DokuWiki

User Tools

Site Tools

Trace:
devicesal

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Last revisionBoth sides next revision
devicesal [2009/05/05 07:35] – created dummy megadiscmandevicesal [2009/05/27 12:31] – example for ssatrans marcus
Line 1: Line 1:
-dummy+Missing Info: 
 + 
 +<code> 
 + 
 +Dict 0xfc - contains an unknown 8 byte key, used in dev_0xd8, dev_0xd9. 
 + 
 +</code> 
 + 
 +Native modules: 
 +<code> 
 +// CBC Encrypt/Decrypt.  The OUT buffer must be pre-allocated. 
 +// Block size of the cipher is 64 bit, key length is 160 bit. 
 +blob_t 
 +native::ocmmod (blob_t in, blob_t out, blob_t key, int len, int decrypt) 
 +
 +  if (decrypt) 
 +    ocmmod_cbc_decrypt (in, out, key, len); 
 +  else 
 +    ocmmod_cbc_encrypt (in, out, key, blob_len (in)); 
 + 
 +  return out; 
 +
 +</code> 
 + 
 + 
 +<code> 
 +int 
 +dev_0x01 (blob_t someblob, bool_t somebool) 
 +
 +  int res; 
 + 
 +  if (somebool == 1) 
 +    { 
 +      res = dev_0x00 (someblob); 
 +      if (res != 0) 
 +        return res; 
 +    } 
 +  int some_nr = (unsigned) SubBlob (someblob, 0, 4); 
 +  int some_nr2 = (unsigned) dev_0xd1 (some_nr); 
 +  res = "localekb" (some_nr2); 
 +  // FIXME: Don't know the stack layout after this. 
 + 
 +  if (res != 0) 
 +    return;  // but what? 
 + 
 +  blob_t someblob2;  // probably from localekb 
 + 
 +  int some_nr3 = (signed) SubBlob (someblob2, 0, 4) + 1; 
 +  vector<blob_t> vec; 
 +  do 
 +    { 
 +      vec.append (SubBlob (some_nr3 * 16, 24)); 
 +    } 
 +  while (some_nr3-- >= 0); 
 + 
 + 
 +  int some_nr3 = (signed) SubBlob (someblob2, 0, 4); 
 +  res = dev_0xc1 (some_nr3); 
 +  if (res != 0) 
 +     return res; 
 + 
 +  int some_nr4 = (signed) SubBlob (someblob2, 16, 4); 
 +  if (some_nr3 == some_nr4) 
 +    return 0; 
 +  else 
 +    return 8; 
 + 
 +  // is vec returned as well?  it's still on the stack. 
 +
 + 
 + 
 +int 
 +dev_0xb7 (any_t thing) 
 +
 +  if (get_type (thing) != TYPE_BLOB) 
 +    return 0; 
 +  if (thing[2] == 0x31) 
 +    return 2; 
 +  else 
 +    { 
 +      if (! strncmp (thing, "\x31\x31", 2)) 
 +        return 1; 
 +      else 
 +        return 0; 
 +    } 
 +
 + 
 +block_t 
 +dev_0xd1 (int nr) 
 +
 +  if (nr > 1) 
 +    { 
 +      0x80 ("Invalid version..."); 
 +      return 0; 
 +    } 
 +  else 
 +    { 
 +      return 00 81 00 00 00 00 00 00; 
 +    } 
 +
 + 
 + 
 +// Some decrypt function. 
 +// KEYBLOB seems to be 16 byte in practice. 
 +any_t 
 +dev_0xd8 (blob_t ciphertext, blob_t keyblob) 
 +
 +  blob_t key = keyblob XOR concat (dict[0xfc], dict[0xfc]); 
 +  // Side-effect. 
 +  dict[0xdb] = key; 
 + 
 +  blob_t hashed_key = SHA1 (key[0..14]); 
 +  blob_t des_iv = hashed_key[0..7]; 
 +  blob_t des_key = hashed_key[8..15] 
 + 
 +  blob_t data = DES_CBC_Decrypt (ciphertext, des_iv, des_key, 0xd8_DESDecrypt); 
 +  
 +  // Decrypt with ocmmod cipher. 
 +  int len = blob_length (data); 
 +  // Round up to multiple of 8. 
 +  len = (len + 7) / 8 * 8; 
 +  blob_t plaintext = repeat_nul (len); 
 +  plaintext = native::ocmmod (data, plaintext, hashed_key, len, 1); 
 + 
 +  // Return deserialized object. 
 +  return decode_asn1 (plaintext); 
 +
 + 
 + 
 +// Some encrypt function. 
 +// KEYBLOB seems to be 16 byte in practice. 
 +blob_t 
 +dev_0xd9 (any_t plainobj, blob_t keyblob) 
 +
 +  blob_t key = keyblob XOR concat (dict[0xfc], dict[0xfc]); 
 +  // Side-effect. 
 +  dict[0xdb] = key; 
 + 
 +  // Serialization. 
 +  plaintext = encode_asn1 (plaintext); 
 + 
 +  // Encrypt with ocmmod cipher. 
 +  int len = blob_length (data); 
 +  // Round up to multiple of 8. 
 +  len = (len + 7) / 8 * 8; 
 +  blob_t data = repeat_nul (len); 
 +  blob_t hashed_key = SHA1 (key[0..14]); 
 +  data = native::ocmmod (plaintext, data, hashed_key, len, 0); 
 + 
 +  // Encrypt DES. 
 +  blob_t des_iv = hashed_key[0..7]; 
 +  blob_t des_key = hashed_key[8..15] 
 +  blob_t ciphertext = DES_CBC_Decrypt (data, des_iv, des_key, 0xd7_DESEncrypt); 
 + 
 +  return ciphertext; 
 +
 +</code> 
 + 
 +NOT part of device.sal, but for lack of a better place, here an example of SsaTrans on updater.ocm: 
 + 
 +<code> 
 +$ SsaTrans updater.ocm 
 +BCSeedRand63 (1, "j5\162\GS\140<,\f"); 
 +BCSetCryptTable ("L\225\164\152\DC1\RSD?\216f\198!\196\154\154\201\195b \192l^V\176r\245\151*\245[[\DC1\NULV#"...); 
 +v_39 = BCNewBlob (8); 
 +v_41 = BCDES_SetKey ("\188k\180(\150\EOT,\138"); 
 +arg_0 = Unknown 
 +v_43 = BCDES_CBC BCDDecrypt (arg_0, v_39, v_41, "\216"); 
 +v_44 = BCBlobLength (v_43); 
 +v_46 = BCBlobLength ("<!--omg certificated-->"); 
 +v_49 = BCSubBlob (v_43, v_44 - v_46, -1); 
 +v_51 = BCCompareBlob (v_49, "<!--omg certificated-->"); 
 +if (v_51 == 0) [1 -> 1] 
 +  { 
 +    return [v_43, 1]; 
 +  } 
 +else [1 -> 1] 
 +  { 
 +    return [0]; 
 +  } 
 +v_56 = BCIfElse (v_43); 
 +v_57 = BCSerialize (v_56); 
 +return v_57; 
 +</code>
devicesal.txt · Last modified: 2009/06/02 01:44 by marcus
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki