Re: A89: RE: rom checksum


[Prev][Next][Index][Thread]

Re: A89: RE: rom checksum




I was getting my info from _Applied_Cryptography_, by Bruce Schneier.

Anyways... If the calculator used -only- MD5 to create the checksum,
them it would be easy to generate our own checksums whenever we wanted.
What TI has done, i think, is to have 4 MD5 checksums (totaling 512
bits) and then use the RSA algorythm to encrypt them.

Please keep in mind i'm pulling most of this info outta my ass, if
somebody wants to verify how the ti89 does the checksum, i'd be much
obliged...

Anyways, RSA has two keys. One of them TI keeps secret, and the other is
inside the calculator rom. Because of the way the algorythm works, if
you encrypt something with one key, the only way to decrypt it is with
the other key. By encrypting the ROM's checksum with their secret
(private) key, it is now only decryptable with the public key, which is
inside the ROM. If the calculator decrypts the checksums with the public
key and it doesn't match a checksum that it calculates itself, then it
declares the ROM to be crap.

Anyways, what it gets down to is this- there is a VERY large number
stored in the ROM somewhere that is the product of two very large
primes. If we could factor this number and find out what the primes are,
then we could break the encryption. However, that would kinda take a
while.

Hrm... does anybody here have access to a supercomputer? Like a
university one, or something? I think 56-bit RSA (The maximum legal
exportable, i believe) can be broken in a few days with some of the more
powerfull computers. Although it might take a few weeks to factor that
number, it would be a whole lot cheaper than paying for signatures :)

Anyways, that's prolly enough rambling for me now...
--robin

Javier wrote:
> 
> Where can I find info on RSA, MD5, etc .
> I would love  to know what you are talking about !!
> Bye
> Javier
> PD Why are you so happy, is MD5 easier to hack,why ??
> 
> -----Mensaje original-----
> De: Robin Kirkman <misty@drrobin.yi.org>
> Para: assembly-89@lists.ticalc.org <assembly-89@lists.ticalc.org>
> Fecha: Miércoles 8 de Diciembre de 1999 21:06 p.m.
> Asunto: A89: rom checksum
> 
> >
> >The calculator uses MD5 to compute the ROM checksum when it recieves a
> >ROM, right?
> >The general opinion is that it uses RSA, but has TI verified this?
> >There -are- MD5 romcalls, though...
> >
> >Well... MD5 is not a public/private key algorythm.
> >MD5 is a hashing algorythm.
> >With a single key. (Not public/private)
> >Guess what that means...
> >
> >
> >s
> >
> >p
> >
> >o
> >
> >i
> >
> >l
> >
> >e
> >
> >r
> >
> >
> >
> >s
> >
> >p
> >
> >a
> >
> >c
> >
> >e
> >
> >
> >It means the key is in the ROM already!
> >You just have to step through it, find the routine in the boot loader
> >that does the actual MD5 hashing, and the key will be there too!
> >Hehe, this means free app signing... ;)
> >
> >A bit for the crypto nuts:
> >MD5 produces a 128bit checksum, whereas the 89 is rumored to have a 512
> >bit one.
> >Well, what's to stop TI from having FOUR 128bit checksums? That comes
> >out to 512.
> >Sneaky, eh?
> >
> >Well, i'll be off to go look for code which resembles MD5.
> >Anybody who wants to join, feel free!
> >--robin
> >


Follow-Ups: References: