Datasheet
4 The solution (and end to troubles)
As the data logger authentication process has been reasonably well documented, a flow
diagram can be constructed to visualize which details need to be worked on. The es-
sential mechanisms are indicated by red shadows in figure 11. However, please note
that:
• For non-green dot consoles running firmware version ≥ 3.12, the authentication
process is bypassed. Each console obviously contains firmware-readable infor-
mation which identifies the execution environment as either green dot or non-green
dot.
• The algorithm employed by Davis to derive the 64 bytes of the security register
from the 64-byte device ID was identified in late 2013. Section 4.4 refers.
• There are several other attack vectors which can be used with success. The be-
low mentioned approach is believed to be the least risky one — with no (or very
limited) risk of damaging the console. While other methods have also proved to
work, they will not be discussed here.
Figure 11: Firmware version ≥ 3.xx data logger authentication. The red-shaded boxes identify obvious
attack vectors. The ”start data logging” step depends on the console settings. Some ”page move” opcodes
are issued by the console, but the results (or lack thereof) are ignored.
http://meteo.annoyingdesigns.com 16