How to prove (with C code) if the NSA has backdoored your CPU
Sup, guys Welcome to today's show. First off, this is not clickbait. This is not a conspiracy theory. Everything I'm about to tell you in the following 15 minutes and this might be the most important 15 minutes of your life. Everything I'm about to tell you is 100% backed by research by the top researchers in the field of cybersecurity in the world. It is doctors and professors at the finest universities all around the world.
And I will provide you with a list of sources at the end of this sequence. And then based on this research, I will draw my own conclusion and ask some rhetorical questions. But the important thing is, at the end of this story that I'm about to tell you, we are going to prove it or disprove it in code.
So we will know for sure using scientific methods if this is true or not. Let's commence. Sup guys. We have a lot of ground to cover. So let's get started with the code.
Right away. I have created a template project based on my first B.S. template build system.
It's in the repo. I'm just going to change a few things. It's a pretty empty safe. Has created three files, so I don't see file, which is pretty empty.
And then we have some includes in the H file. We have some type definitions of different integers and we have a couple of macros converting between the types and it's a pretty standard Makefile as well. Just compiles this dutchie for one thing though, the c standard is set to c2x by default. If you are running the latest GC version, which I am if 14 something, you should change this to c 23.
But otherwise you can use the default C to X or you can remove this word. And I'm also going to change those macros. So I want this to be one by two, by four by eight. But so that's how, how we reference those. I also want to create a type definition for a big int and 128 bit integer because we're going to need it when we create our key. Scared to death.
By the way, I hadn't named this case keys. And I'm going to describe what that means in a little while. So we're going to use an find in 128 and that's going to be our in work IDs like so.
And let's also create in the use for that. So W 16 well it will be in 28 and I'm also going to create a couple of other other types. First of all, we need to have a All right. So we're going to define a in the 32, which we're going to call a word.
So a word usually depicts a in 16, but in the sense of the as encryption they call and in 32 a word. So that's what we're going to use. We are also going to need a 128, which will be a key because the keys are 128 in the in what we are focusing on, there are different variants of the S stuff, but let us start there.
And in there. By the way, there are two they things that they two routes they could have taken when it comes to backdooring and the CPU is instructions either the third key schedule, which basically is used to create something called sub keys and it's the sub keys that actually Lee encrypts the data and, but we use the regular key to create those and that will typically do today. And the other way is the actual encryption encryption. And this is the most probable thing I would say because it's simpler and more effective, but it could be either one. So we will first test the key schedule and then will test the encryption steps. And you take what this program is going to do.
It's going to do what HS does. It takes 1.8 bits key and it produces 11 sub keys of the same lib. So 128 And then these are divided in a total of 44, so regular in 32. And that's those words here. So we need to have an array for that.
So let's take that as well. Let's say we have well it's going to be an array of words, so let's call this we're already in and we need 44 plus. And so let's see, is it anything else Know who will. Let's see.
Let's define the functions we're going to need. And first I'm going to go and grab the algorithm for the case schedule. I don't know this one by heart.
So this is what we are going to follow. And it looks pretty intimidating, but it's it's not so advanced after all. So in this 44 array, we go word for word, and every fourth word uses this formula. And the other three in a row uses this. So first you do this, then you do this three times, and then you do this all the way through the whole array.
So basically what we're going to do is we're going to figure out the index of the actual word that we're going to change and we're going to change it by the by an earlier word. So let's say this is the fourth word, then maybe we take the data from the first and do something, and then maybe in the fifth, we take from the stack and then so, so on and so forth. So here we just grab the right value. Here we also grab the right value and not piece of this word right, and we run it through the G function. And the G function is pretty advanced. So we'll take the last, but I will create a dummy function for that.
So it's going to return a word and it's going to take a word as an input. And also what we are. So there are 11 subjects. So we do 11 rounds of this.
And for now I will only read the inputs W but later on we will fill this out with real calculations. But that's the last step here. We'll just iterate through these and copy some stuff around.
And one note, the for first of these words is the input key. So the first thing we'll do is take the key key. If we'll zero out all of these 44 we will take the input key and put it in in the set of index 012 and three.
And then we start doing this from the fourth and onwards. So that's how it's going to work. So let's define this g function. It goes from word to word and we have a as the round. We are also going to need to helper functions because we need to convert between words which are 32 bits in an integer and the individual bytes there's four bytes in it and so we need to grab those four both in an easy enough kind of way. And so let's, let's see, we can call those sub words can even define type for them.
So typed in it's going to be a and they are sub words, Sub words let's see. And there's, there are four four of them. And can we do it like this. We can return a an array like the I think it will be easier if we just do this and then we use it. It's a pointer. So we're going to have one function which takes a word and it produces sub words.
The word to sub. So in it's going to return and it's going to take a word. So an integer, and then we're going to have a function for the other way around.
So the return value will be a word we're going to call this sub word to word, and we're going to take sub word, stop the the vice versa. And okay, what else do we need? Well, we need to have a main function. Let's just define it like this for now. And finally, we need to have the actual function that calculates these sub keys. So let's call the generate keys and it's going to return. Yeah, actually it's actually going to return a word array like this.
