From b05b762ed45c6c8967fce098c598ec1a6ed7a533 Mon Sep 17 00:00:00 2001 From: Amaury Pouly Date: Sat, 16 Feb 2013 20:47:07 +0100 Subject: sbtools: add brute force option for sb1 in sbtoelf After some reverse engineering, it appears that the keys of the sb1 format are very weak: the 128 bytes are generated from the laserfuse words 4,5 and 6 but in a weird manner: 4 and 5 are simply ORed and 6 is only half used (somehow), making it "only" a 48 bit word to find. Change-Id: I40702e19d0924ef51c01894efce3cb65bd664456 --- utils/imxtools/sbtools/misc.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'utils/imxtools/sbtools/misc.c') diff --git a/utils/imxtools/sbtools/misc.c b/utils/imxtools/sbtools/misc.c index dae4f92121..b9f5d21f7e 100644 --- a/utils/imxtools/sbtools/misc.c +++ b/utils/imxtools/sbtools/misc.c @@ -117,8 +117,23 @@ bool parse_key(char **pstr, struct crypto_key_t *key) while(isspace(*str)) str++; /* CRYPTO_KEY: 32 hex characters - * CRYPTO_USBOTP: usbotp(vid:pid) where vid and pid are hex numbers */ - if(isxdigit(str[0])) + * CRYPTO_USBOTP: usbotp(vid:pid) where vid and pid are hex numbers + * CRYPTO_XOR_KEY: 256 hex characters */ + if(isxdigit(str[0]) && strlen(str) >= 256 && isxdigit(str[32])) + { + for(int j = 0; j < 128; j++) + { + byte a, b; + if(convxdigit(str[2 * j], &a) || convxdigit(str[2 * j + 1], &b)) + return false; + key->u.xor_key[j / 64].key[j % 64] = (a << 4) | b; + } + /* skip key */ + *pstr = str + 256; + key->method = CRYPTO_XOR_KEY; + return true; + } + else if(isxdigit(str[0])) { if(strlen(str) < 32) return false; -- cgit v1.2.3