| blob | 368b88110a8dc4b263aa9722af0a5ddb51355788 |
1 /*****************************************************************************
2 * drms.c : DRMS
3 *****************************************************************************
4 * Copyright (C) 2004 VideoLAN
5 * $Id: drms.c,v 1.3 2004/01/11 15:52:18 menno Exp $
6 *
7 * Author: Jon Lech Johansen <jon-vl@nanocrew.net>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
22 *****************************************************************************/
24 #include <stdlib.h> /* malloc(), free() */
26 #include "mp4ffint.h"
28 #ifdef ITUNES_DRM
30 #ifdef _WIN32
31 #include <tchar.h>
32 #include <shlobj.h>
33 #include <windows.h>
34 #endif
36 #include "drms.h"
37 #include "drmstables.h"
39 static __inline uint32_t U32_AT( void * _p )
40 {
41 uint8_t * p = (uint8_t *)_p;
42 return ( ((uint32_t)p[0] << 24) | ((uint32_t)p[1] << 16)
43 | ((uint32_t)p[2] << 8) | p[3] );
44 }
46 #define TAOS_INIT( tmp, i ) \
47 memset( tmp, 0, sizeof(tmp) ); \
48 tmp[ i + 0 ] = 0x67452301; \
49 tmp[ i + 1 ] = 0xEFCDAB89; \
50 tmp[ i + 2 ] = 0x98BADCFE; \
51 tmp[ i + 3 ] = 0x10325476;
53 #define ROR( x, n ) (((x) << (32-(n))) | ((x) >> (n)))
55 static void init_ctx( uint32_t *p_ctx, uint32_t *p_input )
56 {
57 uint32_t i;
58 uint32_t p_tmp[ 6 ];
60 p_ctx[ 0 ] = sizeof(*p_input);
62 memset( &p_ctx[ 1 + 4 ], 0, sizeof(*p_input) * 4 );
63 memcpy( &p_ctx[ 1 + 0 ], p_input, sizeof(*p_input) * 4 );
65 p_tmp[ 0 ] = p_ctx[ 1 + 3 ];
67 for( i = 0; i < sizeof(p_drms_tab1)/sizeof(p_drms_tab1[ 0 ]); i++ )
68 {
69 p_tmp[ 0 ] = ROR( p_tmp[ 0 ], 8 );
71 p_tmp[ 5 ] = p_drms_tab2[ (p_tmp[ 0 ] >> 24) & 0xFF ]
72 ^ ROR( p_drms_tab2[ (p_tmp[ 0 ] >> 16) & 0xFF ], 8 )
73 ^ ROR( p_drms_tab2[ (p_tmp[ 0 ] >> 8) & 0xFF ], 16 )
74 ^ ROR( p_drms_tab2[ p_tmp[ 0 ] & 0xFF ], 24 )
75 ^ p_drms_tab1[ i ]
76 ^ p_ctx[ 1 + ((i + 1) * 4) - 4 ];
78 p_ctx[ 1 + ((i + 1) * 4) + 0 ] = p_tmp[ 5 ];
79 p_tmp[ 5 ] ^= p_ctx[ 1 + ((i + 1) * 4) - 3 ];
80 p_ctx[ 1 + ((i + 1) * 4) + 1 ] = p_tmp[ 5 ];
81 p_tmp[ 5 ] ^= p_ctx[ 1 + ((i + 1) * 4) - 2 ];
82 p_ctx[ 1 + ((i + 1) * 4) + 2 ] = p_tmp[ 5 ];
83 p_tmp[ 5 ] ^= p_ctx[ 1 + ((i + 1) * 4) - 1 ];
84 p_ctx[ 1 + ((i + 1) * 4) + 3 ] = p_tmp[ 5 ];
86 p_tmp[ 0 ] = p_tmp[ 5 ];
87 }
89 memcpy( &p_ctx[ 1 + 64 ], &p_ctx[ 1 ], sizeof(*p_ctx) * 4 );
91 for( i = 4; i < sizeof(p_drms_tab1); i++ )
92 {
93 p_tmp[ 2 ] = p_ctx[ 1 + 4 + (i - 4) ];
95 p_tmp[ 0 ] = (((p_tmp[ 2 ] >> 7) & 0x01010101) * 27)
96 ^ ((p_tmp[ 2 ] & 0xFF7F7F7F) << 1);
97 p_tmp[ 1 ] = (((p_tmp[ 0 ] >> 7) & 0x01010101) * 27)
98 ^ ((p_tmp[ 0 ] & 0xFF7F7F7F) << 1);
99 p_tmp[ 4 ] = (((p_tmp[ 1 ] >> 7) & 0x01010101) * 27)
100 ^ ((p_tmp[ 1 ] & 0xFF7F7F7F) << 1);
102 p_tmp[ 2 ] ^= p_tmp[ 4 ];
104 p_tmp[ 3 ] = ROR( p_tmp[ 1 ] ^ p_tmp[ 2 ], 16 )
105 ^ ROR( p_tmp[ 0 ] ^ p_tmp[ 2 ], 8 )
106 ^ ROR( p_tmp[ 2 ], 24 );
108 p_ctx[ 1 + 4 + 64 + (i - 4) ] = p_tmp[ 3 ] ^ p_tmp[ 4 ]
109 ^ p_tmp[ 1 ] ^ p_tmp[ 0 ];
110 }
111 }
113 static void ctx_xor( uint32_t *p_ctx, uint32_t *p_in, uint32_t *p_out,
114 uint32_t p_table1[ 256 ], uint32_t p_table2[ 256 ] )
115 {
116 uint32_t i, x, y;
117 uint32_t p_tmp1[ 4 ];
118 uint32_t p_tmp2[ 4 ];
120 i = p_ctx[ 0 ] * 4;
122 p_tmp1[ 0 ] = p_ctx[ 1 + i + 24 ] ^ p_in[ 0 ];
123 p_tmp1[ 1 ] = p_ctx[ 1 + i + 25 ] ^ p_in[ 1 ];
124 p_tmp1[ 2 ] = p_ctx[ 1 + i + 26 ] ^ p_in[ 2 ];
125 p_tmp1[ 3 ] = p_ctx[ 1 + i + 27 ] ^ p_in[ 3 ];
127 i += 84;
129 #define XOR_ROR( p_table, p_tmp, i_ctx ) \
130 p_table[ (p_tmp[ y > 2 ? y - 3 : y + 1 ] >> 24) & 0xFF ] \
131 ^ ROR( p_table[ (p_tmp[ y > 1 ? y - 2 : y + 2 ] >> 16) & 0xFF ], 8 ) \
132 ^ ROR( p_table[ (p_tmp[ y > 0 ? y - 1 : y + 3 ] >> 8) & 0xFF ], 16 ) \
133 ^ ROR( p_table[ p_tmp[ y ] & 0xFF ], 24 ) \
134 ^ p_ctx[ i_ctx ]
136 for( x = 0; x < 1; x++ )
137 {
138 memcpy( p_tmp2, p_tmp1, sizeof(p_tmp1) );
140 for( y = 0; y < 4; y++ )
141 {
142 p_tmp1[ y ] = XOR_ROR( p_table1, p_tmp2, 1 + i - x + y );
143 }
144 }
146 for( ; x < 9; x++ )
147 {
148 memcpy( p_tmp2, p_tmp1, sizeof(p_tmp1) );
150 for( y = 0; y < 4; y++ )
151 {
152 p_tmp1[ y ] = XOR_ROR( p_table1, p_tmp2,
153 1 + i - x - ((x * 3) - y) );
154 }
155 }
157 for( y = 0; y < 4; y++ )
158 {
159 p_out[ y ] = XOR_ROR( p_table2, p_tmp1,
160 1 + i - x - ((x * 3) - y) );
161 }
163 #undef XOR_ROR
164 }
166 static void taos( uint32_t *p_buffer, uint32_t *p_input )
167 {
168 uint32_t i;
169 uint32_t x = 0;
170 uint32_t p_tmp1[ 4 ];
171 uint32_t p_tmp2[ 4 ];
173 memcpy( p_tmp1, p_buffer, sizeof(p_tmp1) );
175 p_tmp2[ 0 ] = ((~p_tmp1[ 1 ] & p_tmp1[ 3 ])
176 | (p_tmp1[ 2 ] & p_tmp1[ 1 ])) + p_input[ x ];
177 p_tmp1[ 0 ] = p_tmp2[ 0 ] + p_tmp1[ 0 ] + p_drms_tab_taos[ x++ ];
179 for( i = 0; i < 4; i++ )
180 {
181 p_tmp2[ 0 ] = ((p_tmp1[ 0 ] >> 0x19)
182 | (p_tmp1[ 0 ] << 0x7)) + p_tmp1[ 1 ];
183 p_tmp2[ 1 ] = ((~p_tmp2[ 0 ] & p_tmp1[ 2 ])
184 | (p_tmp1[ 1 ] & p_tmp2[ 0 ])) + p_input[ x ];
185 p_tmp2[ 1 ] += p_tmp1[ 3 ] + p_drms_tab_taos[ x++ ];
187 p_tmp1[ 3 ] = ((p_tmp2[ 1 ] >> 0x14)
188 | (p_tmp2[ 1 ] << 0xC)) + p_tmp2[ 0 ];
189 p_tmp2[ 1 ] = ((~p_tmp1[ 3 ] & p_tmp1[ 1 ])
190 | (p_tmp1[ 3 ] & p_tmp2[ 0 ])) + p_input[ x ];
191 p_tmp2[ 1 ] += p_tmp1[ 2 ] + p_drms_tab_taos[ x++ ];
193 p_tmp1[ 2 ] = ((p_tmp2[ 1 ] >> 0xF)
194 | (p_tmp2[ 1 ] << 0x11)) + p_tmp1[ 3 ];
195 p_tmp2[ 1 ] = ((~p_tmp1[ 2 ] & p_tmp2[ 0 ])
196 | (p_tmp1[ 3 ] & p_tmp1[ 2 ])) + p_input[ x ];
197 p_tmp2[ 2 ] = p_tmp2[ 1 ] + p_tmp1[ 1 ] + p_drms_tab_taos[ x++ ];
199 p_tmp1[ 1 ] = ((p_tmp2[ 2 ] << 0x16)
200 | (p_tmp2[ 2 ] >> 0xA)) + p_tmp1[ 2 ];
201 if( i == 3 )
202 {
203 p_tmp2[ 1 ] = ((~p_tmp1[ 3 ] & p_tmp1[ 2 ])
204 | (p_tmp1[ 3 ] & p_tmp1[ 1 ])) + p_input[ 1 ];
205 }
206 else
207 {
208 p_tmp2[ 1 ] = ((~p_tmp1[ 1 ] & p_tmp1[ 3 ])
209 | (p_tmp1[ 2 ] & p_tmp1[ 1 ])) + p_input[ x ];
210 }
211 p_tmp1[ 0 ] = p_tmp2[ 0 ] + p_tmp2[ 1 ] + p_drms_tab_taos[ x++ ];
212 }
214 for( i = 0; i < 4; i++ )
215 {
216 uint8_t p_table[ 4 ][ 4 ] =
217 {
218 { 6, 11, 0, 5 },
219 { 10, 15, 4, 9 },
220 { 14, 3, 8, 13 },
221 { 2, 7, 12, 5 }
222 };
224 p_tmp2[ 0 ] = ((p_tmp1[ 0 ] >> 0x1B)
225 | (p_tmp1[ 0 ] << 0x5)) + p_tmp1[ 1 ];
226 p_tmp2[ 1 ] = ((~p_tmp1[ 2 ] & p_tmp1[ 1 ])
227 | (p_tmp1[ 2 ] & p_tmp2[ 0 ]))
228 + p_input[ p_table[ i ][ 0 ] ];
229 p_tmp2[ 1 ] += p_tmp1[ 3 ] + p_drms_tab_taos[ x++ ];
231 p_tmp1[ 3 ] = ((p_tmp2[ 1 ] >> 0x17)
232 | (p_tmp2[ 1 ] << 0x9)) + p_tmp2[ 0 ];
233 p_tmp2[ 1 ] = ((~p_tmp1[ 1 ] & p_tmp2[ 0 ])
234 | (p_tmp1[ 3 ] & p_tmp1[ 1 ]))
235 + p_input[ p_table[ i ][ 1 ] ];
236 p_tmp2[ 1 ] += p_tmp1[ 2 ] + p_drms_tab_taos[ x++ ];
238 p_tmp1[ 2 ] = ((p_tmp2[ 1 ] >> 0x12)
239 | (p_tmp2[ 1 ] << 0xE)) + p_tmp1[ 3 ];
240 p_tmp2[ 1 ] = ((~p_tmp2[ 0 ] & p_tmp1[ 3 ])
241 | (p_tmp1[ 2 ] & p_tmp2[ 0 ]))
242 + p_input[ p_table[ i ][ 2 ] ];
243 p_tmp2[ 1 ] += p_tmp1[ 1 ] + p_drms_tab_taos[ x++ ];
245 p_tmp1[ 1 ] = ((p_tmp2[ 1 ] << 0x14)
246 | (p_tmp2[ 1 ] >> 0xC)) + p_tmp1[ 2 ];
247 if( i == 3 )
248 {
249 p_tmp2[ 1 ] = (p_tmp1[ 3 ] ^ p_tmp1[ 2 ] ^ p_tmp1[ 1 ])
250 + p_input[ p_table[ i ][ 3 ] ];
251 }
252 else
253 {
254 p_tmp2[ 1 ] = ((~p_tmp1[ 3 ] & p_tmp1[ 2 ])
255 | (p_tmp1[ 3 ] & p_tmp1[ 1 ]))
256 + p_input[ p_table[ i ][ 3 ] ];
257 }
258 p_tmp1[ 0 ] = p_tmp2[ 0 ] + p_tmp2[ 1 ] + p_drms_tab_taos[ x++ ];
259 }
261 for( i = 0; i < 4; i++ )
262 {
263 uint8_t p_table[ 4 ][ 4 ] =
264 {
265 { 8, 11, 14, 1 },
266 { 4, 7, 10, 13 },
267 { 0, 3, 6, 9 },
268 { 12, 15, 2, 0 }
269 };
271 p_tmp2[ 0 ] = ((p_tmp1[ 0 ] >> 0x1C)
272 | (p_tmp1[ 0 ] << 0x4)) + p_tmp1[ 1 ];
273 p_tmp2[ 1 ] = (p_tmp1[ 2 ] ^ p_tmp1[ 1 ] ^ p_tmp2[ 0 ])
274 + p_input[ p_table[ i ][ 0 ] ];
275 p_tmp2[ 1 ] += p_tmp1[ 3 ] + p_drms_tab_taos[ x++ ];
277 p_tmp1[ 3 ] = ((p_tmp2[ 1 ] >> 0x15)
278 | (p_tmp2[ 1 ] << 0xB)) + p_tmp2[ 0 ];
279 p_tmp2[ 1 ] = (p_tmp1[ 3 ] ^ p_tmp1[ 1 ] ^ p_tmp2[ 0 ])
280 + p_input[ p_table[ i ][ 1 ] ];
281 p_tmp2[ 1 ] += p_tmp1[ 2 ] + p_drms_tab_taos[ x++ ];
283 p_tmp1[ 2 ] = ((p_tmp2[ 1 ] >> 0x10)
284 | (p_tmp2[ 1 ] << 0x10)) + p_tmp1[ 3 ];
285 p_tmp2[ 1 ] = (p_tmp1[ 3 ] ^ p_tmp1[ 2 ] ^ p_tmp2[ 0 ])
286 + p_input[ p_table[ i ][ 2 ] ];
287 p_tmp2[ 1 ] += p_tmp1[ 1 ] + p_drms_tab_taos[ x++ ];
289 p_tmp1[ 1 ] = ((p_tmp2[ 1 ] << 0x17)
290 | (p_tmp2[ 1 ] >> 0x9)) + p_tmp1[ 2 ];
291 if( i == 3 )
292 {
293 p_tmp2[ 1 ] = ((~p_tmp1[ 3 ] | p_tmp1[ 1 ]) ^ p_tmp1[ 2 ])
294 + p_input[ p_table[ i ][ 3 ] ];
295 }
296 else
297 {
298 p_tmp2[ 1 ] = (p_tmp1[ 3 ] ^ p_tmp1[ 2 ] ^ p_tmp1[ 1 ])
299 + p_input[ p_table[ i ][ 3 ] ];
300 }
301 p_tmp1[ 0 ] = p_tmp2[ 0 ] + p_tmp2[ 1 ] + p_drms_tab_taos[ x++ ];
302 }
304 for( i = 0; i < 4; i++ )
305 {
306 uint8_t p_table[ 4 ][ 4 ] =
307 {
308 { 7, 14, 5, 12 },
309 { 3, 10, 1, 8 },
310 { 15, 6, 13, 4 },
311 { 11, 2, 9, 0 }
312 };
314 p_tmp2[ 0 ] = ((p_tmp1[ 0 ] >> 0x1A)
315 | (p_tmp1[ 0 ] << 0x6)) + p_tmp1[ 1 ];
316 p_tmp2[ 1 ] = ((~p_tmp1[ 2 ] | p_tmp2[ 0 ]) ^ p_tmp1[ 1 ])
317 + p_input[ p_table[ i ][ 0 ] ];
318 p_tmp2[ 1 ] += p_tmp1[ 3 ] + p_drms_tab_taos[ x++ ];
320 p_tmp1[ 3 ] = ((p_tmp2[ 1 ] >> 0x16)
321 | (p_tmp2[ 1 ] << 0xA)) + p_tmp2[ 0 ];
322 p_tmp2[ 1 ] = ((~p_tmp1[ 1 ] | p_tmp1[ 3 ]) ^ p_tmp2[ 0 ])
323 + p_input[ p_table[ i ][ 1 ] ];
324 p_tmp2[ 1 ] += p_tmp1[ 2 ] + p_drms_tab_taos[ x++ ];
326 p_tmp1[ 2 ] = ((p_tmp2[ 1 ] >> 0x11)
327 | (p_tmp2[ 1 ] << 0xF)) + p_tmp1[ 3 ];
328 p_tmp2[ 1 ] = ((~p_tmp2[ 0 ] | p_tmp1[ 2 ]) ^ p_tmp1[ 3 ])
329 + p_input[ p_table[ i ][ 2 ] ];
330 p_tmp2[ 1 ] += p_tmp1[ 1 ] + p_drms_tab_taos[ x++ ];
332 p_tmp1[ 1 ] = ((p_tmp2[ 1 ] << 0x15)
333 | (p_tmp2[ 1 ] >> 0xB)) + p_tmp1[ 2 ];
335 if( i < 3 )
336 {
337 p_tmp2[ 1 ] = ((~p_tmp1[ 3 ] | p_tmp1[ 1 ]) ^ p_tmp1[ 2 ])
338 + p_input[ p_table[ i ][ 3 ] ];
339 p_tmp1[ 0 ] = p_tmp2[ 0 ] + p_tmp2[ 1 ] + p_drms_tab_taos[ x++ ];
340 }
341 }
343 p_buffer[ 0 ] += p_tmp2[ 0 ];
344 p_buffer[ 1 ] += p_tmp1[ 1 ];
345 p_buffer[ 2 ] += p_tmp1[ 2 ];
346 p_buffer[ 3 ] += p_tmp1[ 3 ];
347 }
349 static void taos_add1( uint32_t *p_buffer,
350 uint8_t *p_in, uint32_t i_len )
351 {
352 uint32_t i;
353 uint32_t x, y;
354 uint32_t p_tmp[ 16 ];
355 uint32_t i_offset = 0;
357 x = p_buffer[ 6 ] & 63;
358 y = 64 - x;
360 p_buffer[ 6 ] += i_len;
362 if( i_len < y )
363 {
364 memcpy( &((uint8_t *)p_buffer)[ 48 + x ], p_in, i_len );
365 }
366 else
367 {
368 if( x )
369 {
370 memcpy( &((uint8_t *)p_buffer)[ 48 + x ], p_in, y );
371 taos( &p_buffer[ 8 ], &p_buffer[ 12 ] );
372 i_offset = y;
373 i_len -= y;
374 }
376 if( i_len >= 64 )
377 {
378 for( i = 0; i < i_len / 64; i++ )
379 {
380 memcpy( p_tmp, &p_in[ i_offset ], sizeof(p_tmp) );
381 taos( &p_buffer[ 8 ], p_tmp );
382 i_offset += 64;
383 i_len -= 64;
384 }
385 }
387 if( i_len )
388 {
389 memcpy( &p_buffer[ 12 ], &p_in[ i_offset ], i_len );
390 }
391 }
392 }
394 static void taos_end1( uint32_t *p_buffer, uint32_t *p_out )
395 {
396 uint32_t x, y;
398 x = p_buffer[ 6 ] & 63;
399 y = 63 - x;
401 ((uint8_t *)p_buffer)[ 48 + x++ ] = 128;
403 if( y < 8 )
404 {
405 memset( &((uint8_t *)p_buffer)[ 48 + x ], 0, y );
406 taos( &p_buffer[ 8 ], &p_buffer[ 12 ] );
407 y = 64;
408 x = 0;
409 }
411 memset( &((uint8_t *)p_buffer)[ 48 + x ], 0, y );
413 p_buffer[ 26 ] = p_buffer[ 6 ] * 8;
414 p_buffer[ 27 ] = p_buffer[ 6 ] >> 29;
415 taos( &p_buffer[ 8 ], &p_buffer[ 12 ] );
417 memcpy( p_out, &p_buffer[ 8 ], sizeof(*p_out) * 4 );
418 }
420 static void taos_add2( uint32_t *p_buffer, uint8_t *p_in, uint32_t i_len )
421 {
422 uint32_t i, x;
423 uint32_t p_tmp[ 16 ];
425 x = (p_buffer[ 0 ] / 8) & 63;
426 i = p_buffer[ 0 ] + i_len * 8;
428 if( i < p_buffer[ 0 ] )
429 {
430 p_buffer[ 1 ] += 1;
431 }
433 p_buffer[ 0 ] = i;
434 p_buffer[ 1 ] += i_len >> 29;
436 for( i = 0; i < i_len; i++ )
437 {
438 ((uint8_t *)p_buffer)[ 24 + x++ ] = p_in[ i ];
440 if( x != 64 )
441 continue;
443 memcpy( p_tmp, &p_buffer[ 6 ], sizeof(p_tmp) );
444 taos( &p_buffer[ 2 ], p_tmp );
445 }
446 }
448 static void taos_add2e( uint32_t *p_buffer, uint32_t *p_in, uint32_t i_len )
