diff options
Diffstat (limited to 'utils/nwztools')
-rw-r--r-- | utils/nwztools/upgtools/upg.h | 175 |
1 files changed, 175 insertions, 0 deletions
diff --git a/utils/nwztools/upgtools/upg.h b/utils/nwztools/upgtools/upg.h new file mode 100644 index 0000000000..bc7c9787c9 --- /dev/null +++ b/utils/nwztools/upgtools/upg.h | |||
@@ -0,0 +1,175 @@ | |||
1 | /*************************************************************************** | ||
2 | * __________ __ ___. | ||
3 | * Open \______ \ ____ ____ | | _\_ |__ _______ ___ | ||
4 | * Source | _// _ \_/ ___\| |/ /| __ \ / _ \ \/ / | ||
5 | * Jukebox | | ( <_> ) \___| < | \_\ ( <_> > < < | ||
6 | * Firmware |____|_ /\____/ \___ >__|_ \|___ /\____/__/\_ \ | ||
7 | * \/ \/ \/ \/ \/ | ||
8 | * $Id$ | ||
9 | * | ||
10 | * Copyright (C) 2016 Amaury Pouly | ||
11 | * | ||
12 | * This program is free software; you can redistribute it and/or | ||
13 | * modify it under the terms of the GNU General Public License | ||
14 | * as published by the Free Software Foundation; either version 2 | ||
15 | * of the License, or (at your option) any later version. | ||
16 | * | ||
17 | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY | ||
18 | * KIND, either express or implied. | ||
19 | * | ||
20 | ****************************************************************************/ | ||
21 | #ifndef __UPG_H__ | ||
22 | #define __UPG_H__ | ||
23 | |||
24 | #include "misc.h" | ||
25 | #include "fwp.h" | ||
26 | #include "mg.h" | ||
27 | |||
28 | /** Firmware format | ||
29 | * | ||
30 | * The firmware starts with the MD5 hash of the entire file (except the MD5 hash | ||
31 | * itself of course). This is used to check that the file was not corrupted. | ||
32 | * The remaining of the file is encrypted (using DES) with the model key. The | ||
33 | * encrypted part starts with a header containing the model signature and the | ||
34 | * number of files. Since the header is encrypted, decrypting the header with | ||
35 | * the key and finding the right signature serves to authenticate the firmware. | ||
36 | * The header is followed by N entries (where N is the number of files) giving | ||
37 | * the offset, within the file, and size of each file. Note that the files in | ||
38 | * the firmware have no name. */ | ||
39 | |||
40 | struct upg_md5_t | ||
41 | { | ||
42 | uint8_t md5[16]; | ||
43 | }__attribute__((packed)); | ||
44 | |||
45 | struct upg_header_t | ||
46 | { | ||
47 | uint8_t sig[NWZ_SIG_SIZE]; | ||
48 | uint32_t nr_files; | ||
49 | uint32_t pad; // make sure structure size is a multiple of 8 | ||
50 | } __attribute__((packed)); | ||
51 | |||
52 | struct upg_entry_t | ||
53 | { | ||
54 | uint32_t offset; | ||
55 | uint32_t size; | ||
56 | } __attribute__((packed)); | ||
57 | |||
58 | /** KAS / Key / Signature | ||
59 | * | ||
60 | * Since this is all very confusing, we need some terminology and notations: | ||
61 | * - [X, Y, Z] is a sequence of bytes, for example: | ||
62 | * [8, 0x89, 42] | ||
63 | * is a sequence of three bytes. | ||
64 | * - "abcdef" is a string: it is a sequences of bytes where each byte happens to | ||
65 | * be the ASCII encoding of a letter. So for example: | ||
66 | * "abc" = [97, 98, 99] | ||
67 | * because 'a' has ASCII encoding 97 and so one | ||
68 | * - HexString(Seq) refers to the string where each byte of the original sequence | ||
69 | * is represented in hexadecimal by two ASCII characters. For example: | ||
70 | * HexString([8, 0x89, 42]) = "08892a" | ||
71 | * because 8 = 0x08 so it represented by "08" and 42 = 0x2a. Note that the length | ||
72 | * of HexString(Seq) is always exactly twice the length of Seq. | ||
73 | * - DES(Seq,Pass) is the result of encrypting Seq with Pass using the DES cipher. | ||
74 | * Seq must be a sequence of 8 bytes (known as a block) and Pass must be a | ||
75 | * sequence of 8 bytes. The result is also a 8-byte sequence. | ||
76 | * - ECB_DES([Block0, Block1, ..., BlockN], Pass) | ||
77 | * = [DES(Block0,Pass), DES(Block1,Pass), ..., DES(BlockN,Pass)] | ||
78 | * where Blocki is a block (8 byte). | ||
79 | * | ||
80 | * | ||
81 | * A firmware upgrade file is always encrypted using a Key. To authenticate it, | ||
82 | * the upgrade file (before encryption) contains a Sig(nature). The pair (Key,Sig) | ||
83 | * is refered to as KeySig and is specific to each series. For example all | ||
84 | * NWZ-E46x use the same KeySig but the NWZ-E46x and NWZ-A86x use different KeySig. | ||
85 | * In the details, a Key is a sequence of 8 bytes and a Sig is also a sequence | ||
86 | * of 8 bytes. A KeySig is a simply the concatenation of the Key followed by | ||
87 | * the Sig, so it is a sequence of 16 bytes. Probably in an attempt to obfuscate | ||
88 | * things a little further, Sony never provides the KeySig directly but instead | ||
89 | * encrypts it using DES in ECB mode using a hardcoded password and provides | ||
90 | * the hexadecimal string of the result, known as the KAS, which is thus a string | ||
91 | * of 32 ASCII characters. | ||
92 | * Note that since DES works on blocks of 8 bytes and ECB encrypts blocks | ||
93 | * independently, it is the same to encrypt the KeySig as once or encrypt the Key | ||
94 | * and Sig separately. | ||
95 | * | ||
96 | * To summarize: | ||
97 | * Key = [K0, K1, K2, ..., K7] (8 bytes) (model specific) | ||
98 | * Sig = [S0, S1, S2, ..., S7] (8 bytes) (model specific) | ||
99 | * KeySig = [Key, Sig] = [K0, ... K7, S0, ..., S7] (16 bytes) | ||
100 | * FwpPass = "ed295076" (8 bytes) (never changes) | ||
101 | * EncKeySig = ECB_DES(KeySig, FwpPass) = [DES(Key, FwpPass), DES(Sig, FwpPass)] | ||
102 | * KAS = HexString(EncKeySig) (32 characters) | ||
103 | * | ||
104 | * In theory, the Key and Sig can be any 8-byte sequence. In practice, they always | ||
105 | * are strings, probably to make it easier to write them down. In many cases, the | ||
106 | * Key and Sig are even the hexadecimal string of 4-byte sequences but it is | ||
107 | * unclear if this is the result of pure luck, confused engineers, lazyness on | ||
108 | * Sony's part or by design. The following code assumes that Key and Sig are | ||
109 | * strings (though it could easily be fixed to work with anything if this is | ||
110 | * really needed). | ||
111 | * | ||
112 | * | ||
113 | * Here is a real example, from the NWZ-E46x Series: | ||
114 | * Key = "6173819e" (note that this is a string and even a hex string in this case) | ||
115 | * Sig = "30b82e5c" | ||
116 | * KeySig = [Key, Sig] = "6173819e30b82e5c" | ||
117 | * FwpPass = "ed295076" (never changes) | ||
118 | * EncKeySig = ECB_DES(KeySig, FwpPass) | ||
119 | * = [0x8a, 0x01, 0xb6, ..., 0xc5] (16 bytes) | ||
120 | * KAS = HexString(EncKeySig) = "8a01b624bfbfde4a1662a1772220e3c5" | ||
121 | * | ||
122 | */ | ||
123 | |||
124 | /* API */ | ||
125 | |||
126 | struct nwz_model_t | ||
127 | { | ||
128 | const char *model; /* rockbox model codename */ | ||
129 | bool confirmed; | ||
130 | /* If the KAS is confirmed, it is the one extracted from the device. Otherwise, | ||
131 | * it is a KAS built from a key and sig brute-forced from an upgrade. In this | ||
132 | * case, the KAS might be different from the 'official' one although for all | ||
133 | * intent and purposes it should not make any difference. */ | ||
134 | char *kas; | ||
135 | }; | ||
136 | |||
137 | /* list of models with keys and status. Sentinel NULL entry at the end */ | ||
138 | extern struct nwz_model_t g_model_list[]; | ||
139 | |||
140 | /* An entry in the UPG file */ | ||
141 | struct upg_file_entry_t | ||
142 | { | ||
143 | void *data; | ||
144 | size_t size; | ||
145 | }; | ||
146 | |||
147 | struct upg_file_t | ||
148 | { | ||
149 | int nr_files; | ||
150 | struct upg_file_entry_t *files; | ||
151 | }; | ||
152 | |||
153 | /* decrypt a KAS into a key and signature, return <0 if the KAS contains a non-hex | ||
154 | * character */ | ||
155 | int decrypt_keysig(const char kas[NWZ_KAS_SIZE], char key[NWZ_KEY_SIZE], | ||
156 | char sig[NWZ_SIG_SIZE]); | ||
157 | /* encrypt a key and signature into a KAS */ | ||
158 | void encrypt_keysig(char kas[NWZ_KEY_SIZE], | ||
159 | const char key[NWZ_SIG_SIZE], const char sig[NWZ_KAS_SIZE]); | ||
160 | |||
161 | /* Read a UPG file: return a structure on a success or NULL on error. | ||
162 | * Note that the memory buffer is modified to perform in-place decryption. */ | ||
163 | struct upg_file_t *upg_read_memory(void *file, size_t size, char key[NWZ_KEY_SIZE], | ||
164 | char sig[NWZ_SIG_SIZE], void *u, generic_printf_t printf); | ||
165 | /* Write a UPG file: return a buffer containing the whole image, or NULL on error. */ | ||
166 | void *upg_write_memory(struct upg_file_t *file, char key[NWZ_KEY_SIZE], | ||
167 | char sig[NWZ_SIG_SIZE], size_t *out_size, void *u, generic_printf_t printf); | ||
168 | /* create empty upg file */ | ||
169 | struct upg_file_t *upg_new(void); | ||
170 | /* append a file to a upg, data is NOT copied */ | ||
171 | void upg_append(struct upg_file_t *file, void *data, size_t size); | ||
172 | /* release upg file, will free file data pointers */ | ||
173 | void upg_free(struct upg_file_t *file); | ||
174 | |||
175 | #endif /* __UPG_H__ */ | ||