Sentinel HL WBAES
+6
maha
b30wulf
nodongle.biz
Techlord
niculaita
califor
10 posters
Page 1 of 2
Page 1 of 2 • 1, 2
Sentinel HL WBAES
There is solution to bypass Wba encryption, anyone have such targets can ask PM.
Last edited by ovis25 on Sun Jan 08, 2017 8:09 am; edited 2 times in total
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
califor- Posts : 59
Points : 71
Reputation : -103
Join date : 2015-05-11
Age : 38
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
b30wulf- Posts : 18
Points : 39
Reputation : 11
Join date : 2012-01-14
Re: Sentinel HL WBAES
And very expensive and has very low practical use because u need extract firmware and for latest LDK keys don't know if possible.
As I know only way is to force old api, or other methods bypassing the new api encryption.
As I know only way is to force old api, or other methods bypassing the new api encryption.
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
Re: Sentinel HL WBAES
@nodongle
Complete srm emulator?
There is no problem making complete srm emulator, problem is wbaes algo extraction.
Would be very appreciated if you can share some weakness in wbaes.
Complete srm emulator?
There is no problem making complete srm emulator, problem is wbaes algo extraction.
Would be very appreciated if you can share some weakness in wbaes.
b30wulf- Posts : 18
Points : 39
Reputation : 11
Join date : 2012-01-14
Re: Sentinel HL WBAES
b30wulf wrote:@nodongle
Complete srm emulator?
There is no problem making complete srm emulator, problem is wbaes algo extraction.
Would be very appreciated if you can share some weakness in wbaes.
Hi dear....
Nodongle.biz shared??? hahahaha you dream dear
Califor
califor- Posts : 59
Points : 71
Reputation : -103
Join date : 2015-05-11
Age : 38
niculaita- Posts : 2
Points : 3
Reputation : 1
Join date : 2012-07-28
Re: Sentinel HL WBAES
b30wulf wrote:@nodongle
Complete srm emulator?
There is no problem making complete srm emulator, problem is wbaes algo extraction.
Would be very appreciated if you can share some weakness in wbaes.
Hello friend,
Please check out this link :
http://rghost.net/private/7F75XxbXg/117bb9c62d1ec8d1219c5b9510f32450
This paper is available publicly but I don't remember where exactly I'd gotten it...
Techlord- Posts : 11
Points : 20
Reputation : 4
Join date : 2013-11-26
Re: Sentinel HL WBAES
With few exceptions most members can't understand it....
Can u make a brief summary for us ?
Maybe a tutorial how to ?
Can u make a brief summary for us ?
Maybe a tutorial how to ?
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
Re: Sentinel HL WBAES
ovis25 wrote:With few exceptions most members can't understand it....
Can u make a brief summary for us ?
Maybe a tutorial how to ?
I have uploaded the paper mainly as a reply to the request by @Beowulf.
White Box AES, just like most of the Crypto-based topics, requires a SOLID knowledge and background of the Principles, Mechanisms, Algorithms and Implementations of the underlying fundamentals of Cryptography.
I would recommend this excellent book : Applied Cryptography by Bruce Schneier as a good starter, before one delves into more complicated materials.
Yes, I will try to make a short summary of the above paper when I am free, but even then, unless one has strong background in Crypto Concepts, it would be difficult to understand.
Techlord- Posts : 11
Points : 20
Reputation : 4
Join date : 2013-11-26
Re: Sentinel HL WBAES
Ok guys, will give a very quick and short summary :
Many were asking me to quickly explain what this article means for US, as reversers, and whether the AES key can be "extracted" from a dongle using WBAES.
Disclaimer: I am not an "expert" but...
The short answer is YES.
Excerpts from the above paper supporting my answer (Please refer to it as needed) :
1. "We show how DCA can extract the secret key from all publicly (non-commercial) available white-box programs implementing standardized cryptography"
- from "Abstract"
2. "In this paper we show that DCA can be used to eciently extract the secret key from white-box implementations. We apply DCA to all publicly available, as far as we are aware, white-box challenges of standardized cryptographic algorithms; concretely this means extracting the secret key from four white-box implementations of the symmetric cryptographic algorithms AES and DES."
- from 2nd paragraph, page 3
3. "However, as we have shown in this work, all current publicly available white-box implementations (not using remote external encodings) do not even oer any short-term security since the dierential computation analysis (DCA) technique we outlined can extract the secret key within seconds."
- from "Conclusions" on page 18
Now, to answer the burning questions that may come up in your mind
1) SO now we know that we can extract the WB AES key ... Can it be done at home ?
No... At least not unless you invest a little in some good hardware and have good programming/debugging skills.
It can cetainly be done in a small computer lab with an investment of a few thousand dollars.
2) Can the key be extracted from a sentinel dongle for example ?
The answer is given in the last para on page 18, going onto page 19 :
"If medium to long term security is required then tamper resistant hardware solutions, like a secure element, are a much better alternative."
In ENGLISH , this means that it "depends".
If you invest enough money in equipment and resources AND if you have a good knowledge of debugging, then it is very much possible.
But at home, on an old computer ? NO.
In other words, DIRECT extraction of the AES key from the DONGLE ITSELF is NOT what this paper talks about and is effectively very difficult if not impossible.
Also, it is important to note that finally, one DERIVES the key, rather than EXTRACT the key from a dongle.
It is not like, for example, "extracting" pulp or seeds from a fruit
But rather a derivation, if it has to be "got out" from a dongle.
Further,again, from page 18:
"Another potential countermeasure against DCA is the use of external encodings. This was the primary reason why we were not able to extract the secret key from the challenge described in Section 5.5."
These "external encodings" are seen in dongles like hasp which use wbaes and these again prove to be a major hindrance.
However, to overcome that (again from page 18):
"the adversary can obtain knowledge related to the external encoding applied when he observes the behavior of the white-box implementation in the entire software-framework where it is used (especially when the adversary has control over the input parameters used or can observe the final decoded output)."
This again means that since WHITE BOX itself means that we have control over input parameters and can watch the decoded output (ie from the protected program when it runs) AND since we can actually see HOW the algo is implemented (THAT is why it is called "white box" and not "black box" in the first place !), we will be able to figure out the "external encodings" used.
This "figuring out" requires brains as well as money and equipment.
So FINALLY, the answer is a BIG resounding YES. It can be done.
Don't ask me the ACTUAL STEPS now to "get the key out of a dongle"
Many were asking me to quickly explain what this article means for US, as reversers, and whether the AES key can be "extracted" from a dongle using WBAES.
Disclaimer: I am not an "expert" but...
The short answer is YES.
Excerpts from the above paper supporting my answer (Please refer to it as needed) :
1. "We show how DCA can extract the secret key from all publicly (non-commercial) available white-box programs implementing standardized cryptography"
- from "Abstract"
2. "In this paper we show that DCA can be used to eciently extract the secret key from white-box implementations. We apply DCA to all publicly available, as far as we are aware, white-box challenges of standardized cryptographic algorithms; concretely this means extracting the secret key from four white-box implementations of the symmetric cryptographic algorithms AES and DES."
- from 2nd paragraph, page 3
3. "However, as we have shown in this work, all current publicly available white-box implementations (not using remote external encodings) do not even oer any short-term security since the dierential computation analysis (DCA) technique we outlined can extract the secret key within seconds."
- from "Conclusions" on page 18
Now, to answer the burning questions that may come up in your mind
1) SO now we know that we can extract the WB AES key ... Can it be done at home ?
No... At least not unless you invest a little in some good hardware and have good programming/debugging skills.
It can cetainly be done in a small computer lab with an investment of a few thousand dollars.
2) Can the key be extracted from a sentinel dongle for example ?
The answer is given in the last para on page 18, going onto page 19 :
"If medium to long term security is required then tamper resistant hardware solutions, like a secure element, are a much better alternative."
In ENGLISH , this means that it "depends".
If you invest enough money in equipment and resources AND if you have a good knowledge of debugging, then it is very much possible.
But at home, on an old computer ? NO.
In other words, DIRECT extraction of the AES key from the DONGLE ITSELF is NOT what this paper talks about and is effectively very difficult if not impossible.
Also, it is important to note that finally, one DERIVES the key, rather than EXTRACT the key from a dongle.
It is not like, for example, "extracting" pulp or seeds from a fruit
But rather a derivation, if it has to be "got out" from a dongle.
Further,again, from page 18:
"Another potential countermeasure against DCA is the use of external encodings. This was the primary reason why we were not able to extract the secret key from the challenge described in Section 5.5."
These "external encodings" are seen in dongles like hasp which use wbaes and these again prove to be a major hindrance.
However, to overcome that (again from page 18):
"the adversary can obtain knowledge related to the external encoding applied when he observes the behavior of the white-box implementation in the entire software-framework where it is used (especially when the adversary has control over the input parameters used or can observe the final decoded output)."
This again means that since WHITE BOX itself means that we have control over input parameters and can watch the decoded output (ie from the protected program when it runs) AND since we can actually see HOW the algo is implemented (THAT is why it is called "white box" and not "black box" in the first place !), we will be able to figure out the "external encodings" used.
This "figuring out" requires brains as well as money and equipment.
So FINALLY, the answer is a BIG resounding YES. It can be done.
Don't ask me the ACTUAL STEPS now to "get the key out of a dongle"
Techlord- Posts : 11
Points : 20
Reputation : 4
Join date : 2013-11-26
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
b30wulf- Posts : 18
Points : 39
Reputation : 11
Join date : 2012-01-14
ovis25- Posts : 648
Points : 1234
Reputation : 332
Join date : 2014-06-07
Re: Sentinel HL WBAES
Sentinel srm protected software is updated not able to extract the AES key but older version AES key is available with us.
my question is AES key same for old & new version.
my question is AES key same for old & new version.
maha- Posts : 12
Points : 17
Reputation : 2
Join date : 2017-09-21
Page 1 of 2 • 1, 2
Similar topics
» HASP SRM DONGLE
» how convert dongel sentinel paralel to sentinel usb
» how to clone Sentinel SuperPro dongle to New Sentinel SuperPro dongle
» Sentinel HL Max
» Sentinel HL Max 4.51
» how convert dongel sentinel paralel to sentinel usb
» how to clone Sentinel SuperPro dongle to New Sentinel SuperPro dongle
» Sentinel HL Max
» Sentinel HL Max 4.51
Page 1 of 2
Permissions in this forum:
You cannot reply to topics in this forum
|
|