def processBlock(self, block, lba):
iv = self.volume.ivForLBA(lba)
ciphertext = AESencryptCBC(block, self.volume.emfkey, iv)
if not self.ivkey:
clear = AESdecryptCBC(ciphertext, self.filekey, iv)
else:
clear = ""
for i in xrange(len(block) / 0x1000):
iv = self.volume.ivForLBA(self.decrypt_offset, False)
iv = AESencryptCBC(iv, self.ivkey)
clear += AESdecryptCBC(ciphertext[i * 0x1000:(i + 1) * 0x1000],
self.filekey, iv)
self.decrypt_offset += 0x1000
return clear
def decrypt_protected_file(self, path, filekey, decrypted_size=0):
ivkey = hashlib.sha1(filekey).digest()[:16]
hash = hashlib.sha1()
sz = os.path.getsize(path)
oldpath = path + ".encrypted"
try:
os.rename(path, oldpath)
except:
pass
with open(oldpath, "rb") as old_file:
with open(path, "wb") as new_file:
n = sz / 0x1000
if decrypted_size:
n += 1
for block in xrange(n):
iv = AESencryptCBC(self.computeIV(block * 0x1000), ivkey)
old_data = old_file.read(0x1000)
hash.update(old_data)
new_file.write(AESdecryptCBC(old_data, filekey, iv))
if decrypted_size == 0: #old iOS 5 format
trailer = old_file.read(0x1C)
decrypted_size = struct.unpack(">Q", trailer[:8])[0]
assert hash.digest() == trailer[8:]
new_file.truncate(decrypted_size)
os.remove(oldpath) # Delete the encrypted file
def decryptProtectedFile(self, path, filekey, DecryptedSize=0):
ivkey = hashlib.sha1(filekey).digest()[:16]
h = hashlib.sha1()
sz = os.path.getsize(path)
#iOS 5 trailer = uint64 sz + sha1 of encrypted file
#assert (sz % 0x1000) == 0x1C
oldpath = path + ".encrypted"
try:
os.rename(path, oldpath)
except:
pass
f1 = open(oldpath, "rb")
f2 = open(path, "wb")
n = (sz / 0x1000)
if DecryptedSize:
n += 1
for block in xrange(n):
iv = AESencryptCBC(self.computeIV(block * 0x1000), ivkey)
data = f1.read(0x1000)
h.update(data)
f2.write(AESdecryptCBC(data, filekey, iv))
if DecryptedSize == 0: #old iOS 5 format
trailer = f1.read(0x1C)
DecryptedSize = struct.unpack(">Q", trailer[:8])[0]
assert h.digest() == trailer[8:]
f1.close()
f2.truncate(DecryptedSize)
f2.close()
def carveEMFemptySpace(volume, file_keys, outdir):
for lba, block in volume.unallocatedBlocks():
iv = volume.ivForLBA(lba)
for filekey in file_keys:
ciphertext = AESencryptCBC(block, volume.emfkey, iv)
clear = AESdecryptCBC(ciphertext, filekey, iv)
if isDecryptedCorrectly(clear):
print "Decrypted stuff at lba %x" % lba
open(outdir + "/%x.bin" % lba, "wb").write(clear)
def decryptFileBlock2(self, ciphertext, filekey, lbn, decrypt_offset):
if not self.encrypted:
return ciphertext
if not self.image.isIOS5():
return AESdecryptCBC(ciphertext, filekey, self.volume.ivForLBA(lbn, add=False))
clear = ""
ivkey = hashlib.sha1(filekey).digest()[:16]
for i in xrange(len(ciphertext)/0x1000):
iv = self.volume.ivForLBA(decrypt_offset, False)
iv = AESencryptCBC(iv, ivkey)
clear += AESdecryptCBC(ciphertext[i*0x1000:(i+1)*0x1000], filekey, iv)
decrypt_offset += 0x1000
return clear
def change_key835(self, newkey):
tables = {
"genp": "SELECT rowid, data FROM genp",
"inet": "SELECT rowid, data FROM inet",
"cert": "SELECT rowid, data FROM cert",
"keys": "SELECT rowid, data FROM keys"
}
for t in tables.keys():
for row in self.conn.execute(tables[t]):
rowid = row["rowid"]
data = str(row["data"])
iv = data[:16]
data = AESdecryptCBC(data[16:], self.key835, iv)
data = AESencryptCBC(data, newkey, iv)
data = iv + data
data = buffer(data)
self.conn.execute("UPDATE %s SET data=? WHERE rowid=?" % t,
(data, rowid))
self.conn.commit()
def hw_crypt_aligned(self, EncryptMethod, Unknown, filled_buf, BufSize,
Version):
encrypted_buf = AESencryptCBC(filled_buf, self.devicekey)
return encrypted_buf
def writeBlock(self, lba, data):
if self.encrypted:
data = AESencryptCBC(data, self.key, self.getIVforBlock(lba))
return self._write(lba * self.blockSize, data)