Author Topic: Signing Programatically  (Read 8028 times)

0 Members and 2 Guests are viewing this topic.

SirCmpwn

  • Guest
Signing Programatically
« on: December 31, 2010, 08:56:52 pm »
Hello,
How would I programmatically sign an app or OS?

Offline calcdude84se

  • Needs Motivation
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2272
  • Rating: +78/-13
  • Wondering where their free time went...
    • View Profile
Re: Signing Programatically
« Reply #1 on: December 31, 2010, 08:59:16 pm »
Programmatically? What exactly do you mean? There is RabbitSign if you need a program.
"People think computers will keep them from making mistakes. They're wrong. With computers you make mistakes faster."
-Adam Osborne
Spoiler For "PartesOS links":
I'll put it online when it does something.

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: Signing Programatically
« Reply #2 on: December 31, 2010, 08:59:57 pm »
Moved to calc help since this isn't exclusively KOS-related

SirCmpwn

  • Guest
Re: Signing Programatically
« Reply #3 on: December 31, 2010, 09:07:30 pm »
How does RabbitSign work, I mean.

Offline calcdude84se

  • Needs Motivation
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2272
  • Rating: +78/-13
  • Wondering where their free time went...
    • View Profile
Re: Signing Programatically
« Reply #4 on: December 31, 2010, 09:16:48 pm »
It takes an unsigned .8xu and signs it. For an idea of how it works (and what other tools you need), you can look at my build script here
Relevant lines:
Quote
..\tools\ostools-0.1\multihex 00 "Page $00.hex" 1D "Page $1D.hex" > os.hex
..\tools\ostools-0.1\packxxu os.hex -o os84.8xu -t 83p -q 0A -v 0.01 -h 255
..\tools\rabbitsign\rabbitsign -t 8xu -k ..\tools\keys\0A.key -K 0A -g -p -r os84.8xu
multihex (part of OS Tools) takes alternating page numbers and hex files for each page and generates a hex file for the whole OS.
packxxu, also from OS Tools, takes the unsigned hex file, a key ID, and a couple other things and generates an unsigned .8xu
rabbitsign, linked above, takes the key and the unsigned .8xu file and produces a signed one.
"People think computers will keep them from making mistakes. They're wrong. With computers you make mistakes faster."
-Adam Osborne
Spoiler For "PartesOS links":
I'll put it online when it does something.

SirCmpwn

  • Guest
Re: Signing Programatically
« Reply #5 on: December 31, 2010, 09:17:49 pm »
That's what it *does,* I want to know how it does it.

Offline calcdude84se

  • Needs Motivation
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2272
  • Rating: +78/-13
  • Wondering where their free time went...
    • View Profile
Re: Signing Programatically
« Reply #6 on: December 31, 2010, 09:43:58 pm »
As in, to write a tool yourself? Rabbitsign is opensource (written in C), so you could look at the source. I don't know the details, sorry :/
« Last Edit: December 31, 2010, 09:44:10 pm by calcdude84se »
"People think computers will keep them from making mistakes. They're wrong. With computers you make mistakes faster."
-Adam Osborne
Spoiler For "PartesOS links":
I'll put it online when it does something.

SirCmpwn

  • Guest
Re: Signing Programatically
« Reply #7 on: December 31, 2010, 11:08:34 pm »
That's what I'm planning, for tiDE.  Thanks for the help :)

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Signing Programatically
« Reply #8 on: December 31, 2010, 11:09:47 pm »
I think it uses the rabin Algorithm, yes?

SirCmpwn

  • Guest
Re: Signing Programatically
« Reply #9 on: December 31, 2010, 11:10:32 pm »
Where is that algorithm documented?

Offline DJ Omnimaga

  • Clacualters are teh gr33t
  • CoT Emeritus
  • LV15 Omnimagician (Next: --)
  • *
  • Posts: 55943
  • Rating: +3154/-232
  • CodeWalrus founder & retired Omnimaga founder
    • View Profile
    • Dream of Omnimaga Music
Re: Signing Programatically
« Reply #10 on: December 31, 2010, 11:18:12 pm »
From BrandonW on IRC

Quote
[23:14:25] <+BrandonW> A signature is an RSA-encrypted MD5 hash of the data you're wanting to sign.
[23:14:54] <+BrandonW> So you just MD5 hash the contents, and then encrypt it with 512-bit RSA using the private key associated with the ID you're wanting to sign with.
[23:15:15] <+BrandonW> So for example, to sign an OS with the 04 key, you take the 04 private key and use it to encrypt the MD5 hash of the OS.

SirCmpwn

  • Guest
Re: Signing Programatically
« Reply #11 on: December 31, 2010, 11:30:30 pm »
Oh, okay.  And where does the signature data go?

Offline jnesselr

  • King Graphmastur
  • LV11 Super Veteran (Next: 3000)
  • ***********
  • Posts: 2270
  • Rating: +81/-20
  • TAO == epic
    • View Profile
Re: Signing Programatically
« Reply #12 on: December 31, 2010, 11:36:19 pm »
At the en of the file, iirc. I believe you can use rabbitsign to see if the hash is correct. Md5 hashes are implemented in most popular languages.

Offline BrandonW

  • LV4 Regular (Next: 200)
  • ****
  • Posts: 115
  • Rating: +38/-1
    • View Profile
Re: Signing Programatically
« Reply #13 on: December 31, 2010, 11:37:55 pm »
That's a pretty loaded question and would take a while to answer. At the risk of sounding rude, I would recommend reading the source to see where it puts the signature after it calculates it ("MD5" and "Rabin"/"RSA" are things to look for to find where it calculates the signature and then does something with it).

SirCmpwn

  • Guest
Re: Signing Programatically
« Reply #14 on: January 01, 2011, 12:12:08 am »
Thanks, will do.