Analyse van een 0x3c

[Azazel]

Hallo satvrienden,

Hierbij voor de geinteresseerden een goede analyse van een 0x3c van een van de groteren hier in Spanje 'Parisino' (wie kent hem niet...)

Helaas moet ik dit bericht in origineel (engels) plaatsen daar ik niet veel tijd heb om dit te vertalen, sorry hiervoor. Maar het lijkt me een goede ontwikkeling voor het seca2 gebeuren en wilde jullie dit niet onthouden. Heb er zelf heel veel uitgehaald!

 

 

good...

 

First to thank for his magnify work to Homealone by its so complete commentary, also thousand thanks for Chipirón for your magnify explanations.

 

All these commentaries are based on dump of a V6.0, is possibly very similar to the present V7, insurance that exist differences of operation between the two versions.

 

Little by little it is begun to see as "superencryption" works that is the present system in S*CA2, naturally is single the beginning.

 

The present instructions 0x3C have the following structure:

 

C1 3C 01 01 BE 5C 10 A8 19 xxxxxxxx 90 00

 

Where P2 = BE, if we separated P2 two in nibbles, the superior nibble is B and the inferior one is E, this I complete indicates the key to use. The value that interests to us is the one of the superior nibble.

 

In S*CA1 he was always 0

In S*CA2 at the moment is B

 

If we passed it to binary we have value 1011:

 

bit 3,.. 1 - It indicates if the supercoding algorithm is used bit 2,.. 0 - It indicates tablas/algoritmo that they are used bit 1,.. 1 - It indicates tablas/algoritmo that they are used bit 0,.. 1 -.......

 

Before the supercoding process the routine that this in the position 0x4C62 is the one that changes the leaders depending on a value:

 

- If he is 0: it uses the tables by defect that keep in the ROM, T1=2305, T2=2405

- If he is 1: it uses the tables that keep in the EEPROM, T1=ÅC0, T2=8BC0

- If he is 2: it uses an ALGORITHM that this in the EEPROM

- If he is 3: it uses the tables that keep in the EEPROM, T1=8CE0, T2=8DE0

 

As it is possible to be seen in S*CA1 they used the well-known tables already.

 

In S*CA2, thing changes, because different tables are used that keep in eeprom, at the moment is used option 1.

 

The tables known S*CA1 are: T1: À E1 0CB 13.......... 99 OF EC C5 T2: 11 BF 69 6CD FA....... 6CC 2CC 5CD

 

 

The tables of the V6 for option 1 are: T1: 4F C3 03 E5......... 4C 6E 73 F1 T2: B8 2D 81 8B........ 3C A4 B8 3C

 

The tables of the V6 for option 3 are: T1: F5 03 FF DC....... 40 AA D1 73 T2: 09 43 E9 B2......... 23 24 A2 06

 

This is the first great difference, are used different tables in S*CA2.

 

If they are equal could be good signal, if two V6 of different countries already have these different tables badly we began. In any case he is very premature to venture that tables will have a V7.

 

Commented the important subject of the tables the finishing nail comes, in case anybody has not realized, lack to explain that it happens if option 2 is selected. Our friends, the S*CA engineers have been wanted to cover the backs, if option 2 is the chosen one IS NOT USED the known algorithm, but that directly goes to execute a resident code in eeprom, this code can be any thing.

 

In bytes 8080 and 8081 of eeprom this the direction of the beginning the coding algorithm ' killer', must be between the directions 80A0 and Å7F.

 

In bytes 8088 and 8089 of eeprom this the direction of the beginning the algorithm of deciphered ' killer', must be between the directions 80A0 and Å7F.

 

Therefore one has reserved 2528 bytes for the implementation of a new number algorithm of if it is required.

 

Still there is much but fabric that to cut, to begin are a few new nanos in the instruction 0x40 which they can alter so much the tables as the algorithms kept in eeprom, we go with them.

 

Nano 1B: To update alternative tables configuration, routine L03C3: Nano F6: To update alternative tables data, routine L03FF:

 

In order to update a serious table something like this 1B XX F6 XX........xx.

 

Nano 50: To update algorithm configuration, L0573 routine: Nano F7: To update algorithm data, L0612 routine:

 

In order to update a serious algorithm something like this 50 aa bb cc dd ee F7 XX..... XX

 

All these SINGLE nanos can be applied for supplier S*CA, that is to say, the head of the serious instruction of change something like C1 40 00 B0 YY.

 

This is a very important data, nor followed the G.H knows the keys this supplier, therefore it will be the own S*CA that naturally sends to the instructions previous change request, moral, this operation is not possible to be made every month, single would be used in an exceptional case.

 

Returning to the subject from 0x3C there are two subjects that I do not see anything sure first are happy 10 01 of the beginning of 0x3C and 0x40, I have reviewed a little the algorithm of 0x3C and 0x40 of the V6 and offset of beginning of the deciphered algorithm of is 8 and 0 respectively.

 

For the instruction 0x3C these lines confirm it:

 

 

anl to, 01 #001h;1DB7 54;only original bit 7 jnb acc.0, 30 L1DC9;1DB9 E0 0D;jump if to clear (not) mov r7, 08 #008h;1DBC 7F;jump first 8 bytes lcall 20 L4520;1DBE 12 45;decrypt superencryption

 

 

For the instruction 0x40 these lines confirm it:

 

 

clr to;1E50 E4 to;clear mov r7,;1E51 FF;all bytes lcall L4520;1E52 12 45 20;decrypt superencryption

 

 

This would suppose a small misfortune, since it would indicate that the algorithm of supercoding of the V7 is not exactly just as the V6.

 

There is another argument that can confirm this theory, for it I use logs captured of instructions 0x3C, between two consecutive instructions 0x3C single would have to change to the nano 0xD1 with the based words and the nano 0x82 with the company/signature, the rest of data would be due to maintain between several instructions 0x3C equal, has the data that it has.

 

Then we would have left to something asi '...

 

10 01 FFFFFFFFFFF D1 VVVVVVV FFFFFFFFFFFFFFFFF 82 VVVVVVVVVVV

 

F = Octeto with fixed value between two instructions 0x3C V = Octeto with variable value between two instructions 0x3C

 

The supercoding process which we know number blocks 8 octetos with the selected key, the blocks are totally independent, is to say does not affect the value of the based block previously.

 

To where it takes this supposition to us? Since if the known algorithm were used, blocks of 8 octetos based equal between several consecutive instructions would have to exist 0x3C.

 

The present length of the octetos instructions 0x3C is of 0x5C, is to say 92, if we cleared 9 to him of the company/signature, 17 of the nano D1 and two of the beginning, we have left 64 octetos, within these one chain of 8 equal octetos would have to exist at least and in the same position between two 0x3C.

 

As 0x3C can be observed easily in log new does not have anything in common, except for 10 01 the beginning, therefore is takes to think to us like we had intuited previously that the algorithm is different from the well-known in the V6.

 

Summarizing...

 

- the deciphered algorithm of of the V7 seems to begin with offset 02

- the deciphered algorithm of of the V7 is different from the well-known of the V6, but probable it is that the blocks have been amounted depending on the result of the previous coding what would explain that blocks of 8 equal octetos between two instructions will not exist 0x3C.

 

Dump of the V6 serves to us to begin to learn the new operation, but the V7 this a pasito but ahead that its predecesora, in any case to dump of the V6 removed much to him but juice, single does lack but a long time of study.

 

After this "brick" I have two very clear conclusions, first is that a V6 cannot work in compatibility mode in S*CA2, had been speculated on that handling the card in way ATR4 were possible to obtain it. I am afraid that it is not possible because would be due to change to the process of 0x3C and 0x40 that is in the ROM of the chip.

 

The second conclusion is that the V6 this halfway between S*CA1 and S*CA2 is an intermediate step between versions 4,1 and 7.0. Therefore the famous V7 has new keys (surely), new tables of coding (probably) and a deciphered algorithm of new (my theory).

 

With as much new piece of puzzle it takes to us to think that the existence of a card "emulator" in these days that can emulate a V7.0 is one authenticates utopia.

Always has been coexisted with legend of this type, in the average age was that the alchemists could make gold using their magical test tubes, to day of today seems to me that it is not possible, but surely that there is people who think that it is possible to be obtained.

 

greetings

 

Parisino