Some detail of RTL8372 firmware & Any progress on reverse engineering the UID algorithm?

[libc0607]

Hi.

A week ago, @FanFansfan and I started some exploration on some RTL8372 firmware, and I found your repo yesterday. See our discussion (mainly) here and here (a little bit) (sry for zh-cn, pls use translate).

In short:

• @FanFansfan used his logic analyzer, captured the SPI flash's signals in both normal boot and UID check fail boot
• The RTL8372 has a DW8051 core running at 125MHz, uses code banking to support SPI flash, the bank size is 48K
• The "serial number" is stored in the flash's OTP area, a 64bit code, in the formation of 16 bytes hex string
• The UID algorithm can be written as: F(<First 32bit of Flash UID>, <String "59494F4754fff00" (0x0DD55F @SWTG124AS-v2.bin)>, <String "59494F4754fff01" (0x0DD57F @SWTG124AS-v2.bin)>) = the OTP content
• We didn't figure out the actual algorithm of the "serial number", but found the JZ instruction (yes, it's what you think) of comparing the output of the algorithm and the OTP content
• That algorithm should be the same in different brand switches -- the flash contents and the strings are the same, as it should be part of the Realtek SDK
• We also found the checksum comparison JZ instruction (could bypass the firmware integrity check)
• We got stuck on the "reset button" issue -- because of different hardware variations, the "reset factory default" pin is pulled down in some hardware and will cause reset loop then; We could find the pin theoretically but in exchange we could possibly lose some function, e.g. one of the 10G port
• The RTL8372N chip boots the firmware also
• There are four testpoints in one group on one board but it seems not the JTAG. The DW8051 manual also claims it not supporting JTAG
• Reverse engineering an 8051 with code banking and without JTAG is f**king traumatic

I don't know if it's worth spending time on reverse engineering the algorithm. Making an FPGA MITM module on the SPI bus may better than that.

Any suggestions? And, is there someone experienced on 8051 RE watching here?

[up-n-atom]

Any suggestions? And, is there someone experienced on 8051 RE watching here?

Sorry for this late reply. Oddly, rather than github informing me of pending open issues, it was a reply on servethehome.com that got my attention. Anyway, I will allocate time this weekend to take a look at these developments and try to gather any new insight.

[up-n-atom]

Before I delve into the code, I can confirm that same reset button boot loop is experienced with the SWTG118AS v1.0 and I wrote a little explanation at https://forums.servethehome.com/index.php?threads/horaco-2-5gbe-managed-switch-8-x-2-5gbe-1-10gb-sfp.41571/post-428606

[up-n-atom]

@libc0607 @FanFansfan It's AES encryption.

The sbox in bytes are at 0xDD433..0xDD532 and the rcon in dwords are at 0xDD533..0xDD55E.

I haven't dug into it just yet but my assumption is 59494F4754fff00\0 and 59494F4754fff01\0 are the 128bit keys.

[giver3]

The flash's UID in these captures is what he said in the Yakigani issue, 10 09 3F 30 D4 50 84 22 (64-bit), and the OTP content is 57 2d ad 0d 4f f6 c7 45 (hex char). Maybe that helps.

I can confirm that on the two operational managed switches (ZX-SWTG124AS) the UID starts with: 10 09 3F 30 D4 xx xx xx.
The OTP value is the same (57 2D AD 0D 4F F6 C7 45).
I wonder why the OTP has a size of 4096 (https://github.com/libc0607/Yakigani/issues/1#issuecomment-2106170866) maybe further down is the rest of the data?

[libc0607]

The flash's UID in these captures is what he said in the Yakigani issue, 10 09 3F 30 D4 50 84 22 (64-bit), and the OTP content is 57 2d ad 0d 4f f6 c7 45 (hex char). Maybe that helps.

I can confirm that on the two operational managed switches the UID starts with: 10 09 3F 30 D4 xx xx xx. The OTP value is the same (57 2D AD 0D 4F F6 C7 45). I wonder why the OTP has a size of 4096 (libc0607/Yakigani#1 (comment)) maybe further down is the rest of the data?

Maybe he had set the wrong size in the reading script? @FanFansfan

Thank you for the flash information.
So the Realtek SDK really wrote a bug, only reading the first 32-bit of UID ... So all flash with a UID starts with 10 09 3F 30 shares the same OTP content.
I think they had forgotten the 4 dummy bytes after sending CMD 4B 😂😂 Maybe the actual UID that goes into the AES algo should be sth like 00 00 00 00 10 09 3F 30 or FF FF FF FF 10 09 3F 30 ...

And I've noticed that after reading the UID, it reads the %02bx @0DC000, 8 times. Seems like converting a 64-bit UID into hex string.

[libc0607]

Did some timing analysis on the LA captured data, @up-n-atom you're right it's AES-128. It reads the sbox data 10 rounds.

// Step 0.

// 4 reads/grp, 10 grps

// 0.0

6479313,6146693036.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD463, 3 bytes): 04 c7 23

6479374,6146701452.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD463, 3 bytes): 04 c7 23

6479441,6146710828.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD433, 3 bytes): 63 7c 77

6479508,6146720076.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD499, 3 bytes): 33 85 45



// 0.1

6482303,6147321502.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B2, 3 bytes): d2 cd 0c

6482364,6147329918.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD468, 3 bytes): 96 05 9a

6482431,6147339294.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD48E, 2 bytes): 39 4a

6482497,6147348412.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD48A, 3 bytes): 5b 6a cb



// 0.2

6485291,6147949838.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD513, 3 bytes): e1 f8 98

6485352,6147958254.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD470, 3 bytes): 27 b2 75

6485419,6147967630.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD49F, 1 bytes): 50

6485484,6147976622.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B5, 3 bytes): 13 ec 5f



// 0.3

6488277,6148578688.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD456, 3 bytes): 26 36 3f

6488338,6148587104.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD439, 3 bytes): 6f c5 30

6488405,6148596480.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4A8, 3 bytes): 9d 38 f5

6488472,6148605728.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4E9, 3 bytes): 4e a9 6c



// 0.4

6491267,6149207282.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD492, 3 bytes): cf d0 ef

6491328,6149215698.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4E0, 3 bytes): 95 e4 79

6491395,6149225072.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD481, 3 bytes): 2f 84 53

6491462,6149234320.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD47B, 3 bytes): 52 3b d6



// 0.5

6494257,6149836770.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD51D, 3 bytes): 87 e9 ce

6494318,6149845186.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD44D, 3 bytes): a2 af 9c

6494385,6149854562.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43C, 3 bytes): 01 67 2b

6494452,6149863810.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4BB, 3 bytes): c4 a7 7e



// 0.6

6497246,6150471540.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD475, 3 bytes): 2c 1a 1b

6497307,6150479956.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD46F, 1 bytes): eb

6497372,6150489076.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4DB, 3 bytes): c2 d3 ac

6497439,6150498324.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD458, 3 bytes): 3f f7 cc



// 0.7

6500232,6151101286.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4FB, 3 bytes): e8 dd 74

6500293,6151109700.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4F7, 3 bytes): 1c a6 b4

6500360,6151119076.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD47D, 3 bytes): d6 b3 29

6500427,6151128324.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD50D, 3 bytes): 57 b9 86



// 0.8

6503222,6151729878.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD476, 3 bytes): 1a 1b 6e

6503283,6151738294.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4AE, 2 bytes): 21 10

6503349,6151747542.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD44C, 3 bytes): d4 a2 af

6503416,6151756790.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD453, 3 bytes): b7 fd 93



// 0.9

6506211,6152359240.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4FE, 2 bytes): 1f 4b

6506271,6152367528.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD501, 3 bytes): 8b 8a 70

6506338,6152376904.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4F1, 3 bytes): ae 08 ba

6506405,6152386150.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4BC, 3 bytes): a7 7e 3d





// Step 1. 

// 16 reads

 

// 1.0

6516094,6154390040.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD437, 3 bytes): f2 6b 6f

6516299,6154420216.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43A, 3 bytes): c5 30 01

6516504,6154450390.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD437, 3 bytes): f2 6b 6f

6516709,6154480566.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD488, 3 bytes): fc b1 5b

6517029,6154529396.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43C, 3 bytes): 01 67 2b

6517234,6154559572.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD453, 3 bytes): b7 fd 93

6517439,6154589748.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD437, 3 bytes): f2 6b 6f

6517644,6154619922.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD489, 3 bytes): b1 5b 6a

6517964,6154668754.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD437, 3 bytes): f2 6b 6f

6518169,6154698928.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43A, 3 bytes): c5 30 01

6518374,6154729104.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD489, 3 bytes): b1 5b 6a

6518579,6154759280.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD436, 3 bytes): 7b f2 6b

6518899,6154808110.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD433, 3 bytes): 63 7c 77

6519104,6154838286.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43A, 3 bytes): c5 30 01

6519309,6154868460.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD492, 3 bytes): cf d0 ef

6519514,6154898636.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD463, 3 bytes): 04 c7 23



// 1.1

6536972,6157755018.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4EB, 3 bytes): 6c 56 f4

6537177,6157785192.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B3, 3 bytes): cd 0c 13

6537382,6157815368.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD464, 3 bytes): c7 23 c3

6537587,6157845544.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4F0, 3 bytes): 7a ae 08

6537907,6157894374.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4A9, 3 bytes): 38 f5 bc

6538112,6157924550.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4E2, 3 bytes): 79 e7 c8

6538317,6157954724.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43F, 1 bytes): fe

6538520,6157984644.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD44D, 3 bytes): a2 af 9c

6538840,6158033474.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD49A, 3 bytes): 85 45 f9

6539045,6158063650.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43A, 3 bytes): c5 30 01

6539250,6158093826.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD520, 3 bytes): 55 28 df

6539455,6158124000.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD446, 3 bytes): 7d fa 59

6539775,6158172832.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43C, 3 bytes): 01 67 2b

6539980,6158203006.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD459, 3 bytes): f7 cc 34

6540185,6158233182.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B7, 3 bytes): 5f 97 44

6540390,6158263358.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD438, 3 bytes): 6b 6f c5



// 1.2

6557722,6161103002.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4C0, 3 bytes): 5d 19 73

6557927,6161133178.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD433, 3 bytes): 63 7c 77

6558132,6161163354.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD502, 3 bytes): 8a 70 3e

6558337,6161193528.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4D7, 3 bytes): 49 06 24

6558657,6161242360.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4D4, 3 bytes): 32 3a 0a

6558862,6161272534.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4AF, 1 bytes): 10

6559065,6161302454.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD497, 3 bytes): 43 4d 33

6559270,6161332630.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD514, 3 bytes): f8 98 11

6559590,6161381460.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD49F, 1 bytes): 50

6559793,6161411380.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4FA, 3 bytes): c6 e8 dd

6559998,6161441556.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B1, 3 bytes): f3 d2 cd

6560203,6161471730.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD442, 3 bytes): 76 ca 82

6560523,6161520562.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD452, 3 bytes): c0 b7 fd

6560728,6161550736.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4D4, 3 bytes): 32 3a 0a

6560933,6161580912.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4EA, 3 bytes): a9 6c 56

6561138,6161611088.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4D4, 3 bytes): 32 3a 0a



// 1.3

6578470,6164446124.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD481, 3 bytes): 2f 84 53

6578675,6164476300.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD487, 3 bytes): 20 fc b1

6578880,6164506476.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD47D, 3 bytes): d6 b3 29

6579085,6164536650.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD450, 3 bytes): a4 72 c0

6579405,6164585482.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD500, 3 bytes): bd 8b 8a

6579610,6164615656.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD516, 3 bytes): 11 69 d9

6579815,6164645832.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD493, 3 bytes): d0 ef aa

6580020,6164676008.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD529, 3 bytes): 42 68 41

6580340,6164724838.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD50B, 3 bytes): 61 35 57

6580545,6164755014.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4D7, 3 bytes): 49 06 24

6580750,6164785188.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4F2, 3 bytes): 08 ba 78

