A89: faking a rom


[Prev][Next][Index][Thread]

A89: faking a rom




i just thought of a way to reduce the amount of brute forcing for generationg
your own ROM from 2^512 to 2^68...

I make the assumption that the 512bit checksum is really just 8 RC5 checksums
(64bits each), that was then encrypted w/ RSA.

I also make the assumption that the checksums are sequential, eg:

There is 1mb of FlashRom.
There are 8 checksums.
the 1st 128kb are used for checksum 1
the 2nd 128kb are used for checksum 2
the 3rd 128kb are used for checksum 3
etc..

rather than trying to brute force the RC5, which has not only a big key size,
but is slow, instead focus on the rc5.
essentially, i can change that first 128kb of flashrom any way i like, provided
that the rc5 checksum for it is the same as the rc5 checksum for the original.
since an rc5 checksum is 64 bits, and each bit of the input is equally likely to
change any bit on the output...
leave 8 bytes (64 bits) that you are going to brute force with. run the rc5 on
that 1st 128kb with different values for those 64bits, and eventually, you will
get an rc5 checksum that matches the original!

on average, brute forcing one of the rc5 checksums will take 2^63 operations.
on average, brute forcing all 8 will take 2^66 tries.

this is within the limits of modern day computing!
if we can write our own rom image with correct checksums, we can, for example,
modify it to not check the checksums on applications... thereby removing the
necessity to purchase TI's SDK.

anyone else got ideas for this?
--robin



Follow-Ups: