| Line 32... |
Line 32... |
| 32 |
import libemcoredata
|
32 |
import libemcoredata
|
| 33 |
|
33 |
|
| 34 |
|
34 |
|
| 35 |
def s5l8701cryptdfu(data):
|
35 |
def s5l8701cryptdfu(data):
|
| 36 |
data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")
|
36 |
data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")
|
| 37 |
header = "87011.0\0\0\x08\0\0" + struct.pack("<I", len(data))
|
37 |
header = "87011.0\0\0\0x8\0\0" + struct.pack("<I", len(data))
|
| 38 |
emcore = libemcore.Emcore()
|
38 |
emcore = libemcore.Emcore()
|
| - |
|
39 |
addr = emcore.memalign(0x10, len(data) + 0x800)
|
| 39 |
emcore.write(0x08000000, header.ljust(0x800, "\0") + data)
|
40 |
emcore.write(addr, header.ljust(0x800, "\0") + data)
|
| 40 |
emcore.hmac_sha1(0x08000800, len(data), 0x08000010)
|
41 |
emcore.hmac_sha1(addr + 0x800, len(data), addr + 0x10)
|
| 41 |
emcore.hmac_sha1(0x08000000, 0x40, 0x08000040)
|
42 |
emcore.hmac_sha1(addr, 0x40, addr + 0x40)
|
| 42 |
emcore.aesencrypt(0x08000000, len(data) + 0x800, 1)
|
43 |
emcore.aesencrypt(addr, len(data) + 0x800, 1)
|
| 43 |
return emcore.read(0x08000000, len(data) + 0x800)
|
44 |
data = emcore.read(addr, len(data) + 0x800)
|
| - |
|
45 |
emcore.free(addr)
|
| - |
|
46 |
return data
|
| 44 |
|
47 |
|
| 45 |
|
48 |
|
| 46 |
def s5l8701decryptdfu(data):
|
49 |
def s5l8701decryptdfu(data):
|
| - |
|
50 |
headersize = struct.unpack("<I", data[8:12])[0]
|
| 47 |
emcore = libemcore.Emcore()
|
51 |
emcore = libemcore.Emcore()
|
| - |
|
52 |
addr = emcore.memalign(0x10, len(data))
|
| 48 |
emcore.write(0x08000000, data)
|
53 |
emcore.write(addr, data)
|
| 49 |
emcore.aesdecrypt(0x08000000, len(data), 1)
|
54 |
emcore.aesdecrypt(addr, len(data), 1)
|
| 50 |
return emcore.read(0x08000800, len(data) - 0x800)
|
55 |
data = emcore.read(addr + headersize, len(data) - headersize)
|
| - |
|
56 |
emcore.free(addr)
|
| - |
|
57 |
return data
|
| 51 |
|
58 |
|
| 52 |
|
59 |
|
| 53 |
def s5l8701cryptfirmware(data):
|
60 |
def s5l8701cryptfirmware(data):
|
| 54 |
data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")
|
61 |
data = data.ljust((len(data) + 0x3f) & ~0x3f, "\0")
|
| 55 |
header = "\0\0\0\0\x02\0\0\0\x01\0\0\0\x40\0\0\0\0\0\0\0" + struct.pack("<I", len(data))
|
62 |
header = "\0\0\0\0\x02\0\0\0\x01\0\0\0\x40\0\0\0\0\0\0\0" + struct.pack("<I", len(data))
|
| 56 |
emcore = libemcore.Emcore()
|
63 |
emcore = libemcore.Emcore()
|
| - |
|
64 |
addr = emcore.memalign(0x10, len(data) + 0x800)
|
| 57 |
emcore.write(0x08000000, header.ljust(0x800, "\0") + data)
|
65 |
emcore.write(addr, header.ljust(0x800, "\0") + data)
|
| 58 |
emcore.hmac_sha1(0x08000800, len(data), 0x0800001c)
|
66 |
emcore.hmac_sha1(addr + 0x800, len(data), addr + 0x1c)
|
| 59 |
emcore.hmac_sha1(0x08000000, 0x200, 0x080001d4)
|
67 |
emcore.hmac_sha1(addr, 0x200, addr + 0x1d4)
|
| 60 |
emcore.aesencrypt(0x08000800, len(data), 1)
|
68 |
emcore.aesencrypt(addr + 0x800, len(data), 1)
|
| 61 |
return emcore.read(0x08000000, len(data) + 0x800)
|
69 |
data = emcore.read(addr, len(data) + 0x800)
|
| - |
|
70 |
emcore.free(addr)
|
| - |
|
71 |
return data
|
| 62 |
|
72 |
|
| 63 |
|
73 |
|
| 64 |
def s5l8701decryptfirmware(data):
|
74 |
def s5l8701decryptfirmware(data):
|
| 65 |
emcore = libemcore.Emcore()
|
75 |
emcore = libemcore.Emcore()
|
| - |
|
76 |
addr = emcore.memalign(0x10, len(data))
|
| 66 |
emcore.write(0x08000000, data)
|
77 |
emcore.write(addr, data)
|
| 67 |
emcore.aesdecrypt(0x08000800, len(data) - 0x800, 1)
|
78 |
emcore.aesdecrypt(addr + 0x800, len(data) - 0x800, 1)
|
| 68 |
return emcore.read(0x08000800, len(data) - 0x800)
|
79 |
data = emcore.read(addr + 0x800, len(data) - 0x800)
|
| - |
|
80 |
emcore.free(addr)
|
| - |
|
81 |
return data
|
| 69 |
|
82 |
|
| 70 |
|
83 |
|
| 71 |
def s5l8702cryptnor(data):
|
84 |
def s5l8702cryptnor(data):
|
| 72 |
data = data.ljust((len(data) + 0xf) & ~0xf, "\0")
|
85 |
data = data.ljust((len(data) + 0xf) & ~0xf, "\0")
|
| 73 |
header = "87021.0\x01\0\0\0\0" + struct.pack("<I", len(data)) + hashlib.sha1(data).digest()[:0x10]
|
86 |
header = "87021.0\x01\0\0\0\0" + struct.pack("<I", len(data)) + hashlib.sha1(data).digest()[:0x10]
|
| 74 |
emcore = libemcore.Emcore()
|
87 |
emcore = libemcore.Emcore()
|
| - |
|
88 |
addr = emcore.memalign(0x10, len(data))
|
| 75 |
emcore.write(0x08000000, header.ljust(0x800, "\0") + data)
|
89 |
emcore.write(addr, header.ljust(0x800, "\0") + data)
|
| 76 |
emcore.aesencrypt(0x08000800, len(data), 2)
|
90 |
emcore.aesencrypt(addr + 0x800, len(data), 2)
|
| 77 |
emcore.aesencrypt(0x08000010, 0x10, 2)
|
91 |
emcore.aesencrypt(addr + 0x10, 0x10, 2)
|
| 78 |
emcore.write(0x08000040, hashlib.sha1(emcore.read(0x08000000, 0x40)).digest()[:0x10])
|
92 |
emcore.write(addr + 0x40, hashlib.sha1(emcore.read(addr, 0x40)).digest()[:0x10])
|
| 79 |
emcore.aesencrypt(0x08000040, 0x10, 2)
|
93 |
emcore.aesencrypt(addr + 0x40, 0x10, 2)
|
| 80 |
return emcore.read(0x08000000, len(data) + 0x800)
|
94 |
data = emcore.read(addr, len(data) + 0x800)
|
| - |
|
95 |
emcore.free(addr)
|
| - |
|
96 |
return data
|
| 81 |
|
97 |
|
| 82 |
|
98 |
|
| 83 |
def s5l8702decryptnor(data):
|
99 |
def s5l8702decryptnor(data):
|
| 84 |
emcore = libemcore.Emcore()
|
100 |
emcore = libemcore.Emcore()
|
| - |
|
101 |
addr = emcore.memalign(0x10, len(data))
|
| 85 |
emcore.write(0x08000000, data[0x800:])
|
102 |
emcore.write(addr, data[0x800:])
|
| 86 |
emcore.aesdecrypt(0x08000000, len(data) - 0x800, 1)
|
103 |
emcore.aesdecrypt(addr, len(data) - 0x800, 1)
|
| 87 |
return emcore.read(0x08000000, len(data) - 0x800)
|
104 |
data = emcore.read(addr, len(data) - 0x800)
|
| - |
|
105 |
emcore.free(addr)
|
| - |
|
106 |
return data
|
| 88 |
|
107 |
|
| 89 |
|
108 |
|
| 90 |
def s5l8702genpwnage(data):
|
109 |
def s5l8702genpwnage(data):
|
| 91 |
cert = open(os.path.dirname(__file__) + "/libipodcrypto/s5l8702pwnage.cer", "rb").read()
|
110 |
cert = open(os.path.dirname(__file__) + "/libipodcrypto/s5l8702pwnage.cer", "rb").read()
|
| 92 |
data = data.ljust(max(0x840, (len(data) + 0xf) & ~0xf), "\0")
|
111 |
data = data.ljust(max(0x840, (len(data) + 0xf) & ~0xf), "\0")
|
| 93 |
header = ("87021.0\x03\0\0\0\0" + struct.pack("<IIII", len(data) - 0x830, len(data) - 0x4f6, len(data) - 0x7b0, 0x2ba)).ljust(0x40, "\0")
|
112 |
header = ("87021.0\x03\0\0\0\0" + struct.pack("<IIII", len(data) - 0x830, len(data) - 0x4f6, len(data) - 0x7b0, 0x2ba)).ljust(0x40, "\0")
|
| 94 |
emcore = libemcore.Emcore()
|
113 |
emcore = libemcore.Emcore()
|
| - |
|
114 |
addr = emcore.memalign(0x10, len(data))
|
| 95 |
emcore.write(0x08000000, header + hashlib.sha1(header).digest()[:0x10])
|
115 |
emcore.write(addr, header + hashlib.sha1(header).digest()[:0x10])
|
| 96 |
emcore.aesencrypt(0x08000040, 0x10, 1)
|
116 |
emcore.aesencrypt(addr + 0x40, 0x10, 1)
|
| 97 |
return emcore.read(0x08000000, 0x50) + data + cert.ljust((len(cert) + 0xf) & ~0xf, "\0")
|
117 |
data = emcore.read(addr, 0x50) + data + cert.ljust((len(cert) + 0xf) & ~0xf, "\0")
|
| - |
|
118 |
emcore.free(addr)
|
| - |
|
119 |
return data
|
| 98 |
|
120 |
|
| 99 |
|
121 |
|
| 100 |
def s5l8701cryptdfufile(infile, outfile):
|
122 |
def s5l8701cryptdfufile(infile, outfile):
|
| 101 |
infile = open(infile, "rb")
|
123 |
infile = open(infile, "rb")
|
| 102 |
outfile = open(outfile, "wb")
|
124 |
outfile = open(outfile, "wb")
|