A89: Re: faking a rom
[Prev][Next][Index][Thread]
A89: Re: faking a rom
Just one question, why are "we" all of sudden assuming that the key is
512-bits? I think it's a far, more reasonable number (*hint*) something
like 24-64-bit. But I'm probably wrong...
Juan
TI-Net @ http://www.tinews.net
----- Original Message -----
From: "Robin Kirkman" <misty@drrobin.yi.org>
To: <assembly-89@lists.ticalc.org>
Sent: Saturday, June 03, 2000 3:04 PM
Subject: A89: faking a rom
>
> i just thought of a way to reduce the amount of brute forcing for
generationg
> your own ROM from 2^512 to 2^68...
>
> I make the assumption that the 512bit checksum is really just 8 RC5
checksums
> (64bits each), that was then encrypted w/ RSA.
>
> I also make the assumption that the checksums are sequential, eg:
>
> There is 1mb of FlashRom.
> There are 8 checksums.
> the 1st 128kb are used for checksum 1
> the 2nd 128kb are used for checksum 2
> the 3rd 128kb are used for checksum 3
> etc..
>
> rather than trying to brute force the RC5, which has not only a big key
size,
> but is slow, instead focus on the rc5.
> essentially, i can change that first 128kb of flashrom any way i like,
provided
> that the rc5 checksum for it is the same as the rc5 checksum for the
original.
> since an rc5 checksum is 64 bits, and each bit of the input is equally
likely to
> change any bit on the output...
> leave 8 bytes (64 bits) that you are going to brute force with. run the
rc5 on
> that 1st 128kb with different values for those 64bits, and eventually, you
will
> get an rc5 checksum that matches the original!
>
> on average, brute forcing one of the rc5 checksums will take 2^63
operations.
> on average, brute forcing all 8 will take 2^66 tries.
>
> this is within the limits of modern day computing!
> if we can write our own rom image with correct checksums, we can, for
example,
> modify it to not check the checksums on applications... thereby removing
the
> necessity to purchase TI's SDK.
>
> anyone else got ideas for this?
> --robin
>
Follow-Ups:
References: