How the softTPM Works

The security of embedded systems and IoT devices often hinges on the protection of cryptographic secrets. Mako Server and Xedge, both powered by the Barracuda App Server, implement a form of White-Box Cryptography (WBC) to obfuscate and protect a "pre-master key" used within their internal softTPM (software-based Trusted Platform Module) components.

This document explores how the primary secret is transformed at runtime, evaluates the resilience of this approach based on industry knowledge about secret extraction in compiled binaries, and outlines why this design still raises the bar significantly against real-world attackers.

Note: In addition to the primary secret, which is the same for all devices based on the same firmware, a per-device secret is recommended as it makes function ba.tpm.uniquekey() work and makes private key generation unique to each device. Function xedgeOpenAUX() in led.c shows how to add a per-device unique key.

The Design: White-Box Transformation of the Pre-Master Key

The Mako Server and Xedge embed the pre-master key inside a constant array (ENCRYPTIONKEY) compiled directly into the binary. Note: You must generate your own secret key for your own project by, for example, using the tool GenNewEncryptionKey.py. Extracting this key from the binary is technically very challenging as it includes only binary data. To make extraction much harder, a simple but effective white-box transformation is applied as follows:

Substitutes each byte using an S-box-like self-reference.
Applies XOR with the original byte for additional diffusion.

Further, the comments in the source code encourage developers to modify this transformation to add diversity between products and deployments, making the defense extremely strong.

The Threat Model: Reverse Engineering Reality Check

On paper, any secret that exists in software can be extracted given enough motivation and resources. As pointed out in the StackExchange discussion, Is it possible to extract secret key in compiled code automatically, real-world attacks typically fall into a few buckets:

Static Analysis: Disassemblers like Ghidra or IDA Pro can locate constant data and decode the control flow.
Dynamic Analysis: Debuggers or instrumentation frameworks can trap memory allocations, monitor data transformations, and dump the final result.
Emulation: Emulate the binary to observe secret transformations without needing full reverse engineering.

However, all of these require substantial effort, particularly when the transformation code is non-trivial and customized. There is a critical difference between "possible" and "feasible":

Making reverse engineering possible is inevitable. Making it painfully expensive is the real security goal.

The white-box strategy in Mako Server and Xedge ensures that an attacker cannot simply extract the key with:

A hex editor.
A simple string search.
A basic disassembler pass.

Instead, they are forced into full-on dynamic analysis or emulation, dramatically raising the cost, expertise, and tooling needed.

How White-Boxing Helps

White-Box Cryptography is not bulletproof, but it is effective when:

Integrated deep into the application's core logic.
Customized per-deployment (as suggested by "modify this C code" in the comments).
Combined with other obfuscation techniques, like anti-debugging tricks, encrypted sections, and runtime code mutation.

In practice, the transformation approach used ensures that the key is not immediately identifiable and not trivially reconstructable without reverse engineering effort.

Key Takeaway: It's not about making reverse engineering impossible; it's about making it a serious and extremely costly project.

Best Practices for Maximum Protection

While the default Mako Server/Xedge approach is already strong, further improvements can be layered on:

Change the transformation algorithm across deployments.
Interleave transformation code with non-related logic to confuse static analysis.
Use runtime platform-specific obfuscation, like hiding transformation functions in opaque libraries.
Implement self-checksums to detect tampering or debugging.

Conclusion

Embedding secrets in software is always a cat-and-mouse game. However, by applying practical White-Box Cryptography techniques, Mako Server and Xedge effectively raise the bar against attackers. The pre-master key transformation is simple but devastatingly effective against professional threats.