#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    2
    Rep Power
    0

    Need assistance in decoding some stuff...


    Good day,
    I'm working on electronics project(customizing some wireless controller) and currently I'm really stuck at one point where I need to decrypt an output of one sensor. The sensor is spitting out a series of encrypted data like this:

    1. 67B52492F7BECDFEC
    2. 67BB74D934CFDBB04
    3. 6F1E2CAD3C1514ABA
    4. ...

    I would be really grateful for a tip/hint/tool/idea/method/software for detecting the algorithm(AES, RC4, TEA, ....) used to encrypt the data. Is it possible, at last?
  2. #2
  3. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,417
    Rep Power
    1871
    So where is the documentation for this sensor we can go and read?

    > 67,B5,24,92,F7,BE,CD,FE,C
    This isn't an even number of nibbles, so what exactly are you receiving?
    How did you determine that the messages are framed as you show in your post.

    It seems unlikely that it's bytes such as
    0x67 0xB5 0x24 0x92 0xF7 0xBE 0xCD 0xFE 0xC?

    Is it an ASCII string "67B52492F7BECDFEC" perhaps?
    Last edited by salem; September 26th, 2012 at 11:32 PM.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper
  4. #3
  5. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,316
    Rep Power
    7171
    Is the output just coming from a simple sensor? Most sensors wouldn't have the computational power to perform any sort of complicated encryption. Or is the value going through some sort of controller first that's applying encryption?
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2012
    Posts
    2
    Rep Power
    0
    salem, E-Oreo, thanks a lot for your response.
    So where is the documentation for this sensor we can go and read?
    Of course, I studied all available documentation before posting, however, this product is not meant for direct dissasembly or customization, so there's no even a hint about all the encryption stuff. Also tried to contact the manufacturer, but got no response. The thing I'm trying to hack is Czech-made RC-60 Remote Control, if it matters.(jablotron.com/en/Catalog/home+automation/wireless+transmitters/rc60+remote+control/)

    > 67,B5,24,92,F7,BE,CD,FE,C
    This isn't an even number of nibbles, so what exactly are you receiving?
    How did you determine that the messages are framed as you show in your post.
    I suppose, it is a custom control protocol. The data is framed similar to RC5 Philips infrared remote protocol (users.telenet.be/davshomepage/rc5.htm) Sorry, as a new user, I can't post links. E.g.
    6 C2 D6 4F A5 FF 38 40 1C
    6 C2 BE E7 E8 B6 CD 82 00
    6 C2 E2 1B 83 5B C2 A1 32
    6 6A 16 A9 E4 01 65 1E 92
    6 C2 CC 65 B6 AD 45 30 74
    I suppose, the preceding "6" is some kind of start bit, so thats why an odd number of nibbles.
    I grabbed the data with a self-made ATmega32 based reader, attached to a pin of a microcontroller(PIC12CE518) inside the sensor.

    Is the output just coming from a simple sensor? Most sensors wouldn't have the computational power to perform any sort of complicated encryption. Or is the value going through some sort of controller first that's applying encryption?
    Yes, its PIC12CE518 doing all the crypto-stuff.
    So can you think of any methods to detect the algorithm used to encrypt the data and the structure of it (address bits, command bits).I also posted this question in electronics related forums, but still got no response. Thanks again.
  8. #5
  9. Contributed User
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Jun 2005
    Posts
    4,417
    Rep Power
    1871
    It seems an awful lot of bits (64+) just to convey the state of 3 on/off switches.

    In other words, you have a very small number of known plain text to play with.

    So just pressing the 'A' switch (for example) a lot of times, and collecting all the messages might reveal something.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper

IMN logo majestic logo threadwatch logo seochat tools logo