From 6ff55cefd060b4c8f6c0fa97d5521516f9ee43f1 Mon Sep 17 00:00:00 2001 From: a3955269 Date: Tue, 8 Jan 2013 16:14:56 +0000 Subject: Add Samsung TouchWiz decryption Change-Id: I418680e59372160dabfe3e2d5f0208229aa151ae --- crypto/libcrypt_samsung/Android.mk | 11 ++ crypto/libcrypt_samsung/include/libcrypt_samsung.h | 141 +++++++++++++++++++++ crypto/libcrypt_samsung/libcrypt_samsung.c | 68 ++++++++++ 3 files changed, 220 insertions(+) create mode 100644 crypto/libcrypt_samsung/Android.mk create mode 100644 crypto/libcrypt_samsung/include/libcrypt_samsung.h create mode 100644 crypto/libcrypt_samsung/libcrypt_samsung.c (limited to 'crypto/libcrypt_samsung') diff --git a/crypto/libcrypt_samsung/Android.mk b/crypto/libcrypt_samsung/Android.mk new file mode 100644 index 000000000..6e0e86903 --- /dev/null +++ b/crypto/libcrypt_samsung/Android.mk @@ -0,0 +1,11 @@ +LOCAL_PATH := $(call my-dir) + +ifneq ($(TARGET_SIMULATOR),true) + +include $(CLEAR_VARS) +LOCAL_MODULE := libcrypt_samsung +LOCAL_SRC_FILES := $(LOCAL_MODULE).c +LOCAL_MODULE_TAGS := eng +include $(BUILD_STATIC_LIBRARY) + +endif diff --git a/crypto/libcrypt_samsung/include/libcrypt_samsung.h b/crypto/libcrypt_samsung/include/libcrypt_samsung.h new file mode 100644 index 000000000..48c7b3e6d --- /dev/null +++ b/crypto/libcrypt_samsung/include/libcrypt_samsung.h @@ -0,0 +1,141 @@ +/* + * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved. + */ + +#ifndef __LIBCRYPT_SAMSUNG_H__ +#define __LIBCRYPT_SAMSUNG_H__ + +////////////////////////////////////////////////////////////////////////////// +// Name Address Ordinal +// ---- ------- ------- +// SECKM_AES_set_encrypt_key 000010D8 +// SECKM_AES_set_decrypt_key 00001464 +// SECKM_AES_encrypt 00001600 +// SECKM_AES_decrypt 00001A10 +// SECKM_aes_selftest 00001D94 +// verify_EDK 00001F7C +// encrypt_dek 00001FC8 +// decrypt_EDK 000020D4 +// change_EDK 0000218C +// generate_dek_salt 000022A4 +// create_EDK 000023A0 +// free_DEK 000024DC +// alloc_DEK 000024F4 +// SECKM_HMAC_SHA256 00002500 +// SECKM_HMAC_SHA256_selftest 00002690 +// pbkdf 000026FC +// pbkdf_selftest 00002898 +// _SECKM_PRNG_get16 00002958 +// SECKM_PRNG_get16 00002C48 +// _SECKM_PRNG_init 00002C54 +// SECKM_PRNG_selftest 00002F38 +// SECKM_PRNG_set_seed 00002FF0 +// SECKM_PRNG_init 00002FF8 +// SECKM_SHA256_Transform 00003004 +// SECKM_SHA256_Final 000031D8 +// SECKM_SHA256_Update 00003330 +// SECKM_SHA256_Init 000033FC +// SECKM_SHA2_selftest 00003430 +// integrity_check 00003488 +// update_system_property 00003580 +// setsec_km_fips_status 00003630 +// _all_checks 00003684 +// get_fips_status 000036D4 + + +// EDK Payload is defined as: +// Encrypted DEK – EDK itself +// HMAC of EDK (32 bytes ???) +// Salt 16 bytes + +#define EDK_MAGIC 0x1001e4b1 + +#pragma pack(1) + +typedef struct { + unsigned int magic; // EDK_MAGIC + unsigned int flags; // 2 + unsigned int zeros[6]; +} dek_t; + +typedef struct { + unsigned char data[32]; +} edk_t; + + +// size 0x70 -> 112 +typedef struct { + dek_t dek; + edk_t edk; + unsigned char hmac[32]; + unsigned char salt[16]; +} edk_payload_t; + +#pragma pack() + +////////////////////////////////////////////////////////////////////////////// + +int decrypt_EDK( + dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd); + +typedef int (*decrypt_EDK_t)( + dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd); + + +int verify_EDK(const edk_payload_t *edk, const char *passwd); +//change_EDK() +//create_EDK() + +// internally just mallocs 32 bytes +dek_t *alloc_DEK(); +void free_DEK(dek_t *dek); +//encrypt_dek() +//generate_dek_salt() + +//pbkdf(_buf_, "passwordPASSWORDpassword", 0x18, "saltSALTsaltSALTsaltSALTsaltSALTsalt", 0x24, 0x1000, 0x140); +int pbkdf( + void *buf, void *pw, int pwlen, void *salt, int saltlen, int hashcnt, + int keylen); + +// getprop("rw.km_fips_status") +// "ready, undefined, error_selftest, error_integrity" +int get_fips_status(); + +////////////////////////////////////////////////////////////////////////////// +// +// libsec_ecryptfs.so (internally uses libkeyutils.so) +// +// Name Address Ordinal +// ---- ------- ------- +// unmount_ecryptfs_drive 00000A78 +// mount_ecryptfs_drive 00000B48 +// fips_read_edk 00000E44 +// fips_save_edk 00000EA4 +// fips_create_edk 00000F20 +// fips_change_password 00001018 +// fips_delete_edk 00001124 +// + +// might depend on /data beeing mounted for reading /data/system/edk_p_sd +// +// filter +// 0: building options without file encryption filtering. +// 1: building options with media files filtering. +// 2: building options with all new files filtering. + +int mount_ecryptfs_drive( + const char *passwd, const char *source, const char *target, int filter); + +typedef int (*mount_ecryptfs_drive_t)( + const char *passwd, const char *source, const char *target, int filter); + +// calls 2 times umount2(source, MNT_EXPIRE) +int unmount_ecryptfs_drive( + const char *source); + +////////////////////////////////////////////////////////////////////////////// + +#endif // #ifndef __LIBCRYPT_SAMSUNG_H__ + +////////////////////////////////////////////////////////////////////////////// + diff --git a/crypto/libcrypt_samsung/libcrypt_samsung.c b/crypto/libcrypt_samsung/libcrypt_samsung.c new file mode 100644 index 000000000..4b9b9c5d5 --- /dev/null +++ b/crypto/libcrypt_samsung/libcrypt_samsung.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2013 a3955269 all rights reversed, no rights reserved. + */ + +////////////////////////////////////////////////////////////////////////////// + +#include +#include +#include + +#include "include/libcrypt_samsung.h" + +////////////////////////////////////////////////////////////////////////////// +void xconvert_key_to_hex_ascii(unsigned char *master_key, unsigned int keysize, + char *master_key_ascii) +{ + unsigned int i, a; + unsigned char nibble; + + for (i=0, a=0; i> 4) & 0xf; + master_key_ascii[a] = nibble + (nibble > 9 ? 0x37 : 0x30); + + nibble = master_key[i] & 0xf; + master_key_ascii[a+1] = nibble + (nibble > 9 ? 0x37 : 0x30); + } + + /* Add the null termination */ + master_key_ascii[a] = '\0'; + +} + +int decrypt_EDK( + dek_t *dek, const edk_payload_t *edk, /*const*/ char *passwd) +{ + void *lib = dlopen("libsec_km.so", RTLD_LAZY); + + if(!lib) + return -100; + + int r = -101; + decrypt_EDK_t sym = (decrypt_EDK_t)dlsym(lib, "decrypt_EDK"); + if(sym) + r = sym(dek, edk, passwd); + + dlclose(lib); + + return r; +} + +int mount_ecryptfs_drive( + const char *passwd, const char *source, const char *target, int filter) +{ + void *lib = dlopen("libsec_ecryptfs.so", RTLD_LAZY); + if(!lib) + return -100; + + int r = -101; + mount_ecryptfs_drive_t sym = (mount_ecryptfs_drive_t)dlsym(lib, "mount_ecryptfs_drive"); + if(sym) + r = sym(passwd, source, target, filter); + + dlclose(lib); + + return r; +} + -- cgit v1.2.3