release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Wiki > Main > SimpleFirmwareCrack (compare)

Difference: SimpleFirmwareCrack (r6 vs. r5)


This crack exploits the fact that xoring a string with its encrypted form gives you the encryption key.

What I do is to take a string that I know exists in the firmware, in this case "firmware upgrade" and I xor it with it's encrypted form in the file. Unfortunately things are not so easy because I don't know where in file its encrypted form is. Here is where the brute force comes and what I do is to try with every single positions position in the file. This gives me key candidates that I use to decode the whole file. If they key used to decode is the good key then the decoded version of the firmware should contain words as "iriver" or "beep volume". Instead of looking for particular words I just look for strings that looks like words, I do this by just looking for strings longer that 6 chars that contain just vowels and consonants (no more that than 3 in a row) and I print them out.

Here is the source code:

This is not the ultimate cracker but it's a starting point. Please feel free to play with the source code and mail me if you have any questions. - RaulAguaviva


r6 - 13 Aug 2008 - 19:26:48 - MarcGuay

Revision r6 - 13 Aug 2008 - 19:26 - MarcGuay
Revision r5 - 11 Feb 2008 - 02:37 - MarcGuay
Copyright by the contributing authors.