Hey community, someone has recently brought to my and Wiire's attention an Atheros device that produces a strange E-Nonce, it follows this pattern:
Code:
xx:xx:00:00:00:00:00:00:00:00:00:00:00:00:00:00
where x is a hex character obviously (0-9, a-f).
It has occurred many times over different exchanges. It has happened in AR9130/AR9102 devices.
If E-S1 and E-S2 follow the same pattern, it would be a relatively fast crack for those chips, faster than the full Realtek bruteforce. It is not yet know if this is the case, but if anyone would like to contribute some data it couldn't hurt!
On the other hand, another Realtek chip was discovered to not use the time since Epoch PRNG, but it still follows the static PKE AND the E-Nonce follows a pattern like this:
Code:
xx:xx:00:00:xx:xx:00:00:xx:xx:00:00:xx:xx:00:00
It is a SoC, the RTL8671. Being a SoC, it might use a different PRNG but it may be just as vulnerable, if not even more vulnerable. There are a few people including me that are actively looking into it. I hope we find something soon!