How I FOUND the Nsa's backdoor inside your Intel Cpu

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    In this intriguing episode, Dr. Jonas Birch dives into the world of cryptography and computer security, revealing potential backdoors in Intel CPUs. He presents how the Advanced Encryption Standard (AES) key schedule is a prime location for such vulnerabilities. By comparing the outputs from a custom C version of the AES key schedule and an assembly version using the CPU's instructions, Dr. Birch aims to uncover discrepancies indicative of a backdoor. Throughout the episode, he walks through the technicalities of the key generation process and highlights the potential for exploitation within existing hardware architectures.

      Highlights

      • Dr. Jonas Birch gets technical by analyzing the AES key schedule for potential vulnerabilities. 🔍
      • He sets up a custom C version and compares it with CPU-level assembly to find any discrepancies. 🖥️
      • The episode walks viewers through the inner workings of the AES encryption algorithm. 🔧
      • He demonstrates how the hardware might alter encryption keys, weakening their effectiveness without detection. 🔒
      • Dr. Birch's exploration reveals the critical role of understanding bitwise operations in encryption. 🤯

      Key Takeaways

      • The key schedule in AES is a potential hotspot for backdoors due to its centrality in managing encryption keys. 🔑
      • Finding a discrepancy between different implementations of the AES key schedule might expose hidden backdoors in CPUs. 🕵️‍♂️
      • Understanding the nuances of the AES algorithm is crucial for identifying vulnerabilities in encryption mechanisms. 🧠
      • Hardware-level instructions can modify encryption keys, potentially weakening security without being detected at the software level. 💻
      • Detailed understanding of bitwise operations and encryption algorithms is essential for tech sleuths like Dr. Jonas Birch! 💡

      Overview

      Dr. Jonas Birch takes on the exciting yet challenging task of examining the AES encryption key schedule for potential backdoors. His concern stems from the key schedule’s role in creating subkeys for encryption, making it an attractive target for those looking to insert vulnerabilities. The episode is both a deep dive into cryptography and a thrilling exploration of what might lurk within our hardware.

        Throughout the episode, Dr. Birch meticulously builds and tests a C version of the AES key schedule, comparing it against what the CPU itself generates using its internal instructions. His aim is to uncover any discrepancies that could indicate a backdoor. It’s a technical journey filled with explanations of binary operations, rotations, and substitution boxes.

          As Dr. Birch untangles the complexity of encryption, he underscores the necessity of solid cryptographic knowledge in discovering and understanding potential security flaws. His findings suggest that even at the hardware level, encryption can be subtly weakened, posing serious questions about the integrity of our devices. His quest is a wake-up call for tech enthusiasts to look deeply into the machines they use daily.

            Chapters

            • 00:00 - 02:00: Introduction and Key Schedule Overview In this chapter, the focus is on understanding the significance of the key schedule in AES (Advanced Encryption Standard). The speaker mentions the importance of targeting the key schedule when attempting to create a backdoor within an Intel CPU, as it is the most effective area to focus on for such an endeavor. The chapter likely delves into technical aspects of the key schedule, its role, and potential vulnerabilities.
            • 02:00 - 07:00: Key Schedule Generation in C The chapter discusses key schedule generation in the C programming language, focusing on the security aspects and the potential for backdoors. It describes the process beginning with a 128-bit encryption key as input.
            • 07:00 - 12:00: Discussion on S-Box and G Function The chapter discusses the S-Box and G function, focusing on their role in encryption processes. It highlights how two specific components form one byte, particularly noting the least significant byte. Additionally, the chapter provides an explanation of the key schedule, detailing how it processes a 128-bit encryption key.
            • 12:00 - 18:00: Round Constants and Final Steps The chapter discusses the creation of sub-keys from an encryption key when using AES (Advanced Encryption Standard). It explains how the original encryption key is not used directly for encryption; instead, it is utilized to generate 11 sub-keys, each 128 bits in length. These sub-keys are then used to perform the encryption process. The text also hints at the potential vulnerability that arises from this process, suggesting it's an ideal spot for a backdoor. By controlling the sub-keys, unauthorized access might be facilitated, which poses a significant security risk.
            • 18:00 - 21:30: Code Verification and Conclusion This chapter discusses the process of code verification and concludes with an emphasis on examining the potential vulnerabilities that arise when using software for encryption. It highlights the risks involved when a software-generated encryption key is randomized and given to the CPU, which might alter these keys, consequently weakening their strength. The conclusion urges increased awareness and better practices for maintaining encryption integrity.

            How I FOUND the Nsa's backdoor inside your Intel Cpu Transcription

            • 00:00 - 00:30 All right, guys. So today we are going to focus on the key schedule in a AES And that is because if I were to create a backdoor inside of the Intel CPU, I would focus on the key schedule because the case schedule is the most effective place
            • 00:30 - 01:00 to put a backdoor since it takes care of the key generation. And so how does it work? Well, it looks a little bit like this. We have an input and the input is a 128 bit encryption key. So in this example, we'll be using
            • 01:00 - 01:30 the following key. Two of these become one byte. So these two d’s right here it is the least significant byte. And what does the key schedule do? Well it takes this 128 bit encryption key.
            • 01:30 - 02:00 So from this encryption key it creates 11 sub keys of the same length 128 bit. So we are not... when we use AES, we are not using the encryption key to encrypt stuff. Basically we are using it to generate these sub keys and we use those to encrypt stuff. So maybe you realize why it's an ideal place for a backdoor.
            • 02:00 - 02:30 Because if the software that you're using is create is randomizing an encryption key and giving this to the CPU to create those sub keys and the CPU, it might change these keys somehow. So it reduces the the strength of the keys.
            • 02:30 - 03:00 So that is my idea. Anyway. And I'm going to prove this by creating my own C version of the AES key schedule algorithm, and I'm going to create an assembly version using these instructions in the CPU and then compare the results because they should differ if the backdoor is there.
            • 03:00 - 03:30 But first I need to show you how this key generation works. Let me just draw a couple of things. All right. So the number to the left here, 1 to 11 is these numbers.
            • 03:30 - 04:00 That is the sub key. And the sub key is divided into these four boxes. And each of these boxes is 32 bits in size. That makes a total of 44. That's basically how everything is built inside of this key schedule. All the components are 32 bits
            • 04:00 - 04:30 and sometimes even less than that. So the numbers inside of the boxes, that is the index of the variable, so to speak. So the first thing we do, if you remember we have this A, B, C, D, etc. inside of the encryption key. So the first thing we do is we copy all of that
            • 04:30 - 05:00 into the first sub key. So the A goes here and the B and the C of the D, how do we create the next line, the next sub key. Well these three boxes right here to the right we use one method and for the leftmost box
            • 05:00 - 05:30 we use a different approach. And that's true for all of these. So it's quite simple with those three to the right, the only thing we do is we take this one and this one and we add those together. So basically we can say that this five index will be equal to the zero
            • 05:30 - 06:00 index plus the one X, and this plus is an XOR operation. And then we do the same for these other boxes on the same level. So now we will have a value inside of these boxes
            • 06:00 - 06:30 depending on what the values in the previous sub is. All right. So that's easy enough. But how do we do with this leftmost box, the four? Well, what we do is this We take the value
            • 06:30 - 07:00 inside of this box right here. So the index just before the the box we're interested in. So we go like this and then we take the value inside of this one.
            • 07:00 - 07:30 So those two together, we add and put inside of this. But we do one more thing, and that's this thing right here. This is what I call the G function. So before we add those values together, we pass this three value right here
            • 07:30 - 08:00 inside of this g function. So if I were to write this like I did right here, the four books will be equal to the serial box plus the g function of three. Okay. And this is all that is done.
            • 08:00 - 08:30 This same thing goes for the third sub key and the fourth all the way up to 11. What inside of this g function? Well, the G function works like this, and they can mention that Universalists usually call this two G function to differentiate from the F function, which is inside of the death encryptions.
            • 08:30 - 09:00 But if you read the original proposal for this, a cipher which is called around all and then it's called the F function, but this is the only function there is. So it doesn't really matter what we call it. And this G function, it has an input and an output. And as you might imagine, both of these are 32
            • 09:00 - 09:30 bit values. And what we do is we split up this these 32 bits into four boxes of eight bits, so one by each. So it looks a little bit something like this. So this is index zero and one and two and three
            • 09:30 - 10:00 and each of these boxes are one, but each or eight bits and we do three different operations on these values. So let's say we have, let's say we have six, seven, eight, nine just as an example,
            • 10:00 - 10:30 first thing we do is a rotation. It will look a little bit like this. So remember the indices here we have one and two and three and now we have zero right here. So what has happened is we have moved this whole array of numbers one step to the right,
            • 10:30 - 11:00 and we have taken this and moved it there to the rightmost position. So it's like a cyclic shift. So that is the first operation. And let's also fill in the numbers just to make this very clear. Like so.
            • 11:00 - 11:30 Okay, so that's step number one. And the next step is we do substitute two since. So what is the substitution? Well, basically we we do we have a big table which is called an S books table.
            • 11:30 - 12:00 And this table says that if we go in with the value seven, we go out with some other value. I don't have it in my brain right now, but let's say because there are 256 different, but let's say seven will turn into a 15 and the A will be, I don't know,
            • 12:00 - 12:30 a, the six will be C, C, and the E would have left six, seven, eight, nine might be something like, I don't know, zero one So it's just a table where if we're going with a specific value, we go out with a value
            • 12:30 - 13:00 and this happens for each of these. But that is the second out of the three different operations inside of the G function. And the last thing is we don't do anything more with these three. They these are is let's say six, seven and nine.
            • 13:00 - 13:30 So for this and these two, we have the result value right here. But for this leftmost box, the eight in this case we do one more thing, we add something which is called the
            • 13:30 - 14:00 round constant. So it will look a little bit like this. So the same way we added with an X. So before we take this, the
            • 14:00 - 14:30 round constant and we add in this case the value F and we get something else and then we assemble all of these numbers and that is the output, that is the return value of this g function.
