diff --git a/mtkclient/Library/daconfig.py b/mtkclient/Library/daconfig.py index 599056c..853e0d5 100755 --- a/mtkclient/Library/daconfig.py +++ b/mtkclient/Library/daconfig.py @@ -239,3 +239,12 @@ class DAconfig(metaclass=LogBase): if self.da_loader is None: self.error("No da_loader config set up") return self.da_loader + +if __name__ == "__main__": + from mtkclient.Library.mtk_class import Mtk + from mtkclient.Library.mtk_main import Mtk_Config + config = Mtk_Config(loglevel=logging.INFO, gui=None, + guiprogress=None) + mtkg=Mtk(config=config) + dac=DAconfig(mtk=mtkg) + dac.extract_emi("/home/bjk/Projects/mtkclient_github/preloader_meizu6795_lwt_l1.bin") \ No newline at end of file diff --git a/mtkclient/Library/hwcrypto.py b/mtkclient/Library/hwcrypto.py index 60c1de5..0125c5c 100755 --- a/mtkclient/Library/hwcrypto.py +++ b/mtkclient/Library/hwcrypto.py @@ -63,9 +63,13 @@ class hwcrypto(metaclass=LogBase): if encrypt: if mode == "cbc": return self.sej.hw_aes128_cbc_encrypt(buf=data, encrypt=True) + elif mode == "sst": + return self.sej.hw_aes128_sst_encrypt(buf=data, encrypt=True) else: if mode == "cbc": return self.sej.hw_aes128_cbc_encrypt(buf=data, encrypt=False) + elif mode == "sst": + return self.sej.hw_aes128_sst_encrypt(buf=data, encrypt=False) if mode == "rpmb": return self.sej.generate_rpmb(meid=data, otp=otp) elif mode == "mtee": diff --git a/mtkclient/Library/hwcrypto_sej.py b/mtkclient/Library/hwcrypto_sej.py index 38d6d9e..31a211b 100755 --- a/mtkclient/Library/hwcrypto_sej.py +++ b/mtkclient/Library/hwcrypto_sej.py @@ -6,6 +6,7 @@ from struct import pack, unpack from mtkclient.Library.utils import LogBase from binascii import hexlify +CustomSeed = bytearray(b"12abcdef") # SEJ = Security Engine for JTAG protection @@ -454,6 +455,19 @@ class sej(metaclass=LogBase): self.SEJ_Terminate() return buf2 + def hw_aes128_sst_encrypt(self, buf, encrypt=True): + seed = (CustomSeed[2]<<16) | (CustomSeed[1]<<8) | CustomSeed[0] | (CustomSeed[3]<<24) + iv = [seed,(~seed)&0xFFFFFFFF,(((seed>>16)|(seed<<16))&0xFFFFFFFF),(~((seed>>16)|(seed<<16))&0xFFFFFFFF)] + + self.tz_pre_init() + self.info("HACC init") + self.SEJ_Init(encrypt=encrypt, iv=iv) + self.info("HACC run") + buf2 = self.SEJ_Run(buf) + self.info("HACC terminate") + self.SEJ_Terminate() + return buf2 + def sej_set_otp(self, data): pd = bytes_to_dwords(data) self.reg.HACC_SW_OTP0 = pd[0] diff --git a/mtkclient/Library/mtk_dalegacy.py b/mtkclient/Library/mtk_dalegacy.py index 0667057..b7b5c70 100755 --- a/mtkclient/Library/mtk_dalegacy.py +++ b/mtkclient/Library/mtk_dalegacy.py @@ -922,7 +922,7 @@ class DALegacy(metaclass=LogBase): if ret == self.Rsp.ACK: self.info("Sending dram info ...") dramlength = len(self.daconfig.emi) - if self.daconfig.emiver in [0x10, 0x14, 0x15]: + if self.daconfig.emiver in [0xF, 0x10, 0x14, 0x15]: dramlength = unpack(">I", self.usbread(0x4))[0] # 0x000000BC self.info("RAM-Length: " + hex(dramlength)) self.usbwrite(self.Rsp.ACK) diff --git a/mtkclient/Loader/MTK_AllInOne_DA.bin b/mtkclient/Loader/MTK_AllInOne_DA.bin deleted file mode 100644 index 6ca796a..0000000 Binary files a/mtkclient/Loader/MTK_AllInOne_DA.bin and /dev/null differ diff --git a/mtkclient/Loader/MTK_AllInOne_DA_5.2152.bin b/mtkclient/Loader/MTK_AllInOne_DA_5.2152.bin deleted file mode 100644 index 003bf8e..0000000 Binary files a/mtkclient/Loader/MTK_AllInOne_DA_5.2152.bin and /dev/null differ diff --git a/stage2 b/stage2 index b134b7b..831518e 100755 --- a/stage2 +++ b/stage2 @@ -381,7 +381,7 @@ class Stage2(metaclass=LogBase): retval["socid"] = hexlify(socid).decode('utf-8') except Exception as err: pass - if self.setup.dxcc_base is not None and mode not in ["sej_aes_decrypt","sej_aes_encrypt","dxcc_sha256"]: + if self.setup.dxcc_base is not None and mode not in ["sej_aes_decrypt","sej_aes_encrypt","sej_sst_decrypt","sej_sst_encrypt","dxcc_sha256"]: rpmbkey = self.hwcrypto.aes_hwcrypt(btype="dxcc",mode="rpmb") rpmb2key = self.hwcrypto.aes_hwcrypt(btype="dxcc", mode="rpmb2") fdekey = self.hwcrypto.aes_hwcrypt(btype="dxcc",mode="fde") @@ -417,7 +417,7 @@ class Stage2(metaclass=LogBase): self.config.hwparam.writesetting("provkey", hexlify(provkey).decode('utf-8')) retval["provkey"] = hexlify(provkey).decode('utf-8') return retval, keyinfo - elif self.setup.sej_base is not None and mode not in ["sej_aes_decrypt","sej_aes_encrypt","dxcc_sha256"]: + elif self.setup.sej_base is not None and mode not in ["sej_aes_decrypt","sej_aes_encrypt","sej_sst_decrypt","sej_sst_encrypt","dxcc_sha256"]: retval={} rpmbkey = self.hwcrypto.aes_hwcrypt(mode="rpmb", data=meid, otp=otp, btype="sej") if rpmbkey: @@ -455,6 +455,18 @@ class Stage2(metaclass=LogBase): keyinfo+="Data: " + hexlify(enc_data).decode('utf-8') keyinfo+="\n" return enc_data, keyinfo + elif mode == "sej_sst_decrypt": + dec_data = self.hwcrypto.aes_hwcrypt(mode="sst", data=data, btype="sej", encrypt=False) + keyinfo+="\n" + keyinfo+="Data: " + hexlify(dec_data).decode('utf-8') + keyinfo+="\n" + return dec_data, keyinfo + elif mode == "sej_sst_encrypt": + enc_data = self.hwcrypto.aes_hwcrypt(mode="sst", data=data, btype="sej", encrypt=True) + keyinfo += "\n" + keyinfo += "Data: " + hexlify(enc_data).decode('utf-8') + keyinfo += "\n" + return enc_data, keyinfo elif mode == "dxcc_sha256": sha256val = self.hwcrypto.aes_hwcrypt(mode="sha256", data=data, btype="dxcc") keyinfo+="\n" @@ -565,7 +577,9 @@ def main(): parser_keys.add_argument('--otp', dest='otp', type=str, help='OTP for keys (dxcc,sej,gcpu)') parser_keys.add_argument('--mode', dest='mode', default=None, type=str, - help='keymode (dxcc,sej,gcpu)') + help='keymode (dxcc,sej,gcpu,sej_aes_decrypt,sej_aes_decrypt,sej_sst_decrypt,sej_sst_encrypt') + parser_keys.add_argument('--data', dest='data', default=None, type=str, + help='data') args = parser.parse_args() cmd = args.cmd if cmd not in cmds: @@ -637,7 +651,7 @@ def main(): elif cmd == "keys": keyinfo="" data=b"" - if args.mode == "sej_aes_decrypt" or args.mode == "sej_aes_encrypt": + if args.mode in ["sej_aes_decrypt","sej_aes_encrypt","sej_sst_decrypt","sej_sst_encrypt"]: if not args.data: print("Option --data is needed") exit(0)