To resurrect an ancient thread, due to the increased traffic on the list lately, I played a bit with trying to crack PBL 5.1 last night.

Otaku mentions (over here [1]) that he believes the key is 392 bytes long and he gives the hash. What's interesting is in the mail from Cliff mentioned below, he says that the signature is SHA256 and the key is the first two or three sentences of the King James Bible ("In the beginning was the word" - so start of John), and looking at the King James version of John, the first 6 sentences make exactly 392 bytes:

"1 In the beginning was the Word, and the Word was with God, and the Word was God. 2 The same was in the beginning with God. 3 All things were made by him; and without him was not any thing made that was made. 4 In him was life; and the life was the light of men. 5 And the light shineth in darkness; and the darkness comprehended it not. 6 There was a man sent from God, whose name was John."

However, piping this through sha256sum I cannot get the same hash. I have tried various permutations, newlines at the end of the sentences, periods in different places, tabs after the numbers, before the numbers, changing everything to lower case or upper case, feeding the whole thing in backwards, feeding each line in backwards, changing the endianess of the data, changing ascii encoding (character page) and various combinations of those. I am not sure if a tool like hashcat could be used to try and crack it more systematically by using permutations of the information we have, but the tool seems quite complex and 392 bytes is a very long key. Also, it is possible that I should actually be looking at the New King James Bible, or that Cliff actually meant to refer to the old testament. or maybe it's only 3 sentences of some version, but in UTF16? God knows... hehe

Anyway, thought I'd mention it in case anyone else has any bright ideas or wants to have a go.

[1] http://www.earth.li/pipermail/e3-hacking/2008-January/000795.html

On Wed, 17 Oct 2012 at 13:58, Edward Robbins <edd.robbins@googlemail.com> wrote:
> Cliff Lawson, the creator of the Emailer family, might know who owns the
> rights and how to go about contacting them.  I'll send you his email
> address off-list.  If they are effectively bricks without the Amstrad
> infrastructure support then he may like to see them getting some use by
> being opened up more.
>

I emailed Cliff Lawson (thanks for the
contact Ralph) and he does indeed seem willing to help. He gave me
some information about how the images are signed in PBL 5.1! He says:

"all I can tell you is that the signature I added uses SHA256 and the
key is the first two or three sentences of the King James Bible ("In
the beginning was the word...").
...
note that SHA256 like all hashses (MD5 etc) is sensitive to every last
space and bit of punctuation so even if you get the words right if you
miss a comma or a semi-colon it will not sign. Again I forget the
exact details but I did it very like CHAP authentication so first the
"key" and then the bytes of the image are passed through the hash and
then I cannot remember if the SHA256 hash output was then put in the
header or a footer to the image and the PBL also has the key built in
(actually I think it may be held like a module in Nand) it passes that
then the delivered data through an SHA256 and only if it gets the same
hash does it unlock the flash programming routines."