<div dir="ltr">Hi folks,
<div><br></div><div>Not sure the best place to ask about this, so I figure I'll give it a stab here. I've recently come across what appears to be a rather insecure ciphering system between a computer and a device. I've managed to figure out how the algorithm works, and my work with it has been successful. However, I have no idea what this algorithm is, or if it has a name, or where I can read more about it.</div><div><br></div><div>I'm inclined to think its a LFSR, but I'm really not sure.</div><div><br></div><div>I've translated it into C-psuedocode. Could anybody here identify it?</div><div><br></div><div>Thanks,</div><div>Jason</div><div><br></div><div><br></div><div>==========</div><div>Important parts involve cipher, which updates stored_key1, and the the updating of stored_key2 when receiving messages.</div><div>==========</div><div><br></div><div><div>uint16_t stored_key1;</div><div>uint16_t stored_key2;</div><div><br></div><div>void cipher(uint8_t *buffer, size_t len)</div><div>{</div><div><span class="" style="white-space:pre"> </span>uint16_t key1 = stored_key1;</div><div><span class="" style="white-space:pre"> </span>uint16_t key2 = stored_key2;</div><div><span class="" style="white-space:pre"> </span>uint8_t xor_byte, multiplier;</div><div><br></div><div><span class="" style="white-space:pre"> </span>while (len--) {</div><div><span class="" style="white-space:pre"> </span>xor_byte = 0;</div><div><span class="" style="white-space:pre"> </span>for (int i = 0; i < 4; ++i) {</div><div><span class="" style="white-space:pre"> </span>multiplier = 2 * xor_byte;</div><div><span class="" style="white-space:pre"> </span>if (key1 & 1) {</div><div><span class="" style="white-space:pre"> </span>multiplier |= 1;</div><div><span class="" style="white-space:pre"> </span>key1 = ((key1 ^ key2) >> 1) | 0x8000;</div><div><span class="" style="white-space:pre"> </span>} else</div><div><span class="" style="white-space:pre"> </span>key1 >>= 1;</div><div><span class="" style="white-space:pre"> </span>xor_byte = 2 * multiplier;</div><div><span class="" style="white-space:pre"> </span>if (key1 & 0x80)</div><div><span class="" style="white-space:pre"> </span>xor_byte |= 1;</div><div><span class="" style="white-space:pre"> </span>}</div><div><span class="" style="white-space:pre"> </span>*(buffer++) ^= xor_byte;</div><div><span class="" style="white-space:pre"> </span>}</div><div><span class="" style="white-space:pre"> </span>stored_key1 = key1;</div><div>}</div><div><br></div><div>void make_initial_connection_to_device(void)</div><div>{</div><div><span class="" style="white-space:pre"> </span>stored_key1 = (uint16_t)rand();</div><div><span class="" style="white-space:pre"> </span>stored_key2 = 0xA0CB; // Fixed!</div><div><br></div><div><span class="" style="white-space:pre"> </span>uint8_t buffer[] = { stored_key1 };</div><div><span class="" style="white-space:pre"> </span>somehow_send_it_to_the_device(buffer, 1);</div><div><span class="" style="white-space:pre"> </span>receive_message_from_device();</div><div>}</div><div><br></div><div><br></div><div>void send_message_to_device(uint8_t *buffer_to_send, size_t len)</div><div>{</div><div><span class="" style="white-space:pre"> </span>cipher(buffer_to_send, len);</div><div><span class="" style="white-space:pre"> </span>somehow_send_it_to_the_device(buffer_to_send, len);</div><div>}</div><div><br></div><div>void receive_message_from_device(void)</div><div>{</div><div><span class="" style="white-space:pre"> </span>if (len < 2)</div><div><span class="" style="white-space:pre"> </span>return;</div><div><br></div><div><span class="" style="white-space:pre"> </span>uint8_t *buffer_received;</div><div><span class="" style="white-space:pre"> </span>size_t len;</div><div><span class="" style="white-space:pre"> </span>somehow_receive_data_from_device(&buffer_received, &len);</div><div><br></div><div><span class="" style="white-space:pre"> </span>cipher(buffer_received, len);</div><div><br></div><div><span class="" style="white-space:pre"> </span>uint8_t mutation = *buffer_received;</div><div><span class="" style="white-space:pre"> </span>++buffer_received;</div><div><span class="" style="white-space:pre"> </span>--len;</div><div><br></div><div><span class="" style="white-space:pre"> </span>stored_key2 = (stored_key2 & 0xFF) | (mutation << 8);</div><div><br></div><div><span class="" style="white-space:pre"> </span>somehow_do_something_else_with_received_data(buffer_received, len);</div><div>}</div></div></div>