Changes

Jump to navigation Jump to search
275 bytes added ,  15:44, 12 August 2017
Line 435: Line 435:  
   
 
   
 
  // fuc5 crypt cxset instruction
 
  // fuc5 crypt cxset instruction
  // Set crypto transfer mode
+
  // Clear overrides?
  *(u32 *)cx = 0x80;
+
  cxset(0x80);
 
   
 
   
 
  // fuc5 crypt cauth instruction
 
  // fuc5 crypt cauth instruction
  *(u32 *)cauth &= 0x7FFFF;
+
  // Clear auth_addr
 +
cauth(old_cauth & 0x7FFFF);
 
   
 
   
 
  // Set the target port for memory transfers
 
  // Set the target port for memory transfers
  // Target will now be 0 (crypto)
+
  // Target will now be 0 (crypto?)
 
  xtargets(0);
 
  xtargets(0);
 
   
 
   
Line 452: Line 453:  
   
 
   
 
  // fuc5 crypt cxset instruction
 
  // fuc5 crypt cxset instruction
  // Set crypto transfer mode
+
  // The next 2 xfer instructions will be overridden
  *(u32 *)cx = 0x02;
+
// and target changes from DMA to crypto
 +
  cxset(0x02);
 
   
 
   
  // Transfer data from/to Falcon
+
  // Transfer data to crypto register c0
  // This should clear all previous hashes
+
  // This should clear any leftover data
 
  xdst(0, 0);
 
  xdst(0, 0);
 
   
 
   
Line 462: Line 464:  
  xdwait();
 
  xdwait();
 
   
 
   
  // Clear crypto registers
+
  // Clear all crypto registers, except c6 which is used for auth
 
  *(u32 *)c0 ^= *(u32 *)c0;
 
  *(u32 *)c0 ^= *(u32 *)c0;
 
  *(u32 *)c1 = *(u32 *)c0;
 
  *(u32 *)c1 = *(u32 *)c0;
Line 496: Line 498:  
  load_stage2(key_buf, key_version, is_blob_dec);
 
  load_stage2(key_buf, key_version, is_blob_dec);
 
   
 
   
  // Clear crypto registers
+
// Partially unknown fuc5 instruction
 +
// Likely forces propagation of permissions, hiding all cX registers
 +
acl_chmod(c0, c0);
 +
 +
  // Clear all crypto registers and propagate permissions
 
  *(u32 *)c0 ^= *(u32 *)c0;
 
  *(u32 *)c0 ^= *(u32 *)c0;
 
  *(u32 *)c1 ^= *(u32 *)c1;
 
  *(u32 *)c1 ^= *(u32 *)c1;
Line 506: Line 512:  
  *(u32 *)c7 ^= *(u32 *)c7;
 
  *(u32 *)c7 ^= *(u32 *)c7;
 
   
 
   
  // Signal unknown engine
+
  // Exit Authenticated Mode
 
  *(u32 *)0x00010300 = 0;
 
  *(u32 *)0x00010300 = 0;
 
   
 
   

Navigation menu