|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Seputil"
| Line 56: | Line 56: | ||
seputil: Bare words on the commandline are sent to the SEP as a console command |
seputil: Bare words on the commandline are sent to the SEP as a console command |
||
</pre> |
</pre> |
||
| − | |||
==Examples== |
==Examples== |
||
| Line 225: | Line 224: | ||
rsep digest (20 bytes): cb9f4c6520889e2582414c5969fb0abc3b0d8277 |
rsep digest (20 bytes): cb9f4c6520889e2582414c5969fb0abc3b0d8277 |
||
rsep nonce (20 bytes): e5074bd1befefc685c6b5ec6797ffc851366f76f |
rsep nonce (20 bytes): e5074bd1befefc685c6b5ec6797ffc851366f76f |
||
| + | </pre> |
||
| + | |||
| + | ==ART Object== |
||
| + | |||
| + | Example 1: |
||
| + | <pre> |
||
| + | ./seputil --art get |
||
| + | raw ART: 305e0201003037020218340414519c0248f04d316a3d71e03978b4126fbfb2b15c0400041467fc18385630dc6429726677d196c81466f47b5e3103c00100042027b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 |
||
| + | Successfully parsed ART: |
||
| + | counter: 6196 |
||
| + | manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c |
||
| + | sleep hash is absent |
||
| + | restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e |
||
| + | </pre> |
||
| + | |||
| + | raw ART is also a [http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One#Example_encoded_in_DER DER encoded ASN.1 object]: |
||
| + | |||
| + | <pre> |
||
| + | 30 — type tag indicating SEQUENCE |
||
| + | 5e — length in octets of value that follows (92) |
||
| + | 02 — type tag indicating INTEGER |
||
| + | 01 — length in octets of value that follows |
||
| + | 00 — value (0) |
||
| + | 30 — type tag indicating SEQUENCE |
||
| + | 37 — length in octets of value that follows (55) |
||
| + | 02 — type tag indicating INTEGER |
||
| + | 02 — length in octets of value that follows |
||
| + | 1834 — value (6196) (of counter) |
||
| + | 04 — type tag indicating STRING |
||
| + | 14 — length in octets of value that follows (20) |
||
| + | 519c0248f04d316a3d71e03978b4126fbfb2b15c — value (of manifest hash) |
||
| + | 04 — type tag indicating STRING |
||
| + | 00 — length in octets of value that follows (0); empty, so no value to follow (sleep has is absent) |
||
| + | 04 — type tag indicating STRING |
||
| + | 14 — length in octets of value that follows (20) |
||
| + | 67fc18385630dc6429726677d196c81466f47b5e — value (of restore nonce) |
||
| + | 31 — type tag indicating SET |
||
| + | 03 — length in octets of value that follows (3) |
||
| + | c00100 — value |
||
| + | 04 — type tag indicating STRING |
||
| + | 20 — length in octets of value that follows (32) |
||
| + | 27b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 — value |
||
| + | </pre> |
||
| + | |||
| + | Example 2: |
||
| + | <pre> |
||
| + | ./seputil --art get |
||
| + | raw ART: 3072020100304b0202186c0414519c0248f04d316a3d71e03978b4126fbfb2b15c04147f75cb9012128cf71eb8fcd6b13e56a02a7324db041467fc18385630dc6429726677d196c81466f47b5e3103c0010004209ce3646167631d0df8d4db28973db8d5a27f85d345ad6ec220aeb1e22f39f31f |
||
| + | Successfully parsed ART: |
||
| + | counter: 6252 |
||
| + | manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c |
||
| + | sleep hash (20 bytes): 7f75cb9012128cf71eb8fcd6b13e56a02a7324db |
||
| + | restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e |
||
| + | </pre> |
||
| + | |||
| + | Decode (used the decoder [http://lapo.it/asn1js/ here]): |
||
| + | |||
| + | <pre> |
||
| + | SEQUENCE (3 elem) |
||
| + | INTEGER 0 |
||
| + | SEQUENCE (5 elem) |
||
| + | INTEGER 6252 |
||
| + | OCTET STRING (20 byte) 519C0248F04D316A3D71E03978B4126FBFB2B15C |
||
| + | OCTET STRING (20 byte) 7F75CB9012128CF71EB8FCD6B13E56A02A7324DB |
||
| + | OCTET STRING (20 byte) 67FC18385630DC6429726677D196C81466F47B5E |
||
| + | SET (1 elem) |
||
| + | Private 0 (1 byte) 00 |
||
| + | OCTET STRING (32 byte) 9CE3646167631D0DF8D4DB28973DB8D5A27F85D345AD6EC220AEB1E22F39F31F |
||
| + | </pre> |
||
| + | |||
| + | Example 3: |
||
| + | <pre> |
||
| + | ./seputil --art clear |
||
| + | ART cleared from storage |
||
| + | |||
| + | ./seputil --art get |
||
| + | seputil: Get ART command error: 0xe00002bc |
||
</pre> |
</pre> |
||
Revision as of 09:18, 1 January 2014
| Original author(s) | Apple Inc. |
|---|---|
| Developer(s) | Apple Inc. |
| Operating system | iOS command line |
| Size | 59.184 Byte [APP] |
| Available in | English |
| Type | ? |
| License | Closed source |
seputil has the following commands:
seputil: seputil [--wait] --load <file> seputil: seputil '<SEP console command>' seputil: seputil <command> seputil: seputil: Valid <command> words: seputil: --ping Send a PING operation to the SEP OS seputil: --load Load <file> as the SEP runtime firmware seputil: --restore Load <file> as the SEP runtime firmware in restore mode seputil: --restore+art Load <file> as the SEP runtime firmware in restore mode with ART seputil: --wait Pause for kernel driver to load before failing seputil: --preflight Pre-flight load/restore firmware against ART to pre-check for boot failures seputil: --log Dump the mailbox message log seputil: --rom status Get the ROM status seputil: --rom tz0 Send a ROM TZ0 command seputil: --rom nop Send a ROM NOP command seputil: --rom nonce Send a ROM nonce request seputil: --new-nonce Request new SEP/OS nonce seputil: --kill-nonce Request invalidate SEP/OS nonce seputil: --art get Dump current ART from Memory seputil: --art set Persist the supplied ART to storage seputil: --art clear Clear the persisted ART seputil: --art ctrtest Counter self-test (DESTRUCTIVE - WILL BRICK DEVICE) seputil: --sleep Sleep the SEP NOW! seputil: --nap Nap the SEP NOW! seputil: --pingflood Ping SEP endlessly seputil: --clkgate Enable SEP clock gating seputil: --get <obj> Read obj and write to stdout seputil: --put <obj> Read stdin and write to obj seputil: --boot-check <file> Check whether a firmware might be bootable WRT the current ART seputil: --dump-fw <file> Dump measurements of firmware file seputil: Bare words on the commandline are sent to the SEP as a console command
Examples
./seputil --pingflood SEP ping #1000 SEP ping #2000 SEP ping #3000 SEP ping #4000 ./seputil --load sep-firmware.img4 seputil: load fw returned 0xe00002d5 seputil: load failed ./seputil --new-nonce Nonce (20 bytes): 0x67fc18385630dc6429726677d196c81466f47b5e ./seputil --art get raw ART: 305e0201003037020218340414519c0248f04d316a3d71e03978b4126fbfb2b15c0400041467fc18385630dc6429726677d196c81466f47b5e3103c00100042027b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 Successfully parsed ART: counter: 6196 manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c sleep hash is absent restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e ./seputil --art set Segmentation fault: 11 ./seputil --log Kernel message log has 128 entries 289344381444: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289344385176: 0x0000000000000000 TX interrupt 289344391044: 0x0000000000000000 TX interrupt 289344408988: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289344409016: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289344413132: 0x0000000000000000 RX interrupt 289344413304: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289344413904: 0x0000000000000000 RX interrupt 289344413944: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289344414176: 0x0018000000dd1007 TX message ept 7, tag 10, opcode dd, param 0, data 180000 289344443356: 0x0000000000000000 RX interrupt 289344443428: 0x0068000000dd9007 RX message ept 7, tag 90, opcode dd, param 0, data 680000 289346822748: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 289346829480: 0x0000000000000000 RX interrupt 289346829560: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 289346830136: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 289406511168: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289406511204: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289406538900: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289406538936: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289406543628: 0x0000000000000000 TX interrupt 289406549916: 0x0000000000000000 TX interrupt 289406566580: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289406566612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289406571220: 0x0000000000000000 RX interrupt 289406571476: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289406571908: 0x0000000000000000 RX interrupt 289406571952: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289406572320: 0x0018000000de1007 TX message ept 7, tag 10, opcode de, param 0, data 180000 289406605068: 0x0000000000000000 RX interrupt 289406605152: 0x0068000000de9007 RX message ept 7, tag 90, opcode de, param 0, data 680000 289407383260: 0x003c000000df0907 TX message ept 7, tag 9, opcode df, param 0, data 3c0000 289407396284: 0x0000000000000000 RX interrupt 289407396380: 0x002c000000df8907 RX message ept 7, tag 89, opcode df, param 0, data 2c0000 289407403656: 0x003c000000e00907 TX message ept 7, tag 9, opcode e0, param 0, data 3c0000 289407411688: 0x0000000000000000 RX interrupt 289407411736: 0x002c000000e08907 RX message ept 7, tag 89, opcode e0, param 0, data 2c0000 289407414732: 0x003c000000e10907 TX message ept 7, tag 9, opcode e1, param 0, data 3c0000 289407422472: 0x0000000000000000 RX interrupt 289407422524: 0x002c000000e18907 RX message ept 7, tag 89, opcode e1, param 0, data 2c0000 289408986276: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 289408991756: 0x0000000000000000 RX interrupt 289408991824: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 289408992472: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 289459393276: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289459393348: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289459423004: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289459423048: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289459452628: 0x0000000000000000 TX interrupt 289459453612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289459453664: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289459466460: 0x0000000000000000 TX interrupt 289459469548: 0x0000000000000000 RX interrupt 289459470000: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289459470632: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289459471304: 0x0018000000e21007 TX message ept 7, tag 10, opcode e2, param 0, data 180000 289459524572: 0x0000000000000000 RX interrupt 289459524728: 0x0068000000e29007 RX message ept 7, tag 90, opcode e2, param 0, data 680000 289459532644: 0x004c000000e30f07 TX message ept 7, tag f, opcode e3, param 0, data 4c0000 289459552888: 0x0000000000000000 RX interrupt 289459553044: 0x002c000000e38f07 RX message ept 7, tag 8f, opcode e3, param 0, data 2c0000 289459646732: 0x0018000000e41007 TX message ept 7, tag 10, opcode e4, param 0, data 180000 289459681116: 0x0000000000000000 RX interrupt 289459681272: 0x0068000000e49007 RX message ept 7, tag 90, opcode e4, param 0, data 680000 289461898836: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 289461906796: 0x0000000000000000 RX interrupt 289461906968: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 289461908400: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 289526725980: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289526726016: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289526757512: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289526757552: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289526774468: 0x0000000000000000 TX interrupt 289526782688: 0x0000000000000000 TX interrupt 289526786468: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289526786540: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289526795320: 0x0000000000000000 RX interrupt 289526795828: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289526796304: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289526796984: 0x0018000000e51007 TX message ept 7, tag 10, opcode e5, param 0, data 180000 289526847216: 0x0000000000000000 RX interrupt 289526847348: 0x0068000000e59007 RX message ept 7, tag 90, opcode e5, param 0, data 680000 289529224460: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 289529235316: 0x0000000000000000 RX interrupt 289529235488: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 289529236920: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 289584681764: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289584681836: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289584710576: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289584710608: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289584730996: 0x0000000000000000 TX interrupt 289584738992: 0x0000000000000000 TX interrupt 289584739572: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289584739612: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289584748648: 0x0000000000000000 RX interrupt 289584748984: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289584749300: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 289584749332: 0x0018000000e61007 TX message ept 7, tag 10, opcode e6, param 0, data 180000 289584790484: 0x0000000000000000 RX interrupt 289584790568: 0x0068000000e69007 RX message ept 7, tag 90, opcode e6, param 0, data 680000 289587176748: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 289587185760: 0x0000000000000000 RX interrupt 289587185916: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 289587186840: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 288741485000: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 288741485084: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 288741514772: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 288741514812: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 288741533984: 0x0000000000000000 TX interrupt 288741541992: 0x0000000000000000 TX interrupt 288741543608: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 288741543680: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 288741552216: 0x0000000000000000 RX interrupt 288741552884: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 288741553388: 0x0000000000010000 RX message ept 0, tag 0, opcode 1, param 0, data 0 288741553672: 0x0018000000db1007 TX message ept 7, tag 10, opcode db, param 0, data 180000 288741591912: 0x0000000000000000 RX interrupt 288741592040: 0x0068000000db9007 RX message ept 7, tag 90, opcode db, param 0, data 680000 288741599128: 0x004c000000dc0f07 TX message ept 7, tag f, opcode dc, param 0, data 4c0000 288741620732: 0x0000000000000000 RX interrupt 288741620900: 0x002c000000dc8f07 RX message ept 7, tag 8f, opcode dc, param 0, data 2c0000 288742902624: 0x0000000000130000 TX message ept 0, tag 0, opcode 13, param 0, data 0 288742912320: 0x0000000000000000 RX interrupt 288742912496: 0x0000000000110000 RX message ept 0, tag 0, opcode 11, param 0, data 0 288742913700: 0x0000000000120000 TX message ept 0, tag 0, opcode 12, param 0, data 0 289344354176: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289344354216: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 289344381416: 0x0000000000000000 TX message ept 0, tag 0, opcode 0, param 0, data 0 ./seputil --boot-check sep-firmware.img4 preflight: manifest hash matches sepi bootCheck: SEP may boot with ART ./seputil --dump-fw sep-firmware.img4 manifest digest (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c sepi digest (20 bytes): a22813c5ceaeada5b7eeaa55808f3019814e8b8e sepi nonce (20 bytes): e5074bd1befefc685c6b5ec6797ffc851366f76f rsep digest (20 bytes): cb9f4c6520889e2582414c5969fb0abc3b0d8277 rsep nonce (20 bytes): e5074bd1befefc685c6b5ec6797ffc851366f76f
ART Object
Example 1:
./seputil --art get raw ART: 305e0201003037020218340414519c0248f04d316a3d71e03978b4126fbfb2b15c0400041467fc18385630dc6429726677d196c81466f47b5e3103c00100042027b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 Successfully parsed ART: counter: 6196 manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c sleep hash is absent restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e
raw ART is also a DER encoded ASN.1 object:
30 — type tag indicating SEQUENCE
5e — length in octets of value that follows (92)
02 — type tag indicating INTEGER
01 — length in octets of value that follows
00 — value (0)
30 — type tag indicating SEQUENCE
37 — length in octets of value that follows (55)
02 — type tag indicating INTEGER
02 — length in octets of value that follows
1834 — value (6196) (of counter)
04 — type tag indicating STRING
14 — length in octets of value that follows (20)
519c0248f04d316a3d71e03978b4126fbfb2b15c — value (of manifest hash)
04 — type tag indicating STRING
00 — length in octets of value that follows (0); empty, so no value to follow (sleep has is absent)
04 — type tag indicating STRING
14 — length in octets of value that follows (20)
67fc18385630dc6429726677d196c81466f47b5e — value (of restore nonce)
31 — type tag indicating SET
03 — length in octets of value that follows (3)
c00100 — value
04 — type tag indicating STRING
20 — length in octets of value that follows (32)
27b6dadbab356612997af0203cefeae51fe90cd985ee7cdd6211c766b8cc7a60 — value
Example 2:
./seputil --art get raw ART: 3072020100304b0202186c0414519c0248f04d316a3d71e03978b4126fbfb2b15c04147f75cb9012128cf71eb8fcd6b13e56a02a7324db041467fc18385630dc6429726677d196c81466f47b5e3103c0010004209ce3646167631d0df8d4db28973db8d5a27f85d345ad6ec220aeb1e22f39f31f Successfully parsed ART: counter: 6252 manifest hash (20 bytes): 519c0248f04d316a3d71e03978b4126fbfb2b15c sleep hash (20 bytes): 7f75cb9012128cf71eb8fcd6b13e56a02a7324db restore nonce (20 bytes): 67fc18385630dc6429726677d196c81466f47b5e
Decode (used the decoder here):
SEQUENCE (3 elem)
INTEGER 0
SEQUENCE (5 elem)
INTEGER 6252
OCTET STRING (20 byte) 519C0248F04D316A3D71E03978B4126FBFB2B15C
OCTET STRING (20 byte) 7F75CB9012128CF71EB8FCD6B13E56A02A7324DB
OCTET STRING (20 byte) 67FC18385630DC6429726677D196C81466F47B5E
SET (1 elem)
Private 0 (1 byte) 00
OCTET STRING (32 byte) 9CE3646167631D0DF8D4DB28973DB8D5A27F85D345AD6EC220AEB1E22F39F31F
Example 3:
./seputil --art clear ART cleared from storage ./seputil --art get seputil: Get ART command error: 0xe00002bc
