Difference between revisions of "Ernie Secure"
(→Part 3) |
(→Part 3) |
||
| Line 11: | Line 11: | ||
=== Part 3 === | === Part 3 === | ||
1. Gets a 0x28 byte response from Syscon with a 0x20 buffer. | 1. Gets a 0x28 byte response from Syscon with a 0x20 buffer. | ||
| − | 2. Decrypt with AES-128-CBC with IV from part 2 (it is the last ciphertext generated, or the last 16 bytes of the ciphertext sent from F00D) and a shared key. On 1.69 it is < | + | 2. Decrypt with AES-128-CBC with IV from part 2 (it is the last ciphertext generated, or the last 16 bytes of the ciphertext sent from F00D) and a shared key. On 1.69 it is <code>9E34087C48985B4B351A63572D9B481B</code> |
3. Check that first 8 byte matches unknown and next 8 byte matches the F00D nonce generated in part 1. | 3. Check that first 8 byte matches unknown and next 8 byte matches the F00D nonce generated in part 1. | ||
| − | 4. Encrypt the same buffer back using a shared key. On 1.69 it is < | + | 4. Encrypt the same buffer back using a shared key for 16 bytes. On 1.69 it is <code>EBE3460D84A41754AC441368CF0200D8</code> and the IV will be the last 16 bytes from the encrypted input buffer. |
| − | 5. | + | 5. This is now the session key! |
Revision as of 16:27, 20 March 2018
Syscon 0xD0 four part key exchange
Part 1
1. Generate an empty buffer
30 00 00 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
and send it to Syscon.
2. Syscon returns header + 8 byte challenge.
Part 2
1. F00D composes a response that is
30 02 00 0F
header a
01 00 00 00
counter, 8 bytes of RNG value, 8 bytes copied from challenge, and 16 bytes of shared data. On 1.69, the shared data is
C86B51FB019A207F32118E55462D5008
2. This data is encrypted using AES-128-CBC with all zero IV and a shared key. On 1.69, it is
50E4C3A77264167C409C72A9B57A8609
Part 3
1. Gets a 0x28 byte response from Syscon with a 0x20 buffer.
2. Decrypt with AES-128-CBC with IV from part 2 (it is the last ciphertext generated, or the last 16 bytes of the ciphertext sent from F00D) and a shared key. On 1.69 it is 9E34087C48985B4B351A63572D9B481B
3. Check that first 8 byte matches unknown and next 8 byte matches the F00D nonce generated in part 1.
4. Encrypt the same buffer back using a shared key for 16 bytes. On 1.69 it is EBE3460D84A41754AC441368CF0200D8 and the IV will be the last 16 bytes from the encrypted input buffer.
5. This is now the session key!