printer_cartridge
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
printer_cartridge [2017/09/14 08:51] – [identifying cartridge chip] add link kingkevin | printer_cartridge [2019/04/15 06:12] – [identifying cartridge chip] update link kingkevin | ||
---|---|---|---|
Line 38: | Line 38: | ||
To identify the chip I proceeded the following way: | To identify the chip I proceeded the following way: | ||
- the top marking "33 1004 620B1" didn't yeld any match | - the top marking "33 1004 620B1" didn't yeld any match | ||
- | - the board has only two pads, one for ground and one for power and thus. thus it is probable | + | - the board has only two pads, one for ground and one for power and data. Thus they might use the 1-Wire protocol |
- the package (TSOC-6) and pinout (pin 1: ground, pin 2: power+data) match the one of 1-Wire devices | - the package (TSOC-6) and pinout (pin 1: ground, pin 2: power+data) match the one of 1-Wire devices | ||
- | - the communication between the printer and chip matches the 1-Wire protocol | + | - the communication between the printer and chip matches the 1-Wire protocol |
- the family code (last byte of the ROM ID) " | - the family code (last byte of the ROM ID) " | ||
- the function commands present in the trace (0x0f, 0xaa, 0xa5) [[http:// | - the function commands present in the trace (0x0f, 0xaa, 0xa5) [[http:// | ||
- | - the [[https:// | + | - the [[https:// |
- | - based on this datasheet I implemented a DS2432 decoder for sigrok, and the capture matches (no bytes missing or exceeded, and the command | + | - based on this datasheet I implemented a DS2432 |
- | - even the used SHA-1 hash implementation used for authentication matches (I re-implemented and test it with key material I found later) | + | - even the used SHA-1 hash implementation used for authentication matches (I re-implemented and tested |
Thus this chip is a DS2432, either re-branded or cloned. | Thus this chip is a DS2432, either re-branded or cloned. | ||
[[https:// | [[https:// | ||
+ | |||
+ | ==== implementing DS2432 ==== | ||
+ | |||
+ | I re-implemented the DS2432 based on the datasheet using a [[https:// | ||
+ | The source code is available in [[https:// | ||
+ | |||
+ | The chip usage seems to be secure since it does verify the Message Authentication Code (MAC) and reports errors if it does not match. | ||
+ | There are still a couple of possible attacks though (untested): | ||
+ | * use a replay attack based on data from a non-empty cartridge chip. The printer used random challenges (not always) but there a just 3 bytes of challenge, thus you just need to store 2^24 possibilities of 20-bytes MACs = 336 MB of data, for the page containing the toner level, or 1.34 GB for all for memory pages. The DS28E01-100 alternative offers 5 bytes of challenge to counter this attack | ||
+ | * since the printer tries 4 times reading out the authenticated page using the same challenge there is plenty of time to forward the request and use an original chip as oracle | ||
+ | * the print is done before updating the toner level, thus you could completely ignore the corresponding write commands | ||
+ | * even if you use an original chip a oracle, the write success is not authenticated, | ||
+ | * the printer starts by reading memory page 1 without authentication. Maybe there is some field in there allowing to switch to god mode (e.g. developer mode), which does not require authentication | ||
+ | |||
+ | {{ : | ||
+ | But in the end I decided to try finding the secret stored in the chip. | ||
+ | It could not be read out using the 1-Wire read memory command though. | ||
+ | |||
+ | I also found a counterfeit chip for this cartridge. | ||
+ | They also re-implemented the DS2432, but on a PIF12F683. | ||
+ | There too I could not read out using the 1-Wire read memory command. | ||
+ | But the PIC had no read protection enabled, allowing me to dump flash and EEPROM using a PICkit 2. | ||
+ | The EEPROM contained all the memory otherwise read through 1-Wire, including the secret, but this time in clear. | ||
+ | |||
+ | Re-using this key allowed me to pass authentication successfully. | ||
+ | I was now able to change the memory content at will, and found a field in page 2 which did not trigger the "toner low" warning. | ||
+ | |||
+ | It also turns out that the secret is bound to the ROM ID. | ||
+ | Changing the ROM ID causes the authentication to fail. | ||
+ | This prevents an attacker to dump the secret from one cartridge and simply copy it into another DS2432. | ||
+ | This is also the reasons why the counterfeit chip uses a micro-controller, | ||
+ | But this also means that the main printer CPU has to generate the secret based on the ROM ID. | ||
+ | If this algorithm gets reversed (e.g. by dumping the firmware), you could generate the secret for any DS2432. | ||
+ | |||
+ | The next step would be to dump the secret from the original cartridge chip. | ||
+ | This is doable with a bit of efforts. | ||
+ | To be continued ... |
printer_cartridge.txt · Last modified: 2024/01/07 17:49 by 127.0.0.1