sept-sign: remove += for compatibility

This commit is contained in:
Michael Scire 2019-03-24 08:26:14 -07:00
parent dc1db0dc72
commit 1a82b407a4

View file

@ -32,8 +32,8 @@ def get_last_block_for_desired_mac(key, data, desired_mac):
k1 = shift_left_xor_rb(AES.new(key, AES.MODE_ECB).encrypt(bytearray(0x10))) k1 = shift_left_xor_rb(AES.new(key, AES.MODE_ECB).encrypt(bytearray(0x10)))
if len(data) & 0xF: if len(data) & 0xF:
k1 = shift_left_xor_rb(k1) k1 = shift_left_xor_rb(k1)
data += b'\x80' data = data + b'\x80'
data += bytearray((0x10 - (len(data) & 0xF)) & 0xF) data = data + bytearray((0x10 - (len(data) & 0xF)) & 0xF)
num_blocks = (len(data) + 0xF) >> 4 num_blocks = (len(data) + 0xF) >> 4
last_block = sxor(bytearray(AES.new(key, AES.MODE_ECB).decrypt(desired_mac)), bytearray(k1)) last_block = sxor(bytearray(AES.new(key, AES.MODE_ECB).decrypt(desired_mac)), bytearray(k1))
if len(data) > 0x0: if len(data) > 0x0:
@ -43,20 +43,20 @@ def get_last_block_for_desired_mac(key, data, desired_mac):
def sign_encrypt_code(code, sig_key, enc_key, iv, desired_mac): def sign_encrypt_code(code, sig_key, enc_key, iv, desired_mac):
# Pad with 0x20 of zeroes. # Pad with 0x20 of zeroes.
code += bytearray(0x20) code = code + bytearray(0x20)
code_len = len(code) code_len = len(code)
code_len += 0xFFF code_len += 0xFFF
code_len &= ~0xFFF code_len &= ~0xFFF
code += bytearray(code_len - len(code)) code = code + bytearray(code_len - len(code))
# Add empty trustzone, warmboot segments. # Add empty trustzone, warmboot segments.
code += bytearray(0x1FE0 - 0x10) code = code + bytearray(0x1FE0 - 0x10)
pk11_hdr = b'PK11' + pk('<IIIIIII', 0x1000, 0, 0, code_len - 0x20, 0, 0x1000, 0) pk11_hdr = b'PK11' + pk('<IIIIIII', 0x1000, 0, 0, code_len - 0x20, 0, 0x1000, 0)
pk11 = pk11_hdr + code pk11 = pk11_hdr + code
enc_pk11 = AES.new(enc_key, AES.MODE_CBC, iv).encrypt(pk11) enc_pk11 = AES.new(enc_key, AES.MODE_CBC, iv).encrypt(pk11)
enc_pk11 = pk('<IIII', len(pk11) + 0x10, 0, 0, 0) + iv + enc_pk11 enc_pk11 = pk('<IIII', len(pk11) + 0x10, 0, 0, 0) + iv + enc_pk11
enc_pk11 += get_last_block_for_desired_mac(sig_key, enc_pk11, desired_mac) enc_pk11 = enc_pk11 + get_last_block_for_desired_mac(sig_key, enc_pk11, desired_mac)
enc_pk11 += CMAC.new(sig_key, enc_pk11, AES).digest() enc_pk11 = enc_pk11 + CMAC.new(sig_key, enc_pk11, AES).digest()
return enc_pk11 return enc_pk11
@ -67,7 +67,7 @@ def main(argc, argv):
with open(argv[1], 'rb') as f: with open(argv[1], 'rb') as f:
code = f.read() code = f.read()
if len(code) & 0xF: if len(code) & 0xF:
code += bytearray(0x10 - (len(code) & 0xF)) code = code + bytearray(0x10 - (len(code) & 0xF))
# TODO: Support dev unit crypto # TODO: Support dev unit crypto
with open(argv[2], 'wb') as f: with open(argv[2], 'wb') as f:
f.write(sign_encrypt_code(code, KEYS.HOVI_SIG_KEY_PRD, KEYS.HOVI_ENC_KEY_PRD, KEYS.IV, b'THANKS_NVIDIA_<3')) f.write(sign_encrypt_code(code, KEYS.HOVI_SIG_KEY_PRD, KEYS.HOVI_ENC_KEY_PRD, KEYS.IV, b'THANKS_NVIDIA_<3'))