[fprint] Update to what we found out so far
Vasily Khoruzhick
anarsoul at gmail.com
Wed Nov 14 01:25:03 PST 2012
On Wed, Nov 14, 2012 at 12:11 PM, Andreas Loos <a.loos at andreas-loos.com> wrote:
> Dear friends of AES1660,
Hi Andreas,
please also forward your post into fprint maillist. It's not a good
idea to keep this discussion private,
maybe someone wants to join it and needs some starting point.
> attached you find my analysis of what is happening in the usb traffic
> between win driver and AES1660. The document contains virtually anything I
> know so far.
>
> The good news is that the commands seem to be not encrypted like in AES2550
> (or was it AES2850?).
Looks like they're encrypted and wrapped into some kind of envelope,
so it looks like this:
0xZZ - envelope cmd type (not sure what's its code yet)
0xLL - size of message without 3-byte header, LSB
0xMM - size of message without 3-byte hedaer, MSB
rest of message is encrypted command
> The bad news is that we still cannot switch the thing into raw mode or know
> anything about the encryption. (Thanks for your helpful comments, Vasily!
> You are probably right, keys are probably not transferred unencrypted and
> the 583 byte thing is surely not a single long key.)
>
> Any ideas how to proceed?
I'll take a look this weekend, pretty busy at work now.
Meanwhile you can make several USB logs with _same_ action and compare them.
They should differ for sure if there's some handshake between device
and host, so we can
figure out _where_ is handshake.
> Best,
> andreas
Regards
Vasily
More information about the fprint
mailing list