Last active
October 9, 2018 20:49
-
-
Save qdot/e47ea8901dbe59f2e68048cd39af1e4b to your computer and use it in GitHub Desktop.
2B Firmware Decryption
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fs = require("fs"); | |
| function decryptWithRC4Key(arr, block) { | |
| let out_arr = []; | |
| let previous_val = 0; | |
| let b = 0; | |
| for (let i = 0; i < arr.length; ++i) { | |
| let a = (i + 1) % 256; | |
| b = ((b + block[a]) % 256); | |
| [block[a], block[b]] = [block[b], block[a]]; | |
| let c = block[(block[a] + block[b]) % 256] ^ block[b] ^ arr[i]; | |
| out_arr.push(c); | |
| } | |
| return out_arr; | |
| } | |
| function createRC4Key() { | |
| let key = "2012E5-T1mSyst3MFirmware".split("").map(x => x.charCodeAt() ); | |
| let block = [...Array(256).keys()]; | |
| if (key.length > block.length) { | |
| throw new Error("Key must be shorter than block"); | |
| } | |
| let new_index = 0; | |
| for (let i = 0; i < block.length; ++i) { | |
| new_index += block[i] + key[i % key.length]; | |
| new_index %= block.length; | |
| [block[i], block[new_index]] = [block[new_index], block[i]]; | |
| } | |
| return block; | |
| } | |
| function decryptFile() { | |
| let xorblock = createRC4Key(); | |
| let fw = fs.readFileSync("2B106.2bfx"); | |
| //let fw = fs.readFileSync("bootloader14.2bfx"); | |
| let fwarr = [...fw]; | |
| let buf = new Buffer(decryptWithRC4Key(fwarr, xorblock)); | |
| fs.writeFileSync("fw.hex", buf); | |
| } | |
| decryptFile(); | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment