Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Possible Attack
- Prep:
- -replace existing useless function to logcat the entire tsecmiscregion
- -call function before/after every tsecmodule call with tsecmiscptr to log whats going on
- -complete several verifications
- Attack:
- -do challenge request and server response normally passing it through the challenger tsec
- -complete device auth normally and respond with prior legit session key and secret
- -after the server responds with nonce and the "wrong" random key, spool back a prior legit session to RandState, ProtocolState and adjust stateSignature and randSignature
- -client will act deterministic again. google fake key isnt used for anything so w/e
Add Comment
Please, Sign In to add comment