Reverse Engineering Team
Unregistered, You must accept the Forum Rules below to be able to use some forum functions.

Read forum rules below...

1. All posts must be written in English.
2. Don't spam/abuse any other member via E-mail or Private Messages.
3. Have phun!

For breaking above rules you may be warned/banned appropriately!

Sentinel HL WBAES

View previous topic View next topic Go down

Sentinel HL WBAES

Post by ovis25 on Mon Dec 01, 2014 4:18 pm

There is solution to bypass Wba encryption, anyone have such targets can ask PM.


Last edited by ovis25 on Sun Jan 08, 2017 8:09 am; edited 2 times in total

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by nodongle.biz on Wed Dec 17, 2014 8:01 am

Yes, the emulator with WBAES support is exists. Wink

nodongle.biz

Posts : 319
Points : 371
Reputation : 26
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Sentinel HL WBAES

Post by ovis25 on Wed Dec 17, 2014 8:32 am

And how u extract Wbaes key?

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by califor on Mon Aug 03, 2015 7:07 am

.


Last edited by califor on Tue Aug 11, 2015 11:16 am; edited 1 time in total

califor

Posts : 59
Points : 80
Reputation : -94
Join date : 2015-05-11
Age : 32

Back to top Go down

Re: Sentinel HL WBAES

Post by ovis25 on Mon Aug 03, 2015 1:07 pm

Wbaes key is set by algorithm if u so smart tell us how u did it?

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by b30wulf on Thu Aug 06, 2015 7:49 am

Firmware emulator is solution for wbaes

b30wulf

Posts : 17
Points : 28
Reputation : 4
Join date : 2012-01-14

Back to top Go down

Re: Sentinel HL WBAES

Post by nodongle.biz on Thu Aug 06, 2015 8:06 am

Or complete hasp srm key emulator Smile

nodongle.biz

Posts : 319
Points : 371
Reputation : 26
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Sentinel HL WBAES

Post by ovis25 on Thu Aug 06, 2015 9:19 am

And very expensive and has very low practical use because u need extract firmware and for latest LDK keys don't know if possible.

As I know only way is to force old api, or other methods bypassing the new api encryption.

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by b30wulf on Thu Aug 06, 2015 5:10 pm

@nodongle
Complete srm emulator?
There is no problem making complete srm emulator, problem is wbaes algo extraction.
Would be very appreciated if you can share some weakness in wbaes.

b30wulf

Posts : 17
Points : 28
Reputation : 4
Join date : 2012-01-14

Back to top Go down

Re: Sentinel HL WBAES

Post by califor on Mon Aug 10, 2015 7:22 pm

b30wulf wrote:@nodongle
Complete srm emulator?
There is no problem making complete srm emulator,  problem is wbaes algo extraction.
Would be very appreciated if you can share some weakness in wbaes.

Hi dear.... 


Nodongle.biz shared??? hahahaha you dream dear Wink




Califor

califor

Posts : 59
Points : 80
Reputation : -94
Join date : 2015-05-11
Age : 32

Back to top Go down

Re: Sentinel HL WBAES

Post by niculaita on Tue Aug 11, 2015 3:25 am

maybe nodongle.biz has not got it
why if he is an intermediar?

niculaita

Posts : 2
Points : 2
Reputation : 0
Join date : 2012-07-28

Back to top Go down

Re: Sentinel HL WBAES

Post by nodongle.biz on Tue Aug 11, 2015 3:37 am

HASP SRM key complete emulator is exists since 2009.

nodongle.biz

Posts : 319
Points : 371
Reputation : 26
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Sentinel HL WBAES

Post by Techlord on Tue Aug 11, 2015 4:03 am

b30wulf wrote:@nodongle
Complete srm emulator?
There is no problem making complete srm emulator,  problem is wbaes algo extraction.
Would be very appreciated if you can share some weakness in wbaes.

Hello friend,
Please check out this link :

http://rghost.net/private/7F75XxbXg/117bb9c62d1ec8d1219c5b9510f32450

This paper is available publicly but I don't remember where exactly I'd gotten it...

Techlord

Posts : 11
Points : 19
Reputation : 3
Join date : 2013-11-26

Back to top Go down

Re: Sentinel HL WBAES

Post by ovis25 on Tue Aug 11, 2015 5:07 am

With few exceptions most members can't understand it....

Can u make a brief summary for us ?

Maybe a tutorial how to ?

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by Techlord on Tue Aug 11, 2015 11:41 pm

ovis25 wrote:With few exceptions most members can't understand it....

Can u make a brief summary for us ?

Maybe a tutorial how to ?

I have uploaded the paper mainly as a reply to the request by @Beowulf.

White Box AES, just like most of the Crypto-based topics, requires a SOLID knowledge and background of the Principles, Mechanisms, Algorithms and Implementations of the underlying fundamentals of Cryptography.

I would recommend this excellent book : Applied Cryptography by Bruce Schneier as a good starter, before one delves into more complicated materials.

Yes, I will try to make a short summary of the above paper when I am free, but even then, unless one has strong background in Crypto Concepts, it would be difficult to understand.

Techlord

Posts : 11
Points : 19
Reputation : 3
Join date : 2013-11-26

Back to top Go down

Re: Sentinel HL WBAES

Post by Techlord on Wed Aug 12, 2015 5:54 am

Ok guys, will give a very quick and short summary :

Many were asking me to quickly explain what this article means for US, as reversers, and whether the AES key can be "extracted" from a dongle using WBAES.

Disclaimer: I am not an "expert" Very Happy but...

The short answer is YES. Smile

Excerpts from the above paper supporting my answer (Please refer to it as needed) :

1. "We show how DCA can extract the secret key from all publicly (non-commercial) available white-box programs implementing standardized cryptography"
- from "Abstract"

2. "In this paper we show that DCA can be used to eciently extract the secret key from white-box implementations. We apply DCA to all publicly available, as far as we are aware, white-box challenges of standardized cryptographic algorithms; concretely this means extracting the secret key from four white-box implementations of the symmetric cryptographic algorithms AES and DES."
- from 2nd paragraph, page 3


3. "However, as we have shown in this work, all current publicly available white-box implementations (not using remote external encodings) do not even oer any short-term security since the dierential computation analysis (DCA) technique we outlined can extract the secret key within seconds."
- from "Conclusions" on page 18

Now, to answer the burning questions that may come up in your mind Smile

1) SO now we know that we can extract the WB AES key ... Can it be done at home ?

No... At least not unless you invest a little in some good hardware and have good programming/debugging skills.
It can cetainly be done in a small computer lab with an investment of a few thousand dollars.

2) Can the key be extracted from a sentinel dongle for example ? Wink

The answer is given in the last para on page 18, going onto page 19 :

"If medium to long term security is required then tamper resistant hardware solutions, like a secure element, are a much better alternative."


In ENGLISH Smile , this means that it "depends".
If you invest enough money in equipment and resources AND if you have a good knowledge of debugging, then it is very much possible.
But at home, on an old computer ? NO.

In other words, DIRECT extraction of the AES key from the DONGLE ITSELF is NOT what this paper talks about and is effectively very difficult if not impossible.

Also, it is important to note that finally, one DERIVES the key, rather than EXTRACT the key from a dongle.

It is not like, for example, "extracting" pulp or seeds from a fruit Smile
But rather a derivation, if it has to be "got out" from a dongle.

Further,again, from page 18:

"Another potential countermeasure against DCA is the use of external encodings. This was the primary reason why we were not able to extract the secret key from the challenge described in Section 5.5."

These "external encodings" are seen in dongles like hasp which use wbaes and these again prove to be a major hindrance.

However, to overcome that (again from page 18):

"the adversary can obtain knowledge related to the external encoding applied when he observes the behavior of the white-box implementation in the entire software-framework where it is used (especially when the adversary has control over the input parameters used or can observe the final decoded output)."

This again means that since WHITE BOX itself means that we have control over input parameters and can watch the decoded output (ie from the protected program when it runs) AND since we can actually see HOW the algo is implemented (THAT is why it is called "white box" and not "black box" in the first place !), we will be able to figure out the "external encodings" used.
This "figuring out" requires brains as well as money and equipment.

So FINALLY, the answer is a BIG resounding YES. It can be done.

Don't ask me the ACTUAL STEPS now Smile to "get the key out of a dongle"

Techlord

Posts : 11
Points : 19
Reputation : 3
Join date : 2013-11-26

Back to top Go down

Re: Sentinel HL WBAES

Post by ovis25 on Sun Jan 08, 2017 7:59 am

Solution exist to bypass Wba encryption.

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by nodongle.biz on Sun Jan 08, 2017 8:03 am

It is only one of possible ways...  Smile

nodongle.biz

Posts : 319
Points : 371
Reputation : 26
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Sentinel HL WBAES

Post by ovis25 on Sun Jan 08, 2017 12:47 pm

Please provide other possible ways?

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by nodongle.biz on Sun Jan 08, 2017 1:15 pm

It is not public solution.

nodongle.biz

Posts : 319
Points : 371
Reputation : 26
Join date : 2013-05-16
Location : nodongle.biz

http://nodongle.biz

Back to top Go down

Re: Sentinel HL WBAES

Post by ovis25 on Sun Jan 08, 2017 3:11 pm

Firmware emulator ? What other besides this two ?

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by b30wulf on Sun Jan 08, 2017 7:47 pm

one of the most important things is new vectors

b30wulf

Posts : 17
Points : 28
Reputation : 4
Join date : 2012-01-14

Back to top Go down

Re: Sentinel HL WBAES

Post by ovis25 on Mon Jan 09, 2017 3:20 am

extracted from firmware or from what?

ovis25

Posts : 462
Points : 769
Reputation : 115
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Sentinel HL WBAES

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum