A Copy-Paste Bug That Broke PSpice AES-256 Encryption
a day ago
- #Encryption
- #PSpice
- #Security
- PSpice is a circuit simulator that encrypts proprietary semiconductor model files to protect vendor IP.
- SpiceCrypt is a tool that decrypts PSpice-encrypted files, enabling interoperability with other simulators.
- PSpice's Mode 4 encryption has a bug that reduces the effective keyspace from 2^256 to 2^32, making brute-force attacks feasible.
- The bug stems from using a short key (g_desKey) instead of the extended key (g_aesKey) for AES-256 encryption.
- A brute-force attack can recover the user key in seconds by exploiting a known plaintext prefix in the metadata header.
- SpiceCrypt supports decryption for all PSpice encryption modes and LTspice formats, with hardware-accelerated key recovery.
- The tool is intended for lawful interoperability, not for violating intellectual property rights.