Tuesday, March 15, 2016

The padding problem between Java Security and Windows CryptoAPI

If we use Windows CryptoAPI to encrypt plaintext with RSA to get ciphertext, the Java BadPaddingException exception happens when we use Java Security to decrypt the ciphertext with RSA.

We suppose that it is padding problem between Java Security and Windows CryptoAPI, but Windows CryptoAPI default uses PKCS1Padding in RSA, and our Java program uses Cipher.getInstance("RSA/ECB/PKCS1Padding"). Therefore both padding algorithms are same. Where is the problem?

The problem is, ciphertext encrypted by Windows CryptoAPI is little-endian, but Java Security consider ciphertext is big-endian. We can reverse ciphertext before calling RSA decrypt of Java Security.


Tuesday, March 1, 2016

Apple Watch Wrist Detection

If we enable password in Apple Watch, it will be locked when we take it off at 15th second in default. There are two cases of the lock scenario as the below picture.

Case A: The watch is initially worn and locked.

  • 0 sec: A user inputs password to unlock the watch.
  • 0 - 15 sec: The unlocked period is 15 seconds in default. The period can be specified on the watch. If the user clicks the watch in the period, the period will be reset.
  • 15+ sec: If the watch is worn, it is keep being unlocked (Case A), otherwise it locks itself (Case A.1).

Case B: The watch is not initially worn and locked.

  • 0 sec: A user inputs password to unlock the watch.
  • 15 sec: The watch locks itself at the time.

How does Apple Watch detects wrist? I suppose the mechanism is run by photodiode sensors not by G-sensor. There are two rules of wrist detection.

  1. Primary rule: Sensors detect distance between watch and wrist via infrared LEDs.
  2. Secondary rule: Sensors detect lighting change to determine locking.

The primary rule is easy to be proved. How about the secondary rule? I uses the 3 methods to cheat Apple Watch to keep wearing (unlocking) status.
  1. Shake a paper below the watch.
  2. Put watch on an iPad that is playing video.
  3. Put watch on a glass and shake a paper below the glass. 
Photo 1

Photo 2

Photo 3