03-13-2018, 01:47 AM
I'm gone for less than a year and you guys have already added 5 more pages!
Let's recap.
* I am easily distracted.
* AT&T firmwares were ridden with holes and backdoors (even I, not a security researcher in any way, found two different holes, which is how I managed to collect enough passwords to work out algorithms for the 589 and the 599 in the first place.) I had even submitted one CVE report (CVE-2017-10793) but was not sure what to do with it afterwards.
* About two months later, a real security researcher blew the whistle on this and found both of my holes and several others, which evidently led to some outcry and AT&T promptly got the most glaring holes patched. See https://www.nomotion.net/blog/sharknatto/.
* It does not look like AT&T got wise to the fact that we know how they do passwords (or did they?)
* I gave up before figuring out the remaining rounding-error effects in the 589 and the 599, which is why algorithms only work most of the time.
* I did not work out the 5268 algo at all, but I see that some guy on Hashkiller managed to crack a couple of them. No one seems to know how exactly he did it.
Am I missing anything?
Let's recap.
* I am easily distracted.
* AT&T firmwares were ridden with holes and backdoors (even I, not a security researcher in any way, found two different holes, which is how I managed to collect enough passwords to work out algorithms for the 589 and the 599 in the first place.) I had even submitted one CVE report (CVE-2017-10793) but was not sure what to do with it afterwards.
* About two months later, a real security researcher blew the whistle on this and found both of my holes and several others, which evidently led to some outcry and AT&T promptly got the most glaring holes patched. See https://www.nomotion.net/blog/sharknatto/.
* It does not look like AT&T got wise to the fact that we know how they do passwords (or did they?)
* I gave up before figuring out the remaining rounding-error effects in the 589 and the 599, which is why algorithms only work most of the time.
* I did not work out the 5268 algo at all, but I see that some guy on Hashkiller managed to crack a couple of them. No one seems to know how exactly he did it.
Am I missing anything?