Changes

Jump to navigation Jump to search
96 bytes added ,  15:59, 20 March 2018
Line 11: Line 11:  
=== Part 3 ===
 
=== Part 3 ===
 
1. Gets a 0x28 byte response from Syscon with a 0x20 buffer.
 
1. Gets a 0x28 byte response from Syscon with a 0x20 buffer.
2. Decrypt with AES-128-CBC with all zero IV and a shared key. On 1.69 it is <pre>9E34087C48985B4B351A63572D9B481B</pre>
+
2. Decrypt with AES-128-CBC with IV from part 2 (it is the last ciphertext generated, or the last 16 bytes of the ciphertext sent from F00D) and a shared key. On 1.69 it is <pre>9E34087C48985B4B351A63572D9B481B</pre>
 
3. Check that first 8 byte matches unknown and next 8 byte matches the F00D nonce generated in part 1.
 
3. Check that first 8 byte matches unknown and next 8 byte matches the F00D nonce generated in part 1.
 
4. Encrypt the same buffer back using a shared key. On 1.69 it is <pre>EBE3460D84A41754AC441368CF0200D8</pre> and the IV will be the last 16 bytes from the encrypted input buffer.
 
4. Encrypt the same buffer back using a shared key. On 1.69 it is <pre>EBE3460D84A41754AC441368CF0200D8</pre> and the IV will be the last 16 bytes from the encrypted input buffer.
 
5. Append the header <pre>30 04 00 0F 00 00 00 00</pre>
 
5. Append the header <pre>30 04 00 0F 00 00 00 00</pre>

Navigation menu