Vaio One Time Password Generator
Sony has a line of laptops ('Vaio') which compete mainly in the high value market segments. The randomly generated master password is only stored in RAM, e.g. It's lost after the next reboot ('one time password'). RSA is used for. Master Password Generator for Sony laptops (16 characters otp). Long story short - my brother died in a dirt bike accident last summer, and being the techy one in the family, I ended up with his laptop. Its a Sony Vaio VGN-FZ340N. Oldish, but decent laptop.
From: Sony has a line of laptops ('Vaio') which compete mainly in the high value market segments. They implemented a master password bypass which is rather sane in comparison to the rest of the bunch: • The randomly generated master password is only stored in RAM, e.g. It's lost after the next reboot ('one time password'). • RSA is used for encrypting the password which is then converted to a human-readable form (4x4 characters/8 bytes/64 bits). • Their customer support apparently allows for one free password generation per device which is pretty decent by the industry standard. Dogbert claims he was able to factor the password used to encrypt the OTP key because Sony used a key lenght of 64bits.
And did this using an unoptimized python implementation of a general number sieve in less than a minute. I was not aware that such small key length was even possible for RSA (I think pycrypto will not allow anything below 1024). With a key (D63K-XFVF-TK7H-RJKX) and a password (43878945) is it really that easy to figure out the scheme used? How should I approach the problem? [UPDATE] First of all, RSA works for any size modulus. 10 bits, 32 bits, 64 bits, 1 million bits. I'm having a hard time seeing exactly what the question is.
You are given the key (D63K-XFVF-TK7H-RJKX). Is that key the RSA key? That key then encrypts the password (43878945)?
Or is that key the result of encrypting the password with RSA? – mikeazo 2 days ago @mikeazo: it is a challenge-response theft protection.
Type the wrong password 3 times and you will be presented the 16 character challenge. You call Sony customer support, fax them a proof of purchase and based on the challenge they will give you a password. Ключ Flatout 2 more.
You can't brute-force it because it changes every time. @Schwartz: of course, Dogbert disassembled the Sony Vaio BIOS and got the public key! Calculating the private key was the easy step. I was not thinking like a hardware hacker, thanks!
New Baker Shotgun Serial Numbers more. I'm thinking the fact that it is her father, she'd rather toss it in the trash than go with option 2. Shame, its failry new and has a nice large screen.
Shark Tale Ita Rapidshare Search. I was someone knew of a hack for the one-time password genertor. Like where you enter the key and it gives you the one-time password. It prompts you a key that gets converted to a password, but I guess you would have to send it to sony to get it unlocked. I guess if someone was paranoid of getting their lappy stolen, one with a builtin thumb scanner like hers is the way to go.
The only other option I told her was to swap the hard drive and see if it lets you boot up an install cd. If it still gives you the prompt, then it is not like you can get around it without Sony unlocking it. Normally you can override such things with a dongle or something. Of course, such things are protected better than the crown jewels.Well, this one is protected pretty well. Governments would be good to use this system, except not to provide the One-Time hash to get the password, instead using a dongle device with their unlock for it kept in a secure location NO WHERe NEAR the pc/laptop. After messing with it, I have a bit more respect for the Vaio, even if we can't get it to run. It's like Fort Knox!
Hello, - Open the device - Remove the HD - Put it into some other computer. - Install the OS you like - Put it into your laptop again (Hint: if you use windows, don't forget to run sysprep first) Keep smiling yanosz It's not the OS that's been secured. It's the BIOS. Unfortunately, I suspect, that clearing the CMOS won't help. If so, the only thing you could do is replace the BIOS chip with a version of the BIOS that isn't aware of the finger print scanner, or some how manage to downgrade the current BIOS. This, however, may also proof futile as the older BIOS may detect that a form of authentication was used, and as such, may prompt for a password. Which may cause a bigger problem as it's possible the older BIOS version used a different encryption algorithm, thus even the correct password will now be 'incorrect'.