Results 1 to 6 of 6

Thread: Breaking a challenge response

  1. #1

    Breaking a challenge response

    I have two black boxes communicating with each other. One sends out a challenge and the other gives back the answer. If the wrong answer is given, the former refuses to communicate further.

    The challenge is 8 bytes, the response is 2 bytes. Although box A refuses to communicate further if the answer to its challenge is incorrect, Box B will quite happily respond to any challenge thrown at it, but I only have it for a limited time.

    So I've made a small app to talk to box B and fake some challenges.

    I was thinking maybe someone has seen this and recognises it as a standard(ish) implementation.

    00 00 00 00 00 00 00 00 -> B477
    01 00 00 00 00 00 00 00 -> B677
    02 00 00 00 00 00 00 00 -> B877
    03 00 00 00 00 00 00 00 -> BA77
    04 00 00 00 00 00 00 00 -> BC77
    05 00 00 00 00 00 00 00 -> BE77
    06 00 00 00 00 00 00 00 -> A077 - Ok, so when we rollover, we subtract 1 from upper nibble
    07 00 00 00 00 00 00 00 -> A277
    08 00 00 00 00 00 00 00 -> A477
    09 00 00 00 00 00 00 00 -> A677
    0A 00 00 00 00 00 00 00 -> A877
    0B 00 00 00 00 00 00 00 -> AA77
    0C 00 00 00 00 00 00 00 -> AC77
    0D 00 00 00 00 00 00 00 -> AE77
    0E 00 00 00 00 00 00 00 -> F077 - But that doesn't work here, maybe 9 is excluded and goes to F
    0F 00 00 00 00 00 00 00 -> F277
    10 00 00 00 00 00 00 00 -> F477
    11 00 00 00 00 00 00 00 -> F677
    12 00 00 00 00 00 00 00 -> F877
    13 00 00 00 00 00 00 00 -> FA77
    14 00 00 00 00 00 00 00 -> FC77
    15 00 00 00 00 00 00 00 -> FE77
    16 00 00 00 00 00 00 00 -> E077 - Ok
    17 00 00 00 00 00 00 00 -> E277
    18 00 00 00 00 00 00 00 -> E477
    19 00 00 00 00 00 00 00 -> E677
    1A 00 00 00 00 00 00 00 -> E877
    1B 00 00 00 00 00 00 00 -> EA77
    1C 00 00 00 00 00 00 00 -> EC77
    1D 00 00 00 00 00 00 00 -> EE77
    1E 00 00 00 00 00 00 00 -> F077 - Why goto F? I'd expect D
    1F 00 00 00 00 00 00 00 -> F277
    20 00 00 00 00 00 00 00 -> F477
    21
    22
    23
    24
    25
    26 00 00 00 00 00 00 00 -> E077
    27
    28
    29
    2A
    2B
    2C
    2D 00 00 00 00 00 00 00 -> EE77
    2E 00 00 00 00 00 00 00 -> 3077 - What the?
    2F
    30
    31
    32
    33
    34
    35 00 00 00 00 00 00 00 -> 3E77
    36 00 00 00 00 00 00 00 -> 2077
    37
    38
    39
    3A
    3B
    3C
    3D 00 00 00 00 00 00 00 -> 2E77
    3E 00 00 00 00 00 00 00 -> 3077
    3F 00 00 00 00 00 00 00 -> 3277
    40 00 00 00 00 00 00 00 -> 3477
    41
    42
    43
    44
    45
    46 00 00 00 00 00 00 00 -> 2077
    47
    48
    49
    4A
    4B
    4C
    4D 00 00 00 00 00 00 00 -> 2E77
    4E 00 00 00 00 00 00 00 -> 7077 - Why the sudden hike?
    4F
    50 00 00 00 00 00 00 00 -> 7477
    51
    52
    53
    54
    55 00 00 00 00 00 00 00 -> 7E77
    56 00 00 00 00 00 00 00 -> 6077
    57
    58
    59
    5A
    5B
    5C
    5D 00 00 00 00 00 00 00 -> 6E77
    5E 00 00 00 00 00 00 00 -> 7077
    5F 00 00 00 00 00 00 00 -> 7277
    60 00 00 00 00 00 00 00 -> 7477
    61
    62
    63
    64
    65
    66 00 00 00 00 00 00 00 -> 6077
    67
    68
    69
    6A
    6B
    6C
    6D
    6E 00 00 00 00 00 00 00 -> B077
    6F 00 00 00 00 00 00 00 -> B277
    --- Wrap ---
    70 00 00 00 00 00 00 00 -> B477

    So the high nibble changes are:
    BAFEFE32327676B

    Some others:

    6E 01 00 00 00 00 00 00 -> B3 77
    6E 02 00 00 00 00 00 00 -> 6E 77
    6E 03 00 00 00 00 00 00 -> B1 77
    6E 04 00 00 00 00 00 00 -> B4 77
    6E 05 00 00 00 00 00 00 -> B7 77

    6E 00 01 00 00 00 00 00 -> B0 77
    6E 00 02 00 00 00 00 00 -> B0 77
    6E 00 03 00 00 00 00 00 -> B0 77
    6E 00 04 00 00 00 00 00 -> B0 77
    6E 00 FF 00 00 00 00 00 -> B0 77 - I don't think the 3rd byte is actually used!

    6E 00 00 FF 00 00 00 00 -> B4 77

    00 00 00 00 FF 00 00 00 -> B7 74

    00 00 00 00 00 FF 00 00 -> B4 77

    00 00 00 00 00 00 FF 00 -> B7 74

    00 00 00 00 00 00 00 FF -> B7 75

    Any ideas?

  2. #2
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Blog Entries
    1
    never seen that.

    why not trying above 70 for 1st byte?

    BA FEFE 3232 7676 B

    it might be repeated for above 70h.

  3. #3
    It does repeat - that's what I mean by 'wraps around'

  4. #4
    hiya,
    I've played a bit with your data, and the hash seems pretty simple -and pretty bad.
    if you take the upper nibble sequence, and you append an [a] you obtain a full repeating ring - if you move the 'origin' backward there, and you 'backtrace' the initial '4' to the missing [a] you can see that it is wholly determined (as long as we dont consider 2-8 bytes) by it.

    * take B4, now make it our '00' point. you now see that the low nibble is (for now) FULLY determined by the mod8 of the byte; low nibble is given by (XL+2)*2 mod 8 (XL is low nibble)
    * Take upper byte sequence and move it again to our virtual [a] - consider now only the upper nibble: you see it repeats every mod32, so high nibble is given by ((XH-3, on XH mod 16)/2 mod 4)*4 + (3 -the overflow of the low nibble mod).

    Something like
    Code:
    XL = (Byte & 0x0F)
    XH = (Byte & 0xF0)>>4
    
    Low Nibble = (XL + 2)*2)
    Low Nibble Overflow = Low Nibble % 0xF
    Low Nibble = Low Nibble & 0xF
    
    High Nibble =  (XH+5)/2 mod 4 (+5 is like -3 if you go module 16)
    High Nibble = High Nibble<<2 + (3-Low Nibble Overflow)
    
    1st Byte = High Nibble<<4 + Low Nibble
    For the other values you'd need a bit more values. From a simple look, the 2nd byte does a similar low nibble loop, with different adder - but again, you need more values (and some 'mix' to see how it interacts/which operand is used to combine with first byte's low nibble values - i.e. + or or etc.)

    about the
    6E 02 00 00 00 00 00 00 -> 6E 77
    I'd go for a specialized challenge/answer request/order (maybe such value has a meaning or such), outside the hash algorithm.

    ...if you spend a bit of time there, I'm sure you can get it out pretty easily, it seems VERY weak to me.
    Last edited by Maximus; March 15th, 2012 at 06:45. Reason: forgot result sum :)
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  5. #5
    Thanks for that, seems a little different to my version, which is basically:

    Code:
    byte += 2;
    bl = (byte & 0x0F);
    bh = (byte & 0xF0)>>4;
    chklow = (bl << 1) & 0xF;
    chklow_ovf = bl >> 3;
    chkhi = (((5+bh) >> 1) << 2) + (3-chklow_ovf);
    return (chkhi << 4) | chklow;
    The 2nd byte is simple enough:

    Low nibble of incoming byte/Low nibble of resultant checksum: (Overflow happening like above, not shown)
    0 -> 4 (ie. B477)
    1 -> 7 (ie. B777)
    2 -> 6
    3 -> 9
    4 -> 8
    5 -> B
    6 -> A
    7 -> D
    8 -> C
    9 -> F
    A -> E
    B -> 1
    C -> 0
    D -> 3
    E -> 2
    F -> 5

    This works out as:
    Code:
    u8 X = (byte + 3) & 0xF;
    u8 R = (((X/2) * 4) + (3-X)) & 0xF;
    
    (Ie. VERY similar to above)
    But it does seem to interface with B0 also. For example:

    Low nibble in / Result when B0 = 1 / Result when B0 = 2
    0 -> 6 / 8
    1 -> 7 / B
    2 -> C / 6
    3 -> 9 / 9
    4 -> A / 4
    5 -> B / 7
    6 -> 8 / A
    7 -> D / D
    [ Same as above with msb flipped]
    8 -> E / 0
    9 -> F / 3
    A -> 4 / E
    B -> 1 / 1
    C -> 2 / C
    D -> 3 / F
    E -> 0 / 2
    F -> 5 / 5

    Not quite sure why yet. Well, I have an obination of a program using loops, lookup tables and the like to figure it out, but I keep thinking there's got to be a better way.
    Last edited by squidge; March 15th, 2012 at 16:55.

  6. #6
    hi, sorry, I made some typo copying from the paper scrap - i.e. overflow had to be "Low Nibble Overflow = Low Nibble >>4".

    yep, i did notice the '3' dependency, but your initial data wasnt too much to draw conclusions

    for the low nibble, contribution from 1 to 2 varies by +3 &0xF from the first byte, check it out from 2 to 3 etc to see if it's coherent (also, take care of msb flip).
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

Similar Threads

  1. No response from injected code
    By joekames in forum OllyDbg Support Forums
    Replies: 4
    Last Post: October 28th, 2009, 19:54
  2. CrackZ explanation of hiding dongle response codes
    By corus-corvax in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: August 11th, 2005, 18:22
  3. Breaking a challenge / response algo
    By ShCiPwA in forum RCE Cryptographics
    Replies: 4
    Last Post: April 3rd, 2005, 09:35
  4. auto.search.msn.com/response.asp
    By mike in forum Mini Project Area
    Replies: 11
    Last Post: July 6th, 2004, 14:09
  5. Breaking on an API programmatically
    By Iwarez in forum Off Topic
    Replies: 2
    Last Post: April 10th, 2003, 16:52

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •