Doom9's Forum - View Single Post

candela · 28th March 2018, 00:42

So.. it seems the encryption method has changed from FW4.46 to FW4.50. The firmware is 30KB bigger and the private host key is no longer found

I compared FW4.50 and FW4.53 and found that one of the differences is a block of 4048 bytes (=253x16 bytes). It looks exactly the same as the difference between the device key block of FW4.20 and FW4.46. So that block very likely contains the device keys. However, they are not encrypted with the usual aes-256-ctr key like the device key masks.

Also the device key masks in FW4.46 and FW4.50 appear to be the same. I'm not sure but I think this means the device keys are also the same. So possibly the only change in FW4.50 is a new host certificate and a different encryption method.

Now only to figure out how they are encrypted.

28th March 2018, 00:42	#16 \| Link
candela Registered User Join Date: Jun 2005 Posts: 259	So.. it seems the encryption method has changed from FW4.46 to FW4.50. The firmware is 30KB bigger and the private host key is no longer found I compared FW4.50 and FW4.53 and found that one of the differences is a block of 4048 bytes (=253x16 bytes). It looks exactly the same as the difference between the device key block of FW4.20 and FW4.46. So that block very likely contains the device keys. However, they are not encrypted with the usual aes-256-ctr key like the device key masks. Also the device key masks in FW4.46 and FW4.50 appear to be the same. I'm not sure but I think this means the device keys are also the same. So possibly the only change in FW4.50 is a new host certificate and a different encryption method. Now only to figure out how they are encrypted.