I've managed to deobfuscate the original function. I was thinking about copy pasting it into the comments, but I rather made a pull request to the repo.
@@mattbrwn it is "vstarcam2019" in your case, but could also be "vstarcam2018" or none for other DeviceId prefixes (earlier models?) And the resulting seed should be *2d d3 61 07*
Agreed. I have more (not 100%) trust in an open source encryption standard where you can read the code but when I compile and use it, you can't break in (or have a life shortening level of frustration to do so).
@@TheConstitutionalGuardian It's not about trusting the engineer, it's about trusting them with the security and stability of the entire company. However, just like all humans, engineers make mistakes no matter how much they get paid.
Pretty much the case with any camera system. The most “secure” facility camera networks, portable DVR systems, etc all have default management passwords and stuff like that.
@@davel202that’s certainly not always the case. Bad opsec is bad opsec, not everyone is so incompetent. I’ve gotten enough camera systems from alibaba to know they don’t all just have default passwords etc
@@LennyMiller739 the credentials I’m taking about are not offered to the purchasing agency or organization. Not documented in administration manuals or installation guides. If you’re the administrator for an organization with a Linux based DVR, installed on premises as an appliance, with a management contract then the party responsible for securing that is arguably all parties. In this hypothetical you wouldn’t expect the company that sold you the device and service contract to use the same passwords across an entire government fleet or to have hidden recovery tools like a RAT. If you look at these devices you’ll understand why there is a parallel here. Another example: network enabled cameras from a Korean company offering white label products to American contractors attempts to reach out to home and other places based on a calculation of time and production date or number of boot cycles making the event irregular. Yes you can detect the server opening ports using inventory and monitoring. What about when that device is in a police car and opportunistically connects to open wifi networks or any BSSID from a certain company?
No doubt the jpg snapshot sent to the cloud is for thumbnails to show in your app, or something similar. But I imagine somewhere in CN there is a massive video wall with access to millions of "secure cameras" 😀
it's far worse than that.,.... any images with faces are geo-located and used to populate /cross-reference a facial recognition system. They are also building a DNA database of anyone they can get the DNA from... currently that is EVERY male in China ,but recently that is also any Chinese company with a foreign office capable of DNA processing. They also have local government oragans loading malware onto every business computer in a specific areas... under the "guise" of processing tax software for business. this is only a very very small part of a much bigger picture. You better hope that phone he is using a burner. But really he needs to get his head examined.... becasue he is helping them secure very dangerous products and putting himself on all sorts of lists.
@@MrTehkaiser china literally has millions of cameras, it is the country with the single most surveillance cameras in the world and its not even remotely close. this is literally public information.
When I first started working on embedded systems with encryption requirements (1989) I did just that. The device was still in use 20 years later, by which time I was supremely embarrassed. Can't mention the product because it was military.
I think what you call SEED is actually just the key. It is computed once initially by the portion of the decryption function that you skipped, and then for each byte of ciphertext: 1. 1 of the key's 4 bytes is selected based on the lower two bits of the previous ciphertext value: *(byte *)(SEED + (PREV & 3)) // remember that SEED here is a pointer 2. The previous byte of ciphertext is added to this byte, and the result is truncated to 8 bits 3. The result of this is used to index the table / S-Box. So the only reason why you even had to go to the effort of brute-forcing the seed is because you had the lookup function wrong - it's really just a 32-bit key generated with zero entropy.
Then why make a video if you dont understand the basic function when its spelled out in front of you? Are you trying to be informative or just content dropping for money?
@@ChrisHillASMR why are you mad? He didn't get it perfect, which is fine. He found a work around, which was to brute force it. Brute forcing a 256 byte key is absolutely not hard for a pc to do. The fact that there are workarounds proves that this is even less secure. If someone steals your identity, it doesn't matter if they did it the "perfect way", you're effected the same. Its okay to accomplish something and someone offer advice, and it's okay to ask for help.
Great video! What I would personally do is not only looking at the decompiled code and look the disassembly as well as Ghidra gets confused now and then which may (or may not) explain some of the unknown code.
Impressive and so out of my area of expertise but so glad you guys exist and do this stuff for the benifit of the rest of us. Now only edit the findings together with some scary pictures, add some music and a David Attenborough voice over and its ready for the documentary secion of any stresming service
You definitely should have had that camera sending pictures back to China while you were dismantling their amazing proprietary code. Doubt they look at the pics, but a hilarious thought none the less.
The mystery function is a hash function, it takes in and arbitrary length key (first parameter) and produces a 4 byte hash. Not sure what hash function this is, but the idea is the same as with something like PBKDF but jusy infinitely less secure. Edit: the reason why you only have 4 possible "seeds" is because the hash is only 4 bytes long. The hash, or as you called it "seed" is infact the main decryption key, derived from a string passed in the first argument.
Thank you for the video. I'm a microsolder tech who is taking Net+ and Sec+ courses, and this video really helps to real-world contextualize all the concepts they teach.
@@gryzman yep, those are called S-Boxes, what makes things like AES secure is the possible amount of paths that can be created between the input bits, the key, the S-box, and the output, this algorithm is very weak because it has only one box, not 512 ones, and it runs the "Rotor" for only 1 cycle.
that thing someone called "proprietary encryption" was basically Caesars substitution cypher, its the dumbest encryption for ever, when I was 7 yo I "created" it and called it "P-code", because the key started with ` seed = 'P' ` , then for each byte it was the Next = Table[Prev XOR Key]
I think SEED is some kind of struct that has 4 fields or it's even easier if you consider it an array. You didn't show the SUB41/CONCAT functions but I'm assuming they are some sort of deterministic way to create a seed based on a key (the key being the first parameter, param_1, which ironically is used only for a single character [the last one or the 21st, whichever comes first]). The reason it's passed as a pointer is because they do pointer aritmetics to get to one of the 4 fields depending on the last 2 bits of the previous character. The math it does looks strange due to compiler optimizations/ghidra having problems to decompile it, if you interpret SEED as an unsigned char array of size 4 it would look like this: TableIndex = (prev_character + SEED[previous_character & 3]) % 255 Key = P2P_Table[TableIndex]
Those SUB and CONCAT functions are Ghidra "built-in" functions that don't have any direct C equivalents. I think you might be right about seed being some kind of struct.
Awesome work Matt ,I've been looking into cam FWs my self and found some interesting stuff (like some sort of cyrpto miner on a V380 cam) ,but if I had your programing skills I'd rather make DeClouded FWs for these Kind of Spyware so people can buy cheap stuff and use them safely in there HA projects ,instead of E-Wasting a ton of potential (I bet it would help the Channel a LOT as there are lots of people trying to do so)
@@UNcommonSenseAUS Personally I don't see repurposed electronics as waste, I'd rather have a 480p potato vision camera monitoring my boiler room then not having one ... Though that's my opinion only.
funny that it works anyway, because looking at the ghidra decomp, it shouldn't be "seed + (prev & 3)" but "seed[prev & 3]" that shows how secure is it. my guess about the code that you couldn't understand is that it encodes the 4 seed bytes into an int32 or that seed is of type byte[4]. (with some shenanigans based on the first parameter)
I have to imagine all these chinese companies register their "encryption" with the government to include pre-built decoder filters in the transport infrastructure at local ISP that if/when they want, they simply replay whatever they want from anyone that crosses the great firewall.
Very cool stuff. Your videos are inspiring as all this seems pretty accessible even without high end tools. What you really need is the curiosity to dig in deep.
Thanks for showing the world how we do what we do. I love your lab and those Chinese cameras which are always sending their vids home to the manufacture rofl. For some reason EVERYONE uses them.....
@@monad_tcp I don't think so. It seems to be that the cipher is really just XOR. The key is derived using some weird math, but is about as simple as it gets in the cipher.
@@RandyFortier its both, the XOR is used for block cipher to glue blocks (otherwise it would be just XOR cipher), and there's a substitution table similar to Vignhere, I call all those shit cryptography Ceasars substitution chiper, because they're all just sliding the characters by some arbitrary index. But I don't think whotever wrote this knew what they were doing. Its basically a bit better than mere Caesars because it does Next = Table[Prev XOR Key] Either way, that thing doesn't survive a frequency analysis and you can even automate breaking it.
i had love for computers and how stuff works but unfortunately was not been able to pursue my passion. Watching you doing this stuff made me sad and happy at same time. sad thing is, i wish i could had been able to have such skills and happiness is watching you playing with stuff. watched whole video without blinking :D
Love these videos! I know you don’t claim to be an RF expert, have you ever thought about reverse engineering a cellular PiHat? I would love to see the results
1st thing i would of done is passed back he decrypted value as encrypted to see if it reverts back to the value you past, likeall the n;s turning back into a's again then i prolly would of put the whole aplhabet in and see what comes out lol
Hey man appreciate this video series. You do a great job of explaining exactly how you got to where you are with this process. I also think your thought process on decrypting the proprietary crypto was awesome. Proof not to roll your own crypto lol
Great video, added another few things to my toolkit. Calling back to China is the main reason for segregating these devices on their own VLAN or completely separate subnet even though many of them are actually really great value for money given the technology within. Would be great if you made a video where you take the binary (either a firmware update download) or firmware dump, binwalk it, jffs it and then patch (or replace with a dummy) the file that calls back to China and then repackage as a flashable or uploadable firmware. The binary itself may be in the squash and not easily editable but the initial running of these binaries is often in the jffs mount so the binary could perhaps be patched and run from there. I know a lot of that is a BIG ask but being able to do all of that would mean that these devices could be used safely on networks that don't have custom firewalls or VLANs, which is the majority of networks in most homes...
Decompiler (e.g. Ghidra) can't be fully trusted because compilation is a process which may drop part of high-level info which is necessary to recover original source code. Ability to read assembly code is very helpful to security researchers in that they may come across obfuscated code, boot loader, hand-written assembly, etc. Ghidra is a highly advanced tool which can speed up reverse engineering but it can't replace human reverse engineer. PS: This encryption is weak...
Awesome channel … THANK YOU! I head up our radio comms system at work. (Public safety) We USED to utilize ARC4/ADP (Motorola) encryption because it was “cheap”. After being made aware of the vulnerabilities, we decided to go with AES-256. I always have a sneaking suspicion that the same “intelligence community! that protected Pederast Hunter Biden also somehow managed to have vulnerabilities added to AES-256. I’m no expert, but I love my country and fear the prying eyes of my government - actually , ALL governments ! Thanks again for a great channel!
This seems to work very similar to the RC4 / ARCFOUR stream cipher. The initial loop would seem to be a key-scheduling algorithm, that sets up the rest of the cipher to run. The initial value passed in would be known as the key, and the values that are calculated to xor with the plaintext are known as the keystream.
Looking at the for loop, it seems to be doing some bitwise and math operations on to change SEED into a key based on the value of param_1 and then using the updated SEED to encrypt/decrypt
Hey Matt hope you're doing well. I saw your At&t router hack and was really impressed, althought that's not really sayig much lmao. For some reason alot of I wanna say " newer" tinkerers and hackers seem to think that most of all hacking is generally social engineering nowadays and i'm not sure if that's a misconception based on what they've learned themselves or maybe it's an industry fed idea to prevent real challenge. Personally, I think that idea is absolutely nonsense and almost scary that people believe something so ridiculous. Anyways, I was really impressed by the first video I saw and i'm new to all off this. I'm currently getting an associates in IT which does teach PC fundamentals (i.e command line, some programming, etc.) , but it isnt giving me the fix i'm looking for. The question I have for you is when you were at MIT was your degree in computer science which involved some sort of electronics class or similar, Or was it some other field which was electronics based. I know this is a long comment but I've always been interested in hardware hacking, rooting phones, similar things, I just didnt know it was called "hardware hacking." Anyways i'd really appreciate an answer. I'm taking a computer science degree pathway for my bachelors but if a basic electronics course can teach most fundamentals up to the digitalized and computer aspects of things I may have to slide one in. Thanks for the videos, you have a new subscriber. These videos are the fix i've been looking for hopefully at University I can find a community of thinkers like this
That encryption algorithm is a hazard, man! I just wrote a comment, trying to analyze and point probable intentions and errors out, but i deleted it, it had no end....
23:54 The Python 'get_lookup' reveals the potential for an out-of-range index into the lookup table :-) It was present in the Ghidra decompiled code as well, but Python made it jump out of the screen at us. So maybe there's a hidden buffer overflow exploit lurking in the bushes too. It can happen when at least one of the four 'seed' bytes > 0x7F.
Hey Matt, amazing videos, keep the super work up, very informative. Would you be able to hack Glinet routers? Anything similar to the portable ones similar to GL-MT3000 or GL-AXT1800? Those devices are apparently very secure, they receive regular updates, would be interesting to see if there any suspicious activity going on.
Your get_lookup function is somewhat wrong, bc it should not add (prev & 3) to the seed byte, but instead use (prev & 3) as a byte index of the seed. It would be more correct to declare seed as byte[4] instead of an int, and make SEED argument of the LookupElement function byte*, so that it is more obvious.
22:15 The "SEED" is actually a proprietary hash of the "secret" (hardcoded) password and that's used as key for the actual encryption. And the actual encryption seems to be nearly static byte substitution cipher with slight obfuscation. I would guess the skill level of the original coder that implemented this is somewhere around first year CS student in university. You definitely shouldn't be trying to create your own encryption algorithm with that kind of skills.
Thanks! Yeah figured that out now based on others feedback. next video takes it a step further and brute forces the key only based on the encrypted data :)
Have a chinese camera called LS-WL342-20X LS Vision. Would love to see what you can do with it. Its a camera that you would think once you've bought it, you have access to all of its features, but apparently they make you pay more for what should already be apart of the firmware.
Please collab with John Hammond , you have something unique to give among all the cybersecurity youtubers , and i would live to see your channel go boom
The mystery function reminds me of the Mersenne Twister or similar RNG (random number generator) algorithm. I haven’t played with your code but only gut feeling comment. Ideas?
This video is your daily reminder that rolling your own encryption algorithms is nearly always a bad idea. It's hard to do it well, let alone robustly.
How are you finding these things with proprietary encryption in the first place? I'm into cryptography but want to get into hardware stuff and this sounds super cool. But I don't know what I would even look for to find something using proprietary encryption
![[TH] 2024 PMGC League | Survival Stage วันที่ 1 | PUBG MOBILE Global Championship](http://i.ytimg.com/vi/FVFT-PFwU80/mqdefault.jpg)
![[MV] A leap of faith...ความเชื่อใจครั้งสุดท้าย (From "Petrichor the series")](http://i.ytimg.com/vi/U1piZH2CNXA/mqdefault.jpg)
I've managed to deobfuscate the original function. I was thinking about copy pasting it into the comments, but I rather made a pull request to the repo.
wow thanks! this is awesome and now makes a ton of sense. I'm going to try to dig around in my device to find the key string that my stuff uses.
Splendid
@@mattbrwn it is "vstarcam2019" in your case, but could also be "vstarcam2018" or none for other DeviceId prefixes (earlier models?)
And the resulting seed should be *2d d3 61 07*
Added on to your pull request to flesh out the decompiled ghidra output.
How did you deobfuscate the function ? Thanks
As a developer, I'm more looking for words like "Industry Standard" and "Peer reviewed"
Peer review is an acadamia scam, which itself is now naught but a mlm scam
@@UNcommonSenseAUS Where I work... peer review is, we are going to pay you $150k a yr, but we would like to check your work!
Agreed. I have more (not 100%) trust in an open source encryption standard where you can read the code but when I compile and use it, you can't break in (or have a life shortening level of frustration to do so).
@@TheConstitutionalGuardian It's not about trusting the engineer, it's about trusting them with the security and stability of the entire company. However, just like all humans, engineers make mistakes no matter how much they get paid.
It’s NIST or nothing
DEF CON 33 audience will be cheering!!
80% of this video is flying over my head but im here because i can relate very much with your excitement! great work
I’m this guy
80%? Pffft.. I'm at 95%..
Ditto ….. I do love how he steps through the data and explains what’s happening.
Same here. Electronics yes, coding no.
The Encryption being broken is a feature not a bug
Ccp approved "encryption". 🎉
Pretty much the case with any camera system. The most “secure” facility camera networks, portable DVR systems, etc all have default management passwords and stuff like that.
@@davel202that’s certainly not always the case. Bad opsec is bad opsec, not everyone is so incompetent. I’ve gotten enough camera systems from alibaba to know they don’t all just have default passwords etc
@@davel202What are you talking about? Default credentials are neither feature or bug. They're supposed to be changed. That's a faulty USER
@@LennyMiller739 the credentials I’m taking about are not offered to the purchasing agency or organization. Not documented in administration manuals or installation guides. If you’re the administrator for an organization with a Linux based DVR, installed on premises as an appliance, with a management contract then the party responsible for securing that is arguably all parties. In this hypothetical you wouldn’t expect the company that sold you the device and service contract to use the same passwords across an entire government fleet or to have hidden recovery tools like a RAT. If you look at these devices you’ll understand why there is a parallel here. Another example: network enabled cameras from a Korean company offering white label products to American contractors attempts to reach out to home and other places based on a calculation of time and production date or number of boot cycles making the event irregular. Yes you can detect the server opening ports using inventory and monitoring. What about when that device is in a police car and opportunistically connects to open wifi networks or any BSSID from a certain company?
No doubt the jpg snapshot sent to the cloud is for thumbnails to show in your app, or something similar. But I imagine somewhere in CN there is a massive video wall with access to millions of "secure cameras" 😀
it's far worse than that.,....
any images with faces are geo-located and used to populate /cross-reference a facial recognition system.
They are also building a DNA database of anyone they can get the DNA from... currently that is EVERY male in China ,but recently that is also any Chinese company with a foreign office capable of DNA processing.
They also have local government oragans loading malware onto every business computer in a specific areas... under the "guise" of processing tax software for business.
this is only a very very small part of a much bigger picture.
You better hope that phone he is using a burner.
But really he needs to get his head examined.... becasue he is helping them secure very dangerous products and putting himself on all sorts of lists.
This thing happens since 2013 at least... Search for cs2-network and paul Marrapese.
No need to imagine...
@@UNcommonSenseAUS okay. Show us exactly what he's referring to.
@@MrTehkaiser china literally has millions of cameras, it is the country with the single most surveillance cameras in the world and its not even remotely close. this is literally public information.
When I first started working on embedded systems with encryption requirements (1989) I did just that. The device was still in use 20 years later, by which time I was supremely embarrassed. Can't mention the product because it was military.
When ?
I made that mistake when I was 14 yo and had just started the career, it was just a POS POS (piece of shit point of sale) app.
Ruh roh
I think what you call SEED is actually just the key. It is computed once initially by the portion of the decryption function that you skipped, and then for each byte of ciphertext:
1. 1 of the key's 4 bytes is selected based on the lower two bits of the previous ciphertext value: *(byte *)(SEED + (PREV & 3)) // remember that SEED here is a pointer
2. The previous byte of ciphertext is added to this byte, and the result is truncated to 8 bits
3. The result of this is used to index the table / S-Box.
So the only reason why you even had to go to the effort of brute-forcing the seed is because you had the lookup function wrong - it's really just a 32-bit key generated with zero entropy.
Yeah this makes sense. The "seed" being a pointer is the big part I wasn't fully grasping.
Then why make a video if you dont understand the basic function when its spelled out in front of you? Are you trying to be informative or just content dropping for money?
@@ChrisHillASMR why are you mad? He didn't get it perfect, which is fine. He found a work around, which was to brute force it. Brute forcing a 256 byte key is absolutely not hard for a pc to do. The fact that there are workarounds proves that this is even less secure. If someone steals your identity, it doesn't matter if they did it the "perfect way", you're effected the same. Its okay to accomplish something and someone offer advice, and it's okay to ask for help.
*(byte *)(SEED + (PREV & 3))
@@ChrisHillASMR I smell something. Jelousy? Maybe stick to ASMR .
Great video! What I would personally do is not only looking at the decompiled code and look the disassembly as well as Ghidra gets confused now and then which may (or may not) explain some of the unknown code.
Impressive and so out of my area of expertise but so glad you guys exist and do this stuff for the benifit of the rest of us. Now only edit the findings together with some scary pictures, add some music and a David Attenborough voice over and its ready for the documentary secion of any stresming service
Matt I would like to say that you are inspiring me to invest more into binary reverse engineering, Thank you.
What you want in encryption is "known implementation but still secure". If you cant break it even if you know how it works....
You definitely should have had that camera sending pictures back to China while you were dismantling their amazing proprietary code. Doubt they look at the pics, but a hilarious thought none the less.
hehe
We haz you camera!
send back a photo of winnie the pooh - should be appreciated I hear.
Aimed the camera right at his screen
This guy looks a lot better _without a hat_ but the content is always pure gold regardless
I'll wear a hat next time just for you
@@mattbrwn lol
@@mattbrwnWinning
The mystery function is a hash function, it takes in and arbitrary length key (first parameter) and produces a 4 byte hash. Not sure what hash function this is, but the idea is the same as with something like PBKDF but jusy infinitely less secure.
Edit: the reason why you only have 4 possible "seeds" is because the hash is only 4 bytes long. The hash, or as you called it "seed" is infact the main decryption key, derived from a string passed in the first argument.
the first argument is the key, its just the world's worst key derivation algorithm
4 bytes = 2^32 combinations of bits, 4 billion. Crackable within the hour (I tested cracking crc32 hashes)
Update: watched more of the video and found out I was wrong, 4 seeds discovered
Edit: TH-cam approved the comments after a handful of minutes.
Thank you for the video. I'm a microsolder tech who is taking Net+ and Sec+ courses, and this video really helps to real-world contextualize all the concepts they teach.
Awesome work. You are extremely efficient. If you spent a week in that function, I’d have to spend a year in it.
Proprietary encryption: xor cipher
pssst, virtually every encryption - streaming cipher wise - ends in a xor operation ;)
@@gryzman yep, those are called S-Boxes, what makes things like AES secure is the possible amount of paths that can be created between the input bits, the key, the S-box, and the output, this algorithm is very weak because it has only one box, not 512 ones, and it runs the "Rotor" for only 1 cycle.
that thing someone called "proprietary encryption" was basically Caesars substitution cypher, its the dumbest encryption for ever, when I was 7 yo I "created" it and called it "P-code", because the key started with ` seed = 'P' ` , then for each byte it was the Next = Table[Prev XOR Key]
@@monad_tcpthat's not what S-Box is...
Nothing can stop this man. Another super vid!
Matt: "I certainly do not trust this Chinese device".
China: "We certainly cant trust this Matt guy exploiting our devices".
How else do we move security forward? The only problem was publicizing it since it’s a Chinese company. 🤐
I think SEED is some kind of struct that has 4 fields or it's even easier if you consider it an array. You didn't show the SUB41/CONCAT functions but I'm assuming they are some sort of deterministic way to create a seed based on a key (the key being the first parameter, param_1, which ironically is used only for a single character [the last one or the 21st, whichever comes first]).
The reason it's passed as a pointer is because they do pointer aritmetics to get to one of the 4 fields depending on the last 2 bits of the previous character. The math it does looks strange due to compiler optimizations/ghidra having problems to decompile it, if you interpret SEED as an unsigned char array of size 4 it would look like this:
TableIndex = (prev_character + SEED[previous_character & 3]) % 255
Key = P2P_Table[TableIndex]
Those SUB and CONCAT functions are Ghidra "built-in" functions that don't have any direct C equivalents.
I think you might be right about seed being some kind of struct.
Such an underrated channel... Fun and educational at the same time, great work, Matt!
This camera series was awesome. Loved it.
Imagine flooding the market with these devices solely to provide cover for your agent's clandestine communications with the home country.
This is an excellent series to follow.
So cool that you can figure that out and write python to decrypt... Great video.
Very nice Matt... yo you do explain everything very well. Keep it up brother . Wishing well for your future endeavours.
Awesome work Matt ,I've been looking into cam FWs my self and found some interesting stuff (like some sort of cyrpto miner on a V380 cam) ,but if I had your programing skills I'd rather make DeClouded FWs for these Kind of Spyware so people can buy cheap stuff and use them safely in there HA projects ,instead of E-Wasting a ton of potential (I bet it would help the Channel a LOT as there are lots of people trying to do so)
There'd just be different e-waste & to think that every government isn't actively doing this is foolish. Privacy is dead has been since 9.11.01
DeClouded. There’s a word we need to hear a lot more often.
@@UNcommonSenseAUS Personally I don't see repurposed electronics as waste, I'd rather have a 480p potato vision camera monitoring my boiler room then not having one ... Though that's my opinion only.
funny that it works anyway, because looking at the ghidra decomp, it shouldn't be "seed + (prev & 3)" but "seed[prev & 3]" that shows how secure is it.
my guess about the code that you couldn't understand is that it encodes the 4 seed bytes into an int32 or that seed is of type byte[4]. (with some shenanigans based on the first parameter)
particularly I prefer __ (prev & 3)[seed] __
I have to imagine all these chinese companies register their "encryption" with the government to include pre-built decoder filters in the transport infrastructure at local ISP that if/when they want, they simply replay whatever they want from anyone that crosses the great firewall.
Chinese companies is right, if it's a company in China it's literally beholden at every level to the ccp
Very cool stuff. Your videos are inspiring as all this seems pretty accessible even without high end tools. What you really need is the curiosity to dig in deep.
Thanks for showing the world how we do what we do. I love your lab and those Chinese cameras which are always sending their vids home to the manufacture rofl. For some reason EVERYONE uses them.....
VStarcam: Matt, STAAAHP!
stop its already dead
Basically, a one time pad being used more than one time. One of the two classic blunders!
its a Caesars substitution cypher, classic !
@@monad_tcp I don't think so. It seems to be that the cipher is really just XOR. The key is derived using some weird math, but is about as simple as it gets in the cipher.
@RandyFortier any same length encryption is reducing to xor?
@@andrewferguson6901 Just check out the code screenshot, on the blog post.
@@RandyFortier its both, the XOR is used for block cipher to glue blocks (otherwise it would be just XOR cipher), and there's a substitution table similar to Vignhere, I call all those shit cryptography Ceasars substitution chiper, because they're all just sliding the characters by some arbitrary index. But I don't think whotever wrote this knew what they were doing.
Its basically a bit better than mere Caesars because it does Next = Table[Prev XOR Key]
Either way, that thing doesn't survive a frequency analysis and you can even automate breaking it.
Im learning something everytime you post. Thankyou!
i had love for computers and how stuff works but unfortunately was not been able to pursue my passion. Watching you doing this stuff made me sad and happy at same time. sad thing is, i wish i could had been able to have such skills and happiness is watching you playing with stuff. watched whole video without blinking :D
I definitely like watching your video,, I,m learning as we go. Thank you!!
You are some high end professional hacker,
All this made me realize that I need to build my own damned security cams. Thank you for all you're doing
DeClouded firmwares. The world OSS community needs to do a lot more of these, I am thinking.
Yes thank you while I dont know how to use those tools I was able to follow the logic of it.
A lot of interesting knowledge shared in a great manner, thanks Matt!
Love these videos! I know you don’t claim to be an RF expert, have you ever thought about reverse engineering a cellular PiHat? I would love to see the results
Fantastic Video! Thank you for sharing and all your effort ( :
Nice work, Matt. Enjoyed it. James.
Excellent work and thank you for explaining your steps.
1st thing i would of done is passed back he decrypted value as encrypted to see if it reverts back to the value you past, likeall the n;s turning back into a's again then i prolly would of put the whole aplhabet in and see what comes out lol
Hey man appreciate this video series. You do a great job of explaining exactly how you got to where you are with this process. I also think your thought process on decrypting the proprietary crypto was awesome. Proof not to roll your own crypto lol
Absolutely love your content and your explanations
Thanks! Really good and informative, as usual!
Great video, added another few things to my toolkit. Calling back to China is the main reason for segregating these devices on their own VLAN or completely separate subnet even though many of them are actually really great value for money given the technology within. Would be great if you made a video where you take the binary (either a firmware update download) or firmware dump, binwalk it, jffs it and then patch (or replace with a dummy) the file that calls back to China and then repackage as a flashable or uploadable firmware. The binary itself may be in the squash and not easily editable but the initial running of these binaries is often in the jffs mount so the binary could perhaps be patched and run from there.
I know a lot of that is a BIG ask but being able to do all of that would mean that these devices could be used safely on networks that don't have custom firewalls or VLANs, which is the majority of networks in most homes...
I really enjoyed your content, looking forward to future videos!
I think this is the pseudo-code for that part:
int j = 0;
while ( j < strlen(param1) && j != 21 )
{
v10 = param1[j++];
LOBYTE(seed[0]) += v10;
BYTE1(seed[0]) -= v10;
BYTE2(seed[0]) += v10 / 3;
HIBYTE(seed[0]) ^= v10;
}
Mmm, pickled seeds. That actually might taste good with pumpkin seeds!
Decompiler (e.g. Ghidra) can't be fully trusted because compilation is a process which may drop part of high-level info which is necessary to recover original source code. Ability to read assembly code is very helpful to security researchers in that they may come across obfuscated code, boot loader, hand-written assembly, etc. Ghidra is a highly advanced tool which can speed up reverse engineering but it can't replace human reverse engineer.
PS: This encryption is weak...
This is really great tutorial + educational
Encrypting a data stream with a non-encrypted key.
"That's a bold strategy Cotton, let's see how it works!"
-- Dodgeball
Awesome channel … THANK YOU!
I head up our radio comms system at work. (Public safety)
We USED to utilize ARC4/ADP (Motorola) encryption because it was “cheap”.
After being made aware of the vulnerabilities, we decided to go with AES-256.
I always have a sneaking suspicion that the same “intelligence community! that protected Pederast Hunter Biden also somehow managed to have vulnerabilities added to AES-256. I’m no expert, but I love my country and fear the prying eyes of my government - actually , ALL governments !
Thanks again for a great channel!
Awesome video! Looking forward to the next one 😁
This seems to work very similar to the RC4 / ARCFOUR stream cipher. The initial loop would seem to be a key-scheduling algorithm, that sets up the rest of the cipher to run. The initial value passed in would be known as the key, and the values that are calculated to xor with the plaintext are known as the keystream.
Thank you. The &3 seems to be strange, maybe originally thought of one additional layer of rotating.
Looking at the for loop, it seems to be doing some bitwise and math operations on to change SEED into a key based on the value of param_1 and then using the updated SEED to encrypt/decrypt
Amazing, you are a warrior fighting the evil IT snokers
Amazing job! Thanks for sharing.
I have little to no experience with decryption, but i like being submerged into this video A LOT
Hail to you, Champion!
Hey Matt hope you're doing well. I saw your At&t router hack and was really impressed, althought that's not really sayig much lmao. For some reason alot of I wanna say " newer" tinkerers and hackers seem to think that most of all hacking is generally social engineering nowadays and i'm not sure if that's a misconception based on what they've learned themselves or maybe it's an industry fed idea to prevent real challenge. Personally, I think that idea is absolutely nonsense and almost scary that people believe something so ridiculous. Anyways, I was really impressed by the first video I saw and i'm new to all off this. I'm currently getting an associates in IT which does teach PC fundamentals (i.e command line, some programming, etc.) , but it isnt giving me the fix i'm looking for. The question I have for you is when you were at MIT was your degree in computer science which involved some sort of electronics class or similar, Or was it some other field which was electronics based. I know this is a long comment but I've always been interested in hardware hacking, rooting phones, similar things, I just didnt know it was called "hardware hacking." Anyways i'd really appreciate an answer. I'm taking a computer science degree pathway for my bachelors but if a basic electronics course can teach most fundamentals up to the digitalized and computer aspects of things I may have to slide one in. Thanks for the videos, you have a new subscriber. These videos are the fix i've been looking for hopefully at University I can find a community of thinkers like this
That encryption algorithm is a hazard, man! I just wrote a comment, trying to analyze and point probable intentions and errors out, but i deleted it, it had no end....
Amazing work! Thanks for sharing!
can you do an episode about installing custom firmware on it?
Or just altering the software to skip the ccp servers and send to our own...
23:54 The Python 'get_lookup' reveals the potential for an out-of-range index into the lookup table :-) It was present in the Ghidra decompiled code as well, but Python made it jump out of the screen at us. So maybe there's a hidden buffer overflow exploit lurking in the bushes too. It can happen when at least one of the four 'seed' bytes > 0x7F.
My god this guy is the biggest nerd, to ever walk this earth.
Bro is the hero we didn't even know we needed
That was my first thought, a simple substitution maybe with a little bit shifting. If I understand correctly, that's essentially what it is.
or at least it's operating at that same basic level with xor.
Great work. Thank you!
This series was excellent.
That's a really nice video. I learned something new from it
Finally someone who thinks like me. Instant sub
You are incredible.
Hey Matt, amazing videos, keep the super work up, very informative.
Would you be able to hack Glinet routers? Anything similar to the portable ones similar to GL-MT3000 or GL-AXT1800?
Those devices are apparently very secure, they receive regular updates, would be interesting to see if there any suspicious activity going on.
This is amazing work!
Jim Carrey as "Hacker" =D LOL.
Awesome video! But please do something with your mic next time, thanks! :)
Your get_lookup function is somewhat wrong, bc it should not add (prev & 3) to the seed byte, but instead use (prev & 3) as a byte index of the seed. It would be more correct to declare seed as byte[4] instead of an int, and make SEED argument of the LookupElement function byte*, so that it is more obvious.
22:15 The "SEED" is actually a proprietary hash of the "secret" (hardcoded) password and that's used as key for the actual encryption. And the actual encryption seems to be nearly static byte substitution cipher with slight obfuscation. I would guess the skill level of the original coder that implemented this is somewhere around first year CS student in university. You definitely shouldn't be trying to create your own encryption algorithm with that kind of skills.
Thanks! Yeah figured that out now based on others feedback. next video takes it a step further and brute forces the key only based on the encrypted data :)
Have a chinese camera called LS-WL342-20X LS Vision. Would love to see what you can do with it. Its a camera that you would think once you've bought it, you have access to all of its features, but apparently they make you pay more for what should already be apart of the firmware.
this is so cool!
At first I was ... whatever.
20 minutes in, Schneier+Turing intensified 😛
Will you recommend getting a bus pirate 5? Could you make a video on it? I also saw you can buy a sim card and IC card adapter with it.
Please collab with John Hammond , you have something unique to give among all the cybersecurity youtubers , and i would live to see your channel go boom
Nice work
The mystery function reminds me of the Mersenne Twister or similar RNG (random number generator) algorithm. I haven’t played with your code but only gut feeling comment. Ideas?
Great!
cryptogram and clear text, are the naming conventions there Matt;)
This video is your daily reminder that rolling your own encryption algorithms is nearly always a bad idea. It's hard to do it well, let alone robustly.
How are you finding these things with proprietary encryption in the first place? I'm into cryptography but want to get into hardware stuff and this sounds super cool. But I don't know what I would even look for to find something using proprietary encryption
Proprietary encryption violates Kerckhoffs' principle fundamentally and suggests, at best, a severe misunderstanding about crypto.
what's your pogo pin setup? How do you keep the pins in place without having to hold onto them?
PCBite probes. they are magnetic and weighted so they don't move around much. very high quality product.
Subscribed :)
Awesome work.
This just hurt my brain.... In a good way 😂