The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "AES Keys"
m (Links.) |
OMEGA RAZER (talk | contribs) m |
||
Line 3: | Line 3: | ||
==Running The Engine== |
==Running The Engine== |
||
Currently, there are four ways to run the hardware AES engine: |
Currently, there are four ways to run the hardware AES engine: |
||
− | * Use the AES payload released on OpenPwn. |
+ | * Use the [http://forums.openpwn.org/viewtopic.php?f=8&t=19&p=101#p101 AES payload] released on OpenPwn. |
* Patch [[iBoot]] to jump to aes_decrypt. |
* Patch [[iBoot]] to jump to aes_decrypt. |
||
* Use [http://github.com/planetbeing/iphonelinux/tree/master OpenIBoot]. |
* Use [http://github.com/planetbeing/iphonelinux/tree/master OpenIBoot]. |
||
Line 11: | Line 11: | ||
See [[Easier method of getting Img3 Key / IV]] for an [[iBoot]] patch. |
See [[Easier method of getting Img3 Key / IV]] for an [[iBoot]] patch. |
||
− | |||
− | ==AES crypto payload== |
||
− | http://forums.openpwn.org/viewtopic.php?f=8&t=19&p=101#p101 |
||
==Key 0x837== |
==Key 0x837== |
Revision as of 04:59, 27 October 2010
The SoC in each device have an AES coprocessor with the GID-key and UID-key built in.
Running The Engine
Currently, there are four ways to run the hardware AES engine:
- Use the AES payload released on OpenPwn.
- Patch iBoot to jump to aes_decrypt.
- Use OpenIBoot.
- Use the crypto bundle provided in XPwn to utilize it via userland. This method requires a kernel patch.
If you want to decrypt IMG3 files you need to use this. The GID-key currently has not been extracted from the phone, so the only way to use it is on the phone itself.
See Easier method of getting Img3 Key / IV for an iBoot patch.
Key 0x837
Generated by encrypting 345A2D6C5050D058780DA431F0710E15 with the S5L8900 GID-key to get 188458A6D15034DFE386F23B61D43774
It is used as the encryption key for IMG2 files. With the introduction of IMG3 in 2.0, KBAGs are now used instead of the 0x837 key.