A walk through the protocol stack

A project log for DRM-114

DEFCON 27 SAO project

Nick SayerNick Sayer 04/24/2019 at 05:590 Comments

While it's not as rich as IP, you can still describe the DRM-114 optical protocol as a stack. Let's go through all the layers.

Physical layer

Of course, the physical layer is infrared light. The IR LED has a peak wavelength of 950 nm, and the receiver has it's peak sensitivity centered there too. The receiver is configured to output a "0" bit whenever it sees a 36 kHz IR square wave. It requires a minimum of 6 cycles to reliably detect a 0 bit. This means we could use a bit rate of 6 kilobaud, but I decided to make it 4800 baud "just because."

Data link layer

The framing is asynchronous serial 8N1 at 4800 baud - again, with the 0 bits being represented as 36 kHz pulses and 1 bits being no IR at all. With this signaling, the output of the detector will be the actual decoded serial data stream the controller's UART will be looking for.

Packet layer

Data packets start with the two-character sequence DLE STX. This frame start sequence is followed by all of the bytes of the frame until the end. If the DLE character is seen organically in the packet data, it is transmitted twice. After the last byte of the frame, the two-character sequence DLE ETX is sent. A frame can be a maximum size of 192 bytes (not including the start, end or DLE "escape" characters).

Crypto layer

A packet consists of 16 bytes of protected AES-128 key, followed by 16 bytes of IV and the ciphertext. The key is unprotected and is used with the IV and AES OFB mode to decrypt the ciphertext. The result is the plaintext message preceded by a 16 byte AES-CMAC over the plaintext using the same key as was used to decrypt the message. If the CMAC doesn't match the expected value, the message is discarded.

Network layer

Messages start with a single byte of message type, followed by the null-terminated name of the sender. Message types are 0 for broadcast message, 1 for directed message, 2 for broadcast attention and 3 for directed attention. If the message is directed, then the null-terminated source is followed by a null-terminated destination name. If the message is not an attention message, then the null-terminated message text is appended.

That's it. The only part of the protocol that's undocumented is the key protection method. And I have no objection to anyone forking the source and supplying their own key protection method to make a working clone system, so long as their key protection method does not interoperate with DRM-114.