devicesal
This is an old revision of the document!
Missing Info:
Dict 0xfc - contains an unknown 8 byte key, used in dev_0xd8, dev_0xd9.
Native modules:
// CBC Encrypt/Decrypt. The OUT buffer must be pre-allocated.
// Block size of the cipher is 64 bit, key length is 160 bit.
blob_t
native::ocmmod (blob_t in, blob_t out, blob_t key, int len, int decrypt)
{
if (decrypt)
ocmmod_cbc_decrypt (in, out, key, len);
else
ocmmod_cbc_encrypt (in, out, key, blob_len (in));
return out;
}
int
dev_0x01 (blob_t someblob, bool_t somebool)
{
int res;
if (somebool == 1)
{
res = dev_0x00 (someblob);
if (res != 0)
return res;
}
int some_nr = (unsigned) SubBlob (someblob, 0, 4);
int some_nr2 = (unsigned) dev_0xd1 (some_nr);
res = "localekb" (some_nr2);
// FIXME: Don't know the stack layout after this.
if (res != 0)
return; // but what?
blob_t someblob2; // probably from localekb
int some_nr3 = (signed) SubBlob (someblob2, 0, 4) + 1;
vector<blob_t> vec;
do
{
vec.append (SubBlob (some_nr3 * 16, 24));
}
while (some_nr3-- >= 0);
int some_nr3 = (signed) SubBlob (someblob2, 0, 4);
res = dev_0xc1 (some_nr3);
if (res != 0)
return res;
int some_nr4 = (signed) SubBlob (someblob2, 16, 4);
if (some_nr3 == some_nr4)
return 0;
else
return 8;
// is vec returned as well? it's still on the stack.
}
int
dev_0xb7 (any_t thing)
{
if (get_type (thing) != TYPE_BLOB)
return 0;
if (thing[2] == 0x31)
return 2;
else
{
if (! strncmp (thing, "\x31\x31", 2))
return 1;
else
return 0;
}
}
block_t
dev_0xd1 (int nr)
{
if (nr > 1)
{
0x80 ("Invalid version...");
return 0;
}
else
{
return 00 81 00 00 00 00 00 00;
}
}
// Some decrypt function.
// KEYBLOB seems to be 16 byte in practice.
any_t
dev_0xd8 (blob_t ciphertext, blob_t keyblob)
{
blob_t key = keyblob XOR concat (dict[0xfc], dict[0xfc]);
// Side-effect.
dict[0xdb] = key;
blob_t hashed_key = SHA1 (key[0..14]);
blob_t des_iv = hashed_key[0..7];
blob_t des_key = hashed_key[8..15]
blob_t data = DES_CBC_Decrypt (ciphertext, des_iv, des_key, 0xd8_DESDecrypt);
// Decrypt with ocmmod cipher.
int len = blob_length (data);
// Round up to multiple of 8.
len = (len + 7) / 8 * 8;
blob_t plaintext = repeat_nul (len);
plaintext = native::ocmmod (data, plaintext, hashed_key, len, 1);
// Return deserialized object.
return decode_asn1 (plaintext);
}
// Some encrypt function.
// KEYBLOB seems to be 16 byte in practice.
blob_t
dev_0xd9 (any_t plainobj, blob_t keyblob)
{
blob_t key = keyblob XOR concat (dict[0xfc], dict[0xfc]);
// Side-effect.
dict[0xdb] = key;
// Serialization.
plaintext = encode_asn1 (plaintext);
// Encrypt with ocmmod cipher.
int len = blob_length (data);
// Round up to multiple of 8.
len = (len + 7) / 8 * 8;
blob_t data = repeat_nul (len);
blob_t hashed_key = SHA1 (key[0..14]);
data = native::ocmmod (plaintext, data, hashed_key, len, 0);
// Encrypt DES.
blob_t des_iv = hashed_key[0..7];
blob_t des_key = hashed_key[8..15]
blob_t ciphertext = DES_CBC_Decrypt (data, des_iv, des_key, 0xd7_DESEncrypt);
return ciphertext;
}
devicesal.1243008668.txt.gz · Last modified: 2009/05/22 16:11 by nopsled