FreeCalypso > hg > freecalypso-reveng
comparison miscprog/pirimei.c @ 129:597143ba1c37
miscellaneous C programs moved out of the top level directory
| author | Michael Spacefalcon <msokolov@ivan.Harhan.ORG> |
|---|---|
| date | Sun, 06 Apr 2014 20:20:39 +0000 |
| parents | pirimei.c@3f38da3933c2 |
| children |
comparison
equal
deleted
inserted
replaced
| 128:03f8a618689e | 129:597143ba1c37 |
|---|---|
| 1 /* | |
| 2 * This program recovers the IMEI of a Pirelli DP-L10 phone from a dump of | |
| 3 * its factory block (last 64 KiB sector of the 2nd flash chip select) and | |
| 4 * the corresponding dieid file as written by fc-loadtool. | |
| 5 * | |
| 6 * The location of the 16-byte encrypted IMEI record within the factory block | |
| 7 * (at offset 0x504) has been figured out with the help of the factdiff.c | |
| 8 * program, and the magic decryption & verification algorithm has been found in | |
| 9 * g23m/condat/com/src/comlib/cl_imei.c in the Leonardo semi-src by Sotovik. | |
| 10 */ | |
| 11 | |
| 12 #include <sys/types.h> | |
| 13 #include <openssl/des.h> | |
| 14 #include <ctype.h> | |
| 15 #include <stdio.h> | |
| 16 #include <stdlib.h> | |
| 17 | |
| 18 DES_cblock ciphertext[2], dieid_key, decrypted[2]; | |
| 19 DES_key_schedule keysched; | |
| 20 | |
| 21 read_ciphertext(filename) | |
| 22 char *filename; | |
| 23 { | |
| 24 FILE *f; | |
| 25 | |
| 26 f = fopen(filename, "r"); | |
| 27 if (!f) { | |
| 28 perror(filename); | |
| 29 exit(1); | |
| 30 } | |
| 31 fseek(f, 0x504L, 0); | |
| 32 fread(ciphertext, 8, 2, f); | |
| 33 fclose(f); | |
| 34 } | |
| 35 | |
| 36 decode_hexdigit(ch) | |
| 37 { | |
| 38 if (isdigit(ch)) | |
| 39 return(ch - '0'); | |
| 40 else if (isalpha(ch)) | |
| 41 return(ch - 'A' + 10); | |
| 42 else | |
| 43 return(ch - 'a' + 10); | |
| 44 } | |
| 45 | |
| 46 read_dieid_file(filename) | |
| 47 char *filename; | |
| 48 { | |
| 49 FILE *f; | |
| 50 int i; | |
| 51 char lb[64]; | |
| 52 | |
| 53 f = fopen(filename, "r"); | |
| 54 if (!f) { | |
| 55 perror(filename); | |
| 56 exit(1); | |
| 57 } | |
| 58 for (i = 0; i < 4; i++) { | |
| 59 fgets(lb, sizeof lb, f); | |
| 60 if (!isxdigit(lb[0]) || !isxdigit(lb[1]) || !isxdigit(lb[2]) || | |
| 61 !isxdigit(lb[3]) || !isxdigit(lb[4]) || !isxdigit(lb[5]) || | |
| 62 !isxdigit(lb[6]) || !isxdigit(lb[7]) || | |
| 63 lb[8] != ':' || lb[9] != ' ' || | |
| 64 !isxdigit(lb[10]) || !isxdigit(lb[11]) || | |
| 65 !isxdigit(lb[12]) || !isxdigit(lb[13]) || lb[14] != '\n') { | |
| 66 fprintf(stderr, "%s, line %d: differs from expected\n", | |
| 67 filename, i + 1); | |
| 68 exit(1); | |
| 69 } | |
| 70 dieid_key[i*2] = (decode_hexdigit(lb[12]) << 4) | | |
| 71 decode_hexdigit(lb[13]); | |
| 72 dieid_key[i*2+1] = 0; | |
| 73 } | |
| 74 fclose(f); | |
| 75 } | |
| 76 | |
| 77 print_des_cblock(msg, blk) | |
| 78 char *msg; | |
| 79 DES_cblock blk; | |
| 80 { | |
| 81 printf("%s: %02X %02X %02X %02X %02X %02X %02X %02X\n", msg, | |
| 82 blk[0], blk[1], blk[2], blk[3], blk[4], blk[5], blk[6], blk[7]); | |
| 83 } | |
| 84 | |
| 85 main(argc, argv) | |
| 86 char **argv; | |
| 87 { | |
| 88 if (argc != 3) { | |
| 89 fprintf(stderr, "usage: %s fact.bin dieid\n", argv[0]); | |
| 90 exit(1); | |
| 91 } | |
| 92 read_ciphertext(argv[1]); | |
| 93 read_dieid_file(argv[2]); | |
| 94 print_des_cblock("Key derived from die ID", &dieid_key); | |
| 95 print_des_cblock("Ciphertext block 1", &ciphertext[0]); | |
| 96 print_des_cblock("Ciphertext block 2", &ciphertext[1]); | |
| 97 DES_set_key_unchecked(&dieid_key, &keysched); | |
| 98 DES_ecb_encrypt(&ciphertext[0], &decrypted[0], &keysched, DES_DECRYPT); | |
| 99 print_des_cblock("1st decrypted block", &decrypted[0]); | |
| 100 DES_ecb_encrypt(&ciphertext[1], &decrypted[1], &keysched, DES_DECRYPT); | |
| 101 print_des_cblock("2nd decrypted block", &decrypted[1]); | |
| 102 exit(0); | |
| 103 } |