 0072 0086 00C1 00E8 00E3 00E8 00E3
00AC 0059 0000 0000 0000 0000 0000 0000     00FE 0092 0052 0039 0028 0081 0028 0081
0000 0000 0000 0000 0038 0085 0074 00D4     00DE 0065 00DE 0065 00C4 00D5 0000 0025
0000 0000 0000 0000 00AC 0059 0000 0000     003E 00B6 003E 00B6 0078 0008 00CC 00AE
008A 00BA 0064 00FD 0000 0000 0000 0000     0038 0075 0012 00B8 006E 00E3 006E 00E3
00EE 00B7 0000 0000 0000 0000 0000 0000     001C 0060 002E 00A8 003E 0068 003E 0068
0000 0000 0000 0000 008A 00BA 0064 00FD     009C 0051 009C 0051 009E 0021 0078 0064
0000 0000 0000 0000 00EE 00B7 0000 0000     000C 0069 000C 0069 00C2 00F4 00D4 003C
0014 0091 00B3 00D2 0000 0000 0000 0000     0074 0049 0013 008B 006D 00ED 006D 00ED
0061 00BE 0000 0000 0000 0000 0000 0000     007D 0071 001C 00B3 009B 008C 009B 008C
0000 0000 0000 0000 0014 0091 00B3 00D2     00FD 008B 00FD 008B 00D4 0028 0073 006A
0000 0000 0000 0000 0061 00BE 0000 0000     00B3 008E 00B3 008E 00C9 0082 0068 00C4
0035 0097 0020 009C 0000 0000 0000 0000     0089 0075 0074 007A 000F 0089 000F 0089
0015 00FB 0000 0000 0000 0000 0000 0000     00E9 006D 00D4 0072 004F 002A 004F 002A
0000 0000 0000 0000 0035 0097 0020 009C     004F 00AC 004F 00AC 009D 006D 0088 0072
0000 0000 0000 0000 0015 00FB 0000 0000     008F 00F8 008F 00F8 007D 0099 0068 009E
00AA 0048 003C 00DB 0000 0000 0000 0000     0048 002B 00DA 00BD 0056 0070 0056 0070
006E 006D 0000 0000 0000 0000 0000 0000     009C 00D0 002E 0063 00BE 001D 00BE 001D
0000 0000 0000 0000 00AA 0048 003C 00DB     00D4 0003 00D4 0003 005E 0042 00F0 00D4
0000 0000 0000 0000 006E 006D 0000 0000     008C 0062 008C 0062 0042 00AE 00D4 0040
0075 005C 00AE 004B 0000 0000 0000 0000     007D 00DF 00B6 00CE 00C9 006A 00C9 006A
00C7 0010 0000 0000 0000 0000 0000 0000     00A7 0025 00E0 0014 00AD 001A 00AD 001A
0000 0000 0000 0000 0075 005C 00AE 004B     0051 003E 0051 003E 00D5 00D1 000E 00C1
0000 0000 0000 0000 00C7 0010 0000 0000     003D 0082 003D 0082 0087 00BA 00C0 00A9
0025 0029 0085 00CE 0000 0000 0000 0000     0003 00AD 0063 0052 0002 0026 0002 0026
00A0 005A 0000 0000 0000 0000 0000 0000     004A 0002 00AA 00A7 00AC 00E0 00AC 00E0
0000 0000 0000 0000 0025 0029 0085 00CE     00D4 0081 00D4 0081 00C1 00D9 0021 007F
0000 0000 0000 0000 00A0 005A 0000 0000     000A 0033 000A 0033 00EC 0037 004C 00DD
00DB 0004 002F 00A8 0000 0000 0000 0000     0039 005E 008D 0001 00CA 00AB 00CA 00AB
00AC 005C 0000 0000 0000 0000 0000 0000     00FE 002F 0052 00D3 0028 0076 0028 0076
0000 0000 0000 0000 00DB 0004 002F 00A8     00C4 0082 00C4 0082 00F7 0057 004B 00FB
0000 0000 0000 0000 00AC 005C 0000 0000     003E 0065 003E 0065 0078 00A3 00CC 0046
0075 005F 0054 00E7 0000 0000 0000 0000     0041 0083 0020 000B 0083 00C7 0083 00C7
0021 00B8 0000 0000 0000 0000 0000 0000     00BD 0001 009C 0049 00DB 003E 00DB 003E
0000 0000 0000 0000 0075 005F 0054 00E7     006B 00F1 006B 00F1 005D 00AB 003C 0033
0000 0000 0000 0000 0021 00B8 0000 0000     00F3 0089 00F3 0089 0089 0023 0068 006B
0013 0022 0085 0062 0000 0000 0000 0000     0055 009E 00C7 00DE 00B4 0011 00B4 0011
0096 0040 0000 0000 0000 0000 0000 0000     0094 0002 00FE 00C1 00D6 0070 00D6 0070
0000 0000 0000 0000 0013 0022 0085 0062     00D6 00B0 00D6 00B0 00E7 00B2 0059 00F3
0000 0000 0000 0000 0096 0040 0000 0000     0094 0045 0094 0045 00CA 00A2 0034 0062
009D 0016 0018 005F 0000 0000 0000 0000     00B1 0053 002C 009C 008F 008E 008F 008E
0085 0049 0000 0000 0000 0000 0000 0000     00F9 00A5 0074 005C 003F 00EA 003F 00EA
0000 0000 0000 0000 009D 0016 0018 005F     00EF 00DB 00EF 00DB 0085 0099 0000 00E2
