[原创]wibu软授权(四)
2022-12-30 21:53:15 Author: bbs.pediy.com(查看原文) 阅读量:44 收藏

本篇讲解如何使用CmAct私钥来解析RAU和DYN文件

  • python3
  • RAU文件或DYN文件
  • asn1tools
  • Ubuntu 18.04
  • CodeMeter Runtime 6.60

本来,我也想用RAU文件作为例子的,但是RAU文件对应的wbc文件还差一个系统特征没有对上,导致我没有办法获得CmAct证书的私钥,也就没有办法去解析RAU文件。

实际的机器也不在我手上,没有办法通过调试来查找原因,所以先用DYN文件作为例子,这个问题有空再解决。

DYN文件最容易获得,所以本文将以DYN文件为例。

DYN文件在每次导入LIC文件时都会产生一份新的,所以可以在虚拟机环境下也可以获取。

DYN文件和RAU文件的结构类似,所以解析DYN文件的过程同样能用于RAU文件。

获取私钥

本节从头演示在虚拟机中导入LIF、生成wbc和DYN文件、获取私钥的过程:

当前环境一览:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

> uname -a

Linux ubuntu 5.4.0-132-generic

> cmu -v

cmu - CodeMeter Universal Support Tool.

Version 6.60 of 2017-Dec-18 (Build 2869) for Linux

Copyright (C) 2007-2017 by WIBU-SYSTEMS AG. All rights reserved.

Operating System:

 Name:         Ubuntu 18.04.6 LTS (Kernel 5.4.0-132-generic)

 Architecture: x86_64

Current system user:

 username:                mjs

 domain:                 

RunTime version information:

 cmu:                     6.60.2869.500 2017-12-18

 CodeMeter-Service:       6.60.2869.500 2017-12-18

 CodeMeterAct:            6.60.2869.500 2017-12-18

 Library:                 6.60.2869.500 2017-12-18

Installed file version information:

 CodeMeter-Service:              6.60.2869.500 2017-12-18 (64bit)

 CodeMeterCC:                    6.60.2869.500 2017-12-18 (64bit)

 codemeter-info:                 6.60.2869.500 2017-12-18 (64bit)

 cmu:                            6.60.2869.500 2017-12-18 (64bit)

 CM Lib (/usr/lib/i386-linux-gnu):  6.60.2869.500 2017-12-18 (32bit)

 CM Lib (/usr/lib/x86_64-linux-gnu):  6.60.2869.500 2017-12-18 (64bit)

Note on libusb program library used on Linux-operating systems by

CodeMeter License Server:

The programming library serves to read and write USB devices. The code is

licensed under the GNU Lesser General Public License (LGPL) Version 2.1.

Call cmu --licensing-terms to view it.

The code of the programming library libusb can be downloaded at the project

website http://www.libusb.org/. On request the source can also be electronically

如果在虚拟机里导入LIF,则最好清除一遍中间文件,这样不会把新生成的中间文件和之前的弄混。

注意,如果在实体机上操作,不要清除中间文件,否则你的之前授权将无法正常工作。

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

> sudo rm /var/lib/CodeMeter/CmAct/* -f

> cmu -i -f dji_aeroscope_pro.WibuCmLIF

cmu - CodeMeter Universal Support Tool.

Version 6.60 of 2017-Dec-18 (Build 2869) for Linux

Copyright (C) 2007-2017 by WIBU-SYSTEMS AG. All rights reserved.

The file contains 1 Update:

  CmActLtLicense binding information: FirmCode 6000316

Execute Update ...

The file contains 1 Update:

  CmActLtLicense update: Serial number 130-1021612743, FirmCode 6000316.

   --> successful

1 successful update done

> cmu -c 6000316 -s130-1021612743 -f update-130-1021612743.WibuCmRaC

cmu - CodeMeter Universal Support Tool.

Version 6.60 of 2017-Dec-18 (Build 2869) for Linux

Copyright (C) 2007-2017 by WIBU-SYSTEMS AG. All rights reserved.

Write CmFAS for 130-1021612743 for FirmItem 6000316

> cp /var/lib/CodeMeter/CmAct . -r

备份好wbc文件后,就可以尝试获取私钥。

在test.py中填入wbc路径,然后运行即可,完整代码见github

wbc.py将尝试获取系统特征并与item节匹配,一旦wbc文件里的所有item节匹配成功,则可以输出私钥。

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

> python test.py

code_5001 check ok, match item_10

code_5003 check ok, match item_9

code_6001 check ok, match item_0

code_6101 check ok, match item_2

code_6103 check ok, match item_7

code_6104 check faild, not match any item

code_6105 check ok, match item_4

code_6106 check ok, match item_5

code_6107 check ok, match item_6

code_6108 check ok, match item_3

code_6109 check ok, match item_8

code_6110 check ok, match item_1

code_8001 check ok, match item_11

code_200001 check faild, not match any item

code_200002 check faild, not match any item

code_200003 check faild, not match any item

wbc id count: 12

system featue count: 16

system featue ok: 12

all wbc item check ok

part1: 2295bf3c4cdbb01a457c2955d514637074c771d7b638dbadb22a1b4a3d1a9782e661e8819f3c98945e91d7022254fc447689be8c833f732b338498e5351b32

part2: 64742897b75b86aa15e282b0b2585b7c33a11c5fc8749601d864adad327db4

part3: None

private_key: d9352ca798fde876a6c093e60bb39870ddb10e722276ab78eea3cc40

验证私钥

CmAct证书的私钥可以通过Q=dG来验证其有效性,其中Q为公钥,G为基点。

验证可以使用wibu_asn1.py的check_CmAct_key函数,但使用check_CmAct_key函数之前,需要调用解析rac_proc函数来处理RAC文件,rac_proc会解析RAC文件中的所有证书并添加到证书链中。

以下代码首先解析了RAC文件并将结果打印出来,接着调用check_CmAct_key函数来验证私钥是否与CmAct证书对应。

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

> rac_proc("testcase/update-130-1021612743.WibuCmRaC")

<container-type-specific>

  <cmact>

    <lif> A0 82 04 95 06 09 2A 86 48 86 F7 0D 01 07 02 A0 82 04 86 30 82 04 82 02 01 01 31 0D 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 81 C1 06 0A 2B 06 01 04 01 82 DB 45 02 01 A0 81 B2 FF 81 64 81 AD FF 81 21 37 DF 81 35 08 63 6D 62 6F 78 70 67 6D FF 81 25 12 DF 4E 02 00 01 DF 54 02 00 01 DF 20 05 00 00 00 00 00 FF 7A 12 DF 4E 02 00 01 DF 54 02 00 01 DF 20 05 00 00 00 00 00 FF 64 12 DF 81 32 05 00 22 8D 3B 86 DF 81 33 05 00 20 F0 EE C0 FF 7D 22 DE 18 44 00 4A 00 49 00 20 00 46 00 69 00 72 00 6D 00 43 00 6F 00 64 00 65 00 DF 72 05 00 00 5B 8E BC FF 81 08 26 DF 81 14 04 32 30 30 30 DF 7F 05 00 00 00 00 00 FF 81 00 12 FF 81 01 0E DF 1F 02 00 00 DF 81 02 05 00 00 00 00 02 FF 81 05 0A DF 81 5B 01 00 DF 81 5C 01 00 A0 82 03 30 30 82 01 78 30 82 01 28 A0 03 02 01 02 02 04 B2 D0 5E 18 30 0A 06 08 2A 86 48 CE 3D 04 03 02 30 26 31 15 30 13 06 03 55 04 0A 0C 0C 57 49 42 55 2D 53 59 53 54 45 4D 53 31 0D 30 0B 06 03 55 04 03 0C 04 52 6F 6F 74 30 1E 17 0D 31 35 30 31 30 31 30 30 30 