Atmosphere/sept/sept-secondary/sept_sign.py

#!/usr/bin/env python
import sys, os
from struct import pack as pk, unpack as up
from Crypto.Cipher import AES
from Crypto.Hash import CMAC
try:
    import KEYS
except ImportError:
    import KEYS_template as KEYS
    print('Warning: output will not work on 7.0.0+!')


def shift_left_xor_rb(s):
    if hasattr(int, "from_bytes"):
      N = int.from_bytes(s, byteorder="big")
    else:
      N = int(s.encode('hex'), 16)

    if N & (1 << 127):
        N = ((N << 1) ^ 0x87) & 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    else:
        N = ((N << 1) ^ 0x00) & 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    return bytearray.fromhex('%032x' % N)


def sxor(x, y):
    return bytearray(a^b for a,b in zip(x, y))


def get_last_block_for_desired_mac(key, data, desired_mac):
    assert len(desired_mac) == 0x10
    k1 = shift_left_xor_rb(AES.new(key, AES.MODE_ECB).encrypt(bytearray(0x10)))
    if len(data) & 0xF:
        k1 = shift_left_xor_rb(k1)
        data = data + b'\x80'
        data = data + bytearray((0x10 - (len(data) & 0xF)) & 0xF)
    num_blocks = (len(data) + 0xF) >> 4
    last_block = sxor(bytearray(AES.new(key, AES.MODE_ECB).decrypt(desired_mac)), bytearray(k1))
    if len(data) > 0x0:
        last_block = sxor(last_block, bytearray(AES.new(key, AES.MODE_CBC, bytearray(0x10)).encrypt(data)[-0x10:]))
    return last_block


def sign_encrypt_code(code, sig_key, enc_key, iv, desired_mac, version):
    # Pad with 0x20 of zeroes.
    code = code + bytearray(0x20)
    code_len = len(code)
    code_len += 0xFFF
    code_len &= ~0xFFF
    code = code + bytearray(code_len - len(code))

    # Insert version
    code = code[:8] + pk('<I', version) + code[12:]

    # Add empty trustzone, warmboot segments.
    code = code + bytearray(0x1FE0 - 0x10)
    pk11_hdr = b'PK11' + pk('<IIIIIII', 0x1000, 0, 0, code_len - 0x20, 0, 0x1000, 0)
    pk11 = pk11_hdr + code
    enc_pk11 = AES.new(enc_key, AES.MODE_CBC, iv).encrypt(pk11)
    enc_pk11 = pk('<IIII', len(pk11) + 0x10, 0, 0, 0) + iv + enc_pk11
    enc_pk11 = enc_pk11 + get_last_block_for_desired_mac(sig_key, enc_pk11, desired_mac)
    enc_pk11 = enc_pk11 + CMAC.new(sig_key, enc_pk11, AES).digest()
    return enc_pk11


def main(argc, argv):
    if argc != 3:
        print('Usage: %s input output' % argv[0])
        return 1
    with open(argv[1], 'rb') as f:
        code = f.read()
    if len(code) & 0xF:
        code = code + bytearray(0x10 - (len(code) & 0xF))
    # TODO: Support dev unit crypto
    fn, fext = os.path.splitext(argv[2])
    for key in range(KEYS.NUM_KEYS):
        with open(fn + ('_%02X' % key) + fext, 'wb') as f:
            f.write(sign_encrypt_code(code, KEYS.HOVI_SIG_KEY_PRD[key], KEYS.HOVI_ENC_KEY_PRD[key], KEYS.IV[key], b'THANKS_NVIDIA_<3', key))
    return 0


if __name__ == '__main__':
    sys.exit(main(len(sys.argv), sys.argv))
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`#!/usr/bin/env python`
sept: update to support 8.1.0 2019-06-19 07:23:31 +01:00			`import sys, os`
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`from struct import pack as pk, unpack as up`
			`from Crypto.Cipher import AES`
			`from Crypto.Hash import CMAC`
sept-s: fix building without keys (output won't work though) 2019-02-20 21:26:54 +00:00			`try:`
			`import KEYS`
			`except ImportError:`
			`import KEYS_template as KEYS`
			`print('Warning: output will not work on 7.0.0+!')`
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00
sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00			`def shift_left_xor_rb(s):`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00			`if hasattr(int, "from_bytes"):`
			`N = int.from_bytes(s, byteorder="big")`
			`else:`
			`N = int(s.encode('hex'), 16)`

sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00			`if N & (1 << 127):`
			`N = ((N << 1) ^ 0x87) & 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF`
			`else:`
			`N = ((N << 1) ^ 0x00) & 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00			`return bytearray.fromhex('%032x' % N)`

sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00
			`def sxor(x, y):`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00			`return bytearray(a^b for a,b in zip(x, y))`


sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00			`def get_last_block_for_desired_mac(key, data, desired_mac):`
			`assert len(desired_mac) == 0x10`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00			`k1 = shift_left_xor_rb(AES.new(key, AES.MODE_ECB).encrypt(bytearray(0x10)))`
sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00			`if len(data) & 0xF:`
			`k1 = shift_left_xor_rb(k1)`
sept-sign: remove += for compatibility 2019-03-24 15:26:14 +00:00			`data = data + b'\x80'`
			`data = data + bytearray((0x10 - (len(data) & 0xF)) & 0xF)`
sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00			`num_blocks = (len(data) + 0xF) >> 4`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00			`last_block = sxor(bytearray(AES.new(key, AES.MODE_ECB).decrypt(desired_mac)), bytearray(k1))`
sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00			`if len(data) > 0x0:`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00			`last_block = sxor(last_block, bytearray(AES.new(key, AES.MODE_CBC, bytearray(0x10)).encrypt(data)[-0x10:]))`
sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00			`return last_block`

sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00
sept: update to support 8.1.0 2019-06-19 07:23:31 +01:00			`def sign_encrypt_code(code, sig_key, enc_key, iv, desired_mac, version):`
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`# Pad with 0x20 of zeroes.`
sept-sign: remove += for compatibility 2019-03-24 15:26:14 +00:00			`code = code + bytearray(0x20)`
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`code_len = len(code)`
			`code_len += 0xFFF`
			`code_len &= ~0xFFF`
sept-sign: remove += for compatibility 2019-03-24 15:26:14 +00:00			`code = code + bytearray(code_len - len(code))`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00
sept: update to support 8.1.0 2019-06-19 07:23:31 +01:00			`# Insert version`
			`code = code[:8] + pk('<I', version) + code[12:]`

sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`# Add empty trustzone, warmboot segments.`
sept-sign: remove += for compatibility 2019-03-24 15:26:14 +00:00			`code = code + bytearray(0x1FE0 - 0x10)`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00			`pk11_hdr = b'PK11' + pk('<IIIIIII', 0x1000, 0, 0, code_len - 0x20, 0, 0x1000, 0)`
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`pk11 = pk11_hdr + code`
			`enc_pk11 = AES.new(enc_key, AES.MODE_CBC, iv).encrypt(pk11)`
sept: implement cryptographic meme 2019-02-20 14:54:44 +00:00			`enc_pk11 = pk('<IIII', len(pk11) + 0x10, 0, 0, 0) + iv + enc_pk11`
sept-sign: remove += for compatibility 2019-03-24 15:26:14 +00:00			`enc_pk11 = enc_pk11 + get_last_block_for_desired_mac(sig_key, enc_pk11, desired_mac)`
			`enc_pk11 = enc_pk11 + CMAC.new(sig_key, enc_pk11, AES).digest()`
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`return enc_pk11`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00

sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`def main(argc, argv):`
			`if argc != 3:`
			`print('Usage: %s input output' % argv[0])`
			`return 1`
			`with open(argv[1], 'rb') as f:`
			`code = f.read()`
sept-secondary: reboot to clean state + grab keys from SE 2019-02-20 17:20:19 +00:00			`if len(code) & 0xF:`
sept-sign: remove += for compatibility 2019-03-24 15:26:14 +00:00			`code = code + bytearray(0x10 - (len(code) & 0xF))`
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`# TODO: Support dev unit crypto`
sept: update to support 8.1.0 2019-06-19 07:23:31 +01:00			`fn, fext = os.path.splitext(argv[2])`
			`for key in range(KEYS.NUM_KEYS):`
			`with open(fn + ('_%02X' % key) + fext, 'wb') as f:`
			`f.write(sign_encrypt_code(code, KEYS.HOVI_SIG_KEY_PRD[key], KEYS.HOVI_ENC_KEY_PRD[key], KEYS.IV[key], b'THANKS_NVIDIA_<3', key))`
sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`return 0`
sept_sign: Python 3 compat (#356) 2019-02-21 15:52:42 +00:00

sept: add secondary skeleton + buildscript 2019-02-20 14:31:46 +00:00			`if __name__ == '__main__':`
sept-secondary: Better meme compliance 2019-02-21 15:25:42 +00:00			`sys.exit(main(len(sys.argv), sys.argv))`