Search results for query: *

he try to said, you know nothing about this ca system and the basics

you did not understand the secret of dh...

Before asking any further questions, please study Diffie-Hellman and RSA.

yes, your team is right you can verify the result by using it on rsa example. result of the expand function is p and q. with p and q and 65537 as public exponent, you can calculate private exponent and modulo. look, that's simple math

I think you have not really understood the synchronous merlin protocol.. I can init my HD02 with this example authentication data for cmd 0E, in generic mode: [10D63AF1] [00] [6B4CA736] [3411] [9D7E..114C] [A0A1A2A3] [00080000] If DT05 requenst not include record 20_74, the card not support...

and you have realy replace the mod block with [9D7E..114C] generic mod

i can find cmd 0e unique pairing example.

try this cmd 0E example

great, first fix this step an your init will work up to cmd 0E

can you init up to cmd 0E?

you can set A0A1A2A3 for nuid an 00800000 for optctrl

no, you have the right syntax. try to decrypt season log offline up to authentication process and you will unterstand the transport layer protocol.

why? cmd 0E allow generic and unique

if (1222EDB8 right crc32) and (00000B02 right sequence id) then yes BBBBUUUUTTTTT, this rom version not accept cmd 02 ;), only cmd 0E

CMD LEN 7B indicate for cmd 02 not cmd 0E Same authentication init with cmd 02 <rand32> + [00] + <camid> + [3411] + [9D7E..114C]

Try this cmd0E payload <rand32> + [00] + <camid> + [3411] + [9D7E..114C] + <nuid> + <otpctrl>

Now need cwpk-nuid-keyset for real life testing ;)

and describe the dump a valid ubi image, then a compression is inside

you have not done wrong, but please note the endian format of the soc

first swap your nand dump (32bit). context start with ubi magic