The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information.

Difference between revisions of "Baseband TEA Keys"

From The iPhone Wiki
Jump to: navigation, search
(New page: The baseband generates TEA keys based of the CHIPID and NORID. ==Key A Generation== //return unique phone key (key A), this key is used for security zone encryption/decryption void get_...)
 
Line 15: Line 15:
 
//ulc_mix_lock_unlock_key((u8*)A,(u8*)ctx.Message_Digest,dep1_norid,dep2_chipid,(u8*)B);
  
//ulc_mix_lock_unlock_key((u8*)A,(u8*)ctx.Message_Digest,dep1_norid,dep2_chipid,(u8*)B);
 
void ulc_mix_lock_unlock_key(u8 *keyA, u8 *keyNCK,u8 *norid,u8 *chipid,u8 *keyB){
  
void ulc_mix_lock_unlock_key(u8 *keyA, u8 *keyNCK,u8 *norid,u8 *chipid,u8 *keyB){
//copy keyA to SP+4
  
 
u8 out_iv[8];
  
u8 out_iv[8];
 
tea_3_round_encipher(norid,keyNCK,keyA,keyB,out_iv); //norid, keyNCK, SP+4, SP+0x14, SP+0x34
  
tea_3_round_encipher(norid,keyNCK,keyA,keyB,out_iv); //norid, keyNCK, SP+4, SP+0x14, SP+0x34
//copy 8 bytes from SP+0x14 to SP+0x34
  
//copy 8 bytes from SP+0xC to SP+0x4
  
 
tea_3_round_encipher(chipid,keyNCK,out_iv,keyB+8,out_iv); //chipid, keyNCK, SP+4, SP+0x14, SP+0x34
  
tea_3_round_encipher(chipid,keyNCK,out_iv,keyB+8,out_iv); //chipid, keyNCK, SP+4, SP+0x14, SP+0x34
 
}
  
}
 
// auxilary function for nck key generation
  
// auxilary function for nck key generation
 
void tea_3_round_encipher(u8 *in,u8 *key,u8 *iv,u8 *out,u8 *out_iv){
  
void tea_3_round_encipher(u8 *in,u8 *key,u8 *iv,u8 *out,u8 *out_iv){
 
 
u32 tmpin[2],nexttea[2];
  
u32 tmpin[2],nexttea[2];
 
tea_encipher((u32*)in,tmpin,(u32*)key);
  
tea_encipher((u32*)in,tmpin,(u32*)key);

Revision as of 00:31, 28 July 2008

The baseband generates TEA keys based of the CHIPID and NORID.

Key A Generation

//return unique phone key (key A), this key is used for security zone encryption/decryption
void get_keyA(u8 *A){

SHA1Context ctx; SHA1Reset(&ctx); SHA1Input(&ctx,dep1_norid,0x10); SHA1Input(&ctx,dep2_chipid,0x10); SHA1Result(&ctx); memcpy(A,(u8*)ctx.Message_Digest,0x14); 

}

NCK Key Generation

//ulc_mix_lock_unlock_key((u8*)A,(u8*)ctx.Message_Digest,dep1_norid,dep2_chipid,(u8*)B);
void ulc_mix_lock_unlock_key(u8 *keyA, u8 *keyNCK,u8 *norid,u8 *chipid,u8 *keyB){

u8 out_iv[8]; tea_3_round_encipher(norid,keyNCK,keyA,keyB,out_iv); //norid, keyNCK, SP+4, SP+0x14, SP+0x34 tea_3_round_encipher(chipid,keyNCK,out_iv,keyB+8,out_iv); //chipid, keyNCK, SP+4, SP+0x14, SP+0x34 

}
// auxilary function for nck key generation
void tea_3_round_encipher(u8 *in,u8 *key,u8 *iv,u8 *out,u8 *out_iv){

u32 tmpin[2],nexttea[2]; tea_encipher((u32*)in,tmpin,(u32*)key); nexttea[0] = tmpin[0]^((u32*)iv)[0]; nexttea[1] = tmpin[1]^((u32*)iv)[1]; tea_encipher(nexttea,(u32*)out,(u32*)key); nexttea[0] = tmpin[0]^((u32*)out)[0]; nexttea[1] = tmpin[1]^((u32*)out)[1]; tea_encipher(nexttea,(u32*)out_iv,(u32*)key); 

}
Retrieved from "https://www.theiphonewiki.com/w/index.php?title=Baseband_TEA_Keys&oldid=237"