chitu_crypt.py 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127
  1. Import("env")
  2. import os
  3. import random
  4. import struct
  5. import uuid
  6. # Relocate firmware from 0x08000000 to 0x08008800
  7. env['CPPDEFINES'].remove(("VECT_TAB_ADDR", "0x8000000"))
  8. env['CPPDEFINES'].append(("VECT_TAB_ADDR", "0x08008800"))
  9. custom_ld_script = os.path.abspath("buildroot/share/PlatformIO/ldscripts/chitu_f103.ld")
  10. for i, flag in enumerate(env["LINKFLAGS"]):
  11. if "-Wl,-T" in flag:
  12. env["LINKFLAGS"][i] = "-Wl,-T" + custom_ld_script
  13. elif flag == "-T":
  14. env["LINKFLAGS"][i + 1] = custom_ld_script
  15. def calculate_crc(contents, seed):
  16. accumulating_xor_value = seed;
  17. for i in range(0, len(contents), 4):
  18. value = struct.unpack('<I', contents[ i : i + 4])[0]
  19. accumulating_xor_value = accumulating_xor_value ^ value
  20. return accumulating_xor_value
  21. def xor_block(r0, r1, block_number, block_size, file_key):
  22. # This is the loop counter
  23. loop_counter = 0x0
  24. # This is the key length
  25. key_length = 0x18
  26. # This is an initial seed
  27. xor_seed = 0x4BAD
  28. # This is the block counter
  29. block_number = xor_seed * block_number
  30. #load the xor key from the file
  31. r7 = file_key
  32. for loop_counter in range(0, block_size):
  33. # meant to make sure different bits of the key are used.
  34. xor_seed = int(loop_counter/key_length)
  35. # IP is a scratch register / R12
  36. ip = loop_counter - (key_length * xor_seed)
  37. # xor_seed = (loop_counter * loop_counter) + block_number
  38. xor_seed = (loop_counter * loop_counter) + block_number
  39. # shift the xor_seed left by the bits in IP.
  40. xor_seed = xor_seed >> ip
  41. # load a byte into IP
  42. ip = r0[loop_counter]
  43. # XOR the seed with r7
  44. xor_seed = xor_seed ^ r7
  45. # and then with IP
  46. xor_seed = xor_seed ^ ip
  47. #Now store the byte back
  48. r1[loop_counter] = xor_seed & 0xFF
  49. #increment the loop_counter
  50. loop_counter = loop_counter + 1
  51. def encrypt_file(input, output_file, file_length):
  52. input_file = bytearray(input.read())
  53. block_size = 0x800
  54. key_length = 0x18
  55. uid_value = uuid.uuid4()
  56. file_key = int(uid_value.hex[0:8], 16)
  57. xor_crc = 0xEF3D4323;
  58. # the input file is exepcted to be in chunks of 0x800
  59. # so round the size
  60. while len(input_file) % block_size != 0:
  61. input_file.extend(b'0x0')
  62. # write the file header
  63. output_file.write(struct.pack(">I", 0x443D2D3F))
  64. # encrypt the contents using a known file header key
  65. # write the file_key
  66. output_file.write(struct.pack("<I", file_key))
  67. #TODO - how to enforce that the firmware aligns to block boundaries?
  68. block_count = int(len(input_file) / block_size)
  69. print ("Block Count is ", block_count)
  70. for block_number in range(0, block_count):
  71. block_offset = (block_number * block_size)
  72. block_end = block_offset + block_size
  73. block_array = bytearray(input_file[block_offset: block_end])
  74. xor_block(block_array, block_array, block_number, block_size, file_key)
  75. for n in range (0, block_size):
  76. input_file[block_offset + n] = block_array[n]
  77. # update the expected CRC value.
  78. xor_crc = calculate_crc(block_array, xor_crc)
  79. # write CRC
  80. output_file.write(struct.pack("<I", xor_crc))
  81. # finally, append the encrypted results.
  82. output_file.write(input_file)
  83. return
  84. # Encrypt ${PROGNAME}.bin and save it as 'update.cbd'
  85. def encrypt(source, target, env):
  86. firmware = open(target[0].path, "rb")
  87. update = open(target[0].dir.path +'/update.cbd', "wb")
  88. length = os.path.getsize(target[0].path)
  89. encrypt_file(firmware, update, length)
  90. firmware.close()
  91. update.close()
  92. env.AddPostAction("$BUILD_DIR/${PROGNAME}.bin", encrypt);