donderdag 8 juni 2017

Filling the Racal Cougar Crypto Keys using an Arduino Part II

This post will be about the protocol used by the Racal Cougar to fill the keys into the Crypto Board.
Before reading this post i recommend to read my previous posts about the mechanism used to program the Cougar: Program the Racal Cougar - Part 2 & Part 5

MA4083(G) Fill gun


Reverse engineering (again)


Like i did when figuring out the protocol used by the E.C.U and programmer to control the Cougar and fill the channel information, the first thing i did was hook up a fill-gun filled with known keys to the Racal Cougar and using the tap-cable making the data visible on an oscilloscope  (actually i used 2 fill-guns but more on that later) .

Tap cable
The difference compared with analyzing the date before was i now had a technical manual for the MA4073 programmer which provided me with useful information and hints.

Two different PWM data streams:


The datastreams used to fill the Racal Cougar can be divided in two types of data:
  1. Racal Cougar control data
  2. Key fill data

PWM timing


Control data:

The control data stream is described in the previous posts mentioned above, it uses PWM data modulated with a frequency of ~4 Khz. where one period takes 250 μS.

A logical '0' is send by pulling the F pin low for ~64 μS and high for 186 μS and a logical '1' is send by pulling it low for ~186 μS and high for 64 μS.

Control data takes 4 bytes (32 bit) and expect a echo to be returned from the Racal Cougar.

Key fill data:

The key fill data stream uses the same PWM modulation but with some differences compared to the control data. First of all the frequency of the PWM data is lower, it is ~1.42 Khz and second it is one continuous stream of 520 bits.

A key fill PWM modulated bit has a period duration of ~700 μS where a logical '0' is send by pulling the F pin low for ~96 μsec and a logical '1' is made by pulling it low for ~224 μS.


Fill commands and data


When sending key data to the Racal cougar the key fill data is preceded with 3 control commands each expecting an echo response :

  1. FTL command (HEX 7F8B)
  2. DSN command (HEX 7F03)
  3. ZA command (HEX 7F07)

After the ZA command, zeroise keys, is received the Cougar is generating a 1 Khz alarm tone on the audio line indicating the unit doesn't contain any crypto keys (you would get the same alarm when using the zeroise button on your Racal Cougar and select a crypto channel).

Next the 520 bits of key fill data are send which is handled directly by the crypto module. When no error's occurred the keys are stored in the crypto module which in turn disables the key alarm indicating a successful transfer.

Simplified overview of key fill commands

Key fill data


Information about the commands being send can be found in the technical manual of the MA-4073 and it tells you what in the previous paragraph but it doesn't tell you the actual structure of the key fill data. This is where the fun started :-)


Key fill data



Every transfer of key data starts with a fill instruction command, this command shouldn't be confused with the normal command structure, the fill instruction command are 8 bits preceding the actual key data and have the hexadecimal value of 30 (00110000).

Next there are 512 bits of key data, 128 bits for each key. 4 keys in total where the keys are stored in the following order: B, A, D, C.

Although the Racal Cougar can only handle 2 crypto keys, A & B, the crypto module can store 4 of them.

The 128 bits of a key contains the following data:

  • 12 bits of a predefined value, this is value is hard wired in the programmer and can be changed on customer's request. In general these are 12 one (1) bits.
  • 108 bits of actual key data, 36 octal (0...7) digits each using 3 bits.
  • 8 bit CRC using a different CRC-polynomial value for the different crypto boards.

Key data:


After the 12 predefined bits comes the actual key data, for every of the 36 digits 3 bits are added to the key data stream. The three digit bits are representing a binary value of 0 to 7 (octal) in Little Endian order (least  significant bit first).

The bit (LE)  values for the octal key digits:


0 1 2 3 4 5 6 7
000 100 010 110 001 101 011 111


To illustrate this, imagine we have a key made up of 8 digits with a value of '01234567'. The key data part of the stream would be the following 3 bytes:


Byte 1: 00010001
Byte 2: 01100011
Byte 3: 01011111


CRC


The last part of the 128 bit key data stream is used by a 8 bit CRC (cyclic redundancy check) value. This CRC value is used by the crypto module to check if all received bits are correct and the data hasn't been corrupted during communication between the programmer/ fill-in and the module.

CRC calculation is done by using a 8 bit CRC-checksum using a specific polynomial value. The crypto modules requiring a 'C' programmer/ fill gun are using a different polynomial value then the modules requiring the 'G' version.

C polynomial value: 1 11000000
G polynomial value: 1 01000010


By changing this polynomial value to match the target crypto module both can be programmed using the same Arduino programmer.