Editing Talk:SC Communication
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
== The easy peasy lemon squeasy way (UART) (CXR/CXRF/SW) == | == The easy peasy lemon squeasy way (UART) (CXR/CXRF/SW?) == | ||
{{keyboard|content=py | |||
from binascii import unhexlify as uhx | from binascii import unhexlify as uhx | ||
from Crypto.Cipher import AES | from Crypto.Cipher import AES | ||
import sys | import sys | ||
# Auth1: 10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
sc2tb = uhx('71f03f184c01c5ebc3f6a22a42ba9525') # Syscon to TestBench Key (0x130 xor 0x4578) | |||
tb2sc = uhx('907e730f4d4e0a0b7b75f030eb1d9d36') # TestBench to Syscon Key (0x130 xor 0x4588) | |||
value = uhx('3350BD7820345C29056A223BA220B323') # 0x45B8 | |||
zero = uhx('00000000000000000000000000000000') | |||
auth1r_header = uhx('10100000FFFFFFFF0000000000000000') | |||
auth2_header = uhx('10010000000000000000000000000000') | |||
def aes_decrypt_cbc(key, iv, input): | |||
return AES.new(key, AES.MODE_CBC, iv).decrypt(input) | |||
def aes_encrypt_cbc(key, iv, input): | |||
return AES.new(key, AES.MODE_CBC, iv).encrypt(input) | |||
def main(argc, argv): | def main(argc, argv): | ||
if | if argc == 2 and len(sys.argv[1]) == 128: | ||
auth1r = uhx(sys.argv[1]) | |||
if auth1r[0:0x10] == auth1r_header: | |||
data = aes_decrypt_cbc(sc2tb, zero, auth1r[0x10:0x40]) | |||
if data[0x8:0x10] == zero[0x0:0x8] and data[0x10:0x20] == value and data[0x20:0x30] == zero: | |||
#print "".join("{:02X}".format(ord(c)) for c in (auth1r_header + data)) | |||
new_data = data[0x8:0x10] + data[0x0:0x8] + zero + zero | |||
if | auth2_body = aes_encrypt_cbc(tb2sc, zero, new_data) | ||
print "".join("{:02X}".format(ord(c)) for c in (auth2_header + auth2_body)) | |||
print( | |||
else: | else: | ||
print | print "Auth1 response body invalid" | ||
else: | else: | ||
print( | print "Auth1 response header invalid" | ||
else: | |||
print "Argument (Auth1 response) missing" | |||
if __name__ == '__main__': | if __name__ == '__main__': | ||
main(len(sys.argv), sys.argv) | main(len(sys.argv), sys.argv) | ||
}} | |||
* Credits to M4j0r for the RE of this important info | * Credits to M4j0r for the RE of this important info | ||
== IDs == | == IDs == | ||
Line 368: | Line 93: | ||
</pre> | </pre> | ||
* Although this service is not used on Slim and some Phat consoles anymore, it is working | * Although this service is not used on Slim and some Phat consoles anymore, it is working. | ||
* It seems it have the same restrictions as NVS service. | * It seems it have the same restrictions as NVS service. | ||
Line 387: | Line 112: | ||
</pre> | </pre> | ||
* Although this service is not used on Slim and some Phat consoles anymore, it is working | * Although this service is not used on Slim and some Phat consoles anymore, it is working. | ||
* It seems it have the same restrictions as NVS service. | * It seems it have the same restrictions as NVS service. | ||
Line 818: | Line 543: | ||
See : | See : | ||
* https:// | * https://imgur.com/a/Iwv4d | ||
* https:// | * https://imgur.com/a/48gsT | ||
* database : https://www.sendspace.com/file/6awfi9 | * database : https://www.sendspace.com/file/6awfi9 | ||
For proof | For proof |