mirror of
https://github.com/Ap0dexMe0/unixtract.git
synced 2026-07-15 21:00:03 +02:00
Added update.roku extractor, moved some common AES functions.
This commit is contained in:
@@ -7,6 +7,7 @@ pub mod novatek;
|
||||
pub mod ruf;
|
||||
pub mod invincible_image;
|
||||
pub mod slp;
|
||||
pub mod roku;
|
||||
|
||||
pub mod pup;
|
||||
|
||||
|
||||
@@ -2,10 +2,8 @@ use std::path::{Path};
|
||||
use std::fs::{self, File, OpenOptions};
|
||||
use std::io::{Write, Read, Seek, SeekFrom, Cursor};
|
||||
use binrw::{BinRead, BinReaderExt};
|
||||
use aes::Aes128;
|
||||
use cbc::{Decryptor, cipher::{block_padding::NoPadding, BlockDecryptMut, KeyIvInit}};
|
||||
type Aes128CbcDec = Decryptor<Aes128>;
|
||||
|
||||
use crate::utils::aes::{decrypt_aes128_cbc_nopad};
|
||||
use crate::common;
|
||||
|
||||
#[derive(BinRead)]
|
||||
@@ -67,17 +65,6 @@ pub fn is_invincible_image_file(file: &File) -> bool {
|
||||
}
|
||||
}
|
||||
|
||||
fn decrypt_aes_nopad(encrypted_data: &[u8], key: &[u8; 16], iv: &[u8; 16]) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||
let mut data = encrypted_data.to_vec();
|
||||
let decryptor = Aes128CbcDec::new(key.into(), iv.into());
|
||||
|
||||
let decrypted = decryptor
|
||||
.decrypt_padded_mut::<NoPadding>(&mut data)
|
||||
.map_err(|e| format!("UnpadError: {:?}", e))?;
|
||||
|
||||
Ok(decrypted.to_vec())
|
||||
}
|
||||
|
||||
pub fn extract_invincible_image(mut file: &File, output_folder: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let header: Header = file.read_le()?;
|
||||
|
||||
@@ -116,7 +103,7 @@ pub fn extract_invincible_image(mut file: &File, output_folder: &str) -> Result<
|
||||
let iv = b"\xe3\x9f\x36\x39\x56\x9a\x6b\x8d\x3f\x2e\xc9\x44\xd9\xbc\xec\x43";
|
||||
|
||||
println!("\nDecrypting data...");
|
||||
let decrypted_data = decrypt_aes_nopad(&encrypted_data, &key, &iv)?;
|
||||
let decrypted_data = decrypt_aes128_cbc_nopad(&encrypted_data, &key, &iv)?;
|
||||
|
||||
let mut data_reader = Cursor::new(decrypted_data);
|
||||
|
||||
|
||||
+6
-20
@@ -1,12 +1,10 @@
|
||||
use std::path::Path;
|
||||
use std::fs::{self, File, OpenOptions};
|
||||
use std::io::{Write, Cursor, Seek};
|
||||
|
||||
use aes::Aes128;
|
||||
use cbc::{Decryptor, cipher::{block_padding::NoPadding, BlockDecryptMut, KeyIvInit}};
|
||||
use binrw::{BinRead, BinReaderExt};
|
||||
|
||||
use crate::common;
|
||||
use crate::utils::aes::{decrypt_aes128_cbc_nopad};
|
||||
|
||||
#[derive(BinRead)]
|
||||
struct Header {
|
||||
@@ -51,13 +49,13 @@ static HEADER_IV: [u8; 16] = [0x00; 16];
|
||||
|
||||
pub fn is_mtk_pkg_file(file: &File) -> bool {
|
||||
let mut encrypted_header = common::read_file(&file, 0, 144).expect("Failed to read from file.");
|
||||
let mut header = decrypt_aes_nopad(&encrypted_header, &HEADER_KEY, &HEADER_IV).expect("Decryption error!");
|
||||
let mut header = decrypt_aes128_cbc_nopad(&encrypted_header, &HEADER_KEY, &HEADER_IV).expect("Decryption error!");
|
||||
if &header[4..12] == b"#DH@FiRm" {
|
||||
true
|
||||
} else {
|
||||
// try for philips which has additional 128 bytes at beginning
|
||||
encrypted_header = common::read_file(&file, 128, 144).expect("Failed to read from file.");
|
||||
header = decrypt_aes_nopad(&encrypted_header, &HEADER_KEY, &HEADER_IV).expect("Decryption error!");
|
||||
header = decrypt_aes128_cbc_nopad(&encrypted_header, &HEADER_KEY, &HEADER_IV).expect("Decryption error!");
|
||||
if &header[4..12] == b"#DH@FiRm" {
|
||||
true
|
||||
} else {
|
||||
@@ -67,21 +65,9 @@ pub fn is_mtk_pkg_file(file: &File) -> bool {
|
||||
}
|
||||
}
|
||||
|
||||
type Aes128CbcDec = Decryptor<Aes128>;
|
||||
fn decrypt_aes_nopad(encrypted_data: &[u8], key: &[u8; 16], iv: &[u8; 16]) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||
let mut data = encrypted_data.to_vec();
|
||||
let decryptor = Aes128CbcDec::new(key.into(), iv.into());
|
||||
|
||||
let decrypted = decryptor
|
||||
.decrypt_padded_mut::<NoPadding>(&mut data)
|
||||
.map_err(|e| format!("UnpadError: {:?}", e))?;
|
||||
|
||||
Ok(decrypted.to_vec())
|
||||
}
|
||||
|
||||
pub fn extract_mtk_pkg(mut file: &File, output_folder: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let encrypted_header = common::read_exact(&mut file, 144)?;
|
||||
let header = decrypt_aes_nopad(&encrypted_header, &HEADER_KEY, &HEADER_IV)?;
|
||||
let header = decrypt_aes128_cbc_nopad(&encrypted_header, &HEADER_KEY, &HEADER_IV)?;
|
||||
let mut hdr_reader = Cursor::new(header);
|
||||
let hdr: Header = hdr_reader.read_le()?;
|
||||
|
||||
@@ -107,11 +93,11 @@ pub fn extract_mtk_pkg(mut file: &File, output_folder: &str) -> Result<(), Box<d
|
||||
}
|
||||
|
||||
let crypted_header = &data[..48];
|
||||
let try_decrypt = decrypt_aes_nopad(&crypted_header, &key, &HEADER_IV)?;
|
||||
let try_decrypt = decrypt_aes128_cbc_nopad(&crypted_header, &key, &HEADER_IV)?;
|
||||
|
||||
if try_decrypt.starts_with(b"reserved mtk inc") {
|
||||
println!("- Decrypting with 4xVendor magic...");
|
||||
out_data = decrypt_aes_nopad(&data[..data.len() & !15], &key, &HEADER_IV)?;
|
||||
out_data = decrypt_aes128_cbc_nopad(&data[..data.len() & !15], &key, &HEADER_IV)?;
|
||||
} else {
|
||||
println!("- Failed to decrypt data!");
|
||||
continue
|
||||
|
||||
@@ -0,0 +1,139 @@
|
||||
use std::fs::{self, File, OpenOptions};
|
||||
use std::path::Path;
|
||||
use std::io::{Write, Seek, Read, Cursor};
|
||||
use tar::Archive;
|
||||
use binrw::{BinRead, BinReaderExt};
|
||||
|
||||
use crate::common;
|
||||
use crate::utils::aes::{decrypt_aes128_cbc_nopad, decrypt_aes128_cbc_pcks7};
|
||||
|
||||
static FILE_KEY: [u8; 16] = [
|
||||
0x2A, 0x54, 0xA5, 0x30, 0xE0, 0x09, 0xA3, 0xDC,
|
||||
0x03, 0xFB, 0xC3, 0x5E, 0x23, 0xA2, 0xC1, 0x0D,
|
||||
];
|
||||
|
||||
static FILE_IV: [u8; 16] = [0x00; 16];
|
||||
|
||||
#[derive(BinRead)]
|
||||
struct ImageHeader {
|
||||
#[br(count = 8)] _empty: Vec<u8>,
|
||||
#[br(count = 8)] _magic_bytes: Vec<u8>, //imgARMcC
|
||||
#[br(count = 4)] _target_bytes: Vec<u8>,
|
||||
#[br(count = 4)] _platform_id: Vec<u8>,
|
||||
image_type: u32,
|
||||
size1: u32,
|
||||
_size2: u32,
|
||||
data_start_offset: u32,
|
||||
_data_link_address: u32,
|
||||
_data_entry_point_offset: u32,
|
||||
flags: u32,
|
||||
_timestamp: u32,
|
||||
#[br(count = 4)] _build_host: Vec<u8>,
|
||||
#[br(count = 4)] _unk: Vec<u8>,
|
||||
#[br(count = 192)] _rest_of_header: Vec<u8>,
|
||||
}
|
||||
impl ImageHeader {
|
||||
fn is_encrypted(&self) -> bool {
|
||||
self.flags == 0x80
|
||||
}
|
||||
fn type_string(&self) -> &str {
|
||||
if self.image_type == 0xa {
|
||||
return "initfs"
|
||||
} else if self.image_type == 0x18 {
|
||||
return "uImage"
|
||||
} else if self.image_type == 0x3 {
|
||||
return "loader"
|
||||
} else if self.image_type == 0xd {
|
||||
return "app_cramfs"
|
||||
} else if self.image_type == 0x6 {
|
||||
return "Customization Package"
|
||||
} else if self.image_type == 0xe {
|
||||
return "firmware_blob"
|
||||
} else {
|
||||
return "unknown"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn is_roku_file(file: &File) -> bool {
|
||||
let header = common::read_file(&file, 0, 32).expect("Failed to read from file.");
|
||||
let try_decrypt_header = decrypt_aes128_cbc_nopad(&header, &FILE_KEY, &FILE_IV).expect("Decryption error!");
|
||||
|
||||
if try_decrypt_header.starts_with(b"manifest\x00\x00\x00\x00\x00\x00\x00\x00") {
|
||||
true
|
||||
} else {
|
||||
false
|
||||
}
|
||||
}
|
||||
|
||||
pub fn extract_roku(mut file: &File, output_folder: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let mut encrypted_data = Vec::new();
|
||||
file.read_to_end(&mut encrypted_data)?;
|
||||
|
||||
println!("\nDecrypting...\n");
|
||||
let tar_data = decrypt_aes128_cbc_pcks7(&encrypted_data, &FILE_KEY, &FILE_IV)?;
|
||||
let tar_reader = Cursor::new(tar_data);
|
||||
let mut tar_archive = Archive::new(tar_reader);
|
||||
|
||||
for entry_result in tar_archive.entries_with_seek()? {
|
||||
let mut entry = entry_result?;
|
||||
let path = entry.path()?.to_path_buf();
|
||||
|
||||
if path == std::path::Path::new("manifest") {
|
||||
let size = entry.header().size()? as usize;
|
||||
let mut contents = Vec::new();
|
||||
entry.read_to_end(&mut contents)?;
|
||||
|
||||
let text = String::from_utf8_lossy(&contents[..size - 256]); //dont display signature
|
||||
println!("Manifest file:\n{}", text);
|
||||
} else {
|
||||
let mut contents = Vec::new();
|
||||
entry.read_to_end(&mut contents)?; //entry cant seek
|
||||
|
||||
if contents.starts_with(b"\x00\x00\x00\x00\x00\x00\x00\x00imgARMcC") {
|
||||
println!("\nImage file: {:?}:", path);
|
||||
let size = entry.header().size()? as usize;
|
||||
let mut image_reader = Cursor::new(contents);
|
||||
let mut i = 1;
|
||||
|
||||
while image_reader.stream_position()? < size as u64 {
|
||||
let image: ImageHeader = image_reader.read_le()?;
|
||||
println!("\nImage {} - Type: {:x}({}), Size: {}, Flags: {:x}{}, Data offset: {}",
|
||||
i ,image.image_type, image.type_string(), image.size1, image.flags, if image.is_encrypted(){"(Encrypted)"}else{" "}, image.data_start_offset);
|
||||
|
||||
let data =
|
||||
if image.data_start_offset == 0 {
|
||||
common::read_exact(&mut image_reader, image.size1 as usize - 256)?
|
||||
} else {
|
||||
let _extra_data = common::read_exact(&mut image_reader, image.data_start_offset as usize - 256)?;
|
||||
common::read_exact(&mut image_reader, image.size1 as usize - image.data_start_offset as usize)?
|
||||
};
|
||||
|
||||
let folder_path = Path::new(&output_folder).join(&path);
|
||||
let output_path = Path::new(&folder_path).join(format!("{}_{}.bin", i, image.type_string()));
|
||||
|
||||
fs::create_dir_all(&folder_path)?;
|
||||
let mut out_file = OpenOptions::new().write(true).create(true).open(output_path)?;
|
||||
out_file.write_all(&data)?;
|
||||
|
||||
println!("- Saved file!");
|
||||
|
||||
i += 1;
|
||||
}
|
||||
|
||||
} else {
|
||||
println!("\nOther/Unknown file: {:?}", path);
|
||||
let output_path = Path::new(&output_folder).join(&path);
|
||||
|
||||
fs::create_dir_all(&output_folder)?;
|
||||
let mut out_file = OpenOptions::new().write(true).create(true).open(output_path)?;
|
||||
out_file.write_all(&contents)?;
|
||||
|
||||
println!("- Saved file!");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
println!("\nExtraction finished!");
|
||||
Ok(())
|
||||
}
|
||||
+2
-13
@@ -2,12 +2,10 @@ use std::path::{Path};
|
||||
use std::fs::{self, File, OpenOptions};
|
||||
use binrw::{BinRead, BinReaderExt};
|
||||
use std::io::{Write, Seek, SeekFrom, Cursor};
|
||||
use aes::Aes128;
|
||||
use cbc::{Decryptor, cipher::{block_padding::Pkcs7, BlockDecryptMut, KeyIvInit}};
|
||||
type Aes128CbcDec = Decryptor<Aes128>;
|
||||
|
||||
use crate::common;
|
||||
use crate::keys;
|
||||
use crate::utils::aes::{decrypt_aes128_cbc_pcks7};
|
||||
|
||||
#[derive(BinRead)]
|
||||
struct RufHeader {
|
||||
@@ -80,15 +78,6 @@ pub fn is_ruf_file(file: &File) -> bool {
|
||||
}
|
||||
}
|
||||
|
||||
fn decrypt(encrypted_data: &[u8], key: &[u8; 16], iv: &[u8; 16]) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||
let mut data = encrypted_data.to_vec();
|
||||
let decryptor = Aes128CbcDec::new(key.into(), iv.into());
|
||||
let decrypted = decryptor.decrypt_padded_mut::<Pkcs7>(&mut data)
|
||||
.map_err(|e| format!("!!Decryption error!!: {:?}", e))?;
|
||||
|
||||
Ok(decrypted.to_vec())
|
||||
}
|
||||
|
||||
pub fn extract_ruf(mut file: &File, output_folder: &str) -> Result<(), Box<dyn std::error::Error>> {
|
||||
let header: RufHeader = file.read_be()?;
|
||||
if header.is_dual_ruf() {
|
||||
@@ -157,7 +146,7 @@ fn actually_extract_ruf(mut file: &File, output_folder: &str, start_offset: u64)
|
||||
file.seek(SeekFrom::Start(start_offset + 2048))?;
|
||||
let encrypted_data = common::read_exact(&mut file, header.data_size as usize)?;
|
||||
println!("Decrypting data...");
|
||||
let decrypted_data = decrypt(&encrypted_data, &key_bytes, &iv_bytes)?;
|
||||
let decrypted_data = decrypt_aes128_cbc_pcks7(&encrypted_data, &key_bytes, &iv_bytes)?;
|
||||
|
||||
let mut data_reader = Cursor::new(decrypted_data);
|
||||
|
||||
|
||||
@@ -2,15 +2,12 @@ use std::fs;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::fs::{File, OpenOptions};
|
||||
use std::io::{Write};
|
||||
use aes::Aes128;
|
||||
use hex::decode;
|
||||
use cbc::{Decryptor, cipher::{block_padding::Pkcs7, BlockDecryptMut, KeyIvInit}};
|
||||
use sha1::{Digest, Sha1};
|
||||
|
||||
type Aes128CbcDec = Decryptor<Aes128>;
|
||||
|
||||
use crate::common;
|
||||
use crate::keys;
|
||||
use crate::utils::aes::{decrypt_aes128_cbc_pcks7};
|
||||
|
||||
use md5;
|
||||
|
||||
@@ -22,15 +19,6 @@ pub fn is_samsung_old_dir(path: &PathBuf) -> bool {
|
||||
}
|
||||
}
|
||||
|
||||
fn decrypt_aes(encrypted_data: &[u8], key: &[u8; 16], iv: &[u8; 16]) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||
let mut data = encrypted_data.to_vec();
|
||||
let decryptor = Aes128CbcDec::new(key.into(), iv.into());
|
||||
let decrypted = decryptor.decrypt_padded_mut::<Pkcs7>(&mut data)
|
||||
.map_err(|e| format!("!!Decryption error!!: {:?}", e))?;
|
||||
|
||||
Ok(decrypted.to_vec())
|
||||
}
|
||||
|
||||
fn decrypt_xor(data: &[u8], key: &str) -> Vec<u8> {
|
||||
let key_bytes = key.as_bytes();
|
||||
data.iter()
|
||||
@@ -120,7 +108,7 @@ pub fn extract_samsung_old(path: &PathBuf, output_folder: &str) -> Result<(), Bo
|
||||
//println!("IV: {:02x?}", iv_md5);
|
||||
let end = file_size - 260;
|
||||
println!("- Decrypting file...");
|
||||
let decrypted_data = decrypt_aes(&data[16..end.try_into().unwrap()], &key_md5, &iv_md5)?;
|
||||
let decrypted_data = decrypt_aes128_cbc_pcks7(&data[16..end.try_into().unwrap()], &key_md5, &iv_md5)?;
|
||||
|
||||
println!("-- DeXORing file...");
|
||||
let xor_key = fw_info.split_whitespace().next().unwrap();
|
||||
|
||||
+3
-16
@@ -1,14 +1,10 @@
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::fs::{self, File, OpenOptions};
|
||||
use std::io::{self, Read, Seek, SeekFrom, Write};
|
||||
|
||||
use aes::Aes128;
|
||||
use flate2::read::ZlibDecoder;
|
||||
use cbc::{Decryptor, cipher::{block_padding::Pkcs7, BlockDecryptMut, KeyIvInit}};
|
||||
|
||||
type Aes128CbcDec = Decryptor<Aes128>;
|
||||
|
||||
use crate::common;
|
||||
use crate::utils::aes::{decrypt_aes128_cbc_pcks7};
|
||||
|
||||
pub fn is_sddl_sec_file(file: &File) -> bool {
|
||||
let header = common::read_file(&file, 0, 8).expect("Failed to read from file.");
|
||||
@@ -19,15 +15,6 @@ pub fn is_sddl_sec_file(file: &File) -> bool {
|
||||
}
|
||||
}
|
||||
|
||||
fn decrypt(encrypted_data: &[u8], key: &[u8; 16], iv: &[u8; 16]) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||
let mut data = encrypted_data.to_vec();
|
||||
let decryptor = Aes128CbcDec::new(key.into(), iv.into());
|
||||
let decrypted = decryptor.decrypt_padded_mut::<Pkcs7>(&mut data)
|
||||
.map_err(|e| format!("!!Decryption error!!: {:?}", e))?;
|
||||
|
||||
Ok(decrypted.to_vec())
|
||||
}
|
||||
|
||||
//ported from original from https://nese.team/posts/justctf/
|
||||
fn decipher(s: &[u8], len_: usize) -> Vec<u8> {
|
||||
let mut v3: u32 = 904;
|
||||
@@ -97,7 +84,7 @@ pub fn extract_sddl_sec(file: &File, output_folder: &str) -> Result<(), Box<dyn
|
||||
let header = common::read_file(&file, offset, 32)?;
|
||||
let decrypted_header: Vec<u8>;
|
||||
|
||||
match decrypt(&header, &key, &iv) {
|
||||
match decrypt_aes128_cbc_pcks7(&header, &key, &iv) {
|
||||
Ok(v) => decrypted_header = v,
|
||||
Err(_) => {
|
||||
// SDDL files can have a footer(signature?) of 0x80 OR 0x100 lenght in later ones, and there is no good way to detect it before entering the while loop and the footer has no common header.
|
||||
@@ -124,7 +111,7 @@ pub fn extract_sddl_sec(file: &File, output_folder: &str) -> Result<(), Box<dyn
|
||||
offset += 32;
|
||||
|
||||
let data = common::read_file(&file, offset, size.try_into().unwrap())?;
|
||||
let decrypted_data = decrypt(&data, &key, &iv)?;
|
||||
let decrypted_data = decrypt_aes128_cbc_pcks7(&data, &key, &iv)?;
|
||||
|
||||
if decrypted_data.starts_with(&[0x11, 0x22, 0x33, 0x44]) && filename != "SDIT.FDI"{ // header of obfuscated file, SDIT.FDI also has this header but seems to work differently so its skipped
|
||||
|
||||
|
||||
+6
-1
@@ -1,6 +1,7 @@
|
||||
mod common;
|
||||
mod formats;
|
||||
mod keys;
|
||||
mod utils;
|
||||
|
||||
use clap::Parser;
|
||||
use std::path::{PathBuf};
|
||||
@@ -105,7 +106,11 @@ fn main() -> Result<(), Box<dyn std::error::Error>> {
|
||||
else if formats::pup::is_pup_file(&file) {
|
||||
println!("PUP file detected!");
|
||||
formats::pup::extract_pup(&file, &output_path)?;
|
||||
}
|
||||
}
|
||||
else if formats::roku::is_roku_file(&file) {
|
||||
println!("Roku file detected!");
|
||||
formats::roku::extract_roku(&file, &output_path)?;
|
||||
}
|
||||
else if formats::mtk_pkg::is_mtk_pkg_file(&file) {
|
||||
println!("MTK Pkg file detected!");
|
||||
formats::mtk_pkg::extract_mtk_pkg(&file, &output_path)?;
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
pub mod aes;
|
||||
@@ -0,0 +1,24 @@
|
||||
use aes::Aes128;
|
||||
use cbc::{Decryptor, cipher::{block_padding::Pkcs7, block_padding::NoPadding, BlockDecryptMut, KeyIvInit}};
|
||||
|
||||
type Aes128CbcDec = Decryptor<Aes128>;
|
||||
|
||||
pub fn decrypt_aes128_cbc_pcks7(encrypted_data: &[u8], key: &[u8; 16], iv: &[u8; 16]) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||
let mut data = encrypted_data.to_vec();
|
||||
let decryptor = Aes128CbcDec::new(key.into(), iv.into());
|
||||
let decrypted = decryptor.decrypt_padded_mut::<Pkcs7>(&mut data)
|
||||
.map_err(|e| format!("!!Decryption error!!: {:?}", e))?;
|
||||
|
||||
Ok(decrypted.to_vec())
|
||||
}
|
||||
|
||||
pub fn decrypt_aes128_cbc_nopad(encrypted_data: &[u8], key: &[u8; 16], iv: &[u8; 16]) -> Result<Vec<u8>, Box<dyn std::error::Error>> {
|
||||
let mut data = encrypted_data.to_vec();
|
||||
let decryptor = Aes128CbcDec::new(key.into(), iv.into());
|
||||
|
||||
let decrypted = decryptor
|
||||
.decrypt_padded_mut::<NoPadding>(&mut data)
|
||||
.map_err(|e| format!("UnpadError: {:?}", e))?;
|
||||
|
||||
Ok(decrypted.to_vec())
|
||||
}
|
||||
Reference in New Issue
Block a user