Talk:Keys
Jump to navigation
Jump to search
Python Script to decrypt CP Box EMC blob and preserve header
- (trim 0x80 bytes, entrypoint at 0x100C00)
import struct from binascii import unhexlify as uhx from binascii import hexlify as hx from Crypto.Cipher import AES from Crypto.Hash import SHA, HMAC import os import sys CIPHERKEYSEMC = ['F0332357C8CFAE7E7E26E52BE9E3AED4'] CIPHERKEYSEAP = ['00000000000000000000000000000000'] HASHERKEYEMC = ['00000000000000000000000000000000'] HASHERKEYEAP = ['00000000000000000000000000000000'] ZEROS128 = ['00000000000000000000000000000000'] def aes_decrypt_cbc(key, iv, input): return AES.new(key, AES.MODE_CBC, iv).decrypt(input) def aes_encrypt_cbc(key, iv, input): return AES.new(key, AES.MODE_CBC, iv).encrypt(input) def emc_decrypt_header(hdr): return hdr[:0x30] + aes_decrypt_cbc(uhx(CIPHERKEYSEMC[0]), uhx(ZEROS128[0]), hdr[0x30:0x80]) def emc_encrypt_header(hdr): return hdr[:0x30] + aes_encrypt_cbc(uhx(CIPHERKEYSEMC[0]), uhx(ZEROS128[0]), hdr[0x30:0x80]) def eap_decrypt_header(hdr): return hdr[:0x30] + aes_decrypt_cbc(uhx(CIPHERKEYSEAP[0]), uhx(ZEROS128[0]), hdr[0x30:0x80]) def eap_encrypt_header(hdr): return hdr[:0x30] + aes_encrypt_cbc(uhx(CIPHERKEYSEAP[0]), uhx(ZEROS128[0]), hdr[0x30:0x80]) def main(argc, argv): with open(sys.argv[1], 'rb') as f: data = f.read(0x80) type = data[7:8] if type == uhx('48'): print 'EMC' hdr = emc_decrypt_header(data) body_aes_key = hdr[0x30:0x40] body_hmac_key = hdr[0x40:0x50] body_hmac = hdr[0x50:0x64] zeroes = hdr[0x64:0x6C] print(hx(zeroes)) header_hmac = hdr[0x6C:0x80] body_len = struct.unpack('<L', hdr[0xc:0x10])[0] print body_len ehdr = hdr[:0x6C] ebody = f.read(body_len) bhmac = HMAC.new(body_hmac_key, ebody, SHA) hhmac = HMAC.new(uhx(HASHERKEYEMC[0]), ehdr, SHA) body = aes_decrypt_cbc(body_aes_key, uhx(ZEROS128[0]), ebody) print bhmac.hexdigest() print hhmac.hexdigest() print hx(body_hmac) print hx(header_hmac) with open(sys.argv[1] + '.bin', 'wb') as g: g.write(hdr+body) if type == uhx('68'): print 'EAP' hdr = eap_decrypt_header(data) body_aes_key = hdr[0x30:0x40] body_hmac_key = hdr[0x40:0x50] body_hmac = hdr[0x50:0x64] zeroes = hdr[0x64:0x6C] print(hx(zeroes)) header_hmac = hdr[0x6C:0x80] body_len = struct.unpack('<L', hdr[0xc:0x10])[0] print body_len ehdr = hdr[:0x6C] ebody = f.read(body_len) bhmac = HMAC.new(body_hmac_key, ebody, SHA) hhmac = HMAC.new(uhx(HASHERKEYEAP[0]), ehdr, SHA) body = aes_decrypt_cbc(body_aes_key, uhx(ZEROS128[0]), ebody) print bhmac.hexdigest() print hhmac.hexdigest() print hx(body_hmac) print hx(header_hmac) with open(sys.argv[1] + '.bin', 'wb') as g: g.write(hdr+body) if __name__ == '__main__': main(len(sys.argv), sys.argv)
Portability
hid_auth
ED E7 41 CC 7F D6 0E 1F 2D B0 89 16 1F C0 EB 66 7C A4 DA 59 40 CE 19 54 00 90 1D BF 59 25 EE 4F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ipmi
53 49 45 49 50 4D 49 00 00 00 00 00 00 00 00 00 1A 88 B2 A3 64 E6 A2 8E 78 08 4E 3F 7F 40 FD 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
kdf_ncdt_psk
53 43 45 5F 4B 44 46 5F 4E 43 44 54 5F 50 53 4B 59 E6 32 88 B0 4E 7F 68 F8 B8 DB 83 86 1E 07 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
livedump
96 1E 5E 85 B5 3E 77 64 43 E5 F4 45 85 E8 90 0A 52 5E 06 2A 4C 79 64 69 0F 75 2F 28 71 9C 6B A1 A8 C2 A0 0D 84 31 E7 17 DD EF 6D 80 F6 5C AE 32 42 1F CB E5 E7 A4 F9 1F 79 2B 25 C7 A1 0C 9E 5A 7B 07 82 9F F3 7C 3F B4 66 2F CB F8 E4 0A 63 F2 99 EE B8 6F 06 D5 58 CD 6E 8E 6A F7 5E 48 3A 24 CC 73 EA E7 73 2F 44 2F 8B E5 28 FB 19 60 62 50 F4 A9 9C A5 9E FC 63 2C 2D CC 67 73 2B 8B 5A DE
logger
15 A0 CB 65 D6 A4 05 27 E6 1C CD DA 2A EF 53 3B 13 FC 7C 35 24 14 B3 54 3D C7 83 24 6E FC C9 64 9D F8 40 9A C2 02 09 82 3C 08 61 2B E6 2A 51 79 CF 87 62 61 C0 85 46 C2 A5 DA A1 9B D0 E7 FF 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
pfs_sd_auth
2B CF 69 8E 79 CF DD FA C2 4D 4C 25 BF 35 1E 62 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
playready2
B6 34 65 57 9E 73 D4 C0 A1 A9 0F F0 51 34 57 50 7A 4A FB 4A 3B 94 B2 19 3A B7 9A 79 C5 66 02 BF 76 51 C1 B9 90 23 37 FF 9A 32 31 6A E6 22 55 47 6F 73 5B 03 C4 6C 89 0B C4 22 A1 68 4D B2 8A 7F 1B AE 90 5E C6 CA 53 38 E7 79 E5 B7 63 DB 84 FB 15 E8 06 B2 9D C7 58 5B BB AF 11 91 6E 66 6E F0 F6 74 CC 4B B7 36 B9 EF 93 AD A9 CB D4 FA 5D 65 C4 F5 5A 98 65 13 4A AB 7D 87 F5 88 5C E2 B3 93
rootparam
91 0B 7C A6 6B 4B F9 DA 00 72 F1 67 6C 51 99 70 C1 4D B2 26 6A 59 29 C2 5E 1A 72 5D D8 19 05 BF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
sys_tlm_seck
53 43 45 5F 53 59 53 5F 54 4C 4D 5F 53 45 43 4B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99 E9 AC B7 36 53 5E 4B 25 4D 25 B9 E2 AB 3E 09 CB CB C7 A7 C0 E8 1A EF 93 CF AE E1 57 4C 1A 7C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Fake Keys
PK0=C1E20574525331AE3E9ABFDFE3E64EB3AA1FD0CD30E3C286CEB84C0C280574E6 PK1=B8F64A4C3DC41A01C039BD1EBCDA3F9E25461024C8817CA8A0281126521884D0 PK2=5B031A912D8C2C8BACD4A919274827EBF4F855041C6B911DEABD26FCC38B2D86 PK3=53C9558316D34E6036A372BDA0238B4AB2D1B3E22074065BDD22DBC8584AD4C7 PK4=FBF4549BB1278E2336071887439BF819ACBB4292F7DA46729A76217419243C4B PK5=89132F5E01643367499C866DB7B1E7C0C8040EF7DE13516BC7776D97FAB9DB7B PK6=7FF33CBD9689177E5D8FD6BD2AA6BE0553893F63E525447DC5745BB9650CE69A PK7=E4767D540A9E9531BDD3FB2302806A953E6920B15B8AE41C4D471B91422510A8 PK9=A5F56F9B07BD524BE2BFFD2C9AA3D80D070A5A5010BEF863F6C64BFA282B76F9 PK10=0DC5A3E6CF63DD71744F1854A6CBF64C13CE4358AE3C2EBE959C8C3B3F6B79B2 PKA0=3F3B86299E4598147DD1A9A8D314081FE8EE67DDFBAE20 PKA1=2D85350A3BC10ED683101EBBCAC799A5D1B87F6C32A833 PKA2=45DE1F88B189E2D453FEAEA559F02157A21F3DB92C7826 PKA3=B7C26B663BDDE355D1B516B7CE9F0D41A82A61FDC7A6B6 PKA4=6CB6896E6D2C61B33817C2927B032EC7FBE01D0B8BC75E