Signature
Jump to navigation
Jump to search
The phatbox uses digital signatures all over the place -- to authenticate
- the DMS drive
- firmware images for the 8051
- pld images for the Xilinx chip
- executables
- playlists
These signatures are generated by taking an MD5 hash of the file (or drive id), signing that with a 1024-bit RSA private key, and then running that output through a bit-scrambling routine to prevent us from figuring it out. :)
The signatures are verified by descrambling, decrypting the signature with the public key, and comparing the output to the MD5 hash of the actual file.
Here is what little can be said about their format:
struct signature { unsigned long int length; // in bits unsigned char data[]; // variable length }
an example:
000000 0772 0000 a9a8 a4a9 051a 54a8 5465 1061 <--- length 000010 4464 5165 4120 8019 2041 2141 6545 6444 000020 2000 5954 9814 9101 9001 6545 4951 0200 000030 5595 4595 1560 4606 5094 1590 0491 1020 000040 4124 2112 0841 0941 1915 1205 5195 4521 000050 1152 0102 8416 0805 5904 0650 4518 1002 000060 9556 6510 1800 1801 1841 5810 0900 4165 000070 1161 5518 5559 9549 9444 6000 2005 4814 000080 1854 0600 1655 5180 8564 0805 4951 5841 000090 4841 0250 0190 0161 1460 1561 0464 5556 0000a0 0112 1556 6502 6114 2005 1185 0094 1594 0000b0 5524 1020 0521 4061 0525 0160 4124 5558 0000c0 1059 1012 9006 9414 6050 1644 5214 4645 0000d0 1645 4604 1204 1180 1449 4919 5805 6190 0000e0 2400 1190 1419 6549 5595 1160 0520 6019 0000f0 a000 0002