Products > Other Equipment & Products

Identifying the MCU from RT85 handheld Radio

<< < (4/4)

EOZ:
I'm using the internal GPU in the Intel processor. A toy GPU, but nearly 70 times faster than  a single CPU core. Not bad at all :-)

I had the opportunity to make a quick test on a RTX2070 and whoa!, it is fast! but not enough. The worst case scenario is still around 15 years.

I'm wondering if a FPGA or an small number of them would be a better approach.

andynvkz:
I bought myself an rtx3080ti, if you have a ready-made bruteforce program, would you like to share it? since I don't have much time to study cuda yet

amyk:

--- Quote from: EOZ on June 18, 2021, 04:16:56 pm ---I have been trying to find the 32-bit block cipher used in the firmware with no success yet. Microcontroller is read protected, so no clean firmware reading is possible.
--- End quote ---
Try power glitching or other side-channel attacks. That's probably going to be easier than bruteforcing a key. (Do we know what else could contain the key, besides the MCU itself?)

andynvkz:

--- Quote from: amyk on August 27, 2021, 01:52:45 am ---
--- Quote from: EOZ on June 18, 2021, 04:16:56 pm ---I have been trying to find the 32-bit block cipher used in the firmware with no success yet. Microcontroller is read protected, so no clean firmware reading is possible.
--- End quote ---
Try power glitching or other side-channel attacks. That's probably going to be easier than bruteforcing a key. (Do we know what else could contain the key, besides the MCU itself?)

--- End quote ---

hello, there is no password in the firmware for the firmware, it is only in the MCU-LDROM, or hack the TYT server, then maybe we will get the firmware source)))

EOZ:
Yes... the key is in the LDROM (bootloader), but of course it is read protected.

Glitching or sidechannel attacks? It would be nice but I have no experience in that and the manufacturer's datasheet say it is resistant to glitching attacks: "The SC95F751X has very excellent anti-jamming performance". If it is true, it will not be easy.

I'm going to try the FPGA route. It is a good excuse to play with them.

Navigation

[0] Message Index

[*] Previous page

There was an error while thanking
Thanking...
Go to full version