Jump to content
Tuts 4 You

ghandi's Blog

Sign in to follow this  
  • entry
  • comments
  • views

About this blog

Armadillo Ramblings

Entries in this blog


Bruteforcing Armadillo Encryption Template

I'm not really used to the whole 'blog' thing so bear with me while i simply spill some thoughts, Anybody who has seen the Keymaker.c source code for Armadillo keygenerating can see how the keys are built and put together, i'm not going to be explaining how i came to any conclusions aside from referring back to that document. The single most important thing to make genuine Level 10 Short V3 keys is the Encryption Template, from it the symmetric key is made as well as the private key being generated from it for ECDSA signing. People have already successfully attacked the signature verification as well as symmetric key verification, so this post isn't revealing anything new. The string is uppercased in a function called 'CookText' before it is hashed with the MD5 algorithm. Looking at the source code, we can see that the BasePointInit value for the elliptic curve used is also taken from the Encryption Template, the first unsigned long of the MD5 hash to be precise. So, what do we have at the moment?
// Hypothetical variables
unsigned long MD5Hash[4];
char temp[256];
unsigned long BasePointInit;
unsigned long Symmetric;

// Get the hash of the uppercased string
CookText(temp, EncryptionTemplate);
md5(MD5Hash, temp, strlen(temp));

// Set BasePointInit and Symmetric values
BasePointInit = MD5Hash[0];
Symmetric = MD5Hash[0] ^ MD5Hash[1];

// Remembering the ECDSAPrivateKey is derived from EncryptionTemplate.

Okay, not a lot to look at to begin with but with the BasePointInit, we have the first dword of the MD5 hash and we can perform a bruteforce lookup for any hashes that begin with that value. On its own, this would be totally useless because it returns a lot of false positives so incorporating a check to see whether or not the generated symmetric key will yield a matching checksum when passed through the symmetric checksum function was necessary. Now, using CUDA and the symmetric check plus a large charset, it finds a 6 character encryption template in 80 seconds. Nothing to jump up and down about but the main thing is it works at all! There would most likely be a way to speed it up more but i'm not sure where to start, it is only a PoC and i'm sharing the theory only so please don't ask me for a copy. I also had the brainwave idea of bruteforcing the 128 bit value which is the private key for ECDSA signing but couldn't find a way that was fast enough using my limited math experience, hehe. My conclusion from this little experiment is that although it is possible to recover the encryption template, the character set and probable length of the strings used by Armadillo's users will prevent it from becoming an attack vector for keygenning, especially when the ECDSA_Verify and symmetrickey can both be defeated with faster means. HR, Ghandi



Sign in to follow this