|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "KBAG"
ChronicDev (talk | contribs) (New page: ==Explanation== In Apple's new IMG3 security scheme, they have used something called a KBAG. At the bottom of a firmware file, you will see something that will, on the ASCII side of your h...) |
ChronicDev (talk | contribs) |
||
| Line 2: | Line 2: | ||
In Apple's new IMG3 security scheme, they have used something called a KBAG. At the bottom of a firmware file, you will see something that will, on the ASCII side of your hex editor, see "GABK", which is "KBAG" flipped. Look on the hex side and you will the KBAG according to this format: |
In Apple's new IMG3 security scheme, they have used something called a KBAG. At the bottom of a firmware file, you will see something that will, on the ASCII side of your hex editor, see "GABK", which is "KBAG" flipped. Look on the hex side and you will the KBAG according to this format: |
||
| − | + | ==KBAG Format== |
|
| − | + | ===KBAG128=== |
|
{{{ |
{{{ |
||
typedef struct Unparsed_KBAG_128 { |
typedef struct Unparsed_KBAG_128 { |
||
| Line 16: | Line 16: | ||
}}} |
}}} |
||
| − | + | ===KBAG192=== |
|
{{{ |
{{{ |
||
typedef struct Unparsed_KBAG_AES192 { |
typedef struct Unparsed_KBAG_AES192 { |
||
| Line 29: | Line 29: | ||
}}} |
}}} |
||
| − | === |
+ | ===KBAG25==== |
{{{ |
{{{ |
||
typedef struct Unparsed_KBAG_256 { |
typedef struct Unparsed_KBAG_256 { |
||
Revision as of 01:24, 27 December 2008
Explanation
In Apple's new IMG3 security scheme, they have used something called a KBAG. At the bottom of a firmware file, you will see something that will, on the ASCII side of your hex editor, see "GABK", which is "KBAG" flipped. Look on the hex side and you will the KBAG according to this format:
KBAG Format
KBAG128
{{{ typedef struct Unparsed_KBAG_128 {
char[4] magic; // string with bits flipped = "DKBAG" (magic = 0x4741424B)
int fullSize; // size of KBAG from beyond that point to the end of it
int unk1; // 8 less than fullSize. not sure what it is exactly.
int IV_Key_Crypt_state; // 1 if the key and IV in the KBAG are encrypted with the GID key, 0 if not.
int AES_Type; // 0x80 = aes128 / 0xc0 = aes192 / 0x100 = aes256
char[16] Enc_IV; // IV for the firmware file, encrypted with the gid key
char[16] Enc_Key; // Key for the firmware file, encrypted with the gid key.
} Unparsed_KBAG_AES128; }}}
KBAG192
{{{ typedef struct Unparsed_KBAG_AES192 {
char[4] magic; // string with bits flipped = "DKBAG" (magic = 0x4741424B)
int fullSize; // size of KBAG from beyond that point to the end of it
int unk1; // 8 less than fullSize. not sure what it is exactly.
int IV_Key_Crypt_state; // 1 if the key and IV in the KBAG are encrypted with the GID key, 0 if not.
int AES_Type; // 0x80 = aes128 / 0xc0 = aes192 / 0x100 = aes256
char[16] Enc_IV; // IV for the firmware file, encrypted with the gid key
char[24] Enc_Key; // Key for the firmware file, encrypted with the gid key.
} Unparsed_KBAG_AES192; }}}
KBAG25=
{{{ typedef struct Unparsed_KBAG_256 {
char[4] magic; // string with bits flipped = "DKBAG" (magic = 0x4741424B)
int fullSize; // size of KBAG from beyond that point to the end of it
int unk1; // 8 less than fullSize. not sure what it is exactly.
int IV_Key_Crypt_state; // 1 if the key and IV in the KBAG are encrypted with the GID key, 0 if not.
int AES_Type; // 0x80 = aes-128, 0xc0 = aes-192, 0x100 = aes256
char[16] Enc_IV; // IV for the firmware file, encrypted with the gid key
char[32] Enc_Key; // Key for the firmware file, encrypted with the gid key.
} Unparsed_KBAG_AES256; }}}
