You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If I understand correctly, once provisioned, the device sends some packet containing JSON ciphered with a staticdevice-specific AES key.
What ciphering suite is being used ? EBC ? CTR ?
Because if it's any of those 2, then it can be possible to figure out the key by monitoring the WIFI's network traffic.
Technically, the ciphered packet's bytes are pkt(i) = msg(i) XOR transformedKey(i) and since msg(i) is { for i == 0, and } for i == msg.length-1, then you can figure out the transformedKey(i) byte-by-byte while sending packets of different size (for example, by changing the SSID length on your WIFI router)
So the step by step guide would be:
Prepare some wifi AP with TCP dump capability (or use a WIFI sniffer)
Unprovision your vacuum
Set up the WIFI's on your vacuum while capturing all packets
Extract the transformedKey(0) and transformedKey(msg.length -1) from the equation above
Change the SSID's name to one more byte
Set up wifi again
Extract transformedKey(msg.length - 1) for the next byte of the AES key
Repeat until you've the complete AES key.
As a side remark, since first JSON is produced by the same software, it's possible to guess more than one byte at a time, since the first part of the message will be the same {"id":.
Obviously, this fails if the AES key changes (which, I don't think it does as I understand it), or if the IV used is based on some random event (but, if it's based on NTP time, it's completely hackable too).
Can someone confirm the ciphering scheme used ?
The text was updated successfully, but these errors were encountered:
What about WiFi encryption or why would one attack it's own device this way having direct hardware access? Provisining and unprovisioning is very time consuming
If I understand correctly, once provisioned, the device sends some packet containing JSON ciphered with a static device-specific AES key.
What ciphering suite is being used ? EBC ? CTR ?
Because if it's any of those 2, then it can be possible to figure out the key by monitoring the WIFI's network traffic.
Technically, the ciphered packet's bytes are
pkt(i) = msg(i) XOR transformedKey(i)
and sincemsg(i)
is{
fori == 0
, and}
fori == msg.length-1
, then you can figure out thetransformedKey(i)
byte-by-byte while sending packets of different size (for example, by changing the SSID length on your WIFI router)So the step by step guide would be:
transformedKey(0)
andtransformedKey(msg.length -1)
from the equation abovetransformedKey(msg.length - 1)
for the next byte of the AES keyAs a side remark, since first JSON is produced by the same software, it's possible to guess more than one byte at a time, since the first part of the message will be the same
{"id":
.Obviously, this fails if the AES key changes (which, I don't think it does as I understand it), or if the IV used is based on some random event (but, if it's based on NTP time, it's completely hackable too).
Can someone confirm the ciphering scheme used ?
The text was updated successfully, but these errors were encountered: