|
KOKO PASSWORD RECOVERY TOOL - KEELOQ BRUTEFORCER 
Written in pure assembler, size of compiled code is less than 5kb. This is a password brute force utility for a key log files readed from an specialized keyboards. Cryptographic algorithm used in such keyboards is a modification of KEELOQ - NLFSR based block cipher. Encryption algorithm is based on rotations, substitutions and bitwise exclusive OR operations. It have 64-bit key size, 32-bit block size and the number of rounds is 528. Length of password which used for transformation in to 64-bit secret key is up to 16 chars long so maximum number of combinations is 2^64 but realization of this cipher may allow to shorten this number at least two times. Optimized algorithm of KEELOQ decryption subroutine used in this utility have only 18 processor instructions per round. Average speed of brute-force process is about 290000 passwords (secret keys) per second on Intel Pentium Mobile Processor 1.8 GHz. Current version of KeeLoq brute force utility have ability to use mask for password (secret key) value, for example if you know some chars of password you can enter initial password value as "0123????89AB??EF" - there "?" are unknown chars of password. If you know half of secret key (i.e. 8 chars, 32-bit) - you can find other part of secret key in 4 hours maximum on ordinary IBM PC compatible with a P4 CPU. Conclusion: successfully brute force attack on this realization of KEELOQ cipher can be possible if:
From Wikipedia: KeeLoq is a proprietary hardware dedicated NLFSR-based block cipher. It was designed by an unknown engineer at Nanoteq Ltd. from South Africa in the middle of 80's and sold to Microchip Technology Inc in 1995 for $10 millions. It's used in "code hopping" encoders and decoders such as NTQ105/106/115/125D/129D and HCS101/2XX/3XX/4XX/5XX. KeeLoq is used in the majority of RKE (remote keyless entry) systems by such companies as Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, VW, Clifford, Shurlok, Jaguar and many others. |