Cprm Sd Card Crack

I am trying to copy-protect some work, which is a bootable SD card booting a Linux kernel on ARM device (Raspberry Pi). I am using this approach:

May 22, 2013 - The CID of an SD card is only supposed to be read-only, but it's not. Protection is already included in the SD card specification as CPRM. Feb 16, 2010 - But somehow what's cheap in the market is SD cards with CPRM built-in. Article On MicroSD Problems) shows that the crack ran through the.

  1. The approach uses an initrd to mount an encrypted root filesystem.
  2. The initrd generates the filesystems' password according to the CID of the SD card. (a hash function is used, did not decide yet over md5 or sha1). Initrd will try to mount the filesystem using that generated password.
  3. Now here is the most interesting/suspect part: The initrd itself is encrypted using a custom C function, basically each byte is XOR'ed using a custom made pseudo random generator.Kernel is modified to have the same encrypting function, which works as decryptor.
  4. The system itself is stripped down so there is no way to use a keyboard or external storage. A single app runs full-screen.

So after the bootloader loads kernel and initrd, the kernel decrypts the initrd and executes its init script, which will generate the password and mount the root filesystem.

My question is: How easy it would be to break this setup (to decrypt the root filesystem and make it boot from any SD card)? What are the most weakest parts? How easy is to decompile the kernel and find those custom encrypting functions?

EDIT: Here are some corrections so you don't waste time with the obvious things:

  1. The root device will be encrypted with LUKS (aes256) and the key will be generated by some HMAC function using SD card's CID and some salt.
  2. The pseudo random algorithm for initramfs encrypting will be in fact RC4, just the key will be generated using some custom function, because if I just store the key in a byte array it makes it dead simple to retrieve it (yeah this is security through obscurity but there seem no other way).
  3. I understand that if using a SD card emulator someone can make a copy of this system start but this is OK with me, because its pretty difficult and not anyone can do this.(also not anyone will want to deal with emulators)
dimovnikedimovnike

closed as too localized by Keltari, David Schwartz, Journeyman Geek, Ƭᴇcʜιᴇ007, Tanner FaulknerMay 28 '13 at 18:03

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center. If this question can be reworded to fit the rules in the help center, please edit the question.

2 Answers

How easy it would be to break this setup (to decrypt the root filesystem and make it boot from any sd card)?

How hard it is to 'break' your setup depends on the number of bits of entropy in whatever method you're using to sign/encrypt the filesystem itself (as this determines the total number of unique combinations that can be used to brute-force the password).

What are the most weakest parts?

Without a doubt, using a predefined CID as a password, as well as using a custom pseudo-random number generation function.

The CID of an SD card is only supposed to be read-only, but it's not uncommon to find non-compliant flash memory devices in this day and age. Some people have even demonstrated the ability to overwrite the CID with certain SD cards. This would make it easier to brute-force the password, especially if one is just emulating an SD card after cloning yours (which is something else you might want to consider).

Finally, using any kind of pseudo-random number generator already has some intrinsic flaws, precisely because it's not random - there is a reason it's called pseudo-random. Cara mempercepat download file besar di uc browser. It might be better to use a pre-made encrypted bootloader (like TrueCrypt or LUKS, which both work on the Raspberry Pi) and avoid having to make any manual kernel modifications.

How easy is to decompile the kernel and find those custom encrypting functions?

It's very difficult to decompile anything. Conversely, de-assembly of a compiled application is often trivial, and there are many tools which can be used to assist with reverse engineering assembly back into another higher-level language. If an attacker has access even to a compiled kernel, analyzing something like a pseudo-random number generator is probably trivial unless the code is obfuscated on purpose.

TL,DR: Don't re-invent the wheel when it comes to encryption and security, stick with the tried and true. There are several full-disk encryption options that are already available and have been demonstrated to work just fine on the Raspberry Pi. I would avoid using the CID of the SD card as a kind of 'password' - even if it cannot be changed, there are ways to spoof this value.

Copy protection is already included in the SD card specification as CPRM.

BreakthroughBreakthrough

Someone skilled wouldn't have much trouble cracking this. It'd be relatively easy to boot the SD card under an emulator, and then just read the keys out of RAM. Then they post a version without the copy protection to the Pirate Bay (etc.), and that's that.

Alternatively, use the emulator to inject shellcode into the running emulated system. Then use the running system to copy the decrypted rootfs off (or read the keys using dmsetup table --showkeys, etc.)

A quick search turns up the existence of Raspberry Pi emulators, so part of the work has already been done.

You've got another problem, in particular this:

Kernel is modified to have the same encrypting function, which works as decryptor.

Anyone you distribute this to is entitled to the kernel source code, under the terms of the GPL. So you wouldn't need to disassemble it, you could just use diff to find the extra function.

(Not that finding it through disassembly would be that hard, as you can e.g., check vs. a stock kernel)

I'm not completely familiar with the Raspberry Pi boot code, but if you can reflash the bootloader with an embedded crypto key (that is then passed to the kernel), that'd at least not be on the SD card, so it'd foil an attempt to get it to boot in an emulator.

derobertderobert
Crack

Not the answer you're looking for? Browse other questions tagged linuxencryptionsd-cardinitrd or ask your own question.

Sd Card Wikipedia

EmailFacebookWhatsappPinterestTwitter

Sd Card Reader

I have a MicroSD card of Kingston make. It has cracked crosswise, but you can hardly recognize the crack in it.

When I tried to connect through mobile connecter, even in laptop it’s not connecting. By inserting into the Samsung mobile, the mobile itself is getting hot and I don’t know why.

Please help me to recover the data on it. It’s very important and personal memories of mine. And since they are very personal, I can’t give it to third party also. Please help me, please!

  1. Don't be panic. you can try some data recovery software. You can see
    http://www.asoftech.com/adr/
    It tells the steps how to perform data recovery.

    If above does not work, you may have to format the memory card (use quick format), and then use above mentioned software to scan again the memory card and recover your files.

  2. The samsung mobile is heating up because the memory card crack is creating a loop circuit and is draining your battery fast. I recommend you use a card reader when connecting your sd card to the computer. and DO NOT put the card in your phone

  3. You might be able to find the content by using recovery program on your computer. Saying that, every time you use the card you might destroy it more so if it is important content use a recovery company. It is expensive but so might your content be.

    For your next smartphone card - make sure you have backup

  4. Ask a data recovery company other wise impossible..

  5. even in laptop it鈥檚 not connecting, you mean your sd card can't identified by computer, then you can't recover the data by yourself, ask a data recovery company help you,no need to say,. you have to pay for it.

  6. Hi, if you hardly connect the SD card with the computer, I'm afraid you will lost the data. If you would like, you can try the third-party software like Power Data Recovery and Recuva. If those software do not work, you have to take it to the data recover service or your will lost it.

  7. As I know you can use a partition data recovery software to deal with that.
    and then I have googled for you and here is the article can help you.
    http://www.goshareware.com/resource/recover-deleted-files-from-sd-card.html

  8. If things are getting hot is suggests a short-circuit. In that case the only solution would be to dismantle the card to see if that can be fixed but the components are tiny and it will be a serious challenge best left to experts - expensive.

    Your choices are:
    1: Spend a lot getting expert help (no gurarantee of success).
    2: Write it off to experience and take backups in future.
    3: Take it to bits, use a magnifying glass, fine tweezers and extreme care, hope for the best. See if you might just be able to salvage something. You'll need to be able to plug the disassembled but hopefully fixed card into something without disturbing any repairs you have effected.. If option 1 is no good then this is very slightly better than option 2 but frankly I think it sounds like a lost cause.

    • I will go for your option but I am afraid it's like you said: a lost cause. The way he describe the problem make me think that the card is broken for real and it's not a software tool that can help here.

      • hardware problems needs hardware solutions:)

  9. if it has valuable files then you have to seek company help but will cost

    • without technical help you can't recover data through any professional software because you sd card can' t access through your system so

      if your SD card access by system then you recover through any third party data recover software.

      So, Please see this post http://computerrecovery.multiply.com/journal

      • you are quite right