Man in the middle attack

[para]

Hi,
yet another approach...

What about having something like a mod chip (in this case a microcontroller) which is plugged between the HDD and the IDE interface of the PB. If hdparm requests the drive's information like ID, serial no. etc. it just intercepts that transfer and returns a pre-defined (programmable) value. Voila!

Para

[judb]

I think an IDE analyzer might get us all the info we need to figure it out which is a lot like a man in the middle attack.. only we shouldnt have to mod the box to do it.. just crack the protection scheme by getting at the private key somehow (if its stored on the drive we can get it.)

[judb]

Although I think the private key would be more likley placed in the boot5.pac or someplace that like that, loaded into flash memory and used during start up.

thats still not impossible to get at.. we just need someone whos good at removing surface mount chips and getting them into a chip reader so we can grab the decrypted boot flash.

[para]

The assumption for this has been that there's no way of getting the private key. That would mean to let the DMS lock as it is but fool the system with faked data... Of course this is only meant as a last resort but if someone in here has some capabilities in that field of exertise why not explore it...

Para

[judb]

after last night I THINK we might be able to download the flash without taking chips off the board...