Samsung LA40C550J1FXXZ firmware decryption and RMVB video

[erdem_ua]

I don't inspect it yet but some one told me about low exponent hack. If they choose really low exponent, than we might could crack it too. But needed to some cryptologist for the job

[doodlecz]

I thought, we are primary talking about AES, not RSA or other asymetric cipher.
My opinion is, that we are looking for secret key used for AES cipher (created probably in similar way by hash as in B series) because ciphered FW does not seem to be enveloped according to PKCS#7. IMO RSA is used only for signature validation, which is not our current problem.
There does not seem to be any "enciphered symmetric key for AES" in the published FW. Those 256 ascii characters in *.img.sec are most probably only (RSA) signature of deciphered content - simply to prevent FW patching. Reason for this statement is that it does not change between versions when specific file deciphered content is not changed (anyway seed value and resulting ciphered *.img.sec IS changed..).
I don't think we will be able to brute-force AES key with nothing in hands, it's almost impossible. Dumping memory or filesystem is IMO the only way..

[erdem_ua]

I remember that low exponent attack is related with AES but yes, It's clearly belong to RSA thing when I start thinking