Skip to content

Instantly share code, notes, and snippets.

@qdot

qdot/gist:e47ea8901dbe59f2e68048cd39af1e4b

Last active October 9, 2018 20:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save qdot/e47ea8901dbe59f2e68048cd39af1e4b to your computer and use it in GitHub Desktop.
Save qdot/e47ea8901dbe59f2e68048cd39af1e4b to your computer and use it in GitHub Desktop.
Download ZIP
2B Firmware Decryption
Raw
gistfile1.js
const fs = require("fs");
function decryptWithRC4Key(arr, block) {
let out_arr = [];
let previous_val = 0;
let b = 0;
for (let i = 0; i < arr.length; ++i) {
let a = (i + 1) % 256;
b = ((b + block[a]) % 256);
[block[a], block[b]] = [block[b], block[a]];
let c = block[(block[a] + block[b]) % 256] ^ block[b] ^ arr[i];
out_arr.push(c);
}
return out_arr;
}
function createRC4Key() {
let key = "2012E5-T1mSyst3MFirmware".split("").map(x => x.charCodeAt() );
let block = [...Array(256).keys()];
if (key.length > block.length) {
throw new Error("Key must be shorter than block");
}
let new_index = 0;
for (let i = 0; i < block.length; ++i) {
new_index += block[i] + key[i % key.length];
new_index %= block.length;
[block[i], block[new_index]] = [block[new_index], block[i]];
}
return block;
}
function decryptFile() {
let xorblock = createRC4Key();
let fw = fs.readFileSync("2B106.2bfx");
//let fw = fs.readFileSync("bootloader14.2bfx");
let fwarr = [...fw];
let buf = new Buffer(decryptWithRC4Key(fwarr, xorblock));
fs.writeFileSync("fw.hex", buf);
}
decryptFile();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment