Hoo hooo hoo santa mprotect here gives new year presentmprotect wrote:Hi,
I attach some tools for decrypting/encrypting the CIP firmware files and a plugin for disabling the RSA signature check.
Try them on your own riskI tested the tools but I didn't flash a patched firmware yet.
Code: Select all
cip-update# make
gcc -O2 -Wall -pedantic -o decrypt_update decrypt_update.c -lcrypto
decrypt_update.c:8:25: error: openssl/evp.h: Datei oder Verzeichnis nicht gefunden
decrypt_update.c:9:25: error: openssl/rsa.h: Datei oder Verzeichnis nicht gefunden
decrypt_update.c:10:25: error: openssl/pem.h: Datei oder Verzeichnis nicht gefunden
decrypt_update.c: In function ?main?:
decrypt_update.c:103: warning: ISO C forbids nested functions
decrypt_update.c:103: error: expected ?=?, ?,?, ?;?, ?asm? or ?__attribute__? before ?*? token
decrypt_update.c:103: error: ?sha1? undeclared (first use in this function)
decrypt_update.c:103: error: (Each undeclared identifier is reported only once
decrypt_update.c:103: error: for each function it appears in.)
decrypt_update.c:104: warning: ISO C forbids nested functions
decrypt_update.c:104: error: expected ?=?, ?,?, ?;?, ?asm? or ?__attribute__? before ?*? token
decrypt_update.c:104: warning: ISO C90 forbids mixed declarations and code
decrypt_update.c:104: error: ?aes128cbc? undeclared (first use in this function)
decrypt_update.c:105: error: ?EVP_MD_CTX? undeclared (first use in this function)
decrypt_update.c:105: error: expected ?;? before ?keygen?
decrypt_update.c:106: error: expected ?;? before ?checksum?
decrypt_update.c:107: error: ?EVP_CIPHER_CTX? undeclared (first use in this function)
decrypt_update.c:107: error: expected ?;? before ?decrypt?
decrypt_update.c:108: warning: ISO C90 forbids mixed declarations and code
decrypt_update.c:131: error: ?RSA? undeclared (first use in this function)
decrypt_update.c:131: error: ?pubkey? undeclared (first use in this function)
decrypt_update.c:132: warning: ISO C90 forbids mixed declarations and code
decrypt_update.c:174: warning: implicit declaration of function ?strtoul?
decrypt_update.c:205: warning: implicit declaration of function ?OpenSSL_add_all_algorithms?
decrypt_update.c:210: warning: implicit declaration of function ?EVP_get_digestbyname?
decrypt_update.c:213: warning: implicit declaration of function ?EVP_cleanup?
decrypt_update.c:220: warning: implicit declaration of function ?EVP_get_cipherbyname?
decrypt_update.c:230: warning: implicit declaration of function ?EVP_MD_CTX_init?
decrypt_update.c:230: error: ?keygen? undeclared (first use in this function)
decrypt_update.c:233: warning: implicit declaration of function ?EVP_DigestInit?
decrypt_update.c:236: warning: implicit declaration of function ?EVP_MD_CTX_cleanup?
decrypt_update.c:244: warning: implicit declaration of function ?EVP_DigestUpdate?
decrypt_update.c:256: warning: implicit declaration of function ?EVP_DigestFinal?
decrypt_update.c:283: warning: implicit declaration of function ?EVP_BytesToKey?
decrypt_update.c:283: warning: implicit declaration of function ?EVP_md5?
decrypt_update.c:287: warning: implicit declaration of function ?EVP_CIPHER_CTX_init?
decrypt_update.c:287: error: ?decrypt? undeclared (first use in this function)
decrypt_update.c:289: warning: implicit declaration of function ?EVP_CipherInit?
decrypt_update.c:299: error: ?checksum? undeclared (first use in this function)
decrypt_update.c:304: warning: implicit declaration of function ?EVP_CIPHER_CTX_cleanup?
decrypt_update.c:318: warning: implicit declaration of function ?EVP_CipherUpdate?
decrypt_update.c:345: warning: implicit declaration of function ?EVP_CipherFinal?
decrypt_update.c:402: warning: implicit declaration of function ?PEM_read_RSAPublicKey?
decrypt_update.c:402: warning: comparison between pointer and integer
decrypt_update.c:420: warning: implicit declaration of function ?RSA_free?
decrypt_update.c:484: warning: implicit declaration of function ?free?
decrypt_update.c:484: warning: incompatible implicit declaration of built-in function ?free?
decrypt_update.c:487: warning: implicit declaration of function ?RSA_verify?
decrypt_update.c:487: error: ?NID_sha1? undeclared (first use in this function)
make: *** [decrypt_update] Fehler 1Code: Select all
make
gcc -O2 -Wall -pedantic -o decrypt_update decrypt_update.c -lcrypto
gcc -O2 -Wall -pedantic -o encrypt_update encrypt_update.c -lcrypto
arm-SamyGO-linux-gnueabi-gcc -O2 -Wall -o game/rsadis.so -s -shared disablesigcheck.c
make: arm-SamyGO-linux-gnueabi-gcc: Kommando nicht gefunden
make: *** [game/rsadis.so] Fehler 1271. happy new year to allmprotect wrote:Hi,
I attach some tools for decrypting/encrypting the CIP firmware files and a plugin for disabling the RSA signature check.
Try them on your own risk
Code: Select all
./decrypt_update T-CHUCIPDEUC/image/exe.img.sec exe.img
Decryption completed, CRC=0x43b976b9.
/decrypt_update T-CHUCIPDEUC/image/appdata.img.sec appdata.img
Decryption completed, CRC=0x5f2e612f.
cat T-CHUCIPDEUC/image/validinfo.txt
*007_exe.img_3724894e*011_appdata.img_04706d3d
../../Decompressors/unsquashfs-3.0 appdata.img
Major/Minor mismatch, filesystem on appdata.img is (26:0) <- ??????
I only support Squashfs 3.0 filesystems! Later releases will support older Squashfs filesystems
mount -o loop -t vfat exe.img tt
ll tt
ls: Zugriff auf tt/?0??.? nicht m?glich: Eingabe-/Ausgabefehler
insgesamt 882429568
-r-xr-xr-x 1 root root 436207622 1980-01-26 05:32 =?
? @
?.(?
* ...
arris69 wrote: tried different cip firmwares but no success, or do i miss the point?Code: Select all
./decrypt_update T-CHUCIPDEUC/image/exe.img.sec exe.img Decryption completed, CRC=0x43b976b9. /decrypt_update T-CHUCIPDEUC/image/appdata.img.sec appdata.img Decryption completed, CRC=0x5f2e612f. cat T-CHUCIPDEUC/image/validinfo.txt *007_exe.img_3724894e*011_appdata.img_04706d3d [/quote] The CRC checksums are wrong. You're trying to decrypt a T-CHUCIPDEUC image, not a T-CHLCIPDEUC image. That's why you need to adapt the xor key. Then it should work.
thnx.mprotect wrote:The CRC checksums are wrong. You're trying to decrypt a T-CHUCIPDEUC image, not a T-CHLCIPDEUC image. That's why you need to adapt the xor key. Then it should work.arris69 wrote:...
Code: Select all
/* static const unsigned char *key = (unsigned char *) "T-CHLCIPDEUC"; */
static const unsigned char *key = (unsigned char *) "T-CHUCIPDEUC";
AFAIk the signature is used only at flashing time. The checksum validated using the signature is calculated over the xor encrypted firmware. The checksums for runtime firmware verification seems to be generated by the TV after flashing.erdem_ua wrote:I wanted to ask mprotect that, what If we leave signature area null at re-encrypted file? Is kernel complain about that?
Or it is only check executables and kernel modules instead of whole image? And doesn't understand encryption code at Salt. Why don't we use "SamyGO__" as salt?
Answer of that salt question is nothing but my personal taste, because encryption is not important for us...mprotect wrote:AFAIk the signature is used only at flashing time. The checksum validated using the signature is calculated over the xor encrypted firmware. The checksums for runtime firmware verification seems to be generated by the TV after flashing.
Why should I uses SamyGO__ as salt?