TiVo App - TivoProtocolhandler."compareURLData:withdata" method

As we saw earlier, the TivoProtocolHandler."compareURLData:withdata" method takes two arguments, the first being the tivocrypt:// folder converted from hex to bytes, and the second being the whitebox key that was retrieved from the TiVo stream via the "key.scbin" request.

TivoProtocolhandler."compareURLData:withData" analysis

Pulling up this method in IDA Pro...

Wow. That is definitely a white-box obfuscated piece of code.  I tried to decypher it but they start pushing data into random variables and it just becomes impossible to test without a debugger.

At this point, I have to accept the fact that the iOS device never exposes the decryption key, and the algorithm & code to calculate the actual key is so convoluted it would take months to even get close to what would probably be an incorrect answer (there is no way of even knowing if you are close).

I started to think...if I can have my iPod Touch on all the time and publicly expose this method, I could just send in the two arguments (via HTTP) and have it spit out the key...