Author Topic: Need help with reversing an old auth algo  (Read 3585 times)

0 Members and 1 Guest are viewing this topic.

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #25 on: November 01, 2023, 09:30:40 pm »
I'm back with new information. While re-examining data frames and my code, it turned out that i made a mistake. Gyus - you were right. Challenge frame is indeed 8 bytes long.
Apologies for that.

What did i do wrong?
Challenge frame itself contains more adjacent, random value bytes* for obfuscation purposes. In order to preserve data consistency, challenge frames generated by me were stuffed with zeros on those places, so the code was always sending 0x00 in place of actual first challenge byte. However previously dumped data should be valid, since we assumed zeros there.

* those does not contribute in challenge-response generation procedure


Attached a txt with new, requested data set, expanded to full 8-byte frame length.
-challenge+response in one line, no human-copy-pasting-merging ;)
-FW does a CRC check on received frame


What do you mean by console?  A serial terminal or terminal emulator?  Or something that has separate display and a hex keyboard ?
My wiring looks like that:
Putty on PC <-> USB-to-uart on eval board <-> (MCU_uart1, MCU_uart2) <-> levelshifters <-> PIC_uart
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #26 on: November 02, 2023, 04:54:48 am »
This being automotive (something I know next to nothing about), are there not better places to be asking about it?

So R0, R2, R4 and R6 still appear to not be influenced by all the challenge bytes, but are affected by C0 (as well as C2, C4 and C6 as seen before).

Running the sum/difference search now, and it no longer finds a way to calculate R5 given R7 (or the other way around). Also the relationship between R0 and R2 includes C0 (I sort-of suspected it might). Omitting the verbose versions:

Code: [Select]
R0 = +R2+C0-C2
R2 = +R0+C2-C0
R4 = +R6+C4-C6
R6 = +R4+C6-C4

Response for all 0xAA, all 0x55 and all 0xFF maybe? Not that I expect those to lead to some dramatic breakthrough.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #27 on: November 02, 2023, 08:59:27 am »
The new data confirms the following:
  • Swapping first and second 16-bit challenge words only swaps first and second 16-bit response words
  • Swapping third and fourth 16-bit challenge words only swaps third and fourth 16-bit response words
  • Swapping first and second, and third and fourth 16-bit challenge words, only swaps the response words similarly
  • When all challenge words have at least N least significant bits all zeroes, then the N least significant bits in all response words match those in the zero response (0xC6EA, 0xC6EA, 0xE64C, 0xE64C).
If we assume the final operation the hashing/encryption routine does in subtract 0xC6EA from the first two words, and 0xE64C from the last two words, then we can find some very interesting and suspicious patterns:
Code: [Select]
     Challenge               Response          Response pre sub                             Challenge in binary                                           Response prior to subtraction in binary

0000 0000 0000 F000  =  36EA 36EA 664C 564C : 9000 9000 8000 9000 | 0000000000000000 0000000000000000 0000000000000000 1111000000000000 . 1001000000000000 1001000000000000 1000000000000000 1001000000000000
0000 0000 0000 FF00  =  45EA 45EA D64C D54C : 8100 8100 1000 1100 | 0000000000000000 0000000000000000 0000000000000000 1111111100000000 . 1000000100000000 1000000100000000 0001000000000000 0001000100000000

0000 0000 F000 0000  =  36EA 36EA 564C 664C : 9000 9000 9000 8000 | 0000000000000000 0000000000000000 1111000000000000 0000000000000000 . 1001000000000000 1001000000000000 1001000000000000 1000000000000000
0000 0000 FF00 0000  =  45EA 45EA D54C D64C : 8100 8100 1100 1000 | 0000000000000000 0000000000000000 1111111100000000 0000000000000000 . 1000000100000000 1000000100000000 0001000100000000 0001000000000000

0000 F000 0000 0000  =  E6EA D6EA B64C B64C : E000 F000 3000 3000 | 0000000000000000 1111000000000000 0000000000000000 0000000000000000 . 1110000000000000 1111000000000000 0011000000000000 0011000000000000
0000 FF00 0000 0000  =  30EA 2FEA F34C F34C : 9600 9700 F300 F300 | 0000000000000000 1111111100000000 0000000000000000 0000000000000000 . 1001011000000000 1001011100000000 1111001100000000 1111001100000000

F000 0000 0000 0000  =  D6EA E6EA B64C B64C : F000 E000 3000 3000 | 1111000000000000 0000000000000000 0000000000000000 0000000000000000 . 1111000000000000 1110000000000000 0011000000000000 0011000000000000
FF00 0000 0000 0000  =  2FEA 30EA F34C F34C : 9700 9600 F300 F300 | 1111111100000000 0000000000000000 0000000000000000 0000000000000000 . 1001011100000000 1001011000000000 1111001100000000 1111001100000000

0000 F000 F000 0000  =  16EA 06EA 664C 764C : B000 C000 8000 7000 | 0000000000000000 1111000000000000 1111000000000000 0000000000000000 . 1011000000000000 1100000000000000 1000000000000000 0111000000000000
0000 FF00 FF00 0000  =  D3EA D2EA 524C 534C : F300 F400 9400 9300 | 0000000000000000 1111111100000000 1111111100000000 0000000000000000 . 1111001100000000 1111010000000000 1001010000000000 1001001100000000

0000 0000 F000 F000  =  A6EA A6EA 564C 564C : 2000 2000 9000 9000 | 0000000000000000 0000000000000000 1111000000000000 1111000000000000 . 0010000000000000 0010000000000000 1001000000000000 1001000000000000
0000 0000 FF00 FF00  =  D4EA D4EA 354C 354C : F200 F200 B100 B100 | 0000000000000000 0000000000000000 1111111100000000 1111111100000000 . 1111001000000000 1111001000000000 1011000100000000 1011000100000000

F000 F000 0000 0000  =  76EA 76EA 864C 864C : 5000 5000 6000 6000 | 1111000000000000 1111000000000000 0000000000000000 0000000000000000 . 0101000000000000 0101000000000000 0110000000000000 0110000000000000
FF00 FF00 0000 0000  =  51EA 51EA 304C 304C : 7500 7500 B600 B600 | 1111111100000000 1111111100000000 0000000000000000 0000000000000000 . 0111010100000000 0111010100000000 1011011000000000 1011011000000000

0000 F000 F000 F000  =  46EA 36EA 264C 264C : 8000 9000 C000 C000 | 0000000000000000 1111000000000000 1111000000000000 1111000000000000 . 1000000000000000 1001000000000000 1100000000000000 1100000000000000
0000 FF00 FF00 FF00  =  E6EA E5EA FA4C FA4C : E000 E100 EC00 EC00 | 0000000000000000 1111111100000000 1111111100000000 1111111100000000 . 1110000000000000 1110000100000000 1110110000000000 1110110000000000