0000 0000 0000 0000 0085 0049 0000 0000     005F 00C7 005F 00C7 006D 00C7 00E8 007D
001A 00EC 0065 0091 0000 0000 0000 0000     002A 00FB 0075 00A0 0095 00A5 0095 00A5
007F 007D 0000 0000 0000 0000 0000 0000     008F 00E1 0010 0064 0095 0076 0095 0076
0000 0000 0000 0000 001A 00EC 0065 0091     00D5 00D3 00D5 00D3 007A 0052 00C5 00F7
0000 0000 0000 0000 007F 007D 0000 0000     00D5 0079 00D5 0079 00DF 0046 0060 00C9
006D 00A2 00CF 0050 0000 0000 0000 0000     0087 0023 00E9 00D1 00C8 0078 00C8 0078
00A2 00F2 0000 0000 0000 0000 0000 0000     0048 00AF 00A6 00BC 0042 00E1 0042 00E1
0000 0000 0000 0000 006D 00A2 00CF 0050     00B2 00D0 00B2 00D0 00C1 00F2 0023 00A1
0000 0000 0000 0000 00A2 00F2 0000 0000     0018 0012 0018 0012 0076 0003 00D4 0010
00F9 00A2 0045 00FC 0000 0000 0000 0000     00CF 001B 001B 0075 0036 005D 0036 005D
00BC 005E 0000 0000 0000 0000 0000 0000     006E 006A 00B2 000B 0038 008A 0038 008A
0000 0000 0000 0000 00F9 00A2 0045 00FC     0010 0075 0010 0075 0035 0077 0081 00D0
0000 0000 0000 0000 00BC 005E 0000 0000     00AE 00C8 00AE 00C8 0008 0053 004C 00F4
00AA 001F 0052 0023 0000 0000 0000 0000     005C 0052 0004 0056 00E0 0029 00E0 0029
00FA 003F 0000 0000 0000 0000 0000 0000     0090 0059 0096 0019 00EA 00DF 00EA 00DF
0000 0000 0000 0000 00AA 001F 0052 0023     001E 001A 001E 001A 00F6 0073 009E 0077
0000 0000 0000 0000 00FA 003F 0000 0000     0010 0092 0010 0092 006E 0012 0074 00D2
00B9 005F 00A1 0021 0000 0000 0000 0000     00D7 00A2 00BF 0064 0042 001A 0042 001A
00B9 007F 0000 0000 0000 0000 0000 0000     0005 0084 004C 0004 0023 0075 0023 0075
0000 0000 0000 0000 00B9 005F 00A1 0021     0074 0001 0074 0001 0075 0069 005D 002B
0000 0000 0000 0000 00B9 007F 0000 0000     000B 00E0 000B 00E0 0041 00EC 0088 006C
00E6 0080 00A5 0066 0000 0000 0000 0000     00FE 000A 00BD 00F0 00C1 008F 00C1 008F
00E7 00E6 0000 0000 0000 0000 0000 0000     0087 009B 00A0 00B4 000D 00E5 000D 00E5
0000 0000 0000 0000 00E6 0080 00A5 0066     0079 00AB 0079 00AB 00A6 0047 0065 002D
0000 0000 0000 0000 00E7 00E6 0000 0000     005D 0069 005D 0069 00A7 00BD 00C0 00D6
0070 00EA 002B 00B2 0000 0000 0000 0000     0008 0042 00C3 0009 0021 00E7 0021 00E7
007B 00FA 0000 0000 0000 0000 0000 0000     0053 009F 00D8 00A4 0041 00F6 0041 00F6
0000 0000 0000 0000 0070 00EA 002B 00B2     0099 0027 0099 0027 0010 0032 00CB 00F9
0000 0000 0000 0000 007B 00FA 0000 0000     0079 00D7 0079 00D7 001B 00E4 00A0 00E9
0030 00F0 003D 00A3 0000 0000 0000 0000     00B4 00A6 00C1 0059 0017 000C 0017 000C
003D 00F3 0000 0000 0000 0000 0000 0000     0021 00FC 00E4 0008 00E7 00B0 00E7 00B0
0000 0000 0000 0000 0030 00F0 003D 00A3     0067 0025 0067 0025 00F8 00B5 0005 0069
0000 0000 0000 0000 003D 00F3 0000 0000     0097 00F9 0097 00F9 0085 003C 0048 0049
00E5 0082 0050 007B 0000 0000 0000 0000     0079 00DC 00E4 00D4 00EF 005B 00EF 005B
00F5 00FB 0000 0000 0000 0000 0000 0000     0009 0094 0014 0098 00EF 00A7 00EF 00A7
0000 0000 0000 0000 00E5 0082 0050 007B     00AF 002A 00AF 002A 004D 0030 00B8 0028
0000 0000 0000 0000 00F5 00FB 0000 0000     00EF 003B 00EF 003B 005D 00B7 0068 00BB

 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #39 on: November 07, 2023, 08:51:52 am »
No catch, I'm afraid.  We ruled out Hn(A, B) = Hn(A B) for ⊕ being addition, subtraction, inclusive-or, or exclusive-or.
It is still possible it is true for some other simple associative sequence of operations instead of just A B, though; perhaps nibble-swapping and addition/substraction/xor?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf