sebek - N kwi 02, 2006 5:23 pm
Czy jest soft AU na 1430 lub czy można przerobić soft 1430 OF na AU wpisuj±c klucze RSA itd
Anthrax - Wt kwi 04, 2006 1:52 pm
Softa z AU na 1430 na razie niema
A zeby byl to trza dopracowac EMU dla pracy z dlugimi kluczami N2 i zmienic kod zrodlowy firmware jak ponizej
// insert or update a key record inside rsa_keys MHW buffer
int update_rkey(byte *buf_emu, byte *newkey, rkey_header* k){
byte* cur_key, *key_end;
byte* tmp=getkey(0xaa,0,buf_emu,0);
byte* rsa_buf = (byte*)peeki(tmp,0);
#ifdef WIN32
// little trick for simulation of STB EMU
rsa_buf = buf_emu+0x1000;
#endif
key_end = rsa_buf + rsa_buf[OPKEY_END+1] + (rsa_buf[OPKEY_END]key_id == cur_key[1]) &&
(k->key_type == cur_key[2]))
break;
cur_key += (cur_key[3] + 4);
}
if(cur_key >= key_end) { // key not found, add new key
// chk free space
if((k->key_len+4) > (rsa_buf+0x1000-key_end-8)) // 8 bytes at the end are reserved for service functions
return 0; // not enough room for new key
memcpy(cur_key,(byte*)k,4);
memcpy(cur_key+4, newkey, k->key_len);
key_end += (k->key_len+4); /* update last key offset */
rsa_buf[OPKEY_END]=((key_end-rsa_buf)>>8);
rsa_buf[OPKEY_END+1]=(key_end-rsa_buf);
}
else { // update key
if(cur_key[3] != k->key_len)
return 0; // wrong key length, can't update
if(memcmp(cur_key+4,newkey,k->key_len))
return 0; // already done
memcpy(cur_key+4,newkey,k->key_len);
}
// set update flags
rsa_buf[RSA_CHANGED] = 1;
return 1;
}
// get pointer to key in rsa_keys MHW buffer
byte* n2_getkey(int emu_provN, int key_id, int key_type, byte* bufemu) {
/*
all keys for n2 are stored at RSA/RSA_KEYS MHW flash file
pointer to RSA_KEYS stored as key 0xaa of prov 00, ca_sys 00
key format:
1st byte:
high nibble: ca id as defined for bufemu
low nibble: index of provider at bufemu
2nd byte: key index
3rd byte: key type for nagra2
4th byte: key length
(key[3]) bytes - the key itself
nagra has 2 idents for one service operator.
Index for Even ident is coded as 1 to 5,
index for odd ident is coded as 9 to 0xD (3rd bit is set to 1)
*/
byte* cur_key, *key_end;
byte* tmp=getkey(0xaa,0,bufemu,0);
byte* rsa_buf = (byte*)peeki(tmp,0);
#ifdef WIN32
// little trick for simulation of IRD
rsa_buf = bufemu+0x1000;
#endif
emu_provN |= NAGRA;
key_end = rsa_buf + rsa_buf[OPKEY_END+1] + (rsa_buf[OPKEY_END]
