https://trifinite.org/tags/authorization/ Recent content in Authorization on trifinite.org Hugo -- gohugo.io en-us Mon, 25 Jul 2022 00:00:00 +0000 https://trifinite.org/stuff/tempa_autorization_replay_attack/ Mon, 25 Jul 2022 00:00:00 +0000 https://trifinite.org/stuff/tempa_autorization_replay_attack/ Note: This is related to Project TEMPA. Please follow this link for an overview! The Tesla Authorization Replay attack is using a tool like temparary in order to extract VCSEC AuthorizationResponses from a whitelisted smartphone app. For AuthorizationRequests - that are mainly used for passive entry functions - the vehicle communicates a challenge token, that the smartphone app has to answer with an AuthorizationResponse which is embedded in a VCSEC SignedMessage object that has a SIGNATURE_TYPE_AES_GCM_TOKEN SignatureType.