chipmunkmc/mtkclient
1
0
Fork 0
mirror of https://github.com/bkerler/mtkclient.git synced 2024-11-14 19:25:05 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Prepare mtee rpmb generation support

Browse source
This commit is contained in:
Bjoern Kerler 2022-11-08 20:02:58 +01:00
parent 2e62c4a333
commit 5b59c34406
No known key found for this signature in database
GPG key ID: 52E823BB96A55380
5 changed files with 89 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
mtkclient/Library/hwcrypto.py
View file

@ -70,6 +70,8 @@ class hwcrypto(metaclass=LogBase):
return self.sej.generate_rpmb(meid=data, otp=otp)
elif mode == "mtee":
return self.sej.generate_mtee(otp=otp)
elif mode == "mtee3":
return self.sej.generate_mtee_hw(otp=otp)
elif btype == "gcpu":
addr = self.setup.da_payload_addr
if mode == "ecb":
@ -78,7 +80,7 @@ class hwcrypto(metaclass=LogBase):
if self.gcpu.aes_setup_cbc(addr=addr, data=data, iv=iv, encrypt=encrypt):
return self.gcpu.aes_read_cbc(addr=addr, encrypt=encrypt)
elif mode == "mtee":
if self.hwcode == 0x321:
if self.hwcode in [0x321]:
return self.gcpu.mtk_gcpu_mtee_6735()
elif self.hwcode in [0x8167,0x8163]:
return self.gcpu.mtk_gcpu_mtee_8167()

68
mtkclient/Library/hwcrypto_sej.py
View file

@ -146,6 +146,10 @@ class sej(metaclass=LogBase):
0x168BEE66, 0x1284B684, 0xDF3BCE3A, 0x217F6FA2
]
g_HACC_CFG_MTEE = [
0x9ED40400, 0xE884A1, 0xE3F083BD, 0x2F4E6D8A
]
def __init__(self, setup, loglevel=logging.INFO):
self.__logger = self.__logger
self.hwcode = setup.hwcode
@ -256,6 +260,59 @@ class sej(metaclass=LogBase):
# self.crypto_secure(1)
return
def SEJ_Init_MTEE(self, encrypt=True, iv=None):
if iv is None:
iv = self.g_HACC_CFG_MTEE
acon_setting = self.HACC_AES_CHG_BO_OFF | self.HACC_AES_CBC | self.HACC_AES_128
if encrypt:
acon_setting |= self.HACC_AES_ENC
else:
acon_setting |= self.HACC_AES_DEC
# clear key
self.reg.HACC_AKEY0 = 0
self.reg.HACC_AKEY1 = 0
self.reg.HACC_AKEY2 = 0
self.reg.HACC_AKEY3 = 0
self.reg.HACC_AKEY4 = 0
self.reg.HACC_AKEY5 = 0
self.reg.HACC_AKEY6 = 0
self.reg.HACC_AKEY7 = 0
self.reg.HACC_ACON2 = self.HACC_AES_CBC
self.reg.HACC_ACONK = self.HACC_AES_BK2C
self.reg.HACC_ACONK |= 0x100
self.reg.HACC_ACON = self.HACC_AES_CLR
self.reg.HACC_ACFG0 = iv[0]
self.reg.HACC_ACFG1 = iv[1]
self.reg.HACC_ACFG2 = iv[2]
self.reg.HACC_ACFG3 = iv[3]
for val in [[0x2d44bb70,0xa744d227,0xd0a9864b,0x83ffc244],
[0x7ec8266b,0x43e80fb2,0x1a6348a,0x2067f9a0],
[0x54536405,0xd546a6b1,0x1cc3ec3a,0xde377a83]]:
self.reg.HACC_ASRC0 = val[0]
self.reg.HACC_ASRC1 = val[1]
self.reg.HACC_ASRC2 = val[2]
self.reg.HACC_ASRC3 = val[3]
self.reg.HACC_ACON2 = self.HACC_AES_START
i = 0
while i < 20:
if self.reg.HACC_ACON2 & self.HACC_AES_RDY != 0:
break
i += 1
if i == 20:
self.error("SEJ Hardware seems not to be configured correctly. Results may be wrong.")
self.reg.HACC_ACON2 = self.HACC_AES_CBC
self.reg.HACC_ACFG0 = iv[0]
self.reg.HACC_ACFG1 = iv[1]
self.reg.HACC_ACFG2 = iv[2]
self.reg.HACC_ACFG3 = iv[3]
self.reg.HACC_ACON = acon_setting
self.reg.HACC_ACONK = 0x0
def SEJ_Init(self, encrypt=True, iv=None):
if iv is None:
iv = self.g_HACC_CFG_1
@ -549,3 +606,14 @@ class sej(metaclass=LogBase):
self.sej_key_config(meid)
res1 = self.sej_do_aes(True, None, meid, 32)
return self.sej_do_aes(True, None, res1, 32)
def generate_mtee_hw(self, otp=None):
if otp is not None:
self.sej_set_otp(otp)
self.info("HACC init")
self.SEJ_Init_MTEE(encrypt=True)
self.info("HACC run")
dec = self.SEJ_Run(bytes.fromhex("7777772E6D6564696174656B2E636F6D30313233343536373839414243444546"))
self.info("HACC terminate")
self.SEJ_Terminate()
return dec

6
mtkclient/Library/legacy_ext.py
View file

@ -303,6 +303,12 @@ class legacyext(metaclass=LogBase):
self.info("MTEE : " + hexlify(mtee).decode('utf-8'))
self.config.hwparam.writesetting("mtee", hexlify(mtee).decode('utf-8'))
retval["mtee"] = hexlify(mtee).decode('utf-8')
self.info("Generating sej mtee3...")
mtee3 = hwc.aes_hwcrypt(mode="mtee3", btype="sej")
if mtee3:
self.info("MTEE3 : " + hexlify(mtee3).decode('utf-8'))
self.config.hwparam.writesetting("mtee3", hexlify(mtee3).decode('utf-8'))
retval["mtee3"] = hexlify(mtee3).decode('utf-8')
else:
self.info("SEJ Mode: No meid found. Are you in brom mode ?")
if self.config.chipconfig.gcpu_base is not None:

5
mtkclient/Library/xflash_ext.py
View file

@ -668,6 +668,11 @@ class xflashext(metaclass=LogBase):
self.config.hwparam.writesetting("mtee", hexlify(mtee).decode('utf-8'))
self.info("MTEE : " + hexlify(mtee).decode('utf-8'))
retval["mtee"] = hexlify(mtee).decode('utf-8')
mtee3 = hwc.aes_hwcrypt(mode="mtee3", btype="sej")
if mtee3:
self.config.hwparam.writesetting("mtee3", hexlify(mtee3).decode('utf-8'))
self.info("MTEE3 : " + hexlify(mtee3).decode('utf-8'))
retval["mtee3"] = hexlify(mtee3).decode('utf-8')
else:
self.info("SEJ Mode: No meid found. Are you in brom mode ?")
if self.config.chipconfig.gcpu_base is not None:

6
stage2
View file

@ -430,6 +430,12 @@ class Stage2(metaclass=LogBase):
self.info("MTEE : " + hexlify(mtee).decode('utf-8'))
self.config.hwparam.writesetting("mtee", hexlify(mtee).decode('utf-8'))
retval["mtee"] = hexlify(mtee).decode('utf-8')
mtee3 = self.hwcrypto.aes_hwcrypt(mode="mtee3", otp=otp, btype="sej")
if mtee3:
self.info("MTEE3 : " + hexlify(mtee3).decode('utf-8'))
self.config.hwparam.writesetting("mtee3", hexlify(mtee3).decode('utf-8'))
retval["mtee3"] = hexlify(mtee3).decode('utf-8')
keyinfo+="\nKeys :\n-----------------------------------------\n"
keyinfo+="RPMB: " + hexlify(rpmbkey).decode('utf-8')
keyinfo+="\n"