Possible attack on the ciphering key #106
Comments
|
What about WiFi encryption or why would one attack it's own device this way having direct hardware access? Provisining and unprovisioning is very time consuming |
|
Why did you close this?
pt., 20 lip 2018, 00:15 użytkownik Dennis Giese <notifications@github.com>
napisał:
… Closed #106 <#106>.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#106 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AEuIVRFSc95nKDPlHKHkbRYOf8JTlBqEks5uIQT4gaJpZM4TFey2>
.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If I understand correctly, once provisioned, the device sends some packet containing JSON ciphered with a static device-specific AES key.
What ciphering suite is being used ? EBC ? CTR ?
Because if it's any of those 2, then it can be possible to figure out the key by monitoring the WIFI's network traffic.
Technically, the ciphered packet's bytes are
pkt(i) = msg(i) XOR transformedKey(i)and sincemsg(i)is{fori == 0, and}fori == msg.length-1, then you can figure out thetransformedKey(i)byte-by-byte while sending packets of different size (for example, by changing the SSID length on your WIFI router)So the step by step guide would be:
transformedKey(0)andtransformedKey(msg.length -1)from the equation abovetransformedKey(msg.length - 1)for the next byte of the AES keyAs a side remark, since first JSON is produced by the same software, it's possible to guess more than one byte at a time, since the first part of the message will be the same
{"id":.Obviously, this fails if the AES key changes (which, I don't think it does as I understand it), or if the IV used is based on some random event (but, if it's based on NTP time, it's completely hackable too).
Can someone confirm the ciphering scheme used ?
The text was updated successfully, but these errors were encountered: