Metafetish now has a Telegram Chat Channel! Click here to join!

I Need a Crypto Grownup (ET312 Reverse Engineering Update)

Ok, honestly I could even probably just do with a crypto teenager at this point.

tl;dr for the non-technically minded: Things are coming along well, protocol documentation work is happening (See latest protocol docs here), but still working on firmware extraction.

Now, for the nerds:

First off, please check out the firmware reverse engineering document on the erosoutsider github site. This outlines our goals, attack vectors, and status. I'm trying to keep these as up to date as I can. But for those that hate reading:

  • We're trying to extract firmware for an ATMega16 with JTAG/OCD off and lock fuses set.
  • It has 512 bytes of bootloader.
  • We have some knowntext.

Last week, using a string overflow and a logic analyzer on the LCD pins, I managed to extract around 1600 bytes of ET-312 firmware. Yay! Previously we only had 255 bytes.

For those interested, the extracted blob is in our github repo. I believe this is all of the .data and .bss sections, followed by some garbage data (explained in a bit).

So now we have:

What we don't have:

  • Knowledge of the position of the knowntext in flash or in the firmware upgrade file. I modified a multiplier to get the string overrun to work, but the offset the multiplier is working on is a constant in flash.
  • Knowledge of whether the encrypted upgrade file is in flash load order from 0 to 15872 (we're assuming it is).

We want is the full, unencrypted firmware. The problem is, I'm running out of ways to access memory. I don't have access to the stack space via the serial protocol, and things get very rebooty if I try to change the stack pointer origin.

Now we get to the part where things turn a bit handwavey and I need a crypto grownup. From the XOR of the two upgrade files, it seems like there's a noticable lack of entropy in the encryption even though the files have different contents. Also, the bootloader is only 512 bytes, meaning it's not the usual AES/DES provided in Atmel Application Notes, which requires a minimum of 2k bytes of space.

Also, when inspecting the XOR, some parts show patterns, while some are garbage. I have a feeling the garbage parts may just be random bytes used in something like an srec_cat call to fill unused flash space. In our knowntext, the transition from .data/.bss to garbage is pretty obvious, meaning we /might/ be able to guess a vague position of the knowntext in the encrypted file, not that the search space is all that huge to begin with.

So, there's a chance this is just some set of operations (XOR, arithmatic, etc) on a multibyte key. However, using the known text as a sliding window and searching for repeating substrings hasn't resulted in much. I'm sure I'm probably missing some pretty obvious attacks, but this is why we've got neighbors, right?

If you've got any tips, either:

Together, we can help people shock themselves in the butt better.

UPDATE: Twitter has been helpful already! See this thread for more info, but current thought is that it may be a 32-bit LFSR. Thanks to scanlime for the help!

ET-312 Reverse Engineering Update

Any time I post about a new reverse engineering project, there's probably a good chance I'm going to stop posting articles for at least a week while I get the initial enjoyment out of my system. This was no exception.

The good news is, progress is being made, albeit somewhat slowly.

Hoping to get all 3 of these things in better shape over the next week. Documentation and protocol code are pretty straightforward, firmware, is, well... not so straightforward. But still, god, so fun.

Let's Reverse Engineer the Erostek ET-312

Would you believe a box that's basically an ATMega8 with some opamps from 2000 costs $600?

Behold, the Erostek ET-312. Yes, "the Rolls Royce of electrostim" is nearing 15 years old, maybe $50 in parts, and hasn't seen many if any real competitors. The software situation for it is... dire.

Eroslink, the original control software, was last updated in 2004 and runs on Java 1.3. Also not exactly user friendly.

There's also SmartStim and Phaser, but neither are easy to use, open source, cheap, or support things like mobile platforms.

This is dumb. The ET-312 can work via either audio waveform control, or serial communication. Why not just use a web browser? WebAudio has been stable for years, and Chrome Apps can talk serial to the box if it's really needed. Not to mention, multiple other boxes use audio control, so that'd kill multiple birds with one stone. It should also be pretty easy to put something like an Raspberry Pi or CHiP in front of the box to make it wirelessly accessible/controllable/streamable.

So, with that goal in mind, we're now working on reverse engineering the ET-312. This is as much because I like reversing protocols as it is to learn about the insides of one of the most widely distributed fetish estim platforms out there. Throughout the process, I'll be making posts about progress, as well as technical findings.

If you'd like to follow along, the protocol documentation will be at

The project is named after the original perl ET-312 reversing scripts that came out over a decade ago. I'll be updating these for 3 languages (links go to the erosoutsider repo for that language):

  • Python - For quick scripting
  • Rust - For systems work (with C bindings available)
  • Javascript - For Node.js/Chrome Apps/The Mythical WebSerial API

If you've got any requests or questions, please feel free to file issues on the respective github repos, or there's a fetlife thread about the project if that works better.

Cyborgasm Volumes 1-2 Now on Internet Archive

Famicoman, being an unstoppable force of archiving, just posted the Cyborgasm Volume 1 and Cyborgasm Volume 2 CDs to the Internet Archive!

Cyborgasm was a series of 2 CDs of erotica recorded with "virtual reality technology for a 3D Sound", which I'm assuming means binaural mics but who knows. The series was curated by Lisa Palac, editor of Future Sex Magazine, and contains contributions from Susie Bright, Annie Sprinkle, and others.

All currently scanned issues of Future Sex as well as the Cyborgasm CDs can be found at the Metafetish Future Sex Archive Project Index.

Sex Tech News Roundup 2016-03-30

A couple of days late on the news roundup, but that just means it's had more time to age and will taste better now, right?