Extracting a 3DES key from an IBM 4758
Part 8: Do It Yourself !
We have bundled up the various parts of our cracking system if you'd like to have a go yourself! You will need to purchase an Altera Excalibur NIOS Evaluation Board ($995). Then download http://www.cl.cam.ac.uk/~rnc1/descrack/cracker.zip
The files are:
Compile these files. We used Exemplar Logic's LeonardoSpectrum v20001 for this. Ensure you enable pass 3 optimisation (this comes out best) and DISABLE automatic creation of ROMs and RAMs (otherwise the SBOXs are turned into RAMs and the design will not fit into the chip!).
You will need your own NIOS processor (sorry, but we cannot place the Verilog for this on the web). You get all the files required with the $995 Excalibur kit. You should create the NIOS processor as follows:
You should now take the ".edf" file output by Leonardo and the NIOS files and combine them together using:
We used Altera Quartus II v1.1 for this. It yielded a design with 8303 out of 8320 LUTs in use ! So, don't be tempted to add much to what we've provided.
You should then download the design into the evaluation board. To shortcut all of the above, the ZIP file also contains the ".sof" file that needs to be downloaded.
Next step is compile the program to be run by the NIOS processor. We've provided the C source for this, and the evaluation board comes with a suitable version of GNU C that is targetted on the NIOS.
Having compiled this program then load it into the NIOS (with nios-run).
The next component is the communications program that you run on your PC to talk to the NIOS program over a serial link. We've supplied not only the source for this but also the files needed to compile it with Microsoft's Visual C++ system.
The final component is the program to be run on the IBM 4758. The source for this is also provided. Compile it as a WIN32 console application with Visual C++. You will need csunincl.h and csunsapi.lib, IBM's library for the CCA API.
If you're still waiting to get access to a real IBM 4758 then you can use these two sets of encrypted results that we used.
Have fun! and do let us know (perhaps a postcard from your hideaway on Bermuda?) how you got on.