Name that Ware, June 2022

The Ware for June 2022 is shown below.

Thanks to an anonymous benefactor for donating a few of these for this months’ Ware. The board itself is a bit sparse, but, there are some hefty clues regardless. I think there’s a good chance someone will guess it from this image alone. However, I’ve got a few other images in my back pocket in case it turns out to be too hard to guess. Either way, I’ll add them to this post once some guesses are in!

Because the board is so sparse, I thought maybe it would be fun to also dump the contents of the one chip that is on it. Not that it gives any particularly useful hint about what it does, but because it was fairly easy to do; just an SOIC test clip and a Raspberry Pi does the trick:

sudo i2cdump 1 0x50
I will probe file /dev/i2c-1, address 0x50, mode byte
(sample 1)
     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f    0123456789abcdef
00: 00 00 94 4f 00 9e eb 2e c6 0d 12 bf ee 5b 49 2f    ..?O.??.?????[I/
10: 2e 9d 1e 34 f6 30 dd 1a 05 19 df 35 ab 74 df 75    .??4?0?????5?t?u
20: 06 bc 3d e4 f5 fe 7f 2d e6 8b 5b a2 0f 83 6b b5    ??=????-??[???k?
30: 04 7a 3a ae 68 96 5f f8 55 8a ce 3c 91 be 5b c3    ?z:?h?_?U??<??[?
40: e1 07 00 00 00 00 2e 00 0a 19 08 c9 d9 83 50 10    ??......??????P?
50: 13 20 a3 82 01 30 80 9a fd 92 06 3a 06 31 36 35    ? ???0?????:?165
60: 39 34 4a 12 11 9a 01 0e 08 02 15 00 80 88 c5 20    94J????????.???
70: 01 2d 00 00 c8 c3 00 00 00 00 00 00 00 00 00 00    ?-..??..........
80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
****
f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................

(sample 2)
     0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f    0123456789abcdef
00: 00 00 1c 44 fc 2b 6d 07 02 55 9a fe 0d ed 91 98    ..?D?+m??U??????
10: ab 6b 94 51 db bd 2f cb 93 cc e3 b8 e1 17 14 85    ?k?Q??/?????????
20: 9b 5e 0d fd 6b 18 c2 da 67 a6 73 98 99 cb f4 40    ?^??k???g?s????@
30: 3e ab 40 b4 48 eb aa c2 94 94 49 29 12 93 da 3e    >?@?H?????I)???>
40: f0 08 00 00 00 00 2e 00 0a 19 08 95 e2 83 50 10    ??......??????P?
50: 13 20 a3 82 01 30 80 9a fd 92 06 3a 06 31 36 35    ? ???0?????:?165
60: 39 34 4a 12 11 9a 01 0e 08 02 15 00 80 88 c5 20    94J????????.???
70: 01 2d 00 00 c8 c3 00 00 00 00 00 00 00 00 00 00    ?-..??..........
80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................
****
f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00    ................

It’s always instructive to dump a couple of samples. Without doing any numerical analysis, eyeballing the two dumps side-by-side makes me think whatever drives this is little-endian (given the formatting of some constants in address 0x40 and above), and the data from 0x04-0x40 is probably cryptographic in nature; assuming the implementation didn’t roll their own cipher, it’s probably either an AEAD, or an HMAC. I say this because the first 2-4 bytes from 0x00-0x04 are likely not ciphertext. However, the block size of AES is 16 bytes, so, it’s not any simple block-based encryption scheme, due to the odd 12 bytes or so that are present. However, the format could make sense if 12 bytes served as the nonce for AES-GCM-SIV, and then maybe the last 16 bytes are the authentication tag; that would yield 32 bytes of encrypted, authenticated data, which would be enough for…

…I’ll stop talking there, before I totally give it away!

Leave a Reply

Your email address will not be published.