Paulus Pärssinen PaulusParssinen

## pepwave_decryption.md

      
              2 files
            
          
              0 forks
            
          
              4 comments
            
          
              0 stars
            
          
                PaulusParssinen
                / pepwave_decryption.md
            
            
              Last active
              September 13, 2023 16:14
            
              
                How to decrypt various Pepwave firmware files
              
          
    Pepwave decryption

For my personal research in order to have a look at Pepwave device internals.
Pepwave encrypted files often have Pe1337__ magic number which must be changed to Salted__ for the OpenSSL AES-256-CBC decryption key derivation from the 8 byte salt.
Diagnostic reports

Previously Pepwave used simple XOR 0x32 but the newer diagnostic reports are encrypted with AES-256-CBC instead.
$ cat {DATE}_{MODEL_NICKNAME}_{SERIAL}_diag.report | \

  
## Asn1Benchmarks.cs
using System.Numerics;
using System.Formats.Asn1;

using BenchmarkDotNet.Running;
using BenchmarkDotNet.Attributes;

BenchmarkSwitcher.FromAssembly(typeof(Program).Assembly)
    .Run(args);

[MemoryDiagnoser]

## CRC32.cs
public static class CRC32
{
    private static ReadOnlySpan<byte> _crc32Table => new byte[]
    {
        0x00, 0x00, 0x00, 0x00, 0x96, 0x30, 0x07, 0x77, 0x2C, 0x61, 0x0E, 0xEE, 0xBA, 0x51, 0x09, 0x99,
        0x19, 0xC4, 0x6D, 0x07, 0x8F, 0xF4, 0x6A, 0x70, 0x35, 0xA5, 0x63, 0xE9, 0xA3, 0x95, 0x64, 0x9E,
        0x32, 0x88, 0xDB, 0x0E, 0xA4, 0xB8, 0xDC, 0x79, 0x1E, 0xE9, 0xD5, 0xE0, 0x88, 0xD9, 0xD2, 0x97,
        0x2B, 0x4C, 0xB6, 0x09, 0xBD, 0x7C, 0xB1, 0x7E, 0x07, 0x2D, 0xB8, 0xE7, 0x91, 0x1D, 0xBF, 0x90,
        0x64, 0x10, 0xB7, 0x1D, 0xF2, 0x20, 0xB0, 0x6A, 0x48, 0x71, 0xB9, 0xF3, 0xDE, 0x41, 0xBE, 0x84,
        0x7D, 0xD4, 0xDA, 0x1A, 0xEB, 0xE4, 0xDD, 0x6D, 0x51, 0xB5, 0xD4, 0xF4, 0xC7, 0x85, 0xD3, 0x83,

## Blowfish.cs
public class Blowfish
{
    private const int N = 16;
    private const int SUBKEYS = 18;

    public Blowfish(ReadOnlySpan<byte> key)
    {
        if (key.Length < 4 || key.Length > 56)
            throw new ArgumentOutOfRangeException(nameof(key), "Invalid key size.");

## wl_publication_types.json
[{"publication_type":1, "publication_type_name":"individual", "name":"Non-collection Publications"},
{"publication_type":2, "publication_type_name":"plusd", "name":"PlusD"},
{"publication_type":3, "publication_type_name":"cablegate", "name":"Cablegate"},
{"publication_type":4, "publication_type_name":"kissinger_cables", "name":"Kissinger Cables"},
{"publication_type":5, "publication_type_name":"syria_files", "name":"Syria Files"},
{"publication_type":6, "publication_type_name":"gifiles", "name":"Global Intelligence Files"},
{"publication_type":7, "publication_type_name":"detaineepolicies", "name":"Detainee Policies"},
{"publication_type":8, "publication_type_name":"gitmo", "name":"The Guantanamo Files"},
{"publication_type":9, "publication_type_name":"spy", "name":"The Spy Files"},
{"publication_type":10, "publication_type_name":"afg", "name":"Afghanistan War Logs"},

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                PaulusParssinen
                / keybase.md
            
            
              Created
              June 23, 2020 19:47
            
          
    Keybase proof

I hereby claim:

I am paulusparssinen on github.
I am paulusparssinen (https://keybase.io/paulusparssinen) on keybase.
I have a public key ASDBb1mFZUutcNsJT-PHazTBgk5Z82wE-CBIXfmPNp3dXAo

To claim this, I am signing this object:
	using System.Numerics;
	using System.Formats.Asn1;

	using BenchmarkDotNet.Running;
	using BenchmarkDotNet.Attributes;

	BenchmarkSwitcher.FromAssembly(typeof(Program).Assembly)
	.Run(args);

	[MemoryDiagnoser]
	public static class CRC32
	{
	private static ReadOnlySpan<byte> _crc32Table => new byte[]
	{
	0x00, 0x00, 0x00, 0x00, 0x96, 0x30, 0x07, 0x77, 0x2C, 0x61, 0x0E, 0xEE, 0xBA, 0x51, 0x09, 0x99,
	0x19, 0xC4, 0x6D, 0x07, 0x8F, 0xF4, 0x6A, 0x70, 0x35, 0xA5, 0x63, 0xE9, 0xA3, 0x95, 0x64, 0x9E,
	0x32, 0x88, 0xDB, 0x0E, 0xA4, 0xB8, 0xDC, 0x79, 0x1E, 0xE9, 0xD5, 0xE0, 0x88, 0xD9, 0xD2, 0x97,
	0x2B, 0x4C, 0xB6, 0x09, 0xBD, 0x7C, 0xB1, 0x7E, 0x07, 0x2D, 0xB8, 0xE7, 0x91, 0x1D, 0xBF, 0x90,
	0x64, 0x10, 0xB7, 0x1D, 0xF2, 0x20, 0xB0, 0x6A, 0x48, 0x71, 0xB9, 0xF3, 0xDE, 0x41, 0xBE, 0x84,
	0x7D, 0xD4, 0xDA, 0x1A, 0xEB, 0xE4, 0xDD, 0x6D, 0x51, 0xB5, 0xD4, 0xF4, 0xC7, 0x85, 0xD3, 0x83,
	public class Blowfish
	{
	private const int N = 16;
	private const int SUBKEYS = 18;

	public Blowfish(ReadOnlySpan<byte> key)
	{
	if (key.Length < 4 \|\| key.Length > 56)
	throw new ArgumentOutOfRangeException(nameof(key), "Invalid key size.");
	[{"publication_type":1, "publication_type_name":"individual", "name":"Non-collection Publications"},
	{"publication_type":2, "publication_type_name":"plusd", "name":"PlusD"},
	{"publication_type":3, "publication_type_name":"cablegate", "name":"Cablegate"},
	{"publication_type":4, "publication_type_name":"kissinger_cables", "name":"Kissinger Cables"},
	{"publication_type":5, "publication_type_name":"syria_files", "name":"Syria Files"},
	{"publication_type":6, "publication_type_name":"gifiles", "name":"Global Intelligence Files"},
	{"publication_type":7, "publication_type_name":"detaineepolicies", "name":"Detainee Policies"},
	{"publication_type":8, "publication_type_name":"gitmo", "name":"The Guantanamo Files"},
	{"publication_type":9, "publication_type_name":"spy", "name":"The Spy Files"},
	{"publication_type":10, "publication_type_name":"afg", "name":"Afghanistan War Logs"},