What is the relation

[psgama]

I have another Hardware Authorization Problem I am Working through. This one is tougher, as it isn't using decimal numbers.

These Hardware serial numbers result in the following Authorization Codes.
I haven't been able to find a pattern in how they are generated yet.

There is no authorization code check in the software (as it just uses hyperterminal to take the codes.

1420249 RU2MSJFRPS8YFTPT
1427534 RU2MKBCH6S8Y6TPT
1340639 RU2BP2G5FS8YGTPT
0871023 RU278BZ36S8Y9TPT
0930753 QV6T5TRFA45N3S8S
0959088 PJ7XNEN42BMZQEQE
1328702 F45E8LESGTPJPDAD
0871013 9H3FPYTRLV6X7U2U
1038660 9H35TJFXMV6X6U2U
2172325 8YTPCMV3GK9HGBMB
1328727 8YGULR2C7K9H9BMB
0874531 8YGLQ4D9LK9H5BMB

Anyone suggestions? Lol

[WhoCares]

dump the instructions in the hardware

[ketan]

Looks like 5 bit encoding with alphabet "23456789ABCDEFGHJKLMNPQRSTUVXYZ"

~24 bit in ~80 bit out. Codes format shows it's something primitive.

[psgama]

I think it is something fairly simple as well, as it is just running on a motorolla processor. I haven't had a chance to take the hardware apart to look at it yet.

Some patterns I've noticed in the serial numbers themselves:

The first two letters seem to directly influence the last 3 letters in cluster 3 and 4, IE:

RU2M SJFR PS8Y FTPT
RU2M KBCH 6S8Y 6TPT
RU2B P2G5 FSS8Y GTPT
RU27 8BZ3 6S8Y 9TPT
QV6T 5TRF A45N 3S8S
PJ7X NEN4 2BMZ QEQE
F45E 8LES GTPJ PDAD
9H3F PYTR LV6X 7U2U
9H35 TJFX MV6X 6U2U
8YTP CMV3 GK9H GBMB
8YGU LR2C 7K9H 9BMB
8YGL Q4D9 LK9H 5BMB

[psgama]

The dictionary seems to be 23456789ABCDEFGHJKLMNPQRSTUVWXYZ

[ketan]

Really?

See #3

[psgama]

Sorry, did not see that. I have written a small tool to convert each 4 digit part of the code back to base 10 and am doing comparisons on them now. Appreciate the comment

[chants]

Determining this empirically is going to be at least NP-hard if done truly generally. Yes if it was a simple naïve implementation you might be able to find something without sophisticated models. But ideally, you would have to disassemble the hardware, dump flash ROMs, or even use fabrication lab type equipment to splice and photograph and reconstruct the digital circuits inside chips. Perhaps if you give the number of clock cycles it takes to compute, the maximum number of and/or gates could be estimated which would limit computation complexity, though the size of the chip and memory also would need to be known as time-space tradeoff must be considered. But if complex enough such as using any of the standard crypto algorithms, or worse a large hardware table, then at best you will be stabbing in the dark.

[ketan]

any crypto transformation adds high entropy, while we can see lots of constant blocks.

Would be nice to see Authorization Codes for a X and X+1 SN.

BTW if alphabet chars order is right here are bitstreams (two usual ways):

1420249 (0x15abd9):
be813c41b7ae0dd6e6b9
57838961bb159bde72cd
1427534 (0x15c84e):
be8138a54f260dd266b9
578319937a049b4e72cd
1340639 (0x1474df):
be809a81c36e0dd766b9
578354811b0d9bee72cd
871023 (0x0d4a6f):
be805327c1260dd3e6b9
578362920f049b7e72cd
930753 (0x0e33c1):
b6c991e6ed408740e0d8
76933cf26d480c1ab0c1
959088 (0x0ea270):
ac0bca32820267eb32cc
15164e1915204d6f9965
1328702 (0x14463e):
6886c34998766b0aad0b
4d0c6624c32e5758175a
871013 (0x0d4a65):
3bc2daf73796c9c2e81a
e785567bbe72135e34d0
1038660 (0x0fd944):
3bc23cc1bc9ec9c2681a
e7859161e373134e34d0
2172325 (0x2125a5):
3773554f61744ef72669
a6e7aae60e2e9ee7d24c
1328727 (0x144657):
375da95c0a2c4ef3a669
a63b2d2f50259e77d24c
874531 (0x0d5823):
375d2b0967944ef1a669
a63b69c53a329e37d24c

[psgama]

I have these S/N / Authcode combinations which are the closest group together.

1328702/F45E 8LES GTPJ PDAD
1328727/8YGU LR2C 7K9H 9BMB
1328729/PJ74 6F5P 5BMZ CEFE

It's looking like the formula is well hidden in this instance.