#1
|
|||
|
|||
What is the relation
I have another Hardware Authorization Problem I am Working through. This one is tougher, as it isn't using decimal numbers.
These Hardware serial numbers result in the following Authorization Codes. I haven't been able to find a pattern in how they are generated yet. There is no authorization code check in the software (as it just uses hyperterminal to take the codes. 1420249 RU2MSJFRPS8YFTPT 1427534 RU2MKBCH6S8Y6TPT 1340639 RU2BP2G5FS8YGTPT 0871023 RU278BZ36S8Y9TPT 0930753 QV6T5TRFA45N3S8S 0959088 PJ7XNEN42BMZQEQE 1328702 F45E8LESGTPJPDAD 0871013 9H3FPYTRLV6X7U2U 1038660 9H35TJFXMV6X6U2U 2172325 8YTPCMV3GK9HGBMB 1328727 8YGULR2C7K9H9BMB 0874531 8YGLQ4D9LK9H5BMB Anyone suggestions? Lol |
#2
|
||||
|
||||
dump the instructions in the hardware
__________________
AKA Solomon/blowfish. |
#3
|
|||
|
|||
Looks like 5 bit encoding with alphabet "23456789ABCDEFGHJKLMNPQRSTUVXYZ"
~24 bit in ~80 bit out. Codes format shows it's something primitive. |
#4
|
|||
|
|||
I think it is something fairly simple as well, as it is just running on a motorolla processor. I haven't had a chance to take the hardware apart to look at it yet.
Some patterns I've noticed in the serial numbers themselves: The first two letters seem to directly influence the last 3 letters in cluster 3 and 4, IE: RU2M SJFR PS8Y FTPT RU2M KBCH 6S8Y 6TPT RU2B P2G5 FSS8Y GTPT RU27 8BZ3 6S8Y 9TPT QV6T 5TRF A45N 3S8S PJ7X NEN4 2BMZ QEQE F45E 8LES GTPJ PDAD 9H3F PYTR LV6X 7U2U 9H35 TJFX MV6X 6U2U 8YTP CMV3 GK9H GBMB 8YGU LR2C 7K9H 9BMB 8YGL Q4D9 LK9H 5BMB Last edited by psgama; 05-22-2018 at 10:43. |
#5
|
|||
|
|||
The dictionary seems to be 23456789ABCDEFGHJKLMNPQRSTUVWXYZ
|
#6
|
|||
|
|||
Really?
See #3 |
#7
|
|||
|
|||
Sorry, did not see that. I have written a small tool to convert each 4 digit part of the code back to base 10 and am doing comparisons on them now. Appreciate the comment
|
#8
|
|||
|
|||
Determining this empirically is going to be at least NP-hard if done truly generally. Yes if it was a simple naïve implementation you might be able to find something without sophisticated models. But ideally, you would have to disassemble the hardware, dump flash ROMs, or even use fabrication lab type equipment to splice and photograph and reconstruct the digital circuits inside chips. Perhaps if you give the number of clock cycles it takes to compute, the maximum number of and/or gates could be estimated which would limit computation complexity, though the size of the chip and memory also would need to be known as time-space tradeoff must be considered. But if complex enough such as using any of the standard crypto algorithms, or worse a large hardware table, then at best you will be stabbing in the dark.
|
#9
|
|||
|
|||
any crypto transformation adds high entropy, while we can see lots of constant blocks.
Would be nice to see Authorization Codes for a X and X+1 SN. BTW if alphabet chars order is right here are bitstreams (two usual ways): 1420249 (0x15abd9): be813c41b7ae0dd6e6b9 57838961bb159bde72cd 1427534 (0x15c84e): be8138a54f260dd266b9 578319937a049b4e72cd 1340639 (0x1474df): be809a81c36e0dd766b9 578354811b0d9bee72cd 871023 (0x0d4a6f): be805327c1260dd3e6b9 578362920f049b7e72cd 930753 (0x0e33c1): b6c991e6ed408740e0d8 76933cf26d480c1ab0c1 959088 (0x0ea270): ac0bca32820267eb32cc 15164e1915204d6f9965 1328702 (0x14463e): 6886c34998766b0aad0b 4d0c6624c32e5758175a 871013 (0x0d4a65): 3bc2daf73796c9c2e81a e785567bbe72135e34d0 1038660 (0x0fd944): 3bc23cc1bc9ec9c2681a e7859161e373134e34d0 2172325 (0x2125a5): 3773554f61744ef72669 a6e7aae60e2e9ee7d24c 1328727 (0x144657): 375da95c0a2c4ef3a669 a63b2d2f50259e77d24c 874531 (0x0d5823): 375d2b0967944ef1a669 a63b69c53a329e37d24c Last edited by ketan; 06-03-2018 at 08:23. |
#10
|
|||
|
|||
I have these S/N / Authcode combinations which are the closest group together.
1328702/F45E 8LES GTPJ PDAD 1328727/8YGU LR2C 7K9H 9BMB 1328729/PJ74 6F5P 5BMZ CEFE It's looking like the formula is well hidden in this instance. Last edited by psgama; 06-08-2018 at 11:45. |
|
|