kopia lustrzana https://github.com/conorpp/u2f-zero
add support for using EFMUB1 bootloader and disabling it. no programmer needed
rodzic
4f0a6eb1e8
commit
8931b3205b
|
@ -38,11 +38,15 @@
|
|||
#define U2F_MASTER_KEY_SLOT 1
|
||||
#define U2F_TEMP_KEY_SLOT 2
|
||||
|
||||
// Uncomment these to fit firmware with a bootloader.
|
||||
#define U2F_SUPPORT_WINK
|
||||
#define U2F_SUPPORT_HID_LOCK
|
||||
#define U2F_SUPPORT_RNG_CUSTOM
|
||||
#define U2F_SUPPORT_SEED_CUSTOM
|
||||
|
||||
// Uncomment this to make configuration firmware
|
||||
//#define ATECC_SETUP_DEVICE
|
||||
|
||||
//#define U2F_PRINT
|
||||
//#define U2F_BLINK_ERRORS
|
||||
|
||||
|
@ -116,6 +120,8 @@ struct APP_DATA
|
|||
#define U2F_CONFIG_LOAD_TRANS_KEY 0x85
|
||||
#define U2F_CONFIG_LOAD_WRITE_KEY 0x86
|
||||
#define U2F_CONFIG_LOAD_ATTEST_KEY 0x87
|
||||
#define U2F_CONFIG_BOOTLOADER 0x88
|
||||
#define U2F_CONFIG_BOOTLOADER_DESTROY 0x89
|
||||
|
||||
struct config_msg
|
||||
{
|
||||
|
|
|
@ -39,8 +39,6 @@ uint8_t custom_command(struct u2f_hid_msg * msg)
|
|||
struct atecc_response res;
|
||||
uint8_t ec;
|
||||
|
||||
if (msg->cid != U2FHID_BROADCAST) return 0;
|
||||
|
||||
switch(msg->pkt.init.cmd)
|
||||
{
|
||||
#ifdef U2F_SUPPORT_RNG_CUSTOM
|
||||
|
@ -80,6 +78,29 @@ uint8_t custom_command(struct u2f_hid_msg * msg)
|
|||
|
||||
break;
|
||||
#endif
|
||||
case U2F_CONFIG_BOOTLOADER:
|
||||
|
||||
atecc_send_recv(ATECC_CMD_READ,
|
||||
ATECC_RW_DATA, ATECC_EEPROM_DATA_SLOT(8), NULL, 0,
|
||||
appdata.tmp, sizeof(appdata.tmp), &res);
|
||||
|
||||
if (res.buf[0] == 0xff)
|
||||
{
|
||||
*((uint8_t SI_SEG_DATA *)0x00) = 0xA5;
|
||||
RSTSRC = RSTSRC_SWRSF__SET | RSTSRC_PORSF__SET;
|
||||
}
|
||||
|
||||
|
||||
break;
|
||||
case U2F_CONFIG_BOOTLOADER_DESTROY:
|
||||
|
||||
memset(appdata.tmp,0,4);
|
||||
|
||||
atecc_send_recv(ATECC_CMD_WRITE,
|
||||
ATECC_RW_DATA, ATECC_EEPROM_DATA_SLOT(8), appdata.tmp, 4,
|
||||
appdata.tmp, sizeof(appdata.tmp), &res);
|
||||
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -143,7 +143,7 @@ int16_t main(void) {
|
|||
int8_t grad_inc = 0;
|
||||
int8_t ii;
|
||||
data uint8_t xdata * clear = 0;
|
||||
int8_t i;
|
||||
data int8_t i;
|
||||
|
||||
enter_DefaultMode_from_RESET();
|
||||
rgb_hex(0);
|
||||
|
|
|
@ -64,6 +64,8 @@ class commands:
|
|||
U2F_CONFIG_LOAD_TRANS_KEY = 0x85
|
||||
U2F_CONFIG_LOAD_WRITE_KEY = 0x86
|
||||
U2F_CONFIG_LOAD_ATTEST_KEY = 0x87
|
||||
U2F_CONFIG_BOOTLOADER = 0x88
|
||||
U2F_CONFIG_BOOTLOADER_DESTROY = 0x89
|
||||
|
||||
U2F_CUSTOM_RNG = 0x21
|
||||
U2F_CUSTOM_SEED = 0x22
|
||||
|
@ -82,6 +84,8 @@ if len(sys.argv) not in [2,3,4,5,6]:
|
|||
print(' wipe: wipe all registered keys on U2F Zero. Must also press button 5 times. Not reversible.')
|
||||
print(' list: list all connected U2F Zero tokens.')
|
||||
print(' wink: blink the LED')
|
||||
print(' bootloader: put device in bootloader mode')
|
||||
print(' bootloader-destroy: permanently disable the bootloader')
|
||||
sys.exit(1)
|
||||
|
||||
def open_u2f(SN=None):
|
||||
|
@ -198,10 +202,10 @@ def do_configure(h,pemkey,output):
|
|||
|
||||
time.sleep(0.250)
|
||||
|
||||
h.write([0,commands.U2F_CONFIG_GENKEY])
|
||||
data = read_n_tries(h,5,64,1000)
|
||||
data = array.array('B',data).tostring()
|
||||
pubkey = binascii.hexlify(data)
|
||||
#h.write([0,commands.U2F_CONFIG_GENKEY])
|
||||
#data = read_n_tries(h,5,64,1000)
|
||||
#data = array.array('B',data).tostring()
|
||||
#pubkey = binascii.hexlify(data)
|
||||
|
||||
wkey = [random.randint(0,255)&0xff for x in range(0,32)]
|
||||
rkey = [random.randint(0,255)&0xff for x in range(0,32)]
|
||||
|
@ -212,6 +216,7 @@ def do_configure(h,pemkey,output):
|
|||
|
||||
|
||||
wkey = get_write_mask(''.join([chr(x) for x in wkey]))
|
||||
print('wkey',wkey)
|
||||
rkey = get_write_mask(''.join([chr(x) for x in rkey]))
|
||||
|
||||
|
||||
|
@ -232,10 +237,26 @@ def do_configure(h,pemkey,output):
|
|||
|
||||
|
||||
print('writing keys to ', output)
|
||||
print(data)
|
||||
open(output,'w+').write(pubkey +'\n' + wkey + '\n' + rkey)
|
||||
open(output,'w+').write(wkey + '\n' + rkey)
|
||||
|
||||
print( 'Done. Putting device in bootloader mode.')
|
||||
h.write([0,commands.U2F_CONFIG_BOOTLOADER])
|
||||
data = read_n_tries(h,5,64,1000)
|
||||
if data[1] != 1:
|
||||
die('failed to put device in bootloader mode.')
|
||||
|
||||
def bootloader(h):
|
||||
h.write([0,commands.U2F_CONFIG_BOOTLOADER])
|
||||
h.write([0,0xff,0xff,0xff,0xff,commands.U2F_CONFIG_BOOTLOADER])
|
||||
print('If this device has an enabled bootloader, the LED should be turned off.')
|
||||
|
||||
|
||||
def bootloader_destroy(h):
|
||||
h.write([0,commands.U2F_CONFIG_BOOTLOADER_DESTROY])
|
||||
h.write([0,0xff,0xff,0xff,0xff,commands.U2F_CONFIG_BOOTLOADER_DESTROY])
|
||||
print('Device bootloader mode removed. Please double check by running bootloader command.')
|
||||
|
||||
|
||||
print( 'Done')
|
||||
|
||||
|
||||
|
||||
|
@ -335,6 +356,12 @@ if __name__ == '__main__':
|
|||
elif action == 'wink':
|
||||
h = open_u2f(SN)
|
||||
do_wink(h)
|
||||
elif action == 'bootloader':
|
||||
h = open_u2f(SN)
|
||||
bootloader(h)
|
||||
elif action == 'bootloader-destroy':
|
||||
h = open_u2f(SN)
|
||||
bootloader_destroy(h)
|
||||
else:
|
||||
print( 'error: invalid action: ', action)
|
||||
sys.exit(1)
|
||||
|
|
Ładowanie…
Reference in New Issue