30 30 30 5A 17 0D 33 35 31 32 33 31 32 33 35 39 35 39 5A 30 31 31 15 30 13 06 03 55 04 0A 0C 0C 57 49 42 55 2D 53 59 53 54 45 4D 53 31 18 30 16 06 03 55 04 03 0C 0F 57 69 62 75 2D 50 72 6F 64 75 63 74 69 6F 6E 30 4E 30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B 81 04 00 21 03 3A 00 04 32 37 DD 50 E5 A0 A5 A9 38 E2 88 47 36 13 12 39 26 B1 C2 FB 11 52 77 BE 21 88 45 BD A6 E0 14 EC F1 D1 99 05 8F 77 05 78 80 ED 3C C5 83 F9 EF 09 B9 E4 80 D7 8E 30 F2 4A 81 15 00 78 A4 68 59 55 F6 77 32 49 E8 57 6C 2A 5D 48 FB BB EA C6 E2 82 15 00 94 A0 F2 F5 23 80 3A 59 C6 AB 27 5E 3B B3 A2 F4 65 C2 EF 37 A3 16 30 14 30 12 06 03 55 1D 13 01 01 FF 04 08 30 06 01 01 FF 02 01 01 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 3E 00 30 3B 02 1C 32 32 36 8C C8 B1 07 01 CA B6 FA F3 B0 03 F9 0E 28 A2 64 59 48 C3 84 32 12 FD 96 C7 02 1B 75 12 AF 9B 72 60 FF 70 BE 44 D8 C9 A8 7E 74 6B CB C9 DB FB 1E 13 AD 99 63 4B B1 30 82 01 B0 30 82 01 5E A0 03 02 01 02 02 04 B2 D0 5F DC 30 0A 06 08 2A 86 48 CE 3D 04 03 02 30 31 31 15 30 13 06 03 55 04 0A 0C 0C 57 49 42 55 2D 53 59 53 54 45 4D 53 31 18 30 16 06 03 55 04 03 0C 0F 57 69 62 75 2D 50 72 6F 64 75 63 74 69 6F 6E 30 1E 17 0D 31 35 30 31 30 31 30 30 30 30 30 30 5A 17 0D 33 35 31 32 33 31 32 33 35 39 35 39 5A 30 20 31 10 30 0E 06 03 55 04 0A 0C 07 36 30 30 30 33 31 36 31 0C 30 0A 06 03 55 04 03 0C 03 4C 50 4B 30 4E 30 10 06 07 2A 86 48 CE 3D 02 01 06 05 2B 81 04 00 21 03 3A 00 04 96 63 0D AA AC CA F5 7A 0F 85 CD 46 6E 81 36 28 DE 7C A7 F8 1E 42 B6 64 41 B6 64 62 C4 EA C5 44 BE CE 27 7B F6 40 46 41 CA 81 38 1C 1C A3 CA 83 36 7A 0C 6C 71 91 1B 5B 81 15 00 94 A0 F2 F5 23 80 3A 59 C6 AB 27 5E 3B B3 A2 F4 65 C2 EF 37 82 15 00 6F CC 87 03 09 98 E9 51 20 3F 58 EE CC 06 01 FB 64 FB 75 F4 A3 52 30 50 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 00 30 0F 06 03 55 1D 0F 01 01 FF 04 05 03 03 00 0F 00 30 2C 06 0A 2B 06 01 04 01 82 DB 45 03 01 01 01 FF 04 1B FF 76 18 DF 72 03 5B 8E BC FF 78 0F DF 81 5D 01 FF DF 81 5E 01 FF DF 81 5F 01 FF 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 40 00 30 3D 02 1D 00 CB 86 37 84 31 E1 DF D8 E7 CD E0 61 70 94 A4 C9 F5 3F A2 E1 8F 2E E4 26 EB 55 FA 8F 02 1C 65 1F 79 BA 62 E8 90 21 7D 5D 99 A7 3D 41 C7 84 ED 8A AD 84 45 A8 FA 43 42 C7 41 A0 31 76 30 74 02 01 01 82 14 6F CC 87 03 09 98 E9 51 20 3F 58 EE CC 06 01 FB 64 FB 75 F4 30 0B 06 09 60 86 48 01 65 03 04 02 01 30 0A 06 08 2A 86 48 CE 3D 04 03 02 04 40 30 3E 02 1D 00 E0 1B B5 18 4A BF DA FE E9 DB 48 98 45 99 2E 1C 6E 4C FB 00 75 49 E4 21 48 66 5C 2B 02 1D 00 BB 4A CC 62 71 85 82 56 45 AA 91 50 06 86 1C BA 40 36 DE 2A B1 35 93 F8 E8 2E C4 DD </lif>

