From 37f95f67fec2b2460903ffa5255b1beeba1731fd Mon Sep 17 00:00:00 2001 From: Amaury Pouly Date: Thu, 27 Oct 2016 23:06:16 +0200 Subject: nwztools/upgtools: rewrite keysig brute force search The new search has two new features: - it takes advantage of the fact that DES keys are only 56-bit long (and not 64) - it is now multithreaded As a proof of concept, I ran it on the A10 series firmware upgrade and was able to find the key in a few seconds using 4 threads. The search is still limited to ascii hex passwords (seems to work on all devices I have tried thus far). Change-Id: Ied080286d2bbdc493a6ceaecaaadba802b429666 --- utils/nwztools/upgtools/mg.cpp | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'utils/nwztools/upgtools/mg.cpp') diff --git a/utils/nwztools/upgtools/mg.cpp b/utils/nwztools/upgtools/mg.cpp index 21659ff3cf..f02b67375a 100644 --- a/utils/nwztools/upgtools/mg.cpp +++ b/utils/nwztools/upgtools/mg.cpp @@ -28,24 +28,23 @@ using namespace CryptoPP; namespace { - ECB_Mode< DES >::Decryption g_dec; - ECB_Mode< DES >::Encryption g_enc; - inline int dec_des_ecb(void *in, int size, void *out, uint8_t *key) { + ECB_Mode< DES >::Decryption dec; if(size % 8) return 42; - g_dec.SetKey(key, 8); - g_dec.ProcessData((byte*)out, (byte*)in, size); + dec.SetKey(key, 8); + dec.ProcessData((byte*)out, (byte*)in, size); return 0; } inline int enc_des_ecb(void *in, int size, void *out, uint8_t *key) { + ECB_Mode< DES >::Encryption enc; if(size % 8) return 42; - g_enc.SetKey(key, 8); - g_enc.ProcessData((byte*)out, (byte*)in, size); + enc.SetKey(key, 8); + enc.ProcessData((byte*)out, (byte*)in, size); return 0; } } -- cgit v1.2.3