            • 14:30 - 15:00 So it's a couple of steps, but it's not very advanced stuff. Each step is not very advanced on its own. Well, it's a lot to look at in a sketch like like this, but it's not really very difficult to understand. But what about these round constants? What are these depending on what round in. So basically, if we're creating the first sub here
            • 15:00 - 15:30 or the second or the 11th, we use a different round constants. So the first one is one and then we have two for a 1632. So it keeps increasing and two, three, four, five, six.
            • 15:30 - 16:00 Then we have 64 128 and then we have two more values which I don't remember right, but they are not the doubled value yet like this. They are, they differ for the last two rounds. There is something like E, F and something like that, and we just add those constants based on the roots.
            • 16:00 - 16:30 Okay, so this is how the a key schedule is supposed to work according to the specification, but is this how it works inside of the CPU? Well, I have analyzed this, read a lot of documentation, tested
            • 16:30 - 17:00 a lot of different values, and this is what happens inside of the CPU when you tell it to create some case out of one input key. So let's say we have the same input key. What it does in the pseudocode is we have
            • 17:00 - 17:30 the following things. So we have two so-called inputs and outputs registers. So this are like here the parameters and the return values. If we were to compare it to a like C or something, and these are 128, it's
            • 17:30 - 18:00 so when we execute this function call, so to speak, and the function calls name is a he, is he Jim assist.
            • 18:00 - 18:30 So it takes one 128 bit input value and it produces one 128 bits sub key and you execute this 11 times and it also takes any inputs with the round constant. So you need to specify that as well.
            • 18:30 - 19:00 And it does also use what its, what the documentation is called is calling X registers and that is like a temporary variable 32 bit page and there are four of these. Okay, so
            • 19:00 - 19:30 what happens? The first thing is we set a zero equal to the input and we take the first 30 to 0 to 31
            • 19:30 - 20:00 indexes in. This is since you start with zero, we go to 127. Okay, So now, now we have those integer values, those 32 bit values that this uses as well. If you remember each of these boxes are 32 bit each
            • 20:00 - 20:30 and then we follow the same schedule basically. So what we do with these values is we do rotation X or and we do one more thing and that is adding of the round constants
            • 20:30 - 21:00 and that's it. And the interesting thing is, which of these temporary variables we use, we use a zero and we does two different operations. The zero and we use x two and we do two different operations on x two
            • 21:00 - 21:30 and then we assemble an output based on that. So we don't use x one at all. We don't use x three at all. We only use two of these intermediary variables. And as you also see, we have skipped one step
            • 21:30 - 22:00 and that is those substitution boxes. And what does that mean? Well, the substitution boxes are there, so we will be non-linear because if we if we are linear, then we can set up a couple of different equations
            • 22:00 - 22:30 and solve these equations in order to find the key that we don't want that. So that's why, as has these s boxes, but we don't use those inside of the CPU and we only use half of the key. So since we are only using the x zero and x two registers, that means
            • 22:30 - 23:00 that we are using this part of the key. So we are not using these base, we are not using these DS
            • 23:00 - 23:30 which means that we turn this into a 64 bit cipher and there's a huge difference between 128 and 64. As you know, if if you saw the last episode, 64, is it possible to practice with a home computer basically nowadays almost at least, but
            • 23:30 - 24:00 128 bits is the you'd have to crack as many combinations as there are like molecules to or atoms in the known universe. So that's completely out of reach. But 64 bit is definitely within range, especially for government agencies and especially if we have reduced the linearity or removed it
            • 24:00 - 24:30 by removing those X boxes. So this is my findings and the rest of this episode, I want to show you how I figured this stuff out. I'm going to show you how to code all of these a key schedule algorithms using assembly with these with this
            • 24:30 - 25:00 is the key genesis, the structure and how to code the rest of this C program. We started last week when well the software implementation of the key schedule and then we will try a couple of values of input keys and see what the results we get out and compare the two implementations. And we will also look a little bit
            • 25:00 - 25:30 inside the manual for these two hardware accelerator instructions and I will show you exactly how these X registers and these things, these instructions work on them. So let's get started.
            • 25:30 - 26:00 So guys, welcome to today's show. So today we are going to finish our key implementation of the S key schedule and we will also create an assembly implementation which will be very simple to do actually, since everything is integrated into the actual CPU. And we will be hunting for the CPU back door,
            • 26:00 - 26:30 which I believe might be there. And today we'll be attacking the squeeze case schedule. So by the end of this episode we will hopefully know if it's hidden inside of the key schedule, which would be a perfect place for it to be actually.
            • 26:30 - 27:00 All right. If you remember last time we prepared the utility functions and created all the data types for our implementation, and that's about as far as we got today. We are going to create the actual key generation function. The according to these formulas.
            • 27:00 - 27:30 And the only tricky part I think will be this g function, which will use the A. S boxes and whatnot. But more about that bridge when we come there. For now, I'm only going to define this g function in as an identity function for the time being.
            • 27:30 - 28:00 So it will return itself. So let's see, the g function is going to return a word and a word in the A for, well, words. It is just a regular 32 bit integer.
            • 28:00 - 28:30 So we'll have a word with a g function which takes input word. So word input and it's going to take the round because we, we are going to create 11 sub keys. And so there are 11 so-called rounds and depending on the round, this input will be handled differently. So we need to pass it to the actual function.
            • 28:30 - 29:00 So we will have an eight round and for now we will only return the input like so. So the round fruit for now at least will be unused. And I define it like this. So now we need to create generate function, generate keys
            • 29:00 - 29:30 so it will take an input key. The 128 bit is key, the encryption key and from that key it will generate 11 submarkets of the same length. 128 bits per key. So this will be a pointer to an array.
            • 29:30 - 30:00 Okay, let's see if we can get this done. So we will have it. Just see, we will have word the gen keys function, which will take one word as an input and this will be the just called key because it's a main encryption key.
            • 30:00 - 30:30 It won't put it that. So what we need to work with, we need a key array. Did I specify that the. Yeah. Code word array so that for the four integers because the 11 sub keys are 128 bits each
            • 30:30 - 31:00 and if we divide that into words, that will be for the four integers. So we'll have a word array, let's call it w according to the standard and let's see what else we need. We need a couple of intermediary or temporary variables. So let's say we'll do word X, Y, Z, something like that.
            • 31:00 - 31:30 And we also need to keep track of the counter. So I think we can do in a j Right. So let's start by zeroing out the word array. So we pass it to the zero and we cast it into the
            • 31:30 - 32:00 into eight with integers. So let's see, we will pass the W and this will be so let's do it like this size of word times for the four
            • 32:00 - 32:30 is let's see. Yeah. Okay. So what's the name. Well we need to zero initialize so I will be equal to J will be equal to zero. So both this will be zero.
            • 32:30 - 33:00 You should do it inside of the four. I think it shows our intent a little bit better. So let's see, before we start, we need to copy the S key into the first four words. So I think the easiest way
            • 33:00 - 33:30 will be to create a pointer to the C. Mm hmm. But if we were to do something like this, if we create a void, the for void
            • 33:30 - 34:00 and we create a our word sized word pointer and we point our void pointer against the beginning of the word array. So void star
            • 34:00 - 34:30 w and now we should be able to put the word pointer to the void pointer basically. And why we need to jump through this. Whoops with the void star that has to do with how juicy
            • 34:30 - 35:00 C enforces typecasting. It used to be more free, but not any longer. Okay, so now we should be able to let c
            • 35:00 - 35:30 should be able to. Maybe the easiest way is just to do something like we with the word pointer. So this, this is the first word of the 44 word way. And that should be equal to the first part of the key.
            • 35:30 - 36:00 So something like words are of the key.
            • 36:00 - 36:30 Let's see, maybe we can do let's do av1 and v two. Maybe we make it a little bit more complicated than we to, but at least it will work. So we have one word pointer and the second one. So let's see, the one will be equal to this
            • 36:30 - 37:00 and the word pointer will be equal to the one. So this is the input output. I mean, and for the L input, we do the same. So we set our V to equal to the void star
            • 37:00 - 37:30 key and the second word pointer will be equal to words to our V to so this should be equal to
            • 37:30 - 38:00 and we don't need access to turn it in. Good point. Yeah. We need to do this instead. So this should be low. So we're putting through one or two equal to two
            • 38:00 - 38:30 and then we need to increase this and increase this. And then we do this four times one for e each integer sized part of the input key.
            • 38:30 - 39:00 Yeah. Yeah. I think this will work. Let's double check before we go on so we don't mess this up from the beginning and we can use the print hacks from the tutorials and we will. Let's see in order to
            • 39:00 - 39:30 know we can do this. So let's see, where do we want to print? We want to print our first four bytes. No, the first four ends of the array. So we pass it the W
            • 39:30 - 40:00 and we want to show let's see. Well, 128 bits divided by this need to be caused into a 16 So
            • 40:00 - 40:30 and then let's just return zero for now. Let's see we can clean this
            • 40:30 - 41:00 and we create a key sized C mm. I think we made a mistake.
            • 41:00 - 41:30 No, this is key sized, so we need to change this and let's call the key K instead. And know
            • 41:30 - 42:00 we can create a key. Let's call it K and let's say K is equal to, I don't know, a very large number. So this will be, this is one by
            • 42:00 - 42:30 so a 1632 is so 3264 120. Um,
            • 42:30 - 43:00 so now we have an input key and it will, we don't care about the return value at this point. So generate keys and we give it a K and it should hopefully print the words we need to give it
            • 43:00 - 43:30 something that divides the difference. So let's say and the column, right? So we may clean the further to
            • 43:30 - 44:00 come and is we need to do serial. Yeah. And to
            • 44:00 - 44:30 redefinition or to
            • 44:30 - 45:00 this should involve the I and I believe we will compile and it complains it's too big for its time but it always seems to complain and work anyway when it comes to that. So let's see
            • 45:00 - 45:30 maybe we should print the in the will so we can shift the difference. So here we will have the kill of this. So suppose
            • 45:30 - 46:00 so the input uses spaces and the output uses color as a separate to k. Hmm.
            • 46:00 - 46:30 Let's make this a little bit. Is who we set this to something of an integer size. So one, two, three, four.
            • 46:30 - 47:00 Returns it the four point still zero.
            • 47:00 - 47:30 So. Hmm. Maybe we shouldn't have this.
            • 47:30 - 48:00 It's weird. As the input becomes zero, but if we were to print that, say the first integer, it's oh, this so zero it like to e use
            • 48:00 - 48:30 then we do would it?
            • 48:30 - 49:00 Okay so here we do get early but when we pass it to the function, it kind of disappears.
            • 49:00 - 49:30 Let's see, the two is the key. I think we mixed these around. This should probably be like so in this look. So
            • 49:30 - 50:00 if you look all right, seems to be the same. But I want to try it with something that doesn't contain all these serialized. Mm.
            • 50:00 - 50:30 Because how did we define he. He is in in 128. Is this, how does a make it look. C 23 should work.
            • 50:30 - 51:00 Let's set it to the maximum and see what happens. And the maximum is usually like this.
            • 51:00 - 51:30 Okay. It since it's been copied the way we want it to. That's good. But they want to have something like something which is more different.
            • 51:30 - 52:00 That's generally the key this way. Instead, we create 128 and P in 16. So is size will be the size of an
            • 52:00 - 52:30 well, it can be 128 divided by a split number of bytes. Then let's make sure to do who is equal to zero
            • 52:30 - 53:00 as long as it's less than the size five plus plus. Then we set p equal to who he.
            • 53:00 - 53:30 At each iteration we increase our P and is p equal to
            • 53:30 - 54:00 let's see what we get.
            • 54:00 - 54:30 Let's make this eight instead so we don't need to cast.
            • 54:30 - 55:00 Let's see. I said this zero. He was set to maybe we need to do this. Okay, that looks better. So now we have a key which is
            • 55:00 - 55:30 consisting of a lot of different numbers. So our copy function works. Now we can begin our key generation, so this will come to this. So again, a little bit of color. Let me just take a sip of water. We will begin this one.
            • 55:30 - 56:00 All right. So what we have done, this four works, it's remove this and let's start over.
            • 56:00 - 56:30 Okay, generation. So we are going to have a blue there we go from a is equal to let's see, this should go from 1 to 44
            • 56:30 - 57:00 I guess, or from serial to 43. Let me just consult my manual for the A yes for the IS algorithm.
            • 57:00 - 57:30 So let's see.
            • 57:30 - 58:00 Yes. Per key I will go from one to term.
            • 58:00 - 58:30 So I guess we could
            • 58:30 - 59:00 I think 0 to 43 is the easiest way since we will be dealing with the whole array at once. So we set this to zero as long as it's less than four or we increase, I. So we will do two different things depending on
            • 59:00 - 59:30 if we are okay with. I think we can do it like this. We so depending if we are dealing with the first thing, the first word
            • 59:30 - 60:00 of the array, we will use this first formula and for the three other parts of the sub key we will use the second easier. The thing.
            • 60:00 - 60:30 So let's see, we can set our first intermediary the here. So we need to grab this and then we need to grab this,
            • 60:30 - 61:00 put it in to the g function and then we just xor these together. So it will be equal to, let's see or Times Square. We need to have something for the index
            • 61:00 - 61:30 as well. Let's initialize all of these so it will be equal to one. This will be equal to Z, which will be equal to earlier, which will all be equal to zero.
            • 61:30 - 62:00 So now we can take the index and calculate this. So I learn this one times for that index and then we can grab our intermediate value by taking this
            • 62:00 - 62:30 from the, from the array. Then we do similar with the second thing. So is the idea equal to this time? It will be four times a
            • 62:30 - 63:00 is what this? And then we have a Y which will be equal to the value of this index. So now we have this value and this needs to be passed through the g function.
            • 63:00 - 63:30 Maybe we can do it like this. So we take our third intermediate that you see and this will be equal to our X it's or
            • 63:30 - 64:00 the g of what. So now the C contains all of this and now we need to put it here. So we calculate our index as four times. I
            • 64:00 - 64:30 and then we set the W of index to Z. Then we have handle all of this and then I guess we could do it like this.
            • 64:30 - 65:00 So we don't need to have an additional loop around this. However, we do need to have an additional loop around this.
            • 65:00 - 65:30 So let's do for J equals one and we check if she is less then. So this should be one, two and three. So it's less than four and j plus plus
            • 65:30 - 66:00 no is the second formula that we will do it pretty much the same. But starting to define the index as this. So the index will be equal to four times. I plus learn this would
            • 66:00 - 66:30 and from there we grab the x so and then we do the same for the other one. The index will be in this case four times. I'm doing minus one plus g
            • 66:30 - 67:00 and this one will be equal to W. The index. All right. And now we're just exer this together. So our index is going to be equal to four times i plus t0c will be equal to x x
            • 67:00 - 67:30 or to y and w this index is equal to z. All right. I think that's basically it. Let's copy this stuff back to the beginning
            • 67:30 - 68:00 and to this. So now we need to
            • 68:00 - 68:30 return this whole array and we can return a word array. So we need to malloc this thing as this. So let's create a we can reuse our word point to actually.
            • 68:30 - 69:00 So let's say our word point in one is equal. We would need to calculate the size first to have a size variable we don't. So in 16 size and this size is going to be equal to let's see, we need
            • 69:00 - 69:30 we need 44 words. So size of word size for for that we can set our word point to one equal to the look of size. We can see throughout this thing
            • 69:30 - 70:00 and so we need to cast it like this. And this size is size. Let's also assert that we do have a word for two one. So we so nothing will fail. And now we just need to copy our whole array
            • 70:00 - 70:30 into this output variable. So we call in to, let's see. So we will point to one
            • 70:30 - 71:00 that's our destination. Our source is the W itself and we are copying size, but it's in. This should be done outside of the
            • 71:00 - 71:30 then we can just return. We were put into one. So let's see where we go. We have our key we need to put so let's see word
            • 71:30 - 72:00 sub keys under if it's the right thing to choose words size here
            • 72:00 - 72:30 because we will just be keys. But that is enough to cast the thing here anyway, so let's not mind at this point. So some keys
            • 72:30 - 73:00 will be equal to this. If we don't, the sub keys will return a sub key generation fee and
            • 73:00 - 73:30 then we return minus one. But if we do have an output, we want to print this like we did before.
            • 73:30 - 74:00 So we print her and we need to cast this into an into sub case. And how many binds this one? It would be a little weak
            • 74:00 - 74:30 and we don't need to use the separator at this point and then we can free our sub case and return. All right, so now we're done with this. Let's see if it compares. It would probably require a little bit of troubleshooting, I suppose. Too few arguments to G That's correct.
            • 74:30 - 75:00 We need to keep track of work around. We are in the right.
            • 75:00 - 75:30 So let's see how to figure out it's going to be every 11. So what?
            • 75:30 - 76:00 I want this to go from one to term
            • 76:00 - 76:30 because there's ten sub keys.
            • 76:30 - 77:00 So the round, if we set this to term over the this let's see less than 11, so it goes from 1 to 10, then I is the round remove this
            • 77:00 - 77:30 and to the g function we can pause the which is the road
            • 77:30 - 78:00 that we want to create. 11 sub keys. So this should be like this I suppose will to 11 and for each sub key
            • 78:00 - 78:30 we will do this for first word sized chunks and this for the remaining three, which means this whole thing will generate
            • 78:30 - 79:00 one sub. He for round. Okay, that makes sense. I think we don't need to change much else. Section. This is just a typo.
            • 79:00 - 79:30 Iteration ten invokes undefined behavior. Mm hmm.
            • 79:30 - 80:00 That's right. The first four. So the first sub key we have already handle here because
            • 80:00 - 80:30 the first sub key is equal to the input key, which means this should have been like this. So and this would be four times one.
            • 80:30 - 81:00 That's the first iteration, which means we are doing it correctly. Okay. It's compiled without any errors, without any warnings. That's A good sign? No. So let's see what our well,
            • 81:00 - 81:30 our all of our sub key is is going to be. No, we just prints the first one. But it looks fine though doesn't it.
            • 81:30 - 82:00 Yeah. Then if we were to print all of them, we could do something like
            • 82:00 - 82:30 for a is equal to let's go from 1 to 12 I plus plus
            • 82:30 - 83:00 and we will also set p equal to word the equal to so cuz
            • 83:00 - 83:30 and each iteration we increase p one. So here then we can replace this p
            • 83:30 - 84:00 and I believe this will work disconnect and my internet service provider quite often reboots the switches during
            • 84:00 - 84:30 during the night. So that's a little bit annoying. Let's take a short break until it's working again. All right. You know, I believe the internet connection should be back. Let's see. Yes, it is
            • 84:30 - 85:00 still strong. Well, let's see. Two, three, two. And it's this thing. Yeah. All right. So we may clean until a little bit to clear the screen, and they will compile warnings like that. Let's see what happens.
            • 85:00 - 85:30 Okay. It didn't update the code because they had no internet connection. So let's just do this and save it. Mm hmm.
            • 85:30 - 86:00 Maybe we got disconnected. Yes, we did. We did get disconnected from the VPN as well as it seems. Let's try.
            • 86:00 - 86:30 You know. All right. And the nice thing is, now that we are connected again, it's sync. So the only thing we need to do is save. And no problem. There we go. Okay, so from this input key,
            • 86:30 - 87:00 the S key scheduling algorithm has generated those ten additional sub keys. But how do we know that this works? Well, we need to verify it somehow without having to rely on something which is back to it. So we need to find some other
            • 87:00 - 87:30 a scheduling algorithm implementation and just verify that we got the same as they did. But before we can do that, we need to take care of this. G function right? Because at the moment we are not caring too much about it, which basically means the
            • 87:30 - 88:00 one to want to work, to one to this part of the key is wrong. This part should be correct. I think because this first 32 bits
            • 88:00 - 88:30 is what we pass into the G function. The rest is unaffected. So basically we could try to use another key excluding implementation and see if it generates this part. Maybe we should do that. There must be some online tool for this right? Something like, I don't know, in a key
            • 88:30 - 89:00 get to the but I don't want to have something that explains it.
            • 89:00 - 89:30 I want something that I can test and we can test it. We do think that this is some code one then then we give it this key, but it doesn't look
            • 89:30 - 90:00 even remotely the same. Hmm. Maybe we should finish the g function. I guess. Yeah, of course it will influence
            • 90:00 - 90:30 the rest, even though only this is affected because this makes use of this as input. So. All right, let's finish the first and then we try to get this. Okay, We can search here and we go to this screen again.
            • 90:30 - 91:00 We were TNP keys. He said you you said it to a home and the will try to create this g function, which is a bit tricky. I think that we will figure it out together.
            • 91:00 - 91:30 All right. So first of all, we need to see to the g function. We pass one word, right? Yes. So that word should be converted into bytes.
            • 91:30 - 92:00 And that's where we have these sub word two word function that we created last time. So let's begin there. We will need to have something of sub word size. So sub word sub word
            • 92:00 - 92:30 and that should be equal to word to sub word that we give it in words. We can get the names here. Let's say this is the word and this is the round.
            • 92:30 - 93:00 And if we do, we can even assert that we get this first section and okay, so this is an array of four bytes and we need to rearrange this a bit.
            • 93:00 - 93:30 So let's see this create sub word, which is another pointer that's just called this is of size for words.
            • 93:30 - 94:00 And so let's see the chipmunk A is reference. So what we should do is right, we should shift everything to the left. But it was
            • 94:00 - 94:30 so basically we can do like this in. This zero will be equal to it. Double w will and one will be equal to two
            • 94:30 - 95:00 to be equal to three and three equal to zero. I think that's yes. So the last one, let's see the first one should be equal
            • 95:00 - 95:30 to the world, to the C, All right. So that's correct. The next step is we push all of these through a substitution box and s books, and most encryption schemes have one that's basically a
            • 95:30 - 96:00 long list of numbers, usually like 256. So if input is this, then output is that it's just a regular one by substitution. So we can make it easier for ourselves if we define a couple of
            • 96:00 - 96:30 intermediate structure. So we have S and we get T, and perhaps we even need an s t u. This will so our t zero should be equal to our
            • 96:30 - 97:00 s zero. But we put it into this box, which means we need to refer new function.
            • 97:00 - 97:30 And this is word. I mean, this is by the bite sized. So we have an in a s box and we have an in it includes an in
            • 97:30 - 98:00 school goes into it. All right. So we need to either calculate the A s s books which basically are inverses for so-called Galois fields the two to A's.
            • 98:00 - 98:30 But I don't know if there are C functions for the maybe it's inside of the math that H or something. Galois fields c h Mm hmm.
            • 98:30 - 99:00 Maybe we should see lib the things that know it since we either need to use some library for calculating Galois field or creating our own. And that's a bit too much. I think. So maybe we should just grab the S books
            • 99:00 - 99:30 and because it's always the same so we can if we get our hands on the S. S books, we can use it in our code. So let's see, is this books? And hopefully we can get it in some format that we can use easily.
            • 99:30 - 100:00 So this is it. So basically, if we have the number, I don't know, 0 to 20 in, that's then it will return. No, no, that's not correct. Let's see the this will be 22. So if we have the hexadecimal 22 as an input,
            • 100:00 - 100:30 the output will be a hexadecimal 93 and that holds for all of these even for zero zero. So let's see. Hmm.
            • 100:30 - 101:00 I'm tempted to break my little copy rule. May not be real, but I don't want to do that. And since the rule only applies to code,
            • 101:00 - 101:30 there's nothing that says that you can copy this thing and use it. So let's see. How does it look if we just paste it into some file? This belongs to t t
            • 101:30 - 102:00 not super great that maybe we can still use this if we were to. We need to remove this first thing because this is just the
            • 102:00 - 102:30 headline or whatever. So three s like. So then we remove the first line.
            • 102:30 - 103:00 So this. So how does it look now? All right. And now we want to remove everything, which is not a number. So if we do something like third, the E
            • 103:00 - 103:30 and we search for first, there's 0 to 9 A to F, then everything which is no is should be substituted to nothing. The input just looks
            • 103:30 - 104:00 okay. Mm hmm. Maybe we should still have some separator. Oh, a we're talking.
            • 104:00 - 104:30 Okay, so now we have it in a verdana formats. How do we get it into our C for an easy enough kind of way?
            • 104:30 - 105:00 Maybe we can do some more. Let's create a temporary directory. Move it there. The and this will be over a so then we do some more said merges.
            • 105:00 - 105:30 Let's see. We want to search for space and we want to replace that space with serial E is
            • 105:30 - 106:00 we can do this. We're going to replace it with a comma space and serial x. Good. So we got everything. But the first thing.
            • 106:00 - 106:30 So we want to do another substitution where we find the beginning of the line and we would to put C
            • 106:30 - 107:00 zero. Let's keep it in the
            • 107:00 - 107:30 O and do the end of the line. This should be in the line. All right, that's good. And for the end of the line we want to replace with
            • 107:30 - 108:00 come soon change this to this the club key and we will see go to deep okay this we can work with so if we go to this
            • 108:00 - 108:30 and we do something like the A is
            • 108:30 - 109:00 this looks is equal to this and then at the end, which in the end this
            • 109:00 - 109:30 and it could be this thing, we go to our C file, paste it in
            • 109:30 - 110:00 and that's two. So it's a little bit annoying that it puts to each. But I think we can look first.
            • 110:00 - 110:30 So this makes our S books function very simple because the only thing we need to return is the A is this box a position? But it's
            • 110:30 - 111:00 then let's test it first and foremost. So let's just to print a serial. It s persons
            • 111:00 - 111:30 to serial to x. So this means we want it in hexadecimal and two digits. Then we should also tell it to be a little what happened
            • 111:30 - 112:00 h x that that means it's a but. So we do this box and let's say zero A is a and then we exit one, All right?
            • 112:00 - 112:30 And if we go to this thing here and what did we see A B? So we look up A, let's hear this line and a B is this 62.
            • 112:30 - 113:00 So if we get 60 to back, we know or as box works right? Hmm.
            • 113:00 - 113:30 They did it to this who were moved into K is C
            • 113:30 - 114:00 right we change the input to W like this. We have to turn on the thing. We need to do something at least for now.
            • 114:00 - 114:30 All right, So what did I say? A B, 62, 62. All right, this box works. That's great.
            • 114:30 - 115:00 All right, so back to this thing, then. So now we have done this instead of the three. The thing inside of the G function, then Now there's only one thing left that we need to change this first bucket of the T,
            • 115:00 - 115:30 but we need to do some calculations in the lower field to. So we need to create one more function, which is the round
            • 115:30 - 116:00 constant. So we will have an eight and it'll be a round holes and take an empty.
            • 116:00 - 116:30 So in a round comes in a includes and here we need to do some stuff and I find I found some pdf about this which defines it like this.
            • 116:30 - 117:00 So this is how we calculate what the round constant is
            • 117:00 - 117:30 and then we need to move to, we need to do tons of this thing. That's a polynomial. Well, let's start
            • 117:30 - 118:00 by creating those round constants that simple enough at least. So we need to tell it what round it is. Let's do this as a but this is
            • 118:00 - 118:30 a round. So when we call this thing, we need to pass it the current round. So let's see,
            • 118:30 - 119:00 let's, let's create this array of round constants and these are
            • 119:00 - 119:30 from one to level. So let's do 212 here. It doesn't matter and our C one should be equal to one
            • 119:30 - 120:00 and for loop it is equal to two. And this long x is less than 12. We do x plus plus each position
            • 120:00 - 120:30 in the case and it should be equal to g with this. So we know case x minus one
            • 120:30 - 121:00 and our c of is equal to two times the last one. So our C of index
            • 121:00 - 121:30 and though we can return or C of control,
            • 121:30 - 122:00 so let's serve the or is more than zero then that R is less than 12.
            • 122:00 - 122:30 And the last step we will do
            • 122:30 - 123:00 you'll zero equals two t0
            • 123:00 - 123:30 so it will be the same as in the last step. Only we will in this play take the real constant of the current round
            • 123:30 - 124:00 and this thing will should we explore it.
            • 124:00 - 124:30 I think we call it X or it's but I'm not entirely sure. Let's see what we end up with and then we need to return this
            • 124:30 - 125:00 as a word. So we need to choose our sub word. Two words. So, so
            • 125:00 - 125:30 sub word to word. Then this should be a sub word. Star of you. I wonder if we can do that conversion, but I think we should be able to
            • 125:30 - 126:00 The answer. Let's see what happens. Mm hmm. 107. It's
            • 126:00 - 126:30 too few arguments. We change the signature. What function or concept or closed in it, be it or did we get disconnected?
            • 126:30 - 127:00 You go way, right? It's we need to give the correct argument as well.
            • 127:00 - 127:30 But we never used actually think so let's just remove this and this. But you
            • 127:30 - 128:00 the K 135 sub word to word, it should be okay. It compares. Oh, it changes birth.
            • 128:00 - 128:30 Yeah. Smooth this stuff. Moment of truth. Ladies and gentlemen, will our implementation work All right, we do get something.
            • 128:30 - 129:00 All right, let's try this out. There we go. But this would be all for today. And if you like this episode, please like subscribe. And we will continue this project in a later episode. Thanks for watching. Thanks for today.