I'm not really used to the whole 'blog' thing so bear with me while i simply spill some thoughts,
Anybody who has seen the Keymaker.c source code for Armadillo keygenerating can see how the keys are built and put together, i'm not going to be explaining how i came to any conclusions aside from referring back to that document.
The single most important thing to make genuine Level 10 Short V3 keys is the Encryption Template, from it the symmetric key is made as well as the private key being generated from it for ECDSA signing. People have already successfully attacked the signature verification as well as symmetric key verification, so this post isn't revealing anything new.
The string is uppercased in a function called 'CookText' before it is hashed with the MD5 algorithm.
Looking at the source code, we can see that the BasePointInit value for the elliptic curve used is also taken from the Encryption Template, the first unsigned long of the MD5 hash to be precise.
So, what do we have at the moment?
// Hypothetical variables
unsigned long MD5Hash;
unsigned long BasePointInit;
unsigned long Symmetric;
// Get the hash of the uppercased string
md5(MD5Hash, temp, strlen(temp));
// Set BasePointInit and Symmetric values
BasePointInit = MD5Hash;
Symmetric = MD5Hash ^ MD5Hash;
// Remembering the ECDSAPrivateKey is derived from EncryptionTemplate.
Okay, not a lot to look at to begin with but with the BasePointInit, we have the first dword of the MD5 hash and we can perform a bruteforce lookup for any hashes that begin with that value.
On its own, this would be totally useless because it returns a lot of false positives so incorporating a check to see whether or not the generated symmetric key will yield a matching checksum when passed through the symmetric checksum function was necessary.
Now, using CUDA and the symmetric check plus a large charset, it finds a 6 character encryption template in 80 seconds.
Nothing to jump up and down about but the main thing is it works at all! There would most likely be a way to speed it up more but i'm not sure where to start, it is only a PoC and i'm sharing the theory only so please don't ask me for a copy.
* Take Checksum, Salt (if used) and BasePointInit.
* CUDA bruteforce matching MD5 hashes.
* On matching hash, pass to checksum generation for testing (CPU).
* On success, exit loop otherwise continue iterating strings until max length is reached.
I also had the brainwave idea of bruteforcing the 128 bit value which is the private key for ECDSA signing but couldn't find a way that was fast enough using my limited math experience, hehe.
My conclusion from this little experiment is that although it is possible to recover the encryption template, the character set and probable length of the strings used by Armadillo's users will prevent it from becoming an attack vector for keygenning, especially when the ECDSA_Verify and symmetrickey can both be defeated with faster means.