the function check_hash does very interesting stuff with the cryptoengine, too:
probutus, nothing strange there
look:
Code: Select all
....
RAM:6701A4D8 STR R3, [R2,#0x454]
RAM:6701A4DC MOV R1, #0x2B
RAM:6701A4E0 STR R3, [R2,#0x458]
RAM:6701A4E4 STR R3, [R2,#0x45C]
RAM:6701A4E8 STR R3, [R2,#0x460]
....
reg 454 - 460 IV , 16 byte
code should be like :
Code: Select all
lldSe_WriteReg(0x440 + 4 , UINT32_BE( key ) );
lldSe_WriteReg(0x440 + 8 , UINT32_BE( key+4 ) );
lldSe_WriteReg(0x440 + 12, UINT32_BE( key+8 ) );
lldSe_WriteReg(0x450 , UINT32_BE( key+12 ) );
lldSe_WriteReg(0x450 + 4 , UINT32_BE( iv ) );
lldSe_WriteReg(0x450 + 8 , UINT32_BE( iv+4 ) );
lldSe_WriteReg(0x450 + 12, UINT32_BE( iv+8 ) );
lldSe_WriteReg(0x460 , UINT32_BE( iv+12 ) );
Code: Select all
RAM:6701A1B4 ORR R0, R9, R3 ; r0 = 0x80 | 0x10 =0x90
RAM:6701A1B8 STR R0, [R1,#0x430]
0x90 value = Custom Key , Encrypt -->0x90 & 1 = 0 --> AES_128_ECB
now clear ?
all tested and work ^..^
Denny