DokuWiki

User Tools

Site Tools

Trace:
netmdocm

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
netmdocm [2009/06/27 11:32] nopslednetmdocm [2011/01/16 17:59] (current) nopsled
Line 166: Line 166:
 ASN.1 Sequence with a data structure that is setup and manipulated by functions called through DICT 187 (these functions are in DICT 188). ASN.1 Sequence with a data structure that is setup and manipulated by functions called through DICT 187 (these functions are in DICT 188).
  
-30 80 +  30 80 
-      02 02 03E9 +        02 02 03E9 
-      04 14 43EA428F71EE7B665D10752E85AB16E5A50C6249 ; MAC +        04 14 43EA428F71EE7B665D10752E85AB16E5A50C6249 ; MAC 
-      04 14 638163B82C4E31810FBEE01B2E7FC25B879586E3 +        04 14 638163B82C4E31810FBEE01B2E7FC25B879586E3 ; Enc(CKEY) ? Offset 0x1E according to Jan (// key is at offset 0x1E! (OMGDecrypter.cpp) 
-      30 80 02 01 6B ; 17 (some time stamp) +        30 80 02 01 6B ; 17 (some time stamp) 
-            02 04 48C2298F +              02 04 48C2298F 
-            02 01 07 ; 7 == creation time of structure +              02 01 07 ; 7 == creation time of structure 
-            02 04 48C2298F +              02 04 48C2298F 
-            02 01 6D ; 109 +              02 01 6D ; 109 
-            02 01 00 +              02 01 00 
-            02 01 65 ; 101 +              02 01 65 ; 101 
-            04 14 C04B513EDE54342D709D0CB8621E646FDDCB345E +              04 14 C04B513EDE54342D709D0CB8621E646FDDCB345E 
-            02 01 00 ; 0 == scrambled form of the maclist id == SalOmgId +              02 01 00 ; 0 == scrambled form of the maclist id == SalOmgId 
-            04 14 010F50000004000000EFF3C3244C602635178457 +              04 14 010F50000004000000EFF3C3244C602635178457 
-            02 01 68 ; 104 +              02 01 68 ; 104 
-            02 02 1FD7 +              02 02 1FD7 
-            02 01 06 ; 6 == source name +              02 01 06 ; 6 == source name 
-            04 15 72617720636F6E74656E7420696D706F7274696E67 +              04 15 72617720636F6E74656E7420696D706F7274696E67 
-                   r a w   c o n t e n t   i m p o r t i n g +                     r a w   c o n t e n t   i m p o r t i n g 
-            02 01 67 ; 103 == flags? +              02 01 67 ; 103 == flags? 
-            02 01 02 +              02 01 02 
-            02 01 01 ; 1 == max checkout? +              02 01 01 ; 1 == max checkout? 
-            02 01 03 +              02 01 03 
-            02 01 08 ; 8 == checkout count? +              02 01 08 ; 8 == checkout count? 
-            02 01 03 +              02 01 03 
-            02 01 05 ; 5 == flags (1|2|4) +              02 01 05 ; 5 == flags (1|2|4) 
-            02 01 04 +              02 01 04 
-            0000 ; End array +              0000 ; End array 
-      30 80 0000 ; Empty array +        30 80 0000 ; Empty array 
-      0000 ; End array+        0000 ; End array
  
 ===== maclist1.dat ===== ===== maclist1.dat =====
Line 905: Line 905:
 ===== maclist(1) ===== ===== maclist(1) =====
  
-/* +XOR the SalOmgId with a constant keyexpand that to a symmetric key and apply to the SHA-1 hash of MACLIST.  Compare the result with param3 and return 1 if they are equal.  In other wordsparam3 is a complicated hash of the MACLIST.
-Procedure prototype: +
- maclist(01) +
- +
-Input: +
- +
-SalNonConstPointer const &, +
-SalPointer const &, +
-SalOmgId const &, +
-long, +
-SalExtrinsicsProg const & +
- +
-Output: +
- +
-long +
- +
-*/+
  
 ===== Sample input: ===== ===== Sample input: =====
Line 947: Line 931:
 } ; } ;
  
- 
-XOR the SalOmgId with a constant key, expand that to a symmetric key and apply to the SHA-1 hash of MACLIST.  Compare the result with param3 and return 1 if they are equal.  In other words, param3 is a complicated hash of the MACLIST. 
  
 ===== maclist(8) ===== ===== maclist(8) =====
Line 955: Line 937:
  
 In other words, this extracts the 0-extension of a MACLIST and an encrypted hash of that. In other words, this extracts the 0-extension of a MACLIST and an encrypted hash of that.
 +
 +See pcmaclist(6)
  
 /* /*
Line 1063: Line 1047:
 } ; } ;
  
-===== nc_omgtomsa(4) =====+===== nc_omgtomsa(0) =====
  
 /* /*
Line 1103: Line 1087:
  
 ===== querycif(09) - Get KEK encrypted content key ===== ===== querycif(09) - Get KEK encrypted content key =====
- 
-/* 
-Procedure prototype: 
- querycif(09) 
- 
-Input: 
- 
-SalPointer const &, 
-SalPointer const &, 
-long, 
-long, 
-SalPointer const &, 
-SalOmgId const &, 
-SalPointer const &, 
-long, 
-SalExtrinsicsProg const &, 
- 
-Output: 
- 
-SalAsnSeqBegin, 
-long &, 
-OmgString & 
-querycif(09) 
- 
-Process File, SalOmgId, param3, long (3), long (3), Ekb capability table, 00010001_EKB -> Enc(CKEY, KEK) 
-  
-*/ 
-  
- 
-unsigned char param3[24] = 
-{ 
-    0x46, 0x73, 0xE4, 0x89, 0x6A, 0xA9, 0x0B, 0x96, 0x69, 0x43, 0xAA, 0x39, 0x99, 0xE2, 0x08, 0xC4,  
-    0xF8, 0xCA, 0x19, 0x2E, 0x38, 0xE2, 0x3E, 0x4C,  
-} ; 
- 
-unsigned char param6_EkbCapabilityTable[24] = 
-{ 
-    0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x03, 0x00, 0x00, 0x00,  
-    0x02, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,  
-} ; 
- 
- 
-/* Return value. TODO: double check */ 
- 
-unsigned char return_value[11] = 
-{ 
-    0x30, 0x80, 0x02, 0x01, 0x00, 0x04, 0x08, 0x82, 0x19, 0x23, 0xFD,  
-} ; 
  
 <code> <code>
Line 1203: Line 1139:
  
  
- 
- 
-function GetKekEncCKEY(blob_t OpfImage (arg_2), blob_t EkbCapTableBody (arg_3)) 
-{ 
- Array ProcessFile[5]; 
-  
- dict[4] = EkbCapTableBody; 
- ProcessFile = decode_asn1(opf_image); 
- dict[3] = OpfImage; 
- 
- //  
- // Calculate HMAC for the opf[3] usage information. Check if it matches with the HMAC value in opf[1] 
-        // 
-        // ProcessFile[1]:  HMAC(opf[3], saldec(opf[2])) 
- 
- blob_t dec_pf2 = devicesal_220_decrypt_hook_249(ProcessFile[2],  EkbCapTableBody); 
- blob_t serialized_opf3 = BCSerialize(ProcessFile[3]); 
- blob_t key = concat ( dec_pf2, serialized_opf3 ); 
- blob_t hasked_key = inline::SHA-1 ( key, 0); 
- blob_t key_pf2 = concat ( dec_pf2, hashed_key ); 
- blob_t hashed_key_pf2 = inline:SHA-1 (key_pf2); 
-  
-        // if( HMAC(opf[3], saldec(opf[2]) == ProcessFile[1]) 
-        // 
-        // 
- if (compare_blob (hashed_key_pf2, ProcessFile[1])  == 0) // 0xffff  
- // Test_Small_Int_For_Zero -> 0 (acc) 
- { 
- ... todo 
- } 
-} 
  
 </code> </code>
Line 1243: Line 1148:
 netmd(0) netmd(0)
  
-Process file, unknown blob, Ekb capability table, 00010002ekb, unknown blob, Content id, SalOmgId -> unknown blob+Process file, unknown blob, Ekb capability table, 00010002ekb, unknown blob, Content id, SalOmgId -> ASN.1([status,nonce,checkout_context]) 
 + 
 +status = 0: Success, nonce will be used to authenticate NetMD unit, checkout_context contains all data to continue processing. 
 +status != 0: Error, nonce and checkout_context don't exist
  
 Procedure prototype: Procedure prototype:
Line 1489: Line 1397:
  
  
-===== netmd.ocm Decompiled ===== 
-<code> 
- 
-Dict[0xf9] = {0x63, 0x81, 0x63, 0xB8, 0x2C, 0x4E, 0x31,  
-              0x81, 0x0F, 0xBE, 0xE0, 0x1B, 0x2E, 0x7F,  
-              0xC2, 0x5B, 0x87, 0x95, 0x86, 0xE3}; 
- 
- 
-// CIPHERTEXT must be a serialized and encrypted blob (see dev_0xd8/dev_0xd9). 
-// The PLAINTEXT is appended to that blob and the serialized and encrypted result is returned. 
-blob_t 
-netmd_0x07 (blob_t key, blob_t some_plaintext, blob_t some_ciphertext) 
-{ 
-  static blob_t pad[16] = { 0x33, 0x4a, 0x18, 0x94, 0xc1, 0xf3, 0x83, 0xf6, 
-                            0xd3, 0xeb, 0x6a, 0xc2, 0xad, 0x13, 0x07, 0xca }; 
-  blob_t data = dev_0xd8 (some_ciphertext, XOR (key, pad)); 
-  data = CONCAT (data, some_plaintext); 
-  return dev_0xd9 (data, XOR (key, pad)); 
-} 
-</code> 
- 
-===== icv.ocm Decompiled ===== 
- 
-<code> 
- 
-// 
-// Generate a SalOmgId 
-// 
-//   Example: 30 80 0410010F5000000400000000006E2B2A75BA 00 00 
-//    
-//   <OMG Directory>\OMGKEY\omg_id..dat 
-// 
-// Note: When OpenMG is used (trough the UI) for the first time this value is generated,  
-//       by calling the salwrap function getSalOmgId. 
-// 
-//                   const unsigned __int8 *__cdecl getSalOmgId() 
-// 
-blob_t icv(07) 
-{ 
- blob_t SalIdPRNG  = BCX_1C_GetPRNGBytes(5); 
- static blob_t PrefixSalOmgId[8] = {0x01,0x0F,0x50,0x00,0x00,0x04,0x00,0x00};  
- data = BCX_01_Concat(PrefixSalOmgId, SalIdPRNG); 
- Push 1 
- Pack_To_Array 
- Create_Array 
-} 
-</code> 
- 
-===== maclist.ocm  ===== 
- 
-// maclist(1) 
-// 
-// work in progress 
- 
-<code> 
- 
-int  
-maclist_0x01(blob_t SalOmgId, blob_t maclist2dat, blob_t OmgIcvCache) 
-{ 
-  static blob_t pad[16] = {0x20, 0xBE, 0xDE, 0x72, 0xA3, 0xB8, 0x62, 0x60,  
-                           0x71, 0x44, 0x3A, 0x33, 0xE9, 0xAC, 0x69, 0xCE}; 
-  static SHA1state, hash_maclist, hash_maclist_salomgid, xor_SalOmgId; 
- 
-  SHA1state             = BCX_19_InitSHA1(); 
-  BCX_1A_SHA1AddData(maclist, 0, SHA1state); 
-  hash_maclist         = BCX_1B_SHA1Finish(SHA1state); 
- 
-  xor_SalOmgId          = BCX_06_XorBlobs(SalOmgId, pad); 
-  hash_maclist_salomgid = salenc_sha1(SalOmgId_xor, hash_maclist); 
- 
-  hash_maclist == hash_xorSalOmgId? TRUE: FALSE   
-} 
  
-</code>  
netmdocm.1246102333.txt.gz · Last modified: 2009/06/27 11:32 by nopsled
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki