# decompyle3 version 3.9.0 # Python bytecode version base 3.7.0 (3394) # Decompiled from: Python 3.7.16 (default, Mar 30 2023, 01:25:49) # [GCC 12.2.1 20220924] # Embedded file name: libs/base/wb03/img_create_do.py import os, sys, hashlib, binascii, codecs, ecdsa from CryptoPlus.Cipher import AES as AES_XTS from libs import bflb_utils from libs.bflb_utils import img_create_sha256_data, img_create_encrypt_data from libs.bflb_configobj import BFConfigParser from libs.base.wb03.flash_select_do import create_flashcfg_table from libs.base.wb03.bootheader_cfg_keys import custom_config_len as custom_cfg_len from libs.base.wb03.bootheader_cfg_keys import flashcfg_table_start_pos as flashcfg_table_start from libs.base.wb03.bootheader_cfg_keys import bootcpucfg_start_pos as bootcpucfg_start from libs.base.wb03.bootheader_cfg_keys import bootcpucfg_len as bootcpucfg_length from libs.base.wb03.bootheader_cfg_keys import bootcpucfg_m0_index as bootcpucfg_m0_index_number from libs.base.wb03.bootheader_cfg_keys import bootcfg_start_pos as bootcfg_start from libs.base.wb03.bootheader_cfg_keys import bootheader_len as header_len keyslot0 = 28 keyslot1 = keyslot0 + 16 keyslot2 = keyslot1 + 16 keyslot3 = keyslot2 + 16 keyslot3_end = keyslot3 + 16 keyslot4 = 128 keyslot5 = keyslot4 + 16 keyslot6 = keyslot5 + 16 keyslot7 = keyslot6 + 16 keyslot8 = keyslot7 + 16 keyslot9 = keyslot8 + 16 keyslot10 = keyslot9 + 16 keyslot10_end = keyslot10 + 16 keyslot11 = keyslot3_end + 16 keyslot11_end = keyslot11 + 16 wr_lock_boot_mode = 14 wr_lock_dbg_pwd = 15 wr_lock_wifi_mac = 16 wr_lock_key_slot_0 = 17 wr_lock_key_slot_1 = 18 wr_lock_key_slot_2 = 19 wr_lock_key_slot_3 = 20 wr_lock_sw_usage_0 = 21 wr_lock_sw_usage_1 = 22 wr_lock_sw_usage_2 = 23 wr_lock_sw_usage_3 = 24 wr_lock_key_slot_11 = 25 rd_lock_dbg_pwd = 26 rd_lock_key_slot_0 = 27 rd_lock_key_slot_1 = 28 rd_lock_key_slot_2 = 29 rd_lock_key_slot_3 = 30 rd_lock_key_slot_11 = 31 wr_lock_key_slot_4 = 15 wr_lock_key_slot_5 = 16 wr_lock_key_slot_6 = 17 wr_lock_key_slot_7 = 18 wr_lock_key_slot_8 = 19 wr_lock_key_slot_9 = 20 wr_lock_key_slot_10 = 21 rd_lock_key_slot_4 = 25 rd_lock_key_slot_5 = 26 rd_lock_key_slot_6 = 27 rd_lock_key_slot_7 = 28 rd_lock_key_slot_8 = 29 rd_lock_key_slot_9 = 30 rd_lock_key_slot_10 = 31 def bytearray_data_merge(data1, data2, len): for i in range(len): data1[i] |= data2[i] return data1 def img_update_efuse_group0(cfg, sign, pk_hash, flash_encryp_type, flash_key, sec_eng_key_sel, sec_eng_key, security=False): fp = open(cfg.get('Img_Group0_Cfg', 'efuse_file'), 'rb') efuse_data = bytearray(fp.read()) + bytearray(0) fp.close() fp = open(cfg.get('Img_Group0_Cfg', 'efuse_mask_file'), 'rb') efuse_mask_data = bytearray(fp.read()) + bytearray(0) fp.close() mask_4bytes = bytearray.fromhex('FFFFFFFF') if flash_encryp_type >= 3: efuse_data[0] |= 3 else: efuse_data[0] |= flash_encryp_type if sign > 0: efuse_data[92] |= sign << 7 efuse_mask_data[92] |= 255 if flash_encryp_type > 0: efuse_data[0] |= 48 efuse_mask_data[0] |= 255 rw_lock0 = 0 rw_lock1 = 0 if pk_hash is not None: efuse_data[keyslot0:keyslot2] = pk_hash efuse_mask_data[keyslot0:keyslot2] = mask_4bytes * 8 rw_lock0 |= 1 << wr_lock_key_slot_0 rw_lock0 |= 1 << wr_lock_key_slot_1 if flash_key is not None: if flash_encryp_type == 1: efuse_data[keyslot2:keyslot3] = flash_key[0:16] efuse_mask_data[keyslot2:keyslot3] = mask_4bytes * 4 else: if flash_encryp_type == 2: efuse_data[keyslot2:keyslot3_end] = flash_key efuse_mask_data[keyslot2:keyslot3_end] = mask_4bytes * 8 rw_lock0 |= 1 << wr_lock_key_slot_3 rw_lock0 |= 1 << rd_lock_key_slot_3 else: if flash_encryp_type == 3: efuse_data[keyslot2:keyslot3_end] = flash_key efuse_mask_data[keyslot2:keyslot3_end] = mask_4bytes * 8 rw_lock0 |= 1 << wr_lock_key_slot_3 rw_lock0 |= 1 << rd_lock_key_slot_3 else: if flash_encryp_type == 4 or flash_encryp_type == 5 or flash_encryp_type == 6: efuse_data[keyslot2:keyslot3_end] = flash_key efuse_mask_data[keyslot2:keyslot3_end] = mask_4bytes * 8 rw_lock0 |= 1 << wr_lock_key_slot_3 rw_lock0 |= 1 << rd_lock_key_slot_3 rw_lock0 |= 1 << wr_lock_key_slot_2 rw_lock0 |= 1 << rd_lock_key_slot_2 if sec_eng_key is not None: if flash_encryp_type == 0: if sec_eng_key_sel == 0: efuse_data[keyslot2:keyslot3] = sec_eng_key[16:32] efuse_data[keyslot3:keyslot3_end] = sec_eng_key[0:16] efuse_mask_data[keyslot2:keyslot3_end] = mask_4bytes * 8 rw_lock0 |= 1 << wr_lock_key_slot_2 rw_lock0 |= 1 << wr_lock_key_slot_3 rw_lock0 |= 1 << rd_lock_key_slot_2 rw_lock0 |= 1 << rd_lock_key_slot_3 if sec_eng_key_sel == 1: efuse_data[keyslot3:keyslot3_end] = sec_eng_key[16:32] efuse_data[keyslot4:keyslot5] = sec_eng_key[0:16] efuse_mask_data[keyslot3:keyslot3_end] = mask_4bytes * 4 efuse_mask_data[keyslot4:keyslot5] = mask_4bytes * 4 rw_lock0 |= 1 << wr_lock_key_slot_3 rw_lock1 |= 1 << wr_lock_key_slot_4 rw_lock0 |= 1 << rd_lock_key_slot_3 rw_lock1 |= 1 << rd_lock_key_slot_4 if sec_eng_key_sel == 2: efuse_data[keyslot4:keyslot5] = sec_eng_key[16:32] efuse_data[keyslot2:keyslot3] = sec_eng_key[0:16] efuse_mask_data[keyslot3:keyslot5] = mask_4bytes * 8 rw_lock1 |= 1 << wr_lock_key_slot_4 rw_lock0 |= 1 << wr_lock_key_slot_2 rw_lock1 |= 1 << rd_lock_key_slot_4 rw_lock0 |= 1 << rd_lock_key_slot_2 if sec_eng_key_sel == 3: efuse_data[keyslot4:keyslot5] = sec_eng_key[16:32] efuse_data[keyslot2:keyslot3] = sec_eng_key[0:16] efuse_mask_data[keyslot3:keyslot5] = mask_4bytes * 8 rw_lock1 |= 1 << wr_lock_key_slot_4 rw_lock0 |= 1 << wr_lock_key_slot_2 rw_lock1 |= 1 << rd_lock_key_slot_4 rw_lock0 |= 1 << rd_lock_key_slot_2 if flash_encryp_type == 1: if sec_eng_key_sel == 0: efuse_data[keyslot5:keyslot6] = sec_eng_key[0:16] efuse_mask_data[keyslot5:keyslot6] = mask_4bytes * 4 rw_lock1 |= 1 << wr_lock_key_slot_5 rw_lock1 |= 1 << rd_lock_key_slot_5 if sec_eng_key_sel == 1: efuse_data[keyslot4:keyslot5] = sec_eng_key[0:16] efuse_mask_data[keyslot4:keyslot5] = mask_4bytes * 4 rw_lock1 |= 1 << wr_lock_key_slot_4 rw_lock1 |= 1 << rd_lock_key_slot_4 if sec_eng_key_sel == 2: if flash_key is not None: pass else: efuse_data[keyslot3:keyslot3_end] = sec_eng_key[0:16] efuse_mask_data[keyslot3:keyslot3_end] = mask_4bytes * 4 rw_lock0 |= 1 << wr_lock_key_slot_3 rw_lock0 |= 1 << rd_lock_key_slot_3 if sec_eng_key_sel == 3: if flash_key is not None: pass else: efuse_data[keyslot2:keyslot3] = sec_eng_key[0:16] efuse_mask_data[keyslot2:keyslot3] = mask_4bytes * 4 rw_lock0 |= 1 << wr_lock_key_slot_2 rw_lock0 |= 1 << rd_lock_key_slot_2 if flash_encryp_type == 2 or flash_encryp_type == 3 or flash_encryp_type == 4 or flash_encryp_type == 5 or flash_encryp_type == 6: if sec_eng_key_sel == 0: efuse_data[keyslot6:keyslot7] = sec_eng_key[16:32] efuse_data[keyslot10:keyslot10_end] = sec_eng_key[0:16] efuse_mask_data[keyslot6:keyslot7] = mask_4bytes * 4 efuse_mask_data[keyslot10:keyslot10_end] = mask_4bytes * 4 rw_lock1 |= 1 << wr_lock_key_slot_6 rw_lock1 |= 1 << wr_lock_key_slot_10 rw_lock1 |= 1 << rd_lock_key_slot_6 rw_lock1 |= 1 << rd_lock_key_slot_10 if sec_eng_key_sel == 1: efuse_data[keyslot10:keyslot10_end] = sec_eng_key[16:32] efuse_data[keyslot6:keyslot7] = sec_eng_key[0:16] efuse_mask_data[keyslot6:keyslot7] = mask_4bytes * 4 efuse_mask_data[keyslot10:keyslot10_end] = mask_4bytes * 4 rw_lock1 |= 1 << wr_lock_key_slot_6 rw_lock1 |= 1 << wr_lock_key_slot_10 rw_lock1 |= 1 << rd_lock_key_slot_6 rw_lock1 |= 1 << rd_lock_key_slot_10 if sec_eng_key_sel == 2: if flash_key is not None: pass else: efuse_data[keyslot2:keyslot3] = sec_eng_key[16:32] efuse_data[keyslot3:keyslot3_end] = sec_eng_key[0:16] efuse_mask_data[keyslot2:keyslot3_end] = mask_4bytes * 8 rw_lock0 |= 1 << wr_lock_key_slot_2 rw_lock0 |= 1 << rd_lock_key_slot_2 rw_lock0 |= 1 << wr_lock_key_slot_3 rw_lock0 |= 1 << rd_lock_key_slot_3 if sec_eng_key_sel == 3: if flash_key is not None: pass else: efuse_data[keyslot2:keyslot3_end] = sec_eng_key efuse_mask_data[keyslot2:keyslot3_end] = mask_4bytes * 8 rw_lock0 |= 1 << wr_lock_key_slot_2 rw_lock0 |= 1 << rd_lock_key_slot_2 rw_lock0 |= 1 << wr_lock_key_slot_3 rw_lock0 |= 1 << rd_lock_key_slot_3 efuse_data[124:128] = bytearray_data_merge(efuse_data[124:128], bflb_utils.int_to_4bytearray_l(rw_lock0), 4) efuse_mask_data[124:128] = bytearray_data_merge(efuse_mask_data[124:128], bflb_utils.int_to_4bytearray_l(rw_lock0), 4) efuse_data[252:256] = bytearray_data_merge(efuse_data[252:256], bflb_utils.int_to_4bytearray_l(rw_lock1), 4) efuse_mask_data[252:256] = bytearray_data_merge(efuse_mask_data[252:256], bflb_utils.int_to_4bytearray_l(rw_lock1), 4) if security is True: bflb_utils.printf('Encrypt efuse data') security_key, security_iv = bflb_utils.get_security_key() efuse_data = img_create_encrypt_data(efuse_data, security_key, security_iv, 0) efuse_data = bytearray(4096) + efuse_data fp = open(cfg.get('Img_Group0_Cfg', 'efuse_file'), 'wb+') fp.write(efuse_data) fp.close() fp = open(cfg.get('Img_Group0_Cfg', 'efuse_mask_file'), 'wb+') fp.write(efuse_mask_data) fp.close() def img_create_get_sign_encrypt_info(bootheader_data): sign = bootheader_data[bootcfg_start] & 3 encrypt = bootheader_data[bootcfg_start] >> 2 & 3 key_sel = bootheader_data[bootcfg_start] >> 4 & 3 xts_mode = bootheader_data[bootcfg_start] >> 6 & 1 return ( sign, encrypt, key_sel, xts_mode) def img_create_get_img_start_addr(bootheader_data): bootentry = [] bootentry.append(bflb_utils.bytearray_to_int(bflb_utils.bytearray_reverse(bootheader_data[bootcpucfg_start + bootcpucfg_length * bootcpucfg_m0_index_number + 16:bootcpucfg_start + bootcpucfg_length * bootcpucfg_m0_index_number + 16 + 4]))) return bootentry def img_create_flash_default_data(length): datas = bytearray(length) for i in range(length): datas[i] = 255 return datas def img_get_file_data(files): datas = [] for file in files: if file == 'UNUSED': datas.append(bytearray(0)) continue else: with open(file, 'rb') as fp: data = fp.read() datas.append(data) return datas def img_get_largest_addr(addrs, files): min = 67108863 maxlen = 0 datalen = 0 for i in range(len(addrs)): if files[i] == 'UNUSED': continue else: addr = addrs[i] & 67108863 if addr >= maxlen: maxlen = addr datalen = os.path.getsize(files[i]) if addr <= min: min = addr if maxlen == 0: if datalen == 0: return (0, 0) return ( maxlen + datalen - min, min) def img_get_one_group_img(d_addrs, d_files): whole_img_len, min = img_get_largest_addr(d_addrs, d_files) whole_img_len &= 67108863 whole_img_data = img_create_flash_default_data(whole_img_len) filedatas = img_get_file_data(d_files) for i in range(len(d_addrs)): if d_files[i] == 'UNUSED': continue else: start_addr = d_addrs[i] start_addr &= 67108863 start_addr -= min whole_img_data[start_addr:start_addr + len(filedatas[i])] = filedatas[i] return whole_img_data def img_create_get_hash_ignore(bootheader_data): return bootheader_data[bootcfg_start + 2] >> 1 & 1 def img_create_get_crc_ignore(bootheader_data): return bootheader_data[bootcfg_start + 2] & 1 def img_create_update_bootheader_if(bootheader_data, hash, seg_cnt): bootheader_data[bootcfg_start + 12:bootcfg_start + 12 + 4] = bflb_utils.int_to_4bytearray_l(seg_cnt) sign = bootheader_data[bootcfg_start] & 3 encrypt = bootheader_data[bootcfg_start] >> 2 & 3 key_sel = bootheader_data[bootcfg_start] >> 4 & 3 xts_mode = bootheader_data[bootcfg_start] >> 6 & 1 if bootheader_data[bootcfg_start + 2] >> 1 & 1 == 1 and sign == 0: bflb_utils.printf('Hash ignored') else: bootheader_data[bootcfg_start + 16:bootcfg_start + 16 + 32] = hash if bootheader_data[bootcfg_start + 2] & 1 == 1: bflb_utils.printf('Header crc ignored') else: hd_crcarray = bflb_utils.get_crc32_bytearray(bootheader_data[custom_cfg_len:header_len - 4]) bootheader_data[header_len - 4:header_len] = hd_crcarray bflb_utils.printf('Header crc: ', binascii.hexlify(hd_crcarray)) return bootheader_data def img_create_update_custom_bootheader(bootheader_data, seg_cnt, hash, signature, pk_data, aesiv_data): bootheader_data[20:24] = bflb_utils.int_to_4bytearray_l(seg_cnt) if hash != bytearray(0): bootheader_data[28:60] = hash if signature != bytearray(0): bootheader_data[60:124] = signature[4:68] if pk_data != bytearray(0): bootheader_data[124:188] = pk_data[0:64] if aesiv_data != bytearray(0): bootheader_data[188:204] = aesiv_data[0:16] bootheader_data[4:8] = bflb_utils.get_crc32_bytearray(bootheader_data[8:custom_cfg_len - 4]) return bootheader_data[0:header_len] def img_create_update_bootheader(bootheader_data, hash, seg_cnt, flashcfg_table_addr, flashcfg_table_len): bootheader_data[flashcfg_table_start:flashcfg_table_start + 4] = bflb_utils.int_to_4bytearray_l(flashcfg_table_addr) bootheader_data[flashcfg_table_start + 4:flashcfg_table_start + 8] = bflb_utils.int_to_4bytearray_l(flashcfg_table_len) bootheader_data[bootcfg_start + 12:bootcfg_start + 12 + 4] = bflb_utils.int_to_4bytearray_l(seg_cnt) sign, encrypt, key_sel, xts_mode = img_create_get_sign_encrypt_info(bootheader_data) if img_create_get_hash_ignore(bootheader_data) == 1 and sign == 0: bflb_utils.printf('Hash ignored') else: bootheader_data[bootcfg_start + 16:bootcfg_start + 16 + 32] = hash if img_create_get_crc_ignore(bootheader_data) == 1: bflb_utils.printf('Header crc ignored') else: hd_crcarray = bflb_utils.get_crc32_bytearray(bootheader_data[custom_cfg_len:header_len - 4]) bootheader_data[header_len - 4:header_len] = hd_crcarray bflb_utils.printf('Header crc: ', binascii.hexlify(hd_crcarray)) return bootheader_data[0:header_len] def img_create_update_segheader(segheader, segdatalen, segdatacrc): segheader[4:8] = segdatalen segheader[8:12] = segdatacrc return segheader def reverse_str_data_unit_number(str_data_unit_number): """ high position low data data unit number:00000280 storage format: 80020000 """ reverse_str = '' if len(str_data_unit_number) == 8: str_part1 = str_data_unit_number[0:2] str_part2 = str_data_unit_number[2:4] str_part3 = str_data_unit_number[4:6] str_part4 = str_data_unit_number[6:8] reverse_str = str_part4 + str_part3 + str_part2 + str_part1 return reverse_str def reverse_iv(need_reverse_iv_bytearray): temp_reverse_iv_bytearray = binascii.hexlify(need_reverse_iv_bytearray).decode() if temp_reverse_iv_bytearray[24:32] != '00000000': bflb_utils.printf('The lower 4 bytes of IV should be set 0, if set IV is less than 16 bytes, make up 0 for the low 4 bytes of IV ') sys.exit() reverse_iv_bytearray = '00000000' + temp_reverse_iv_bytearray[0:24] return reverse_iv_bytearray def img_create_encrypt_data_xts(data_bytearray, key_bytearray, iv_bytearray, encrypt): counter = binascii.hexlify(iv_bytearray[4:16]).decode() data_unit_number = 0 key = ( key_bytearray[0:16], key_bytearray[16:32]) if encrypt == 2 or encrypt == 3: key = ( key_bytearray, key_bytearray) cipher = AES_XTS.new(key, AES_XTS.MODE_XTS) total_len = len(data_bytearray) ciphertext = bytearray(0) deal_len = 0 while deal_len < total_len: data_unit_number = str(hex(data_unit_number)).replace('0x', '') data_unit_number_to_str = str(data_unit_number) right_justify_str = data_unit_number_to_str.rjust(8, '0') reverse_data_unit_number_str = reverse_str_data_unit_number(right_justify_str) tweak = reverse_data_unit_number_str + counter tweak = bflb_utils.hexstr_to_bytearray('0' * (32 - len(tweak)) + tweak) if 32 + deal_len <= total_len: cur_block = data_bytearray[0 + deal_len:32 + deal_len] ciphertext += cipher.encrypt(cur_block, tweak) else: cur_block = data_bytearray[0 + deal_len:16 + deal_len] + bytearray(16) ciphertext += cipher.encrypt(cur_block, tweak)[0:16] deal_len += 32 data_unit_number = int(data_unit_number, 16) data_unit_number += 1 return ciphertext def img_create_sign_data(data_bytearray, privatekey_file_uecc, publickey_file): sk = ecdsa.SigningKey.from_pem(open(privatekey_file_uecc).read()) vk = ecdsa.VerifyingKey.from_pem(open(publickey_file).read()) pk_data = vk.to_string() bflb_utils.printf('Private key: ', binascii.hexlify(sk.to_string())) bflb_utils.printf('Public key: ', binascii.hexlify(pk_data)) pk_hash = img_create_sha256_data(pk_data) bflb_utils.printf('Public key hash=', binascii.hexlify(pk_hash)) signature = sk.sign(data_bytearray, hashfunc=(hashlib.sha256), sigencode=(ecdsa.util.sigencode_string)) bflb_utils.printf('Signature=', binascii.hexlify(signature)) len_array = bflb_utils.int_to_4bytearray_l(len(signature)) sig_field = len_array + signature crcarray = bflb_utils.get_crc32_bytearray(sig_field) return ( pk_data, pk_hash, sig_field + crcarray) def img_create_read_file_append_crc(file, crc): fp = open(file, 'rb') read_data = bytearray(fp.read()) crcarray = bytearray(0) if crc: crcarray = bflb_utils.get_crc32_bytearray(read_data) fp.close() return read_data + crcarray def encrypt_loader_bin_do(file, sign, encrypt, temp_encrypt_key, temp_encrypt_iv, publickey_file, privatekey_file): if encrypt != 0 or sign != 0: encrypt_key = bytearray(0) encrypt_iv = bytearray(0) load_helper_bin_header = bytearray(0) load_helper_bin_body = bytearray(0) offset = bootcfg_start sign_pos = 0 encrypt_type_pos = 2 pk_data = bytearray(0) signature = bytearray(0) aesiv_data = bytearray(0) data_tohash = bytearray(0) with open(file, 'rb') as fp: load_helper_bin = fp.read() load_helper_bin_header = load_helper_bin[0:header_len] load_helper_bin_body = load_helper_bin[header_len:] if load_helper_bin_header != bytearray(0): if load_helper_bin_body != bytearray(0): load_helper_bin_body = bflb_utils.add_to_16(load_helper_bin_body) if encrypt != 0: encrypt_key = bflb_utils.hexstr_to_bytearray(temp_encrypt_key) encrypt_iv = bflb_utils.hexstr_to_bytearray(temp_encrypt_iv) iv_crcarray = bflb_utils.get_crc32_bytearray(encrypt_iv) aesiv_data = encrypt_iv + iv_crcarray data_tohash = data_tohash + aesiv_data load_helper_bin_body_encrypt = bflb_utils.img_create_encrypt_data(load_helper_bin_body, encrypt_key, encrypt_iv, 0) else: load_helper_bin_body_encrypt = load_helper_bin_body data = bytearray(load_helper_bin_header) oldval = bflb_utils.bytearray_to_int(bflb_utils.bytearray_reverse(data[offset:offset + 4])) newval = oldval if encrypt != 0: newval = newval | 1 << encrypt_type_pos if sign != 0: newval = newval | 1 << sign_pos data_tohash += load_helper_bin_body_encrypt pk_data, pk_hash, signature = img_create_sign_data(data_tohash, privatekey_file, publickey_file) pk_data = pk_data + bflb_utils.get_crc32_bytearray(pk_data) data[offset:offset + 4] = bflb_utils.int_to_4bytearray_l(newval) load_helper_bin_header = data load_helper_bin_encrypt = load_helper_bin_header + pk_data + signature + aesiv_data + load_helper_bin_body_encrypt hashfun = hashlib.sha256() hashfun.update(load_helper_bin_body_encrypt) hash = bflb_utils.hexstr_to_bytearray(hashfun.hexdigest()) load_helper_bin_data = bytearray(load_helper_bin_encrypt) load_helper_bin_encrypt = img_create_update_bootheader_if(load_helper_bin_data, hash, 1) return ( True, load_helper_bin_encrypt) return (False, None) def img_creat_process(group_type, flash_img, cfg, security=False): encrypt_blk_size = 16 padding = bytearray(encrypt_blk_size) data_tohash = bytearray(0) cfg_section = '' img_update_efuse_fun = img_update_efuse_group0 cfg_section = 'Img_Group0_Cfg' segheader_file = [] if flash_img == 0: for files in cfg.get(cfg_section, 'segheader_file').split(' '): segheader_file.append(str(files)) segdata_file = [] for files in cfg.get(cfg_section, 'segdata_file').split('|'): if files: segdata_file.append(str(files)) boot_header_file = cfg.get(cfg_section, 'boot_header_file') bootheader_data = img_create_read_file_append_crc(boot_header_file, 0) encrypt = 0 sign, encrypt, key_sel, xts_mode = img_create_get_sign_encrypt_info(bootheader_data) boot_entry = img_create_get_img_start_addr(bootheader_data) aesiv_data = bytearray(0) pk_data = bytearray(0) publickey_file = '' privatekey_file_uecc = '' if sign != 0: bflb_utils.printf('Image need sign') publickey_file = cfg.get(cfg_section, 'publickey_file') privatekey_file_uecc = cfg.get(cfg_section, 'privatekey_file_uecc') if encrypt != 0: bflb_utils.printf('Image need encrypt ', encrypt) if xts_mode == 1: bflb_utils.printf('Enable xts mode') encrypt_key_org = bflb_utils.hexstr_to_bytearray(cfg.get(cfg_section, 'aes_key_org')) if encrypt == 1: if xts_mode == 1: encrypt_key = encrypt_key_org[0:32] else: encrypt_key = encrypt_key_org[0:16] else: if encrypt == 2: if xts_mode == 1: encrypt_key = encrypt_key_org[0:32] else: encrypt_key = encrypt_key_org[0:32] else: if encrypt == 3: if xts_mode == 1: encrypt_key = encrypt_key_org[0:24] else: encrypt_key = encrypt_key_org[0:24] bflb_utils.printf('Key= ', binascii.hexlify(encrypt_key)) iv_value = cfg.get(cfg_section, 'aes_iv') if xts_mode == 1: iv_value = iv_value[24:32] + iv_value[:24] encrypt_iv = bflb_utils.hexstr_to_bytearray(iv_value) iv_crcarray = bflb_utils.get_crc32_bytearray(encrypt_iv) aesiv_data = encrypt_iv + iv_crcarray seg_cnt = len(segheader_file) segdata_cnt = len(segdata_file) if flash_img == 0: if seg_cnt != segdata_cnt: bflb_utils.printf('Segheader count and segdata count not match') return ( 'FAIL', data_tohash) data_toencrypt = bytearray(0) if flash_img == 0: i = 0 seg_header_list = [] seg_data_list = [] while i < seg_cnt: seg_data = bytearray(0) if segdata_file[i] != 'UNUSED': seg_data = img_create_read_file_append_crc(segdata_file[i], 0) else: padding_size = 0 if len(seg_data) % encrypt_blk_size != 0: padding_size = encrypt_blk_size - len(seg_data) % encrypt_blk_size seg_data += padding[0:padding_size] segdata_crcarray = bflb_utils.get_crc32_bytearray(seg_data) seg_data_list.append(seg_data) seg_header = img_create_read_file_append_crc(segheader_file[i], 0) seg_header = img_create_update_segheader(seg_header, bflb_utils.int_to_4bytearray_l(len(seg_data)), segdata_crcarray) segheader_crcarray = bflb_utils.get_crc32_bytearray(seg_header) seg_header = seg_header + segheader_crcarray seg_header_list.append(seg_header) i = i + 1 i = 0 cnt = 0 while i < seg_cnt: if seg_header_list[i][4:8] != bytearray(4): data_toencrypt += seg_header_list[i] data_toencrypt += seg_data_list[i] cnt += 1 else: i += 1 seg_cnt = cnt else: seg_data = img_get_one_group_img(boot_entry, segdata_file) padding_size = 0 if len(seg_data) % encrypt_blk_size != 0: padding_size = encrypt_blk_size - len(seg_data) % encrypt_blk_size seg_data += padding[0:padding_size] data_toencrypt += seg_data seg_cnt = len(data_toencrypt) if encrypt != 0: unencrypt_mfg_data = bytearray(0) if seg_cnt >= 8192: if data_toencrypt[4096:4100] == bytearray('0mfg'.encode('utf-8')): unencrypt_mfg_data = data_toencrypt[4096:8192] if xts_mode != 0: data_toencrypt = img_create_encrypt_data_xts(data_toencrypt, encrypt_key, encrypt_iv, encrypt) else: data_toencrypt = img_create_encrypt_data(data_toencrypt, encrypt_key, encrypt_iv, flash_img) if unencrypt_mfg_data != bytearray(0): data_toencrypt = data_toencrypt[0:4096] + unencrypt_mfg_data + data_toencrypt[8192:] fw_data = bytearray(0) data_tohash += data_toencrypt fw_data = data_toencrypt hash = img_create_sha256_data(data_tohash) bflb_utils.printf('Image hash is ', binascii.hexlify(hash)) signature = bytearray(0) pk_hash = None if sign == 1: pk_data, pk_hash, signature = img_create_sign_data(data_tohash, privatekey_file_uecc, publickey_file) pk_data = pk_data + bflb_utils.get_crc32_bytearray(pk_data) flashCfgAddr = len(bootheader_data + pk_data + signature + aesiv_data) flashCfgListLen = 0 flashCfgList = bytearray(0) flashCfgTable = bytearray(0) if flash_img == 1: if bootheader_data[233:234] == b'\xff': flashCfgList, flashCfgTable, flashCfgListLen = create_flashcfg_table(flashCfgAddr) bootheader_data = img_create_update_custom_bootheader(bootheader_data, seg_cnt, hash, signature, pk_data, aesiv_data) bootheader_data = img_create_update_bootheader(bootheader_data, hash, seg_cnt, flashCfgAddr, flashCfgListLen) if flash_img == 1: bflb_utils.printf('Write flash img') bootinfo_file_name = cfg.get(cfg_section, 'bootinfo_file') fp = open(bootinfo_file_name, 'wb+') bootinfo = bootheader_data + pk_data + signature + aesiv_data + flashCfgList + flashCfgTable fp.write(bootinfo) fp.close() fw_file_name = cfg.get(cfg_section, 'img_file') fp = open(fw_file_name, 'wb+') fp.write(fw_data) fp.close() fw_data_hash = img_create_sha256_data(fw_data) fp = open(fw_file_name.replace('.bin', '_withhash.bin'), 'wb+') fp.write(fw_data + fw_data_hash) fp.close() if encrypt != 0: flash_encrypt_type = 0 if encrypt == 1: flash_encrypt_type = 1 if encrypt == 2: flash_encrypt_type = 3 if encrypt == 3: flash_encrypt_type = 2 if xts_mode == 1: flash_encrypt_type += 3 img_update_efuse_fun(cfg, sign, pk_hash, flash_encrypt_type, encrypt_key + bytearray(32 - len(encrypt_key)), key_sel, None, security) else: img_update_efuse_fun(cfg, sign, pk_hash, encrypt, None, key_sel, None, security) else: bflb_utils.printf('Write if img') whole_img_file_name = cfg.get(cfg_section, 'whole_img_file') fp = open(whole_img_file_name, 'wb+') img_data = bootheader_data + pk_data + signature + aesiv_data + fw_data fp.write(img_data) fp.close() if encrypt != 0: if_encrypt_type = 0 if encrypt == 1: if_encrypt_type = 1 if encrypt == 2: if_encrypt_type = 3 if encrypt == 3: if_encrypt_type = 2 if xts_mode == 1: if_encrypt_type += 3 img_update_efuse_fun(cfg, sign, pk_hash, if_encrypt_type, None, key_sel, encrypt_key + bytearray(32 - len(encrypt_key)), security) else: img_update_efuse_fun(cfg, sign, pk_hash, 0, None, key_sel, bytearray(32), security) return ( 'OK', data_tohash) def img_create_do(args, img_dir_path=None, config_file=None): bflb_utils.printf('Image create path: ', img_dir_path) if config_file is None: config_file = img_dir_path + '/img_create_cfg.ini' bflb_utils.printf('Config file: ', config_file) cfg = BFConfigParser() cfg.read(config_file) group_type = 'all' img_type = 'media' signer = 'none' security = False data_tohash = bytearray(0) try: if args.image: img_type = args.image if args.group: group_type = args.group if args.signer: signer = args.signer if args.security: security = args.security == 'efuse' except Exception as e: try: bflb_utils.printf(e) finally: e = None del e if img_type == 'media': flash_img = 1 else: flash_img = 0 ret0 = ret1 = 'OK' if group_type == 'group0' or group_type == 'all': ret0, data_tohash0 = img_creat_process('group0', flash_img, cfg, security) else: img_creat_process('', flash_img, cfg, security) if ret0 != 'OK': bflb_utils.printf('Fail to create group0 images!') return if ret1 != 'OK': bflb_utils.printf('Fail to create group1 images!') def create_sp_media_image(config, cpu_type=None, security=False): bflb_utils.printf('========= sp image create =========') cfg = BFConfigParser() cfg.read(config) img_creat_process('group0', 1, cfg, security) if __name__ == '__main__': data_bytearray = codecs.decode('42464E500100000046434647040101036699FF039F00B7E904EF0001C72052D8060232000B010B013B01BB006B01EB02EB02025000010001010002010101AB01053500000131000038FF20FF77030240770302F02C01B004B0040500FFFF030036C3DD9E5043464704040001010105000101050000010101A612AC86000144650020000000000000503100007A6345494BCABEC7307FD8F8396729EB67DDC8C63B7AD69B797B08564E982A8701000000000000000000000000000000000000D80000000000010000000000000000000000200100000001D80000000000010000000000000000000000200200000002580000000000010000000000000000000000200300000003580000000000010000D0C57503C09E750300200400000004580000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000935F92BB', 'hex') key_bytearray = codecs.decode('fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0000102030405060708090a0b0c0d0e0f', 'hex') need_reverse_iv_bytearray = codecs.decode('01000000000000000000000000000000', 'hex') iv_bytearray = codecs.decode(reverse_iv(need_reverse_iv_bytearray), 'hex') img_create_encrypt_data_xts(data_bytearray, key_bytearray, iv_bytearray, 0) # okay decompiling ./libs/base/wb03/img_create_do.pyc