Technical Reference Manual
The LZ has a built in security system. It allows you to set a general password to lock up the organiser completely, and also to set a password on a notepad file which is then encrypted to keep out prying eyes.
Passwords are not stored directly in memory, otherwise a simple peek would allow someone immediate access to them. After a password has been typed in, it is encoded in a rather complicated way to give a 9 byte string, the passcode. This encoding is a little complicated to describe (see Key Generation), but not very difficult to do. It is however impossible to undo directly, so the originally typed password can't be recovered from the passcode.
Furthermore, the resulting passcode probably is unique to each password. This means that passwords can be checked by comparing their codes only.
When a system password is given, it is encoded and the resulting 9 byte passcode is stored at $7FD7-$7FDF. It is difficult to recover the original password from these bytes directly. The only way to do this is to try all possible passwords until you find one that has the right code.
In practice however, it is either impossible or not necessary to do such a search for a system password. On a Psion with a system password set and active it is impossible to read the encoded password. The only way to deactivate an active system password if it is unknown is to remove the battery which of course destroys all data on A:. Note also that since external devices are not loaded during a warm boot it is not possible to intercept the password routine that way.
On the other hand, on a Psion with a password set but not active it is not necessary to do any calculating at all as it is easy to erase the password completely.
The byte at $7FD6 contains the system password state. It can contain the following values:
Note: Actually bit 0 is set when a system password has been given, bit 1 is set when it is active.
Poking 0 to $7FD6 will erase the system password. This allows you to set a new system password without knowing the old one. Note that there is no need to clear the passcode at $7FD7-7FDF as it is simply ignored until it is overwritten at such time when a new password is typed in.
When a notepad is given a password, the password is encoded in exactly the same way as the system password. The 9 byte passcode is then also stored in the notepad file (see chapter Notepad). Thus when it is accessed using the notepad editor, it will be password verified before viewing/editing is allowed.
To further secure the notepad text from peeking, it is also encrypted. This encryption is done in a very simple way using an 8 byte key. The same algorithm that produces the passcode from the password is used (with slight modifications) to generate the 8 byte key.
Recovering the notepad text without the password seems to be very difficult. It is impossible to go directly from the passcode to the key without finding the password first. Trying to find out the password from the passcode, and then using that to get the key and decode the text is possible but involves quite an exhaustive search.
However the method used to encrypt the text is so simple that it is possible to decode it without knowing the password or key at all, provided the notepad contains at least about 20 characters of text. No further information is given on that subject, just be warned!
There now follows a description of the encryption method. Suppose we have the following notepad file:
Testing: This is a test.
and the password ABCDEFGH.
Txt: Testing:# T h i s _ i s _ a # t e s t . # Asc: 84 104 105 115 32 105 115 32 97 0 116 101 115 116 46 0
Note that the end of a line is indicated by a 0 byte (denoted here by a #). The title of the notepad 'Testing:' will not be encrypted, and if like here there is a zero byte immediately following it, that byte is not encrypted either.
The encryption key is calculated from the password (see Key Generation), and turns out to be 82,47,5,181,247,92,30,165. On of the simplest types of encryption with a key is adding the key letter by letter (or rather number by number) to the text. This is the so-called ViginSre cypher. The notepads are encrypted in this way, but to further disguise the encryption another sequence is added. The sequence is generated by consecutive multiples of 163, i.e.. 163, 70 (=163+163-256), 233, 140 (233+163-256), etc. This sequence is added to the key before being added to the plain text.
This is of course best illustrated with our example. For the first eight characters we have:
Text: T h i s _ i s _ ')"; onMouseout="hideddrivetip()"> ASCII: 84 104 105 115 32 105 115 32 OldKey: 82 47 5 181 247 92 30 165 Seq: 163 70 233 140 47 210 117 24 NewKey: 245 117 238 65 38 46 147 189 Asc + NewKey: 73 221 87 180 70 151 6 221
Note that if a number exceeds 255, 256 is subtracted to keep it within range of a single byte.
The key that was used here is now used to calculate the key to use on the next 8 letters:
Txt: a # t e s t . # Asc: 97 0 116 101 115 116 46 0 OldKey: 245 117 238 65 38 46 147 189 Seq: 187 94 1 164 71 234 141 48 Newkey: 176 211 239 229 109 24 32 237 Total: 17 211 99 74 224 140 78 237
The complete encryption is now:
T h i s _ i s _ a # t e s t . # 73 221 87 180 70 151 6 221 17 211 99 74 224 140 78 237
Here is a detailed description of the algorithm used to transform the password into the 9 byte code or 8 byte key.
Now c0 to c8 is the 9 byte passcode.
To compute the 8 byte notepad encryption key, nearly the same algorithm is used. The only difference is that the eight bytes d0 to d7 are used, so steps 6 and 7 are omitted.
Also, during the calculation different numbers are used:
Password is 'abcdefgh'. All numbers below are in hex.
1. p0..p7= 41,42,43,44,45,46,47,48 l = 8 t = (224 mod 8) = 4 2. g0= (41+3D)*(48+25)*CB = 2A8A[A2] g1= ... = 2A7C g2= ... = 2A6C g3= ... = 2A5B Similarly, for an encryption key we get: g0= (41+25)*(48+3D)*C5 = 28C7 g1= ... = 28DE g2= ... = 28F4 g3= ... = 2908 3. f0= (2A7C+3)*(2A6C+B)*A1 =046EEAFC[A9] f1= (2A8A+3)*(2A5B+B)*AD =04C32AFD And for encryption key: f0= (28DE+7)*(28F4+3)*A9 = 0451EB3C[6B] f1= (28C7+7)*(2908+3)*97 = 03DBD692 4. f0= EAFC046E f1= 2AFD04C3 And for encryption key: f0= EB3C0451 f1= D69203DB 5. e0= EAFC046E*CB = BA55D783[3A] e1= 2AFD04C3*CB = 2216A2C6[A1] And for encryption key: e0 = EB3C0451*C5 = B5052F52 e1 = D69203DB*C5 = A51E5CF7 d0..d7= 83,D7,55,BA,C6,A2,16,22 And for encryption key: d0..d7= 52,2F,05,B5,F7,5C,1E,A5 or 82,47,5,181,247,92,30,165 in decimal The encryption key is now done. 6. p0..p7= 41, 42, 43, 44, 45, 46, 47, 48 d7..d0= 22, 16, A2, C6, BA, 55, D7, 83 c0..c7= 63, 58, E5, 0A, FF, 9B, 1E, CB 7. c8= d(t)+l = d4+8 = C6+8 =CE so the nine byte passcode is 63, 58, E5, 0A, FF, 9B, 1E, CB, CE or 99, 88, 229, 10, 255, 155, 30, 203, 206 in decimal.