But since we cannot return an array, what we're going to do instead is just use a word pointer and then allocate as much as we need. So the words store and return value and the input is is just a key and it's its key like this, right? So let's see word and this is a word we know it's right. Okay. So if and then so we need and let's start with those small utility functions that just basically takes an integer and splits it up into four buttons and vice versa. So let's see. And if you wonder why I haven't commented this out, I will come and then out.
Of course, when we are going to compile. But it's harder to read without the colors. So I want to keep them like this as long as I can.
Okay, so let's go. We will start with the word to sub word. So this will return a sub word or is going to take a word W And we can do this in just a few lines. But I think it's easier to do to use some intermediate variables. It's easier not to make mistakes.
So let's create a sunny day, A, B, C, D, which will be our output variables. And we also need the sub word point and in hexadecimal the integer of 32 bit it looks something like this. So the DCC, the B, so we want to grab those A's. That's the lowest part of the number and put inside of the A and then B to B, C to C and so on and so forth.
Right. Let's see. How did we find some word, by the way, in it. Yeah, that's right. And how do we grab something.
Well we use some binary bitwise operations and if you want to know more about how they work and you should watch my episode binary Operations, I go through it very in-depth, so I will not explain every step of this because I have done so in a couple of videos now and I want to focus this video and the things that matters for this program. Okay, So let's see. Let's start by grabbing those A's. And we do that by selecting them using a so called mask.
So we want to create the mask that has zeros where we are not interested in the data and we have FS where we are. So as you can see, we have the same number of numbers here and those six are zeros, which we are not interested in the D's or the seeds or the beads. We are only interested in the A's. And since these zeros are at the beginning of the number, we can reduce them to just this, which means the E would be equal to the word that we take as an input and we do an operation against that mask. And now we have a simple enough, but it's a little bit trickier when we do the B's though, because if we fill in those zeros again, this time we want those two. So we remove those zeros.
It will put zeros right here. So for everything is okay. But when we do this end operation, the results is going to be we have the zeros here and we have the C, and then we get our B's, and then we get two zeros at the end and zeros on the right side murders.
So this will be reduced to this. So we need to take those two zeros and push the B's to the right. So it'll be like this. We take the W word and we run it against.
This. So now we have this. And now we need to push them a bit to the right because two digits, two hexadecimal digits is eight bits. And so if you push those to the right, we will end up with just two bits and we can do the same nickname with the other one. So we just keep in adding serials here.
And this week these 16 bits that push in in order to get the D we do the same that we have the, the serial 00000. We push this limit forward. So if I had calculated calculated this correctly now we should have our values inside of here. So now we simply need to return them in some way and let's make an allocation.
So let's start by defining the size and size. It's going to be equal to the well. We can see just the size of this word for. So we're p will be equal to this word. This did not look of sense and we need to cast this to an integer because the size is 60 and we can insert that. We have ap0.
We and then we should put the this stuff. So let's see how it is to the let's create another point called red. So red two will be equal to this. So with zero and then we would be the words react and the first position should hold the a set is equal to A, but we will also increase P afterwards because then we can just like this. We don't need to increase after you put the last one there and now we can simply turn and we have our utility to function. We also need one to go, the other direction.
And that's actually a bit simpler since we don't need to allocate and stuff, we can just return the A word. And so let's see, this is sub word to word. It's going to return word. It is going to take this word. Yes. W
We are going to assert that we have a sub word and if you don't do it, a third is it's basically check this condition. And if it's true, nothing happens. If it's false, it exits the program with an error message.
But it's quite simple to use in application like this in order to handle the error cases. Okay, so let's see what is the easiest way to achieve this? Let's see. Maybe we can have a word pulling symbols and yeah, if we if we just pull this two words, the sub word, we need to cast this thing or I think the memory is in the right order for it to just work like this. Well, I guess we'll see you be so in this case. In that case, we could use the star P like this. So guess if they are in the right order, which they are and probably know, by the way, how did we put them there? First we put a so, so A is it in the zero then we need let's see do the let's let's try to see what happens.
So let's say we have a word W and we have sub the first W, but let's see we take an let's say we had a word that we set to a, B, C, D, and then we set a word equal to word to some word that we give it the word. And then the same for the errors. Now I'm just going to print something from it. So let's say we print the decimal values of two of them. We would see h h it is for printing one by then we do the same again some two x and O two is the number of digits we want to go to print we want to print. Let's see the first word and then the third is maybe we don't.
Then let's be good. And over in the case like so let's see this compiles all four that come out. Those things we heard in here of the word is not print and this is the age for 26 and this is here 2636. Those numbers they write this this word, nothing else in it mean three. It's also true. We don't need any and compound will work.
So let's see. Yes. The first answer let's see, are they in the order we want to This is the first in the array so I guess we can work with that. We just need to match it on the other end. So let's see if we try to go back then if we have word to free this thing, we say we're two equal to so word to word and we give the sub word. This thing, this should be a regular. It's with a digits.
This is two. Yes. We get no no here would begin with a and we had the other way around right. No we begin with a okay so then everything works. We have successfully created first functions all that is left.
Well, that's quite a lot, but the next thing we would want to do is to create this generate keys kind of thing. And then after that we will create the G. But I think this is enough for one episode. I really hope you liked episode a very special one. Please like and subscribe and then we will see each other very soon. Thanks for watching. Thanks.
2025-04-04 21:23
