HG658BZV.VER.A_configD-E.py

1. #! /usr/bin/env python
2. # Hardware version HG658BZV.VER.A
3. # Software version V100R001C216B015
4.  
5. import sys
6. import os
7. from binascii import hexlify, unhexlify
8. from Crypto.Cipher import AES
9. from Crypto.Hash import SHA256
10. from Crypto.Util import number
11.  
12.  
13. RSA_D = "2345ADB2C06E54D7373E2A233A50150A" \
14. "4044E417FBF76FB1AC8A444E72A345AA" \
15. "14B7C349A4824C96DF9ECF7D8CC50425" \
16. "32930DBD40D86FDCD892398702E3EA51" \
17. "41C90F10494BB91440E89B104626CCCB" \
18. "E45A5133362359732954BD63FCA58929" \
19. "E3D890014FDF83847E6B19F0D9E1117E" \
20. "9706984EAA57E114934B273366C4DBD1"
21.  
22. RSA_N = "C206CF93A9E6EE1CE17984DD54422AC4" \
23. "561A4EEB969D1BA81432626D6409FA03" \
24. "3B3738F8BBA046ACEF3BAC35094B70AF" \
25. "231D9DC43C1D68EDBEBE983E267B72FD" \
26. "3C2A7614D60FA7457B92B6A45C49F307" \
27. "EA23DE51E7E0C36D6440FC4F62C44CCB" \
28. "4169914E43DBFDAE536F002B2D670CE0" \
29. "A2A11FD1AF4C484C1A6FED9C228199A3"
30.  
31. RSA_E = "010001"
32.  
33. SIG_TEMPLATE = "0001FFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
34. "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
35. "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
36. "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
37. "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" \
38. "003021300906052B0E03021A05000420"
39.  
40. AES128CBC_KEY = "48EE9D8621739F26C215C49071e2438A"
41. AES128CBC_IV = "A68FBBCA44BB1F5364A530608BCDEAAB"
42.  
43. XML_VERSION_STRING = b'<?xml version="1.0" ?>'
44.  
45. def print_usage():
46. print("Usage : " + sys.argv[0] + " {encrypt | decrypt} input_file output_file")
47. sys.exit(1)
48.  
49. def load_config(config_file):
50. if os.path.isfile(config_file):
51. cf = open(config_file, "rb")
52. config = cf.read()
53. cf.close()
54. else:
55. print("Config file not found..exiting")
56. sys.exit(1)
57. return config
58.  
59. def save_to_file(dest_file, data):
60. wfile = open(dest_file,"wb")
61. wfile.write(data)
62. wfile.close()
63.  
64. def get_sha256_hash_from_sig(sig):
65. sig_int = int(hexlify(sig),16)
66. rsa_n = int(RSA_N,16)
67. dec_sig_as_int = pow(sig_int, 0x10001, rsa_n );
68. decrypted_sig = number.long_to_bytes(dec_sig_as_int, 128)
69. target_sha256 = hexlify(decrypted_sig)[-64:]
70. return target_sha256
71.  
72. def calc_actual_sha256_hash(enc_config_body):
73. sha256 = SHA256.new()
74. sha256.update(enc_config_body)
75. actual_sha256_sig = sha256.hexdigest()
76. actual_sha256_sig = str.encode(actual_sha256_sig)
77. return actual_sha256_sig
78.  
79. def decrypt_body(enc_config_body):
80. iv = unhexlify(AES128CBC_IV)
81. key= unhexlify(AES128CBC_KEY)
82. cipher = AES.new(key, AES.MODE_CBC, iv)
83. decrypted_data = cipher.decrypt(enc_config_body)
84. # Strip block padding
85. decrypted_data=decrypted_data.rstrip(b'\0')
86. return decrypted_data
87.  
88.  
89. def decrypt_config(input_file, output_file):
90. enc_config=load_config(input_file)
91. sig = enc_config[:0x80]
92. enc_config_body=enc_config[0x80:]
93.  
94. print("verifying signature...")
95. target_sha256_hash = get_sha256_hash_from_sig(sig)
96. actual_sha256_hash = calc_actual_sha256_hash(enc_config_body)
97.  
98. if (actual_sha256_hash == target_sha256_hash):
99. print("Signature ok...")
100. else:
101. print("Signature not ok...exiting")
102. sys.exit(1)
103.  
104. print("Decrypting...")
105. decrypted_data = decrypt_body(enc_config_body)
106.  
107. check_config(decrypted_data)
108.  
109. print("Saving decrypted config to " + output_file + "...")
110. save_to_file(output_file, decrypted_data)
111.  
112. def check_config(new_config_file):
113. head = new_config_file[0:len(XML_VERSION_STRING)]
114. if head != XML_VERSION_STRING:
115. print("Not a valid config file...exiting")
116. sys.exit(1)
117.  
118. def encrypt_config(input_file, output_file):
119. new_config_file=load_config(input_file)
120.  
121. check_config(new_config_file)
122.  
123. padding_amount = len(new_config_file) % 32
124. print("" + str(padding_amount) + " bytes padding needed")
125. print("Adding padding...")
126. new_config_file=new_config_file + b'\0'*(32-padding_amount)
127.  
128. print("Encrypting config...")
129. iv = unhexlify(AES128CBC_IV)
130. key= unhexlify(AES128CBC_KEY)
131. aes = AES.new(key, AES.MODE_CBC, iv)
132. enc_new_config = aes.encrypt(new_config_file)
133.  
134. print("Calculating SHA256 hash...")
135. h = SHA256.new()
136. h.update(enc_new_config)
137. actual_sha256_sig = h.hexdigest()
138.  
139. sig = SIG_TEMPLATE+actual_sha256_sig;
140.  
141. print("Encrypting Signature...")
142. sig_int = int(sig,16)
143. rsa_d = int(RSA_D,16)
144. rsa_n = int(RSA_N,16)
145. enc_sig_int = pow(sig_int, rsa_d, rsa_n);
146.  
147. encrypted_sig = number.long_to_bytes(enc_sig_int, 128)
148. enc_config = encrypted_sig + enc_new_config
149.  
150. print("Saving encrypted config to " + output_file + "...")
151. save_to_file(output_file, enc_config)
152.  
153. def main():
154.  
155. if len(sys.argv) < 4:
156. print_usage()
157.  
158. input_file = sys.argv[2]
159. output_file = sys.argv[3]
160. command = sys.argv[1]
161.  
162. if (command == "encrypt"):
163. encrypt_config(input_file, output_file)
164. elif (command == "decrypt"):
165. decrypt_config(input_file, output_file)
166. else:
167. print_usage()
168.  
169.  
170.  
171. if __name__ == "__main__":
172. main()