Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book Readers > Sony Reader > Sony Reader Dev Corner

Notices

Reply
 
Thread Tools Search this Thread
Old 02-14-2007, 02:50 AM   #1
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
Unhappy Analysis of USB trace for flashing Reader

I grabbed a USB bus trace of the entire USB flashing process.

The bad news is that the process is conducted with encryption.

I've been told Sony's indifference to hacking ends when we start cracking their encryption.
scotty1024 is offline   Reply With Quote
Old 02-14-2007, 04:27 AM   #2
igorsk
Wizard
igorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfolded
 
Posts: 3,443
Karma: 52235
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
The Sony updater does encrypt USB traffic while uploading firmware, but that is optional. The problem is, the new UsbUpdater requires an RSA signature to be sent together with the new FS image (before it was only a simple cheksum). It also first erases the target partition and then verifies the signature of the new image. That means that once you updated the firmware, you cannot upload custom images over USB as it was posssible before with ebook.py.
However, there are other ways to get into Reader
igorsk is offline   Reply With Quote
Old 02-14-2007, 06:39 AM   #3
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,582
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
Shouldn't it be possible to read out the required RSA signature from ebookUsb.dll?
TadW is offline   Reply With Quote
Old 02-14-2007, 07:55 AM   #4
igorsk
Wizard
igorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfoldedigorsk reads XML... blindfolded
 
Posts: 3,443
Karma: 52235
Join Date: Sep 2006
Location: Belgium
Device: PRS-500/505/700, Kindle, Cybook Gen3, Words Gear
TadW, RSA doesn't work like that The firmware is signed with Sony's private key (the signatures are written in the "checksum" file), and verified on the device side by UsbUpdater with the public key. While the public key can be easily extracted, it won't help us in making valid signatures for our custom firmwares.
igorsk is offline   Reply With Quote
Old 02-14-2007, 08:44 AM   #5
TadW
Uebermensch
TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.TadW ought to be getting tired of karma fortunes by now.
 
TadW's Avatar
 
Posts: 2,582
Karma: 1094606
Join Date: Jul 2003
Location: Italy
Device: Kindle
Ahhh... it is the firmware that is signed, I misunderstood. Thanks for the explanation
TadW is offline   Reply With Quote
Old 02-14-2007, 09:11 AM   #6
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 897
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
Sorry my ignorance, but isn't this is a blunt violation of GPL? GPL dictates that you must provide the user a method to recompile the sources and reflash the unit. Sony is actively trying to prevent us from doing this. This is worse than just not delivering the necessary tools.

Anyways, they use RSA 1024bit. Here the public key (without the spaces) See my post further down.

Code:
f488fd584e49dbcd20b49de49107366b336c380d451d0f7c88b31c7c5b2d8ef6f3c923c043f0a55b188d8ebb558cb85d38d334fd7c175743a31d186cde33212cb52aff3ce1b1294018118d7c84a70a72d686c40319c807297aca950cd9969fabd00a509b0246d3083d66a45d419f9c7cbd894b221926baaba25ec355e92f78c7
doctorow is offline   Reply With Quote
Old 02-14-2007, 09:18 AM   #7
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 897
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
Like igorsk said, I think at least USB traffic encryption is optional. They turn it on or off depending on the USB protocol version used.
doctorow is offline   Reply With Quote
Old 02-14-2007, 09:24 AM   #8
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 897
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
Pardon me, I think above key is the wrong key used for the image hash. The right one (which Sony conveniently calls sigKeyPub) is attached.
Attached Files
File Type: bin pubkey.bin (140 Bytes, 223 views)
doctorow is offline   Reply With Quote
Old 02-14-2007, 09:44 AM   #9
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 897
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
Here is the code from the USB_UpdateCreatePartitionWithImage routine:

Code:
.text:00009B04                 MOV     R0, R4
.text:00009B08                 LDR     R1, =signature_5
.text:00009B0C                 BL      check_signature ; ############# HERE ##########
.text:00009B10                 CMP     R0, #0
.text:00009B14                 BEQ     checksum_ok
.text:00009B18
.text:00009B18 checksum_bad                            ; CODE XREF: USB_UpdateCreatePartitionWithImage+330j
.text:00009B18                 LDR     R5, =USB_FskErr_2
.text:00009B1C                 MVN     R3, #4
.text:00009B20
.text:00009B20 loc_9B20                                ; CODE XREF: USB_UpdateCreatePartitionWithImage+360j
.text:00009B20                 STR     R3, [R5]
.text:00009B24
.text:00009B24 loc_9B24                                ; CODE XREF: USB_UpdateCreatePartitionWithImage+348j
.text:00009B24                 LDR     R0, =aTmpImage  ; remove temp file of image to flash
.text:00009B28                 BL      _unlink
.text:00009B2C                 MOV     R2, #0x1000     ; size_t
.text:00009B30                 MOV     R1, #0          ; int
.text:00009B34                 MOV     R0, R7          ; void *
.text:00009B38                 BL      _memset
.text:00009B3C                 LDR     R1, [R5]
.text:00009B40                 MOV     R2, #0
.text:00009B44                 MOV     R3, #0xC
.text:00009B48                 STR     R3, [R7,#0xC]
.text:00009B4C                 STR     R1, [R7,#0x14]
.text:00009B50                 STR     R2, [R7,#8]
.text:00009B54                 STR     R2, [R7,#0x18]
.text:00009B58                 B       loc_99F8        ; jump to error routine
.text:00009B5C ; ---------------------------------------------------------------------------
.text:00009B5C
.text:00009B5C checksum_ok                             ; CODE XREF: USB_UpdateCreatePartitionWithImage+2D8j
The actual flashing is done through the external nblsdm tool (attached). Igor wrote some more about the use of nblsdm in this thread.
Attached Files
File Type: gz flashtools.tar.gz (24.2 KB, 253 views)
doctorow is offline   Reply With Quote
Old 02-14-2007, 10:05 AM   #10
scotty1024
Banned
scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.scotty1024 is no ebook tyro.
 
Posts: 1,300
Karma: 1479
Join Date: Jul 2006
Location: Peoples Republic of Washington
Device: Reader / iPhone / Librie / Kindle
The signature used appears to be a simple SHA-1. In my memory SHA-1 comes back classified as "toasted" meaning it can be "easily" broken.
scotty1024 is offline   Reply With Quote
Old 02-14-2007, 10:09 AM   #11
Hadrien
Feedbooks.com Co-Founder
Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.Hadrien understands the importance of being earnest.
 
Hadrien's Avatar
 
Posts: 2,265
Karma: 145123
Join Date: Nov 2006
Location: Paris, France
Device: Sony PRS-t-1/350/300/500/505/600/700, Nexus S, iPad
Quote:
Originally Posted by scotty1024
The signature used appears to be a simple SHA-1. In my memory SHA-1 comes back classified as "toasted" meaning it can be "easily" broken.
Yes, SHA-1 isn't that secure anymore, can be broken quite easily.
Hadrien is offline   Reply With Quote
Old 02-14-2007, 11:10 AM   #12
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 897
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
They use a combination of a SHA-1 hash and a RSA keypair.

The actual check_signature function:
Code:
.text:0000AAE0 check_signature                         ; CODE XREF: USB_UpdateCreatePartitionWithImage+2D0p
.text:0000AAE0
.text:0000AAE0 var_D4          = -0xD4
.text:0000AAE0 var_D0          = -0xD0
.text:0000AAE0 var_CC          = -0xCC
.text:0000AAE0 var_C8          = -0xC8
.text:0000AAE0 var_C4          = -0xC4
.text:0000AAE0 var_C0          = -0xC0
.text:0000AAE0 var_BC          = -0xBC
.text:0000AAE0 var_3C          = -0x3C
.text:0000AAE0
.text:0000AAE0                 STMFD   SP!, {R4-R8,LR}
.text:0000AAE4                 MOV     R2, #0xC0       ; size_t
.text:0000AAE8                 SUB     SP, SP, #0xBC
.text:0000AAEC                 MOV     R5, R0
.text:0000AAF0                 MOV     R6, R1
.text:0000AAF4                 LDR     R0, =ltc_mp     ; void *
.text:0000AAF8                 LDR     R1, =ltm_desc   ; void *
.text:0000AAFC                 BL      _memcpy
.text:0000AB00                 LDR     R0, =sha1_desc
.text:0000AB04                 BL      register_hash
.text:0000AB08                 CMN     R0, #1
.text:0000AB0C                 MOVEQ   R12, R0
.text:0000AB10                 BEQ     loc_AB54
.text:0000AB14                 LDR     R0, =aSha1
.text:0000AB18                 BL      find_hash
.text:0000AB1C                 CMN     R0, #1
.text:0000AB20                 MOV     R4, R0
.text:0000AB24                 MOVEQ   R12, R0
.text:0000AB28                 BEQ     loc_AB54
.text:0000AB2C                 ADD     R7, SP, #0xD4+var_BC
.text:0000AB30                 MOV     R1, R5
.text:0000AB34                 ADD     R3, SP, #0xD4+var_C0
.text:0000AB38                 MOV     R5, #0x80
.text:0000AB3C                 MOV     R2, R7
.text:0000AB40                 STR     R5, [SP,#0xD4+var_C0]
.text:0000AB44                 BL      hash_file       ; ### SHA-1 ###
.text:0000AB48                 CMP     R0, #0
.text:0000AB4C                 BEQ     SHA_OK
.text:0000AB50
.text:0000AB50 CHECK_BAD                               ; CODE XREF: check_signature+9Cj
.text:0000AB50                                         ; check_signature+CCj
.text:0000AB50                 MVN     R12, #0
.text:0000AB54
.text:0000AB54 loc_AB54                                ; CODE XREF: check_signature+30j
.text:0000AB54                                         ; check_signature+48j
.text:0000AB54                                         ; check_signature+E0j
.text:0000AB54                 MOV     R0, R12
.text:0000AB58                 ADD     SP, SP, #0xBC
.text:0000AB5C                 LDMFD   SP!, {R4-R8,PC}
.text:0000AB60 ; ---------------------------------------------------------------------------
.text:0000AB60
.text:0000AB60 SHA_OK                                  ; CODE XREF: check_signature+6Cj
.text:0000AB60                 ADD     R8, SP, #0xD4+var_3C
.text:0000AB64                 LDR     R0, =sigKeyPub
.text:0000AB68                 MOV     R1, #0xA2
.text:0000AB6C                 MOV     R2, R8
.text:0000AB70                 BL      rsa_import
.text:0000AB74                 CMP     R0, #0
.text:0000AB78                 MOV     R12, R0
.text:0000AB7C                 BNE     CHECK_BAD
.text:0000AB80                 STR     R12, [SP,#0xD4+var_D0]
.text:0000AB84                 MOV     R0, R6
.text:0000AB88                 ADD     R12, SP, #0xD4+var_C4
.text:0000AB8C                 MOV     R1, R5
.text:0000AB90                 MOV     R2, R7
.text:0000AB94                 LDR     R3, [SP,#0xD4+var_C0]
.text:0000AB98                 STR     R4, [SP,#0xD4+var_D4]
.text:0000AB9C                 STR     R12, [SP,#0xD4+var_CC]
.text:0000ABA0                 STR     R8, [SP,#0xD4+var_C8]
.text:0000ABA4                 BL      rsa_verify_hash ; ### RSA ###
.text:0000ABA8                 CMP     R0, #0
.text:0000ABAC                 BNE     CHECK_BAD
.text:0000ABB0                 LDR     R3, [SP,#0xD4+var_C4]
.text:0000ABB4                 CMP     R3, #0
.text:0000ABB8                 MOVNE   R12, #0
.text:0000ABBC                 MOVLEQ  R12, 0xFFFFFFFF
.text:0000ABC0                 B       loc_AB54
.text:0000ABC0 ; End of function check_signature
.text:0000ABC0
.text:0000ABC0 ; ---------------------------------------------------------------------------
.text:0000ABC4 ; void *off_ABC4
.text:0000ABC4 off_ABC4        DCD ltc_mp              ; DATA XREF: check_signature+14r
.text:0000ABC8 ; void *off_ABC8
.text:0000ABC8 off_ABC8        DCD ltm_desc            ; DATA XREF: check_signature+18r
.text:0000ABCC off_ABCC        DCD sha1_desc           ; DATA XREF: check_signature+20r
.text:0000ABD0 off_ABD0        DCD aSha1               ; DATA XREF: check_signature+34r
.text:0000ABD0                                         ; "sha1"
.text:0000ABD4 off_ABD4        DCD sigKeyPub           ; DATA XREF: check_signature+84r
doctorow is offline   Reply With Quote
Old 02-14-2007, 11:18 AM   #13
doctorow
Guru
doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.doctorow ought to be getting tired of karma fortunes by now.
 
doctorow's Avatar
 
Posts: 897
Karma: 3410461
Join Date: May 2004
Device: Kindle Touch
Quote:
Originally Posted by scotty1024
I've been told Sony's indifference to hacking ends when we start cracking their encryption.
... cracking their DRM encryption, you mean.
doctorow is offline   Reply With Quote
Old 02-14-2007, 11:52 AM   #14
VladSukhoy
Member
VladSukhoy began at the beginning.
 
Posts: 16
Karma: 10
Join Date: Feb 2007
Device: /Reader/
> SHA-1 isn't that secure anymore, can be broken quite easily.
not easily at all - 2^69 operations were still required as I remember..
VladSukhoy is offline   Reply With Quote
Old 02-14-2007, 12:33 PM   #15
porkupan
Fanatic
porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.porkupan ought to be getting tired of karma fortunes by now.
 
porkupan's Avatar
 
Posts: 554
Karma: 1057213
Join Date: Sep 2006
Location: North Eastern U.S.
Device: Sony Reader
Quote:
Originally Posted by doctorow
Pardon me, I think above key is the wrong key used for the image hash. The right one (which Sony conveniently calls sigKeyPub) is attached.
I believe the key is actually 162 B long. You somehow lost 22 bytes. However, I tried to reproduce the code in RedHat linux, and this public key doesn't appear to veryfy the signature of the Fsk image:
Code:
23c219b68b720fad066722c27b59f2a6c8636e106c8166c060ca3f6f3b369a1ed52e2892132e6f777317ad884bbbc9cd82cb35fea2d6c04ffa90ae0f35636523a1f4cd07232d1d8e18d312716e3db7a7432f8ae3e94dd0cddbddea17197d88c2a6ba29cba5d1e08a53eda75589ee08f2f2d8f9f8461c367a2be379d13a992cf3
porkupan is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Hilarious Paper vs Ebook analysis notyou General Discussions 2 06-28-2010 05:39 PM
Flashing your EZ Reader Pro Moo Strength Astak EZReader 15 09-19-2009 07:30 PM
LIT generation -- binary analysis help with the last %0.1? llasram Workshop 12 12-13-2008 06:23 AM
Analysis of the De Tijd-project TadW News 1 04-17-2007 06:13 PM
PRS-500 Flashing the Reader via SD/MS scotty1024 Sony Reader Dev Corner 29 04-09-2007 08:31 AM


All times are GMT -4. The time now is 10:59 AM.


MobileRead.com is a privately owned, operated and funded community.