From 20796fac2c41d32db67e0ccccad8b41652d9031d Mon Sep 17 00:00:00 2001 From: Daniel Date: Tue, 24 Oct 2023 01:06:25 -0400 Subject: [PATCH] Use winapi bcrypt (options in testing) --- configure.ac | 15 ++++--- tsschecker/Makefile.am | 1 + tsschecker/all.h | 2 +- tsschecker/tss.c | 14 ++++--- tsschecker/tsschecker.c | 87 +++++++++++++++++++++++++++++++++++++++-- 5 files changed, 103 insertions(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac index 12cc9737..c0022f81 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([tsschecker], [1.0.4], [tihmstar@gmail.com]) +AC_INIT([tsschecker],[1.1.0],[tihmstar@gmail.com]) # Prepare for automake. AM_INIT_AUTOMAKE([foreign]) @@ -35,8 +35,8 @@ AM_CONDITIONAL([OSX], [test "$build_mac" = "yes"]) AC_PROG_CC CFLAGS+=" -std=gnu11" AC_PROG_INSTALL -AC_PROG_LIBTOOL AC_CONFIG_MACRO_DIRS([m4]) +LT_INIT # Versioning. CFLAGS+=" -D TSSCHECKER_VERSION_COUNT=\\\"$(git rev-list --count HEAD | tr -d '\n')\\\"" @@ -45,13 +45,16 @@ CFLAGS+=" -D TSSCHECKER_VERSION_SHA=\\\"$(git rev-parse HEAD | tr -d '\n')\\\"" # Checks for libraries. AC_ARG_WITH( [libcrypto], - [AS_HELP_STRING([--with-libcrypto], [build with libcrypto (default for non-Mac)])], + [AS_HELP_STRING([--with-libcrypto], [build with libcrypto (default for non-Mac/Windows)])], [], [ case "${host_os}" in darwin*) with_libcrypto=no ;; + cygwin*|mingw*) + with_libcrypto=no + ;; *) with_libcrypto=yes ;; @@ -59,13 +62,13 @@ AC_ARG_WITH( ] ) -PKG_CHECK_MODULES(libplist, libplist-2.0 >= 2.2.0) -PKG_CHECK_MODULES(libcurl, libcurl >= 1.0) +PKG_CHECK_MODULES(libplist, libplist-2.0 >= 2.3.0) +PKG_CHECK_MODULES(libcurl, libcurl >= 7.20.0) PKG_CHECK_MODULES(libfragmentzip, libfragmentzip >= 48) AS_IF([test "x$with_libcrypto" != xno], [PKG_CHECK_MODULES(libcrypto, libcrypto >= 1.0)] ) -PKG_CHECK_MODULES(libirecovery, libirecovery-1.0 >= 1.0.0) +PKG_CHECK_MODULES(libirecovery, libirecovery-1.0 >= 1.1.0) # Checks for header files. AC_CHECK_HEADERS([getopt.h stddef.h stdio.h]) diff --git a/tsschecker/Makefile.am b/tsschecker/Makefile.am index a535e318..8f5c9332 100644 --- a/tsschecker/Makefile.am +++ b/tsschecker/Makefile.am @@ -1,3 +1,4 @@ +AUTOMAKE_OPTIONS = foreign subdir-objects AM_CFLAGS = $(libplist_CFLAGS) $(libfragmentzip_CFLAGS) $(libcurl_CFLAGS) $(libcrypto_CFLAGS) $(libirecovery_CFLAGS) -I$(top_srcdir)/external/jssy/jssy/ AM_LDFLAGS = $(libplist_LIBS) $(libfragmentzip_LIBS) $(libcurl_LIBS) $(libcrypto_LIBS) $(libirecovery_LIBS) -lm diff --git a/tsschecker/all.h b/tsschecker/all.h index 495df3ad..a698222d 100644 --- a/tsschecker/all.h +++ b/tsschecker/all.h @@ -10,7 +10,7 @@ #define all_h #define TSSCHECKER_VERSION_MAJOR "1" -#define TSSCHECKER_VERSION_MINOR "0" +#define TSSCHECKER_VERSION_MINOR "1" #define TSSCHECKER_VERSION_PATCH "0" #ifdef DEBUG // this is for developing with Xcode diff --git a/tsschecker/tss.c b/tsschecker/tss.c index 7b402882..236c0c41 100644 --- a/tsschecker/tss.c +++ b/tsschecker/tss.c @@ -27,7 +27,7 @@ #include #include #include -#define AUTH_VERSION "973.0.6" +#define AUTH_VERSION "973.40.2" #ifdef WIN32 #define TSS_CLIENT_VERSION_STRING "libauthinstall_Win-"AUTH_VERSION"" #else @@ -294,12 +294,16 @@ int tss_request_add_ap_img4_tags(plist_t request, plist_t parameters) } else if (_plist_dict_get_bool(parameters, "RequiresUIDMode")) { // The logic here is missing why this value is expected to be 'false' plist_dict_set_item(request, "UID_MODE", plist_new_bool(0)); - plist_dict_set_item(request, "Ap,SikaFuse", plist_new_int(0)); } - if (plist_dict_get_item(parameters, "Ap,SikaFuse")) { - _plist_dict_copy_item(request, parameters, "Ap,SikaFuse", NULL); - } + // FIXME: I didn't understand yet when this value is set, so for now we use a workaround + if (plist_dict_get_item(parameters, "ApSikaFuse")) { + _plist_dict_copy_item(request, parameters, "Ap,SikaFuse", "ApSikaFuse"); + } else if (_plist_dict_get_bool(parameters, "RequiresUIDMode")) { + // Workaround: We have only seen Ap,SikaFuse together with UID_MODE + plist_dict_set_item(request, "Ap,SikaFuse", plist_new_int(0)); + } + return 0; } diff --git a/tsschecker/tsschecker.c b/tsschecker/tsschecker.c index beb31ca4..bb4ac6b5 100644 --- a/tsschecker/tsschecker.c +++ b/tsschecker/tsschecker.c @@ -22,7 +22,11 @@ #include #include -#ifdef __APPLE__ +#ifdef WIN32 +# include +# include +# include +#elif defined(__APPLE__) # include # define SHA1(d, n, md) CC_SHA1(d, n, md) # define SHA384(d, n, md) CC_SHA384(d, n, md) @@ -41,7 +45,6 @@ #define printJString(str) printf("%.*s",(int)str->size,str->value) #ifdef WIN32 -#include #define __mkdir(path, mode) mkdir(path) static int win_path_didinit = 0; static const char *win_paths[4]; @@ -378,6 +381,82 @@ inline static t_bbdevice bbdevices_get_all() { return bbdevices; } +void sha1(unsigned char *buf, uint8_t bufSz, char* dest, uint8_t destSz) { +#ifdef WIN32 + BCRYPT_ALG_HANDLE hAlg = NULL; + BCRYPT_HASH_HANDLE hHash = NULL; + NTSTATUS status = STATUS_UNSUCCESSFUL; + DWORD size = 0; + + status = BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_SHA1_ALGORITHM, NULL, 0); + if (status != STATUS_SUCCESS) { + error("BCryptOpenAlgorithmProvider failed: 0x%x", status); + exit(1); + } + + status = BCryptCreateHash(hAlg, &hHash, NULL, 0, NULL, 0, 0); + if (status != STATUS_SUCCESS) { + error("BCryptCreateHash failed: 0x%x", status); + exit(1); + } + + status = BCryptHashData(hHash, buf, bufSz, 0); + if (status) { + printf("BCryptHashData failed: 0x%x\n", status); + exit(1); + } + + status = BCryptFinishHash(hHash, dest, destSz, 0); + if (status) { + printf("BCryptFinishHash failed: 0x%x\n", status); + exit(1); + } + + BCryptCloseAlgorithmProvider(hAlg,0); + BCryptDestroyHash(hHash); +#else + SHA1(buf, bufSz, (unsigned char*)dest); +#endif +} + +void sha384(unsigned char *buf, uint8_t bufSz, char* dest, uint8_t destSz) { +#ifdef WIN32 + BCRYPT_ALG_HANDLE hAlg = NULL; + BCRYPT_HASH_HANDLE hHash = NULL; + NTSTATUS status = STATUS_UNSUCCESSFUL; + DWORD size = 0; + + status = BCryptOpenAlgorithmProvider(&hAlg, BCRYPT_SHA384_ALGORITHM, NULL, 0); + if (status != STATUS_SUCCESS) { + error("BCryptOpenAlgorithmProvider failed: 0x%x", status); + exit(1); + } + + status = BCryptCreateHash(hAlg, &hHash, NULL, 0, NULL, 0, 0); + if (status != STATUS_SUCCESS) { + error("BCryptCreateHash failed: 0x%x", status); + exit(1); + } + + status = BCryptHashData(hHash, buf, bufSz, 0); + if (status) { + printf("BCryptHashData failed: 0x%x\n", status); + exit(1); + } + + status = BCryptFinishHash(hHash, dest, destSz, 0); + if (status) { + printf("BCryptFinishHash failed: 0x%x\n", status); + exit(1); + } + + BCryptCloseAlgorithmProvider(hAlg,0); + BCryptDestroyHash(hHash); +#else + SHA384(buf, bufSz, dest); +#endif +} + char *getFirmwareJson(){ info("[TSSC] Opening firmwares.json\n"); FILE *f = fopen(FIRMWARE_JSON_PATH, "rb"); @@ -891,7 +970,7 @@ int tss_populate_random(plist_t tssreq, int is64bit, t_devicevals *devVals){ getRandNum((char*)zz, 8, 256); snprintf(devVals->generator, 19, "0x%02x%02x%02x%02x%02x%02x%02x%02x",zz[7],zz[6],zz[5],zz[4],zz[3],zz[2],zz[1],zz[0]); makesha1: - SHA1(zz, 8, (unsigned char*)devVals->apnonce); + sha1(zz, 8, devVals->apnonce, 20); }else if (nonceLen == 32){ unsigned char zz[9] = {0}; unsigned char genHash[48]; //SHA384 digest length @@ -910,7 +989,7 @@ int tss_populate_random(plist_t tssreq, int is64bit, t_devicevals *devVals){ getRandNum((char*)zz, 8, 256); snprintf(devVals->generator, 19, "0x%02x%02x%02x%02x%02x%02x%02x%02x",zz[7],zz[6],zz[5],zz[4],zz[3],zz[2],zz[1],zz[0]); makesha384: - SHA384(zz, 8, genHash); + sha384(zz, 8, genHash, 48); memcpy(devVals->apnonce, genHash, 32); }else{ return error("[TSSR] Automatic generator->nonce calculation failed! Unknown device with noncelen=%u\n",(unsigned int)nonceLen),-1;