diff options
author | Barry Wardell <rockbox@barrywardell.net> | 2007-03-20 20:45:25 +0000 |
---|---|---|
committer | Barry Wardell <rockbox@barrywardell.net> | 2007-03-20 20:45:25 +0000 |
commit | 3de41f5250fc752b92bb953286ed0d9c172fc6b3 (patch) | |
tree | 9bd850985f11b266a576897cfe5469f42a933a1c | |
parent | 22a673062ffdffc9048ca10193fd93d4c24039a7 (diff) | |
download | rockbox-3de41f5250fc752b92bb953286ed0d9c172fc6b3.tar.gz rockbox-3de41f5250fc752b92bb953286ed0d9c172fc6b3.zip |
Add support for encrypted mi4 bootloaders.
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@12863 a1c6a512-1295-4272-9138-f99709370657
-rw-r--r-- | bootloader/main-pp.c | 283 |
1 files changed, 237 insertions, 46 deletions
diff --git a/bootloader/main-pp.c b/bootloader/main-pp.c index 8f4a6e619d..687a7271a6 100644 --- a/bootloader/main-pp.c +++ b/bootloader/main-pp.c @@ -31,6 +31,194 @@ #include "disk.h" #include <string.h> +/* Locations and sizes in hidden partition on Sansa */ +#define PPMI_SECTOR_OFFSET 1024 +#define PPMI_SECTORS 1 +#define MI4_HEADER_SECTORS 1 +#define MI4_HEADER_SIZE 0x200 + +/* mi4 header structure */ +struct mi4header_t { + unsigned char magic[4]; + uint32_t version; + uint32_t length; + uint32_t crc32; + uint32_t enctype; + uint32_t mi4size; + uint32_t plaintext; + uint32_t dsa_key[10]; + uint32_t pad[109]; + unsigned char type[4]; + unsigned char model[4]; +}; + +/* PPMI header structure */ +struct ppmi_header_t { + unsigned char magic[4]; + uint32_t length; + uint32_t pad[126]; +}; + +inline unsigned int le2int(unsigned char* buf) +{ + int32_t res = (buf[3] << 24) | (buf[2] << 16) | (buf[1] << 8) | buf[0]; + + return res; +} + +inline void int2le(unsigned int val, unsigned char* addr) +{ + addr[0] = val & 0xFF; + addr[1] = (val >> 8) & 0xff; + addr[2] = (val >> 16) & 0xff; + addr[3] = (val >> 24) & 0xff; +} + +struct tea_key { + const char * name; + uint32_t key[4]; +}; + +#define NUM_KEYS 11 +struct tea_key tea_keytable[] = { + { "default" , { 0x20d36cc0, 0x10e8c07d, 0xc0e7dcaa, 0x107eb080 } }, + { "sansa", { 0xe494e96e, 0x3ee32966, 0x6f48512b, 0xa93fbb42 } }, + { "sansa_gh", { 0xd7b10538, 0xc662945b, 0x1b3fce68, 0xf389c0e6 } }, + { "rhapsody", { 0x7aa9c8dc, 0xbed0a82a, 0x16204cc7, 0x5904ef38 } }, + { "p610", { 0x950e83dc, 0xec4907f9, 0x023734b9, 0x10cfb7c7 } }, + { "p640", { 0x220c5f23, 0xd04df68e, 0x431b5e25, 0x4dcc1fa1 } }, + { "virgin", { 0xe83c29a1, 0x04862973, 0xa9b3f0d4, 0x38be2a9c } }, + { "20gc_eng", { 0x0240772c, 0x6f3329b5, 0x3ec9a6c5, 0xb0c9e493 } }, + { "20gc_fre", { 0xbede8817, 0xb23bfe4f, 0x80aa682d, 0xd13f598c } }, + { "elio_p722", { 0x6af3b9f8, 0x777483f5, 0xae8181cc, 0xfa6d8a84 } }, + { "c200", { 0xbf2d06fa, 0xf0e23d59, 0x29738132, 0xe2d04ca7 } }, +}; + +/* + +tea_decrypt() from http://en.wikipedia.org/wiki/Tiny_Encryption_Algorithm + +"Following is an adaptation of the reference encryption and decryption +routines in C, released into the public domain by David Wheeler and +Roger Needham:" + +*/ + +/* NOTE: The mi4 version of TEA uses a different initial value to sum compared + to the reference implementation and the main loop is 8 iterations, not + 32. +*/ + +static void tea_decrypt(uint32_t* v0, uint32_t* v1, uint32_t* k) { + uint32_t sum=0xF1BBCDC8, i; /* set up */ + uint32_t delta=0x9E3779B9; /* a key schedule constant */ + uint32_t k0=k[0], k1=k[1], k2=k[2], k3=k[3]; /* cache key */ + for(i=0; i<8; i++) { /* basic cycle start */ + *v1 -= ((*v0<<4) + k2) ^ (*v0 + sum) ^ ((*v0>>5) + k3); + *v0 -= ((*v1<<4) + k0) ^ (*v1 + sum) ^ ((*v1>>5) + k1); + sum -= delta; /* end cycle */ + } +} + +/* mi4 files are encrypted in 64-bit blocks (two little-endian 32-bit + integers) and the key is incremented after each block + */ + +static void tea_decrypt_buf(unsigned char* src, unsigned char* dest, size_t n, uint32_t * key) +{ + uint32_t v0, v1; + unsigned int i; + + for (i = 0; i < (n / 8); i++) { + v0 = le2int(src); + v1 = le2int(src+4); + + tea_decrypt(&v0, &v1, key); + + int2le(v0, dest); + int2le(v1, dest+4); + + src += 8; + dest += 8; + + /* Now increment the key */ + key[0]++; + if (key[0]==0) { + key[1]++; + if (key[1]==0) { + key[2]++; + if (key[2]==0) { + key[3]++; + } + } + } + } +} + +static inline bool tea_test_key(unsigned char magic_enc[8], uint32_t * key, int unaligned) +{ + unsigned char magic_dec[8]; + tea_decrypt_buf(magic_enc, magic_dec, 8, key); + + return (le2int(&magic_dec[4*unaligned]) == 0xaa55aa55); +} + +static int tea_find_key(struct mi4header_t *mi4header, int fd) +{ + int i, rc; + unsigned int j; + uint32_t key[4]; + unsigned char magic_enc[8]; + int key_found = -1; + unsigned int magic_location = mi4header->length-4; + int unaligned = 0; + + if ( (magic_location % 8) != 0 ) + { + unaligned = 1; + magic_location -= 4; + } + + /* Load encrypted magic 0xaa55aa55 to check key */ + lseek(fd, MI4_HEADER_SIZE + magic_location, SEEK_SET); + rc = read(fd, magic_enc, 8); + if(rc < 8 ) + return EREAD_IMAGE_FAILED; + + printf("Trying key:"); + + for (i=0; i < NUM_KEYS && (key_found<0) ; i++) { + key[0] = tea_keytable[i].key[0]; + key[1] = tea_keytable[i].key[1]; + key[2] = tea_keytable[i].key[2]; + key[3] = tea_keytable[i].key[3]; + + /* Now increment the key */ + for(j=0; j<((magic_location-mi4header->plaintext)/8); j++){ + key[0]++; + if (key[0]==0) { + key[1]++; + if (key[1]==0) { + key[2]++; + if (key[2]==0) { + key[3]++; + } + } + } + } + + if (tea_test_key(magic_enc,key,unaligned)) + { + key_found = i; + printf("%s...found", tea_keytable[i].name); + } else { + printf("%s...failed", tea_keytable[i].name); + } + } + + return key_found; +} + /* * CRC32 implementation taken from: * @@ -122,40 +310,13 @@ unsigned char *loadbuffer = (unsigned char *)DRAM_START; /* Bootloader version */ char version[] = APPSVERSION; -/* Locations and sizes in hidden partition on Sansa */ -#define PPMI_SECTOR_OFFSET 1024 -#define PPMI_SECTORS 1 -#define MI4_HEADER_SECTORS 1 -#define MI4_HEADER_SIZE 0x200 - -/* mi4 header structure */ -struct mi4header_t { - unsigned char magic[4]; - uint32_t version; - uint32_t length; - uint32_t crc32; - uint32_t enctype; - uint32_t mi4size; - uint32_t plaintext; - uint32_t dsa_key[10]; - uint32_t pad[109]; - unsigned char type[4]; - unsigned char model[4]; -}; - -/* PPMI header structure */ -struct ppmi_header_t { - unsigned char magic[4]; - uint32_t length; - uint32_t pad[126]; -}; - /* Load mi4 format firmware image */ int load_mi4(unsigned char* buf, char* firmware, unsigned int buffer_size) { int fd; struct mi4header_t mi4header; int rc; + unsigned int i; unsigned long sum; char filename[MAX_PATH]; @@ -171,10 +332,6 @@ int load_mi4(unsigned char* buf, char* firmware, unsigned int buffer_size) read(fd, &mi4header, MI4_HEADER_SIZE); - /* We don't support encrypted mi4 files yet */ - if( (mi4header.plaintext + MI4_HEADER_SIZE) != mi4header.mi4size) - return EINVALID_FORMAT; - /* MI4 file size */ printf("mi4 size: %x", mi4header.mi4size); @@ -190,20 +347,54 @@ int load_mi4(unsigned char* buf, char* firmware, unsigned int buffer_size) /* Read binary type (RBOS, RBBL) */ printf("Binary type: %.4s", mi4header.type); - /* Load firmware */ - lseek(fd, MI4_HEADER_SIZE, SEEK_SET); - rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE); - if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE) - return EREAD_IMAGE_FAILED; - - /* Check CRC32 to see if we have a valid file */ - sum = chksum_crc32 (buf,mi4header.mi4size-MI4_HEADER_SIZE); - - printf("Calculated CRC32: %x", sum); - - if(sum != mi4header.crc32) - return EBAD_CHKSUM; + /* Decrypt or calculate CRC */ + if( (mi4header.plaintext + 0x200) != mi4header.mi4size) + { + /* Load encrypted firmware */ + int key_index = tea_find_key(&mi4header, fd); + unsigned char encrypted_block[8]; + unsigned int blocks_to_decrypt; + + if (key_index < 0) + return EINVALID_FORMAT; + + /* Load plaintext part */ + lseek(fd, MI4_HEADER_SIZE, SEEK_SET); + rc = read(fd, buf, mi4header.plaintext ); + if(rc < (int)mi4header.plaintext ) + return EREAD_IMAGE_FAILED; + buf += mi4header.plaintext; + + /* Load encrypted part */ + blocks_to_decrypt = (mi4header.mi4size-(mi4header.plaintext+MI4_HEADER_SIZE))/8; + for(i=0; i < blocks_to_decrypt; i++) + { + lseek(fd, MI4_HEADER_SIZE + mi4header.plaintext + i*8, SEEK_SET); + rc = read(fd, encrypted_block, 8); + if(rc < 8) + return EREAD_IMAGE_FAILED; + + tea_decrypt_buf(encrypted_block, buf, 8, tea_keytable[key_index].key); + buf += 8; + } + + printf("%s key used", tea_keytable[key_index].name); + } else { + /* Load plaintext firmware */ + lseek(fd, MI4_HEADER_SIZE, SEEK_SET); + rc = read(fd, buf, mi4header.mi4size-MI4_HEADER_SIZE); + if(rc < (int)mi4header.mi4size-MI4_HEADER_SIZE) + return EREAD_IMAGE_FAILED; + + /* Check CRC32 to see if we have a valid file */ + sum = chksum_crc32 (buf, mi4header.mi4size - MI4_HEADER_SIZE); + + printf("Calculated CRC32: %x", sum); + if(sum != mi4header.crc32) + return EBAD_CHKSUM; + } + return EOK; } @@ -378,7 +569,7 @@ void* main(void) return (void*)loadbuffer; } - error(EBOOTFILE, rc); + error(0, 0); } else { printf("Loading Rockbox..."); |