freemyipod r277 - Code Review

Repository:	freemyipod
Revision:	< r276‎ \| r277 \| r278 >
Date:	01:46, 23 November 2010
Author:	theseven
Status:	new
Tags:
Comment:	ipodcrypt: Add s5l8700-cryptnor and s5l8700-decryptnor (the encrypted binaries will only work on the very same device)
Modified paths:	/embios/trunk/tools/ipodcrypt.py (modified) (history) /embios/trunk/tools/libipodcrypto.py (modified) (history)

Diff [purge]

Index: embios/trunk/tools/ipodcrypt.py
—	—	@@ -35,6 +35,8 @@
36	36	print " s5l8701-decryptdfu <infile> <outfile>"
37	37	print " s5l8701-cryptfirmware <infile> <outfile>"
38	38	print " s5l8701-decryptfirmware <infile> <outfile>"
	39	+ print " s5l8702-cryptnor <infile> <outfile>"
	40	+ print " s5l8702-decryptnor <infile> <outfile>"
39	41	exit(2)
40	42
41	43
—	—	@@ -53,6 +55,12 @@
54	56	elif argv[1] == "s5l8701-decryptfirmware":
55	57	libipodcrypto.s5l8701decryptfirmwarefile(argv[2], argv[3])
56	58
	59	+ elif argv[1] == "s5l8702-cryptnor":
	60	+ libipodcrypto.s5l8702cryptnorfile(argv[2], argv[3])
	61	+
	62	+ elif argv[1] == "s5l8702-decryptnor":
	63	+ libipodcrypto.s5l8702decryptnorfile(argv[2], argv[3])
	64	+
57	65	else: usage()
58	66
59	67
Index: embios/trunk/tools/libipodcrypto.py
—	—	@@ -25,6 +25,7 @@
26	26	import sys
27	27	import struct
28	28	import time
	29	+import hashlib
29	30	import libembios
30	31	from libembios import Error
31	32	import libembiosdata
—	—	@@ -70,8 +71,28 @@
71	72	return embios.read(0x08000800, len(data) - 0x800)
72	73
73	74
	75	+def s5l8702cryptnor(data):
	76	+ data = data.ljust((len(data) + 0xf) & ~0xf, "\0")
	77	+ header = "87021.0\0\0\0\0\0" + struct.pack("<I", len(data)) + hashlib.sha1(data).digest()[:0x10]
	78	+ embios = libembios.Embios()
	79	+ embios.write(0x08000000, header.ljust(0x800, "\0") + data)
	80	+ embios.lib.dev.timeout = 20000
	81	+ embios.aesencrypt(0x08000800, len(data), 1)
	82	+ embios.aesencrypt(0x08000010, 0x10, 1)
	83	+ embios.write(0x08000040, hashlib.sha1(embios.read(0x08000000, 0x40)).digest()[:0x10])
	84	+ embios.aesencrypt(0x08000040, 0x10, 1)
	85	+ return embios.read(0x08000000, len(data) + 0x800)
	86	+
	87	+
	88	+def s5l8702decryptnor(data):
	89	+ embios = libembios.Embios()
	90	+ embios.write(0x08000000, data[0x800:])
	91	+ embios.lib.dev.timeout = 20000
	92	+ embios.aesdecrypt(0x08000000, len(data) - 0x800, 1)
	93	+ return embios.read(0x08000000, len(data) - 0x800)
	94	+
	95	+
74	96	def s5l8701cryptdfufile(infile, outfile):
75		~~- print(outfile)~~
76	97	infile = open(infile, "rb")
77	98	outfile = open(outfile, "wb")
78	99	outfile.write(s5l8701cryptdfu(infile.read()))
—	—	@@ -101,3 +122,19 @@
102	123	outfile.write(s5l8701decryptfirmware(infile.read()))
103	124	infile.close()
104	125	outfile.close()
	126	+
	127	+
	128	+def s5l8702cryptnorfile(infile, outfile):
	129	+ infile = open(infile, "rb")
	130	+ outfile = open(outfile, "wb")
	131	+ outfile.write(s5l8702cryptnor(infile.read()))
	132	+ infile.close()
	133	+ outfile.close()
	134	+
	135	+
	136	+def s5l8702decryptnorfile(infile, outfile):
	137	+ infile = open(infile, "rb")
	138	+ outfile = open(outfile, "wb")
	139	+ outfile.write(s5l8702decryptnor(infile.read()))
	140	+ infile.close()
	141	+ outfile.close()

freemyipod r277 - Code Review

Diff [purge]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Info

Reverse engineering Results

Exploiting

Other Guides

Tools