6580955,6164815364.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43D, 3 bytes): 67 2b fe

6581275,6164864194.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD455, 3 bytes): 93 26 36

6581480,6164894370.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD458, 3 bytes): 3f f7 cc

6581685,6164924546.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD483, 3 bytes): 53 d1 00

6581890,6164954720.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD446, 3 bytes): 7d fa 59



// 1.4

6599180,6167789054.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD466, 3 bytes): c3 18 96

6599385,6167819230.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD448, 3 bytes): 59 47 f0

6599590,6167849406.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD504, 3 bytes): 3e b5 66

6599795,6167879580.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD510, 3 bytes): c1 1d 9e

6600115,6167928412.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4BE, 2 bytes): 3d 64

6600319,6167958458.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD451, 3 bytes): 72 c0 b7

6600524,6167988634.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4E5, 3 bytes): 37 6d 8d

6600729,6168018810.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD445, 3 bytes): c9 7d fa

6601049,6168067640.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43D, 3 bytes): 67 2b fe

6601254,6168097816.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD433, 3 bytes): 63 7c 77

6601459,6168127990.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4EF, 1 bytes): 65

6601662,6168157910.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD506, 3 bytes): 66 48 03

6601982,6168206740.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4D1, 3 bytes): 0b db e0

6602187,6168236916.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4FB, 3 bytes): e8 dd 74

6602392,6168267092.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43A, 3 bytes): c5 30 01

6602597,6168297266.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD51E, 2 bytes): e9 ce



// 1.5

6619949,6171140912.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4A6, 3 bytes): 8f 92 9d

6620154,6171171088.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4EB, 3 bytes): 6c 56 f4

6620359,6171201262.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4A6, 3 bytes): 8f 92 9d

6620564,6171231438.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD523, 3 bytes): 8c a1 89

6620884,6171280268.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD44A, 3 bytes): f0 ad d4

6621089,6171310444.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD492, 3 bytes): cf d0 ef

6621294,6171340620.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD476, 3 bytes): 1a 1b 6e

6621499,6171370794.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD464, 3 bytes): c7 23 c3

6621819,6171419626.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD50A, 3 bytes): 0e 61 35

6622024,6171449800.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4D6, 3 bytes): 0a 49 06

6622229,6171479976.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4E0, 3 bytes): 95 e4 79

6622434,6171510152.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4A7, 3 bytes): 92 9d 38

6622754,6171558982.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD511, 3 bytes): 1d 9e e1

6622959,6171589158.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD503, 3 bytes): 70 3e b5

6623164,6171619332.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD493, 3 bytes): d0 ef aa

6623369,6171649508.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4D1, 3 bytes): 0b db e0



// 1.6

6640743,6174488898.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B5, 3 bytes): 13 ec 5f

6640948,6174519074.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD447, 3 bytes): fa 59 47

6641153,6174549248.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B7, 3 bytes): 5f 97 44

6641358,6174579424.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD52A, 3 bytes): 68 41 99

6641678,6174628254.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4A4, 3 bytes): a3 40 8f

6641883,6174658430.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD528, 3 bytes): e6 42 68

6642088,6174688604.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD503, 3 bytes): 70 3e b5

6642293,6174718780.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD52E, 2 bytes): 0f b0

6642612,6174767484.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD514, 3 bytes): f8 98 11

6642817,6174797658.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD532, 3 bytes): 16 00 00

6643022,6174827834.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD515, 3 bytes): 98 11 69

6643227,6174858010.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD472, 3 bytes): 75 09 83

6643547,6174906840.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD48F, 1 bytes): 4a

6643750,6174936760.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD513, 3 bytes): e1 f8 98

6643955,6174966934.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD435, 3 bytes): 77 7b f2

6644160,6174997110.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD499, 3 bytes): 33 85 45



// 1.7

6661471,6177833812.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B6, 3 bytes): ec 5f 97

6661676,6177863986.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD445, 3 bytes): c9 7d fa

6661881,6177894162.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD47C, 3 bytes): 3b d6 b3

6662086,6177924338.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4C8, 3 bytes): 2a 90 88

6662406,6177973168.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4AE, 2 bytes): 21 10

6662610,6178003216.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD520, 3 bytes): 55 28 df

6662815,6178033390.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD46C, 3 bytes): 12 80 e2

6663020,6178063566.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4E3, 3 bytes): e7 c8 37

6663340,6178112396.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4F7, 3 bytes): 1c a6 b4

6663545,6178142572.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD493, 3 bytes): d0 ef aa

6663750,6178172748.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4AE, 2 bytes): 21 10

6663954,6178202794.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4ED, 3 bytes): f4 ea 65

6664274,6178251626.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4BB, 3 bytes): c4 a7 7e

6664479,6178281800.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4FA, 3 bytes): c6 e8 dd

6664684,6178311976.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD460, 3 bytes): d8 31 15

6664889,6178342152.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4DC, 3 bytes): d3 ac 62



// 1.8

6682326,6181197252.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4CC, 3 bytes): ee b8 14

6682531,6181227428.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4BD, 3 bytes): 7e 3d 64

6682736,6181257604.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD497, 3 bytes): 43 4d 33

6682941,6181287778.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD452, 3 bytes): c0 b7 fd

6683261,6181336610.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD508, 3 bytes): 03 f6 0e

6683466,6181366784.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD462, 3 bytes): 15 04 c7

6683671,6181396960.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4BA, 3 bytes): 17 c4 a7

6683876,6181427136.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4CB, 3 bytes): 46 ee b8

6684196,6181475966.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43F, 1 bytes): fe

6684399,6181505886.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD46B, 3 bytes): 07 12 80

6684604,6181536060.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD43D, 3 bytes): 67 2b fe

6684809,6181566236.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4EB, 3 bytes): 6c 56 f4

6685129,6181615066.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD447, 3 bytes): fa 59 47

6685334,6181645242.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4B7, 3 bytes): 5f 97 44

6685539,6181675418.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4A5, 3 bytes): 40 8f 92

6685744,6181705592.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD470, 3 bytes): 27 b2 75



// 1.9

6703021,6184533046.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD521, 3 bytes): 28 df 8c

6703226,6184563222.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD433, 3 bytes): 63 7c 77

6703431,6184593398.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD477, 3 bytes): 1b 6e 5a

6703636,6184623572.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD483, 3 bytes): 53 d1 00

6703956,6184672404.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD47B, 3 bytes): 52 3b d6

6704161,6184702578.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD450, 3 bytes): a4 72 c0

6704366,6184732754.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD434, 3 bytes): 7c 77 7b

6704571,6184762930.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD477, 3 bytes): 1b 6e 5a

6704891,6184811760.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD444, 3 bytes): 82 c9 7d

6705096,6184841936.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4E1, 3 bytes): e4 79 e7

6705301,6184872110.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4E9, 3 bytes): 4e a9 6c

6705506,6184902286.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD4F6, 3 bytes): 2e 1c a6

6705826,6184951116.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD483, 3 bytes): 53 d1 00

6706031,6184981292.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD515, 3 bytes): 98 11 69

6706236,6185011468.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD497, 3 bytes): 43 4d 33

6706441,6185041642.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD494, 3 bytes): ef aa FB

[libc0607]

Based on the LA capture maybe we can recover the 16-byte block being encrypting. The "step 0" above should be generating the round-key or sth.

[giver3]

Maybe he had set the wrong size in the reading script? @FanFansfan

You are right. The log (10s_auth_success_full) only reads 16B (4 x 4Bytes), so there is no more OTP data.

Thank you for the flash information.

No problem.

[libc0607]

Doing some calculations.

Let's assume that the available byte in each flash read is only the first byte. I think the hardware is doing some "pre-fetch" job for 8051 so every read command reads 3 bytes, which is the longest possible instruction length of 8051.

// 0.0
6479313,6146693036.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD463, 3 bytes): 04 c7 23
6479374,6146701452.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD463, 3 bytes): 04 c7 23
6479441,6146710828.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD433, 3 bytes): 63 7c 77
6479508,6146720076.00,FF,,0B,,,Command: Fast read data (FAST/READ),Fast read data (addr 0DD499, 3 bytes): 33 85 45

From that we can calculate that the last 4 bytes of the 16-byte key is 66 30 30 00.

