New blog: The Strange Story of “Extended Random”. About crypto backdoors and RSA.https://blog.cryptographyengineering.com/2017/12/19/the-strange-story-of-extended-random/ …
-
Huh. Uninitialized buffer? If you have the model number it might be interesting to check out the firmware...
Pixus MG6730. It updates itself over unencrypted HTTP (of *course*). The firmware seems to be obfuscated with some kind of silly DIY algorithm, though. Typical Japanese. The whole file looks like this. https://mrcn.st/t/mg6730_1.060.bin …pic.twitter.com/vMrLdlKOnq
-
-
Oh gawd it's an S-record file with an XOR pad. Just why. Deobfuscated: https://mrcn.st/t/mg6730_1.060.srec … (two logical chunks: https://mrcn.st/t/mg6730_1.060_part1.srec … https://mrcn.st/t/mg6730_1.060_part2.srec …)
-
Looks like it runs DRYOS, the same OS Canon cameras use, and the same OS the CHDK project has quite ample documentation of. Cool.
- Show replies
New conversation -
-
-
from the screenshot, this looks like xor „encryption“
-
Yes, see follow-up tweet:https://twitter.com/marcan42/status/943894491982737409 …
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.