Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Sony Reader > Sony Reader Dev Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 02-14-2007, 11:40 AM   #16
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,582
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
I think the key is encoded in SubjectPublicKeyInfo format, as used by OpenSSL when exporting public key binary blobs. Then for instance for a 1024-bit RSA keypair, SubjectPublicKeyInfo encoding is 162 bytes compared to 140 bytes for the RSAPublicKey encoding.
TadW is offline   Reply With Quote
Old 02-14-2007, 11:47 AM   #17
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
Quote:
Originally Posted by VladSukhoy
> SHA-1 isn't that secure anymore, can be broken quite easily.
not easily at all - 2^69 operations were still required as I remember..
http://it.slashdot.org/article.pl?si...id=172&tid=218

I believe a crack could be done in a reasonable time, for a reasonable price, using a few of the latest generation Xilinx Virtex 5 FPGA's to create a "multi core" cracker engine.

http://www.xilinx.com/products/silic...tex5/index.htm
scotty1024 is offline   Reply With Quote
 
Enthusiast
Old 02-14-2007, 03:04 PM   #18
VladSukhoy
Member
VladSukhoy began at the beginning.
 
Posts: 16
Karma: 10
Join Date: Feb 2007
Device: /Reader/
Want to start collecting donations for those Xilinx FPGA's? =)
VladSukhoy is offline   Reply With Quote
Old 02-14-2007, 04:24 PM   #19
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
Found this article interesting: http://ieeexplore.ieee.org/xpls/abs_...nt=20&index=13
scotty1024 is offline   Reply With Quote
Old 02-15-2007, 01:46 AM   #20
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
Links to more papers on fun with SHA-1.

http://theory.csail.mit.edu/~yiqun/pub.htm
scotty1024 is offline   Reply With Quote
Old 02-15-2007, 06:02 AM   #21
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,582
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
If you haven't updated yet, here is how I would do it:
  1. generate a new RSA keypair
  2. patch UsbUpdater with the new public key (so involves no code patching)
  3. replace UsbUpdater in cramfs.Fsk
  4. sign both cramfs.Fsk and cramfs.Rootfs using the new private key and insert results in checksum
  5. run the update
TadW is offline   Reply With Quote
Old 02-15-2007, 06:37 AM   #22
igorsk
Wizard
igorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfolded
 
Posts: 3,443
Karma: 52235
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
Well, if you didn't update yet, you can just replace UsbUpdater with the old one.
igorsk is offline   Reply With Quote
Old 02-15-2007, 07:04 AM   #23
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,582
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
True, you could do that. But then you might run into problems with future updates that expect UsbUpdater from the current update.
TadW is offline   Reply With Quote
Old 02-15-2007, 07:14 AM   #24
Corwin
Junior Member
Corwin began at the beginning.
 
Posts: 7
Karma: 10
Join Date: Dec 2006
More intresting is to patch UsbUpdater to bypass RSA checks at all

offset 0x9b14 BEQ 9b5c->B 9b5c (info from russian community, not mine)
Corwin is offline   Reply With Quote
Old 02-15-2007, 07:18 AM   #25
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,582
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
Corwin I prefer replacing a the RSA key as it doesn't involve any code patching. Of course a code patch has the benefit of not requiring any further image signing.
TadW is offline   Reply With Quote
Old 02-15-2007, 07:25 AM   #26
igorsk
Wizard
igorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfolded
 
Posts: 3,443
Karma: 52235
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
Quote:
Originally Posted by TadW
True, you could do that. But then you might run into problems with future updates that expect UsbUpdater from the current update.
Don't think so. I expect all future updates to be compatible with the original release. Current updater does check which version of UsbUpdater is running on the device and sends checksum or signature accordingly.
igorsk is offline   Reply With Quote
Old 02-15-2007, 07:29 AM   #27
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 897
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
Patching UsbUpdater or replacing it with the old one is trivial (see my earlier posts with the disassembly).

Getting the patched file on a device that has already been updated is what we should focus on here.
doctorow is offline   Reply With Quote
Old 02-15-2007, 07:46 AM   #28
igorsk
Wizard
igorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfolded
 
Posts: 3,443
Karma: 52235
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
Don't worry, we're working on that
igorsk is offline   Reply With Quote
Old 02-15-2007, 07:48 AM   #29
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 897
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
How about sharing the fruits, igorsk?
doctorow is offline   Reply With Quote
Old 02-15-2007, 08:54 AM   #30
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
Quote:
Originally Posted by TadW
If you haven't updated yet, here is how I would do it:
  1. generate a new RSA keypair
  2. patch UsbUpdater with the new public key (so involves no code patching)
  3. replace UsbUpdater in cramfs.Fsk
  4. sign both cramfs.Fsk and cramfs.Rootfs using the new private key and insert results in checksum
  5. run the update
Your unit would then reject updates from Sony.

The only clean fix for the USB Updater is to out a SHA-1 private key.
scotty1024 is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hilarious Paper vs Ebook analysis notyou General Discussions 2 06-28-2010 04:39 PM
Flashing your EZ Reader Pro Moo Strength Astak EZReader 15 09-19-2009 06:30 PM
LIT generation -- binary analysis help with the last %0.1? llasram Workshop 12 12-13-2008 05:23 AM
Analysis of the De Tijd-project TadW News 1 04-17-2007 05:13 PM
PRS-500 Flashing the Reader via SD/MS scotty1024 Sony Reader Dev Corner 29 04-09-2007 07:31 AM


All times are GMT -4. The time now is 08:11 PM.


MobileRead.com is a privately owned, operated and funded community.