Talk:Boot.efi Information

From AwkwardTV

Jump to: navigation, search

So, has any effort been made to decypher the checksum? That seems to be the missing link to a lot of stuff (Patchstick, Linux, etc) being made freely available without concern of copyright issues. Timdorr

RSA 1024bit signed?

(sorry for my poor English)

I found that each section have 32+256+256 bytes optional data, from 0x23de8(first section) 0x48e30(second section).

boot.efi(appletv)
0x23de8-0x23e07 fingerprint of public key (sha-256 of public key+?)
0x23e08-0x23f07 public key, 1024 bit, little-endian => n
0x23f08-0x24007 signature,  1024 bit, little-endian => a

I calculated RSA b= a^65537 mod n, it generates

b= (little endian)
70 fa 16 88 f7 26 d4 3c cd fe 9d 86 99 d8 65 b6
21 98 5b 0d 7a 3f b7 53 38 0b f9 31 91 56 21 bb
20 04 00 05 01 02 04 03 65 01 48 86 60 09 06 0d
30 31 30 00 ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
ff ff ff ff ff ff ff ff ff ff ff ff ff ff 01
b= (little endian, second section)
9f 88 ad cf ca e5 91 dc 9e 87 c4 90 64 4e c2 29
ad 4f 13 7e 00 02 64 bb 1a 43 ca cc 6a 2e 8a 37
20 04 00 05 01 02 04 03 65 01 48 86 60 09 06 0d
30 31 30 00 ff ff ff ff ff ff ff ff ff ff ff ff ....

I think these bytes consist from

  • 32bytes are SHA-256 checksum of PE executable
  • 19bytes (30 31 30 0d 06... in big endian) are prefix for RSA/SHA-256,
see PKCS 2.1 (rfc3447) for detail.
  • rests are stuffing bytes

Here is a program to display above bytes:

// g++ checkefi.cc -o checkefi -lssl
#include <stdio.h>
#include <stdlib.h>
#include <openssl/bn.h>
unsigned char * fileread(char fname[], int ofs, int sz)
{
  FILE *fp= fopen(fname, "r");
  if(fp==0) perror(fname), exit(1);
  fseek(fp, ofs, SEEK_SET);
  unsigned char* buf= (unsigned char*)malloc(sz);
  fread(buf, 1, sz, fp);
  fclose(fp);
  for(int i= sz/2; --i>=0;) { //little endian->big endian
    unsigned char c= buf[i]; buf[i]= buf[sz-1-i]; buf[sz-1-i]= c;
  }
  return buf;
}
main()
{
  BIGNUM *e= BN_new(), *n= BN_new(), *a= BN_new(), *b= BN_new();
  BN_set_word(e, 65537);
  BN_bin2bn(fileread("boot.efi", 0x23e08, 0x100), 0x100, n);
  BN_bin2bn(fileread("boot.efi", 0x23f08, 0x100), 0x100, a);
  BN_mod_exp(b, a, e, n, BN_CTX_new());
  unsigned char buf[1000];
  int sz= BN_bn2bin(b, buf);
  for(int i= 0; i<sz; i++) { //big endian->little endian
    printf("%02x ", buf[sz-1-i]);
    if(i%16==15) printf("\n");
  }
  printf("\n");
}

So, it is impossible to make a homebrew boot.efi.

Zoroyoshi

Personal tools