![]() They do use AES, but only to encrypt a simple counter (a 16 byte array), that is then used to XOR the plaintext with. The encryption is standard AES, but I really do not understand why they chose to implement it like that. The control4-box seems to know about the air transmission format (OOK, 433.42Mhz, etc), so the script only constructs the frame. The “driver” is a XML file with an embedded lua script. Decrypting the drivers Thomas describes the encryption process as follows in his comment. Thanks to Thomas Dankert and Rick for doing the real work and sharing the information. If you want to know more about these attacks or cryptography in general I can suggest Dan Boneh’s cryptography course on. I don’t go into to too much detail about the cryptographic attacks, because they are already described in a lot of publications. So I decided to write this post to highlight some of the mistakes. This turn out to be a nice example of how not to use crypto. Due to the recent activity around this post, I finally made some time to look into this(thanks Rick for posting the code). Some time ago Thomas Dankert posted a comment in response to my Reversing Somfy RTS blog post describing how the Control4 driver scripts are encrypted. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |