Menu
▾
▴
Re: [Openbeacon-openamd] Decrypting 25C3 data
|
From: Tomasz R. <bog...@po...> - 2009-02-26 10:33:12
|
Dnia 2009-02-25, śro o godzinie 12:56 +0100, Manuel Prinz pisze: > Hi Tomasz! > > Thanks for your answer! > > You wrote: > > I tried to write some Python script to do it, but so far > > had problems with extracting packet data from dump - I am > > not exactly networking expert, so tcpdump and pcap are > > rather mysterious beasts to me. > > Well, I would not consider myself an expert in this area as well. I just > started with pcap and am surprised how neat and easy it actually is. > > > Can you publish this program somewhere or put it on the list - so > > we could look at it? > > Sure. I can't access the files right now but will send them here. It's > quite hackish, though. > > > At the beginning you should see many tags with beta key - and > > later you should see more and more tags with final 25C3 key. > > Occasionally you should also see tags with key from 24C3. > > Is there any sane way of determining which key to use? As I currently see > it, the protocol version information is /inside/ the encrypted data, so > the only way I see to retrieve the packet data is to try every key and > check for the packet that has the correct CRC, right? > Yea, I would also do so. As a side note, during 24C3, because there was so much transmissions in 2.4 range, few (23, to be exact) packets that are present in data set, were not from tags, but were captured, decrypted, and had matching CRC - so they were included into data set. You can recognise them because they have IDs larger than 10000. As a thumb-rule I would say that packets from 26th and beginning or 27th Dec should be decrypted using 24C3 key; after beginning or Congress (so starting at 12:00) there should be tags with beta key (about 50 of them IIRC), and on 28th there should be more and more packets with real 25C3 key. Beta key should disappear during 28th - as beta testers would come to our booth and had their tags reflashed with final firmware. -- Tomasz Rybak <bog...@po...> GPG key ID: F22C D870 Fingerprint 93BC FEEC A426 3765 799F 10EE FAC1 9A2C F22C D870 http://member.acm.org/~tomaszrybak |
