Ernie Secure
Jump to navigation
Jump to search
Syscon 0xD0 handshake
1. Generate an empty buffer
30 00 00 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
and send it to Syscon.
2. Syscon returns header + 8 byte challenge.
3. F00D composes a response that is
30 02 00 0F
header a
01 00 00 00
counter, 8 bytes of RNG value, 8 bytes copied from challenge, and 16 bytes of shared data. On 1.69, the shared data is
C8 6B 51 FB 01 9A 20 7F 32 11 8E 55 46 2D 50 08
4. This data is encrypted using AES-128-CBC with all zero IV and a shared key. On 1.69, it is
50 E4 C3 A7 72 64 16 7C 40 9C 72 A9 B5 7A 86 09