Conrad Meyer

FYI, https://community.rsa.com/docs/DOC-85572 confirms the device binding ID you preregister with the admin server is a 24-char hexadecimal string and is "generated" (suggests random, but could be computed or include a...

I don't think I can get a MITM server set up in the timeframe I have available. I can certainly at least try the fake client and record some results....

Yeah, no worries. One other interesting tidbit is that the CT-KIP negotiation code in the official windows client does not appear to be obfuscated at all. There are direct strings...

Oh yeah and this may be helpful to someone working on a MITM server: https://github.com/cemeyer/rsa_ct_kip/commit/21cef1d976a221a9c5a47730ea06a9f19bb510ff

Ok! Successful handshake between naive client and real server. Edit: `KeyID` and `TokenID` are identical and both match the "serial number" I was told ahead of time. Expiration is 2.75...

> … except for a sane definition of the #@*$&U! CT-KIP-PRF, including that important implicit parameter: "exactly how the server's RSA pubkey is incorporated into the input for the PRF."...

I found the self-service portal :joy: :joy: :joy: Looks like they use the same RSA public key for all `k`. That might be useful.

> Nice! So you can generate new activation codes at will? So far! > "for all `k`"… globally, anywhere? Or for all `k` handed out by the same server? For...

`func1` is some function of "Key generation", R_C (client_nonce), R_S (server nonce), and k (apparently just the RSA modulus, nice!). `func2` is probably some function of "MAC 2 computation" and...

TODO: don't leak old strings when they are replaced.