If the state of the SC is known at some point after the first 32 steps, is it possible to "roll back" to get the CW?
I read somewhere, in some rare, non-real conditions with the output of the SC fully known, it might be possible to "guess" the state of the SC in the run-phase.
But even then, it may not be possible to get the CW.
I was wondering about the last part. But looking at the algo it looks tough.
Besides other things, even if we know the output of the sbox, we dont know the input.
If someone wants to try the "SC-only" thing...
Here is a real life example of a payload of 15 bytes with unknown CW:
C7 26 F4 60 03 BE 82 A4 3C 5E 7E 3D D9 E4 84
The plaintext is either
FF FF FF FF FF FF FF FF FF FF FF FF FF FF 80
or
00 00 00 00 00 00 00 00 00 00 00 00 00 00 7F
.
If someone wants to try the "SC-only" thing...
Here is a real life example of a payload of 15 bytes with unknown CW:
C7 26 F4 60 03 BE 82 A4 3C 5E 7E 3D D9 E4 84
The plaintext is either
FF FF FF FF FF FF FF FF FF FF FF FF FF FF 80
or
00 00 00 00 00 00 00 00 00 00 00 00 00 00 7F
.
Are you insinuating that you have done the rollback and found key?
Would that single ts-packet be enough?
Or do you need a PUSI?
(I dont actualy have a ts, since I used a tool that extracts only the needed bytes from the live-source. It can take a while to catch a packet with that length AND a known plain.)
This doesn't have the 15-byte-packets, but its the same transponder/Pid/CW:
http://www23.zippyshare.com/v/cgw8BO5B/file.html
47 17 E4 BA [COLOR="Red"]43[/COLOR] 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 75 5A 48 0E 31 22 59 1A C2 85 61 0C 54 A5 A5 24 4E 6D 01 D5 B1 1F C3 7E E5 1F C6 16 85 FC 5F 08 13 57 A3 01 82 92 5A 54 EF A7 C7 A1 6F 52 18 72 B8 2E F1 ED E1 E0 2A 9A F2 4A F6 E0 92 E7 03 96 33 81 4C CB E8 7E F8 EF F5 91 FF B6 38 46 C9 F1 EC DC 3F CA EF B1 75 E6 31 AD 6E D9 06 22 23 8C EF 08 DE F2 F4 B4 17 1C 99 D6 A4 94 36 CC 0E A6 2C 7D 6B 5E
47 57 E4 9B 82 C5 2E 64 2D 8A AC 0B 0B 02 06 97 47 0B 1F 36 7E A9 3E 13 F3 B3 9A 88 93 FA 90 24 00 48 4F A1 22 19 6B 0B 27 46 BC C0 C0 8B EB 8B 1A 85 79 DF FF C2 AB 85 1D 70 EF 72 99 15 B7 34 F6 2C 58 5F E8 FB DA 71 BA 01 5E 97 EC 91 96 7F CB B5 BC 44 7C 0E E5 92 AC EF 6F D1 A0 1A B5 17 CA 52 30 8B F6 EC C2 65 07 33 C3 5F 52 64 7D 37 78 48 04 BA 59 C0 9A CF 07 CA 37 1F B8 AA C6 3B 43 52 C5 6D 17 13 8C A4 46 04 B9 0A D9 4B 90 F9 15 71 F4 F8 FA 83 62 B4 49 B5 CA 5E C7 E4 F4 A7 4C C4 0C 41 B3 66 BD C4 BA 0E DA 5F 5D 64 A0 F9 36 8D 51 1D 9C C2 33 8D C7 D7 09 36
47 17 E4 BB [COLOR="red"]7D[/COLOR] 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 4F 4B A6 9E B8 99 2D FA 9E 0D DD 4E 2D 7F CE CB BD C5 EC 4B 39 DC EB 43 AD 52 DA D8 8C 6F 46 9C 2A B3 29 EB 92 24 09 37 69 9B 8D EF 52 51 C4 D8 44 29 F3 EE 77 3D E4 CF 70 E7
47 57 E4 9C DD 48 08 05 19 30 78 75 04 DD 6E 8B 74 2E 0E 61 77 E1 DA 35 37 7F 39 4F 62 EB C0 78 05 13 B6 D4 83 6B C6 2C B3 EB 94 F3 EC C4 FD 2D 2D 9A A7 2E 32 12 1B 7E 83 F9 B6 78 C0 A7 40 3C 0F 2C 46 8C 53 11 C4 30 45 8F F4 A9 2D 50 A5 22 EE 98 50 48 05 08 2D 97 39 94 91 C6 F6 13 8B 4C 85 17 99 1B 99 4A 67 6F E5 19 20 A6 AB F4 21 A1 56 1C 9C 13 6F 3F 6D 4D 19 3B E1 6B 6F D9 BD C5 B7 E3 93 CD 1D D5 25 8B 98 16 FC A2 D4 FF 96 AA 12 C5 E8 FD 69 82 DE 38 3C F9 A5 26 27 42 1C 4B 70 92 17 16 30 D5 17 4E 85 44 C4 78 A2 F2 1C BB 1C 33 7B 81 10 BA 21 AA 8E CB 45 58
I don't think it should fail, only if there are no stuffing bytes FF's or 00's or if no Residue bytes.Why you think SC-only would fail (if they use CSA 48)?
47 03 FF B8 7B 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 15 E4 4A B2 12 64 E6 7F 3C 3C A2 D5 47 7D B8 8B B0 2A C3 53 54 73 AE 90 39 2B 76 74 02 BF 44 56 9D C2 0F 65 9F E1 7E 6F 1B F6 64 4E A5 6D 80 B0 C2 14 26 81 5F E5 3B 90 BB 92 ED 5D
47 43 FF 99 82 69 B1 21 DE 49 30 FE 5D 06 AA 03 B8 8D 3B C8 B5 8D F8 B9 39 C4 15 A9 FB 6B 21 3C 22 51 18 D1 DA E1 BB D4 44 B5 84 F1 49 98 98 99 B0 E6 CD B8 8E 01 6F E4 0D 85 50 E1 28 19 DE 55 E0 6B B2 FA 6F A4 25 7F 25 62 B4 18 A7 85 5A DE 63 65 4A B6 E0 CA 0C F2 5A C4 82 40 05 F7 C8 85 EF A6 64 74 E9 96 4F 87 4D 50 A5 B7 6D C9 8C FC 64 15 31 B9 7F 1B 14 50 82 C6 96 9C 3D CF BC 9D 9D 59 4A 4E EE 8C 86 DF C5 55 3D B8 58 93 1D D5 15 B3 83 37 54 82 26 6D 0E 8F 50 25 EA 0A D2 5C ED B1 F5 84 3A 70 40 27 F5 58 C7 B5 98 5C 04 CC BD BC 6A E4 FB 79 FE E1 FC DC A4 D3
47 03 FF 38 7B 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF D9 6C 28 44 F7 67 2A CC 72 77 F4 A1 21 A5 B4 CE 40 22 E8 FD 88 81 6C 7A FF 1C 6D 14 01 0A A0 A5 A3 B7 B6 FF F0 3B 28 D2 0D 0B 1F 08 7D 15 92 BE 7C 8C B5 CA A7 44 54 67 38 98 00 00
47 43 FF 19 00 00 01 E0 00 00 80 C0 0A 39 85 41 CC 75 19 85 41 B0 55 00 00 00 01 09 50 00 00 00 01 06 01 01 14 80 00 00 00 01 01 AE E6 6F 6A 4B FF 57 EF D5 26 BC 14 87 3B 1D B9 DC E0 58 0B 82 02 F2 72 C6 3A 09 D2 72 F6 E8 0F 37 83 92 BE B7 A7 9B 59 F6 FA C4 44 8A 2C CA 6C ED FC 90 46 0B 35 05 AF 87 85 D2 76 EA ED 00 80 9F 5E 11 3D 9B D0 DF AE 51 DD F6 B3 C9 5C 54 27 7E 21 85 BC 7E 90 BA EC 6A 20 85 F2 CF 73 D9 35 52 71 2E 0F A9 8F 45 24 D2 62 9B 53 4D AD D9 15 1F 8D 4E 89 6E 27 69 00 68 8D 7B 55 9F 12 37 65 3A 44 BB 73 46 8B FD 87 51 7D 11 1C 73 8B 16 ED BD
15 E4 4A B2 12 64 E6 7F 3C 3C A2 D5 47 7D B8 8B B0 2A C3 53 54 73 AE 90 39 2B 76 74 02 BF 44 56 9D C2 0F 65 9F E1 7E 6F 1B F6 64 4E A5 6D 80 B0 C2 14 26 81 5F E5 3B 90 BB 92 ED 5D
D9 6C 28 44 F7 67 2A CC 72 77 F4 A1 21 A5 B4 CE 40 22 E8 FD 88 81 6C 7A FF 1C 6D 14 01 0A A0 A5 A3 B7 B6 FF F0 3B 28 D2 0D 0B 1F 08 7D 15 92 BE 7C 8C B5 CA A7 44 54 67 38 98 00 00