| Author |
Message |
|
fullmetalcoder
Member
Joined: 01 Aug 2009
Posts: 139
|
 Posted: 01 Aug 2009 11:59:38 am Post subject: |
|
|
I compiled the factorization suite (-march=native -fopenmp ...) and tried getting a polynomial and with (that's key 0A)
n: 0x40B11C71D4EA2C13C9AB2E501C6085FEC87FF3B88BFD783EAC43351E1B10F65AD31C79C1268F75
051DC8FC008EBF593AE5912E8B653975C13127E2B60A0BEF5FEF
Just wondering if this is the right input or if there is an endian twist (better not waste time factorizing the wrong number...)
edit :
figured out that the input must be little endian which happen to be the format of the key files, neat.
what is the purpose of the 40 byte at the beginning of each key? (and why isn't it taken into account in the factorization?)
edit2 : 0x40 = 64 is the size of the key in byte, nevermind...
Last edited by Guest on 01 Aug 2009 01:15:10 pm; edited 1 time in total |
|
| Back to top |
|
|
brandonw
Advanced Member
Joined: 12 Jan 2007
Posts: 455
|
| Posted: 01 Aug 2009 03:33:58 pm Post subject: |
|
|
I don't use Linux, but my understanding is that you can run .NET programs through Mono. Or something.
I haven't heard of anyone successfully signing an OS using RabbitSign (yet). Build8XU (the part of OS2Tools that does the signing) takes a ROM or multiple BIN files as input, and it MD5 hashes all of those in addition to the OS header which it builds itself based on command line parameters you pass it.
So if you can get your OS into a ROM (for testing on an emulator for example), if you specify which pages you care about, Build8XU will build an 8XU from it. The OS2 repository at http://brandonw.net/svn/calcstuff/OS2/ has a make.bat file showing how to use it.
It's pretty much a piece of crap, so if it doesn't work for you, it's probably not worth the time to muck around in its code. |
|
| Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008
Posts: 472
|
| Posted: 01 Aug 2009 04:16:56 pm Post subject: |
|
|
dietsche: 3201 and 5201 sound like they might be keys for TI's non-freeware apps. I've seen similar keys for the 83+, such as 2204 and 5204, and others I can't remember off the top of my head.
FMC: RabbitSign certainly ought to work, though I haven't tried it with CSX myself. Could you post the output of rabbitsign -vv <your 8xu file> ?
There can only be one OS signature at a time, so it's just fine to use an 8xu file that was created with packxxu. (With apps, it's a slightly different story; you need to use the -r option if you want to strip off the old signature.)
Brandon: I've successfully signed OSes with RabbitSign.  I'm sorry that other people are having difficulty with it. |
|
| Back to top |
|
|
fullmetalcoder
Member
Joined: 01 Aug 2009
Posts: 139
|
| Posted: 01 Aug 2009 04:35:48 pm Post subject: |
|
|
Quote: $ rabbitsign -t 8xu -r -vv -k 05.key csx.8xu
05.key: Loaded Rabin/RSA private key:
05.key: n = BFA2309BF4997D8ED9850F907746E9919E7862511C1B6FEEC23043E6103A38BD84F5421AD04980F7
9D4EC7D6093D1D1FEF60334E93BF6CD46F82F19B7EF2AB6B
05.key: p = D314949DADE1FCDC1CFDE9B6D2E9EB802B9AAD3A052B881A23A61C4F27A09BF5
05.key: q = E86A2AF0501BF8767C1B678AA39D77595855B7EB1A4FDE75FF2BDE287A65EDDF
Signing TI-83/84 Plus OS csx.8xu...
csx.8xu: warning: OS header has no page count field
csx.8xu: hash = 632CEC871967804C38C91A6E656EE00E
csx.8xu: sig = 6806A878C12D71ECD46DC32583B7A40CD90CB99F3A77F3DCBE0CEF62EB6B823624AA78A5F28456D3
85CE42EF0476EB2FAA9B49F3040055EE7A2E243F6B84725E
just in case here is the rest of the build sequence :
Quote: $ wine tasm -80 -c -o20 -fC7 -y -e page00.z80 page00.hex
TASM Z80 Assembler. Version 3.2 September, 2001.
Copyright © 2001 Squak Valley Software
tasm: pass 1 complete.
Assembling Real version
Routines:
Console
cclear 14
cdisp 126
cgets 134
cprint 37
cputch 44
cputs 14
credraw 19
cscroll 27
csetpos 15
Display
clrline 30
clrscr 25
displine 71
drawicon 339
invline 26
putch_6x8 22
putch_con 86
putch_var 26
puts_6x8 15
puts_con 26
puts_var 11
vbufdisp 60
Exception
6 exceptions 45
File
f_conv 105
f_delete 30
f_load 193
f_locate 87
f_new 82
f_next 22
f_size 17
f_temp 43
I/O
input 79
output 76
Key
getch 70
getkey 28
Math
divu16 18
Memory
memfree 17
memswap 16
String
atoh 47
dtoa_w 22
extract 65
htoa 25
strcat 17
strcmp 14
strcpy 8
strlen 15
strupr 22
strnext 8
tokenize 27
Apps
Hex Editor 1005
Characters (6x8): 256 [2560]
Characters (console): 256 [768]
Characters (variable): 256 [2048]
Page 00: 11200 bytes used 68% filled
tasm: pass 2 complete.
tasm: Number of errors = 0
Elapsed time = 1.07 secs lines = 11611 lines/sec = 10790
$ ./multihex 00 page00.hex | ./encdos csx.hex
$ ./packxxu -v 9.99 -h 255 csx.hex -t 83p -o csx.8xu |
|
| Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008
Posts: 472
|
| Posted: 01 Aug 2009 05:26:28 pm Post subject: |
|
|
| Well, here's one problem: when using the 05 key, you need to use the -q 05 option to packxxu. |
|
| Back to top |
|
|
fullmetalcoder
Member
Joined: 01 Aug 2009
Posts: 139
|
| Posted: 01 Aug 2009 05:36:02 pm Post subject: |
|
|
FloppusMaximus wrote: Well, here's one problem: when using the 05 key, you need to use the -q 05 option to packxxu.
Tried that and it doesn't solve the validation problem. |
|
| Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008
Posts: 472
|
| Posted: 01 Aug 2009 06:00:35 pm Post subject: |
|
|
Oops, I'm sorry. You need to use -g or -o to tell rabbitsign to output an 8xu file, otherwise it defaults to outputting a .hex file. This behavior seems weirdly backwards when you have an 8xu file to begin with, but it's a holdover from ages past, when many programs (including TilEm, rompatch, and if I'm not mistaken, the Flash Debugger) required plain hex files as input.
Last edited by Guest on 01 Aug 2009 06:04:05 pm; edited 1 time in total |
|
| Back to top |
|
|
fullmetalcoder
Member
Joined: 01 Aug 2009
Posts: 139
|
| Posted: 01 Aug 2009 06:49:54 pm Post subject: |
|
|
yay! it does work (with 05 key in a couple of month I'll try with the 0A key...)  |
|
| Back to top |
|
|
brandonw
Advanced Member
Joined: 12 Jan 2007
Posts: 455
|
| Posted: 01 Aug 2009 11:10:44 pm Post subject: |
|
|
FloppusMaximus wrote: Brandon: I've successfully signed OSes with RabbitSign. I'm sorry that other people are having difficulty with it.
I was sure it worked fine, I just saw a couple of people trying and failing. I think they were just having unrelated OS header troubles.
I have much more faith in RabbitSign working than OS2Tools. |
|
| Back to top |
|
|
fullmetalcoder
Member
Joined: 01 Aug 2009
Posts: 139
|
| Posted: 02 Aug 2009 01:28:54 am Post subject: |
|
|
polynom selection yielded first acceptable result this night : best score so far 2.51e-12
Quote: name: example
n: 92760616057340210988768273886569285146128595592379339657880430510267969803747285
95171865053533915137761593447200826663722532808848103561497119894851772399
skew: 208683.25
# norm 1.79e+21
c5: 190483380
c4: 180001475356428
c3: -22075397954668859497
c2: -6594926497968999404299976
c1: 496020734659796699826056551516
c0: -162777883624335948985070911446928
# alpha -5.64
Y1: 1001192452846544827
Y0: -137246319956562178865422049445
# Murphy_E 2.51e-12
# M 66543321777904416192648157617347332475799506898034508959106608195131007947380543
76396850963099182427365365762493115449599368533989914494994021508226071900
type: gnfs
rlim: 25700000
alim: 25700000
lpbr: 29
lpba: 29
mfbr: 58
mfba: 58
rlambda: 2.6
alambda: 2.6
qintsize: 100000
FloppusMaximus: is that good enough to start the second phase?
I have read that the second phase (computing relations) can easily be split in segments and thus distributed among a relatively large number of computers which would dramatically reduce its duration. However I have not found explanation on how to easily run a segment of it. Do you have any idea? If so maybe you could coordinate this once we get a proper polynomial : defining segments, putting them for auction here and collecting the results (we'd probably need a public ftp for that) and running the last phase once all the results would be available (note that we may also run the last phase on another pc if someone has more raw power than you and is willing to help). |
|
| Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008
Posts: 472
|
| Posted: 02 Aug 2009 02:18:22 am Post subject: |
|
|
Sorry, you've got the wrong number there! What you have there is what you'd get if you read the 0A key file in big endian.
The number you posted factors as
p3 factor: 173
prp17 factor: 73569313009210471
prp135 factor: 72882090397694210185378675970957055934529867218361418948224008048
4856427659128294376584933934968425543928726930651123354213692584878653
So I'd stop working on it if I were you. :)
Here's my little script for converting a key file into a decimal integer (I make no claims about its elegance, but then, I've never seen Perl code anywhere that could really be called elegant):
Code:
#!/usr/bin/perl -w
sub hex_to_num {
$str = shift;
@bytes = ();
while ($str =~ s/^(..)//) {
push @bytes, $1;
}
if ((hex $bytes[0]) != $#bytes) {
print STDERR "count mismatch\n";
exit 1;
}
shift @bytes;
$hex = join "", reverse @bytes;
$dec = qx(echo "ibase=16; $hex" | bc);
$dec =~ s/[\\\n]//g;
return $dec;
}
while (defined($hex_n = <>)) {
$num_n = hex_to_num($hex_n);
print "n: $num_n\n";
if (defined($hex_p = <>)) {
if (defined($hex_q = <>)) {
$num_p = hex_to_num($hex_p);
$num_q = hex_to_num($hex_q);
chomp ($test = qx(echo "($num_p * $num_q) == $num_n" | bc));
if ($test ne "1") {
print STDERR "WARNING: p * q != n\n";
}
print STDERR "p: $num_p\n";
print STDERR "q: $num_q\n";
}
}
else {
last;
}
}
Anyway, I've been running the polynomial search for the 0A key for a bit over a day already. I have a few candidate polynomials (best Murphy score so far is 2.50e-12) but I'd like to run it for another day or two to see if anything better turns up. In the meantime, why don't you try running a polynomial search on one of the other keys?
WRT distributed sieving: I've been working on a slightly hacked version of factMsieve.pl which we should be able to use in order to do the sieving in parallel. As you say, we'd need some way of collecting the results and running the final processing; whoever does that will need a fast CPU and plenty of RAM. |
|
| Back to top |
|
|
fullmetalcoder
Member
Joined: 01 Aug 2009
Posts: 139
|
| Posted: 02 Aug 2009 03:00:21 am Post subject: |
|
|
FloppusMaximus wrote: Sorry, you've got the wrong number there! What you have there is what you'd get if you read the 0A key file in big endian.
The number you posted factors as
p3 factor: 173
prp17 factor: 73569313009210471
prp135 factor: 72882090397694210185378675970957055934529867218361418948224008048
4856427659128294376584933934968425543928726930651123354213692584878653
So I'd stop working on it if I were you.
Damn! so that's the right number then : 12537072476862421230323818220670094176024121433129402568805703301509542532518840
117998301702770251376727694567865443226427097771931350481518184606521695409 ?
FloppusMaximus wrote: Here's my little script for converting a key file into a decimal integer (I make no claims about its elegance, but then, I've never seen Perl code anywhere that could really be called elegant):
Thanks. I'd been looking for such a thing but had no luck and I was just too lazy to write it (plus I'd have written it in C as I'm not very fluent in any script language and that would have been a little overkill). I had to modify it a little however as my system doesn't appear to ship bc. Use Math::BigInt and the hex conversion is done automagically this way :
Code:
$dec = Math::BigInt->new("0x".$hex);
Quote: Anyway, I've been running the polynomial search for the 0A key for a bit over a day already. I have a few candidate polynomials (best Murphy score so far is 2.50e-12) but I'd like to run it for another day or two to see if anything better turns up. In the meantime, why don't you try running a polynomial search on one of the other keys?
yeah, I'll do that. I'm on 0102, n=132372593817553510702527343869380866991182197789472210493537791096224196954964
75613231936101044372075723700556571007676460210635446794532823146159614718341 (just checking)
Quote: WRT distributed sieving: I've been working on a slightly hacked version of factMsieve.pl which we should be able to use in order to do the sieving in parallel. As you say, we'd need some way of collecting the results and running the final processing; whoever does that will need a fast CPU and plenty of RAM.
Well, the way of collecting results is not the major issue. Even if enough people come up (I guess 10 would be a good start and we're only 2 atm) to take a slice it's unlikely that the sieving phase takes less than a week so we'll have plenty of time to think about it. Also please share your factMsieve.pl so that we may have a chance to test it before starting the real job. |
|
| Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008
Posts: 472
|
| Posted: 02 Aug 2009 03:22:47 am Post subject: |
|
|
| Yes, you have the correct numbers there. |
|
| Back to top |
|
|
fullmetalcoder
Member
Joined: 01 Aug 2009
Posts: 139
|
| Posted: 02 Aug 2009 07:58:44 am Post subject: |
|
|
first result for the 0102 key (I'll keep polynom selection running until tomorrow but if someone has spare cpu cycles and feels like getting familiar with the factorization tools why not start sieving that one) :
Quote: name: 0102
n: 13237259381755351070252734386938086699118219778947221049353779109622419695496475
613231936101044372075723700556571007676460210635446794532823146159614718341
skew: 1774150.69
# norm 4.76e+21
c5: 1525620
c4: -18715493343362
c3: -15944374594613244408
c2: 47140362434797093837039477
c1: 13833614019160624132632883337552
c0: -16379440358594057040560998701251769831
# alpha -5.87
Y1: 310679924633444377
Y0: -386964563945409672883224893422
# Murphy_E 2.19e-12
# M 62642092017781165821378314562376914402780710424458227664002759802841122011596032
18340336932006846515296510081575082961702528002938418394951025339851574262
type: gnfs
rlim: 27100000
alim: 27100000
lpbr: 29
lpba: 29
mfbr: 58
mfba: 58
rlambda: 2.6
alambda: 2.6
qintsize: 100000
by the way as the first phase does not take advantage of multicore cpus I have also started polynom selection for the 01 key (random pick) so if anyone feels like doing a bit of polynomial crunching pick another. |
|
| Back to top |
|
|
Lionel Debroux
Member
Joined: 01 Aug 2009
Posts: 170
|
| Posted: 02 Aug 2009 02:21:54 pm Post subject: |
|
|
Hey, congratulations
I was not aware that nowadays, 512-bit RSA keys can be factored by home PCs in a few months CPU time.
I too find it funny that brandonw's method and this method are released nearly at the same time.
Even if TI-68k calculators were defeated many years ago (TIB receiver) and again more recently (FreeFlash), and unsigned FlashApps work just fine after applying Flashappy, factoring the keys and generating properly signed OS & FlashApps would remove building step for programmers, and installation steps for users. |
|
| Back to top |
|
|
fullmetalcoder
Member
Joined: 01 Aug 2009
Posts: 139
|
| Posted: 02 Aug 2009 04:42:53 pm Post subject: |
|
|
progress of polynom selection :
* 0102 : 17 candidates, best murphy score 2.57e-12
* 01 : 1 candidate, murphy score 2.64e-12
I'll keep it running for the next 9hours at least (a night that is) and pick two other keys.
Floppus, when do you think we can start the sieving for the 0A key? I got a 2weeks window before a couple of weeks with little to no access to my computer so the sooner the better. |
|
| Back to top |
|
|
FloppusMaximus
Advanced Member
Joined: 22 Aug 2008
Posts: 472
|
| Posted: 02 Aug 2009 08:14:26 pm Post subject: |
|
|
Found another polynomial with a score of 2.52e-12. I'm testing the two best candidates now. So far they look a little worse than the polynomial I used for 04, which is to be expected since the number being factored is a bit larger.
Attached is an ugly hack on top of the pile of hacks that is the factMsieve script. If you add 'q0' and 'qlimit' values to the poly file, it will use only that range of q values.
Lionel: Agreed. My understanding of how things work on the 68k calculators is rather hazy. But on the Z80s, it's only very recently (mostly thanks to Brandon) that there have been reasonably safe and usable ways found to disable the Flash protection. And as Brandon commented a while ago, using exploits such as Free83P, or the "battery trick", to install an OS is a bit risky.
In the case of the 68ks, from what I've read, it looks like there are some interesting things that can be done with Flash apps, that can't be done, or are very difficult to do, currently. So I would like to help make that process a bit easier and safer, as well. RabbitSign already supports signing 68k apps, it just remains for a useful key to be found. And, I guess, for GCC4TI and/or TIGCC to support it.
Last edited by Guest on 02 Aug 2009 08:27:20 pm; edited 1 time in total |
|
| Back to top |
|
|
Graphmastur
Advanced Member
Joined: 25 Mar 2009
Posts: 360
|
| Posted: 02 Aug 2009 11:05:49 pm Post subject: |
|
|
| Will you eventually have a little app, so that people can specify their asm, or maybe just bin file, for each page, and have it create the os? That would be amazing, and help people get past the whole command prompt thing, which is what made it hard to program asm at first. |
|
| Back to top |
|
|
brandonw
Advanced Member
Joined: 12 Jan 2007
Posts: 455
|
| Posted: 03 Aug 2009 12:50:25 am Post subject: |
|
|
Graphmastur wrote: Will you eventually have a little app, so that people can specify their asm, or maybe just bin file, for each page, and have it create the os? That would be amazing, and help people get past the whole command prompt thing, which is what made it hard to program asm at first.
Well that was kind of the idea with Build8XU (OS2Tools), you specify which pages out of a ROM (or any number of binary files) you want the OS to include and it builds an 8XU. That's a little different.
Unfortunately, it's kind of crappy, but it was built specifically with OS2 in mind. |
|
| Back to top |
|
|
Graphmastur
Advanced Member
Joined: 25 Mar 2009
Posts: 360
|
| Posted: 03 Aug 2009 10:31:51 am Post subject: |
|
|
brandonw wrote: Graphmastur wrote: Will you eventually have a little app, so that people can specify their asm, or maybe just bin file, for each page, and have it create the os? That would be amazing, and help people get past the whole command prompt thing, which is what made it hard to program asm at first.
Well that was kind of the idea with Build8XU (OS2Tools), you specify which pages out of a ROM (or any number of binary files) you want the OS to include and it builds an 8XU. That's a little different.
Unfortunately, it's kind of crappy, but it was built specifically with OS2 in mind.
What about using the keys, now that they have been deciphered? |
|
| Back to top |
|
|
|
Open Topic & United-TI Talk => General Open Topic
