September 26th, 2012, 11:43 AM
Need assistance in decoding some stuff...
I'm working on electronics project(customizing some wireless controller) and currently I'm really stuck at one point where I need to decrypt an output of one sensor. The sensor is spitting out a series of encrypted data like this:
I would be really grateful for a tip/hint/tool/idea/method/software for detecting the algorithm(AES, RC4, TEA, ....) used to encrypt the data. Is it possible, at last?
September 26th, 2012, 12:26 PM
So where is the documentation for this sensor we can go and read?
This isn't an even number of nibbles, so what exactly are you receiving?
How did you determine that the messages are framed as you show in your post.
It seems unlikely that it's bytes such as
0x67 0xB5 0x24 0x92 0xF7 0xBE 0xCD 0xFE 0xC?
Is it an ASCII string "67B52492F7BECDFEC" perhaps?
Last edited by salem; September 26th, 2012 at 11:32 PM.
September 26th, 2012, 08:07 PM
Is the output just coming from a simple sensor? Most sensors wouldn't have the computational power to perform any sort of complicated encryption. Or is the value going through some sort of controller first that's applying encryption?
September 27th, 2012, 08:34 AM
salem, E-Oreo, thanks a lot for your response.
Of course, I studied all available documentation before posting, however, this product is not meant for direct dissasembly or customization, so there's no even a hint about all the encryption stuff. Also tried to contact the manufacturer, but got no response. The thing I'm trying to hack is Czech-made RC-60 Remote Control, if it matters.(jablotron.com/en/Catalog/home+automation/wireless+transmitters/rc60+remote+control/)
I suppose, it is a custom control protocol. The data is framed similar to RC5 Philips infrared remote protocol (users.telenet.be/davshomepage/rc5.htm) Sorry, as a new user, I can't post links. E.g.
6 C2 D6 4F A5 FF 38 40 1C
6 C2 BE E7 E8 B6 CD 82 00
6 C2 E2 1B 83 5B C2 A1 32
6 6A 16 A9 E4 01 65 1E 92
6 C2 CC 65 B6 AD 45 30 74
I suppose, the preceding "6" is some kind of start bit, so thats why an odd number of nibbles.
I grabbed the data with a self-made ATmega32 based reader, attached to a pin of a microcontroller(PIC12CE518) inside the sensor.
Yes, its PIC12CE518 doing all the crypto-stuff.
So can you think of any methods to detect the algorithm used to encrypt the data and the structure of it (address bits, command bits).I also posted this question in electronics related forums, but still got no response. Thanks again.
September 27th, 2012, 10:28 AM
It seems an awful lot of bits (64+) just to convey the state of 3 on/off switches.
In other words, you have a very small number of known plain text to play with.
So just pressing the 'A' switch (for example) a lot of times, and collecting all the messages might reveal something.