A protector has decided to code his serial number verification scheme in Iota, so it's all interpreted minimalistic code. Not much of a chance of understanding it. You know that all it does is a simple string compare to some unknown value, so the pseudocode looks like this:


Since you can get an iota interpreter, you can take his code and run it on whatever serial numbers you want without having to type them in.

You have no idea how long the serial number is.

How do you break this?

Simple, a timing attack.

Brute force each character, one at a time from 0 to i. When a character is correct, it will take longer to run as the loop will execute at least one more time. This reduces the brute forcing to O(256*i) assuming Iota uses 8-bit ASCII characters.

Right!

What do people think--should posters ROT13 their answers or something, so that others that aren't so quick can try their hand? Or should I just make them harder? Or both?

Ebg13 vf cebonoyl abg n onq vqrn!
Rot13 is probably not a bad idea!

BTW Mike, these are great, thanks

Hello,

Very interesting samples you gave us, I would personnally
prefer if people just pm you the solution they found and you
wait few days to post the good ones... I'm very interested to
have the solutions if I can't find out how to do but i'm
likely to search a bit by myself first...

Don't know if Rot13 would be sufficient... quite easy to
sort out....

Regards
FoolFox

Hi All!

FoolFox, I do not like too much the idea of sending the answers to Mike, it creates a sort of limit to the spirit of these projects.
Often, a problem can be solved in many manners and, in these cases, talking about the various approaches to the problem and comparing the various solutions can be useful.

The idea of the rot13 is interesting but in the long run it could turn out heavy to converse in this way.
Perhaps, for every crypto_experiment, we could create two threads where in the second we will only put the solutions; but, I do not know if it is the better thing to make...

MnvEbA (ernql gb fcrnx va ebg13 )

Mike

Your making me think. (Not sure if this a good thing or a bad thing)
Keep them coming.

It certainly makes someone think differently. I think we study the minutie rather than the whole picture.

Catch ya around
peterg70

Hi,

Yeah, Zairon, I agree with you that showing various
responses could help other's to think, and someone may
very well came up with something anybody else thought
about...

Well, dunno, two thread could be nice but how be able
to know if a message should be posted in the discussion
or the solution one ?...mmm... this may make thing less
clearer than we may want at first....

For me, as long as i'm able to learn something, I'll deal
with it

Regards
FoolFox

The idea of rot13 isn't to make it hard, just to keep from spoiling the fun. If you have an idea that you think might work on part of the problem, it's ok to post it in cleartext. If you know your solution busts the thing wide open, rot13 it. I'll leave it to the posters to decide which one is appropriate.

Hey all,

Sorry I posted so quick! I didnt' mean to spoil it for everyone. Just thought I'd answer and let everyone learn a little. Heh, I also didn't realize I had posted only an hour and change after mike.

I'll keep my mouth shut a bit longer next time

BTW, for those of you wondering how I knew the answer, it comes from research done on smartcards. I was working on one of the crackmes in the REA reverser course that was simulating a smartcard, so I got curious and looked up a little bit on them. This timing attack is used on some smartcards and other security hardware.