forked from Verteo/Cuber
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathcuber.cpp
executable file
·473 lines (412 loc) · 11.6 KB
/
cuber.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
#include <iostream>
#include <sstream>
#include <cstring>
#include <string>
#include <iomanip>
#include <stdio.h>
#include <openssl/sha.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <stdlib.h>
#include <stdint.h>
#include <sys/types.h>
#include <sys/stat.h>
#include "bootimg.h"
#include "cuber.h"
#define _CRT_SECURE_NO_WARNINGS
/*
Returns -1 if somethings fails otherwise 0
*/
int main(int argc, char* argv[])
{
if (!(argc == 3 || argc == 4)) {
std::cerr << "[ ERROR ] Incorrect number of arguments" << std::endl << std::endl;
std::cerr << "[ USAGE ] cuber <option> <arguments>" << std::endl;
std::cerr << " -c, --check /path/to/image.img checks if image would pass signature verification" << std::endl;
std::cerr << " -s, --sign /path/to/input/file.img /path/to/output/file.img creates a signature and outputs a signed image" << std::endl;
return -1;
}
if ((strcmp(argv[1], "--check" ) == 0 || strcmp(argv[1], "-c") == 0) && argc == 3){
std::cout << "[ STATUS ] Checking image... " << argv[2] << std::endl;
return check_image(argv[2]);
}
if ((strcmp(argv[1], "--sign") == 0 || strcmp(argv[1], "-s") == 0) && argc == 4) {
if (strcmp(argv[1], argv[2]) == 0) {
std::cerr << "[ ERROR ] Input and output paths must be different" << std::endl;
return -1;
}
else {
std::cout << "[ STATUS ] Signing image... " << argv[2] << std::endl;
return sign_image(argv[2], argv[3]);
}
} else {
std::cerr << "[ ERROR ] Invalid arguments" << std::endl << std::endl;
std::cerr << "[ USAGE ] cuber <option> <arguments>" << std::endl;
std::cerr << " -c, --check /path/to/image.img checks if image would pass signature verification" << std::endl;
std::cerr << " -s, --sign /path/to/input/file.img /path/to/output/file.img creates a signature and outputs a signed image" << std::endl; return -1;
}
}
/*
Returns -1 if somethings fails otherwise 0
*/
int check_image(char* in){
/*
Load an image at given path
*/
FILE *imageinput;
imageinput = fopen(in, "rb");
if (imageinput == NULL){
std::cerr << "[ ERROR ] Image does not exist at given location" << std::endl;
return -1;
}
/*
Check if file has contents
*/
unsigned imagefilesize = get_file_size(imageinput);
if (imagefilesize == 0){
std::cerr << "[ ERROR ] Image has no size" << std::endl;
return -1;
}
/*
Load image in buffer and close file
*/
unsigned char* image = NULL;
image = (unsigned char*)malloc(imagefilesize);
fread(image, imagefilesize, 1, imageinput);
fclose(imageinput);
/*
Extract image header
*/
boot_img_hdr* hdr = NULL;
hdr = (boot_img_hdr*)malloc(sizeof(boot_img_hdr));
memcpy(hdr, image, sizeof(boot_img_hdr));
/*
Check if image is an Android bootimage
*/
if (memcmp((char*)hdr->magic, "ANDROID!", 8) != 0){
std::cerr << "[ ERROR ] File is not an Android boot image" << std::endl;
return -1;
}
/*
Load necessary variables from header and delete header
*/
unsigned kernel_actual;
unsigned ramdisk_actual;
unsigned imagesize_actual;
unsigned dt_actual;
unsigned page_size = hdr->page_size;
unsigned page_mask = hdr->page_size - 1;
kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);
ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);
dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);
free(hdr);
/*
Calculate size of the "real" image
*/
imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual) ;
/*
If the "real" image is bigger than the file, the file is probably corrupted
*/
if (imagefilesize < imagesize_actual){
std::cerr << "[ ERROR ] File is invalid (is it corrupted?)" << std::endl;
return -1;
}
/*
Verify the image.
*/
verify_image(image, image + imagesize_actual, imagesize_actual);
return 0;
}
/*
Returns -1 if somethings fails otherwise 0
*/
int sign_image(char* in, char* out){
/*
An int is enough because the partitions shouldn't be bigger than 4GB
*/
int finalimagesize = 0;
/*
Load an image at given path
*/
FILE *imageinput;
imageinput = fopen(in, "rb");
if (imageinput == NULL){
std::cerr << "[ ERROR ] Image does not exist at given location" << std::endl;
return -1;
}
/*
Check if file has contents
*/
unsigned imagefilesize = get_file_size(imageinput);
if (imagefilesize == 0){
std::cerr << "[ ERROR ] Image has no size" << std::endl;
return -1;
}
/*
Extract image header first to determine if the final image is bigger than the orignal
*/
boot_img_hdr* hdr = NULL;
hdr = (boot_img_hdr*)malloc(sizeof(boot_img_hdr));
fread(hdr, sizeof(boot_img_hdr), 1, imageinput);
/*
Reposition pointer at start
*/
fseek(imageinput, 0, SEEK_SET);
/*
Check if image is an Android bootimage
*/
if (memcmp((char*)hdr->magic, "ANDROID!", 8) != 0){
std::cerr << "[ ERROR ] File is not an Android boot image" << std::endl;
return -1;
}
/*
Load necessary variables from header and delete header
*/
unsigned kernel_actual;
unsigned ramdisk_actual;
unsigned imagesize_actual;
unsigned dt_actual;
unsigned page_size = hdr->page_size;
unsigned page_mask = hdr->page_size - 1;
kernel_actual = ROUND_TO_PAGE(hdr->kernel_size, page_mask);
ramdisk_actual = ROUND_TO_PAGE(hdr->ramdisk_size, page_mask);
dt_actual = ROUND_TO_PAGE(hdr->dt_size, page_mask);
free(hdr);
/*
Calculate size of the "real" image
*/
imagesize_actual = (page_size + kernel_actual + ramdisk_actual + dt_actual);
/*
If the "real" image is bigger than the file, the file is probably corrupted
*/
if (imagefilesize < imagesize_actual){
std::cerr << "[ ERROR ] File is invalid (is it corrupted?)" << std::endl;
return -1;
}
/*
If the file is smaller than the "real" image + one page, a buffer with the size of the image would be too small we need allocate a new bigger one
*/
if (imagefilesize < imagesize_actual + page_size){
finalimagesize = imagefilesize + page_size;
} else {
finalimagesize = imagefilesize;
}
/*
Load image in buffer and close file
*/
unsigned char* image = NULL;
image = (unsigned char*)malloc(finalimagesize);
fread(image, 1, imagefilesize, imageinput);
fclose(imageinput);
/*
Create output file
*/
FILE *imageoutput;
imageoutput = fopen(out, "wb");
if (imageoutput == NULL){
std::cerr << "[ ERROR ] Can't write output image to disk" << std::endl;
return -1;
}
/*
Hash the real image
*/
unsigned char hash[65];
unsigned char signature[SIGNATURE_SIZE];
memset(signature, 0, SIGNATURE_SIZE);
sha256_buffer(image, imagesize_actual, hash);
/*
Create signature with given hash
*/
int sig = create_signature(hash, signature);
/*
If the signature is created successfully AND the signature passes the check, the signature will be written into the image buffer, which will written to the output file
*/
if (sig != -1){
std::cerr << std::endl << "[ STATUS ] Checking created signature... ";
if (verify_image(image, signature, imagesize_actual) == 0){
memcpy(image + imagesize_actual, signature, SIGNATURE_SIZE);
fwrite(image, finalimagesize, 1, imageoutput);
}
}
/*
Cleanup
*/
fclose(imageoutput);
free(image);
/*
Final check of the output file
*/
std::cerr << std::endl << "[ STATUS ] Checking created image... ";
check_image(out);
return 0;
}
/*
Calculates the size of file
Returns size of the file
*/
int get_file_size(FILE* pfile)
{
fseek(pfile, 0, SEEK_END);
int Size = ftell(pfile);
fseek(pfile, 0, SEEK_SET);
return Size;
}
/*
Hash a buffer of given size with openssl
Always returns 0
*/
int sha256_buffer(unsigned char *image_ptr, unsigned int image_size, unsigned char* output)
{
SHA256_CTX sha256;
SHA256_Init(&sha256);
SHA256_Update(&sha256, image_ptr, image_size);
SHA256_Final(output, &sha256);
return 0;
}
/*
Function to verify a given image and signature.
Reference implementation in the Little Kernel source in "platform/msm_shared/image_verify.c"
Returns -1 if somethings fails otherwise 0
*/
int verify_image(unsigned char *image_ptr, unsigned char *signature_ptr, unsigned int image_size)
{
X509 *x509_certificate = NULL;
EVP_PKEY *pub_key = NULL;
RSA *rsa_key = NULL;
unsigned char *plain_text = NULL;
unsigned char digest[65];
unsigned int hash_size = SHA256_SIZE;
int ret = 0;
/*
Load certificate
*/
FILE *fcert;
fcert = fopen("prodcert.pem", "rb");
if (fcert == NULL){
fclose(fcert);
std::cerr << "[ ERROR ] Missing certificate" << std::endl;
ret = -1;
goto cleanup;
}
x509_certificate = PEM_read_X509(fcert, NULL, NULL, NULL);
fclose(fcert);
/*
Obtain RSA key
*/
pub_key = X509_get_pubkey(x509_certificate);
rsa_key = EVP_PKEY_get1_RSA(pub_key);
if (rsa_key == NULL){
std::cerr << "[ ERROR ] Couldn't obtain key from certificate" << std::endl;
ret = -1;
goto cleanup;
}
/*
Create buffer for decrypted hash
*/
plain_text = (unsigned char *)calloc(sizeof(char), SIGNATURE_SIZE);
if (plain_text == NULL) {
std::cerr << "[ ERROR ] calloc failed during verification" << std::endl;
ret = -1;
goto cleanup;
}
/*
Decrypt hash
*/
RSA_public_decrypt(SIGNATURE_SIZE, signature_ptr, plain_text, rsa_key, RSA_PKCS1_PADDING);
/*
Hash the image
*/
sha256_buffer(image_ptr, image_size, digest);
/*
Check if signature is equal to the calculated hash
*/
if (memcmp(plain_text, digest, hash_size) != 0) {
std::cerr << std::endl << "[ ERROR ] Invalid signature" << std::endl;
ret = -1;
goto cleanup;
}
else {
std::cerr << std::endl << "[ SUCCESS ] The signature is valid!" << std::endl;
}
/* Cleanup after complete usage of openssl - cached data and objects */
cleanup:
if (rsa_key != NULL)
RSA_free(rsa_key);
if (x509_certificate != NULL)
X509_free(x509_certificate);
if (pub_key != NULL)
EVP_PKEY_free(pub_key);
if (plain_text != NULL)
free(plain_text);
EVP_cleanup();
CRYPTO_cleanup_all_ex_data();
return ret;
}
/*
This function creates the signature
Returns -1 if somethings fails otherwise 0
*/
int create_signature(unsigned char* hash, unsigned char* outputbuffer){
/*
Create file and write the hash into it binary
*/
FILE *hashfile;
hashfile= fopen("hash.abc", "wb");
fwrite(hash, 32, 1, hashfile);
fclose(hashfile);
/*
Invoke the python script
*/
system("python signature.py");
/*
Remove file with hash
*/
remove("hash.abc");
/*
Open file with bnary signature
*/
FILE *sigfile;
sigfile = fopen("signature.abc", "rb");
/*
If there's no file, the python script failed
*/
if (sigfile == NULL){
std::cerr << "[ ERROR ] No signature created..." << std::endl;
std::cerr << " Ensure python and gmpy2 are installed" << std::endl;
return -1;
}
/*
Check if there's content
*/
int filesize = get_file_size(sigfile);
if (filesize == 0){
std::cerr << "[ ERROR ] No signature created..." << std::endl;
std::cerr << " Ensure python and gmpy2 are installed as well as that signature.py is in the same directory" << std::endl;
remove("signature.abc");
return -1;
}
/*
Load file into a buffer
*/
unsigned char* buffer = NULL;
buffer = (unsigned char*)malloc(filesize);
if (buffer == NULL){
std::cerr << "[ ERROR ] Could not allocate memory" << std::endl;
return -1;
}
fread(buffer, 1, filesize, sigfile);
/*
Calculate the offset of the given signature
*/
int offset = SIGNATURE_SIZE - filesize;
/*
Copy signature to the right position
*/
memcpy(outputbuffer + offset, buffer, filesize);
/*
cleanup
*/
fclose(sigfile);
remove("signature.abc");
return 0;
}