Skip to content

Instantly share code, notes, and snippets.

@57op

57op/tx_pack.py

Last active June 21, 2018 07:53
Show Gist options
  • Save 57op/ecbf6f9bb043e8dd0c7d95fc4789b60c to your computer and use it in GitHub Desktop.
Save 57op/ecbf6f9bb043e8dd0c7d95fc4789b60c to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tx_pack.py
'''
based on the work of:
- nwert https://gist.github.com/nwert/9430a454c64248dd1186868c00b682c6
- hexkyz https://gist.github.com/hexkyz/d5b3f5b1700b507b41e7fc1dc12e8dfd
'''
from Crypto.Cipher import AES
from Crypto.Util import Counter
import struct
import hashlib
from binascii import hexlify, unhexlify
from os import unlink
from tx_unpack_data import toggle_data_encryption
"""
typedef struct boot_dat_hdr
{
unsigned char ident[0x10];
unsigned char sha2_s2[0x20];
unsigned int s2_dst;
unsigned int s2_size;
unsigned int s2_enc;
unsigned char pad[0x10];
unsigned int s3_size;
unsigned char pad2[0x90];
unsigned char sha2_hdr[0x20];
} boot_dat_hdr_t;
"""
def sha256(data):
sha256 = hashlib.new('sha256')
sha256.update(data)
return sha256.digest()
def aes_ctr_dec(buf, key, iv):
ctr = Counter.new(128, initial_value=int(hexlify(iv), 16))
return AES.new(key, AES.MODE_CTR, counter=ctr).encrypt(buf)
OUTPUT = 'boot_recompiled.dat'
FB = 'fb_F0000000.bin'
ARM64 = 'arm64_80FFFE00.bin'
STAGE2 = 'stage2_40020000.bin'
DATA = 'data_80300000.bin' # decrypted with tx_unpack_data by hekzkklkfa, will be encrypted
boot = open(OUTPUT, 'wb')
with open(DATA, 'rb') as fh:
data = bytearray(fh.read())
# patch public key
# original tx public key
# data[0x40AC : 0x40AC + 0x100] = unhexlify('E8D43CB9F1880E0A8A722F126447F0B66D86A4B4AF68A96AE93E5866A26DA2B7873EC913FD3232196705A3FB6514F38C2CD6CFF21AA7CF4EE7237BD7FCE4F6AD5F3FDF9434B0DEC008C696CB9B4F4AEEA852EC9DAE8D396B3B5FA37008645CF19C841C2125DD44C70E824C16A8FF5CE4C1E74B35CA5CDAE25632250800B9CA593D9AA1091182E1591364849EC4A87CBD2B3F5F5D01C9F5F48420D81E57CFC2DCE8F167358D599284AC3468E448FEC5BEA35DBBB0217424FA675EC66C4956BECD4485AB91C2F1ECC7BDCDFBA037C7179BEECAEBF5928A2BF701F556D4830AC42687EB890A8E7808D622603B2C1F88A76A1AE73BF0B101B2D832E99A96054CE67B')
# pragma's public key
data[0x40AC : 0x40AC + 0x100] = unhexlify('A57F99B3E8BA0C714864800C23605ADAA1467AACF80728F282E95D5D7946EB42FB7E396DEF81130AB4E4541B8CC286E2CFCB52D9B3B6455E9250ACEBD3BAF7215040BB29CA5FC5BD49DD3F895CCBBB0CD00E286F1A71F329A18E80842976E6CF8D13256803A6019BC21815B39FAEC70CADEF125C5FD08E4EC1BC49AF08BC1BE3BA08C1C9FAFBCF6AC70202EF62F768C03CE8EF49F1DADCF13B678860450BEB011C3506631BEE5E12B2E712FF793E763C8BD02106F27566F6CACEDB221447579F0DD006D8D02F1344BA6E86937A1CF17F20BA7C76BAC29C3F827E62CC652C92718631C683FDF3F5FC1CEE227D880B377156ED557FB1563A554BF4322ACBC77879')
with open(DATA, 'wb') as fh:
fh.write(data)
toggle_data_encryption(DATA, '%s.new' % DATA)
with open('%s.new' % DATA, 'rb') as fh:
data = fh.read()
unlink('%s.new' % DATA)
with open(FB, 'rb') as fh:
fb = fh.read()
with open(ARM64, 'rb') as fh:
arm64 = fh.read()
with open(STAGE2, 'rb') as fh:
stage2 = bytearray(fh.read())
stage2[0x5D50 : 0x5D50 + 0x20] = sha256(fb)
stage2[0x5DA0 : 0x5DA0 + 0x20] = sha256(data)
stage2[0x5DF0 : 0x5DF0 + 0x20] = sha256(arm64)
stage2 = bytes(stage2)
header = b''
# ident
header += b'\x54\x58\x20\x42\x4F\x4F\x54\x00\x00\x00\x00\x00\x56\x31\x2E\x30'
# sha2-256 of stage2_40020000.bin
header += sha256(stage2)
# todo: s2_dst, hardcoded :\
header += b'\x00\x00\x02\x40'
# s2_size
header += struct.pack('I', len(stage2))
# s2_enc
header += struct.pack('I', 1)
# add 0x10 padding
header += b'\x00' * 0x10
# s3_size, hardcoded :\
header += b'\x50\x2B\xED\x00'
# 0x90 padding
header += b'\x00' * 0x90
# sha2_hdr
sha256 = hashlib.new('sha256')
sha256.update(header)
header += sha256.digest()
# write header
boot.write(header)
# encrypt stage2
s2_key = unhexlify("47E6BFB05965ABCD00E2EE4DDF540261")
s2_ctr = unhexlify("8E4C7889CBAE4A3D64797DDA84BDB086")
boot.write(aes_ctr_dec(stage2, s2_key, s2_ctr))
# encrypt data
data_key = unhexlify("030D865B7E458B10AD5706F6E227F4EB")
data_ctr = unhexlify("AFFC93692EBD2E3D252339F01E03416B")
boot.write(aes_ctr_dec(data, data_key, data_ctr))
# encrypt fb
fb_key = unhexlify("E2AC05206A701C9AA514D2B2B7C9F395")
fb_ctr = unhexlify("46FAB59AF0E469EF116614DEC366D15F")
boot.write(aes_ctr_dec(fb, fb_key, fb_ctr))
# encrypt arm64
arm64_key = unhexlify("35D8FFC4AA1BAB9514825EB0658FB493")
arm64_ctr = unhexlify("C38EA26FF3CCE98FD8D5ED431D9D5B94")
boot.write(aes_ctr_dec(arm64, arm64_key, arm64_ctr))
# write the unencrypted part from original boot.dat 0x571e20
with open('boot.dat', 'rb') as fh:
fh.seek(0x571E20, 0)
boot.write(fh.read())
boot.close()
Raw
tx_unpack_data.py
'''
based on the work of:
- hexkyz https://gist.github.com/hexkyz/d5b3f5b1700b507b41e7fc1dc12e8dfd
i just made it python3 compatible and recallable (toggle_data_encryption)
'''
from Crypto.Cipher import AES
from Crypto.Util import Counter
import struct
from binascii import hexlify, unhexlify
def aes_ctr_dec(buf, key, iv):
ctr = Counter.new(128, initial_value=int(hexlify(iv), 16))
return AES.new(key, AES.MODE_CTR, counter=ctr).encrypt(buf)
def toggle_data_encryption(data_input, data_output):
f = open(data_input, "rb")
b = f.read()
f.close()
f = open(data_output, "wb")
f.write(b)
key = unhexlify("C46F64F4BEC6FC861BCF2ADFFBE76FA0")
ctr = unhexlify("4eee0b42904e8f29c30e8696782c0bef")
off = 0x000041C0
size = 0xEB0
base = 0x803041C0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("60a4c99ce6a9e0226e4a0209456a9328")
off = 0x00005080
size = 0x1180
base = 0x80305080
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("df9bfebecf655ba19f4ede67b30dee19")
off = 0x00006200
size = 0xD0
base = 0x80306200
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("daa15a79a2855e4dfa855f8d996e9d05")
off = 0x000062D0
size = 0x1AC0
base = 0x803062D0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("4837ad9727e434fc373805cd1a12f4ed")
off = 0x00007D90
size = 0xC0
base = 0x80307D90
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("c262cdc0dc121d93ab74d12830d4861b")
off = 0x00007E50
size = 0x10
base = 0x80307E50
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("d48dcefe99ee6bacc825b2965badd602")
off = 0x00007E60
size = 0x1750
base = 0x80307E60
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("8673ba15ca2d044931895dd6072cd83f")
off = 0x000095B0
size = 0x1040
base = 0x803095B0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("11094aae72d1acd3e3a629c607b6bec4")
off = 0x0000A5F0
size = 0x20D0
base = 0x8030A5F0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("d1185dbfc3d0febe7c79f41ca90e684e")
off = 0x0000C6C0
size = 0x1200
base = 0x8030C6C0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("0d62481344457432ca9bb9bf367b3625")
off = 0x0000D8D0
size = 0x910
base = 0x8030D8D0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("19af19db73ed5b75dabb7e378e28bdc7")
off = 0x0000E1E0
size = 0x10
base = 0x8030E1E0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("b0ca69543d782eef2a0c74dcd0bdf627")
off = 0x0000E1F0
size = 0xF20
base = 0x8030E1F0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("620d1ef950ffa26215ad5f8dc5abf4fc")
off = 0x0000F110
size = 0x2610
base = 0x8030F110
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("efbe1eba3f52b106ccf72f711f6cb4cd")
off = 0x00011720
size = 0x1AD0
base = 0x80311720
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("f73df8b089bfa4ef793ba8f9e1640cc2")
off = 0x000133E0
size = 0x550
base = 0x803133E0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("6fb50ce1b52a9382746b89f0eb7346fd")
off = 0x00013930
size = 0x74080
base = 0x80313930
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("e5dc1d1386b010b6aaf30b012d8590de")
off = 0x000879B0
size = 0x1750
base = 0x803879B0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("d0cf7b4d2de23f99d814919fa7aaa415")
off = 0x00089100
size = 0xF10
base = 0x80389100
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("997e1f35d91e46153871716100c22a3b")
off = 0x0008A170
size = 0x390
base = 0x8038A170
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("cb602ed97bcce90037ff9775f2531797")
off = 0x0008A570
size = 0xC10
base = 0x8038A570
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("b4c070685bc38dfc9d36e03e1791a571")
off = 0x0008B180
size = 0x2EA0
base = 0x8038B180
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("4fbd6897ef42d7d226c188e8188ceef2")
off = 0x0008E020
size = 0x1260
base = 0x8038E020
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("f849113d88223533ebd8161637897bdc")
off = 0x0008F280
size = 0x1F0
base = 0x8038F280
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("2014efbb5ae7603a03f6fcfcf63a2a79")
off = 0x0008F470
size = 0xCA0
base = 0x8038F470
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("fd89008534f58104d3ed2940d5a4723e")
off = 0x00090110
size = 0xEA0
base = 0x80390110
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("e789690bf5b9f4bb14ad17dc2722ac5b")
off = 0x00091F40
size = 0xF0
base = 0x80391F40
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("c966f2d49111175783eb90d5d90dac1f")
off = 0x00092030
size = 0x10
base = 0x80392030
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("ab3c0dc07bfa4f9bfcd2fa7892a1bab1")
off = 0x00092040
size = 0x4B0
base = 0x80392040
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("b34c9baca093d3cae6442a5ff0e9ef11")
off = 0x000924F0
size = 0x4C0
base = 0x803924F0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("e7574a5e0376370c8fb4d1337d4c0299")
off = 0x00092CD0
size = 0x8C0
base = 0x80392CD0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("2d9ae5a5f45a5a06d20949464b7780a5")
off = 0x00093590
size = 0x60
base = 0x80393590
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("f88041a47bcdf83c9cbaf880a52b8eb9")
off = 0x000935F0
size = 0x1E0
base = 0x803935F0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("d4b526ff77c298676bb4d3400a969a71")
off = 0x00094C90
size = 0x4430
base = 0x80394C90
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("34d3b24fdd8138e725d629bd6af09a04")
off = 0x00099150
size = 0x1A60
base = 0x80399150
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("70540efc53f2238659f5aa681325d1b2")
off = 0x0009ABB0
size = 0x6D0
base = 0x8039ABB0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("2dc9e997160f4bc3dfe59aeff6fdd756")
off = 0x0009B280
size = 0x14A0
base = 0x8039B280
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("a1e338da7b1988a8eeb35bb9b5629398")
off = 0x0009C720
size = 0x10
base = 0x8039C720
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("031d04c9e9e3a6058d01d4c97190751a")
off = 0x0009C730
size = 0x798C0
base = 0x8039C730
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("68ff2e7767085f60eae528b2d42934d7")
off = 0x001161E0
size = 0x11D0
base = 0x804161E0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("809976e2aefdcbd8fa7aca85b1431eb5")
off = 0x001173B0
size = 0x3830
base = 0x804173B0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("efaf4c358eba733dbc986d4310b07280")
off = 0x0011ABE0
size = 0x2A0
base = 0x8041ABE0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("27351d53e945cfda7a1fb9232c2ff6e6")
off = 0x0011AE80
size = 0x150
base = 0x8041AE80
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("109dff223360801f322033ea1d1b70ef")
off = 0x0011CD80
size = 0x4C0
base = 0x8041CD80
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("82f41ac0a99cf5be766d2dde5008d517")
off = 0x0011D240
size = 0x20
base = 0x8041D240
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("c6b3cff51f01b497abce68b5b6fddb29")
off = 0x0011D260
size = 0x36A0
base = 0x8041D260
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("f7f5e2c70043db7d67b4f4c30bf68f41")
off = 0x00120900
size = 0x560
base = 0x80420900
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("7cdcee2f726368a34a221500d9721ff1")
off = 0x00120E60
size = 0x2790
base = 0x80420E60
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("ee1950a051938696818a25593381cb00")
off = 0x00123610
size = 0x1120
base = 0x80423610
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("f82493ea721a68e59d4d5361ad1137c7")
off = 0x00124730
size = 0xC20
base = 0x80424730
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("5e7184cd286156e5e06d654ce12924d7")
off = 0x00125350
size = 0x1280
base = 0x80425350
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("d03c35cdfe6e0b109c4c8f230926dc0c")
off = 0x001265D0
size = 0x1A0
base = 0x804265D0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("c35d5de8839ad195cc89dc4eecd2744a")
off = 0x00126770
size = 0x1B20
base = 0x80426770
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("9047ee016ca5a05ba5a44e945911d1d2")
off = 0x00128290
size = 0x110
base = 0x80428290
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("b51b538fc3f18d7d076ca42b8925a28c")
off = 0x001283A0
size = 0x10
base = 0x804283A0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("2cba6526dad9b809c12671c59521c531")
off = 0x001283B0
size = 0x47F0
base = 0x804283B0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("dcaa3b88e2a23aa7a871bdde040325bf")
off = 0x0012CBB0
size = 0x2FD0
base = 0x8042CBB0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("a4e2d28b4900f732a8a33a1b15e1c289")
off = 0x0012FB80
size = 0x8C0
base = 0x8042FB80
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("c5f60b049dfba15773f3879c8ba36aae")
off = 0x001307E0
size = 0x1CC0
base = 0x804307E0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("0a810e7cb229c2d5c2b5dc94e0c034b8")
off = 0x001324A0
size = 0x1030
base = 0x804324A0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("6795c793e18652a0c23003d85ec38f66")
off = 0x001334D0
size = 0xF30
base = 0x804334D0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("3cb5909a61e126ac5a97361f64a70f6d")
off = 0x00134400
size = 0x1AB0
base = 0x80434400
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("5793559de55bc447a2a621c99e5ac33a")
off = 0x00136130
size = 0x540
base = 0x80436130
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("ca82a08d9cf418b28047aab85e323290")
off = 0x00136750
size = 0x10
base = 0x80436750
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("8dd026863438c5501969b8c175827d2d")
off = 0x00136760
size = 0x10
base = 0x80436760
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("6d90648d7f0d6b68e24d1d37d22ee379")
off = 0x00136770
size = 0x10
base = 0x80436770
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("4557911c9f1682ca656f26c0ce9cdf7e")
off = 0x00136840
size = 0x1120
base = 0x80436840
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("4cfb5899cbe32e3d0a58ee7db89190fb")
off = 0x00137BE0
size = 0x820
base = 0x80437BE0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("9bccfbbcec3624cc7255f59a59d16636")
off = 0x00138400
size = 0x190
base = 0x80438400
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("cbae5af8a956efdeaf7e4b513c1cb14f")
off = 0x00138590
size = 0xEB0
base = 0x80438590
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("005192eea7ad85810d56c33e070aaf44")
off = 0x00139440
size = 0x10
base = 0x80439440
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("ad276a1735f8c0a889110be59e8b6f67")
off = 0x00139450
size = 0x10
base = 0x80439450
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("dbeb7217b54af2c4624fc86f6e050e4d")
off = 0x00139460
size = 0x1720
base = 0x80439460
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("f1e428b09d900cf07a0802000449f389")
off = 0x0013ABA0
size = 0x970
base = 0x8043ABA0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("570546c33fdd2db43329c70e016289b7")
off = 0x0013B510
size = 0x2280
base = 0x8043B510
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("ca62a2fb470ed21d7fd71f14b05eff03")
off = 0x0013D790
size = 0x910
base = 0x8043D790
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("42a60072a701d45128913715f468edf5")
off = 0x0013E0A0
size = 0x2150
base = 0x8043E0A0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("0eb85ca97b4ba0bf92f4badb8a6c8056")
off = 0x001401F0
size = 0x870
base = 0x804401F0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("0c2fb5048a4665ad9618fe79b21a9f1f")
off = 0x00141720
size = 0x1F0
base = 0x80441720
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("04504a1b324dbcdbecec4e3279f69972")
off = 0x00141910
size = 0xF20
base = 0x80441910
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("6b0f5e6cadec7253c168ea1cb2ef7a84")
off = 0x00142830
size = 0x11E0
base = 0x80442830
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("1349fd7e59634d36e9c8ae3cef006382")
off = 0x00143A10
size = 0x260
base = 0x80443A10
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("80d001979fdb50448203fac68e75775f")
off = 0x00143C70
size = 0xB80
base = 0x80443C70
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("b920f9e8ce18c7c084a0ddf9bd5a71e1")
off = 0x001447F0
size = 0x1C0
base = 0x804447F0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("a4c44d541d76467404ea89c4fa7140d8")
off = 0x001449B0
size = 0x10
base = 0x804449B0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("ee584d31e48f6bfcd6d3271044dc8355")
off = 0x001449C0
size = 0x7D0
base = 0x804449C0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("cc94d61f5da2967caeefbdef50071a3e")
off = 0x00145190
size = 0xD0
base = 0x80445190
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("53be020996839dcf23596688d12050cc")
off = 0x00145260
size = 0x30A0
base = 0x80445260
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("c9fff23c710689480356bfde8c972716")
off = 0x00148300
size = 0x4B0
base = 0x80448300
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
ctr = unhexlify("29d9425b63ec734e08d14acc55c6d2d1")
off = 0x001487D0
size = 0x8B0
base = 0x804487D0
f.seek(off)
f.write(aes_ctr_dec(b[off:off+size], key, ctr))
f.close()
if __name__ == '__main__':
toggle_data_encryption('data_80000000.bin', 'data_80300000.bin')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment