BEGIN:VCALENDAR VERSION:2.0 PRODID:-//pretalx//pretalx.com//hack-lu-2025//talk//3UEDY8 BEGIN:VTIMEZONE TZID:CET BEGIN:STANDARD DTSTART:20001029T040000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10 TZNAME:CET TZOFFSETFROM:+0200 TZOFFSETTO:+0100 END:STANDARD BEGIN:DAYLIGHT DTSTART:20000326T030000 RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3 TZNAME:CEST TZOFFSETFROM:+0100 TZOFFSETTO:+0200 END:DAYLIGHT END:VTIMEZONE BEGIN:VEVENT UID:pretalx-hack-lu-2025-3UEDY8@pretalx.com DTSTART;TZID=CET:20251022T151500 DTEND;TZID=CET:20251022T154500 DESCRIPTION:# Digic8 Oracle\n### Decrypting camera updates without knowing neither the key\, nor algorithms (at first)\n\nSince years\, Canon cameras firmware has been enhanced by hackers\, via the [CHDK] project for Powers hot models and [MagicLantern] for DSLR/mirrorless ones\, applied to DIY dr one photography for example [DRONES].\nStarting 2010\, the Magic Lantern t eam is able to execute code by enabling an hidden Canon payload loaded fro m the SD card : autoexec.bin. Enabling this feature requires forging valid signatures for camera updates\, and required the team to fully understand cryptography of these .FIR files. But since the EOS R camera launch in 20 18\, FIR cryptography changed and no one publicly explored this new FIR ve rsion. \n\nWe will introduce the technical context as well as FIR file for mat version 4 (before 2018)\, then\, we will use :\n1 - the fact some rece nt Canon cameras (R\, RP\, R6) allow dumping their firmware via an embedde d basic interpreter and \n2 - Unicorn emulation to decrypt easily camera u pdate files of the same hardware (Digic) generation\, because a unique key is used.\n\nAs a first step\, emulation will allows access to FIR content (camera firmware updated code)\, without the need to understand neither t he underlying cryptographic algorithms\, nor keys : dumped code will be us ed "as oracle" by emulation. Then we will describe how is working decrypti on key generation for Digic 8\, and finally the scheme of asymnetric signa tures and how to verify them for both Digic 8 and Digic 10 cameras.\n\nTwo python tools will be released: **d8_oracle.py** to decrypt Digic 8 update s via emulation of dumped firmware\, and **d810_verif.py** to verify FIR d igital signatures\, based on secp256r1 curve.\nd8_oracle.py requires you f irst to dump yourself a firmware via CBasic or to obtain such camera dump via Magic Lantern community for example.\n\nNo decryption key neither firm ware dump will be released with this talk. \n\nLaurent Clévy already reve rsed Canon picture authentication scheme (Original Data Decision in Canon terms) years ago\, as well as a python tool to recompute signatures [ODD]. He also rediscovered FIR cryptography before 2018 and described it at Bee Rump 2022 [BeeRump]. \n\nEOS\, Digic and Powershot are Canon trademarks.\n \nReferences:\n* [CHDK](https://chdk.fandom.com/wiki/CHDK)\n* [MagicLanter n](https://www.magiclantern.fm/)\n* [DRONES](https://ardupilot.org/plane/d ocs/common-chdk-camera-control-tutorial.html)\n* [ODD](https://connect.ed- diamond.com/MISC/mischs-006/mecanisme-de-controle-d-authenticite-des-photo graphies-numeriques-dans-les-reflexes-canon)\n* [BeeRump](https://www.rump .beer/2022/slides/camera_jailbreak_v2_green.pdf) DTSTAMP:20260607T234820Z LOCATION:Europe SUMMARY:Digic8 Oracle - laurent clevy URL:https://pretalx.com/hack-lu-2025/talk/3UEDY8/ END:VEVENT END:VCALENDAR