From frank@funcom.com Thu, 28 Oct 1999 12:57:37 +0200 (CEST)
Date: Thu, 28 Oct 1999 12:57:37 +0200 (CEST)
From: Frank Andrew Stevenson frank@funcom.com
Subject: [Livid-dev] Working PlayerKey cracker

In response to feedback from yesterdays post I have now refined
my attack in the following ways:

The CSSdecrypt key can now be recoverd with only 5 bytes of
known output. Sometimes multiple keys will be found to a
single output, due to colissions in the mixing stage. But
this is not a problem when recovering KEKs ( Key encryption
Keys ), as all keys found will be equivalent / interchangable.

There has been some debate around the 'hash function'. I choose
to view it as a very simple encryption function. With 5 byte
input, 5 byte output and 5 byte key. When searching for a
player key, the input / output is known. The cipher can then be
attacked with a complexity of 2^8. Code for the key recovery
is given below. This cipher has many colissions, and some
input outup pairs have no keys, while others have multiple.
The latter is a concern when searching for Player keys, as
they have to be eliminted by checking agains other discs.

I have attached a program that works as follows:

hippopotamus:~/tmp> time ./keyrec 22 e1 67 83 72 0f c1 7a 96 98
Recovering Key
Possible mangling key: af c9 07 42 1f
  Possible Player key 51 67 67 c5 e0
  Possible Player key 69 d2 e3 92 ae
5.000u 0.010s 0:05.44 92.0%     0+0k 0+0io 87pf+0w

Here 2 equivalent player keys are recovered from the
input:  22 e1 67 83 72   - Disc key
output: 0f c1 7a 96 98   - intermediate key, common for all player keys

The process takes 5.5 seconds on a PPro200, somewhat slower
now that only 5 bytes are known in the keystream. 

If this works, as I hope it will, I will leave it as an exersice
to the reader to recover all player keys :-)

  frank


-------------- This is how to recover the 'hashing key' --------

[Code Removed]

----------- The following is the complete sourec for  ------
---------------- player key cracker ------------------------ 

[Compressed File Removed]


This sentence is unique in this respect; it can safely
be attributed to my employer, Funcom Oslo AS.
E3D2BCADBEF8C82F A5891D2B6730EA1B PGPmail preferred, finger for key
There is no place like N59 50.558' E010 50.870'. (WGS84)