HDD Encryption/Decryption: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
mNo edit summary
 
(16 intermediate revisions by one other user not shown)
Line 1: Line 1:
[[Category:Linux]]
[[Category:OtherOS]]
=Introduction=
=Introduction=


Line 59: Line 59:


=GEOM geli=
=GEOM geli=
* Problem: how to set masterkey in GELI ?
* GEOM geli is a wrong approach and won't work. We need a new GEOM class for PS3 HDD decryption !!!
=GEOM AES-XTS=
* Use opencrypto framework for AES-XTS algorithm.
* The kernel module needs a user-space GEOM counterpart,  a shared library which is loaded and used by '''geom''' application to send commands to the kernel part.
http://gitorious.ps3dev.net/ps3freebsd/geom-aes-xts
http://gitorious.ps3dev.net/ps3freebsd/geom-aes-xts-lib


==Test==
==Test==


* problem: how to set masterkey in GELI ?
<pre>
# UI shared library for GEOM AES-XTS
 
cp geom_aes_xts.so /lib/geom
 
# Load kernel module
 
kldload geom_aes_xts.ko


<pre>
mdconfig -a -t vnode -f  ~/ps3da_enc.bin -u 1
mdconfig -a -t vnode -f  ~/ps3da_enc.bin -u 1


geom bswap16 create md1
geom bswap16 create md1


geli init -K hdd_key.bin -P -e AES-XTS -l 128 -s 512 /dev/md1.bswap16
echo <your data key as hex string> <your tweak key as hex string> | xxd -r -p > hdd_key.bin


geli attach -p -k hdd_key.bin /dev/md1.bswap16
geom aes_xts create -k hdd_key.bin /dev/md1.bswap1


geli detach /dev/md1.bswap16.eli
ls -l /dev/md1.bswap1.aes_xts
 
sudo dd if=/dev/md1.bswap16.aes_xts bs=512 count=1 | hexdump -C
 
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200


</pre>
</pre>


=GEOM part PS3=
=GEOM part PS3=
* Alternative: Parse the PS3 partition table manually and use '''gnop''' GEOM to create regions
* But GEOM '''part''' is cooler because it does it automatically and we want to learn how to implement GEOM classes.


=Links=
=Links=


* https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/
* https://www.dan.me.uk/blog/2012/05/05/full-disk-encryption-in-freebsd-9-x-well-almost/
{{BSD}}<noinclude>[[Category:Main]]</noinclude>

Latest revision as of 01:39, 3 February 2014

Introduction[edit | edit source]

  • The goal is to mount a PS3 HDD on a FreeBSD PC (or FreeBSD PS3) and do changes to it without ENCDEC device.
  • And learn the cool FreeBSD GEOM framework as well :)
  • Everything was tested by me on FreeBSD 9.1.

GEOM bswap16[edit | edit source]

  • Swaps bytes in every 16-bit word
  • Similar to dm-bswap16 on Linux.
  • The kernel module needs a user-space GEOM counterpart, a shared library which is loaded and used by geom application to send commands to the kernel part.

http://gitorious.ps3dev.net/ps3freebsd/geom-bswap16

http://gitorious.ps3dev.net/ps3freebsd/geom-bswap16-lib

Test[edit | edit source]

# UI shared library for GEOM bswap16

cp geom_bswap16.so /lib/geom

# Load kernel module

kldload geom_bswap16.ko

# Create a memory block device for testing

mdconfig -a -t vnode -f ~/test.bin -u 0

# Create /dev/md0.bswap16

geom bswap16 create /dev/md0

hexdump -C /dev/md0

00000000  bb aa dd cc 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  ee ff 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00100000

hexdump -C /dev/md0.bswap16

00000000  aa bb cc dd 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  ff ee 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00100000

geom bswap16 destroy md0.bswap16

mdconfig -d -u 0

GEOM geli[edit | edit source]

  • Problem: how to set masterkey in GELI ?
  • GEOM geli is a wrong approach and won't work. We need a new GEOM class for PS3 HDD decryption !!!

GEOM AES-XTS[edit | edit source]

  • Use opencrypto framework for AES-XTS algorithm.
  • The kernel module needs a user-space GEOM counterpart, a shared library which is loaded and used by geom application to send commands to the kernel part.

http://gitorious.ps3dev.net/ps3freebsd/geom-aes-xts

http://gitorious.ps3dev.net/ps3freebsd/geom-aes-xts-lib

Test[edit | edit source]

# UI shared library for GEOM AES-XTS

cp geom_aes_xts.so /lib/geom

# Load kernel module

kldload geom_aes_xts.ko

mdconfig -a -t vnode -f  ~/ps3da_enc.bin -u 1

geom bswap16 create md1

echo <your data key as hex string> <your tweak key as hex string> | xxd -r -p > hdd_key.bin

geom aes_xts create -k hdd_key.bin /dev/md1.bswap1

ls -l /dev/md1.bswap1.aes_xts

sudo dd if=/dev/md1.bswap16.aes_xts bs=512 count=1 | hexdump -C

00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000010  00 00 00 00 0f ac e0 ff  00 00 00 00 de ad fa ce  |................|
00000020  00 00 00 00 00 00 00 03  00 00 00 00 00 00 00 02  |................|
00000030  00 00 00 00 00 00 00 08  00 00 00 00 00 08 00 00  |................|
00000040  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 0b  |.p..............|
00000050  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000000c0  00 00 00 00 00 08 00 10  00 00 00 00 03 9a 8b 2d  |...............-|
000000d0  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000e0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
000000f0  10 20 00 00 03 00 00 01  00 00 00 00 00 00 00 03  |. ..............|
00000100  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000150  00 00 00 00 03 a2 8b 45  00 00 00 00 00 3f ff f8  |.......E.....?..|
00000160  10 70 00 00 01 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000170  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000180  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001e0  00 00 00 00 03 e2 8b 46  00 00 00 00 19 39 ce 0c  |.......F.....9..|
000001f0  10 70 00 00 02 00 00 01  00 00 00 00 00 00 00 03  |.p..............|
00000200

GEOM part PS3[edit | edit source]

  • Alternative: Parse the PS3 partition table manually and use gnop GEOM to create regions
  • But GEOM part is cooler because it does it automatically and we want to learn how to implement GEOM classes.

Links[edit | edit source]