02-14-2007, 01:50 AM | #1 |
Banned
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
|
Analysis of USB trace for flashing Reader
I grabbed a USB bus trace of the entire USB flashing process.
The bad news is that the process is conducted with encryption. I've been told Sony's indifference to hacking ends when we start cracking their encryption. |
02-14-2007, 03:27 AM | #2 |
Wizard
Posts: 3,442
Karma: 300001
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
|
The Sony updater does encrypt USB traffic while uploading firmware, but that is optional. The problem is, the new UsbUpdater requires an RSA signature to be sent together with the new FS image (before it was only a simple cheksum). It also first erases the target partition and then verifies the signature of the new image. That means that once you updated the firmware, you cannot upload custom images over USB as it was posssible before with ebook.py.
However, there are other ways to get into Reader |
Advert | |
|
02-14-2007, 05:39 AM | #3 |
Uebermensch
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
|
Shouldn't it be possible to read out the required RSA signature from ebookUsb.dll?
|
02-14-2007, 06:55 AM | #4 |
Wizard
Posts: 3,442
Karma: 300001
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
|
TadW, RSA doesn't work like that The firmware is signed with Sony's private key (the signatures are written in the "checksum" file), and verified on the device side by UsbUpdater with the public key. While the public key can be easily extracted, it won't help us in making valid signatures for our custom firmwares.
|
02-14-2007, 07:44 AM | #5 |
Uebermensch
Posts: 2,583
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
|
Ahhh... it is the firmware that is signed, I misunderstood. Thanks for the explanation
|
Advert | |
|
02-14-2007, 08:11 AM | #6 |
Guru
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
|
Sorry my ignorance, but isn't this is a blunt violation of GPL? GPL dictates that you must provide the user a method to recompile the sources and reflash the unit. Sony is actively trying to prevent us from doing this. This is worse than just not delivering the necessary tools.
Anyways, they use RSA 1024bit. Here the public key (without the spaces) See my post further down. Code:
f488fd584e49dbcd20b49de49107366b336c380d451d0f7c88b31c7c5b2d8ef6f3c923c043f0a55b188d8ebb558cb85d38d334fd7c175743a31d186cde33212cb52aff3ce1b1294018118d7c84a70a72d686c40319c807297aca950cd9969fabd00a509b0246d3083d66a45d419f9c7cbd894b221926baaba25ec355e92f78c7 |
02-14-2007, 08:18 AM | #7 |
Guru
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
|
Like igorsk said, I think at least USB traffic encryption is optional. They turn it on or off depending on the USB protocol version used.
|
02-14-2007, 08:24 AM | #8 |
Guru
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
|
Pardon me, I think above key is the wrong key used for the image hash. The right one (which Sony conveniently calls sigKeyPub) is attached.
|
02-14-2007, 08:44 AM | #9 |
Guru
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
|
Here is the code from the USB_UpdateCreatePartitionWithImage routine:
Code:
.text:00009B04 MOV R0, R4 .text:00009B08 LDR R1, =signature_5 .text:00009B0C BL check_signature ; ############# HERE ########## .text:00009B10 CMP R0, #0 .text:00009B14 BEQ checksum_ok .text:00009B18 .text:00009B18 checksum_bad ; CODE XREF: USB_UpdateCreatePartitionWithImage+330j .text:00009B18 LDR R5, =USB_FskErr_2 .text:00009B1C MVN R3, #4 .text:00009B20 .text:00009B20 loc_9B20 ; CODE XREF: USB_UpdateCreatePartitionWithImage+360j .text:00009B20 STR R3, [R5] .text:00009B24 .text:00009B24 loc_9B24 ; CODE XREF: USB_UpdateCreatePartitionWithImage+348j .text:00009B24 LDR R0, =aTmpImage ; remove temp file of image to flash .text:00009B28 BL _unlink .text:00009B2C MOV R2, #0x1000 ; size_t .text:00009B30 MOV R1, #0 ; int .text:00009B34 MOV R0, R7 ; void * .text:00009B38 BL _memset .text:00009B3C LDR R1, [R5] .text:00009B40 MOV R2, #0 .text:00009B44 MOV R3, #0xC .text:00009B48 STR R3, [R7,#0xC] .text:00009B4C STR R1, [R7,#0x14] .text:00009B50 STR R2, [R7,#8] .text:00009B54 STR R2, [R7,#0x18] .text:00009B58 B loc_99F8 ; jump to error routine .text:00009B5C ; --------------------------------------------------------------------------- .text:00009B5C .text:00009B5C checksum_ok ; CODE XREF: USB_UpdateCreatePartitionWithImage+2D8j |
02-14-2007, 09:05 AM | #10 |
Banned
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
|
The signature used appears to be a simple SHA-1. In my memory SHA-1 comes back classified as "toasted" meaning it can be "easily" broken.
|
02-14-2007, 09:09 AM | #11 | |
Feedbooks.com Co-Founder
Posts: 2,263
Karma: 145123
Join Date: Nov 2006
Location: Paris, France
Device: Sony PRS-t-1/350/300/500/505/600/700, Nexus S, iPad
|
Quote:
|
|
02-14-2007, 10:10 AM | #12 |
Guru
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
|
They use a combination of a SHA-1 hash and a RSA keypair.
The actual check_signature function: Code:
.text:0000AAE0 check_signature ; CODE XREF: USB_UpdateCreatePartitionWithImage+2D0p .text:0000AAE0 .text:0000AAE0 var_D4 = -0xD4 .text:0000AAE0 var_D0 = -0xD0 .text:0000AAE0 var_CC = -0xCC .text:0000AAE0 var_C8 = -0xC8 .text:0000AAE0 var_C4 = -0xC4 .text:0000AAE0 var_C0 = -0xC0 .text:0000AAE0 var_BC = -0xBC .text:0000AAE0 var_3C = -0x3C .text:0000AAE0 .text:0000AAE0 STMFD SP!, {R4-R8,LR} .text:0000AAE4 MOV R2, #0xC0 ; size_t .text:0000AAE8 SUB SP, SP, #0xBC .text:0000AAEC MOV R5, R0 .text:0000AAF0 MOV R6, R1 .text:0000AAF4 LDR R0, =ltc_mp ; void * .text:0000AAF8 LDR R1, =ltm_desc ; void * .text:0000AAFC BL _memcpy .text:0000AB00 LDR R0, =sha1_desc .text:0000AB04 BL register_hash .text:0000AB08 CMN R0, #1 .text:0000AB0C MOVEQ R12, R0 .text:0000AB10 BEQ loc_AB54 .text:0000AB14 LDR R0, =aSha1 .text:0000AB18 BL find_hash .text:0000AB1C CMN R0, #1 .text:0000AB20 MOV R4, R0 .text:0000AB24 MOVEQ R12, R0 .text:0000AB28 BEQ loc_AB54 .text:0000AB2C ADD R7, SP, #0xD4+var_BC .text:0000AB30 MOV R1, R5 .text:0000AB34 ADD R3, SP, #0xD4+var_C0 .text:0000AB38 MOV R5, #0x80 .text:0000AB3C MOV R2, R7 .text:0000AB40 STR R5, [SP,#0xD4+var_C0] .text:0000AB44 BL hash_file ; ### SHA-1 ### .text:0000AB48 CMP R0, #0 .text:0000AB4C BEQ SHA_OK .text:0000AB50 .text:0000AB50 CHECK_BAD ; CODE XREF: check_signature+9Cj .text:0000AB50 ; check_signature+CCj .text:0000AB50 MVN R12, #0 .text:0000AB54 .text:0000AB54 loc_AB54 ; CODE XREF: check_signature+30j .text:0000AB54 ; check_signature+48j .text:0000AB54 ; check_signature+E0j .text:0000AB54 MOV R0, R12 .text:0000AB58 ADD SP, SP, #0xBC .text:0000AB5C LDMFD SP!, {R4-R8,PC} .text:0000AB60 ; --------------------------------------------------------------------------- .text:0000AB60 .text:0000AB60 SHA_OK ; CODE XREF: check_signature+6Cj .text:0000AB60 ADD R8, SP, #0xD4+var_3C .text:0000AB64 LDR R0, =sigKeyPub .text:0000AB68 MOV R1, #0xA2 .text:0000AB6C MOV R2, R8 .text:0000AB70 BL rsa_import .text:0000AB74 CMP R0, #0 .text:0000AB78 MOV R12, R0 .text:0000AB7C BNE CHECK_BAD .text:0000AB80 STR R12, [SP,#0xD4+var_D0] .text:0000AB84 MOV R0, R6 .text:0000AB88 ADD R12, SP, #0xD4+var_C4 .text:0000AB8C MOV R1, R5 .text:0000AB90 MOV R2, R7 .text:0000AB94 LDR R3, [SP,#0xD4+var_C0] .text:0000AB98 STR R4, [SP,#0xD4+var_D4] .text:0000AB9C STR R12, [SP,#0xD4+var_CC] .text:0000ABA0 STR R8, [SP,#0xD4+var_C8] .text:0000ABA4 BL rsa_verify_hash ; ### RSA ### .text:0000ABA8 CMP R0, #0 .text:0000ABAC BNE CHECK_BAD .text:0000ABB0 LDR R3, [SP,#0xD4+var_C4] .text:0000ABB4 CMP R3, #0 .text:0000ABB8 MOVNE R12, #0 .text:0000ABBC MOVLEQ R12, 0xFFFFFFFF .text:0000ABC0 B loc_AB54 .text:0000ABC0 ; End of function check_signature .text:0000ABC0 .text:0000ABC0 ; --------------------------------------------------------------------------- .text:0000ABC4 ; void *off_ABC4 .text:0000ABC4 off_ABC4 DCD ltc_mp ; DATA XREF: check_signature+14r .text:0000ABC8 ; void *off_ABC8 .text:0000ABC8 off_ABC8 DCD ltm_desc ; DATA XREF: check_signature+18r .text:0000ABCC off_ABCC DCD sha1_desc ; DATA XREF: check_signature+20r .text:0000ABD0 off_ABD0 DCD aSha1 ; DATA XREF: check_signature+34r .text:0000ABD0 ; "sha1" .text:0000ABD4 off_ABD4 DCD sigKeyPub ; DATA XREF: check_signature+84r |
02-14-2007, 10:18 AM | #13 | |
Guru
Posts: 914
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
|
Quote:
|
|
02-14-2007, 10:52 AM | #14 |
Member
Posts: 16
Karma: 10
Join Date: Feb 2007
Device: /Reader/
|
> SHA-1 isn't that secure anymore, can be broken quite easily.
not easily at all - 2^69 operations were still required as I remember.. |
02-14-2007, 11:33 AM | #15 | |
Fanatic
Posts: 556
Karma: 1057213
Join Date: Sep 2006
Location: North Eastern U.S.
Device: Sony Reader
|
Quote:
Code:
23c219b68b720fad066722c27b59f2a6c8636e106c8166c060ca3f6f3b369a1ed52e2892132e6f777317ad884bbbc9cd82cb35fea2d6c04ffa90ae0f35636523a1f4cd07232d1d8e18d312716e3db7a7432f8ae3e94dd0cddbddea17197d88c2a6ba29cba5d1e08a53eda75589ee08f2f2d8f9f8461c367a2be379d13a992cf3 |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hilarious Paper vs Ebook analysis | notyou | General Discussions | 2 | 06-28-2010 04:39 PM |
Flashing your EZ Reader Pro | Moo Strength | Astak EZReader | 15 | 09-19-2009 06:30 PM |
LIT generation -- binary analysis help with the last %0.1? | llasram | Workshop | 12 | 12-13-2008 05:23 AM |
Analysis of the De Tijd-project | TadW | News | 1 | 04-17-2007 05:13 PM |
PRS-500 Flashing the Reader via SD/MS | scotty1024 | Sony Reader Dev Corner | 29 | 04-09-2007 07:31 AM |