summaryrefslogtreecommitdiffstats
path: root/utils/nwztools/upgtools/upg.h
blob: e6cdaba1f7f047491ae11f01eb3bafb4a422357d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
/***************************************************************************
 *             __________               __   ___.
 *   Open      \______   \ ____   ____ |  | _\_ |__   _______  ___
 *   Source     |       _//  _ \_/ ___\|  |/ /| __ \ /  _ \  \/  /
 *   Jukebox    |    |   (  <_> )  \___|    < | \_\ (  <_> > <  <
 *   Firmware   |____|_  /\____/ \___  >__|_ \|___  /\____/__/\_ \
 *                     \/            \/     \/    \/            \/
 * $Id$
 *
 * Copyright (C) 2016 Amaury Pouly
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 ****************************************************************************/
#ifndef __UPG_H__
#define __UPG_H__

#include "misc.h"
#include "mg.h"

/** Firmware format V1/V2
 *
 * The firmware starts with the MD5 hash of the entire file (except the MD5 hash
 * itself of course). This is used to check that the file was not corrupted.
 * The remaining of the file is encrypted (using DES) with the model key. The
 * encrypted part starts with a header containing the model signature and the
 * number of files. Since the header is encrypted, decrypting the header with
 * the key and finding the right signature serves to authenticate the firmware.
 * The header is followed by N entries (where N is the number of files) giving
 * the offset, within the file, and size of each file. Note that the files in
 * the firmware have no name. The only difference between V1 and V2 is that the
 * size of the signature is 16 bytes instead of 8 and the upg entries are 16 bytes
 * long so they are padded.
 * 
 * There is, however a practical difference between how the OF performs the update on
 * newer devices (and hence corrolates exactly with V2 usage). On these devices, the
 * update script will first extract the first file (the bash script) and the second file
 * which is called "md5.txt". At this point it then runs the script. Hence it is not
 * important what the content of the second file is, it is not checked unless fwpup is
 * called. For the records, here is an exerct of such a file:
 *   838860800 eae2acabcd6523a750f61f5ea3e9a80b system.img
 */

#define NWZ_MD5_SIZE    16

struct upg_md5_t
{
    uint8_t md5[16];
}__attribute__((packed));

struct upg_header_t
{
    uint8_t sig[8];
    uint32_t nr_files;
    uint32_t pad; // make sure structure size is a multiple of 8
} __attribute__((packed));

struct upg_entry_t
{
    uint32_t offset;
    uint32_t size;
} __attribute__((packed));

struct upg_header_v2_t
{
    uint8_t sig[16];
    uint32_t nr_files;
    uint32_t pad[3]; // make sure structure size is a multiple of 16
} __attribute__((packed));

struct upg_entry_v2_t
{
    uint32_t offset;
    uint32_t size;
    uint32_t pad[2]; // make sure structure size is a multiple of 16
} __attribute__((packed));

/** KAS / Key / Signature
 *
 * Since this is all very confusing, we need some terminology and notations:
 * - [X, Y, Z] is a sequence of bytes, for example:
 *     [8, 0x89, 42]
 *   is a sequence of three bytes.
 * - "abcdef" is a string: it is a sequences of bytes where each byte happens to
 *   be the ASCII encoding of a letter. So for example:
 *     "abc" = [97, 98, 99]
 *   because 'a' has ASCII encoding 97 and so one
 * - HexString(Seq) refers to the string where each byte of the original sequence
 *   is represented in hexadecimal by two ASCII characters. For example:
 *     HexString([8, 0x89, 42]) = "08892a"
 *   because 8 = 0x08 so it represented by "08" and 42 = 0x2a. Note that the length
 *   of HexString(Seq) is always exactly twice the length of Seq.
 * - DES(Seq,Pass) is the result of encrypting Seq with Pass using the DES cipher.
 *   Seq must be a sequence of 8 bytes (known as a block) and Pass must be a
 *   sequence of 8 bytes. The result is also a 8-byte sequence.
 * - ECB_DES([Block0, Block1, ..., BlockN], Pass)
 *     = [DES(Block0,Pass), DES(Block1,Pass), ..., DES(BlockN,Pass)]
 *   where Blocki is a block (8 byte).
 *
 *
 * A firmware upgrade file is always encrypted using a Key. To authenticate it,
 * the upgrade file (before encryption) contains a Sig(nature). The pair (Key,Sig)
 * is refered to as KeySig and is specific to each series. For example all
 * NWZ-E46x use the same KeySig but the NWZ-E46x and NWZ-A86x use different KeySig.
 * In the details, a Key is a sequence of 8 bytes and a Sig is also a sequence
 * of 8 bytes. A KeySig is a simply the concatenation of the Key followed by
 * the Sig, so it is a sequence of 16 bytes. Probably in an attempt to obfuscate
 * things a little further, Sony never provides the KeySig directly but instead
 * encrypts it using DES in ECB mode using a hardcoded password and provides
 * the hexadecimal string of the result, known as the KAS, which is thus a string
 * of 32 ASCII characters.
 * Note that since DES works on blocks of 8 bytes and ECB encrypts blocks
 * independently, it is the same to encrypt the KeySig as once or encrypt the Key
 * and Sig separately.
 *
 * To summarize:
 *   Key = [K0, K1, K2, ..., K7] (8 bytes) (model specific)
 *   Sig = [S0, S1, S2, ..., S7] (8 bytes) (model specific)
 *   KeySig = [Key, Sig] = [K0, ... K7, S0, ..., S7] (16 bytes)
 *   FwpPass = "ed295076" (8 bytes) (never changes)
 *   EncKeySig = ECB_DES(KeySig, FwpPass) = [DES(Key, FwpPass), DES(Sig, FwpPass)]
 *   KAS = HexString(EncKeySig) (32 characters)
 *
 * In theory, the Key and Sig can be any 8-byte sequence. In practice, they always
 * are strings, probably to make it easier to write them down. In many cases, the
 * Key and Sig are even the hexadecimal string of 4-byte sequences but it is
 * unclear if this is the result of pure luck, confused engineers, lazyness on
 * Sony's part or by design. The following code assumes that Key and Sig are
 * strings (though it could easily be fixed to work with anything if this is
 * really needed).
 *
 *
 * Here is a real example, from the NWZ-E46x Series:
 *   Key = "6173819e" (note that this is a string and even a hex string in this case)
 *   Sig = "30b82e5c"
 *   KeySig = [Key, Sig] = "6173819e30b82e5c"
 *   FwpPass = "ed295076" (never changes)
 *   EncKeySig = ECB_DES(KeySig, FwpPass)
 *             = [0x8a, 0x01, 0xb6, ..., 0xc5] (16 bytes)
 *   KAS = HexString(EncKeySig) = "8a01b624bfbfde4a1662a1772220e3c5"
 *
 */

/* API */

struct nwz_model_t
{
    const char *model; /* rockbox model codename */
    bool confirmed;
    /* If the KAS is confirmed, it is the one extracted from the device. Otherwise,
     * it is a KAS built from a key and sig brute-forced from an upgrade. In this
     * case, the KAS might be different from the 'official' one although for all
     * intent and purposes it should not make any difference. */
    const char *kas;
};

/* list of models with keys and status. Sentinel NULL entry at the end */
extern struct nwz_model_t g_model_list[];

/* An entry in the UPG file */
struct upg_file_entry_t
{
    void *data;
    size_t size;
};

struct upg_file_t
{
    int nr_files;
    struct upg_file_entry_t *files;
};

/* IMPORTANT: all functions assume that the kas/key/sig are string and are zero terminated */

/* Decrypt a KAS into a key and signature, return <0 if the KAS contains a non-hex
 * character. The function will allocate key and sig if *key and/or *sig is NULL */
int decrypt_keysig(const char *kas, char **key, char **sig);
/* Encrypt a key and signature into a KAS, it will allocate kas if *kas is NULL */
void encrypt_keysig(char **kas, const char *key, const char *sig);

/* Read a UPG file: return a structure on a success or NULL on error.
 * Note that the memory buffer is modified to perform in-place decryption. */
struct upg_file_t *upg_read_memory(void *file, size_t size, const char *key,
    const char *sig, void *u, generic_printf_t printf);
/* Write a UPG file: return a buffer containing the whole image, or NULL on error. */
void *upg_write_memory(struct upg_file_t *file, const char *key,
    const char *sig, size_t *out_size, void *u, generic_printf_t printf);
/* create empty upg file */
struct upg_file_t *upg_new(void);
/* append a file to a upg, data is NOT copied */
void upg_append(struct upg_file_t *file, void *data, size_t size);
/* release upg file, will free file data pointers */
void upg_free(struct upg_file_t *file);

#endif /* __UPG_H__ */