Assume the key is 59494F4754fff00\0.

Using the s-box data read from section 1.0:

F2 01 F2 63
C5 B7 C5 C5 
F2 F2 B1 CF
FC B1 7B 04

So the raw data should be:

31 3D 31 66 
3E 66 33 37 
30 30 30 6F
6C 61 65 30

It makes no sense, and the error (not matching the logic analyzer value) starts from the second round.

Conclusion: The key is less likely just 59494F4754fff00\0. (I could be wrong -- yes, wrong)

Edit: Went through the draft then I found where I got messed up. As it's my first time play with AES, I decided to try it in paper and pencil then I made a small mistake when calculating the round-key ... should use python instead. (；′⌒`)

[up-n-atom]

Early lazy assessment by utilizing the key expansion code from https://goggleheadedhacker.com/blog/post/reversing-crypto-functions-aes#key-expansion and proxing the self.RCON and self.SBOX access to print offsets and the value.

Passing in 59494F4754fff00\0 as the 128-bit key produced the same results as your SPI log.

SBOX[ DD463 ] = 04
SBOX[ DD463 ] = 04
SBOX[ DD433 ] = 63
SBOX[ DD499 ] = 33

SBOX[ DD4B2 ] = d2
SBOX[ DD468 ] = 96
SBOX[ DD48E ] = 39
SBOX[ DD48A ] = 5b

SBOX[ DD513 ] = e1
SBOX[ DD470 ] = 27
SBOX[ DD49F ] = 50
SBOX[ DD4B5 ] = 13

SBOX[ DD456 ] = 26
SBOX[ DD439 ] = 6f
SBOX[ DD4A8 ] = 9d
SBOX[ DD4E9 ] = 4e

SBOX[ DD492 ] = cf
SBOX[ DD4E0 ] = 95
SBOX[ DD481 ] = 2f
SBOX[ DD47B ] = 52

SBOX[ DD51D ] = 87
SBOX[ DD44D ] = a2
SBOX[ DD43C ] = 01
SBOX[ DD4BB ] = c4

SBOX[ DD475 ] = 2c
SBOX[ DD46F ] = eb
SBOX[ DD4DB ] = c2
SBOX[ DD458 ] = 3f

SBOX[ DD4FB ] = e8
SBOX[ DD4F7 ] = 1c
SBOX[ DD47D ] = d6
SBOX[ DD50D ] = 57

SBOX[ DD476 ] = 1a
SBOX[ DD4AE ] = 21
SBOX[ DD44C ] = d4
SBOX[ DD453 ] = b7

SBOX[ DD4FE ] = 1f
SBOX[ DD501 ] = 8b
SBOX[ DD4F1 ] = ae
SBOX[ DD4BC ] = a7

I will do the same for the cipher later.

[up-n-atom]

@libc0607

let me reword that because it was an implementation error

take the 4 byte unique id as a lower case hex string and concat it to itself

enc.py

from Cryptodome.Cipher import AES

uid = b'10093f30' # lowercase 32bit hex string sliced from the 128bit unique id - read 4Bh
key = b'59494F4754fff00\0' # hardcoded in the flash at DD55Fh or update at C4418h
pt = uid + uid # plaintext concat uid for 128bits

cipher = AES.new(key, AES.MODE_ECB)

otp = cipher.encrypt(pt) # returns the otp bytes

print(otp[:8].hex())

python -m venv .venv
source .venv/bin/activate
python3 -m pip install pycryptodomex
python3 enc.py

output

572dad0d4ff6c745

[giver3]

Good work

[libc0607]

Amazing, now we know all the details of the crab firmware! Thanks for your great work!

concat it to itself

Ahh that's the combination I never wanted to try 😂It must be a bug wrote by Realtek 😂😂

[giver3]

I generated my own (for a different UID) OTG and uploaded it to the flash drive.
The switch works -)