WebSVN – freemyipod – Diff – /embios/trunk/tools/libipodcrypto.py



def s5l8701cryptdfu(data):
    data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")
    header = "87011.0\0\0\x08\0\0" + struct.pack("<I", len(data))
    embios = libembios.Embios()
    embios.write(0x08000000, header.ljust(0x800, "\0") + data)
 
    embios.hmac_sha1(0x08000800, len(data), 0x08000010)
    embios.hmac_sha1(0x08000000, 0x40, 0x08000040)
    embios.aesencrypt(0x08000000, len(data) + 0x800, 1)
    return embios.read(0x08000000, len(data) + 0x800)
 
 
def s5l8701decryptdfu(data):
    embios = libembios.Embios()
    embios.write(0x08000000, data)
 
    embios.aesdecrypt(0x08000000, len(data), 1)
    return embios.read(0x08000800, len(data) - 0x800)
 
 
def s5l8701cryptfirmware(data):
    data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")
    header = "\0\0\0\0\x02\0\0\0\x01\0\0\0\x40\0\0\0\0\0\0\0" + struct.pack("<I", len(data))
    embios = libembios.Embios()
    embios.write(0x08000000, header.ljust(0x800, "\0") + data)
 
    embios.hmac_sha1(0x08000800, len(data), 0x0800001c)
    embios.hmac_sha1(0x08000000, 0x200, 0x080001d4)
    embios.aesencrypt(0x08000800, len(data), 1)
    return embios.read(0x08000000, len(data) + 0x800)
 
 
def s5l8701decryptfirmware(data):
    embios = libembios.Embios()
    embios.write(0x08000000, data)
 
    embios.aesdecrypt(0x08000800, len(data) - 0x800, 1)
    return embios.read(0x08000800, len(data) - 0x800)
 
 
def s5l8702cryptnor(data):
    data = data.ljust((len(data) + 0xf) & ~0xf, "\0")
    header = "87021.0\x01\0\0\0\0" + struct.pack("<I", len(data)) + hashlib.sha1(data).digest()[:0x10]
    embios = libembios.Embios()
    embios.write(0x08000000, header.ljust(0x800, "\0") + data)
 
    embios.aesencrypt(0x08000800, len(data), 2)
    embios.aesencrypt(0x08000010, 0x10, 2)
    embios.write(0x08000040, hashlib.sha1(embios.read(0x08000000, 0x40)).digest()[:0x10])
    embios.aesencrypt(0x08000040, 0x10, 2)
    return embios.read(0x08000000, len(data) + 0x800)
 
 
def s5l8702decryptnor(data):
    embios = libembios.Embios()
    embios.write(0x08000000, data[0x800:])
 
    embios.aesdecrypt(0x08000000, len(data) - 0x800, 1)
    return embios.read(0x08000000, len(data) - 0x800)
 
 
def s5l8702genpwnage(data):
    cert = open(os.path.dirname(__file__) + "/libipodcrypto/s5l8702pwnage.cer", "rb").read()
    data = data.ljust(max(0x840, (len(data) + 0xf) & ~0xf), "\0")
    header = ("87021.0\x03\0\0\0\0" + struct.pack("<IIII", len(data) - 0x830, len(data) - 0x4f6, len(data) - 0x7b0, 0x2ba)).ljust(0x40, "\0")
    embios = libembios.Embios()
    embios.write(0x08000000, header + hashlib.sha1(header).digest()[:0x10])
 
    embios.aesencrypt(0x08000040, 0x10, 1)
    return embios.read(0x08000000, 0x50) + data + cert.ljust((len(cert) + 0xf) & ~0xf, "\0")
 
 
def s5l8701cryptdfufile(infile, outfile):

Subversion Repositories freemyipod

(root)/embios/trunk/tools/libipodcrypto.py @ 397 – Rev 359 → 397

Rev 359		Rev 397
Line 35...		Line 35...
35	`def s5l8701cryptdfu(data):`	35	`def s5l8701cryptdfu(data):`
36	`data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")`	36	`data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")`
37	`header = "87011.0\0\0\x08\0\0" + struct.pack("<I", len(data))`	37	`header = "87011.0\0\0\x08\0\0" + struct.pack("<I", len(data))`
38	`embios = libembios.Embios()`	38	`embios = libembios.Embios()`
39	`embios.write(0x08000000, header.ljust(0x800, "\0") + data)`	39	`embios.write(0x08000000, header.ljust(0x800, "\0") + data)`
40	`embios.lib.dev.timeout = 20000`	-
41	`embios.hmac_sha1(0x08000800, len(data), 0x08000010)`	40	`embios.hmac_sha1(0x08000800, len(data), 0x08000010)`
42	`embios.hmac_sha1(0x08000000, 0x40, 0x08000040)`	41	`embios.hmac_sha1(0x08000000, 0x40, 0x08000040)`
43	`embios.aesencrypt(0x08000000, len(data) + 0x800, 1)`	42	`embios.aesencrypt(0x08000000, len(data) + 0x800, 1)`
44	`return embios.read(0x08000000, len(data) + 0x800)`	43	`return embios.read(0x08000000, len(data) + 0x800)`
45		44
46		45
47	`def s5l8701decryptdfu(data):`	46	`def s5l8701decryptdfu(data):`
48	`embios = libembios.Embios()`	47	`embios = libembios.Embios()`
49	`embios.write(0x08000000, data)`	48	`embios.write(0x08000000, data)`
50	`embios.lib.dev.timeout = 20000`	-
51	`embios.aesdecrypt(0x08000000, len(data), 1)`	49	`embios.aesdecrypt(0x08000000, len(data), 1)`
52	`return embios.read(0x08000800, len(data) - 0x800)`	50	`return embios.read(0x08000800, len(data) - 0x800)`
53		51
54		52
55	`def s5l8701cryptfirmware(data):`	53	`def s5l8701cryptfirmware(data):`
56	`data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")`	54	`data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")`
57	`header = "\0\0\0\0\x02\0\0\0\x01\0\0\0\x40\0\0\0\0\0\0\0" + struct.pack("<I", len(data))`	55	`header = "\0\0\0\0\x02\0\0\0\x01\0\0\0\x40\0\0\0\0\0\0\0" + struct.pack("<I", len(data))`
58	`embios = libembios.Embios()`	56	`embios = libembios.Embios()`
59	`embios.write(0x08000000, header.ljust(0x800, "\0") + data)`	57	`embios.write(0x08000000, header.ljust(0x800, "\0") + data)`
60	`embios.lib.dev.timeout = 20000`	-
61	`embios.hmac_sha1(0x08000800, len(data), 0x0800001c)`	58	`embios.hmac_sha1(0x08000800, len(data), 0x0800001c)`
62	`embios.hmac_sha1(0x08000000, 0x200, 0x080001d4)`	59	`embios.hmac_sha1(0x08000000, 0x200, 0x080001d4)`
63	`embios.aesencrypt(0x08000800, len(data), 1)`	60	`embios.aesencrypt(0x08000800, len(data), 1)`
64	`return embios.read(0x08000000, len(data) + 0x800)`	61	`return embios.read(0x08000000, len(data) + 0x800)`
65		62
66		63
67	`def s5l8701decryptfirmware(data):`	64	`def s5l8701decryptfirmware(data):`
68	`embios = libembios.Embios()`	65	`embios = libembios.Embios()`
69	`embios.write(0x08000000, data)`	66	`embios.write(0x08000000, data)`
70	`embios.lib.dev.timeout = 20000`	-
71	`embios.aesdecrypt(0x08000800, len(data) - 0x800, 1)`	67	`embios.aesdecrypt(0x08000800, len(data) - 0x800, 1)`
72	`return embios.read(0x08000800, len(data) - 0x800)`	68	`return embios.read(0x08000800, len(data) - 0x800)`
73		69
74		70
75	`def s5l8702cryptnor(data):`	71	`def s5l8702cryptnor(data):`
76	`data = data.ljust((len(data) + 0xf) & ~0xf, "\0")`	72	`data = data.ljust((len(data) + 0xf) & ~0xf, "\0")`
77	`header = "87021.0\x01\0\0\0\0" + struct.pack("<I", len(data)) + hashlib.sha1(data).digest()[:0x10]`	73	`header = "87021.0\x01\0\0\0\0" + struct.pack("<I", len(data)) + hashlib.sha1(data).digest()[:0x10]`
78	`embios = libembios.Embios()`	74	`embios = libembios.Embios()`
79	`embios.write(0x08000000, header.ljust(0x800, "\0") + data)`	75	`embios.write(0x08000000, header.ljust(0x800, "\0") + data)`
80	`embios.lib.dev.timeout = 20000`	-
81	`embios.aesencrypt(0x08000800, len(data), 2)`	76	`embios.aesencrypt(0x08000800, len(data), 2)`
82	`embios.aesencrypt(0x08000010, 0x10, 2)`	77	`embios.aesencrypt(0x08000010, 0x10, 2)`
83	`embios.write(0x08000040, hashlib.sha1(embios.read(0x08000000, 0x40)).digest()[:0x10])`	78	`embios.write(0x08000040, hashlib.sha1(embios.read(0x08000000, 0x40)).digest()[:0x10])`
84	`embios.aesencrypt(0x08000040, 0x10, 2)`	79	`embios.aesencrypt(0x08000040, 0x10, 2)`
85	`return embios.read(0x08000000, len(data) + 0x800)`	80	`return embios.read(0x08000000, len(data) + 0x800)`
86		81
87		82
88	`def s5l8702decryptnor(data):`	83	`def s5l8702decryptnor(data):`
89	`embios = libembios.Embios()`	84	`embios = libembios.Embios()`
90	`embios.write(0x08000000, data[0x800:])`	85	`embios.write(0x08000000, data[0x800:])`
91	`embios.lib.dev.timeout = 20000`	-
92	`embios.aesdecrypt(0x08000000, len(data) - 0x800, 1)`	86	`embios.aesdecrypt(0x08000000, len(data) - 0x800, 1)`
93	`return embios.read(0x08000000, len(data) - 0x800)`	87	`return embios.read(0x08000000, len(data) - 0x800)`
94		88
95		89
96	`def s5l8702genpwnage(data):`	90	`def s5l8702genpwnage(data):`
97	`cert = open(os.path.dirname(__file__) + "/libipodcrypto/s5l8702pwnage.cer", "rb").read()`	91	`cert = open(os.path.dirname(__file__) + "/libipodcrypto/s5l8702pwnage.cer", "rb").read()`
98	`data = data.ljust(max(0x840, (len(data) + 0xf) & ~0xf), "\0")`	92	`data = data.ljust(max(0x840, (len(data) + 0xf) & ~0xf), "\0")`
99	`header = ("87021.0\x03\0\0\0\0" + struct.pack("<IIII", len(data) - 0x830, len(data) - 0x4f6, len(data) - 0x7b0, 0x2ba)).ljust(0x40, "\0")`	93	`header = ("87021.0\x03\0\0\0\0" + struct.pack("<IIII", len(data) - 0x830, len(data) - 0x4f6, len(data) - 0x7b0, 0x2ba)).ljust(0x40, "\0")`
100	`embios = libembios.Embios()`	94	`embios = libembios.Embios()`
101	`embios.write(0x08000000, header + hashlib.sha1(header).digest()[:0x10])`	95	`embios.write(0x08000000, header + hashlib.sha1(header).digest()[:0x10])`
102	`embios.lib.dev.timeout = 5000`	-
103	`embios.aesencrypt(0x08000040, 0x10, 1)`	96	`embios.aesencrypt(0x08000040, 0x10, 1)`
104	`return embios.read(0x08000000, 0x50) + data + cert.ljust((len(cert) + 0xf) & ~0xf, "\0")`	97	`return embios.read(0x08000000, 0x50) + data + cert.ljust((len(cert) + 0xf) & ~0xf, "\0")`
105		98
106		99
107	`def s5l8701cryptdfufile(infile, outfile):`	100	`def s5l8701cryptdfufile(infile, outfile):`