|
Re: World Rally 2 ?
02/21/12 06:08 PM
|
|
|
> I wonder what that decapping guy would charge to read data from a DS5002FP (or if he > even has the abillity to do so)
Reading/bruteforcing a DS5002 is a huge mess, not for the faint of heart; read Markus Kuhn's papers about it. https://www.cl.cam.ac.uk/~mgk25/kuhn-da.pdf https://www.cl.cam.ac.uk/~mgk25/tamper.pdf
EDIT: Theoretically one could dump the encrypted sram data outside the ds5002 and try to crack the 24? bit key that is used to encrypt the address and data of every byte in the rom. The 24? bit key is NOT dumpable directly, in fact every time you program data into a ds5002 (it has a little intelhex-decoder rom inside to do this) it generates a new random key without operator intervention. It uses DES-like encryption according to kuhn, which probably means a 4-round fiestel network scheme like cps2 and the later naomi stuff use. Andreas and Nicola could maybe crack it, assuming we had a 'blank' ds5002 (technically all ds5002s are blank unless they have a battery attached, no flash inside) to program test data into and repeatedly dump the encrypted result.
LN
"When life gives you zombies... *CHA-CHIK!* ...you make zombie-ade!"
Edited by Lord Nightmare (02/21/12 06:56 PM)
|
|