User talk:Zer0Tolerance
thanks :) Euss
User:Zer0Tolerance under observation because of posting strong SEXual content ;) - (User:Roxanne 17th December 2015 / 16:19 GMT+1)
Good joke, thanks. (User:Zer0Tolerance 17th December 2015 / 18:51 GMT+1)
About eid2 des iv
just a quick heads up. both eid2 des ivs (the zeroed one and the other one) are valid to use. in a way, both glevand (zero iv) and naehrwert (fixed iv) are correct. make sure you consult with naehrwert for more info.
@zecoxao Just use openssl des-cbc -d -in pblock.desenc -out pblock.dec -nosalt -K 6CCAB35405FA562C -iv 989A955EFDE7A748 -p -nopad and openssl des-cbc -d -in pblock.desenc -out pblock.dec -nosalt -K 6CCAB35405FA562C -iv 0 -p -nopad Only the second one vector is valid. Thank You.
@Zer0Tolerance
it's very rare to see naehrwert wrong. maybe the algorithm is handled differently in libeeid(polarssl) than in openssl? i'll talk to him when i have a chance ;) either way, thanks :)
@zecoxao
Im sorry, but iv must be zero. :(
@ZeroTolerance
I'm almost sure i was able to decrypt default.spp
please check all 3.15 key combinations possible.
Thanks :)
@zecoxao
Im checked it and could not decrypt metainfo into default spp, please provide me the decrypted metainfo as proof.
@ZeroTolerance
Unfortunately i don't have it anymore. but i'll try to decrypt it anyways :)
@zecoxao
Please recheck (retry) it if possible. Im sure that we needed another key(set) to decrypt default.spp for ceb.
@ZeroTolerance
yes, you're correct. just tested other combinations and none of them work.
About EID0_0_UNK1
@ZeroTolerance
Pretty sure it's z1 and z2 (2 hashes). looks like it's a metadata of sorts :)
@Zecoxao
Maybe, maybe not. hash algorithm is unknown yet.
@ZeroTolerance
Have you tried checking if it's a pub from another curve?
@Zecoxao
Pub is a point with X and Y. One Pub for one Priv. These "hashes" are not constants. So this is not a Pub. It can be two hmac-sha1 or something. IDK what is this.
EEPROM Syscon Probing
- some useful links:
http://dangerousprototypes.com/docs/Bus_Pirate_101_tutorial (bus pirate)
https://www.saleae.com/downloads (logic analyzer)
- Analyzer settings:
http://pastie.org/private/khwaczthr5j2td9jmdfihq
- Bus pirate settings:
http://pastie.org/private/mqycmj8ynxj5mdzttrgpca
- More info:
http://pastie.org/private/f7siriweadsnrpq6dilq
- Write Unlock command:
0xA3 0x00 0x00
- Write command:
0xA4 0xXX 0xXX (XX XX is block id)
- Read command:
0xA8 0xXX 0xXX (XX XX is block id)
- Check Status command:
0xA9 0x00 0x00 0x00
- Some proof
https://mega.co.nz/#!hssQHZhI!bNMS3MgWx21iUrfLGBSoB2bA3Mfe3DVL23y_SENzDUw
https://mega.co.nz/#!wl8wSCKK!ZZkgeKd8hdRCMRpA2oWrrV5lirjupF_4k9boJkBpBfM
you need https://www.saleae.com/downloads
- https://mega.co.nz/#!UltlyCTL!TAooXpYEWU3DmYlnHbY1FX4IX8WwdZlLeSOXh9mh3nM
- https://mega.co.nz/#!MwEXmQwI!iWQ6Z6-5GhnX0-9r1FBPw9cpOBfKJCna-0dT2GSUj9E
dump of eeprom with above data
Thank you for puppies
http://www.st-andrews.ac.uk/nightline/wp-content/uploads/puppies.jpeg
Not sure if you took a look at this table Talk:RCOXML_Objects#WidgetType, i made it thanks to your research with VSH_Exports#paf, but im having a problem, by looking at RCO stuff i think there are a couple of vsh exports missing in your list, not sure how you are getting them (reversing the hash from nids i guess), i know the codenames of some rco stuff so i can imagine the vsh export names that should have, please take a look if this ones exists
- paf::PhPlaneDiv::WidgetType(void)
- paf::PhPrim::WidgetType(void)
I am using a FNID_Validator, this tool just calculates a hash from function name, i guessing function name and verifying hash. I also using fnid_bruteforcer to bruteforce a few chars at the tail of function name. You found correct function name, just mangled it and validated: _ZN3paf10PhPlaneDiv10WidgetTypeEv FNID is 0xE36C18F5 I also tryed to find second one, but no luck. Thanks a lot.