Lynx Encryption sources

[Curt Vendel]

Just making sure if these weren't already available, here ya go....

 

 

 

Lynx_Encrypt.zip

 

 

Curt

[+Mitch]

Hey cool, maybe someone can port it to the PC now. Or is there one already that I missed?

 

Mitch

[Curt Vendel]

I dunno,

 

I'm not very active in Lynx dealings, but I'll be posting a lot more Lynx files and technical data shortly.

 

 

Curt

 

 

Hey cool, maybe someone can port it to the PC now. Or is there one already that I missed?

 

Mitch

[+karri]

Hey cool, maybe someone can port it to the PC now. Or is there one already that I missed?

 

Mitch

 

The Lynx decryption process at boot time is well understood and Harry has converted it to C-code. I have a Handy version that allows you to run the decryption in C and you can then start single-stepping from the cart loader.

 

But the encryption process seems to need an emulated Amiga. It would be nice to include the encryption in the build process of the cc65 linker to get real Atari-signed carts

 

--

Karri

[+karri]

I tried to compile the encryption process on a PC. But there are a few bits missing still. Obviously the modulo is the public key also found in the Lynx ROM.

 

The length of the key MAX_m is 51 bytes.

 

static unsigned char N[MAX_m] = {

0x35, 0xB5, 0xA3, 0x94, 0x28, 0x06, 0xD8, 0xA2,

0x26, 0x95, 0xD7, 0x71, 0xB2, 0x3C, 0xFD, 0x56,

0x1C, 0x4A, 0x19, 0xB6, 0xA3, 0xB0, 0x26, 0x00,

0x36, 0x5A, 0x30, 0x6E, 0x3C, 0x4D, 0x63, 0x38,

0x1B, 0xD4, 0x1C, 0x13, 0x64, 0x89, 0x36, 0x4C,

0xF2, 0xBA, 0x2A, 0x58, 0xF4, 0xFE, 0xE1, 0xFD,

0xAC, 0x7E, 0x79

};

 

I also found a file called INPUT that looks almost as it would contain the values MAX_m, B, C (3 bytes missing).

And a file MODULUS that contains N.

 

The decryption process seems to operate in 51 byte blocks.

 

Reading in the INPUT file I will then get:

 

static unsigned char B[MAX_m] = {

0x00, 0x00, 0x35, 0xb9, 0xa9, 0x70, 0xdf, 0xac,

0x51, 0x73, 0x69, 0x20, 0x73, 0x69, 0x68, 0x54,

0x20, 0x2e, 0x74, 0x73, 0x65, 0x74, 0x20, 0x61,

0x20, 0x73, 0x69, 0x20, 0x73, 0x69, 0x68, 0x54,

0x0b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00

};

 

static unsigned char C[MAX_m] = {

0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,

0x00, 0x00, 0x00, 0x00, 0x00, 0x67, 0x7d, 0x00,

0xae, 0xae, 0x9c, 0x0a, 0x4b, 0x75, 0xa1, 0x44,

0xc4, 0x5e, 0xe0, 0xba, 0x34, 0x20, 0x90, 0xb9,

0x72, 0x6c, 0xed, 0x2b, 0x82, 0x74, 0xda, 0xb1,

0x99, 0xb6, 0xbe, 0x9e, 0xd0, 0x39, 0x8f, 0x1b,

// 3 bytes missing ?

};

 

According to the docs A = B ** C mod N.

 

I thought that I only would need the value C to encrypt a message B. And the Lynx would have a value D for doing the decryption like B = A ** D mod N.

 

Usually the value D is fixed to something simple like 0x10001 while the private key C is large.

 

Or am I missing something again? As usual...

 

Well, I will try to compare my Lynx C-decryption routines with the published encryption routines to find out the value of D. Then finding out the missing bits of C should be possible be examining the Amiga process.

 

--

Karri

[semicolo]

How could we use this code without breaking the copyrights ? The first line of the files states RSA Data Security holds the rights.

[+karri]

How could we use this code without breaking the copyrights ? The first line of the files states RSA Data Security holds the rights.

 

Good question. On the other hand every SSL web browser uses this algorithm also. And the same is true on every credit card. So there is plenty to choose from.

 

--

Karri

[+karri]

I got some more information about the encryption process and the code in Curt's files don't contain enough info for doing the encryption. It is enough for decryption though.

 

The public key is

 

static unsigned char N[MAX_m] = {

0x35, 0xB5, 0xA3, 0x94, 0x28, 0x06, 0xD8, 0xA2,

0x26, 0x95, 0xD7, 0x71, 0xB2, 0x3C, 0xFD, 0x56,

0x1C, 0x4A, 0x19, 0xB6, 0xA3, 0xB0, 0x26, 0x00,

0x36, 0x5A, 0x30, 0x6E, 0x3C, 0x4D, 0x63, 0x38,

0x1B, 0xD4, 0x1C, 0x13, 0x64, 0x89, 0x36, 0x4C,

0xF2, 0xBA, 0x2A, 0x58, 0xF4, 0xFE, 0xE1, 0xFD,

0xAC, 0x7E, 0x79

};

 

as I stated earlier in this thread and the exponent for decryption is 3. But cracking a 408 bit RSA key is almost impossible. Even a 128 bit key should take a few lifetimes to crack. So the info to find the encryption key is not in this archive.

 

PLAINTEXT = (ENCRYPTED ^ 3) % PUBLIC_KEY

 

Wanted info is X, which Atari (or at least the Amiga encryption process) knows and we should find out. It is a 408 bit positive number:

 

ENCRYPTED = (PLAINTEXT ^ X) % PUBLIC_KEY

 

--

Karri

[Nimtene]

These disks should provide some insight into the matter:

Ebay: JS Atari Lynx Authentic Encryption System Disks

[+karri]

These disks should provide some insight into the matter:

Ebay: JS Atari Lynx Authentic Encryption System Disks

 

Thanks for the link. Actually I have been working on these sources posted by Curt and they do not provide the correct decryption out of the box.

 

Fortunately Harry decided to help me and his sources written from scratch by analysing the inner workings of the Lynx do the decryption correctly.

 

I don't know the exact reason why there are 3 RSA disks instead of a single private key. My guess is that the authors were supersensitive for the private key to leak out. Therefore they encrypted the private key with another RSA key. In this way the private key was never anywhere except in RAM during the encryption process. That would explain the reason for 3 disks. I disk for the encrypted private key, one for the modulus (public key) and one for the exponent.

 

Does anybody know if my guesses are correct?

 

--

Karri

[frenchcat]

How does the handy emulator works ?

 

i don't really know the utility of these decryption ?

 

We can emulate the system, and it seems you are able to use homebrew on a homemade cart, but why do we need decryption ?

 

(sorry for this newbie question!)

Edited May 22, 2007 by frenchcat

[semicolo]

The games are encrypted and the decryption algorithm is in the lynx's bios, that's why it's needed for the emulator to play games.

Homebrews need to be encrypted too, or else you'll get the "insert game" message.

[Marco!]

Here's some info & files as well as well:

 

http://www.cgexpo.com/encrypt/lynx.htm

 

Harry Dodgson's walkthru page is linked to in the above link, but here it is just in case the above goes down

 

http://www.provide.net/~hdodgson/encrypt.html