Menu
▾
▴
Re: [Openbeacon-openamd] Decrypting 25C3 data
|
From: Tomasz R. <bog...@po...> - 2009-02-24 23:06:39
|
Dnia 2009-02-24, wto o godzinie 16:19 +0100, Manuel Prinz pisze: > Hi folks, > > I wrote a small C program using libpcap to extract the beacon data of the > 25C3 raw packet dataset. This works pretty well so far, meaning I can > fetch the payload (16 bytes of beacon data) but unfortunately I am not > able to decrypt it using the XX-TEA algorithm and the key published on the > wiki. I do not know where the problem is exactly, so I'd to check with you > if my algoritm is right (pseudo-code): > I tried to write some Python script to do it, but so far had problems with extracting packet data from dump - I am not exactly networking expert, so tcpdump and pcap are rather mysterious beasts to me. Can you publish this program somewhere or put it on the list - so we could look at it? > 1. Extract payload from packet (16 bytes) > 2. Convert payload from network to host byte-order in 4-byte blocks > 3. Decrypt payload with XX-TEA and published key > > I tried several ways of changing the byte-order (or not changing it at > all) and different keys but I was not able to get correct results. I > verify the result by the flags field in byte 6 (should be 0 or 2) and byte > 1 (protocol version?) which should be constant. Unfortunately, I just get > random numbers. At the beginning you should see many tags with beta key - and later you should see more and more tags with final 25C3 key. Occasionally you should also see tags with key from 24C3. > > It would be really cool if you could point to me what I did wrong or if > you could verify the key is correct. I spent quite some time with > debugging already and am totally out of ideas. TIA! Show the source! ;-) -- Tomasz Rybak <bog...@po...> GPG key ID: F22C D870 Fingerprint 93BC FEEC A426 3765 799F 10EE FAC1 9A2C F22C D870 http://member.acm.org/~tomaszrybak |
