chipmunkmc/mtkclient
1
0
Fork 0
mirror of https://github.com/bkerler/mtkclient.git synced 2024-11-14 19:25:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

EMI Version 15 test, hwcrypto tests

Browse source
This commit is contained in:
Bjoern Kerler 2022-12-14 13:19:10 +01:00
parent 8ab9116457
commit 5714a30b43
No known key found for this signature in database
GPG key ID: 52E823BB96A55380
7 changed files with 46 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
mtkclient/Library/daconfig.py
View file

@ -239,3 +239,12 @@ class DAconfig(metaclass=LogBase):
if self.da_loader is None: if self.da_loader is None:
self.error("No da_loader config set up") self.error("No da_loader config set up")
return self.da_loader return self.da_loader
if __name__ == "__main__":
from mtkclient.Library.mtk_class import Mtk
from mtkclient.Library.mtk_main import Mtk_Config
config = Mtk_Config(loglevel=logging.INFO, gui=None,
guiprogress=None)
mtkg=Mtk(config=config)
dac=DAconfig(mtk=mtkg)
dac.extract_emi("/home/bjk/Projects/mtkclient_github/preloader_meizu6795_lwt_l1.bin")

4
mtkclient/Library/hwcrypto.py
View file

@ -63,9 +63,13 @@ class hwcrypto(metaclass=LogBase):
if encrypt: if encrypt:
if mode == "cbc": if mode == "cbc":
return self.sej.hw_aes128_cbc_encrypt(buf=data, encrypt=True) return self.sej.hw_aes128_cbc_encrypt(buf=data, encrypt=True)
elif mode == "sst":
return self.sej.hw_aes128_sst_encrypt(buf=data, encrypt=True)
else: else:
if mode == "cbc": if mode == "cbc":
return self.sej.hw_aes128_cbc_encrypt(buf=data, encrypt=False) return self.sej.hw_aes128_cbc_encrypt(buf=data, encrypt=False)
elif mode == "sst":
return self.sej.hw_aes128_sst_encrypt(buf=data, encrypt=False)
if mode == "rpmb": if mode == "rpmb":
return self.sej.generate_rpmb(meid=data, otp=otp) return self.sej.generate_rpmb(meid=data, otp=otp)
elif mode == "mtee": elif mode == "mtee":

14
mtkclient/Library/hwcrypto_sej.py
View file

@ -6,6 +6,7 @@ from struct import pack, unpack
from mtkclient.Library.utils import LogBase from mtkclient.Library.utils import LogBase
from binascii import hexlify from binascii import hexlify
CustomSeed = bytearray(b"12abcdef")
# SEJ = Security Engine for JTAG protection # SEJ = Security Engine for JTAG protection
@ -454,6 +455,19 @@ class sej(metaclass=LogBase):
self.SEJ_Terminate() self.SEJ_Terminate()
return buf2 return buf2
def hw_aes128_sst_encrypt(self, buf, encrypt=True):
seed = (CustomSeed[2]<<16) | (CustomSeed[1]<<8) | CustomSeed[0] | (CustomSeed[3]<<24)
iv = [seed,(~seed)&0xFFFFFFFF,(((seed>>16)|(seed<<16))&0xFFFFFFFF),(~((seed>>16)|(seed<<16))&0xFFFFFFFF)]
self.tz_pre_init()
self.info("HACC init")
self.SEJ_Init(encrypt=encrypt, iv=iv)
self.info("HACC run")
buf2 = self.SEJ_Run(buf)
self.info("HACC terminate")
self.SEJ_Terminate()
return buf2
def sej_set_otp(self, data): def sej_set_otp(self, data):
pd = bytes_to_dwords(data) pd = bytes_to_dwords(data)
self.reg.HACC_SW_OTP0 = pd[0] self.reg.HACC_SW_OTP0 = pd[0]

2
mtkclient/Library/mtk_dalegacy.py
View file

@ -922,7 +922,7 @@ class DALegacy(metaclass=LogBase):
if ret == self.Rsp.ACK: if ret == self.Rsp.ACK:
self.info("Sending dram info ...") self.info("Sending dram info ...")
dramlength = len(self.daconfig.emi) dramlength = len(self.daconfig.emi)
if self.daconfig.emiver in [0x10, 0x14, 0x15]: if self.daconfig.emiver in [0xF, 0x10, 0x14, 0x15]:
dramlength = unpack(">I", self.usbread(0x4))[0] # 0x000000BC dramlength = unpack(">I", self.usbread(0x4))[0] # 0x000000BC
self.info("RAM-Length: " + hex(dramlength)) self.info("RAM-Length: " + hex(dramlength))
self.usbwrite(self.Rsp.ACK) self.usbwrite(self.Rsp.ACK)

BIN
mtkclient/Loader/MTK_AllInOne_DA.bin
View file

Binary file not shown.

BIN
mtkclient/Loader/MTK_AllInOne_DA_5.2152.bin
View file

Binary file not shown.

22
stage2
View file

@ -381,7 +381,7 @@ class Stage2(metaclass=LogBase):
retval["socid"] = hexlify(socid).decode('utf-8') retval["socid"] = hexlify(socid).decode('utf-8')
except Exception as err: except Exception as err:
pass pass
if self.setup.dxcc_base is not None and mode not in ["sej_aes_decrypt","sej_aes_encrypt","dxcc_sha256"]: if self.setup.dxcc_base is not None and mode not in ["sej_aes_decrypt","sej_aes_encrypt","sej_sst_decrypt","sej_sst_encrypt","dxcc_sha256"]:
rpmbkey = self.hwcrypto.aes_hwcrypt(btype="dxcc",mode="rpmb") rpmbkey = self.hwcrypto.aes_hwcrypt(btype="dxcc",mode="rpmb")
rpmb2key = self.hwcrypto.aes_hwcrypt(btype="dxcc", mode="rpmb2") rpmb2key = self.hwcrypto.aes_hwcrypt(btype="dxcc", mode="rpmb2")
fdekey = self.hwcrypto.aes_hwcrypt(btype="dxcc",mode="fde") fdekey = self.hwcrypto.aes_hwcrypt(btype="dxcc",mode="fde")
@ -417,7 +417,7 @@ class Stage2(metaclass=LogBase):
self.config.hwparam.writesetting("provkey", hexlify(provkey).decode('utf-8')) self.config.hwparam.writesetting("provkey", hexlify(provkey).decode('utf-8'))
retval["provkey"] = hexlify(provkey).decode('utf-8') retval["provkey"] = hexlify(provkey).decode('utf-8')
return retval, keyinfo return retval, keyinfo
elif self.setup.sej_base is not None and mode not in ["sej_aes_decrypt","sej_aes_encrypt","dxcc_sha256"]: elif self.setup.sej_base is not None and mode not in ["sej_aes_decrypt","sej_aes_encrypt","sej_sst_decrypt","sej_sst_encrypt","dxcc_sha256"]:
retval={} retval={}
rpmbkey = self.hwcrypto.aes_hwcrypt(mode="rpmb", data=meid, otp=otp, btype="sej") rpmbkey = self.hwcrypto.aes_hwcrypt(mode="rpmb", data=meid, otp=otp, btype="sej")
if rpmbkey: if rpmbkey:
@ -455,6 +455,18 @@ class Stage2(metaclass=LogBase):
keyinfo+="Data: " + hexlify(enc_data).decode('utf-8') keyinfo+="Data: " + hexlify(enc_data).decode('utf-8')
keyinfo+="\n" keyinfo+="\n"
return enc_data, keyinfo return enc_data, keyinfo
elif mode == "sej_sst_decrypt":
dec_data = self.hwcrypto.aes_hwcrypt(mode="sst", data=data, btype="sej", encrypt=False)
keyinfo+="\n"
keyinfo+="Data: " + hexlify(dec_data).decode('utf-8')
keyinfo+="\n"
return dec_data, keyinfo
elif mode == "sej_sst_encrypt":
enc_data = self.hwcrypto.aes_hwcrypt(mode="sst", data=data, btype="sej", encrypt=True)
keyinfo += "\n"
keyinfo += "Data: " + hexlify(enc_data).decode('utf-8')
keyinfo += "\n"
return enc_data, keyinfo
elif mode == "dxcc_sha256": elif mode == "dxcc_sha256":
sha256val = self.hwcrypto.aes_hwcrypt(mode="sha256", data=data, btype="dxcc") sha256val = self.hwcrypto.aes_hwcrypt(mode="sha256", data=data, btype="dxcc")
keyinfo+="\n" keyinfo+="\n"
@ -565,7 +577,9 @@ def main():
parser_keys.add_argument('--otp', dest='otp', type=str, parser_keys.add_argument('--otp', dest='otp', type=str,
help='OTP for keys (dxcc,sej,gcpu)') help='OTP for keys (dxcc,sej,gcpu)')
parser_keys.add_argument('--mode', dest='mode', default=None, type=str, parser_keys.add_argument('--mode', dest='mode', default=None, type=str,
help='keymode (dxcc,sej,gcpu)') help='keymode (dxcc,sej,gcpu,sej_aes_decrypt,sej_aes_decrypt,sej_sst_decrypt,sej_sst_encrypt')
parser_keys.add_argument('--data', dest='data', default=None, type=str,
help='data')
args = parser.parse_args() args = parser.parse_args()
cmd = args.cmd cmd = args.cmd
if cmd not in cmds: if cmd not in cmds:
@ -637,7 +651,7 @@ def main():
elif cmd == "keys": elif cmd == "keys":
keyinfo="" keyinfo=""
data=b"" data=b""
if args.mode == "sej_aes_decrypt" or args.mode == "sej_aes_encrypt": if args.mode in ["sej_aes_decrypt","sej_aes_encrypt","sej_sst_decrypt","sej_sst_encrypt"]:
if not args.data: if not args.data:
print("Option --data is needed") print("Option --data is needed")
exit(0) exit(0)