sbtools: add brute force option for sb1 in sbtoelf

After some reverse engineering, it appears that the keys of the
sb1 format are very weak: the 128 bytes are generated from the
laserfuse words 4,5 and 6 but in a weird manner: 4 and 5 are
simply ORed and 6 is only half used (somehow), making it "only" a
48 bit word to find.

Change-Id: I40702e19d0924ef51c01894efce3cb65bd664456

1 files changed, 17 insertions, 2 deletions

diff --git a/utils/imxtools/sbtools/misc.c b/utils/imxtools/sbtools/misc.c
index dae4f92121..b9f5d21f7e 100644
--- a/utils/imxtools/sbtools/misc.c
+++ b/utils/imxtools/sbtools/misc.c
@@ -117,8 +117,23 @@ bool parse_key(char **pstr, struct crypto_key_t *key)
     while(isspace(*str))
         str++;
     /* CRYPTO_KEY: 32 hex characters
-     * CRYPTO_USBOTP: usbotp(vid:pid) where vid and pid are hex numbers */
-    if(isxdigit(str[0]))
+     * CRYPTO_USBOTP: usbotp(vid:pid) where vid and pid are hex numbers
+     * CRYPTO_XOR_KEY: 256 hex characters */
+    if(isxdigit(str[0]) && strlen(str) >= 256 && isxdigit(str[32]))
+    {
+        for(int j = 0; j < 128; j++)
+        {
+            byte a, b;
+            if(convxdigit(str[2 * j], &a) || convxdigit(str[2 * j + 1], &b))
+                return false;
+            key->u.xor_key[j / 64].key[j % 64] = (a << 4) | b;
+        }
+        /* skip key */
+        *pstr = str + 256;
+        key->method = CRYPTO_XOR_KEY;
+        return true;
+    }
+    else if(isxdigit(str[0]))
     {
         if(strlen(str) < 32)
             return false;