[Linux4nano-dev] Update to rc4 key search (optimized)

[Jeremy Prater]

So I slimmed my app way way down and made it multithreaded, here is what its
doing right now.

 


Time

KeysProc

dTime

dKeys

kps

KeysLeft

ETA Seconds

ETA Minutes

ETA Hours

ETA Days

Num Threads

Thread 0 Counter


9/27/2007 12:01:31

33

0:00:11

15018

1365.273

4294967263

3145867.635

52431.12724

873.8521207

36.41050503

                

9/27/2007 12:01:42

15051

0:00:59

82201

1393.237

4294952245

3082714.107

51378.56845

856.3094741

35.67956142

4

14


9/27/2007 12:02:41

97252

0:01:04

90292

1410.813

4294870044

3044252.894

50737.54823

845.6258038

35.23440849

4

3158


9/27/2007 12:03:45

187544

0:04:54

417813

1421.133

4294779752

3022082.242

50368.03737

839.4672896

34.97780373

4

21070


9/27/2007 12:08:39

605357

0:04:17

362125

1409.047

4294361939

3047707.331

50795.12218

846.5853697

35.2743904

4

41084


9/27/2007 12:12:56

967482

0:05:59

505800

1408.914

4293999814

3047738.107

50795.63512

846.5939186

35.27474661

4

136086


9/27/2007 12:18:55

1473282

0:03:17

278268

1412.528

4293494014

3039581.703

50659.69506

844.3282509

35.18034379

4

220830


9/27/2007 12:22:12

1751550

0:03:13

271989

1409.269

4293215746

3046412.312

50773.53853

846.2256422

35.25940176

4

338699


9/27/2007 12:25:25

2023539

0:17:54

1523321

1418.362

4292943757

3026690.761

50444.84601

840.7474335

35.03114306

4

462360


9/27/2007 12:43:19

3546860

0:09:59

824726

1376.838

4291420436

3116866.499

51947.77499

865.7962498

36.07484374

4

818799


9/27/2007 12:53:18

4371586

                                                                4

1010076

 

Keysproc is the total number of keys processed, dTime and dKeys are 'delta'
values from subtracting the previous row , kps is keys per second. Keys
left. 2^32 hah. And the eta. It an excel spread sheet I just copy and paste
the values into from the app.

 

Im searching osos for the string "MTOOL399". Im only searching the first
0x800 of the data area (>0x800). Ive based this assumption on the rsrc.fw
file that has mtool399 written in it at 0x0e03. I guess this is the ipod's
partition / filestructure marker. Im using 32-bit rc4 with the small chunk
of data so its faster. I started the decryption at 0x800. Hmm reading the
crypto synth I see that MTOOL399 is probably not in the data portion. So new
approach. Im going to get the first 20 instructions. 20x4 bytes. And verify
that the opcode portion of the instruction bitmap is a valid opcode. This
method will probably return many false keys. Im going to do some more
coding. I expect the performance (kps) to increase because im only rc4
decoding the first 80 bytes not 2048 now. Ill update soon.

 

Once I get the app able to actually be functional enough to find the correct
key would people be willing to split up the keyspace so we could get the
result sooner. If my core 2 duo 1.83ghz can do the entire osos in 36 days.
get a few more people on it and boom maybe a week or so. But we all need to
agree on what a 'correct' key would be. Wasting all the cpu time on a
decyption scheme that is flawed is a big waste. Well im going to hunt down a
set of arm opcodes. Later. -- Jeremy


_______________________________________________
Linux4nano-dev mailing list
Linux4nano-dev@gna.org
https://mail.gna.org/listinfo/linux4nano-dev
http://www.linux4nano.org