Signature

From PhatHack Wiki
Jump to: navigation, search

The phatbox uses digital signatures all over the place -- to authenticate

  1. the DMS drive
  2. firmware images for the 8051
  3. pld images for the Xilinx chip
  4. executables
  5. playlists

In broad strokes, these signatures are created by taking the MD5 hash of the file (or drive id), signing that with a 1024-bit RSA private key, and then running that output through a bit-scrambling routine to prevent us from figuring it out. :)

The signatures are verified by descrambling, decrypting the signature with the public key, and comparing the output to the MD5 hash of the actual file.

Specifically, here is how you create a PhatBox .sig file:

  • take input file, compute MD5 hash
  • create the following ASN.1 structure:
   0:d=0  hl=2 l=  32 cons: SEQUENCE
   2:d=1  hl=2 l=  12 cons:  SEQUENCE
   4:d=2  hl=2 l=   8 prim:   OBJECT            :md5
  14:d=2  hl=2 l=   0 prim:   NULL
  16:d=1  hl=2 l=  16 prim:  OCTET STRING
     0000 - 64 ec a2 bb a8 30 87 b6-1b 90 39 48 a3 97 d3 65   <16-byte MD5 hash>

More or less, this is a structure that holds 1. a hash type (here, MD5) 2. a hash (here, a 16-byte MD5 sum)

In hex:

0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff 00 30 20   ..............0
0060 - 30 0c 06 08 2a 86 48 86-f7 0d 02 05 05 00 04 10   0...*.H.........
0070 - 64 ec a2 bb a8 30 87 b6-1b 90 39 48 a3 97 d3 65   d....0....9H...e

Here, bytes 0x70-0x7F should be filled in with your MD5 sum.

Next, this needs to be encrypted with the appropriate private key. This yields (for the above example):

000000 ae a4 cf b9 3d 93 7d 86 0c 7a fb 7a b6 99 78 ba
000010 2e ad f7 c9 1c 2f b6 0d 6b 99 39 1a 6d 17 77 cc
000020 85 d6 c2 30 23 a3 8b e7 09 de 1e 5a 02 7f be e9
000030 fe 38 ae 66 f2 ad 7c 5a 21 94 77 8a 8a 3c 88 54
000040 d9 3f f4 ed 73 0d c1 e6 9a bc a1 e6 75 16 54 f9
000050 14 44 85 ca 35 57 e0 6a 57 60 93 a7 ac cb 55 ae
000060 94 40 2d 02 0d 38 88 ef 3c 18 9f 89 56 1a 7b 3b
000070 5f 42 7d 89 dc b5 74 86 7e 62 04 00 15 b8 27 d0

At this stage, it needs to have some PhatBox-specific processing done. First, headers and footers need to be added:

// assuming little-endian byte ordering, sizeof(unsigned int)=4
struct signature_block {
    unsigned int id1=1, id2=2, id3=2; // fixme
    unsigned int hash=5; // md5?
    unsigned int reserved=0; // ?
    unsigned int file_len; // length of original file
    unsigned char rsa_signature[128];
    unsigned int footer=0x80;
};

Put all together, before the scrambling algorithm is applied, it looks like this:

<insert example here>

Lastly, a bizzarro (yes, that is a technical term) bit-scrambling algorithm needs to be applied.

When that is complete, you end up with:

struct signature {
  unsigned int length; // in bits
  unsigned char scrambled_data[];  // variable length
}

an example:

000000 0772 0000 a9a8 a4a9 051a 54a8 5465 1061     <--- length
000010 4464 5165 4120 8019 2041 2141 6545 6444
000020 2000 5954 9814 9101 9001 6545 4951 0200
000030 5595 4595 1560 4606 5094 1590 0491 1020
000040 4124 2112 0841 0941 1915 1205 5195 4521
000050 1152 0102 8416 0805 5904 0650 4518 1002
000060 9556 6510 1800 1801 1841 5810 0900 4165
000070 1161 5518 5559 9549 9444 6000 2005 4814
000080 1854 0600 1655 5180 8564 0805 4951 5841
000090 4841 0250 0190 0161 1460 1561 0464 5556
0000a0 0112 1556 6502 6114 2005 1185 0094 1594
0000b0 5524 1020 0521 4061 0525 0160 4124 5558
0000c0 1059 1012 9006 9414 6050 1644 5214 4645
0000d0 1645 4604 1204 1180 1449 4919 5805 6190
0000e0 2400 1190 1419 6549 5595 1160 0520 6019
0000f0 a000 0002