tag:blogger.com,1999:blog-5096278891763426276.post3532379350878818286..comments2024-03-13T19:12:58.863+02:00Comments on absorptions: A determined 'hacker' decrypts RDS-TMCOona Räisänenhttp://www.blogger.com/profile/08764440174916554983noreply@blogger.comBlogger64125tag:blogger.com,1999:blog-5096278891763426276.post-8431996054202823482022-10-22T21:10:51.465+03:002022-10-22T21:10:51.465+03:00Thanks, I'll see what I can do!Thanks, I'll see what I can do!Oona Räisänenhttps://www.blogger.com/profile/08764440174916554983noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-45304472487603835592022-10-22T04:08:12.409+03:002022-10-22T04:08:12.409+03:00Can you please consider making this site usable on...Can you please consider making this site usable on phones?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-50602452976513773462018-03-15T22:28:45.903+02:002018-03-15T22:28:45.903+02:00do you think you could share your little perl scri...do you think you could share your little perl script that plots location and TMC messages on the map (to use with public TMC providers) you could also add an option for user to input all 31 keys if he/she has them<br /><br />Thanks for Anwsering and Best Regardsveso266https://www.blogger.com/profile/12154006147114430072noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-33100385499845439672017-06-17T01:47:01.038+03:002017-06-17T01:47:01.038+03:00What’s interesting is the second-last paragraph. T...What’s interesting is the second-last paragraph. Translation:<br /><br />“Back then, I ran a little attack against it and found out one table entry (which was used at the time by my local TMCpro station). This didn’t change at all for a very long time, thus I’m not sure if it ever does.”<br /><br />He seems to be referring to the key index (or ENCID)—apparently, some stations don’t bother changing it or do so very infrequently. This is consistent with my own observations of two stations carrying the same encrypted service. The last two blocks of the encryption administration group were the same, even on two different stations and more than two months apart.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-69583333064849699022016-08-05T16:20:00.586+03:002016-08-05T16:20:00.586+03:00I like your blog and for a while I'm also tink...I like your blog and for a while I'm also tinkering around with decoding RDS/TMC/TMCpro. I pretty much like how simple they made the "encryption" and that they actually did it on purpose. To cite ISO 14819-6: "The encryption is only ‘light’ but was adjudged to be adequate to deter other than the most determined ‘hacker’."<br /><br />Please note that a similar brute-force attack like yours has already been described here: http://www.mikrocontroller.net/topic/229218. Unfortunately, it's in German. Watch out for the first post by user "Simon Budig". He claims that he's done successful brute-force attacks back in 2011 or before.Stephan Kanthakhttps://de.linkedin.com/in/stephan-kanthak-09691881noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-88037803586378656762015-08-23T06:21:17.845+03:002015-08-23T06:21:17.845+03:00Your blog is fascinating. I like how in this post,...Your blog is fascinating. I like how in this post, your method of attack is similar to the attack-from-guessed-similar-messages, famously employed to crack the Enigma cipher. Now I'm wondering if your first paragraph contains a subtle reference . . .<br /><br />Keep it up!Ian Malletthttps://www.blogger.com/profile/00105420256087675307noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-9219559757999597932014-02-07T19:34:13.519+02:002014-02-07T19:34:13.519+02:00I once owned a Michelin TMC gps: it shows a "...I once owned a Michelin TMC gps: it shows a "hitparade" of TMC messages, "hitparade" in "distance" meaning, from close to further away. I bought a RDS TMC antenne for my Tomtom, but even when I plan a route over Brussels it doesn't give me no messages... Maybe I'm not close enough (120km) ...marchttps://www.blogger.com/profile/15754120057246410206noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-2004900445716161522014-02-02T22:05:28.968+02:002014-02-02T22:05:28.968+02:00$ for s in `seq 0 15`;do for v in `seq 0 255`;do e...$ for s in `seq 0 15`;do for v in `seq 0 255`;do echo $((($v<<$s)&0xffff));done;done|sort -u|wc -l<br />1280<br /><br />That makes 16*1280=20480 unique keys.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-57871849404222472382013-12-31T00:23:52.014+02:002013-12-31T00:23:52.014+02:00HI Oona, Nice JOb,
maximum respect :)
HI Oona, Nice JOb,<br />maximum respect :) <br />Anonymoushttps://www.blogger.com/profile/01658378384456561967noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-26563733960032797062013-11-04T11:56:10.406+02:002013-11-04T11:56:10.406+02:00Yeah, I met Barisani at t2infosec :)Yeah, I met Barisani at t2infosec :)Oona Räisänenhttps://www.blogger.com/profile/08764440174916554983noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-2603251180653318392013-11-04T11:30:20.972+02:002013-11-04T11:30:20.972+02:00Related research from 2007 http://www.defcon.org/i...Related research from 2007 http://www.defcon.org/images/defcon-15/dc15-presentations/dc-15-barisani_and_bianco.pdfAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-62093898313006696242013-10-21T18:01:34.584+03:002013-10-21T18:01:34.584+03:00Nice work no doubt! Since I've written TMC bro...Nice work no doubt! Since I've written TMC broadcasting systems it's nice to see that some people are enjoying them. :)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-85644442891893749452013-06-24T10:32:43.667+03:002013-06-24T10:32:43.667+03:00As I said, I don't have a car or driver's ...As I said, I don't have a car or driver's license so I can't really try that kind of stuff out.Oona Räisänenhttps://www.blogger.com/profile/08764440174916554983noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-40930559078903012912013-06-24T08:28:28.260+03:002013-06-24T08:28:28.260+03:00Brilliant!! My question is how to feed the decrypt...Brilliant!! My question is how to feed the decrypted TMC messages onto the car CAN bus to display on the car navigation system? Any ideas?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-12352328731387605382013-05-16T14:50:21.175+03:002013-05-16T14:50:21.175+03:00Thank you.
As a teenager, my introduction to cryp...Thank you.<br /><br />As a teenager, my introduction to cryptanalysis was a declassified U.S. military field manual, called FM 34-40-2, that I printed out and bound as a little book. It is most probably available online as scanned images.Oona Räisänenhttps://www.blogger.com/profile/08764440174916554983noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-71299559851805723082013-05-15T04:33:16.989+03:002013-05-15T04:33:16.989+03:00You mentioned some books on cryptanalysis, would y...You mentioned some books on cryptanalysis, would you mind posting a few you'd recommend?<br /><br />This is really a great site!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-86516139864275999912013-05-14T00:28:17.080+03:002013-05-14T00:28:17.080+03:00Yes, that would be 2^13. I'm not sure whether ...Yes, that would be 2^13. I'm not sure whether this should actually be called encryption at all, or perhaps scrambling or something like that. But that's the term they like to use.Oona Räisänenhttps://www.blogger.com/profile/08764440174916554983noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-84186853459401258712013-05-13T23:05:34.934+03:002013-05-13T23:05:34.934+03:00Err, just 8192 unique keys. Not sure where the 8*1...Err, just 8192 unique keys. Not sure where the 8*16 came from.Anonymoushttps://www.blogger.com/profile/17418638351744394561noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-40870074442173461232013-05-13T22:59:07.296+03:002013-05-13T22:59:07.296+03:00So, wait a second. The key space isn't even 2...So, wait a second. The key space isn't even 2^16, is it, since the top bits of the lower 8 bits of the key are actually shifted away, depending on what the second-most-significant hex digit says, right? In fact all keys x800 .. xFFF are all identical, no? What a ridiculous scheme. There are 16*256 + 16*128 + ... 16*1 -> 16*511 + 8*16 = 8304 unique, canonical keys, by my back of the envelope calculation.Anonymoushttps://www.blogger.com/profile/17418638351744394561noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-89488554981950719092013-05-13T02:04:04.774+03:002013-05-13T02:04:04.774+03:00Well done indeed! Congrats on your passion for th...Well done indeed! Congrats on your passion for this hobby, and your principles staying pure. This level of devotion and play-nice isn't something I see all that often. Especially in a potentially ego-teasing field (I agree the standard reads like a challenge.) I'm in so much respect for the way you are handling your discovery here.<br /><br />And that your passion will most likely lead you away from this and on to the next cool thing to stumble into your scope's screen.<br /><br />Bleassings!Tim Jameshttps://www.blogger.com/profile/16027669269758716984noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-84775585527110237172013-05-09T02:23:48.630+03:002013-05-09T02:23:48.630+03:00For future reference:
-log into tor
-upload source...For future reference:<br />-log into tor<br />-upload source code to www.pudn.com, it is a source sharing site. You can find stuff there like factory workers uploading whole design files they got from US firm to manufacture (including source code, gerbers, case design). Basically its repository for Shanzhai manufacturers :)<br />-wait few hours and make a blog post about this kewl code you just found<br />-wait two weeks for first clones to appear on the marketRasz_plhttps://www.blogger.com/profile/08541243565385658679noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-66317602253586992892013-05-08T15:58:00.477+03:002013-05-08T15:58:00.477+03:00I did - and interesting reading it was too! I do g...I did - and interesting reading it was too! I do get the general principles (and this is what makes the posts interesting), but it's the technical nitty-gritty I'm struggling with! Like I said though, just my ignorance, not your posts.NABhttps://www.blogger.com/profile/15645758112897112622noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-44962819504673890432013-05-08T15:48:48.944+03:002013-05-08T15:48:48.944+03:00That piece of text is a hyperlink - follow the hyp...That piece of text is a hyperlink - follow the hyperlink :)Oona Räisänenhttps://www.blogger.com/profile/08764440174916554983noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-43537088839293359162013-05-08T15:33:55.616+03:002013-05-08T15:33:55.616+03:00Kudos to you. Interesting blog post. Shame I don&#...Kudos to you. Interesting blog post. Shame I don't have even the first clue what "RDS was decoded from intermodulation distortion in the radio's Line Out audio caused by the stereo demuxer circuitry." means but that just shows the shortcomings in my own education. :-) Thank you.NABhttps://www.blogger.com/profile/15645758112897112622noreply@blogger.comtag:blogger.com,1999:blog-5096278891763426276.post-71882839238107679722013-05-07T10:19:15.961+03:002013-05-07T10:19:15.961+03:00I have a judgement under Finnish law against me fo...I have a judgement under Finnish law against me for hosting a service where a friend posted some homebrew Haskell DeCSS code along with commentary (among others, but that was the one they decided to pursue).<br /><br />That does not fully apply to this case since as you said, Oona didn't publish any code. However, this is a form of DRM, and the law says that even offering service that _helps_ circumvent it is illegal. Service is vague, but a blog dedicated to such evils as "hacking"? I wouldn't put it past the courts to judge it to be one, when my mailing list qualified as well.<br /><br />One could probably argue that the stuff being accessed is not actually copyrightable, but that's always a can of worms, especially with our European database monopoly rights or whatnot.<br /><br />So the legal situation is actually way murkier than it would be in a sane world, and unscrupulous companies are within their legal rights to exploit that (hi, Tuomo).<br /><br />(And yeah, that comment is "kind of" a complaint but not really... The "kind of" is especially vague. Is it or is it not, do they have standing for anything?)Anonymoushttps://www.blogger.com/profile/11120474428539196039noreply@blogger.com