devicesal
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
devicesal [2009/05/05 07:35] – created dummy megadiscman | devicesal [2009/05/22 16:11] – nopsled | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | dummy | + | Missing Info: |
+ | |||
+ | < | ||
+ | |||
+ | Dict 0xfc - contains an unknown 8 byte key, used in dev_0xd8, dev_0xd9. | ||
+ | |||
+ | </ | ||
+ | |||
+ | Native modules: | ||
+ | < | ||
+ | // CBC Encrypt/ | ||
+ | // Block size of the cipher is 64 bit, key length is 160 bit. | ||
+ | blob_t | ||
+ | native:: | ||
+ | { | ||
+ | if (decrypt) | ||
+ | ocmmod_cbc_decrypt (in, out, key, len); | ||
+ | else | ||
+ | ocmmod_cbc_encrypt (in, out, key, blob_len (in)); | ||
+ | |||
+ | return out; | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | |||
+ | < | ||
+ | int | ||
+ | dev_0x01 (blob_t someblob, bool_t somebool) | ||
+ | { | ||
+ | int res; | ||
+ | |||
+ | if (somebool == 1) | ||
+ | { | ||
+ | res = dev_0x00 (someblob); | ||
+ | if (res != 0) | ||
+ | return res; | ||
+ | } | ||
+ | int some_nr = (unsigned) SubBlob (someblob, 0, 4); | ||
+ | int some_nr2 = (unsigned) dev_0xd1 (some_nr); | ||
+ | res = " | ||
+ | // FIXME: Don't know the stack layout after this. | ||
+ | |||
+ | if (res != 0) | ||
+ | return; | ||
+ | |||
+ | blob_t someblob2; | ||
+ | |||
+ | int some_nr3 = (signed) SubBlob (someblob2, 0, 4) + 1; | ||
+ | vector< | ||
+ | do | ||
+ | { | ||
+ | vec.append (SubBlob (some_nr3 * 16, 24)); | ||
+ | } | ||
+ | while (some_nr3-- >= 0); | ||
+ | |||
+ | |||
+ | int some_nr3 = (signed) SubBlob (someblob2, 0, 4); | ||
+ | res = dev_0xc1 (some_nr3); | ||
+ | if (res != 0) | ||
+ | | ||
+ | |||
+ | int some_nr4 = (signed) SubBlob (someblob2, 16, 4); | ||
+ | if (some_nr3 == some_nr4) | ||
+ | return 0; | ||
+ | else | ||
+ | return 8; | ||
+ | |||
+ | // is vec returned as well? it's still on the stack. | ||
+ | } | ||
+ | |||
+ | |||
+ | int | ||
+ | dev_0xb7 (any_t thing) | ||
+ | { | ||
+ | if (get_type (thing) != TYPE_BLOB) | ||
+ | return 0; | ||
+ | if (thing[2] == 0x31) | ||
+ | return 2; | ||
+ | else | ||
+ | { | ||
+ | if (! strncmp (thing, " | ||
+ | return 1; | ||
+ | else | ||
+ | return 0; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | block_t | ||
+ | dev_0xd1 (int nr) | ||
+ | { | ||
+ | if (nr > 1) | ||
+ | { | ||
+ | 0x80 (" | ||
+ | return 0; | ||
+ | } | ||
+ | else | ||
+ | { | ||
+ | return 00 81 00 00 00 00 00 00; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | |||
+ | // Some decrypt function. | ||
+ | // KEYBLOB seems to be 16 byte in practice. | ||
+ | any_t | ||
+ | dev_0xd8 (blob_t ciphertext, blob_t keyblob) | ||
+ | { | ||
+ | blob_t key = keyblob XOR concat (dict[0xfc], | ||
+ | // Side-effect. | ||
+ | dict[0xdb] = key; | ||
+ | |||
+ | blob_t hashed_key = SHA1 (key[0..14]); | ||
+ | blob_t des_iv = hashed_key[0..7]; | ||
+ | blob_t des_key = hashed_key[8..15] | ||
+ | |||
+ | blob_t data = DES_CBC_Decrypt (ciphertext, | ||
+ | |||
+ | // Decrypt with ocmmod cipher. | ||
+ | int len = blob_length (data); | ||
+ | // Round up to multiple of 8. | ||
+ | len = (len + 7) / 8 * 8; | ||
+ | blob_t plaintext = repeat_nul (len); | ||
+ | plaintext = native:: | ||
+ | |||
+ | // Return deserialized object. | ||
+ | return decode_asn1 (plaintext); | ||
+ | } | ||
+ | |||
+ | |||
+ | // Some encrypt function. | ||
+ | // KEYBLOB seems to be 16 byte in practice. | ||
+ | blob_t | ||
+ | dev_0xd9 (any_t plainobj, blob_t keyblob) | ||
+ | { | ||
+ | blob_t key = keyblob XOR concat (dict[0xfc], | ||
+ | // Side-effect. | ||
+ | dict[0xdb] = key; | ||
+ | |||
+ | // Serialization. | ||
+ | plaintext = encode_asn1 (plaintext); | ||
+ | |||
+ | // Encrypt with ocmmod cipher. | ||
+ | int len = blob_length (data); | ||
+ | // Round up to multiple of 8. | ||
+ | len = (len + 7) / 8 * 8; | ||
+ | blob_t data = repeat_nul (len); | ||
+ | blob_t hashed_key = SHA1 (key[0..14]); | ||
+ | data = native:: | ||
+ | |||
+ | // Encrypt DES. | ||
+ | blob_t des_iv = hashed_key[0..7]; | ||
+ | blob_t des_key = hashed_key[8..15] | ||
+ | blob_t ciphertext = DES_CBC_Decrypt (data, des_iv, des_key, 0xd7_DESEncrypt); | ||
+ | |||
+ | return ciphertext; | ||
+ | } | ||
+ | </ | ||
+ |
devicesal.txt · Last modified: 2024/05/20 20:15 by nopsled