Difference between revisions of "AES Keys"

From The iPhone Wiki
Jump to: navigation, search
m (fix order, add reference to presentation of Data Protection (HITB 2011))
Line 1: Line 1:
 
The [[wikipedia:System-on-a-chip|SoC]] in each device have an [[wikipedia:Advanced Encryption Standard|AES]] coprocessor with the [[GID-key]] and [[UID-key]] built in.
 
The [[wikipedia:System-on-a-chip|SoC]] in each device have an [[wikipedia:Advanced Encryption Standard|AES]] coprocessor with the [[GID-key]] and [[UID-key]] built in.
   
==Running The Engine==
+
== Running The Engine ==
 
Currently, there are several ways to run the hardware AES engine:
 
Currently, there are several ways to run the hardware AES engine:
* Patch [[iBoot (Bootloader)|iBoot]] to jump to aes_decrypt.
+
* Patch [[iBoot (Bootloader)|iBoot]] to jump to <code>aes_decrypt</code>.
 
* Use [http://github.com/planetbeing/iphonelinux/tree/master OpenIBoot].
 
* Use [http://github.com/planetbeing/iphonelinux/tree/master OpenIBoot].
 
* Use the crypto bundle provided in [[XPwn]] to utilize it via userland. This method requires a kernel patch.
 
* Use the crypto bundle provided in [[XPwn]] to utilize it via userland. This method requires a kernel patch.
Line 12: Line 12:
 
See [[Grabbing IMG3 Keys]] for an [[iBoot (Bootloader)|iBoot]] patch.
 
See [[Grabbing IMG3 Keys]] for an [[iBoot (Bootloader)|iBoot]] patch.
   
==Derived keys==
+
== Derived keys ==
  +
Some derived keys are computed by the IOAESAccelerator kernel service at boot. These keys are generated by encrypting static values either with the UID key (0x7D0 identifier) or the GID key (0x3E8 identifier). The values defined in the iPhone 4 GSM 5.0 kernel are :
 
  +
__text:807E3000 keys_to_compute DCD 0x835,0x7D0,0x01010101,0x01010101,0x01010101,0x01010101
Some derived keys are computed by the IOAESAccelerator kernel service at boot. These keys are generated by encrypting static values either with the UID key (0x7D0 identifier) or the GID key (0x3E8 identifier). The values defined in the iPhone 4 5.0 kernel are :
 
  +
__text:807E3018 DCD 0x899,0x7D0,0xB5FCE8D1,0x8DBF3739,0xD14CC7EF,0xB0D4F1D0
<pre>
 
__text:807E3018 DCD 0x899,0x7D0,0xB5FCE8D1,0x8DBF3739,0xD14CC7EF,0xB0D4F1D0
+
__text:807E3048 DCD 0x89A,0x7D0,0x335B1FDB,0x1C5F6C60,0x66AA3419,0x61069C58
  +
=== Key 0x835 ===
__text:807E3030 DCD 0x89B,0x7D0,0x67993E18,0x543CB06B,0xF568A46F,0x49BD0C1C
 
  +
Generated by encrypting 0x01010101010101010101010101010101 with the [[UID-key]].<br />
__text:807E3048 DCD 0x89A,0x7D0,0x335B1FDB,0x1C5F6C60,0x66AA3419,0x61069C58
 
  +
Used for data protection.
</pre>
 
  +
=== Key 0x837 ===
 
  +
Generated by encrypting 0x345A2D6C5050D058780DA431F0710E15 with the [[S5L8900]] [[GID-key]], resulting in 0x188458A6D15034DFE386F23B61D43774.<br />
===Key 0x835===
 
__text:807E3000 keys_to_compute DCD 0x835,0x7D0,0x01010101,0x01010101,0x01010101,0x01010101
+
__text:807E3030 DCD 0x89B,0x7D0,0x67993E18,0x543CB06B,0xF568A46F,0x49BD0C1C
 
Generated by encrypting 01010101010101010101010101010101 with the [[UID-key]]. Used for data protection.
 
 
===Key 0x837===
 
Generated by encrypting 345A2D6C5050D058780DA431F0710E15 with the [[S5L8900]] [[GID-key]], resulting in 188458A6D15034DFE386F23B61D43774.
 
 
 
It is used as the encryption key for [[S5L File Formats#IMG2|IMG2 files]]. With the introduction of [[IMG3 File Format|IMG3]] in iOS 2.0, [[KBAG]]s are now used instead of the 0x837 key. Because iOS versions 1.x were used only on the [[M68ap|iPhone]] and [[N45ap|iPod touch]] (both use the [[S5L8900]]) the encrypted values for other processors don't matter.
 
It is used as the encryption key for [[S5L File Formats#IMG2|IMG2 files]]. With the introduction of [[IMG3 File Format|IMG3]] in iOS 2.0, [[KBAG]]s are now used instead of the 0x837 key. Because iOS versions 1.x were used only on the [[M68ap|iPhone]] and [[N45ap|iPod touch]] (both use the [[S5L8900]]) the encrypted values for other processors don't matter.
  +
=== Key 0x899 ===
 
  +
Generated by encrypting 0xD1E8FCB53937BF8DEFC74CD1D0F1D4B0 with the [[UID-key]]. Usage unknown.
===Key 0x899===
 
  +
=== Key 0x89A ===
 
Generated by encrypting D1E8FCB53937BF8DEFC74CD1D0F1D4B0 with the [[UID-key]]. Usage unknown.
+
Used on A4 devices. Generated by encrypting 0xDB1F5B33606C5F1C1934AA66589C0661 with the [[UID-key]], getting a device-specific key.<br />
 
===Key 0x89A===
 
For A4 devices:
 
Generated by encrypting DB1F5B33606C5F1C1934AA66589C0661 with the [[UID-key]], getting a device-specific key.
 
 
 
It is used to encrypt the [[SHSH]] blobs on the device.
 
It is used to encrypt the [[SHSH]] blobs on the device.
  +
=== Key 0x89B ===
  +
Generated by encrypting 0x183E99676BB03C546FA468F51C0CBD49 with the [[UID-key]]. It is used to encrypt the data partition key.
   
  +
== Using [[Greenpois0n (toolkit)|greenpois0n]] ==
===Key 0x89B===
 
 
Generated by encrypting 183E99676BB03C546FA468F51C0CBD49 with the [[UID-key]]. It is used to encrypt the data partition key.
 
 
==Using [[Greenpois0n (toolkit)|greenpois0n]] to get the keys==
 
 
* Run steps 1 thru 5 from [[PwnStrap]]
 
* Run steps 1 thru 5 from [[PwnStrap]]
 
* Use 'xpwntool file.img3 /dev/null' to extract the KBAG hex string from ''file.img3''
 
* Use 'xpwntool file.img3 /dev/null' to extract the KBAG hex string from ''file.img3''

Revision as of 23:21, 26 September 2012

The SoC in each device have an AES coprocessor with the GID-key and UID-key built in.

Running The Engine

Currently, there are several ways to run the hardware AES engine:

  • Patch iBoot to jump to aes_decrypt.
  • Use OpenIBoot.
  • Use the crypto bundle provided in XPwn to utilize it via userland. This method requires a kernel patch.
  • Use Greenpois0n console.

If you want to decrypt IMG3 files you need to use this. The GID-key currently has not been extracted from the phone, so the only way to use it is on the phone itself.

See Grabbing IMG3 Keys for an iBoot patch.

Derived keys

Some derived keys are computed by the IOAESAccelerator kernel service at boot. These keys are generated by encrypting static values either with the UID key (0x7D0 identifier) or the GID key (0x3E8 identifier). The values defined in the iPhone 4 GSM 5.0 kernel are :

__text:807E3000 keys_to_compute DCD 0x835,0x7D0,0x01010101,0x01010101,0x01010101,0x01010101
__text:807E3018                 DCD 0x899,0x7D0,0xB5FCE8D1,0x8DBF3739,0xD14CC7EF,0xB0D4F1D0
__text:807E3030                 DCD 0x89B,0x7D0,0x67993E18,0x543CB06B,0xF568A46F,0x49BD0C1C
__text:807E3048                 DCD 0x89A,0x7D0,0x335B1FDB,0x1C5F6C60,0x66AA3419,0x61069C58

Key 0x835

Generated by encrypting 0x01010101010101010101010101010101 with the UID-key.
Used for data protection.

Key 0x837

Generated by encrypting 0x345A2D6C5050D058780DA431F0710E15 with the S5L8900 GID-key, resulting in 0x188458A6D15034DFE386F23B61D43774.
It is used as the encryption key for IMG2 files. With the introduction of IMG3 in iOS 2.0, KBAGs are now used instead of the 0x837 key. Because iOS versions 1.x were used only on the iPhone and iPod touch (both use the S5L8900) the encrypted values for other processors don't matter.

Key 0x899

Generated by encrypting 0xD1E8FCB53937BF8DEFC74CD1D0F1D4B0 with the UID-key. Usage unknown.

Key 0x89A

Used on A4 devices. Generated by encrypting 0xDB1F5B33606C5F1C1934AA66589C0661 with the UID-key, getting a device-specific key.
It is used to encrypt the SHSH blobs on the device.

Key 0x89B

Generated by encrypting 0x183E99676BB03C546FA468F51C0CBD49 with the UID-key. It is used to encrypt the data partition key.

Using greenpois0n

  • Run steps 1 thru 5 from PwnStrap
  • Use 'xpwntool file.img3 /dev/null' to extract the KBAG hex string from file.img3
  • Start greenpois0n console: irecovery -s
  • Execute 'go aes dec _KBAG_STRING_' in irecovery console

Resources