    <is-running-in-vm> False </is-running-in-vm>

    <operating-system> 50 </operating-system>

    <finger-print>

      <host-info>

        <0> 63479 </0>

        <1> 63284 </1>

        <2> 48324 </2>

        <3> 57981 </3>

      </host-info>

      <host-info-name> ubuntu </host-info-name>

    </finger-print>

  </cmact>

</container-type-specific>

<receiver-pi>

</receiver-pi>

> check_CmAct_key(0xd9352ca798fde876a6c093e60bb39870ddb10e722276ab78eea3cc40)

CmAct key check ok

解密DYN文件

现在已经获得CmAct密钥并且验证了其正确性。

DYN文件是一段envelope数据,满足PKCS#7的标准。

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

<envelope>

  <contentType> 1.2.840.113549.1.7.3 </contentType>

  <content>

    <version> 1 </version>

    <recipientInfos>

      <0>

        <version> 1 </version>

        <signerIdentifier>

          <subjectKeyIdentifier> F0 39 CF 56 75 90 8E BA F8 7C E9 3A 5C 8C 82 7C E4 F2 2E E7 </subjectKeyIdentifier>

        </signerIdentifier>

        <keyEncryptionAlgorithm>

          <0> 1.3.6.1.4.1.44485.4.2 </0>

        </keyEncryptionAlgorithm>

        <encryptedKey> 28 AF 56 D1 BA 14 6E 90 0C B6 53 E3 B5 B9 BF 71 D8 30 91 A4 B2 3F 19 00 05 E4 40 92 D5 54 94 E1 EC F4 D9 6F 10 09 96 BE BC 4F F0 25 00 00 00 00 F8 F9 AE D0 7D 88 83 C9 09 69 2D A8 A7 2A 1A 27 BD 78 CB 10 A6 89 51 E0 C3 A8 5F 52 00 00 00 00 </encryptedKey>

      </0>

    </recipientInfos>

    <encryptedContentInfo>

      <contentType> 1.3.6.1.4.1.44485.2.6 </contentType>

      <contentEncryptionAlgorithm>

        <0> 2.16.840.1.101.3.4.1.2 </0>

      </contentEncryptionAlgorithm>

      <encryptedContent> 76 42 C9 30 48 5E 33 45 08 55 2D 6D 19 01 4E E4 C0 99 1D DB 2B 68 E5 FF 2E 12 03 E9 BF B3 01 99 C9 09 63 F6 56 20 30 9D 29 28 1A 27 53 42 F9 4A F2 65 F0 A6 4C DF 0E 53 0A 27 FA 43 70 F3 2E 39 2F B5 55 C4 AE EE 59 5E 0A 47 36 3A C6 B2 14 06 CB 5F 0F 37 36 F3 1F A0 2D B0 F4 94 8C 74 FC 5C 39 52 F8 4F 7B 5D 29 E3 D3 93 A3 87 20 45 E2 6F C3 44 FF 5B 1C F4 4E B4 84 77 B4 B0 12 77 C4 C0 9A 74 3D FC 28 8C D2 FA AE AA 0D CA 6E BB 4C FB 2B A4 F1 19 BF 0F 22 FD 27 6B F1 B2 16 A8 53 A5 6C CE 60 81 91 0D 44 20 DF 78 4D D3 1F C0 35 D0 </encryptedContent>

    </encryptedContentInfo>

  </content>

</envelope>

其中contentEncryptionAlgorithm为2.16.840.1.101.3.4.1.2,这表示接下来的encryptedContent是一段aes128-CBC加密的数据。

而aes的密钥则使用CmAct证书的公钥加密并存放于encryptedKey中,解密需要用到CmAct证书的私钥。

更加具体的过程见wibu_asn1.py的dyn_proc函数。

1

2

3

4

5

<encryptedKey>

    <encrypted_aes_key>28 AF 56 D1 BA 14 6E 90 0C B6 53 E3 B5 B9 BF 71</encrypted_aes_key>

    <tmp_Q_x>D8 30 91 A4 B2 3F 19 00 05 E4 40 92 D5 54 94 E1 EC F4 D9 6F 10 09 96 BE BC 4F F0 25 00 00 00 00</tmp_Q_x>

    <tmp_Q_y>F8 F9 AE D0 7D 88 83 C9 09 69 2D A8 A7 2A 1A 27 BD 78 CB 10 A6 89 51 E0 C3 A8 5F 52 00 00 00 00</tmp_Q_y>

</encryptedKey>

实际上,直接调用dyn_proc函数并传入私钥即可解密DYN文件(RAU文件同理),效果如下:

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

> dyn_proc("testcase/CmAct/6000316_82004bd37fef2aeaf4b7964b85e65d3d6e9011b6.WibuCmActDyn", 0xd9352ca798fde876a6c093e60bb39870ddb10e722276ab78eea3cc40)

<sw-specs>

  <creator-name> CodeMeter Runtime </creator-name>

  <creator-version>

    <sfl> 1 </sfl>

    <sfh> 1 </sfh>

    <feature-flags> 0 </feature-flags>

  </creator-version>

  <required-version>

    <sfl> 1 </sfl>

    <sfh> 1 </sfh>

    <feature-flags> 0 </feature-flags>

  </required-version>

</sw-specs>

<cmact-serial-id> 82 00 4B D3 7F EF 2A EA F4 B7 96 4B 85 E6 5D 3D 6E 90 11 B6 </cmact-serial-id>

<clocks>

  <box-time> 579681158 </box-time>

  <certified-time> 552660672 </certified-time>

</clocks>

<tag> 2 </tag>

<pi-dynamics>

</pi-dynamics>

实际上,DYN文件并不大,所以解析后感兴趣的数据并不是特别多。

也许RAU文件中的有用的数据会更多,存在条件的读者可以尝试解析一下RAU文件,本人也很好奇RAU文件的内容是怎么样的?

看雪招聘平台创建简历并且简历完整度达到90%及以上可获得500看雪币~


文章来源: https://bbs.pediy.com/thread-275683.htm
如有侵权请联系:admin#unsafe.sh