nesdev.org

Ah yes, that is an interesting idea. But then the output pattern wouldn't be of maximal length, right? Forget it; after thinking again on it, i have realized my claim was clearly an understatement. By using look-up tables, you can make an implementation that calculate N bits of whatever LFSR, maxim...

An actual divide instruction is rare in small MCU's, so that usually isn't a reasonable option. Probably, but if i remember correctly, there were implementations of LCGs with modulus of the form 2^m-p with p small that used this special form of the modulus to do the calculation without using divisi...

The block cipher took about 10ms of processing, this instead only takes about 1ms. So I don't think it is a block cipher. OK. That seems a definitive reason. It can't be a linear congruential generator otherwise the LSB would oscillate between even/odd (or not change at all)... unless they only too...

I have done the test i said above to check if this could be the block cipher working in counter mode. Clearly that is NOT the case.

A, B',B,B,B, C' A, B',B,B,B, C A, B',B,B,B, C A, B',B,B,B, C D E,E,E,E So this code appears to be strangely absent of conditional jumps compared to the block cipher code, which is a good hint at the algorithm What if this is just the block cipher with a hard-coded key (so no conditional jump is pre...

just by looking at the current!! Just out of curiosity, could you give more info on this? How did you know which were the good s-boxes, by example? Maybe that was yet an older version? I'm guessing they simplified the algorithm. It really makes no sense to have much conditional code here. Using thi...

I have tested myself the idea for the feedback mode. It's clearly a bluff; i don't see cycles arising. Thinking on it, it doesn't seem unseasonable that this have big cycles, but i don't know any theoretical result linking the quality of the s-boxes and permutations and the length of such cycles. ED...

You should write up a paper about this and submit it to a security analyst journal. What you have done here is quite amazing... determined the algorithm itself with roughly Sqrt(N) "plaintexts" (where N is the total number of possible input->output pairs). In my opinion, while a black-box...

Well, you can look, but I don't have much data to give you for this. Yeah; probably it's nonsense to try something with so few examples. I don't know, but the fact that one subID has a universal key, and that we now know the device it communicates with stores it in a small EEPROM with other setting...

That operation between round 2 and round 3 is not necessary. All it is doing is, when combined with S1, making that s-box S0. So this probably has nothing to do with subID=0, it was just a coincidence that those used S0 for nibble 5. Really? Well, that is better that way. I wonder what fooled me in...

Is there anything you'd like?

No, thanks. Save the money to purchase a better scope next time.

key=5BFDDC0A

I'm supposing 0x0a is the subkey for the first round, 0xdc for the second one and so on, right?

OK. Done. :D As expected, i was able to see what reordering should be done by looking at the data i took yesterday. I got it at the first try. :) I have had to change S0 and block[3]. The final ones have this look: {10,15,1,2,7,9,12,5,3,4,13,11,0,14,6,8}, // S0 {14,8,9,7,4,11,2,13,3,15,0,12,10,1,5,6...

Only for your information, if i remember correctly, i'm using 0x29 as the subkey for the first round and 0xf7 as the subkey for the third and fourth round.

I'm confused, because you said that the s-box was equivalent to an S1. So is the change just an xored value at the end? Oh, i understand your confusion. Let's see: i firstly thougth than the problem was in the regular third round sbox for the third round. That is what i reconstructed yesterdary and...

Does your realization later that you had some more parameters to play with change this? Or is this "extra calculation" between round 2 and 3 still required? It's still required, if i'm not missing something. Since it sounds like you already know what x-boxes are used each round, it sounds...