Jaguar CD Encryption Bypass thread!

[atarifan49]

2 + 2 = 5 (for extremely large values of 2)

 

 

Dude, you always crack me up with your math humor! I also like the one about "there are 10 type of people who understand binary - those who do and those who don't!"

 

 

Glenn

[LinkoVitch]

2 + 2 = 5 (for extremely large values of 2)

Dude' date=' you always crack me up with your math humor! I also like the one about "there are 10 type of people who understand binary - those who do and those who don't!"

[/quote']

 

Glad you like it wish no-one found it funny, I will have to think for an age now to come up with another.

 

Well looks like the keys are different. and therefore we have 2 different private keys :/

[dhorgan]

Thunderbird wrote:

 

I bet that if everyone here that volunteers to help out could run a cracker program and we assign each person a range of key values, that we could crack it in under a year.

 

I wonder if it would be possible to take an existing cracker program (say distributed.net's for example) and reverse-engineer it to try to crack the key codes?

 

Granted, I have no idea how such a thing would be accomplished.

[Gunstar]

2 + 2 = 5 (for extremely large values of 2)

Dude' date=' you always crack me up with your math humor! I also like the one about "there are 10 type of people who understand binary - those who do and those who don't!"

[/quote']

 

Glad you like it wish no-one found it funny, I will have to think for an age now to come up with another.

 

Well looks like the keys are different. and therefore we have 2 different private keys :/

 

I also find his math humor...interesting anyway. but you quoted him wrong; your quote doesn't make sense. here's the proper quote as I remember it: "There are 10 kinds of people in the world; those who understand binary and those who don't."

[atarifan49]

I also find his math humor...interesting anyway. but you quoted him wrong; your quote doesn't make sense. here's the proper quote as I remember it: "There are 10 kinds of people in the world; those who understand binary and those who don't."

 

 

I may not have the exact wording but it is pretty close to it. You have to not look at the '10' as a decimal number but as a binary number. The way it reads if it was in decimal is:

 

"There are 2 kinds of people in the world - those who understand binary and those who don't."

 

 

Glenn

[atarifan49]

Thunderbird wrote:

 

I bet that if everyone here that volunteers to help out could run a cracker program and we assign each person a range of key values' date=' that we could crack it in under a year.[/quote']

 

I wonder if it would be possible to take an existing cracker program (say distributed.net's for example) and reverse-engineer it to try to crack the key codes?

 

Granted, I have no idea how such a thing would be accomplished.

 

 

Tbird, I've been pondering on "how" for quite some time. I thought of maybe using the RSA encrypt and decrypt routines to take a known piece of information (say maybe the universal header), decrypt it and get whatever that may be. Then use a method of trial and error to re-encrypt the universal key and do a comparison.

 

But I'm not sure if this is even correct method to try? By decrypting the universal key only, is whatever is produced all that is need to re-encrypt? Will the de-crypted MD5 program give us the memory range that was encrypted so that we can match the original data correctly?

 

I'm not quite there yet to know if this has an chance of success. I do realize that this method will take a very long, long time to complete unless we had a good amount of distributed resources.

 

I had just last night stumbled on some of Scott's discussion on this from years ago and some discussion from Bastian / Duranik on their thoughts.

 

What do you or anyone else here think?

 

Glenn

[JagMod]

Tbird' date=' I've been pondering on "how" for quite some time. I thought of maybe using the RSA encrypt and decrypt routines to take a known piece of information (say maybe the universal header), decrypt it and get whatever that may be. Then use a method of trial and error to re-encrypt the universal key and do a comparison.

 

But I'm not sure if this is even correct method to try? By decrypting the universal key only, is whatever is produced all that is need to re-encrypt? Will the de-crypted MD5 program give us the memory range that was encrypted so that we can match the original data correctly?

 

I'm not quite there yet to know if this has an chance of success. I do realize that this method will take a very long, long time to complete unless we had a good amount of distributed resources.

 

I had just last night stumbled on some of Scott's discussion on this from years ago and some discussion from Bastian / Duranik on their thoughts.

 

What do you or anyone else here think?

 

Glenn[/quote']

 

Far as I know, we don't have the clear text for the universal header. Do we?

I think our best bet would be to use the flash rom code since it is only 128K. (its the smallest encrypted rom I have anyway)

Basically, keep encrypting the flash.rom with a new private.key until it matches the 640 bytes that is in the flash.rom header.

 

I've already setup the client / server framework that will allow anyone to download a client for linux or windows and help in the cracking. I'll be doing some more testing on it this weekend.

 

JagMod

[LinkoVitch]

trying to brute force the key in such a manner is pretty futile and will take a VERY long time.

 

If you want to know an easy way to crack the key read the docs at RSA's website.. they tell you the process to factorise the key, which dramatically cuts down the number of calculations required.

 

But essentially all you need to do (ha! said as tho it's really trivial ) is find one of the primary numbers needed to generate the key (basically the two are multiplied together to produce the keys (it's not quite that simple, but it's a close enough example)).

 

Hence the easiest way to search the keyspace is to divide the public key by two (as obvioulsy one primary number is greater than 2 so we can count that out for starters ). and then search just one half of the remaining key space. I think the smaller half would be quickest (but would still take an age). This way you just need to test prime numbers from that half. Until you find one that when multiplied will give you the key part you have.

 

Now as the key is of such large size this can take a long time due to the number of numbers involved and having to test to see if they are prime. Obviously dissregarding any that are even as these cannot be prime (and also reducing your search space again by half).

 

this is the only real way to crack RSA. trying every possible combination until you get a successful match will work, but think how long that is going to take?

 

A simple password cracker that runs through all letters A-Z takes an aweful long time to search all possibilities for an 8 character password, imagine doing that for the ranges of 0-255 for the 64 values of the key! thats 64^255 or

 

37661131670641134196564321969192408014251456999151389864994922485394

64674362192501045445350167728202599138697313887507481035026529367122

38276502029357933539289877084278378941370434699674637734324507116115

21684688399958529029759361085334173782804811953090869395973448087960

52117627527231893428381199665422453701514233158737411022237518066810

07825090560601703280267951919293226036122111728719511464872228204101

09263092167280797070716301943769265419640699380301824

 

possible combinations

 

gonna take a while to search yeah?

 

RSA was designed so that even knowing the decrypted data or the encrypted data, if you have only one key finding the other key out is none trivial and time consuming. It is possible with a key this size and modern computers to do this, but will still take a LOT of time. If done correctly and with enough people sharing the workload it could be possible in under a year I think.

[Gunstar]

Sounds to me like it a lot easier to just continue using cart/cd bypass options or the generic code found earlier... Just seems like a moot point with the encyrption keys coming out now, since ways around it all have already been found. The fact is that the majority of games that will come out in the future will be cd based for cost and with the bypass options already available, and more on the way, that there's really no need to trouble ourselves with cracking codes. Even if another cart is released, bypasses exist for it too...we've gotten along fine with releasing software so far, why get all hot and bothered about encryption keys now?

If the private key or whatever proper key that is needed is found, fine, people can save a bit of time/effort/money by using them; but if we have to discover the keys through cracking the codes, it sure seems to me like it's counter-productive and any time&money saved with proper codes was already lost getting the codes.

[atarifan49]

trying to brute force the key in such a manner is pretty futile and will take a VERY long time.

 

I agree. Just wanted to present my idea and see what other people thought.

 

If you want to know an easy way to crack the key read the docs at RSA's website.. they tell you the process to factorise the key' date=' which dramatically cuts down the number of calculations required.[/quote']

 

Have a good link?

 

Hence the easiest way to search the keyspace is to divide the public key by two (as obvioulsy one primary number is greater than 2 so we can count that out for starters ). and then search just one half of the remaining key space. I think the smaller half would be quickest (but would still take an age). This way you just need to test prime numbers from that half. Until you find one that when multiplied will give you the key part you have.

 

I thought about this a few months ago to. Just didn't have much else to work with as to how to eliminate (other than even numbers) numbers that didn't need to be considered. Guess that's the beauty of RSA' date=' right?

 

Now as the key is of such large size this can take a long time due to the number of numbers involved and having to test to see if they are prime. Obviously dissregarding any that are even as these cannot be prime (and also reducing your search space again by half).

 

Agree.

 

this is the only real way to crack RSA. trying every possible combination until you get a successful match will work' date=' but think how long that is going to take?[/quote']

 

All depending on the number of iterations you can do per second and amount of people / computers you can get involved! I game to support with my machines.

 

A simple password cracker that runs through all letters A-Z takes an aweful long time to search all possibilities for an 8 character password' date=' imagine doing that for the ranges of 0-255 for the 64 values of the key! thats 64^255 or

 

37661131670641134196564321969192408014251456999151389864994922485394

64674362192501045445350167728202599138697313887507481035026529367122

38276502029357933539289877084278378941370434699674637734324507116115

21684688399958529029759361085334173782804811953090869395973448087960

52117627527231893428381199665422453701514233158737411022237518066810

07825090560601703280267951919293226036122111728719511464872228204101

09263092167280797070716301943769265419640699380301824

 

possible combinations [/quote']

 

Need to multiply that number by 64. Need to account for the additional 6 bits. Upper value of the key is a decimal value somewhere between 0 and 63.

 

gonna take a while to search yeah?

 

Yeah' date=' but wouldn't it be great to just do it and find it just to rub it into the Tramiel's faces!

 

RSA was designed so that even knowing the decrypted data or the encrypted data' date=' if you have only one key finding the other key out is none trivial and time consuming. It is possible with a key this size and modern computers to do this, but will still take a LOT of time. If done correctly and with enough people sharing the workload it could be possible in under a year I think.[/quote']

 

This whole thing over the years has really intrigued me. It's help my motivation in taking as much math classes as I can get. Don't plan on a career as a mathmatician, but it's help my motivation as to understanding working with numbers.

 

Cheers,

Glenn

[atarifan49]

Sounds to me like it a lot easier to just continue using cart/cd bypass options or the generic code found earlier... Just seems like a moot point with the encyrption keys coming out now' date=' since ways around it all have already been found. The fact is that the majority of games that will come out in the future will be cd based for cost and with the bypass options already available, and more on the way, that there's really no need to trouble ourselves with cracking codes. Even if another cart is released, bypasses exist for it too...we've gotten along fine with releasing software so far, why get all hot and bothered about encryption keys now?

If the private key or whatever proper key that is needed is found, fine, people can save a bit of time/effort/money by using them; but if we have to discover the keys through cracking the codes, it sure seems to me like it's counter-productive and any time&money saved with proper codes was already lost getting the codes.[/quote']

 

You got a point there. We already have good methods of work around that do a very good job.

 

But it is a nice challenge to attempt. Help gain some better understanding in working with numbers. Maybe improve some programming skills in the process. Pull some hairs out! Got plenty of those, so I'm not worried.

 

 

Glenn

[Thunderbird]

Tbird' date=' I've been pondering on "how" for quite some time. I thought of maybe using the RSA encrypt and decrypt routines to take a known piece of information (say maybe the universal header), decrypt it and get whatever that may be. Then use a method of trial and error to re-encrypt the universal key and do a comparison.

 

But I'm not sure if this is even correct method to try? By decrypting the universal key only, is whatever is produced all that is need to re-encrypt? Will the de-crypted MD5 program give us the memory range that was encrypted so that we can match the original data correctly?

 

I'm not quite there yet to know if this has an chance of success. I do realize that this method will take a very long, long time to complete unless we had a good amount of distributed resources.

 

I had just last night stumbled on some of Scott's discussion on this from years ago and some discussion from Bastian / Duranik on their thoughts.

 

What do you or anyone else here think?

 

Glenn[/quote']

 

Far as I know, we don't have the clear text for the universal header. Do we?

I think our best bet would be to use the flash rom code since it is only 128K. (its the smallest encrypted rom I have anyway)

Basically, keep encrypting the flash.rom with a new private.key until it matches the 640 bytes that is in the flash.rom header.

 

I've already setup the client / server framework that will allow anyone to download a client for linux or windows and help in the cracking. I'll be doing some more testing on it this weekend.

 

JagMod

 

 

Well, it looks like I'll be finding myself a different little pet project to take care of this weekend. Damn day-job getting in the way again!!!!

[Thunderbird]

Thunderbird wrote:

 

I bet that if everyone here that volunteers to help out could run a cracker program and we assign each person a range of key values' date=' that we could crack it in under a year.[/quote']

 

I wonder if it would be possible to take an existing cracker program (say distributed.net's for example) and reverse-engineer it to try to crack the key codes?

 

Granted, I have no idea how such a thing would be accomplished.

 

 

Tbird, I've been pondering on "how" for quite some time. I thought of maybe using the RSA encrypt and decrypt routines to take a known piece of information (say maybe the universal header), decrypt it and get whatever that may be. Then use a method of trial and error to re-encrypt the universal key and do a comparison.

 

But I'm not sure if this is even correct method to try? By decrypting the universal key only, is whatever is produced all that is need to re-encrypt? Will the de-crypted MD5 program give us the memory range that was encrypted so that we can match the original data correctly?

 

I'm not quite there yet to know if this has an chance of success. I do realize that this method will take a very long, long time to complete unless we had a good amount of distributed resources.

 

I had just last night stumbled on some of Scott's discussion on this from years ago and some discussion from Bastian / Duranik on their thoughts.

 

What do you or anyone else here think?

 

Glenn

 

At first thought, I imagined that this was the way to go, and thought I could whip out a program in a few minutes to do just that, but then after thinking it through a bit I realized it would take longer that I'd like and that there should be a way to reduce the number of keys tested. I was about to study it in more detail this weekend, but it looks like Linkovitch is the resident expert.

 

What we need to do is write such a program and then test it with the test keys to try and see if it works. (Obviously giving it a "head start" by starting at a value close to the actual test key.)

[Thunderbird]

Sounds to me like it a lot easier to just continue using cart/cd bypass options or the generic code found earlier... Just seems like a moot point with the encyrption keys coming out now' date=' since ways around it all have already been found. The fact is that the majority of games that will come out in the future will be cd based for cost and with the bypass options already available, and more on the way, that there's really no need to trouble ourselves with cracking codes. Even if another cart is released, bypasses exist for it too...we've gotten along fine with releasing software so far, why get all hot and bothered about encryption keys now?

If the private key or whatever proper key that is needed is found, fine, people can save a bit of time/effort/money by using them; but if we have to discover the keys through cracking the codes, it sure seems to me like it's counter-productive and any time&money saved with proper codes was already lost getting the codes.[/quote']

 

You got a point there. We already have good methods of work around that do a very good job.

 

But it is a nice challenge to attempt. Help gain some better understanding in working with numbers. Maybe improve some programming skills in the process. Pull some hairs out! Got plenty of those, so I'm not worried.

 

 

Glenn

 

There's a lot to be said for finding out the real key just to prove it's possible. (I mean, what's the point of climbing Mt. Everest anyhow???)

 

But the learning process involved is something which will definitely help reverse engineer the key for the CD, which is our ultimate goal.

 

There may be unexplored benefits to using the real encryption instead of the bypass as well, like helping copy-protect software or something.

[JagMod]

What we need to do is write such a program and then test it with the test keys to try and see if it works. (Obviously giving it a "head start" by starting at a value close to the actual test key.)

 

Exactly, since we have a valid set of test keys, the setup can be easily tested.

 

JagMod

[Thunderbird]

What we need to do is write such a program and then test it with the test keys to try and see if it works. (Obviously giving it a "head start" by starting at a value close to the actual test key.)

 

Exactly' date=' since we have a valid set of test keys, the setup can be easily tested.

 

JagMod[/quote']

 

I have several reasonably fast PC's and a couple ultra fast PC's and access to some others. If everyone else who participates can come up with some processing power, we can make some real progress.

 

I was thinking we could also possibly get non jaguar people involved if we promote the idea to the general public as "cracking RSA encryption". We could get additional help that way.

[Gunstar]

I also find his math humor...interesting anyway. but you quoted him wrong; your quote doesn't make sense. here's the proper quote as I remember it: "There are 10 kinds of people in the world; those who understand binary and those who don't."

 

 

I may not have the exact wording but it is pretty close to it. You have to not look at the '10' as a decimal number but as a binary number. The way it reads if it was in decimal is:

 

"There are 2 kinds of people in the world - those who understand binary and those who don't."

 

 

Glenn

 

Yeah, I got that. I know binary. But even if I didn't it's easy for someone to figure out (someone with half a brain anyway ) that 1) people who understand binary and 2) people who don't, doesn't add up to 10 in decimal... Just re-read your quote "version" carefully and you'll see how it doesn't make sense...

[Gunstar]

Sounds to me like it a lot easier to just continue using cart/cd bypass options or the generic code found earlier... Just seems like a moot point with the encyrption keys coming out now' date=' since ways around it all have already been found. The fact is that the majority of games that will come out in the future will be cd based for cost and with the bypass options already available, and more on the way, that there's really no need to trouble ourselves with cracking codes. Even if another cart is released, bypasses exist for it too...we've gotten along fine with releasing software so far, why get all hot and bothered about encryption keys now?

If the private key or whatever proper key that is needed is found, fine, people can save a bit of time/effort/money by using them; but if we have to discover the keys through cracking the codes, it sure seems to me like it's counter-productive and any time&money saved with proper codes was already lost getting the codes.[/quote']

 

You got a point there. We already have good methods of work around that do a very good job.

 

But it is a nice challenge to attempt. Help gain some better understanding in working with numbers. Maybe improve some programming skills in the process. Pull some hairs out! Got plenty of those, so I'm not worried.

 

 

Glenn

 

Fair enough. Have fun cracking!

[LinkoVitch]

If you want to know an easy way to crack the key read the docs at RSA's website.. they tell you the process to factorise the key' date=' which dramatically cuts down the number of calculations required.[/quote']

 

Have a good link?

 

After some digging in my email.. I FOUND IT! here you go:

 

http://www.rsasecurity.com/rsalabs/faq/3-1-3.html

http://www.stack.nl/~galactus/remailers/at...attack-2.html#2

 

I got them from my Internet security/encryption professor from University' date=' so they are good links, especially the RSA Security one

 

this is the only real way to crack RSA. trying every possible combination until you get a successful match will work' date=' but think how long that is going to take?[/quote']

 

All depending on the number of iterations you can do per second and amount of people / computers you can get involved! I game to support with my machines.

 

That was exactly my initial thought until I looked at the actual size of the number and number of possibilities. Even if you had a machine that could do 4000000000 itterations per second, you would still be dead before it got anywhere near finished

 

A simple password cracker that runs through all letters A-Z takes an aweful long time to search all possibilities for an 8 character password' date=' imagine doing that for the ranges of 0-255 for the 64 values of the key! thats 64^255 or

[/quote']

 

Need to multiply that number by 64. Need to account for the additional 6 bits. Upper value of the key is a decimal value somewhere between 0 and 63.

 

I know it's not accurate, but it does give you a close approximation, and remember the e value of an RSA key is normally quite small and a fixed integer, and hence shouldn't be counted

 

gonna take a while to search yeah?

 

Yeah' date=' but wouldn't it be great to just do it and find it just to rub it into the Tramiel's faces![/quote']

 

Oh, I have every belief that it's worth doing, just don't want to waste millenia doing it.

 

This whole thing over the years has really intrigued me. It's help my motivation in taking as much math classes as I can get. Don't plan on a career as a mathmatician' date=' but it's help my motivation as to understanding working with numbers.

[/quote']

 

It motivated me to look into how it's done, one day (unless someone else does it) I will probably write a distibuted app to crack the key, just for now I would rather get stuck into writing actual jaguar games and stuff

 

one day.. one day

[LinkoVitch]

 

At first thought' date=' I imagined that this was the way to go, and thought I could whip out a program in a few minutes to do just that, but then after thinking it through a bit I realized it would take longer that I'd like and that there should be a way to reduce the number of keys tested. I was about to study it in more detail this weekend, but it looks like Linkovitch is the resident expert.[/quote']

 

Thanks! although I would hardly say I am an expert, I would encourage other people interested in this to go and try it for themselves, I am no mathematician, and could quite easily be wrong on several counts. I do think what I have said to be true, but don't take my word for it

 

What we need to do is write such a program and then test it with the test keys to try and see if it works. (Obviously giving it a "head start" by starting at a value close to the actual test key.)

 

I was thinking something similar, although was thinking more of generating useless small keys of only a few bytes in size, if it could crack them, then it would prove it's case, but your way is good too, I assume the test key you refer to is the one released with the encryption software Curt released ?

[LinkoVitch]

perhaps worth having a look at this page (google is ace innit) or one of the others out there:

 

http://cis.potsdam.edu/seminar/mitre/rsa.HTML

[atarifan49]

perhaps worth having a look at this page (google is ace innit) or one of the others out there:

http://cis.potsdam.edu/seminar/mitre/rsa.HTML

 

 

Dude. That was a good page. Really presents the problem that we're up against. Thanks for sharing that link.

 

Glenn

[atarifan49]

Linko,

 

Based on the following:

 

The math of RSA in 6 fun-filled steps

 

To understand the attacks on RSA, it is important to understand how RSA works. Briefly:

 

1. Find 2 very large primes, p and q.

2. Find n=pq (the public modulous).

3. Choose e, such that e<n and relatively prime to (p-1)(q-1).

4. Compute d=e^-1 mod[(p1-)(q-1)] OR ed=1[mod (p-1)(q-1)].

5. e is the public exponent and d is the private one.

6. The public-key is (n,e), and the private key is (n,d).

 

How do you think the (n,e) and (n,d) translate to the public-key and private-key that Atari used? Is the public key just n^e (n raised to e)?

 

 

Glenn

 

 

On a side note: Dave Staugas was an amazing programmer. He had indicated to me he was the one guy in Atari who they brought the strange projects to. He was also well liked by Jack Tramiel. That's why you find the "Dave StaUgas loves Bea Hablig" in every ST ROM. Supposeably Jack Tramiel like this that he mandated that every ST ROM will have this message embedded into it.

[Sinigord]

On a side note: Dave Staugas was an amazing programmer. He had indicated to me he was the one guy in Atari who they brought the strange projects to. He was also well liked by Jack Tramiel. That's why you find the "Dave StaUgas loves Bea Hablig Nu" in every ST ROM. Supposeably Jack Tramiel like this that he mandated that every ST ROM will have this message embedded into it.

 

It's probably very sad, but I immediately recognised the Nu at the end of that sentence as an RTS instruction. It's hex 4E75... just shows how many rom dumps I've looked at over the years.

 

Gordon

[LinkoVitch]

Linko,

 

Based on the following:

 

The math of RSA in 6 fun-filled steps

 

To understand the attacks on RSA, it is important to understand how RSA works. Briefly:  

 

1. Find 2 very large primes, p and q.  

2. Find n=pq (the public modulous).  

3. Choose e, such that e

4. Compute d=e^-1 mod[(p1-)(q-1)] OR ed=1[mod (p-1)(q-1)].  

5. e is the public exponent and d is the private one.  

6. The public-key is (n,e), and the private key is (n,d).

 

How do you think the (n,e) and (n,d) translate to the public-key and private-key that Atari used? Is the public key just n^e (n raised to e)?

 

 

(n,e) is simply n with e concatinated to the end, hence you can find e trivially as it's usually small, It also makes n that bit smaller to search too .