|
The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AES Keys"
m (→Key 0x837) |
m (Links.) |
||
| Line 4: | Line 4: | ||
Currently, there are four ways to run the hardware AES engine: |
Currently, there are four ways to run the hardware AES engine: |
||
* Use the AES payload released on OpenPwn. |
* Use the AES payload released on OpenPwn. |
||
| − | * Patch iBoot to jump to aes_decrypt. |
+ | * Patch [[iBoot]] to jump to aes_decrypt. |
* Use [http://github.com/planetbeing/iphonelinux/tree/master OpenIBoot]. |
* Use [http://github.com/planetbeing/iphonelinux/tree/master OpenIBoot]. |
||
| − | * Use the crypto bundle provided in |
+ | * Use the crypto bundle provided in [[XPwn]] to utilize it via userland. This method requires a kernel patch. |
| − | If you want to decrypt [[IMG3]] files you need to use this. The [[GID-key]] currently has not been extracted from the phone, so the only way to use it is on the phone itself. |
+ | If you want to decrypt [[IMG3 File Format|IMG3]] files you need to use this. The [[GID-key]] currently has not been extracted from the phone, so the only way to use it is on the phone itself. |
| − | See [[Easier method of getting Img3 Key / IV]] for an iBoot patch. |
+ | See [[Easier method of getting Img3 Key / IV]] for an [[iBoot]] patch. |
==AES crypto payload== |
==AES crypto payload== |
||
| Line 21: | Line 21: | ||
==Resources== |
==Resources== |
||
| − | [http://wikee.iphwn.org/s5l8900:encryption_keys |
+ | [http://wikee.iphwn.org/s5l8900:encryption_keys Dev Team wiki] |
Revision as of 17:16, 12 September 2010
The SoC in each device have an AES coprocessor with the GID-key and UID-key built in.
Running The Engine
Currently, there are four ways to run the hardware AES engine:
- Use the AES payload released on OpenPwn.
- Patch iBoot to jump to aes_decrypt.
- Use OpenIBoot.
- Use the crypto bundle provided in XPwn to utilize it via userland. This method requires a kernel patch.
If you want to decrypt IMG3 files you need to use this. The GID-key currently has not been extracted from the phone, so the only way to use it is on the phone itself.
See Easier method of getting Img3 Key / IV for an iBoot patch.
AES crypto payload
http://forums.openpwn.org/viewtopic.php?f=8&t=19&p=101#p101
Key 0x837
Generated by encrypting 345A2D6C5050D058780DA431F0710E15 with the S5L8900 GID-key to get 188458A6D15034DFE386F23B61D43774
It is used as the encryption key for IMG2 files. With the introduction of IMG3 in 2.0, KBAGs are now used instead of the 0x837 key.
