Difference between revisions of "AES Keys"

From The iPhone Wiki
Jump to: navigation, search
m (Running The Engine: openpwn link not valid anymore)
m
Line 1: Line 1:
The [http://en.wikipedia.org/wiki/System-on-a-chip SoC] in each device have an [http://en.wikipedia.org/wiki/Advanced_Encryption_Standard AES] coprocessor with the [[GID-key]] and [[UID-key]] built in.
+
The {{wp|System-on-a-chip|SoC}} in each device have an {{wp|Advanced_Encryption_Standard|AES}} coprocessor with the [[GID-key]] and [[UID-key]] built in.
   
 
==Running The Engine==
 
==Running The Engine==
 
Currently, there are several ways to run the hardware AES engine:
 
Currently, there are several ways to run the hardware AES engine:
* Use the [http://forums.openpwn.org/viewtopic.php?f=8&t=19&p=101#p101 AES payload] released on OpenPwn. (OpenPwn link not valid anymore)
 
 
* Patch [[iBoot (Bootloader)|iBoot]] to jump to aes_decrypt.
 
* Patch [[iBoot (Bootloader)|iBoot]] to jump to aes_decrypt.
 
* Use [http://github.com/planetbeing/iphonelinux/tree/master OpenIBoot].
 
* Use [http://github.com/planetbeing/iphonelinux/tree/master OpenIBoot].

Revision as of 19:03, 26 May 2011

The Template:Wp in each device have an Template:Wp coprocessor with the GID-key and UID-key built in.

Running The Engine

Currently, there are several ways to run the hardware AES engine:

  • Patch iBoot to jump to aes_decrypt.
  • Use OpenIBoot.
  • Use the crypto bundle provided in XPwn to utilize it via userland. This method requires a kernel patch.
  • Use Greenpois0n console.

If you want to decrypt IMG3 files you need to use this. The GID-key currently has not been extracted from the phone, so the only way to use it is on the phone itself.

See Easier method of getting Img3 Key / IV for an iBoot patch.

Key 0x837

Generated by encrypting 345A2D6C5050D058780DA431F0710E15 with the S5L8900 GID-key to get 188458A6D15034DFE386F23B61D43774

It is used as the encryption key for IMG2 files. With the introduction of IMG3 in 2.0, KBAGs are now used instead of the 0x837 key.

Using greenpois0n to get the keys

  • Run steps 1 thru 5 from PwnStrap
  • Use 'xpwntool file.img3 /dev/null' to extract the KBAG hex string from file.img3
  • Start greenpois0n console: irecovery -s
  • Execute 'go aes dec _KBAG_STRING_' in irecovery console

Resources

Dev Team wiki