Ok tryed AES decrypt on the file you have posted but i got a bad file header error message.I will search for other crypting tools and try the other crypting algos too.

And also i will try the tool that would be used for samy tv's.

+ Reply to Thread

Results 31 to 40 of 42

- 10-20-2011 #31
Ok tryed AES decrypt on the file you have posted but i got a bad file header error message.I will search for other crypting tools and try the other crypting algos too.

And also i will try the tool that would be used for samy tv's.Last edited by cfwprophet; 10-20-2011 at 05:06 PM Reason: Automerged Doublepost

- 10-20-2011 #32

- 10-20-2011 #33
So I'll teach a lil bit about AES ...

AES stands for Advanced Encryption Standard made by the U.S. Government blah blah blah...

This is what the decipher is:

AES is based on a design principle known as a Substitution permutation network. It is fast in both software and hardware. Unlike its predecessor, DES, AES does not use a Feistel network.

AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits, whereas Rijndael can be specified with block and key sizes in any multiple of 32 bits, with a minimum of 128 bits. The blocksize has a maximum of 256 bits, but the keysize has no theoretical maximum.

AES operates on a 4×4 column-major order matrix of bytes, termed the state (versions of Rijndael with a larger block size have additional columns in the state). Most AES calculations are done in a special finite field.

The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext. Each round consists of several processing steps, including one that depends on the encryption key. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.

**High-level description of the algorithm**

- KeyExpansion—round keys are derived from the cipher key using Rijndael's key schedule (found here: http://en.wikipedia.org/wiki/Rijndael_key_schedule )

- Initial Round

- AddRoundKey—each byte of the state is combined with the round key using bitwise xor

- Rounds

- SubBytes—a non-linear substitution step where each byte is replaced with another according to a lookup table.
- ShiftRows—a transposition step where each row of the state is shifted cyclically a certain number of steps.
- MixColumns—a mixing operation which operates on the columns of the state, combining the four bytes in each column.
- AddRoundKey

- Final Round (no MixColumns)

- SubBytes
- ShiftRows
- AddRoundKey

**The SubBytes step**

In the SubBytes step, each byte in the matrix is updated using an 8-bit substitution box, the Rijndael S-box. This operation provides the non-linearity in the cipher. The S-box used is derived from the multiplicative inverse over**GF**(*28*), known to have good non-linearity properties. To avoid attacks based on simple algebraic properties, the S-box is constructed by combining the inverse function with an invertible affine transformation. The S-box is also chosen to avoid any fixed points (and so is a derangement), and also any opposite fixed points.

**The ShiftRows step**

The ShiftRows step operates on the rows of the state; it cyclically shifts the bytes in each row by a certain offset. For AES, the first row is left unchanged. Each byte of the second row is shifted one to the left. Similarly, the third and fourth rows are shifted by offsets of two and three respectively. For the block of size 128 bits and 192 bits the shifting pattern is the same. In this way, each column of the output state of the ShiftRows step is composed of bytes from each column of the input state. (Rijndael variants with a larger block size have slightly different offsets). In the case of the 256-bit block, the first row is unchanged and the shifting for second, third and fourth row is 1 byte, 3 bytes and 4 bytes respectively—this change only applies for the Rijndael cipher when used with a 256-bit block, as AES does not use 256-bit blocks.

**The MixColums step**

In the MixColumns step, the four bytes of each column of the state are combined using an invertible linear transformation. The MixColumns function takes four bytes as input and outputs four bytes, where each input byte affects all four output bytes. Together with ShiftRows, MixColumns provides diffusion in the cipher.

During this operation, each column is multiplied by the known matrix that for the 128 bit key is

The multiplication operation is defined as: multiplication by 1 means leaving unchanged, multiplication by 2 means shifting byte to the left and multiplication by 3 means shifting to the left and then performing xor with the initial unshifted value. After shifting, a conditional xor with 0x11B should be performed if the shifted value is larger than 0xFF.

In more general sense, each column is treated as a polynomial over**GF**(*28*) and is then multiplied modulo x4+1 with a fixed polynomial c(x) = 0x03 · x3 + x2 + x + 0x02. The coefficients are displayed in their hexadecimal equivalent of the binary representation of bit polynomials from**GF**(2)[x]. The MixColumns step can also be viewed as a multiplication by a particular MDS matrix in a finite field. (This is further explained here: http://en.wikipedia.org/wiki/Rijndael_mix_columns )

**The****AddRoundKey**step

In the AddRoundKey step, the subkey is combined with the state. For each round, a subkey is derived from the main key using Rijndael's key schedule; each subkey is the same size as the state. The subkey is added by combining each byte of the state with the corresponding byte of the subkey using bitwise XOR.

**Optimization of the cipher**

On systems with 32-bit or larger words, it is possible to speed up execution of this cipher by combining SubBytes and ShiftRows with MixColumns, and transforming them into a sequence of table lookups. This requires four 256-entry 32-bit tables, which utilizes a total of four kilobytes (4096 bytes) of memory—one kilobyte for each table. A round can now be done with 16 table lookups and 12 32-bit exclusive-or operations, followed by four 32-bit exclusive-or operations in the AddRoundKey step.

If the resulting four kilobyte table size is too large for a given target platform, the table lookup operation can be performed with a single 256-entry 32-bit (i.e. 1 kilobyte) table by the use of circular rotates.

**Something Else**

Test vectors are a set of known ciphers for a given input and key. NIST distributes the reference of AES test vectors as AES Known Answer Test (KAT) Vectors (in ZIP format)

Using a byte-oriented approach, it is possible to combine the SubBytes, ShiftRows, and MixColumns steps into a single round operation.

Here's something I found on this:

Good luck.

Well... those links...

- KeyExpansion—round keys are derived from the cipher key using Rijndael's key schedule (found here: http://en.wikipedia.org/wiki/Rijndael_key_schedule )
- 10-20-2011 #34

- 10-21-2011 #35
I have found a tool named Cryptool and analyzed the file alot but no luck after all, since we have no idea about the key. Anyway, I have other news.

I have talked to SamyGo guru. The debug port I have found does not use RS232. It is something else. On the bright side, this time, I have found the RS232 ports of the controller chips.

U_RS232_RXD

U_RS232_TXD

Pin numbers 96 and 97 on page 88. Connector name CN5000, CHIP name IC5000.

Look at that picture I have taken: http://www.ps4news.com/forums/attach...chmentid=31502

You can clearly see the 6 pins left side of the chip. Two of them have trace. Those two traces are U_RS232_RXD and U_RS232_TXD, enoguh to get RS232 to work. Now it says 3.3V standby. I think I need to keep the TV in standby mode so that the board will have enoguh current for the rs232 port and the chips to operate.

I will take a look at this tomorrow. The weekend is here!

- 10-21-2011 #36
Great i'm waiting with patience for you to have progress on this. I'm here if you need help for something.

- 10-22-2011 #37
RS232 thing is a little bit risky. I gotta adjust the voltages right so that I won't fry anything. I am talking to other guys. I will inform you when something new happens.

- 10-24-2011 #38
Allright guys. After looking for a needle in the haystack, I have finally found the port, with the help of the SamyGo project leader erdem. Here are the brand new info. Finally, we have an aim.

The port is named DTT. Probabbly stands for Debug Test System, Debug Test Target.

It's an 18 pin port but we are not going to use all of them:

And it's at the back side of the PCB //doh

I even had a picture of it when I opened the TV up back then, how could I know it was the right port

Port name: CN5502 1-774-667-51 CONNECTOR, FFC/FPC 18P

- 11-02-2011 #39
Ok guys I need help here. I can not connect RS232 directly to the debug port. That's why I have ordered a USB/TTL converter.

CP2102 based USB/RS232 Transfer circuit

Now the question is, there are 3 GND pins on the port:

http://www.ps4news.com/forums/attach...chmentid=31536

How will I do the wiring? One for M_UART0_RX, another for M_UART0_TX, GND to pin 11 GND.

Do I have to connect 3.3V pin to port 5? Port 14? Or both?

- 11-02-2011 #40
If I was doing this, I would have attached to both of them, seems like enough grounding for 3.3. But I'm a slacker when it comes to hardware-things, so you may not bother listening to me before someone else, more qualified answers you

Awesome progress, BTW, that thing what you're doing, it's cool.