F000 F000 F000 0000  =  E6EA E6EA 764C 864C : E000 E000 7000 6000 | 1111000000000000 1111000000000000 1111000000000000 0000000000000000 . 1110000000000000 1110000000000000 0111000000000000 0110000000000000
FF00 FF00 FF00 0000  =  70EA 70EA 2F4C 304C : 5600 5600 B700 B600 | 1111111100000000 1111111100000000 1111111100000000 0000000000000000 . 0101011000000000 0101011000000000 1011011100000000 1011011000000000
To investigate further, the following 194 patterns would be useful to know:
Code: [Select]
00 00 00 00 00 00 00 E0
00 00 00 00 00 00 00 F8
00 00 00 00 00 00 00 FC
00 00 00 00 00 00 80 FF
00 00 00 00 00 00 C0 FF
00 00 00 00 00 00 E0 FF
00 00 00 00 00 00 F0 FF
00 00 00 00 00 00 F8 FF
00 00 00 00 00 00 FC FF
00 00 00 00 00 00 FE FF
00 00 00 00 00 00 FF FF
00 00 00 00 00 E0 00 00
00 00 00 00 00 E0 00 E0
00 00 00 00 00 F8 00 00
00 00 00 00 00 F8 00 F8
00 00 00 00 00 FC 00 00
00 00 00 00 00 FC 00 FC
00 00 00 00 80 FF 00 00
00 00 00 00 80 FF 80 FF
00 00 00 00 C0 FF 00 00
00 00 00 00 C0 FF C0 FF
00 00 00 00 E0 FF 00 00
00 00 00 00 E0 FF E0 FF
00 00 00 00 F0 FF 00 00
00 00 00 00 F0 FF F0 FF
00 00 00 00 F8 FF 00 00
00 00 00 00 F8 FF F8 FF
00 00 00 00 FC FF 00 00
00 00 00 00 FC FF FC FF
00 00 00 00 FE FF 00 00
00 00 00 00 FE FF FE FF
00 00 00 00 FF FF 00 00
00 00 00 00 FF FF FF FF
00 00 00 80 00 00 00 80
00 00 00 C0 00 00 00 C0
00 00 00 E0 00 00 00 00
00 00 00 E0 00 00 00 E0
00 00 00 E0 00 E0 00 00
00 00 00 E0 00 E0 00 E0
00 00 00 F0 00 00 00 F0
00 00 00 F8 00 00 00 00
00 00 00 F8 00 00 00 F8
00 00 00 F8 00 F8 00 00
00 00 00 F8 00 F8 00 F8
00 00 00 FC 00 00 00 00
00 00 00 FC 00 00 00 FC
00 00 00 FC 00 FC 00 00
00 00 00 FC 00 FC 00 FC
00 00 00 FE 00 00 00 FE
00 00 00 FF 00 00 00 FF
00 00 80 FF 00 00 00 00
00 00 80 FF 00 00 80 FF
00 00 80 FF 80 FF 00 00
00 00 80 FF 80 FF 80 FF
00 00 C0 FF 00 00 00 00
00 00 C0 FF 00 00 C0 FF
00 00 C0 FF C0 FF 00 00
00 00 C0 FF C0 FF C0 FF
00 00 E0 FF 00 00 00 00
00 00 E0 FF 00 00 E0 FF
00 00 E0 FF E0 FF 00 00
00 00 E0 FF E0 FF E0 FF
00 00 F0 FF 00 00 00 00
00 00 F0 FF 00 00 F0 FF
00 00 F0 FF F0 FF 00 00
00 00 F0 FF F0 FF F0 FF
00 00 F8 FF 00 00 00 00
00 00 F8 FF 00 00 F8 FF
00 00 F8 FF F8 FF 00 00
00 00 F8 FF F8 FF F8 FF
00 00 FC FF 00 00 00 00
00 00 FC FF 00 00 FC FF
00 00 FC FF FC FF 00 00
00 00 FC FF FC FF FC FF
00 00 FE FF 00 00 00 00
00 00 FE FF 00 00 FE FF
00 00 FE FF FE FF 00 00
00 00 FE FF FE FF FE FF
00 00 FF FF 00 00 00 00
00 00 FF FF 00 00 FF FF
00 00 FF FF FF FF 00 00
00 00 FF FF FF FF FF FF
00 80 00 00 00 00 00 80
00 80 00 00 00 80 00 00
00 80 00 00 00 80 00 80
00 80 00 80 00 00 00 80
00 80 00 80 00 80 00 80
00 C0 00 00 00 00 00 C0
00 C0 00 00 00 C0 00 00
00 C0 00 00 00 C0 00 C0
00 C0 00 C0 00 00 00 C0
00 C0 00 C0 00 C0 00 C0
00 E0 00 00 00 00 00 00
00 E0 00 00 00 00 00 E0
00 E0 00 00 00 E0 00 00
00 E0 00 00 00 E0 00 E0
00 E0 00 E0 00 00 00 00
00 E0 00 E0 00 00 00 E0
00 E0 00 E0 00 E0 00 00
00 E0 00 E0 00 E0 00 E0
00 F0 00 00 00 00 00 F0
00 F0 00 00 00 F0 00 00
00 F0 00 00 00 F0 00 F0
00 F0 00 F0 00 00 00 F0
00 F0 00 F0 00 F0 00 F0
00 F8 00 00 00 00 00 00
00 F8 00 00 00 00 00 F8
00 F8 00 00 00 F8 00 00
00 F8 00 00 00 F8 00 F8
00 F8 00 F8 00 00 00 00
00 F8 00 F8 00 00 00 F8
00 F8 00 F8 00 F8 00 00
00 F8 00 F8 00 F8 00 F8
00 FC 00 00 00 00 00 00
00 FC 00 00 00 00 00 FC
00 FC 00 00 00 FC 00 00
00 FC 00 00 00 FC 00 FC
00 FC 00 FC 00 00 00 00
00 FC 00 FC 00 00 00 FC
00 FC 00 FC 00 FC 00 00
00 FC 00 FC 00 FC 00 FC
00 FE 00 00 00 00 00 FE
00 FE 00 00 00 FE 00 00
00 FE 00 00 00 FE 00 FE
00 FE 00 FE 00 00 00 FE
00 FE 00 FE 00 FE 00 FE
00 FF 00 00 00 00 00 FF
00 FF 00 00 00 FF 00 00
00 FF 00 00 00 FF 00 FF
00 FF 00 FF 00 00 00 FF
00 FF 00 FF 00 FF 00 FF
80 FF 00 00 00 00 00 00
80 FF 00 00 00 00 80 FF
80 FF 00 00 80 FF 00 00
80 FF 00 00 80 FF 80 FF
80 FF 80 FF 00 00 00 00
80 FF 80 FF 00 00 80 FF
80 FF 80 FF 80 FF 00 00
80 FF 80 FF 80 FF 80 FF
C0 FF 00 00 00 00 00 00
C0 FF 00 00 00 00 C0 FF
C0 FF 00 00 C0 FF 00 00
C0 FF 00 00 C0 FF C0 FF
C0 FF C0 FF 00 00 00 00
C0 FF C0 FF 00 00 C0 FF
C0 FF C0 FF C0 FF 00 00
C0 FF C0 FF C0 FF C0 FF
E0 FF 00 00 00 00 00 00
E0 FF 00 00 00 00 E0 FF
E0 FF 00 00 E0 FF 00 00
E0 FF 00 00 E0 FF E0 FF
E0 FF E0 FF 00 00 00 00
E0 FF E0 FF 00 00 E0 FF
E0 FF E0 FF E0 FF 00 00
E0 FF E0 FF E0 FF E0 FF
F0 FF 00 00 00 00 00 00
F0 FF 00 00 00 00 F0 FF
F0 FF 00 00 F0 FF 00 00
F0 FF 00 00 F0 FF F0 FF
F0 FF F0 FF 00 00 00 00
F0 FF F0 FF 00 00 F0 FF
F0 FF F0 FF F0 FF 00 00
F0 FF F0 FF F0 FF F0 FF
F8 FF 00 00 00 00 00 00
F8 FF 00 00 00 00 F8 FF
F8 FF 00 00 F8 FF 00 00
F8 FF 00 00 F8 FF F8 FF
F8 FF F8 FF 00 00 00 00
F8 FF F8 FF 00 00 F8 FF
F8 FF F8 FF F8 FF 00 00
F8 FF F8 FF F8 FF F8 FF
FC FF 00 00 00 00 00 00
FC FF 00 00 00 00 FC FF
FC FF 00 00 FC FF 00 00
FC FF 00 00 FC FF FC FF
FC FF FC FF 00 00 00 00
FC FF FC FF 00 00 FC FF
FC FF FC FF FC FF 00 00
FC FF FC FF FC FF FC FF
FE FF 00 00 00 00 00 00
FE FF 00 00 00 00 FE FF
FE FF 00 00 FE FF 00 00
FE FF 00 00 FE FF FE FF
FE FF FE FF 00 00 00 00
FE FF FE FF 00 00 FE FF
FE FF FE FF FE FF 00 00
FE FF FE FF FE FF FE FF
FF FF 00 00 00 00 00 00
FF FF 00 00 00 00 FF FF
FF FF 00 00 FF FF 00 00
FF FF 00 00 FF FF FF FF
FF FF FF FF 00 00 00 00
FF FF FF FF 00 00 FF FF
FF FF FF FF FF FF 00 00
They form the rest of the combinations where each challenge word is either zero, or has N most significant bits set.
« Last Edit: November 02, 2023, 09:08:20 am by Nominal Animal »
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #28 on: November 02, 2023, 04:08:33 pm »
To investigate further, the following 194 patterns would be useful to know:
Sure, new datasets below:
Code: [Select]
0000 0000 0000 0000 0000 0000 0000 00E0     00EA 0026 00EA 0026 004C 00E6 004C 00C6
0000 0000 0000 0000 0000 0000 0000 00F8     00EA 002E 00EA 002E 004C 0006 004C 00FE
0000 0000 0000 0000 0000 0000 0000 00FC     00EA 0082 00EA 0082 004C 0096 004C 0092
0000 0000 0000 0000 0000 0000 0080 00FF     006A 00FA 006A 00FA 004C 00D2 00CC 00D1
0000 0000 0000 0000 0000 0000 00C0 00FF     002A 0078 002A 0078 004C 00AB 000C 00AB
0000 0000 0000 0000 0000 0000 00E0 00FF     00CA 001A 00CA 001A 004C 0006 002C 0006
0000 0000 0000 0000 0000 0000 00F0 00FF     007A 00A5 007A 00A5 004C 00E4 003C 00E4
0000 0000 0000 0000 0000 0000 00F8 00FF     0002 003B 0002 003B 002C 0064 0024 0064
0000 0000 0000 0000 0000 0000 00FC 00FF     006E 0075 006E 0075 004C 0019 0048 0019
0000 0000 0000 0000 0000 0000 00FE 00FF     007C 0074 007C 0074 0054 0005 0052 0005
0000 0000 0000 0000 0000 0000 00FF 00FF     0055 0012 0055 0012 0060 0049 005F 0049
0000 0000 0000 0000 0000 00E0 0000 0000     00EA 0026 00EA 0026 004C 00C6 004C 00E6
0000 0000 0000 0000 0000 00E0 0000 00E0     00EA 0086 00EA 0086 004C 00C6 004C 00C6
0000 0000 0000 0000 0000 00F8 0000 0000     00EA 002E 00EA 002E 004C 00FE 004C 0006
0000 0000 0000 0000 0000 00F8 0000 00F8     00EA 0016 00EA 0016 004C 009E 004C 009E
0000 0000 0000 0000 0000 00FC 0000 0000     00EA 0082 00EA 0082 004C 0092 004C 0096
0000 0000 0000 0000 0000 00FC 0000 00FC     00EA 00FE 00EA 00FE 004C 0082 004C 0082
0000 0000 0000 0000 0080 00FF 0000 0000     006A 00FA 006A 00FA 00CC 00D1 004C 00D2
0000 0000 0000 0000 0080 00FF 0080 00FF     00EA 004D 00EA 004D 00CC 00B1 00CC 00B1
0000 0000 0000 0000 00C0 00FF 0000 0000     002A 0078 002A 0078 000C 00AB 004C 00AB
0000 0000 0000 0000 00C0 00FF 00C0 00FF     006A 00ED 006A 00ED 000C 00EA 000C 00EA
0000 0000 0000 0000 00E0 00FF 0000 0000     00CA 001A 00CA 001A 002C 0006 004C 0006
0000 0000 0000 0000 00E0 00FF 00E0 00FF     00AA 00DA 00AA 00DA 002C 003A 002C 003A
0000 0000 0000 0000 00F0 00FF 0000 0000     007A 00A5 007A 00A5 003C 00E4 004C 00E4
0000 0000 0000 0000 00F0 00FF 00F0 00FF     000A 007A 000A 007A 003C 001C 003C 001C
0000 0000 0000 0000 00F8 00FF 0000 0000     0002 003B 0002 003B 0024 0064 002C 0064
0000 0000 0000 0000 00F8 00FF 00F8 00FF     001A 00B1 001A 00B1 00C4 000A 00C4 000A
0000 0000 0000 0000 00FC 00FF 0000 0000     006E 0075 006E 0075 0048 0019 004C 0019
0000 0000 0000 0000 00FC 00FF 00FC 00FF     0032 009A 0032 009A 00C8 00B1 00C8 00B1
0000 0000 0000 0000 00FE 00FF 0000 0000     007C 0074 007C 0074 0052 0005 0054 0005
0000 0000 0000 0000 00FE 00FF 00FE 00FF     00AE 0055 00AE 0055 00AA 00AE 00AA 00AE
0000 0000 0000 0000 00FF 00FF 0000 0000     0055 0012 0055 0012 005F 0049 0060 0049
0000 0000 0000 0000 00FF 00FF 00FF 00FF     0080 0038 0080 0038 001B 00C9 001B 00C9
0000 0000 0000 0080 0000 0000 0000 0080     00EA 0046 00EA 00C6 004C 0066 004C 00E6
0000 0000 0000 00C0 0000 0000 0000 00C0     00EA 0006 00EA 00C6 004C 00A6 004C 0066
0000 0000 0000 00E0 0000 0000 0000 0000     00EA 0086 00EA 0066 004C 0046 004C 0046
0000 0000 0000 00E0 0000 0000 0000 00E0     00EA 00E6 00EA 00C6 004C 00C6 004C 00A6
0000 0000 0000 00E0 0000 00E0 0000 0000     00EA 00E6 00EA 00C6 004C 00A6 004C 00C6
0000 0000 0000 00E0 0000 00E0 0000 00E0     00EA 0046 00EA 0026 004C 0026 004C 0026
0000 0000 0000 00F0 0000 0000 0000 00F0     00EA 0016 00EA 0006 004C 0076 004C 0066
0000 0000 0000 00F8 0000 0000 0000 0000     00EA 00D6 00EA 00CE 004C 00EE 004C 00EE
0000 0000 0000 00F8 0000 0000 0000 00F8     00EA 007E 00EA 0076 004C 008E 004C 0086
0000 0000 0000 00F8 0000 00F8 0000 0000     00EA 007E 00EA 0076 004C 0086 004C 008E
0000 0000 0000 00F8 0000 00F8 0000 00F8     00EA 0026 00EA 001E 004C 0026 004C 0026
0000 0000 0000 00FC 0000 0000 0000 0000     00EA 000E 00EA 000A 004C 00A2 004C 00A2
0000 0000 0000 00FC 0000 0000 0000 00FC     00EA 007A 00EA 0076 004C 0032 004C 002E
0000 0000 0000 00FC 0000 00FC 0000 0000     00EA 007A 00EA 0076 004C 002E 004C 0032
0000 0000 0000 00FC 0000 00FC 0000 00FC     00EA 0066 00EA 0062 004C 001E 004C 001E
0000 0000 0000 00FE 0000 0000 0000 00FE     00EA 0084 00EA 0082 004C 00C4 004C 00C2
0000 0000 0000 00FF 0000 0000 0000 00FF     00EA 00D3 00EA 00D2 004C 0053 004C 0052
0000 0000 0080 00FF 0000 0000 0000 0000     00EA 00D1 006A 00D1 00CC 00ED 00CC 00ED
0000 0000 0080 00FF 0000 0000 0080 00FF     006A 00CB 00EA 00CA 00CC 00DB 004C 00DB
0000 0000 0080 00FF 0080 00FF 0000 0000     006A 00CB 00EA 00CA 004C 00DB 00CC 00DB
0000 0000 0080 00FF 0080 00FF 0080 00FF     00EA 008C 006A 008C 004C 0015 004C 0015
0000 0000 00C0 00FF 0000 0000 0000 0000     006A 00DD 002A 00DD 008C 0062 008C 0062
0000 0000 00C0 00FF 0000 0000 00C0 00FF     00AA 00BF 006A 00BF 008C 004C 004C 004C
0000 0000 00C0 00FF 00C0 00FF 0000 0000     00AA 00BF 006A 00BF 004C 004C 008C 004C
0000 0000 00C0 00FF 00C0 00FF 00C0 00FF     00EA 0011 00AA 0011 004C 0060 004C 0060
0000 0000 00E0 00FF 0000 0000 0000 0000     002A 003F 000A 003F 006C 0007 006C 0007
0000 0000 00E0 00FF 0000 0000 00E0 00FF     000A 009F 00EA 009E 006C 00FC 004C 00FC
0000 0000 00E0 00FF 00E0 00FF 0000 0000     000A 009F 00EA 009E 004C 00FC 006C 00FC
0000 0000 00E0 00FF 00E0 00FF 00E0 00FF     00EA 0040 00CA 0040 004C 008B 004C 008B
0000 0000 00F0 00FF 0000 0000 0000 0000     000A 00EE 00FA 00ED 007C 0042 007C 0042
0000 0000 00F0 00FF 0000 0000 00F0 00FF     005A 0046 004A 0046 007C 0079 006C 0079
0000 0000 00F0 00FF 00F0 00FF 0000 0000     005A 0046 004A 0046 006C 0079 007C 0079
0000 0000 00F0 00FF 00F0 00FF 00F0 00FF     00AA 0027 009A 0027 00EC 003B 00EC 003B
0000 0000 00F8 00FF 0000 0000 0000 0000     009A 00DF 0092 00DF 0014 00C3 0014 00C3
0000 0000 00F8 00FF 0000 0000 00F8 00FF     00D2 00D2 00CA 00D2 0094 00CB 008C 00CB
0000 0000 00F8 00FF 00F8 00FF 0000 0000     00D2 00D2 00CA 00D2 008C 00CB 0094 00CB
0000 0000 00F8 00FF 00F8 00FF 00F8 00FF     000A 008E 0002 008E 000C 00B3 000C 00B3
0000 0000 00FC 00FF 0000 0000 0000 0000     0032 004D 002E 004D 00F8 00EA 00F8 00EA
0000 0000 00FC 00FF 0000 0000 00FC 00FF     0056 003C 0052 003C 0098 00FD 0094 00FD
0000 0000 00FC 00FF 00FC 00FF 0000 0000     0056 003C 0052 003C 0094 00FD 0098 00FD
0000 0000 00FC 00FF 00FC 00FF 00FC 00FF     007A 0034 0076 0034 00F4 008A 00F4 008A
0000 0000 00FE 00FF 0000 0000 0000 0000     000E 00A9 000C 00A9 000E 00BE 000E 00BE
0000 0000 00FE 00FF 0000 0000 00FE 00FF     0030 00FE 002E 00FE 008E 00D0 008C 00D0
0000 0000 00FE 00FF 00FE 00FF 0000 0000     0030 00FE 002E 00FE 008C 00D0 008E 00D0
0000 0000 00FE 00FF 00FE 00FF 00FE 00FF     0092 00C0 0090 00C0 00FC 0097 00FC 0097
0000 0000 00FF 00FF 0000 0000 0000 0000     0010 0031 000F 0031 0015 0013 0015 0013
0000 0000 00FF 00FF 0000 0000 00FF 00FF     00D3 00F9 00D2 00F9 000D 009E 000C 009E
0000 0000 00FF 00FF 00FF 00FF 0000 0000     00D3 00F9 00D2 00F9 000C 009E 000D 009E
0000 0000 00FF 00FF 00FF 00FF 00FF 00FF     0026 00AC 0025 00AC 005C 0098 005C 0098
0000 0080 0000 0000 0000 0000 0000 0080     00EA 00C6 00EA 0046 004C 0066 004C 00E6
0000 0080 0000 0000 0000 0080 0000 0000     00EA 00C6 00EA 0046 004C 00E6 004C 0066
0000 0080 0000 0000 0000 0080 0000 0080     00EA 0046 00EA 00C6 004C 00E6 004C 00E6
0000 0080 0000 0080 0000 0000 0000 0080     00EA 00C6 00EA 00C6 004C 00E6 004C 0066
0000 0080 0000 0080 0000 0080 0000 0080     00EA 0046 00EA 0046 004C 0066 004C 0066
0000 00C0 0000 0000 0000 0000 0000 00C0     00EA 00C6 00EA 0006 004C 00A6 004C 0066
0000 00C0 0000 0000 0000 00C0 0000 0000     00EA 00C6 00EA 0006 004C 0066 004C 00A6
0000 00C0 0000 0000 0000 00C0 0000 00C0     00EA 0086 00EA 00C6 004C 0066 004C 0066
0000 00C0 0000 00C0 0000 0000 0000 00C0     00EA 0046 00EA 0046 004C 0066 004C 0026
0000 00C0 0000 00C0 0000 00C0 0000 00C0     00EA 0006 00EA 0006 004C 0026 004C 0026
0000 00E0 0000 0000 0000 0000 0000 0000     00EA 0066 00EA 0086 004C 0046 004C 0046
0000 00E0 0000 0000 0000 0000 0000 00E0     00EA 00C6 00EA 00E6 004C 00C6 004C 00A6
0000 00E0 0000 0000 0000 00E0 0000 0000     00EA 00C6 00EA 00E6 004C 00A6 004C 00C6
0000 00E0 0000 0000 0000 00E0 0000 00E0     00EA 0026 00EA 0046 004C 0026 004C 0026
0000 00E0 0000 00E0 0000 0000 0000 0000     00EA 0026 00EA 0026 004C 00A6 004C 00A6
0000 00E0 0000 00E0 0000 0000 0000 00E0     00EA 0086 00EA 0086 004C 00A6 004C 0086
0000 00E0 0000 00E0 0000 00E0 0000 0000     00EA 0086 00EA 0086 004C 0086 004C 00A6
0000 00E0 0000 00E0 0000 00E0 0000 00E0     00EA 00E6 00EA 00E6 004C 0086 004C 0086
0000 00F0 0000 0000 0000 0000 0000 00F0     00EA 0006 00EA 0016 004C 0076 004C 0066
0000 00F0 0000 0000 0000 00F0 0000 0000     00EA 0006 00EA 0016 004C 0066 004C 0076
0000 00F0 0000 0000 0000 00F0 0000 00F0     00EA 0036 00EA 0046 004C 0026 004C 0026
0000 00F0 0000 00F0 0000 0000 0000 00F0     00EA 00E6 00EA 00E6 004C 0086 004C 0076
0000 00F0 0000 00F0 0000 00F0 0000 00F0     00EA 0056 00EA 0056 004C 00F6 004C 00F6
0000 00F8 0000 0000 0000 0000 0000 0000     00EA 00CE 00EA 00D6 004C 00EE 004C 00EE
0000 00F8 0000 0000 0000 0000 0000 00F8     00EA 0076 00EA 007E 004C 008E 004C 0086
0000 00F8 0000 0000 0000 00F8 0000 0000     00EA 0076 00EA 007E 004C 0086 004C 008E
0000 00F8 0000 0000 0000 00F8 0000 00F8     00EA 001E 00EA 0026 004C 0026 004C 0026
0000 00F8 0000 00F8 0000 0000 0000 0000     00EA 005E 00EA 005E 004C 00F6 004C 00F6
0000 00F8 0000 00F8 0000 0000 0000 00F8     00EA 0046 00EA 0046 004C 0016 004C 000E
0000 00F8 0000 00F8 0000 00F8 0000 0000     00EA 0046 00EA 0046 004C 000E 004C 0016
0000 00F8 0000 00F8 0000 00F8 0000 00F8     00EA 00AE 00EA 00AE 004C 00AE 004C 00AE
0000 00FC 0000 0000 0000 0000 0000 0000     00EA 000A 00EA 000E 004C 00A2 004C 00A2
0000 00FC 0000 0000 0000 0000 0000 00FC     00EA 0076 00EA 007A 004C 0032 004C 002E
0000 00FC 0000 0000 0000 00FC 0000 0000     00EA 0076 00EA 007A 004C 002E 004C 0032
0000 00FC 0000 0000 0000 00FC 0000 00FC     00EA 0062 00EA 0066 004C 001E 004C 001E
0000 00FC 0000 00FC 0000 0000 0000 0000     00EA 00B2 00EA 00B2 004C 005E 004C 005E
0000 00FC 0000 00FC 0000 0000 0000 00FC     00EA 00CE 00EA 00CE 004C 008E 004C 008A
0000 00FC 0000 00FC 0000 00FC 0000 0000     00EA 00CE 00EA 00CE 004C 008A 004C 008E
0000 00FC 0000 00FC 0000 00FC 0000 00FC     00EA 00AA 00EA 00AA 004C 00BA 004C 00BA
0000 00FE 0000 0000 0000 0000 0000 00FE     00EA 0082 00EA 0084 004C 00C4 004C 00C2
0000 00FE 0000 0000 0000 00FE 0000 0000     00EA 0082 00EA 0084 004C 00C2 004C 00C4
0000 00FE 0000 0000 0000 00FE 0000 00FE     00EA 001C 00EA 001E 004C 00FA 004C 00FA
0000 00FE 0000 00FE 0000 0000 0000 00FE     00EA 002E 00EA 002E 004C 00E2 004C 00E0
0000 00FE 0000 00FE 0000 00FE 0000 00FE     00EA 00C0 00EA 00C0 004C 0000 004C 0000
0000 00FF 0000 0000 0000 0000 0000 00FF     00EA 00D2 00EA 00D3 004C 0053 004C 0052
0000 00FF 0000 0000 0000 00FF 0000 0000     00EA 00D2 00EA 00D3 004C 0052 004C 0053
0000 00FF 0000 0000 0000 00FF 0000 00FF     00EA 00E5 00EA 00E6 004C 00FA 004C 00FA
0000 00FF 0000 00FF 0000 0000 0000 00FF     00EA 0070 00EA 0070 004C 0030 004C 002F
0000 00FF 0000 00FF 0000 00FF 0000 00FF     00EA 005F 00EA 005F 004C 000F 004C 000F
0080 00FF 0000 0000 0000 0000 0000 0000     006A 00D1 00EA 00D1 00CC 00ED 00CC 00ED
0080 00FF 0000 0000 0000 0000 0080 00FF     00EA 00CA 006A 00CB 00CC 00DB 004C 00DB
0080 00FF 0000 0000 0080 00FF 0000 0000     00EA 00CA 006A 00CB 004C 00DB 00CC 00DB
0080 00FF 0000 0000 0080 00FF 0080 00FF     006A 008C 00EA 008C 004C 0015 004C 0015
0080 00FF 0080 00FF 0000 0000 0000 0000     006A 0070 006A 0070 004C 0035 004C 0035
0080 00FF 0080 00FF 0000 0000 0080 00FF     00EA 00A3 00EA 00A3 004C 004D 00CC 004C
0080 00FF 0080 00FF 0080 00FF 0000 0000     00EA 00A3 00EA 00A3 00CC 004C 004C 004D
0080 00FF 0080 00FF 0080 00FF 0080 00FF     006A 0027 006A 0027 00CC 0098 00CC 0098
00C0 00FF 0000 0000 0000 0000 0000 0000     002A 00DD 006A 00DD 008C 0062 008C 0062
00C0 00FF 0000 0000 0000 0000 00C0 00FF     006A 00BF 00AA 00BF 008C 004C 004C 004C
00C0 00FF 0000 0000 00C0 00FF 0000 0000     006A 00BF 00AA 00BF 004C 004C 008C 004C
00C0 00FF 0000 0000 00C0 00FF 00C0 00FF     00AA 0011 00EA 0011 004C 0060 004C 0060
00C0 00FF 00C0 00FF 0000 0000 0000 0000     00AA 00A1 00AA 00A1 00CC 00C2 00CC 00C2
00C0 00FF 00C0 00FF 0000 0000 00C0 00FF     00EA 00A2 00EA 00A2 00CC 00A1 008C 00A1
00C0 00FF 00C0 00FF 00C0 00FF 0000 0000     00EA 00A2 00EA 00A2 008C 00A1 00CC 00A1
00C0 00FF 00C0 00FF 00C0 00FF 00C0 00FF     002A 0048 002A 0048 008C 00DA 008C 00DA
00E0 00FF 0000 0000 0000 0000 0000 0000     000A 003F 002A 003F 006C 0007 006C 0007
00E0 00FF 0000 0000 0000 0000 00E0 00FF     00EA 009E 000A 009F 006C 00FC 004C 00FC
00E0 00FF 0000 0000 00E0 00FF 0000 0000     00EA 009E 000A 009F 004C 00FC 006C 00FC
00E0 00FF 0000 0000 00E0 00FF 00E0 00FF     00CA 0040 00EA 0040 004C 008B 004C 008B
00E0 00FF 00E0 00FF 0000 0000 0000 0000     004A 00E7 004A 00E7 008C 0096 008C 0096
00E0 00FF 00E0 00FF 0000 0000 00E0 00FF     002A 00C7 002A 00C7 008C 0094 006C 0094
00E0 00FF 00E0 00FF 00E0 00FF 0000 0000     002A 00C7 002A 00C7 006C 0094 008C 0094
00E0 00FF 00E0 00FF 00E0 00FF 00E0 00FF     000A 00E7 000A 00E7 006C 00E6 006C 00E6
00F0 00FF 0000 0000 0000 0000 0000 0000     00FA 00ED 000A 00EE 007C 0042 007C 0042
00F0 00FF 0000 0000 0000 0000 00F0 00FF     004A 0046 005A 0046 007C 0079 006C 0079
00F0 00FF 0000 0000 00F0 00FF 0000 0000     004A 0046 005A 0046 006C 0079 007C 0079
00F0 00FF 0000 0000 00F0 00FF 00F0 00FF     009A 0027 00AA 0027 00EC 003B 00EC 003B
00F0 00FF 00F0 00FF 0000 0000 0000 0000     009A 009C 009A 009C 00AC 00F6 00AC 00F6
00F0 00FF 00F0 00FF 0000 0000 00F0 00FF     00AA 004B 00AA 004B 00AC 005D 009C 005D
00F0 00FF 00F0 00FF 00F0 00FF 0000 0000     00AA 004B 00AA 004B 009C 005D 00AC 005D
00F0 00FF 00F0 00FF 00F0 00FF 00F0 00FF     00BA 001A 00BA 001A 009C 0093 009C 0093
00F8 00FF 0000 0000 0000 0000 0000 0000     0092 00DF 009A 00DF 0014 00C3 0014 00C3
00F8 00FF 0000 0000 0000 0000 00F8 00FF     00CA 00D2 00D2 00D2 0094 00CB 008C 00CB
00F8 00FF 0000 0000 00F8 00FF 0000 0000     00CA 00D2 00D2 00D2 008C 00CB 0094 00CB
00F8 00FF 0000 0000 00F8 00FF 00F8 00FF     0002 008E 000A 008E 000C 00B3 000C 00B3
00F8 00FF 00F8 00FF 0000 0000 0000 0000     0082 009E 0082 009E 00DC 00A9 00DC 00A9
00F8 00FF 00F8 00FF 0000 0000 00F8 00FF     005A 004A 005A 004A 00FC 008F 00F4 008F
00F8 00FF 00F8 00FF 00F8 00FF 0000 0000     005A 004A 005A 004A 00F4 008F 00FC 008F
00F8 00FF 00F8 00FF 00F8 00FF 00F8 00FF     0032 00D0 0032 00D0 0054 007B 0054 007B
00FC 00FF 0000 0000 0000 0000 0000 0000     002E 004D 0032 004D 00F8 00EA 00F8 00EA
00FC 00FF 0000 0000 0000 0000 00FC 00FF     0052 003C 0056 003C 0098 00FD 0094 00FD
00FC 00FF 0000 0000 00FC 00FF 0000 0000     0052 003C 0056 003C 0094 00FD 0098 00FD
00FC 00FF 0000 0000 00FC 00FF 00FC 00FF     0076 0034 007A 0034 00F4 008A 00F4 008A
00FC 00FF 00FC 00FF 0000 0000 0000 0000     0036 0000 0036 0000 0064 008F 0064 008F
00FC 00FF 00FC 00FF 0000 0000 00FC 00FF     005A 00AC 005A 00AC 0024 0001 0020 0001
00FC 00FF 00FC 00FF 00FC 00FF 0000 0000     005A 00AC 005A 00AC 0020 0001 0024 0001
00FC 00FF 00FC 00FF 00FC 00FF 00FC 00FF     003E 00FF 003E 00FF 0060 0019 0060 0019
00FE 00FF 0000 0000 0000 0000 0000 0000     000C 00A9 000E 00A9 000E 00BE 000E 00BE
00FE 00FF 0000 0000 0000 0000 00FE 00FF     002E 00FE 0030 00FE 008E 00D0 008C 00D0
00FE 00FF 0000 0000 00FE 00FF 0000 0000     002E 00FE 0030 00FE 008C 00D0 008E 00D0
00FE 00FF 0000 0000 00FE 00FF 00FE 00FF     0090 00C0 0092 00C0 00FC 0097 00FC 0097
00FE 00FF 00FE 00FF 0000 0000 0000 0000     0090 0017 0090 0017 0070 0021 0070 0021
00FE 00FF 00FE 00FF 0000 0000 00FE 00FF     0072 00C2 0072 00C2 0048 00BF 0046 00BF
00FE 00FF 00FE 00FF 00FE 00FF 0000 0000     0072 00C2 0072 00C2 0046 00BF 0048 00BF
00FE 00FF 00FE 00FF 00FE 00FF 00FE 00FF     00B4 0024 00B4 0024 006E 00DB 006E 00DB
00FF 00FF 0000 0000 0000 0000 0000 0000     000F 0031 0010 0031 0015 0013 0015 0013
00FF 00FF 0000 0000 0000 0000 00FF 00FF     00D2 00F9 00D3 00F9 000D 009E 000C 009E
00FF 00FF 0000 0000 00FF 00FF 0000 0000     00D2 00F9 00D3 00F9 000C 009E 000D 009E
00FF 00FF 0000 0000 00FF 00FF 00FF 00FF     0025 00AC 0026 00AC 005C 0098 005C 0098
00FF 00FF 00FF 00FF 0000 0000 0000 0000     00F5 00E6 00F5 00E6 001E 003E 001E 003E
00FF 00FF 00FF 00FF 0000 0000 00FF 00FF     00B0 0017 00B0 0017 001A 004F 0019 004F
00FF 00FF 00FF 00FF 00FF 00FF 0000 0000     00B0 0017 00B0 0017 0019 004F 001A 004F


 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #29 on: November 02, 2023, 10:22:29 pm »
The patterns are definitely interesting.  If we assume the final operation in the hash algorithm is to add C6EA to first two response words and E64C to the last two response words, then:
Code: [Select]
     Challenge        Response before Add                           Challenge in binary                                           Response before addition in binary
8000 0000 0000 0000 + 8000 0000 8000 8000 : 1000000000000000 0000000000000000 0000000000000000 0000000000000000 + 1000000000000000 0000000000000000 1000000000000000 1000000000000000
C000 0000 0000 0000 + 4000 8000 C000 C000 : 1100000000000000 0000000000000000 0000000000000000 0000000000000000 + 0100000000000000 1000000000000000 1100000000000000 1100000000000000
E000 0000 0000 0000 + A000 C000 6000 6000 : 1110000000000000 0000000000000000 0000000000000000 0000000000000000 + 1010000000000000 1100000000000000 0110000000000000 0110000000000000
F000 0000 0000 0000 + 1000 2000 D000 D000 : 1111000000000000 0000000000000000 0000000000000000 0000000000000000 + 0001000000000000 0010000000000000 1101000000000000 1101000000000000
F800 0000 0000 0000 + 0800 1000 0800 0800 : 1111100000000000 0000000000000000 0000000000000000 0000000000000000 + 0000100000000000 0001000000000000 0000100000000000 0000100000000000
FC00 0000 0000 0000 + 4400 4800 BC00 BC00 : 1111110000000000 0000000000000000 0000000000000000 0000000000000000 + 0100010000000000 0100100000000000 1011110000000000 1011110000000000
FE00 0000 0000 0000 + 4200 4400 F600 F600 : 1111111000000000 0000000000000000 0000000000000000 0000000000000000 + 0100001000000000 0100010000000000 1111011000000000 1111011000000000
FF00 0000 0000 0000 + 6900 6A00 0D00 0D00 : 1111111100000000 0000000000000000 0000000000000000 0000000000000000 + 0110100100000000 0110101000000000 0000110100000000 0000110100000000
FF80 0000 0000 0000 + 0A80 0B00 0780 0780 : 1111111110000000 0000000000000000 0000000000000000 0000000000000000 + 0000101010000000 0000101100000000 0000011110000000 0000011110000000
FFC0 0000 0000 0000 + 1640 1680 7C40 7C40 : 1111111111000000 0000000000000000 0000000000000000 0000000000000000 + 0001011001000000 0001011010000000 0111110001000000 0111110001000000
FFE0 0000 0000 0000 + 7820 7840 2120 2120 : 1111111111100000 0000000000000000 0000000000000000 0000000000000000 + 0111100000100000 0111100001000000 0010000100100000 0010000100100000
FFF0 0000 0000 0000 + 2710 2720 5C30 5C30 : 1111111111110000 0000000000000000 0000000000000000 0000000000000000 + 0010011100010000 0010011100100000 0101110000110000 0101110000110000
FFF8 0000 0000 0000 + 18A8 18B0 DCC8 DCC8 : 1111111111111000 0000000000000000 0000000000000000 0000000000000000 + 0001100010101000 0001100010110000 1101110011001000 1101110011001000
FFFC 0000 0000 0000 + 8644 8648 04AC 04AC : 1111111111111100 0000000000000000 0000000000000000 0000000000000000 + 1000011001000100 1000011001001000 0000010010101100 0000010010101100
FFFE 0000 0000 0000 + E222 E224 D7C2 D7C2 : 1111111111111110 0000000000000000 0000000000000000 0000000000000000 + 1110001000100010 1110001000100100 1101011111000010 1101011111000010
FFFF 0000 0000 0000 + 6A25 6A26 2CC9 2CC9 : 1111111111111111 0000000000000000 0000000000000000 0000000000000000 + 0110101000100101 0110101000100110 0010110011001001 0010110011001001


If you have a bash shell (and basic utilities like sed, mktemp, awk), you can save the following as say gen.sh and run it via ./gen.sh dump*.txt to generate various files (including known.h for experimentation in C).  This is what I use for initial mangling.
Code: [Select]
#!/bin/bash
# SPDX-License-Identifier: CC0-1.0
export LANG=C LC_ALL=C

# Usage
if [ $# -lt 1 ] || [ ":$*" = ":-h" ] || [ ":$*" = ":--help" ]; then
    exec >&2
    printf '\n'
    printf 'Usage: %s [ -h | --help ]\n' "$0"
    printf '       %s BYTE-PATTERN-FILE(s)...\n' "$0"
    printf '\n'
    printf 'This reads in hexadecimal input consisting of 16 bytes,\n'
    printf 'whitespace-separated, forming a challenge-response pair.\n'
    printf '\n'
    printf 'After reading all inputs, the three following files are generated:\n'
    printf '    bytes.txt, containing all unique patterns of\n'
    printf '        "HH HH HH HH HH HH HH HH = HH HH HH HH HH HH HH HH"\n'
    printf '    words.txt, above reformatted to little-endian 16-bit words,\n'
    printf '        "HHHH HHHH HHHH HHHH = HHHH HHHH HHHH HHHH"\n'
    printf '    words-sub.txt, the above assuming final substraction by zero response,\n'
    printf '        "HHHH HHHH HHHH HHHH - HHHH HHHH HHHH HHHH : BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB - BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB\n'
    printf '    words-add.txt, the above assuming final addition by zero response,\n'
    printf '        "HHHH HHHH HHHH HHHH + HHHH HHHH HHHH HHHH : BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB + BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB\n'
    printf '    words-xor.txt, the above assuming final exclusive-or by zero response,\n'
    printf '        "HHHH HHHH HHHH HHHH ^ HHHH HHHH HHHH HHHH : BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB ^ BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB BBBBBBBBBBBBBBBB\n'
    printf '    known.h, a C header file exposing these patterns\n'
    printf '\n' >&2
    exit 0
fi

# Auto-deleted temporary directory for work files
Work=$(mktemp -d) || exit 1
trap "rm -rf '$Work'" EXIT

# Transmogrify inputs into hex bytes only
sed -e 's|[\t\r\v\f ][\t\r\v\f ]*| |g' \
    -e '/^[#;]/ d' \
    -e 's|^ *| |; s| *$||' \
    -e 's| 00*\([0-9A-Fa-f][0-9A-Fa-f]\)| \1|g' \
    "$@" | sort -g > "$Work/input" || exit 1

# Reformat to 'HH HH HH HH HH HH HH HH = HH HH HH HH HH HH HH HH'
awk '(NF >= 15) {
        challenge = $1 " " $2 " " $3 " " $4 " " $5 " " $6 " " $7 " " $8
        response = $9 " " $10 " " $11 " " $12 " " $13 " " $14 " " $15 " " $16
        if (challenge in known) {
            if (known[challenge] != response) {
                printf "Warning: Challenge %s has conflicting responses %s and %s!\n", challenge, known[challenge], response > "/dev/stderr"
            }
        } else {
            known[challenge] = response
            printf "%s = %s\n", challenge, response
        }
     }' < "$Work/input" | sort -n > "$Work/bytes" || exit 1

# Reformat to 'HHHH HHHH HHHH HHHH = HHHH HHHH HHHH HHHH'
awk '(NF >= 16) {
        printf "%s%s %s%s %s%s %s%s = %s%s %s%s %s%s %s%s\n", $2,$1, $4,$3, $6,$5, $8,$7,  $11,$10, $13,$12, $15,$14, $17,$16
     }' < "$Work/bytes" | sort -n > "$Work/words"

# Ensure the first challenge is all ones.
first=($(sed -ne '1 p' "$Work/words"))
if [ "${first[0]}:${first[1]}:${first[2]}:${first[3]}" != "0000:0000:0000:0000" ]; then
    printf 'There is no response for a zero challenge in the input dataset!\n' >&2
    exit 1
else
    zero1="${first[5]}"
    zero2="${first[6]}"
    zero3="${first[7]}"
    zero4="${first[8]}"
fi

# Generate known.h
(
    sed -ne 's|^        ||p; s|^ *$||p' <<'    END'
        // SPDX-License-Identifier: CC0-1.0
        #ifndef   KNOWN_H
        #define   KNOWN_H
        #include <stdint.h>

        /* DO NOT MODIFY!
         *
         * This file is autogenerated by gen.sh script.
        */

        #ifdef   HELPER_FUNC
        #define  KNOWN_HELPER  HELPER_FUNC
        #else
        #define  KNOWN_HELPER  __attribute__((__unused__)) static
        #endif

        // String returned by format_()  functions if the buffer is too short.
        static const char  BUFFER_TOO_SHORT[] = "...";

        // Hexadecimal digits
        static const char  hex_digit[16] = {
            '0', '1', '2', '3', '4', '5', '6', '7',
            '8', '9', 'A', 'B', 'C', 'D', 'E', 'F',
        };

        // Challenge or response token.
        typedef struct {
            union {
                uint64_t    val;
                uint64_t    u64[1];
                uint32_t    u32[2];
                uint16_t    u16[4];
                uint8_t     u8[8];
                char        c[8];
            };
        } token;

        static const struct {
            union {
                const uint64_t  cval;
                const token     c;
                const uint64_t  c64[1];
                const uint32_t  c32[2];
                const uint16_t  c16[4];
                const uint8_t   c8[8];
                const char      cc[8];
            };
            union {
                const uint64_t  rval;
                const token     r;
                const uint64_t  r64[1];
                const uint32_t  r32[2];
                const uint16_t  r16[4];
                const uint8_t   r8[8];
                const char      rc[8];
            };
        } known[] = {
            // First dataset corresponds to the zero challenge.
    END

    # Zero challenge.
    printf '    { .c16 = { 0x0000, 0x0000, 0x0000, 0x0000 }, .r16 = { 0x%s, 0x%s, 0x%s, 0x%s } },\n' $zero1 $zero2 $zero3 $zero4

    # All other challenges.
    awk '($1 != "0000" || $2 != "0000" || $3 != "0000" || $4 != "0000") {
            printf "    { .c16 = { 0x%s, 0x%s, 0x%s, 0x%s }, .r16 = { 0x%s, 0x%s, 0x%s, 0x%s } },\n", $1, $2, $3, $4, $6, $7, $8, $9
         }' "$Work/words" | sort -n -k 5

    sed -ne 's|^        ||p; s|^ *$||p' <<'    END'
        };
        #undef   knowns
        #define  knowns  (sizeof known / sizeof known[0])

        // Return the index of the matching challenge, or -1 if not found.
        KNOWN_HELPER int  index_of_challenge(const token c)
        {
            int  k = knowns;
            while (k-->0)
                if (known[k].cval == c.val)
                    return k;
            return -1;
        }

        // Return the index of the matching response, or -1 if not found.
        KNOWN_HELPER int  index_of_response(const token r)
        {
            int  k = knowns;
            while (k-->0)
                if (known[k].rval == r.val)
                    return k;
            return -1;
        }

        // Return 1 if the specified challenge matches the response,
        //        0 if the challenge does not match the response or vice versa,
        //       -1 if the specified challenge and response are unknown
        KNOWN_HELPER int  verify_challenge_response(const token c, const token r)
        {
            int  k = knowns;
            while (k-->0) {
                if (known[k].cval == c.val) {
                    return (known[k].rval == r.val);
                } else
                if (known[k].rval == r.val) {
                    return 0;
                }
            }
            return -1;
        }

        // Format token t as binary bytes into n-character buffer b.
        KNOWN_HELPER const char *format_bin8(char *const b, const size_t n, const token t)
        {
            char  *p = b;

            // Eight items, each eight characters plus delimiter (space or NUL)
            if (n < 8*(8+1))
                return BUFFER_TOO_SHORT;

            for (int i = 0; i < 8; i++) {
                if (i)
                    *(p++) = ' ';

                for (unsigned int m = 0x80; m != 0; m >>= 1)
                    *(p++) = '0' + !!(t.u8[i] & m);
            }

            *p = '\0';
            return (const char *)b;
        }

        // Format token t as hexadecimal bytes into n-character buffer b.
        KNOWN_HELPER const char *format_hex8(char *const b, const size_t n, const token t)
        {
            char  *p = b;

            // Eight items, each two characters plus delimiter (space or NUL)
            if (n < 8*(2+1))
                return BUFFER_TOO_SHORT;

            for (int i = 0; i < 8; i++) {
                if (i)
                    *(p++) = ' ';

                *(p++) = hex_digit[ (t.u8[i] >> 4) & 15 ];
                *(p++) = hex_digit[  t.u8[i]       & 15 ];
            }

            *p = '\0';
            return (const char *)b;
        }

        // Format token t as binary 16-bit words into n-character buffer b.
        KNOWN_HELPER const char *format_bin16(char *const b, const size_t n, const token t)
        {
            char  *p = b;

            // Four items, each sixteen characters plus delimiter (space or NUL)
            if (n < 4*(16+1))
                return BUFFER_TOO_SHORT;

            for (int i = 0; i < 4; i++) {
                if (i)
                    *(p++) = ' ';

                for (unsigned int m = 0x8000; m != 0; m >>= 1)
                    *(p++) = '0' + !!(t.u16[i] & m);
            }

            *p = '\0';
            return (const char *)b;
        }

        // Format token t as hexadecimal 16-bit words into n-character buffer b.
        KNOWN_HELPER const char *format_hex16(char *const b, const size_t n, const token t)
        {
            char  *p = b;

            // Four items, each four characters plus delimiter (space or NUL)
            if (n < 4*(4+1))
                return BUFFER_TOO_SHORT;

            for (int i = 0; i < 4; i++) {
                if (i)
                    *(p++) = ' ';

                *(p++) = hex_digit[ (t.u16[i] >> 12) & 15 ];
                *(p++) = hex_digit[ (t.u16[i] >>  8) & 15 ];
                *(p++) = hex_digit[ (t.u16[i] >>  4) & 15 ];
                *(p++) = hex_digit[  t.u16[i]        & 15 ];
            }

            *p = '\0';
            return (const char *)b;
        }

        #undef   KNOWN_HELPER

        #endif /* KNOWN_H */
    END
) > "known.h" || exit 1
printf 'Generated "known.h" successfully.\n' >&2

cat "$Work/bytes" > "bytes.txt" || exit 1
printf 'Generated "bytes.txt" successfully.\n' >&2

cat "$Work/words" > "words.txt" || exit 1
printf 'Generated "words.txt" successfully.\n' >&2

awk -v z1=$[0x$zero1] -v z2=$[0x$zero2] -v z3=$[0x$zero3] -v z4=$[0x$zero4] \
    -v outadd="$Work/words-add" \
    -v outsub="$Work/words-sub" \
    -v outxor="$Work/words-xor" \
   'function unadd(v_, z_) { return sprintf("%04X", and(65536 + strtonum("0x" v_) - z_, 65535)) }
    function unsub(v_, z_) { return sprintf("%04X", and(65536 - strtonum("0x" v_) + z_, 65535)) }
    function unxor(v_, z_) { return sprintf("%04X", and(xor(strtonum("0x" v_), z_), 65535)) }

    function binary(h_) {
        r_ = ""
        v_ = and(65535, int(strtonum("0x" h_)))
        for (i_ = 0; i_ < 16; i_++) {
            r_ = and(v_, 1) r_
            v_ = int(v_ / 2)
        }
        return r_
    }

    {
        a1 = unadd($6, z1) ; a2 = unadd($7, z2) ; a3 = unadd($8, z3) ; a4 = unadd($9, z4)
        s1 = unsub($6, z1) ; s2 = unsub($7, z2) ; s3 = unsub($8, z3) ; s4 = unsub($9, z4)
        x1 = unxor($6, z1) ; x2 = unxor($7, z2) ; x3 = unxor($8, z3) ; x4 = unxor($9, z4)
        printf "%s %s %s %s + %s %s %s %s : %s %s %s %s + %s %s %s %s\n", $1, $2, $3, $4, a1, a2, a3, a4, binary($1), binary($2), binary($3), binary($4), binary(a1), binary(a2), binary(a3), binary(a4) >> outadd
        printf "%s %s %s %s - %s %s %s %s : %s %s %s %s - %s %s %s %s\n", $1, $2, $3, $4, s1, s2, s3, s4, binary($1), binary($2), binary($3), binary($4), binary(s1), binary(s2), binary(s3), binary(s4) >> outsub
        printf "%s %s %s %s ^ %s %s %s %s : %s %s %s %s ^ %s %s %s %s\n", $1, $2, $3, $4, x1, x2, x3, x4, binary($1), binary($2), binary($3), binary($4), binary(x1), binary(x2), binary(x3), binary(x4) >> outxor
    }' < "$Work/words" || exit 1

for name in add sub xor ; do
    cat "$Work/words-$name" > "words-$name.txt" || exit 1
    printf 'Generated "%s" successfully.\n' "words-$name.txt" >&2
done


(Let me know if you'd prefer to see that in Python or C instead.)
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #30 on: November 03, 2023, 10:21:24 am »
Thank you very much for these valuable guidelines! Although i'm not a Linux/WSL user, but i think i'll handle it. At least i'll gain some new experience ;)
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #31 on: November 04, 2023, 07:48:01 pm »
You have probably noticed this yourself, but when looking at the challenge & response in terms of 16-bit words (0, 1, 2, and 3) rather than bytes, there are also sum/difference patterns. As before, this is omitting some longer patterns that don't reveal anything more, as they can be derived from the shorter ones:

Code: [Select]
RW0 = +RW1+CW0-CW1
RW1 = +RW0+CW1-CW0
RW2 = +RW3+CW2-CW3
RW3 = +RW2+CW3-CW2

I don't know what to make of the dominance of low-order zeroes in the challenge words. My initial thought was that this could be due to multiplying "something" by the challenge words, but that did not get me anywhere. So far I don't see any pattern there at all.

Perhaps shifting a single bit through each of the challenge words while keeping the low order bit 1 will show something. In terms of your byte input, something like these challenges:

Code: [Select]
01 00 00 00 00 00 00 00
01 80 00 00 00 00 00 00
01 40 00 00 00 00 00 00
01 20 00 00 00 00 00 00
01 10 00 00 00 00 00 00
01 08 00 00 00 00 00 00
01 04 00 00 00 00 00 00
01 02 00 00 00 00 00 00
01 01 00 00 00 00 00 00
81 00 00 00 00 00 00 00
41 00 00 00 00 00 00 00
21 00 00 00 00 00 00 00
11 00 00 00 00 00 00 00
09 00 00 00 00 00 00 00
05 00 00 00 00 00 00 00
03 00 00 00 00 00 00 00

00 00 01 00 00 00 00 00
00 00 01 80 00 00 00 00
00 00 01 40 00 00 00 00
00 00 01 20 00 00 00 00
...
00 00 00 00 00 00 09 00
00 00 00 00 00 00 05 00
00 00 00 00 00 00 03 00

I'm wondering whether there could be some "real" crypto going on there, which is going to be near impossible to guess, but with some poor rearrangement/expansion happening afterwards leading to the clear patterns that are evident.
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #32 on: November 05, 2023, 05:11:11 am »
Ozcar's point that Rw1=Rw2+Cw1-Cw2, Rw2=Rw1+Cw2-Cw1, Rw3=Rw4+Cw3-Cw4, and Rw4=Rw3+Cw4-Rw3, is correct for all challenge-response pairs I have.
I think this is a key observation here.  Another way to put this is Rw1 - Cw1 = Rw2 - Cw2 and Rw3 - Cw3 = Rw4 - Cw4, for each challenge.

It does mean that only the first and third result words, Rw1 and Rw3, have meaningful information, because
    Rw2 = Rw1 - Cw1 + Cw2
    Rw4 = Rw3 - Cw3 + Cw4

One way to describe the algorithm we see is
    Rw1 = Hw12(Cw1, Cw2) + Aw34(Cw3, Cw4) + Cw1 + C6EA
    Rw2 = Hw12(Cw1, Cw2) + Aw34(Cw3, Cw4) + Cw2 + C6EA = Rw1 - Cw1 + Cw2
    Rw3 = Hw34(Cw3, Cw4) + Aw12(Cw1, Cw2) + Cw3 + E64C
    Rw4 = Hw34(Cw3, Cw4) + Aw12(Cw1, Cw2) + Cw4 + E64C = Rw3 - Cw3 + Cw4
where all four functions are associative:
    Hw12(A, B) = Hw12(B, A)
    Hw34(A, B) = Hw34(B, A)
    Aw12(A, B) = Aw12(B, A)
    Aw34(A, N) = Aw34(B, A)
and zero when both arguments are zero,
    Hw12(0, 0) = 0
    Aw12(0, 0) = 0
and if (A|B) has N least significant bits zero, then Hw12(A, B) and Hw34(A, B) have N least significant bits zero as well.

This means this is a hash algorithm, not encryption; many possible sources hash to the same result values, because the four functions above yield 16-bit results.  (Thus far, all Hw12(X,0) and Hw34(X,0) values I know are even.  That is, if X has N least significant bits zero, Hw12(X,0) and Hw34(X,0) have N+1 least significant bits zero.)

(Essentially, Hw12(A, B) and Hw34(A, B) map (2¹⁶)(1+2¹⁶)/2 = 2,147,516,416 distinct inputs, 0 <= A <= 255, 0 <= B <= A, to 65536 outputs.
If each request-response pair took 1 millisecond to obtain –– 1000 pairs per second ––, each of the functions would take 25 days to fully map.)

For the 65536 challenge-response pairs
    xx yy 00 00 00 00 00 0 0= zz ww ?? ?? ?? ?? ?? ??
or equivalent pairs (only differing at ??)
    00 00 xx yy 00 00 00 00 = ?? ?? zz ww ?? ?? ?? ??
we have
    Hw12(yyxx, 0) = Hw12(0, yyxx) = wwzz - yyxx - C6EA

Similarly, for the 65536 challenge-response pairs
    00 00 00 00 xx yy 00 00 = ?? ?? ?? ?? zz ww ?? ??
or equivalent pairs (only differing at ??)
    00 00 00 00 00 00 xx yy = ?? ?? ?? ?? ?? ?? zz ww
we have
    Hw34(yyxx, 0) = Hw34(0, yyxx) = wwzz - yyxx - E64C

@twizzter, would it be possible to get all responses for the 256×256 = 65536 challenges of form
    xx yy 00 00 00 00 00 00
as these should provide enough information to crack Hw12()?
It is a lot, I know.  How long does it take to get each challenge-response pair?
« Last Edit: November 05, 2023, 05:52:19 am by Nominal Animal »
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #33 on: November 05, 2023, 06:16:47 am »
I don't know what to make of the dominance of low-order zeroes in the challenge words. My initial thought was that this could be due to multiplying "something" by the challenge words, but that did not get me anywhere. So far I don't see any pattern there at all.
We know it is not a simple multiplication, because the number of leading zeroes changes the actual pattern; it does not just shift it:
Code: [Select]
Cw1  Rw1              Cw1            Rw1-C6EA             Rw1-C6EA-Cw1
0001 83DD  0000000000000001    1011'1100'1111'0011    1011'1100'1111'0010
0002 F2E8   000000000000001 0   001'0101'1111'1111 0   001'0101'1111'1110 0
0004 4CC6    00000000000001 00   10'0001'0111'0111 00   10'0001'0111'0110 00
0008 4582     0000000000001 000   0'1111'1101'0011 000   0'1111'1101'0010 000
0010 F9DA      000000000001 0000    0011'0010'1111 0000    0011'0010'1110 0000
0020 5ECA       00000000001 00000    100'1011'1111 00000    100'1011'1110 00000
0040 9EAA        0000000001 000000    11'0101'1111 000000    11'0101'1110 000000
0080 486A         000000001 0000000    1'0000'0011 0000000    1'0000'0010 0000000
0100 2DEA          00000001 00000000     0110'0111 00000000     0110'0110 00000000
0200 E4EA           0000001 000000000     000'1111 000000000     000'1110 000000000
0400 02EA            000001 0000000000     00'1111 0000000000     00'1110 0000000000
0800 BEEA             00001 00000000000     1'1111 00000000000     1'1110 00000000000
1000 36EA              0001 000000000000      0111 000000000000      0110 000000000000
2000 26EA               001 0000000000000      011 0000000000000      010 0000000000000
4000 86EA                01 00000000000000      11 00000000000000      10 00000000000000
8000 46EA                 1 000000000000000      1 000000000000000      0 000000000000000
and similarly the entire pattern changes depending on the number of leading ones:
Code: [Select]
Cw1  Rw1                          Cw1                 Rw1-C6EA             Rw1-C6EA-Cw1
8000 46EA                 1 000000000000000      1 000000000000000      0 000000000000000
C000 06EA                11 00000000000000      01 00000000000000      10 00000000000000
E000 66EA               111 0000000000000      101 0000000000000      110 0000000000000
F000 D6EA              1111 000000000000      0001 000000000000      0010 000000000000
F800 CEEA             11111 00000000000     0'0001 00000000000     0'0010 00000000000
FC00 0AEA            111111 0000000000     01'0001 0000000000     01'0010 0000000000
FE00 08EA           1111111 000000000     010'0001 000000000     010'0010 000000000
FF00 2FEA          11111111 00000000     0110'1001 00000000     0110'1010 00000000
FF80 D16A         111111111 0000000    0'0001'0101 0000000    0'0001'0110 0000000
FFC0 DD2A        1111111111 000000    00'0101'1001 000000    00'0101'1010 000000
FFE0 3F0A       11111111111 00000    011'1100'0001 00000    011'1100'0010 00000
FFF0 EDFA      111111111111 0000    0010'0111'0001 0000    0010'0111'0010 0000
FFF8 DF92     1111111111111 000   0'0011'0001'0101 000   0'0011'0001'0110 000
FFFC 4D2E    11111111111111 00   10'0001'1001'0001 00   10'0001'1001'0010 00
FFFE A90C   111111111111111 0   111'0001'0001'0001 0   111'0001'0001'0010 0
FFFF 310F  1111111111111111    0110'1010'0010'0101    0110'1010'0010'0110
At this point, I suspect we'll need a lot more responses for challenges
    xx yy 00 00 00 00 00 00
to be able to discover more.  If we had all 65536 of them, we could do shenanigans.
Even if the function cannot be discovered, with 131,072 bytes of Flash, one can just store the function as a look-up table.

The other set needed would be
    00 00 00 00 xx yy 00 00
so that the other hash function (used for Cw3 and Cw4) could be similarly properly explored.
Currently, we only have 58 of each of those patterns in dump1.txt (from reply #25) and dump2.txt (from reply #28).
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #34 on: November 05, 2023, 09:03:15 am »
How long does it take to get each challenge-response pair?
That might be a problem here.
While the response calculation time is very short, the board allows only one challenge query after ignition. Therefore i need to reset the PIC after each operation.
The board's startup takes about one second before it's ready to communicate.
 

Offline ozcar

  • Frequent Contributor
  • **
  • Posts: 338
  • Country: au
Re: Need help with reversing an old auth algo
« Reply #35 on: November 05, 2023, 10:22:57 pm »
There being more than 0xffff seconds in a day, if your MCU could pull the PIC /MCLR down, or perhaps reset it by cutting power to it off, then you might be able to spin through all possibilities for a 16-bit challenge word in a day or so.

However has it been established how big lookup table results can be combined? Say for example, how do you go from knowing the first two of these to the third?

Code: [Select]
ffff 0000 0000 0000  310f 3110 1315 1315
0000 0000 ffff 0000  1255 1255 495f 4960
ffff 0000 ffff 0000  f9d2 f9d3 9e0c 9e0d
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #36 on: November 06, 2023, 06:33:06 am »
However has it been established how big lookup table results can be combined?
No.

I also discovered by examining challenges 'xx yy 00 00 00 00 00 00', '00 00 00 00 xx yy 00 00', and 'xx yy 00 00 xx yy 00 00' for yyxx in 8000 C000 E000 F000 F800 FC00 FE00 FF00 ... FFF0 FFF8 FFFC FFFE, that the hash function cannot described as an addition between the two functions; the mixing step is more complicated.

It is possible that a mask is constructed from each challenge word, using
    Mw = Cw1 | Cw2 | Cw3 | Cw4
    Mw = Mw | (Mw << 1) | (Mw << 2) | ... | (Mw << 14) | (Mw << 15)
so that all bits above the least significant set bits are always set in the mask.  The result words would be calculated using three cryptographic hash functions S(A,B), H(A,B), and G(A, B) via
    Rw1 = 0xC6EA + Cw1 + (Mw & S(H(Cw1, Cw2), G(Cw3, Cw4)))
    Rw2 = 0xC6EA + Cw2 + (Mw & S(H(Cw1, Cw2), G(Cw3, Cw4))) = Rw1 - Cw1 + Cw2
    Rw3 = 0xE64C + Cw3 + (Mw & S(H(Cw3, Cw4), G(Cw1, Cw2)))
    Rw3 = 0xE64C + Cw4 + (Mw & S(H(Cw3, Cw4), G(Cw1, Cw2))) = Rw3 - Cw3 + Cw4
The use of such a mask would be extremely odd, because it only weakens the security of the system.  It really is a hash function that takes 64 bit input and yields a 32-bit output.

We do know that H() is associative: H(A,B) = H(B,A).  We also know that H() is not a simple addition, subtraction, or exclusive-OR of its arguments.  We do not have enough challenge-response pairs to tell if H(A,B) is actually H(A+B) or H(A^B), i.e. really a 16-bit to 16-bit function.
« Last Edit: November 06, 2023, 08:28:26 am by Nominal Animal »
 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #37 on: November 06, 2023, 08:27:59 am »
The information in each challenge-response pairs (as bytes)
    C1 C2 C3 C4 C5 C6 C7R1 R2 R3 R4 R5 R6 R7 R8
can be described as four 16-bit challenge and response words,
    C2C1 C4C3 C6C5 C8C7R2R1 R4R3 R6R5 R8R7
but the response itself only contains 32 bits of meaningful information,
    Rw12 = R2R1 - C2C1 - 0xC6EA = R4R3 - C4C3 - 0xC6EA
    Rw34 = R6R5 - C6C5 - 0xE64C = R8R7 - C8C7 - 0xE64C
and the other 32 bits (interleaved) is just superfluous information.

This is why I call this a 64-bit hash function with a 32-bit result.

Converting to this form, the current dataset we have is attached as dataset-12.txt (in hexadecimal and in binary).

We can derive key observations from the following patterns:
Code: [Select]
C2C1 C4C3 C6C5 C8C7 │ Rw12 Rw34 ║    C2        C1          C4        C3          C6        C5          C8        C7     │        Rw12                  Rw34
════════════════════╪═══════════╬═══════════════════════════════════════════════════════════════════════════════════════╪═══════════════════════════════════════════
0000 0000 0000 0000 │ 0000 0000 ║ 0000'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000 │ 0000'0000 0000'0000   0000'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFFF 0000 FFFF 0000 │ 32E9 B7C1 ║ 1111'1111 1111'1111   0000'0000 0000'0000   1111'1111 1111'1111   0000'0000 0000'0000 │ 0011'0010 1110'1001   1011'0111 1100'0001
0000 FFFF 0000 FFFF │ 32E9 B7C1 ║ 0000'0000 0000'0000   1111'1111 1111'1111   0000'0000 0000'0000   1111'1111 1111'1111 │ 0011'0010 1110'1001   1011'0111 1100'0001
FFFF 0000 0000 FFFF │ 32E9 B7C1 ║ 1111'1111 1111'1111   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'1111 │ 0011'0010 1110'1001   1011'0111 1100'0001
0000 FFFF FFFF 0000 │ 32E9 B7C1 ║ 0000'0000 0000'0000   1111'1111 1111'1111   1111'1111 1111'1111   0000'0000 0000'0000 │ 0011'0010 1110'1001   1011'0111 1100'0001
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
8000 0000 8000 0000 │ 8000 8000 ║ 1000'0000 0000'0000   0000'0000 0000'0000   1000'0000 0000'0000   0000'0000 0000'0000 │ 1000'0000 0000'0000   1000'0000 0000'0000
0000 8000 0000 8000 │ 8000 8000 ║ 0000'0000 0000'0000   1000'0000 0000'0000   0000'0000 0000'0000   1000'0000 0000'0000 │ 1000'0000 0000'0000   1000'0000 0000'0000
8000 0000 0000 8000 │ 8000 8000 ║ 1000'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1000'0000 0000'0000 │ 1000'0000 0000'0000   1000'0000 0000'0000
0000 8000 8000 0000 │ 8000 8000 ║ 0000'0000 0000'0000   1000'0000 0000'0000   1000'0000 0000'0000   0000'0000 0000'0000 │ 1000'0000 0000'0000   1000'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
C000 0000 C000 0000 │ 4000 C000 ║ 1100'0000 0000'0000   0000'0000 0000'0000   1100'0000 0000'0000   0000'0000 0000'0000 │ 0100'0000 0000'0000   1100'0000 0000'0000
0000 C000 0000 C000 │ 4000 C000 ║ 0000'0000 0000'0000   1100'0000 0000'0000   0000'0000 0000'0000   1100'0000 0000'0000 │ 0100'0000 0000'0000   1100'0000 0000'0000
C000 0000 0000 C000 │ 4000 C000 ║ 1100'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1100'0000 0000'0000 │ 0100'0000 0000'0000   1100'0000 0000'0000
0000 C000 C000 0000 │ 4000 C000 ║ 0000'0000 0000'0000   1100'0000 0000'0000   1100'0000 0000'0000   0000'0000 0000'0000 │ 0100'0000 0000'0000   1100'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
E000 0000 E000 0000 │ 2000 E000 ║ 1110'0000 0000'0000   0000'0000 0000'0000   1110'0000 0000'0000   0000'0000 0000'0000 │ 0010'0000 0000'0000   1110'0000 0000'0000
0000 E000 0000 E000 │ 2000 E000 ║ 0000'0000 0000'0000   1110'0000 0000'0000   0000'0000 0000'0000   1110'0000 0000'0000 │ 0010'0000 0000'0000   1110'0000 0000'0000
E000 0000 0000 E000 │ 2000 E000 ║ 1110'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1110'0000 0000'0000 │ 0010'0000 0000'0000   1110'0000 0000'0000
0000 E000 E000 0000 │ 2000 E000 ║ 0000'0000 0000'0000   1110'0000 0000'0000   1110'0000 0000'0000   0000'0000 0000'0000 │ 0010'0000 0000'0000   1110'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
F000 0000 F000 0000 │ 5000 9000 ║ 1111'0000 0000'0000   0000'0000 0000'0000   1111'0000 0000'0000   0000'0000 0000'0000 │ 0101'0000 0000'0000   1001'0000 0000'0000
0000 F000 0000 F000 │ 5000 9000 ║ 0000'0000 0000'0000   1111'0000 0000'0000   0000'0000 0000'0000   1111'0000 0000'0000 │ 0101'0000 0000'0000   1001'0000 0000'0000
F000 0000 0000 F000 │ 5000 9000 ║ 1111'0000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'0000 0000'0000 │ 0101'0000 0000'0000   1001'0000 0000'0000
0000 F000 F000 0000 │ 5000 9000 ║ 0000'0000 0000'0000   1111'0000 0000'0000   1111'0000 0000'0000   0000'0000 0000'0000 │ 0101'0000 0000'0000   1001'0000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
F800 0000 F800 0000 │ B800 A800 ║ 1111'1000 0000'0000   0000'0000 0000'0000   1111'1000 0000'0000   0000'0000 0000'0000 │ 1011'1000 0000'0000   1010'1000 0000'0000
0000 F800 0000 F800 │ B800 A800 ║ 0000'0000 0000'0000   1111'1000 0000'0000   0000'0000 0000'0000   1111'1000 0000'0000 │ 1011'1000 0000'0000   1010'1000 0000'0000
F800 0000 0000 F800 │ B800 A800 ║ 1111'1000 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1000 0000'0000 │ 1011'1000 0000'0000   1010'1000 0000'0000
0000 F800 F800 0000 │ B800 A800 ║ 0000'0000 0000'0000   1111'1000 0000'0000   1111'1000 0000'0000   0000'0000 0000'0000 │ 1011'1000 0000'0000   1010'1000 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FC00 0000 FC00 0000 │ B400 4C00 ║ 1111'1100 0000'0000   0000'0000 0000'0000   1111'1100 0000'0000   0000'0000 0000'0000 │ 1011'0100 0000'0000   0100'1100 0000'0000
0000 FC00 0000 FC00 │ B400 4C00 ║ 0000'0000 0000'0000   1111'1100 0000'0000   0000'0000 0000'0000   1111'1100 0000'0000 │ 1011'0100 0000'0000   0100'1100 0000'0000
FC00 0000 0000 FC00 │ B400 4C00 ║ 1111'1100 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1100 0000'0000 │ 1011'0100 0000'0000   0100'1100 0000'0000
0000 FC00 FC00 0000 │ B400 4C00 ║ 0000'0000 0000'0000   1111'1100 0000'0000   1111'1100 0000'0000   0000'0000 0000'0000 │ 1011'0100 0000'0000   0100'1100 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FE00 0000 FE00 0000 │ BE00 DE00 ║ 1111'1110 0000'0000   0000'0000 0000'0000   1111'1110 0000'0000   0000'0000 0000'0000 │ 1011'1110 0000'0000   1101'1110 0000'0000
0000 FE00 0000 FE00 │ BE00 DE00 ║ 0000'0000 0000'0000   1111'1110 0000'0000   0000'0000 0000'0000   1111'1110 0000'0000 │ 1011'1110 0000'0000   1101'1110 0000'0000
FE00 0000 0000 FE00 │ BE00 DE00 ║ 1111'1110 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1110 0000'0000 │ 1011'1110 0000'0000   1101'1110 0000'0000
0000 FE00 FE00 0000 │ BE00 DE00 ║ 0000'0000 0000'0000   1111'1110 0000'0000   1111'1110 0000'0000   0000'0000 0000'0000 │ 1011'1110 0000'0000   1101'1110 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FF00 0000 FF00 0000 │ 0D00 6D00 ║ 1111'1111 0000'0000   0000'0000 0000'0000   1111'1111 0000'0000   0000'0000 0000'0000 │ 0000'1101 0000'0000   0110'1101 0000'0000
0000 FF00 0000 FF00 │ 0D00 6D00 ║ 0000'0000 0000'0000   1111'1111 0000'0000   0000'0000 0000'0000   1111'1111 0000'0000 │ 0000'1101 0000'0000   0110'1101 0000'0000
FF00 0000 0000 FF00 │ 0D00 6D00 ║ 1111'1111 0000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 0000'0000 │ 0000'1101 0000'0000   0110'1101 0000'0000
0000 FF00 FF00 0000 │ 0D00 6D00 ║ 0000'0000 0000'0000   1111'1111 0000'0000   1111'1111 0000'0000   0000'0000 0000'0000 │ 0000'1101 0000'0000   0110'1101 0000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FF80 0000 FF80 0000 │ 0480 F580 ║ 1111'1111 1000'0000   0000'0000 0000'0000   1111'1111 1000'0000   0000'0000 0000'0000 │ 0000'0100 1000'0000   1111'0101 1000'0000
0000 FF80 0000 FF80 │ 0480 F580 ║ 0000'0000 0000'0000   1111'1111 1000'0000   0000'0000 0000'0000   1111'1111 1000'0000 │ 0000'0100 1000'0000   1111'0101 1000'0000
FF80 0000 0000 FF80 │ 0480 F580 ║ 1111'1111 1000'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1000'0000 │ 0000'0100 1000'0000   1111'0101 1000'0000
0000 FF80 FF80 0000 │ 0480 F580 ║ 0000'0000 0000'0000   1111'1111 1000'0000   1111'1111 1000'0000   0000'0000 0000'0000 │ 0000'0100 1000'0000   1111'0101 1000'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFC0 0000 FFC0 0000 │ F8C0 6640 ║ 1111'1111 1100'0000   0000'0000 0000'0000   1111'1111 1100'0000   0000'0000 0000'0000 │ 1111'1000 1100'0000   0110'0110 0100'0000
0000 FFC0 0000 FFC0 │ F8C0 6640 ║ 0000'0000 0000'0000   1111'1111 1100'0000   0000'0000 0000'0000   1111'1111 1100'0000 │ 1111'1000 1100'0000   0110'0110 0100'0000
FFC0 0000 0000 FFC0 │ F8C0 6640 ║ 1111'1111 1100'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1100'0000 │ 1111'1000 1100'0000   0110'0110 0100'0000
0000 FFC0 FFC0 0000 │ F8C0 6640 ║ 0000'0000 0000'0000   1111'1111 1100'0000   1111'1111 1100'0000   0000'0000 0000'0000 │ 1111'1000 1100'0000   0110'0110 0100'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFE0 0000 FFE0 0000 │ D820 1620 ║ 1111'1111 1110'0000   0000'0000 0000'0000   1111'1111 1110'0000   0000'0000 0000'0000 │ 1101'1000 0010'0000   0001'0110 0010'0000
0000 FFE0 0000 FFE0 │ D820 1620 ║ 0000'0000 0000'0000   1111'1111 1110'0000   0000'0000 0000'0000   1111'1111 1110'0000 │ 1101'1000 0010'0000   0001'0110 0010'0000
FFE0 0000 0000 FFE0 │ D820 1620 ║ 1111'1111 1110'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1110'0000 │ 1101'1000 0010'0000   0001'0110 0010'0000
0000 FFE0 FFE0 0000 │ D820 1620 ║ 0000'0000 0000'0000   1111'1111 1110'0000   1111'1111 1110'0000   0000'0000 0000'0000 │ 1101'1000 0010'0000   0001'0110 0010'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFF0 0000 FFF0 0000 │ 7F70 9330 ║ 1111'1111 1111'0000   0000'0000 0000'0000   1111'1111 1111'0000   0000'0000 0000'0000 │ 0111'1111 0111'0000   1001'0011 0011'0000
0000 FFF0 0000 FFF0 │ 7F70 9330 ║ 0000'0000 0000'0000   1111'1111 1111'0000   0000'0000 0000'0000   1111'1111 1111'0000 │ 0111'1111 0111'0000   1001'0011 0011'0000
FFF0 0000 0000 FFF0 │ 7F70 9330 ║ 1111'1111 1111'0000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'0000 │ 0111'1111 0111'0000   1001'0011 0011'0000
0000 FFF0 FFF0 0000 │ 7F70 9330 ║ 0000'0000 0000'0000   1111'1111 1111'0000   1111'1111 1111'0000   0000'0000 0000'0000 │ 0111'1111 0111'0000   1001'0011 0011'0000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFF8 0000 FFF8 0000 │ 0BE8 E548 ║ 1111'1111 1111'1000   0000'0000 0000'0000   1111'1111 1111'1000   0000'0000 0000'0000 │ 0000'1011 1110'1000   1110'0101 0100'1000
0000 FFF8 0000 FFF8 │ 0BE8 E548 ║ 0000'0000 0000'0000   1111'1111 1111'1000   0000'0000 0000'0000   1111'1111 1111'1000 │ 0000'1011 1110'1000   1110'0101 0100'1000
FFF8 0000 0000 FFF8 │ 0BE8 E548 ║ 1111'1111 1111'1000   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'1000 │ 0000'1011 1110'1000   1110'0101 0100'1000
0000 FFF8 FFF8 0000 │ 0BE8 E548 ║ 0000'0000 0000'0000   1111'1111 1111'1000   1111'1111 1111'1000   0000'0000 0000'0000 │ 0000'1011 1110'1000   1110'0101 0100'1000
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFFC 0000 FFFC 0000 │ 756C 174C ║ 1111'1111 1111'1100   0000'0000 0000'0000   1111'1111 1111'1100   0000'0000 0000'0000 │ 0111'0101 0110'1100   0001'0111 0100'1100
0000 FFFC 0000 FFFC │ 756C 174C ║ 0000'0000 0000'0000   1111'1111 1111'1100   0000'0000 0000'0000   1111'1111 1111'1100 │ 0111'0101 0110'1100   0001'0111 0100'1100
FFFC 0000 0000 FFFC │ 756C 174C ║ 1111'1111 1111'1100   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'1100 │ 0111'0101 0110'1100   0001'0111 0100'1100
0000 FFFC FFFC 0000 │ 756C 174C ║ 0000'0000 0000'0000   1111'1111 1111'1100   1111'1111 1111'1100   0000'0000 0000'0000 │ 0111'0101 0110'1100   0001'0111 0100'1100
────────────────────┼───────────╫───────────────────────────────────────────────────────────────────────────────────────┼───────────────────────────────────────────
FFFE 0000 FFFE 0000 │ 3746 EA42 ║ 1111'1111 1111'1110   0000'0000 0000'0000   1111'1111 1111'1110   0000'0000 0000'0000 │ 0011'0111 0100'0110   1110'1010 0100'0010
0000 FFFE 0000 FFFE │ 3746 EA42 ║ 0000'0000 0000'0000   1111'1111 1111'1110   0000'0000 0000'0000   1111'1111 1111'1110 │ 0011'0111 0100'0110   1110'1010 0100'0010
FFFE 0000 0000 FFFE │ 3746 EA42 ║ 1111'1111 1111'1110   0000'0000 0000'0000   0000'0000 0000'0000   1111'1111 1111'1110 │ 0011'0111 0100'0110   1110'1010 0100'0010
0000 FFFE FFFE 0000 │ 3746 EA42 ║ 0000'0000 0000'0000   1111'1111 1111'1110   1111'1111 1111'1110   0000'0000 0000'0000 │ 0011'0111 0100'0110   1110'1010 0100'0010

Because Rw12 and Rw34 are the same regardless of swapping C2C1C4C3 and C6C5C8C7, we can define the hash algorithm as
    Rw12 = Mw & S1(H1(C2C1, C4C3), G1(C6C5, C8C7))
    Rw34 = Mw & S2(H2(C6C5, C8C7), G2(C2C1, C4C3))
where H1(), H2(), S1(), S2(), G1(), and G2() are functions that take two 16-bit arguments, and return one 16-bit result, and Mw is a mask where all bits above the least significant bit set in any challenge word are set, i.e.
    M' = C2C1 | C4C3 | C6C5 | C8C7
    Mw = M' | (M'<<1) | (M'<<2) | ... | (M'<<14) | (M'<<15)
which is easy to generate even on a small PIC.  The actual responses are then constructed from Rw12 and Rw34,
    R2R1 = Rw12 + C2C1 + 0xC6EA
    R4R3 = Rw12 + C4C3 + 0xC6EA
    R6R5 = Rw34 + C6C5 + 0xE64C
    R8R7 = Rw34 + C8C7 + 0xE64C
which fulfills the symmetries and patterns we have thus far observed.  I have also verified that addition (+) and not exclusive-or matches the current dataset.  (Adding 0xC6EA is equivalent to substracting 0x3916, and adding 0xE64C is equivalent to substracting 0x19B4, using 16-bit modular (wraparound) arithmetic.)

Similarities indicate that the functions are very likely similar, for example only differing by some 16-bit seed value; i.e. that they all are actually just F(A, B, seed).

We do not yet know enough challenge-response pairs to determine if some/any of the functions are actually just 16-bit in, 16-bit out: Fn(A, B) = Fn(A B) for some arithmetic operator ⊕ like addition, subtraction, or exclusive-OR.  If it is, then patterns
    C1 C2 C3 C4 00 00 00 00
    C5 C6 00 00 00 00 00 00
will have the exact same response result Rw12 when
    C6C5 = C2C1 C4C3
and similarly for Rw34 when the leading four bytes of each challenge are zeroes.
If we find any pair where the responses differ, that immediately excludes that particular arithmetic operator ⊕, so C2C1 and C4C3 should have relatively random bit patterns, so we don't accidentally assume false proof based on other quirks of the functions.

Here are a six such challenge sets for addition, subtraction, xor, and or each, in case twizzter could work these through:
Code: [Select]
48 1D 09 B8 00 00 00 00 # 0x1D48 + 0xB809 = 0xD551
51 D5 00 00 00 00 00 00
00 00 00 00 48 1D 09 B8
00 00 00 00 51 D5 00 00
BB 24 B1 40 00 00 00 00 # 0x24BB + 0x40B1 = 0x656C
6C 65 00 00 00 00 00 00
00 00 00 00 BB 24 B1 40
00 00 00 00 6C 65 00 00
2D 91 3E DD 00 00 00 00 # 0x912D + 0xDD3E = 0x6E6B
6B 6E 00 00 00 00 00 00
00 00 00 00 2D 91 3E DD
00 00 00 00 6B 6E 00 00
D6 90 DE 46 00 00 00 00 # 0x90D6 + 0x46DE = 0xD7B4
B4 D7 00 00 00 00 00 00
00 00 00 00 D6 90 DE 46
00 00 00 00 B4 D7 00 00
38 85 74 D4 00 00 00 00 # 0x8538 + 0xD474 = 0x59AC
AC 59 00 00 00 00 00 00
00 00 00 00 38 85 74 D4
00 00 00 00 AC 59 00 00
8A BA 64 FD 00 00 00 00 # 0xBA8A + 0xFD64 = 0xB7EE
EE B7 00 00 00 00 00 00
00 00 00 00 8A BA 64 FD
00 00 00 00 EE B7 00 00
14 91 B3 D2 00 00 00 00 # 0x9114 - 0xD2B3 = 0xBE61
61 BE 00 00 00 00 00 00
00 00 00 00 14 91 B3 D2
00 00 00 00 61 BE 00 00
35 97 20 9C 00 00 00 00 # 0x9735 - 0x9C20 = 0xFB15
15 FB 00 00 00 00 00 00
00 00 00 00 35 97 20 9C
00 00 00 00 15 FB 00 00
AA 48 3C DB 00 00 00 00 # 0x48AA - 0xDB3C = 0x6D6E
6E 6D 00 00 00 00 00 00
00 00 00 00 AA 48 3C DB
00 00 00 00 6E 6D 00 00
75 5C AE 4B 00 00 00 00 # 0x5C75 - 0x4BAE = 0x10C7
C7 10 00 00 00 00 00 00
00 00 00 00 75 5C AE 4B
00 00 00 00 C7 10 00 00
25 29 85 CE 00 00 00 00 # 0x2925 - 0xCE85 = 0x5AA0
A0 5A 00 00 00 00 00 00
00 00 00 00 25 29 85 CE
00 00 00 00 A0 5A 00 00
DB 04 2F A8 00 00 00 00 # 0x04DB - 0xA82F = 0x5CAC
AC 5C 00 00 00 00 00 00
00 00 00 00 DB 04 2F A8
00 00 00 00 AC 5C 00 00
75 5F 54 E7 00 00 00 00 # 0x5F75 ^ 0xE754 = 0xB821
21 B8 00 00 00 00 00 00
00 00 00 00 75 5F 54 E7
00 00 00 00 21 B8 00 00
13 22 85 62 00 00 00 00 # 0x2213 ^ 0x6285 = 0x4096
96 40 00 00 00 00 00 00
00 00 00 00 13 22 85 62
00 00 00 00 96 40 00 00
9D 16 18 5F 00 00 00 00 # 0x169D ^ 0x5F18 = 0x4985
85 49 00 00 00 00 00 00
00 00 00 00 9D 16 18 5F
00 00 00 00 85 49 00 00
1A EC 65 91 00 00 00 00 # 0xEC1A ^ 0x9165 = 0x7D7F
7F 7D 00 00 00 00 00 00
00 00 00 00 1A EC 65 91
00 00 00 00 7F 7D 00 00
6D A2 CF 50 00 00 00 00 # 0xA26D ^ 0x50CF = 0xF2A2
A2 F2 00 00 00 00 00 00
00 00 00 00 6D A2 CF 50
00 00 00 00 A2 F2 00 00
F9 A2 45 FC 00 00 00 00 # 0xA2F9 ^ 0xFC45 = 0x5EBC
BC 5E 00 00 00 00 00 00
00 00 00 00 F9 A2 45 FC
00 00 00 00 BC 5E 00 00
AA 1F 52 23 00 00 00 00 # 0x1FAA | 0x2352 = 0x3FFA
FA 3F 00 00 00 00 00 00
00 00 00 00 AA 1F 52 23
00 00 00 00 FA 3F 00 00
B9 5F A1 21 00 00 00 00 # 0x5FB9 | 0x21A1 = 0x7FB9
B9 7F 00 00 00 00 00 00
00 00 00 00 B9 5F A1 21
00 00 00 00 B9 7F 00 00
E6 80 A5 66 00 00 00 00 # 0x80E6 | 0x66A5 = 0xE6E7
E7 E6 00 00 00 00 00 00
00 00 00 00 E6 80 A5 66
00 00 00 00 E7 E6 00 00
70 EA 2B B2 00 00 00 00 # 0xEA70 | 0xB22B = 0xFA7B
7B FA 00 00 00 00 00 00
00 00 00 00 70 EA 2B B2
00 00 00 00 7B FA 00 00
30 F0 3D A3 00 00 00 00 # 0xF030 | 0xA33D = 0xF33D
3D F3 00 00 00 00 00 00
00 00 00 00 30 F0 3D A3
00 00 00 00 3D F3 00 00
E5 82 50 7B 00 00 00 00 # 0x82E5 | 0x7B50 = 0xFBF5
F5 FB 00 00 00 00 00 00
00 00 00 00 E5 82 50 7B
00 00 00 00 F5 FB 00 00

Basically, this set is a fishing expedition: if it succeeds, we've discovered something that hugely simplifies the algorithm – but it might say no, too.
« Last Edit: November 06, 2023, 08:40:58 am by Nominal Animal »
 

Offline twizzterTopic starter

  • Contributor
  • Posts: 24
  • Country: de
Re: Need help with reversing an old auth algo
« Reply #38 on: November 06, 2023, 05:14:14 pm »
Here are a six such challenge sets for addition, subtraction, xor, and or each, in case twizzter could work these through:
[...]
Basically, this set is a fishing expedition: if it succeeds, we've discovered something that hugely simplifies the algorithm – but it might say no, too.
Little fishes (hopefully) below:
Code: [Select]
0048 001D 0009 00B8 0000 0000 0000 0000     0084 00C0 0045 005B 00AB 0095 00AB 0095
0051 00D5 0000 0000 0000 0000 0000 0000     008D 0063 003C 008E 004B 0007 004B 0007
0000 0000 0000 0000 0048 001D 0009 00B8     0063 00F3 0063 00F3 0030 00AE 00F1 0048
0000 0000 0000 0000 0051 00D5 0000 0000     0083 00D8 0083 00D8 0039 0028 00E8 0052
00BB 0024 00B1 0040 0000 0000 0000 0000     0015 0086 000B 00A2 0058 0050 0058 0050
006C 0065 0000 0000 0000 0000 0000 0000     003E 00BF 00D2 0059 0068 0099 0068 0099
0000 0000 0000 0000 00BB 0024 00B1 0040     00E2 0020 00E2 0020 006F 00E6 0065 0002
0000 0000 0000 0000 006C 0065 0000 0000     007E 00AF 007E 00AF 0038 00CF 00CC 0069
002D 0091 003E 00DD 0000 0000 0000 0000     0005 0033 0016 007F 0081 00F0 0081 00F0
006B 006E 0000 0000 0000 0000 0000 0000     00E3 00A8 0078 003A 00B1 002F 00B1 002F
0000 0000 0000 0000 002D 0091 003E 00DD     0079 003C 0079 003C 006D 00AF 007E 00FB
0000 0000 0000 0000 006B 006E 0000 0000     0089 003D 0089 003D 008B 0073 0020 0005
00D6 0090 00DE 0046 0000 0000 0000 0000     0018 0068 0020 001E 00F8 0073 00F8 0073
00B4 00D7 0000 0000 0000 0000 0000 0000     0096 0001 00E2 0029 0020 002F 0020 002F
0000 0000 0000 0000 00D6 0090 00DE 0046     00E6 005D 00E6 005D 00E2 00FE 00EA 00B4
0000 0000 0000 0000 00B4 00D7 0000 0000     0066 0077 0066 0077 00A0 002E 00EC 0056
0038 0085 0074 00D4 0000 0000 0000 0000     004A 0072 0086 00C1 00E8 00E3 00E8 00E3
00AC 0059 0000 0000 0000 0000 0000 0000     00FE 0092 0052 0039 0028 0081 0028 0081
0000 0000 0000 0000 0038 0085 0074 00D4     00DE 0065 00DE 0065 00C4 00D5 0000 0025
0000 0000 0000 0000 00AC 0059 0000 0000     003E 00B6 003E 00B6 0078 0008 00CC 00AE
008A 00BA 0064 00FD 0000 0000 0000 0000     0038 0075 0012 00B8 006E 00E3 006E 00E3
00EE 00B7 0000 0000 0000 0000 0000 0000     001C 0060 002E 00A8 003E 0068 003E 0068
0000 0000 0000 0000 008A 00BA 0064 00FD     009C 0051 009C 0051 009E 0021 0078 0064
0000 0000 0000 0000 00EE 00B7 0000 0000     000C 0069 000C 0069 00C2 00F4 00D4 003C
0014 0091 00B3 00D2 0000 0000 0000 0000     0074 0049 0013 008B 006D 00ED 006D 00ED
0061 00BE 0000 0000 0000 0000 0000 0000     007D 0071 001C 00B3 009B 008C 009B 008C
0000 0000 0000 0000 0014 0091 00B3 00D2     00FD 008B 00FD 008B 00D4 0028 0073 006A
0000 0000 0000 0000 0061 00BE 0000 0000     00B3 008E 00B3 008E 00C9 0082 0068 00C4
0035 0097 0020 009C 0000 0000 0000 0000     0089 0075 0074 007A 000F 0089 000F 0089
0015 00FB 0000 0000 0000 0000 0000 0000     00E9 006D 00D4 0072 004F 002A 004F 002A
0000 0000 0000 0000 0035 0097 0020 009C     004F 00AC 004F 00AC 009D 006D 0088 0072
0000 0000 0000 0000 0015 00FB 0000 0000     008F 00F8 008F 00F8 007D 0099 0068 009E
00AA 0048 003C 00DB 0000 0000 0000 0000     0048 002B 00DA 00BD 0056 0070 0056 0070
006E 006D 0000 0000 0000 0000 0000 0000     009C 00D0 002E 0063 00BE 001D 00BE 001D
0000 0000 0000 0000 00AA 0048 003C 00DB     00D4 0003 00D4 0003 005E 0042 00F0 00D4
0000 0000 0000 0000 006E 006D 0000 0000     008C 0062 008C 0062 0042 00AE 00D4 0040
0075 005C 00AE 004B 0000 0000 0000 0000     007D 00DF 00B6 00CE 00C9 006A 00C9 006A
00C7 0010 0000 0000 0000 0000 0000 0000     00A7 0025 00E0 0014 00AD 001A 00AD 001A
0000 0000 0000 0000 0075 005C 00AE 004B     0051 003E 0051 003E 00D5 00D1 000E 00C1
0000 0000 0000 0000 00C7 0010 0000 0000     003D 0082 003D 0082 0087 00BA 00C0 00A9
0025 0029 0085 00CE 0000 0000 0000 0000     0003 00AD 0063 0052 0002 0026 0002 0026
00A0 005A 0000 0000 0000 0000 0000 0000     004A 0002 00AA 00A7 00AC 00E0 00AC 00E0
0000 0000 0000 0000 0025 0029 0085 00CE     00D4 0081 00D4 0081 00C1 00D9 0021 007F
0000 0000 0000 0000 00A0 005A 0000 0000     000A 0033 000A 0033 00EC 0037 004C 00DD
00DB 0004 002F 00A8 0000 0000 0000 0000     0039 005E 008D 0001 00CA 00AB 00CA 00AB
00AC 005C 0000 0000 0000 0000 0000 0000     00FE 002F 0052 00D3 0028 0076 0028 0076
0000 0000 0000 0000 00DB 0004 002F 00A8     00C4 0082 00C4 0082 00F7 0057 004B 00FB
0000 0000 0000 0000 00AC 005C 0000 0000     003E 0065 003E 0065 0078 00A3 00CC 0046
0075 005F 0054 00E7 0000 0000 0000 0000     0041 0083 0020 000B 0083 00C7 0083 00C7
0021 00B8 0000 0000 0000 0000 0000 0000     00BD 0001 009C 0049 00DB 003E 00DB 003E
0000 0000 0000 0000 0075 005F 0054 00E7     006B 00F1 006B 00F1 005D 00AB 003C 0033
0000 0000 0000 0000 0021 00B8 0000 0000     00F3 0089 00F3 0089 0089 0023 0068 006B
0013 0022 0085 0062 0000 0000 0000 0000     0055 009E 00C7 00DE 00B4 0011 00B4 0011
0096 0040 0000 0000 0000 0000 0000 0000     0094 0002 00FE 00C1 00D6 0070 00D6 0070
0000 0000 0000 0000 0013 0022 0085 0062     00D6 00B0 00D6 00B0 00E7 00B2 0059 00F3
0000 0000 0000 0000 0096 0040 0000 0000     0094 0045 0094 0045 00CA 00A2 0034 0062
009D 0016 0018 005F 0000 0000 0000 0000     00B1 0053 002C 009C 008F 008E 008F 008E
0085 0049 0000 0000 0000 0000 0000 0000     00F9 00A5 0074 005C 003F 00EA 003F 00EA
0000 0000 0000 0000 009D 0016 0018 005F     00EF 00DB 00EF 00DB 0085 0099 0000 00E2
0000 0000 0000 0000 0085 0049 0000 0000     005F 00C7 005F 00C7 006D 00C7 00E8 007D
001A 00EC 0065 0091 0000 0000 0000 0000     002A 00FB 0075 00A0 0095 00A5 0095 00A5
007F 007D 0000 0000 0000 0000 0000 0000     008F 00E1 0010 0064 0095 0076 0095 0076
0000 0000 0000 0000 001A 00EC 0065 0091     00D5 00D3 00D5 00D3 007A 0052 00C5 00F7
0000 0000 0000 0000 007F 007D 0000 0000     00D5 0079 00D5 0079 00DF 0046 0060 00C9
006D 00A2 00CF 0050 0000 0000 0000 0000     0087 0023 00E9 00D1 00C8 0078 00C8 0078
00A2 00F2 0000 0000 0000 0000 0000 0000     0048 00AF 00A6 00BC 0042 00E1 0042 00E1
0000 0000 0000 0000 006D 00A2 00CF 0050     00B2 00D0 00B2 00D0 00C1 00F2 0023 00A1
0000 0000 0000 0000 00A2 00F2 0000 0000     0018 0012 0018 0012 0076 0003 00D4 0010
00F9 00A2 0045 00FC 0000 0000 0000 0000     00CF 001B 001B 0075 0036 005D 0036 005D
00BC 005E 0000 0000 0000 0000 0000 0000     006E 006A 00B2 000B 0038 008A 0038 008A
0000 0000 0000 0000 00F9 00A2 0045 00FC     0010 0075 0010 0075 0035 0077 0081 00D0
0000 0000 0000 0000 00BC 005E 0000 0000     00AE 00C8 00AE 00C8 0008 0053 004C 00F4
00AA 001F 0052 0023 0000 0000 0000 0000     005C 0052 0004 0056 00E0 0029 00E0 0029
00FA 003F 0000 0000 0000 0000 0000 0000     0090 0059 0096 0019 00EA 00DF 00EA 00DF
0000 0000 0000 0000 00AA 001F 0052 0023     001E 001A 001E 001A 00F6 0073 009E 0077
0000 0000 0000 0000 00FA 003F 0000 0000     0010 0092 0010 0092 006E 0012 0074 00D2
00B9 005F 00A1 0021 0000 0000 0000 0000     00D7 00A2 00BF 0064 0042 001A 0042 001A
00B9 007F 0000 0000 0000 0000 0000 0000     0005 0084 004C 0004 0023 0075 0023 0075
0000 0000 0000 0000 00B9 005F 00A1 0021     0074 0001 0074 0001 0075 0069 005D 002B
0000 0000 0000 0000 00B9 007F 0000 0000     000B 00E0 000B 00E0 0041 00EC 0088 006C
00E6 0080 00A5 0066 0000 0000 0000 0000     00FE 000A 00BD 00F0 00C1 008F 00C1 008F
00E7 00E6 0000 0000 0000 0000 0000 0000     0087 009B 00A0 00B4 000D 00E5 000D 00E5
0000 0000 0000 0000 00E6 0080 00A5 0066     0079 00AB 0079 00AB 00A6 0047 0065 002D
0000 0000 0000 0000 00E7 00E6 0000 0000     005D 0069 005D 0069 00A7 00BD 00C0 00D6
0070 00EA 002B 00B2 0000 0000 0000 0000     0008 0042 00C3 0009 0021 00E7 0021 00E7
007B 00FA 0000 0000 0000 0000 0000 0000     0053 009F 00D8 00A4 0041 00F6 0041 00F6
0000 0000 0000 0000 0070 00EA 002B 00B2     0099 0027 0099 0027 0010 0032 00CB 00F9
0000 0000 0000 0000 007B 00FA 0000 0000     0079 00D7 0079 00D7 001B 00E4 00A0 00E9
0030 00F0 003D 00A3 0000 0000 0000 0000     00B4 00A6 00C1 0059 0017 000C 0017 000C
003D 00F3 0000 0000 0000 0000 0000 0000     0021 00FC 00E4 0008 00E7 00B0 00E7 00B0
0000 0000 0000 0000 0030 00F0 003D 00A3     0067 0025 0067 0025 00F8 00B5 0005 0069
0000 0000 0000 0000 003D 00F3 0000 0000     0097 00F9 0097 00F9 0085 003C 0048 0049
00E5 0082 0050 007B 0000 0000 0000 0000     0079 00DC 00E4 00D4 00EF 005B 00EF 005B
00F5 00FB 0000 0000 0000 0000 0000 0000     0009 0094 0014 0098 00EF 00A7 00EF 00A7
0000 0000 0000 0000 00E5 0082 0050 007B     00AF 002A 00AF 002A 004D 0030 00B8 0028
0000 0000 0000 0000 00F5 00FB 0000 0000     00EF 003B 00EF 003B 005D 00B7 0068 00BB

 

Offline Nominal Animal

  • Super Contributor
  • ***
  • Posts: 6749
  • Country: fi
    • My home page and email address
Re: Need help with reversing an old auth algo
« Reply #39 on: November 07, 2023, 08:51:52 am »
No catch, I'm afraid.  We ruled out Hn(A, B) = Hn(A B) for ⊕ being addition, subtraction, inclusive-or, or exclusive-or.
It is still possible it is true for some other simple associative sequence of operations instead of just A B, though; perhaps nibble-swapping and addition/substraction/xor?
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf