The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "User talk:Yiudeyk2"
(→MobileDevice Keys Founded: new section) |
(No difference)
|
Latest revision as of 06:25, 16 July 2017
MobileDevice Keys Founded
; ================ B E G I N N I N G O F P R O C E D U R E ================
_AMAuthInstallApImg4LocalRegisterKeys:
000000000006b5f6 push rbp ; CODE XREF=__AMAuthInstallApImg4LocalCreateSignedManifest+435 000000000006b5f7 mov rbp, rsp 000000000006b5fa push r14 000000000006b5fc push rbx 000000000006b5fd mov r14, rdi 000000000006b600 mov ebx, 0x1 000000000006b605 test r14, r14 000000000006b608 je loc_6b85a
000000000006b60e mov rax, qword [r14+0x10] 000000000006b612 cmp byte [rax+0x14], 0x0 000000000006b616 je loc_6b63c
000000000006b618 lea rsi, qword [__hex_to_ascii.hex+77991] ; "AMAuthInstallApImg4LocalRegisterKeys", argument #2 for method _AMAuthInstallLog 000000000006b61f lea rdx, qword [__hex_to_ascii.hex+78028] ; "local signing is not available for production fused devices.", argument #3 for method _AMAuthInstallLog 000000000006b626 mov edi, 0x3 ; argument #1 for method _AMAuthInstallLog 000000000006b62b xor eax, eax 000000000006b62d call _AMAuthInstallLog 000000000006b632 mov ebx, 0xe 000000000006b637 jmp loc_6b85a
loc_6b63c:
000000000006b63c cmp qword [r14+0x158], 0x0 ; CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+32 000000000006b644 jne loc_6b69f
000000000006b646 mov cx, word [rax+0x30] 000000000006b64a test cl, cl 000000000006b64c jne loc_6b654
000000000006b64e cmp dword [rax+0x10], 0x0 000000000006b652 je loc_6b688
loc_6b654:
000000000006b654 movzx ecx, cx ; CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+86 000000000006b657 cmp ecx, 0x100 000000000006b65d jae loc_6b668
000000000006b65f lea rax, qword [cfstring_ap_ticket_dev_key_private] ; @"ap.ticket.dev.key.private" 000000000006b666 jmp loc_6b698
loc_6b668:
000000000006b668 mov ecx, dword [rax+8] ; CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+103 000000000006b66b cmp ecx, 0x8960 000000000006b671 je loc_6b691
000000000006b673 cmp ecx, 0x8010 000000000006b679 jne loc_6b840
000000000006b67f lea rax, qword [cfstring_ap_ticket_insec_rsa4k_key_private] ; @"ap.ticket.insec.rsa4k.key.private" 000000000006b686 jmp loc_6b698
loc_6b688:
000000000006b688 lea rax, qword [cfstring_ap_ticket_unfused_key_private] ; @"ap.ticket.unfused.key.private", CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+92 000000000006b68f jmp loc_6b698
loc_6b691:
000000000006b691 lea rax, qword [cfstring_ap_ticket_insec_rsa1k_key_private] ; @"ap.ticket.insec.rsa1k.key.private", CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+123
loc_6b698:
000000000006b698 mov qword [r14+0x158], rax ; CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+112, _AMAuthInstallApImg4LocalRegisterKeys+144, _AMAuthInstallApImg4LocalRegisterKeys+153
loc_6b69f:
000000000006b69f mov rdi, qword [r14+0x148] ; argument "theDict" for method imp___stubs__CFDictionaryContainsKey, CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+78 000000000006b6a6 lea rsi, qword [cfstring_ap_ticket_dev_key_private] ; @"ap.ticket.dev.key.private", argument "key" for method imp___stubs__CFDictionaryContainsKey 000000000006b6ad call imp___stubs__CFDictionaryContainsKey 000000000006b6b2 xor ebx, ebx 000000000006b6b4 test al, al 000000000006b6b6 jne loc_6b85a
000000000006b6bc lea rsi, qword [cfstring_ap_ticket_insec_rsa1k_key] ; @"ap.ticket.insec.rsa1k.key", argument #2 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6c3 lea rdx, qword [_kImg4TicketInsecureRsa1kPrivateKey] ; "-----BEGIN RSA PRIVATE KEY-----\\nMIICXQIBAAKBgQDLrHkmKMPGJzc/HgTUHS6VUfmtKntdb+OEQkdxYA+bThpnHT0G\\nk1FtusGhaf/LmHmjXBr2QQFWbHMNLCmrT3imPcKibKy7rbMwsK8e+i8KL29Fz7ae\\n4qTLWaarOnb3H+5X18HlpHAI2zPW0i+7MgqiPrlVYKLsYJ36C7qM3lgnAwIDAQAB\\nAoGAJOhoO8X/VBUfKcziyx1Op7hnK…", argument #3 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6ca mov ecx, 0x378 ; argument #4 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6cf mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6d2 call _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6d7 mov ebx, eax 000000000006b6d9 test ebx, ebx 000000000006b6db jne loc_6b85a
000000000006b6e1 lea rsi, qword [cfstring_ap_ticket_insec_rsa4k_key] ; @"ap.ticket.insec.rsa4k.key", argument #2 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6e8 lea rdx, qword [_kImg4TicketInsecureRsa4kPrivateKey] ; "-----BEGIN RSA PRIVATE KEY-----\\nMIIJKAIBAAKCAgEA3xFuEK4G6mlzito4i97VyllTghiwcVeKy3JQaDATnKDJLvTE\\nVuuH74wKV2gZ2Jz2uOYYL3j75RQS3pLg6MEcbHqEhs5N+7Id9F8pMYUuGG56Jele\\nuqMQ43emGdt02KdM61b799NgqX38R0AASBXWI4VRc8dFJ8FHtqnBpivaFAAnozi9\\ncqfYFvhhaPJ2oJ0UuTb9aYgUKcOu0…", argument #3 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6ef mov ecx, 0xcac ; argument #4 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6f4 mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6f7 call _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b6fc mov ebx, eax 000000000006b6fe test ebx, ebx 000000000006b700 jne loc_6b85a
000000000006b706 lea rsi, qword [cfstring_ap_ticket_8960_insec_cert] ; @"ap.ticket.8960.insec.cert", argument #2 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b70d lea rdx, qword [_kImg4Ticket8960InsecureCert] ; "-----BEGIN CERTIFICATE-----\\nMIID9TCCAt2gAwIBAgICAcswDQYJKoZIhvcNAQEFBQAwfjELMAkGA1UEBhMCVVMx\\nEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRp\\nb24gQXV0aG9yaXR5MTIwMAYDVQQDEylBcHBsZSBTZWN1cmUgQm9vdCBDZXJ0aWZp\\nY2F0aW9uIEF1dGhvcml0eTAeFw0xMjAzM…", argument #3 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b714 mov ecx, 0x599 ; argument #4 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b719 mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b71c call _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b721 mov ebx, eax 000000000006b723 test ebx, ebx 000000000006b725 jne loc_6b85a
000000000006b72b lea rsi, qword [cfstring_ap_ticket_8002_insec_cert] ; @"ap.ticket.8002.insec.cert", argument #2 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b732 lea rdx, qword [_kImg4Ticket8002InsecureCert] ; "-----BEGIN CERTIFICATE-----\\nMIIGuzCCBKOgAwIBAgIBADANBgkqhkiG9w0BAQwFADBdMQswCQYDVQQGEwJVUzEO\\nMAwGA1UEChMFU2thbmsxJjAkBgNVBAsTHVNrYW5rIENlcnRpZmljYXRpb24gQXV0\\naG9yaXR5MRYwFAYDVQQDEw1Ta2FuayBSb290IENBMB4XDTAwMDEwMTAwMDAwMFoX\\nDTMwMDEwMTAwMDAwMFowbTELMAkGA1UEB…", argument #3 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b739 mov ecx, 0x95b ; argument #4 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b73e mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b741 call _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b746 mov ebx, eax 000000000006b748 test ebx, ebx 000000000006b74a jne loc_6b85a
000000000006b750 lea rsi, qword [cfstring_ap_ticket_8010_insec_cert] ; @"ap.ticket.8010.insec.cert", argument #2 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b757 lea rdx, qword [_kImg4Ticket8010InsecureCert] ; "-----BEGIN CERTIFICATE-----\\nMIIGuzCCBKOgAwIBAgIBADANBgkqhkiG9w0BAQwFADBdMQswCQYDVQQGEwJVUzEO\\nMAwGA1UEChMFU2thbmsxJjAkBgNVBAsTHVNrYW5rIENlcnRpZmljYXRpb24gQXV0\\naG9yaXR5MRYwFAYDVQQDEw1Ta2FuayBSb290IENBMB4XDTAwMDEwMTAwMDAwMFoX\\nDTMwMDEwMTAwMDAwMFowbTELMAkGA1UEB…", argument #3 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b75e mov ecx, 0x95b ; argument #4 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b763 mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b766 call _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b76b mov ebx, eax 000000000006b76d test ebx, ebx 000000000006b76f jne loc_6b85a
000000000006b775 lea rsi, qword [cfstring_ap_ticket_dev_key] ; @"ap.ticket.dev.key", argument #2 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b77c lea rdx, qword [_kImg4TicketDevPrivateKey] ; "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAyD1RmChQ97f3RBzYYWd4+n9Vv5Y9P4CqoGtrgFw8EEVUZaSl\\nZY37G4WeNYW4zf4Ovvx8bflSX13Eg7cyrfX3PrZuS/c5rsyq/f4tIOv/mT/bYLTk\\nl7+v5kd4OYSpE69caAQ8UMqZsKifvNcc5U4awpaYEueo7jhqgpm/jhZNMIRWEUps\\n9twJ9gpZR24M2tBv9rwGONnrrlAU5…", argument #3 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b783 mov ecx, 0x690 ; argument #4 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b788 mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b78b call _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b790 mov ebx, eax 000000000006b792 test ebx, ebx 000000000006b794 jne loc_6b85a
000000000006b79a lea rsi, qword [cfstring_ap_ticket_8960_dev_cert] ; @"ap.ticket.8960.dev.cert", argument #2 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7a1 lea rdx, qword [_kImg4Ticket8960DevCert] ; "-----BEGIN CERTIFICATE-----\\nMIIEpTCCA42gAwIBAgICAcwwDQYJKoZIhvcNAQEFBQAwfjELMAkGA1UEBhMCVVMx\\nEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRp\\nb24gQXV0aG9yaXR5MTIwMAYDVQQDEylBcHBsZSBTZWN1cmUgQm9vdCBDZXJ0aWZp\\nY2F0aW9uIEF1dGhvcml0eTAeFw0xMjA0M…", argument #3 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7a8 mov ecx, 0x688 ; argument #4 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7ad mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7b0 call _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7b5 mov ebx, eax 000000000006b7b7 test ebx, ebx 000000000006b7b9 jne loc_6b85a
000000000006b7bf lea rsi, qword [cfstring_ap_ticket_unfused_key] ; @"ap.ticket.unfused.key", argument #2 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b7c6 lea rdx, qword [_kImg4TicketUnfusedPrivatekey] ; "-----BEGIN RSA PRIVATE KEY-----\\nMIIEpAIBAAKCAQEAu4E+1j1ugcTpgfQrKLX7GQ4/TR4YKYfG/Ek88QaiUb6KAG4n\\nR/kJrR62Mr++RMlIONAvDi803pUBhS4R+kohK9AtiHVB/jxLp27YisJXkabn4myC\\nGhcJ3ogkv1gCYys7gahnEk9j77cWlPqxacX1b4CNzF4nTrV5sfsDMiqfsictbNmS\\nSbhy76lxGdCB0X2fHrThxLZRrM7BX…", argument #3 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b7cd mov ecx, 0x690 ; argument #4 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b7d2 mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b7d5 call _AMAuthInstallCryptoRegisterKeysFromPEMBuffer 000000000006b7da mov ebx, eax 000000000006b7dc test ebx, ebx 000000000006b7de jne loc_6b85a
000000000006b7e0 lea rsi, qword [cfstring_ap_ticket_8960_unfused_cert] ; @"ap.ticket.8960.unfused.cert", argument #2 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7e7 lea rdx, qword [_kImg4Ticket8960UnfusedCert] ; "-----BEGIN CERTIFICATE-----\\nMIIEbDCCA1SgAwIBAgICAecwDQYJKoZIhvcNAQEFBQAwfjELMAkGA1UEBhMCVVMx\\nEzARBgNVBAoTCkFwcGxlIEluYy4xJjAkBgNVBAsTHUFwcGxlIENlcnRpZmljYXRp\\nb24gQXV0aG9yaXR5MTIwMAYDVQQDEylBcHBsZSBTZWN1cmUgQm9vdCBDZXJ0aWZp\\nY2F0aW9uIEF1dGhvcml0eTAeFw0xMjA5M…", argument #3 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7ee mov ecx, 0x63b ; argument #4 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7f3 mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7f6 call _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b7fb mov ebx, eax 000000000006b7fd test ebx, ebx 000000000006b7ff jne loc_6b85a
000000000006b801 lea rsi, qword [cfstring_ap_ticket_ca_cert] ; @"ap.ticket.ca.cert", argument #2 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b808 lea rdx, qword [_kImg4TicketCACert] ; "-----BEGIN CERTIFICATE-----\\nMIID+DCCAuCgAwIBAgIBEDANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQGEwJVUzET\\nMBEGA1UEChMKQXBwbGUgSW5jLjEmMCQGA1UECxMdQXBwbGUgQ2VydGlmaWNhdGlv\\nbiBBdXRob3JpdHkxFjAUBgNVBAMTDUFwcGxlIFJvb3QgQ0EwHhcNMDcwMTA1MTky\\nMTU5WhcNMjIwMTA1MTkyMTU5WjB+MQswC…", argument #3 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b80f mov ecx, 0x59d ; argument #4 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b814 mov rdi, r14 ; argument #1 for method _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b817 call _AMAuthInstallCryptoRegisterCertFromPEMBuffer 000000000006b81c mov ebx, eax 000000000006b81e test ebx, ebx 000000000006b820 jne loc_6b85a
000000000006b822 lea rsi, qword [__hex_to_ascii.hex+77991] ; "AMAuthInstallApImg4LocalRegisterKeys", argument #2 for method _AMAuthInstallLog 000000000006b829 lea rdx, qword [__hex_to_ascii.hex+78481] ; "ap local signing keys available", argument #3 for method _AMAuthInstallLog 000000000006b830 xor ebx, ebx 000000000006b832 mov edi, 0x6 ; argument #1 for method _AMAuthInstallLog 000000000006b837 xor eax, eax 000000000006b839 call _AMAuthInstallLog 000000000006b83e jmp loc_6b85a
loc_6b840:
000000000006b840 lea rsi, qword [__hex_to_ascii.hex+77991] ; "AMAuthInstallApImg4LocalRegisterKeys", argument #2 for method _AMAuthInstallLog, CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+131 000000000006b847 lea rdx, qword [__hex_to_ascii.hex+78187] ; "unrecognized chipid: 0x%08X", argument #3 for method _AMAuthInstallLog 000000000006b84e mov edi, 0x3 ; argument #1 for method _AMAuthInstallLog 000000000006b853 xor eax, eax 000000000006b855 call _AMAuthInstallLog
loc_6b85a:
000000000006b85a mov eax, ebx ; CODE XREF=_AMAuthInstallApImg4LocalRegisterKeys+18, _AMAuthInstallApImg4LocalRegisterKeys+65, _AMAuthInstallApImg4LocalRegisterKeys+192, _AMAuthInstallApImg4LocalRegisterKeys+229, _AMAuthInstallApImg4LocalRegisterKeys+266, _AMAuthInstallApImg4LocalRegisterKeys+303, _AMAuthInstallApImg4LocalRegisterKeys+340, _AMAuthInstallApImg4LocalRegisterKeys+377, _AMAuthInstallApImg4LocalRegisterKeys+414, _AMAuthInstallApImg4LocalRegisterKeys+451, _AMAuthInstallApImg4LocalRegisterKeys+488, … 000000000006b85c pop rbx 000000000006b85d pop r14 000000000006b85f pop rbp 000000000006b860 ret
; endp