devicesal
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
devicesal [2009/05/05 07:37] – pasted devicesal info from windowsdll page megadiscman | devicesal [2009/05/27 12:31] – example for ssatrans marcus | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | Missing Info: | ||
+ | |||
+ | < | ||
+ | |||
+ | Dict 0xfc - contains an unknown 8 byte key, used in dev_0xd8, dev_0xd9. | ||
+ | |||
+ | </ | ||
+ | |||
+ | Native modules: | ||
+ | < | ||
+ | // CBC Encrypt/ | ||
+ | // Block size of the cipher is 64 bit, key length is 160 bit. | ||
+ | blob_t | ||
+ | native:: | ||
+ | { | ||
+ | if (decrypt) | ||
+ | ocmmod_cbc_decrypt (in, out, key, len); | ||
+ | else | ||
+ | ocmmod_cbc_encrypt (in, out, key, blob_len (in)); | ||
+ | |||
+ | return out; | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | |||
< | < | ||
int | int | ||
Line 77: | Line 102: | ||
// Some decrypt function. | // Some decrypt function. | ||
+ | // KEYBLOB seems to be 16 byte in practice. | ||
any_t | any_t | ||
- | dev_0xd8 (blob_t | + | dev_0xd8 (blob_t |
{ | { | ||
- | blob_t | + | blob_t |
- | dict[0xdb] = data3; | + | // Side-effect. |
+ | dict[0xdb] = key; | ||
- | blob_t | + | blob_t |
- | blob_t | + | blob_t |
- | blob_t | + | blob_t |
- | blob_t | + | blob_t |
- | int len = blob_length (dec_data); | + | |
+ | | ||
// Round up to multiple of 8. | // Round up to multiple of 8. | ||
len = (len + 7) / 8 * 8; | len = (len + 7) / 8 * 8; | ||
+ | blob_t plaintext = repeat_nul (len); | ||
+ | plaintext = native:: | ||
- | blob_t | + | |
- | // Modifies OUT. | + | return decode_asn1 (plaintext); |
- | | + | } |
- | | + | |
+ | |||
+ | // Some encrypt function. | ||
+ | // KEYBLOB seems to be 16 byte in practice. | ||
+ | blob_t | ||
+ | dev_0xd9 (any_t plainobj, blob_t keyblob) | ||
+ | { | ||
+ | blob_t key = keyblob XOR concat | ||
+ | // Side-effect. | ||
+ | dict[0xdb] = key; | ||
+ | |||
+ | // Serialization. | ||
+ | plaintext = encode_asn1 (plaintext); | ||
+ | |||
+ | // Encrypt with ocmmod cipher. | ||
+ | int len = blob_length (data); | ||
+ | // Round up to multiple of 8. | ||
+ | len = (len + 7) / 8 * 8; | ||
+ | blob_t data = repeat_nul (len); | ||
+ | blob_t hashed_key = SHA1 (key[0..14]); | ||
+ | | ||
+ | |||
+ | | ||
+ | blob_t des_iv = hashed_key[0..7]; | ||
+ | blob_t des_key = hashed_key[8..15] | ||
+ | blob_t ciphertext = DES_CBC_Decrypt | ||
+ | |||
+ | return ciphertext; | ||
} | } | ||
</ | </ | ||
+ | NOT part of device.sal, but for lack of a better place, here an example of SsaTrans on updater.ocm: | ||
+ | |||
+ | < | ||
+ | $ SsaTrans updater.ocm | ||
+ | BCSeedRand63 (1, " | ||
+ | BCSetCryptTable (" | ||
+ | v_39 = BCNewBlob (8); | ||
+ | v_41 = BCDES_SetKey (" | ||
+ | arg_0 = Unknown | ||
+ | v_43 = BCDES_CBC BCDDecrypt (arg_0, v_39, v_41, " | ||
+ | v_44 = BCBlobLength (v_43); | ||
+ | v_46 = BCBlobLength ("< | ||
+ | v_49 = BCSubBlob (v_43, v_44 - v_46, -1); | ||
+ | v_51 = BCCompareBlob (v_49, "< | ||
+ | if (v_51 == 0) [1 -> 1] | ||
+ | { | ||
+ | return [v_43, 1]; | ||
+ | } | ||
+ | else [1 -> 1] | ||
+ | { | ||
+ | return [0]; | ||
+ | } | ||
+ | v_56 = BCIfElse (v_43); | ||
+ | v_57 = BCSerialize (v_56); | ||
+ | return v_57; | ||
+ | </ |
devicesal.txt · Last modified: 2024/05/20 20:15 by nopsled