关于Altera和Xilinx官方IP源码RSA加密秘钥的破解
Altera和Xilinx都用了RSA非对称加密解密算法来加密IP的分发与其他软件无缝对接。
Altera源码针对不同公司用目录来区分,比如Mentor:
`pragma protect begin_protected
`pragma protect version = 1
`pragma protect encrypt_agent = "Model Technology", encrypt_agent_info = "10.4d"
`pragma protect author = "Altera"
`pragma protect data_method = "aes128-cbc"
`pragma protect key_keyowner = "MTI" , key_keyname = "MGC-DVT-MTI" , key_method = "rsa"
`pragma protect encoding = (enctype = "base64", line_length = 64, bytes = 128), key_block
RZALzRRkVpvobOCBkKlxEB/RXl4ZmxGR/w/ZOrszl9V87VGWf61iM7P5FJXKTvcb
D7eZLPKj0qIxtnp1W1D6eF12sBGha+2PuiIezLuBvUQgD456lqk/i1AtQ71wHm+w
wadEptylj+8wqnmQehn+mjHZqSVnC/cycDZ/qNq8uJg=
其加密的RSA key名字为MGC-DVI-MTI, 这个KEY 在论坛里有下载,大家可以自己搜索论坛下载其PRIVATE KEY 来解密IP
ALTERA还用了SNPS-VCS-RSA-1,ALDEC15_001两个RSA KEY, 以及Cadence CDS_KEY RC5 key来加密,其中SNPS-VCS-RSA-1也
用在了Xilinx低版本ip加密中
Xilinx 主要用了cds_rsa_key, MGC-VERIF-SIM-RSA-1,SNPS-VCS-RSA-1, ALDEC15_001,ATR-SG-2015-RSA-3以及xilinx自己的xilinxt_201x_0x RSA key,
高版本则用了 cds_rsa_key, MGC-VERIF-SIM-RSA-2,SNPS-VCS-RSA-2,xilinxt_2017_05,这里cds_rsa_key, SNPS-VCS-RSA-2,MGC-VELOCE-RSA为低位数
RSA加密KEY, 在公钥基础上很容易破解出私钥,有了私钥,加密IP源代码只需要OPENSSL工具或者一段PYTHON程序
自己编写过一段LINUX下的SHELL程序验证了ALTERA IP(直道最新的QURTUS19.1)都可以转化成源码,XILINX用SNPS-VCS-RSA-1也成功解密VIVADO 2016.2以下IP源码。
这里解密IP的关键是找到私钥,这个私钥在主流仿真软件的文件流处理连接库中肯定都有,喜欢破解的同学可以尝试寻找。
另外一个方法就是通过各个公司公布的公钥来反向破解私钥。对于cds_rsa_key, SNPS-VCS-RSA-2,MGC-VELOCE-RSA这三公钥,很容易暴力破解得到私钥。
厉害,在此拜读
厉害了,
提示:
Xilinx 2018.3 用cds_rsa_key 私钥来解密源码, cds_rsa_key非常好找到
Quartus 18.1, 19.Pro 用 MGC-DVT-MTI 来解密源码,MGC-DVT-MTI论坛里就有
`timescale 1fs/1fs
(* DowngradeIPIdentifiedWarnings="yes" *)
// Check for a core license
(* check_license = "x_eth_mac@2018.11" *)
// xlpp license_switch x_eth_mac@2018.11 begin
// xlpp simulation_license begin
// // simulation_license found
(* secure_bitstream = "prohibit" *)
(* secure_config = "protect" *)
(* secure_netlist = "encrypt" *)
(* secure_extras = "A" *)
(* secure_net_editing = "prohibit" *)
// xlpp simulation_license end
//xlpp eval_license begin
// // eval_license found
//(* secure_bitstream = "off" *)
//(* secure_config = "protect" *)
//(* secure_netlist = "encrypt" *)
//(* secure_extras = "A" *)
//(* secure_net_editing = "prohibit" *)
//xlpp eval_license end
// xlpp bought_license begin
// // bought_license found
//(* secure_bitstream = "off" *)
//(* secure_config = "protect" *)
//(* secure_netlist = "encrypt" *)
//(* secure_extras = "A" *)
//(* secure_net_editing = "off" *)
// xlpp bought_license end
// xlpp license_switch end
module xxv_ethernet_v2_5_0_mac_hsec_cores #(
parameter SERDES_WIDTH = 64,
parameter TIMESTAMP_WIDTH = 80
)(
xilinx 的hdl 源码中包含了 ip license 及版本需求信息,这是xxv_ethernet_v2_5_vl_rfs.v文件一小部分内容
cds_rsa_key 能share一下吗,谢谢
你好,可以私聊吗?我的qq是1518235386
Hi.
Would anyone have the private keys "cds_rsa_key", "SNPS-VCS-RSA-2", "ALDEC15_001", "MGC-VELOCE-RSA", "MGC-VERIF-SIM-RSA-2" and would like to share with me?
Hi.
Would anyone have the private keys "cds_rsa_key", "SNPS-VCS-RSA-2", "ALDEC15_001", "MGC-VELOCE-RSA", "MGC-VERIF-SIM-RSA-2" and would like to share with me?
大神可否指点一下cds_rsa_key的渠道
没找到啊