449 {
450 uint32_t i, x, y;
451 uint32_t p_tmp[ 32 ];
453 if( i_len )
454 {
455 for( x = i_len; x; x -= y )
456 {
457 y = x > 32 ? 32 : x;
459 for( i = 0; i < y; i++ )
460 {
461 p_tmp[ i ] = U32_AT(&p_in[ i ]);
462 }
463 }
464 }
466 taos_add2( p_buffer, (uint8_t *)p_tmp, i_len * sizeof(p_tmp[ 0 ]) );
467 }
469 static void taos_end2( uint32_t *p_buffer )
470 {
471 uint32_t x;
472 uint32_t p_tmp[ 16 ];
474 p_tmp[ 14 ] = p_buffer[ 0 ];
475 p_tmp[ 15 ] = p_buffer[ 1 ];
477 x = (p_buffer[ 0 ] / 8) & 63;
479 taos_add2( p_buffer, p_drms_tab_tend, 56 - x );
480 memcpy( p_tmp, &p_buffer[ 6 ], 56 );
481 taos( &p_buffer[ 2 ], p_tmp );
482 memcpy( &p_buffer[ 22 ], &p_buffer[ 2 ], sizeof(*p_buffer) * 4 );
483 }
485 static void taos_add3( uint32_t *p_buffer, uint8_t *p_key, uint32_t i_len )
486 {
487 uint32_t x, y;
488 uint32_t i = 0;
490 x = (p_buffer[ 4 ] / 8) & 63;
491 p_buffer[ 4 ] += i_len * 8;
493 if( p_buffer[ 4 ] < i_len * 8 )
494 p_buffer[ 5 ] += 1;
496 p_buffer[ 5 ] += i_len >> 29;
498 y = 64 - x;
500 if( i_len >= y )
501 {
502 memcpy( &((uint8_t *)p_buffer)[ 24 + x ], p_key, y );
503 taos( p_buffer, &p_buffer[ 6 ] );
505 i = y;
506 y += 63;
508 if( y < i_len )
509 {
510 for( ; y < i_len; y += 64, i += 64 )
511 {
512 taos( p_buffer, (uint32_t *)&p_key[y - 63] );
513 }
514 }
515 else
516 {
517 x = 0;
518 }
519 }
521 memcpy( &((uint8_t *)p_buffer)[ 24 + x ], &p_key[ i ], i_len - i );
522 }
524 static int taos_osi( uint32_t *p_buffer )
525 {
526 int i_ret = 0;
528 #ifdef _WIN32
529 HKEY i_key;
530 uint32_t i;
531 DWORD i_size;
532 DWORD i_serial;
533 LPBYTE p_reg_buf;
535 static LPCTSTR p_reg_keys[ 3 ][ 2 ] =
536 {
537 {
538 _T("HARDWARE\\DESCRIPTION\\System"),
539 _T("SystemBiosVersion")
540 },
542 {
543 _T("HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0"),
544 _T("ProcessorNameString")
545 },
547 {
548 _T("SOFTWARE\\Microsoft\\Windows\\CurrentVersion"),
549 _T("ProductId")
550 }
551 };
553 taos_add1( p_buffer, "cache-control", 13 );
554 taos_add1( p_buffer, "Ethernet", 8 );
556 GetVolumeInformation( _T("C:\\"), NULL, 0, &i_serial,
557 NULL, NULL, NULL, 0 );
558 taos_add1( p_buffer, (uint8_t *)&i_serial, 4 );
560 for( i = 0; i < sizeof(p_reg_keys)/sizeof(p_reg_keys[ 0 ]); i++ )
561 {
562 if( RegOpenKeyEx( HKEY_LOCAL_MACHINE, p_reg_keys[ i ][ 0 ],
563 0, KEY_READ, &i_key ) == ERROR_SUCCESS )
564 {
565 if( RegQueryValueEx( i_key, p_reg_keys[ i ][ 1 ],
566 NULL, NULL, NULL,
567 &i_size ) == ERROR_SUCCESS )
568 {
569 p_reg_buf = malloc( i_size );
571 if( p_reg_buf != NULL )
572 {
573 if( RegQueryValueEx( i_key, p_reg_keys[ i ][ 1 ],
574 NULL, NULL, p_reg_buf,
575 &i_size ) == ERROR_SUCCESS )
576 {
577 taos_add1( p_buffer, (uint8_t *)p_reg_buf,
578 i_size );
579 }
581 free( p_reg_buf );
582 }
583 }
585 RegCloseKey( i_key );
586 }
587 }
589 #else
590 i_ret = -1;
591 #endif
593 return( i_ret );
594 }
596 static int get_sci_data( uint32_t p_sci[ 11 ][ 4 ] )
597 {
598 int i_ret = -1;
600 #ifdef _WIN32
601 HANDLE i_file;
602 DWORD i_size, i_read;
603 TCHAR p_path[ MAX_PATH ];
604 TCHAR *p_filename = _T("\\Apple Computer\\iTunes\\SC Info\\SC Info.sidb");
606 typedef HRESULT (WINAPI *SHGETFOLDERPATH)( HWND, int, HANDLE, DWORD,
607 LPTSTR );
609 HINSTANCE shfolder_dll = NULL;
610 SHGETFOLDERPATH dSHGetFolderPath = NULL;
612 if( ( shfolder_dll = LoadLibrary( _T("SHFolder.dll") ) ) != NULL )
613 {
614 dSHGetFolderPath =
615 (SHGETFOLDERPATH)GetProcAddress( shfolder_dll,
616 #ifdef _UNICODE
617 _T("SHGetFolderPathW") );
618 #else
619 _T("SHGetFolderPathA") );
620 #endif
621 }
623 if( dSHGetFolderPath != NULL &&
624 SUCCEEDED( dSHGetFolderPath( NULL, /*CSIDL_COMMON_APPDATA*/ 0x0023,
625 NULL, 0, p_path ) ) )
626 {
627 _tcsncat( p_path, p_filename, min( _tcslen( p_filename ),
628 (MAX_PATH-1) - _tcslen( p_path ) ) );
630 i_file = CreateFile( p_path, GENERIC_READ, 0, NULL,
631 OPEN_EXISTING, 0, NULL );
632 if( i_file != INVALID_HANDLE_VALUE )
633 {
634 i_read = sizeof(p_sci[ 0 ]) * 11;
635 i_size = GetFileSize( i_file, NULL );
636 if( i_size != INVALID_FILE_SIZE && i_size >= i_read )
637 {
638 i_size = SetFilePointer( i_file, 4, NULL, FILE_BEGIN );
639 if( i_size != /*INVALID_SET_FILE_POINTER*/ ((DWORD)-1))
640 {
641 if( ReadFile( i_file, p_sci, i_read, &i_size, NULL ) &&
642 i_size == i_read )
643 {
644 i_ret = 0;
645 }
646 }
647 }
649 CloseHandle( i_file );
650 }
651 }
652 #endif
654 return( i_ret );
655 }
657 static void acei_taxs( uint32_t *p_acei, uint32_t i_val )
658 {
659 uint32_t i, x;
661 i = (i_val / 16) & 15;
662 x = (~(i_val & 15)) & 15;
664 if( (i_val & 768) == 768 )
665 {
666 x = (~i) & 15;
667 i = i_val & 15;
669 p_acei[ 25 + i ] = p_acei[ 25 + ((16 - x) & 15) ]
670 + p_acei[ 25 + (15 - x) ];
671 }
672 else if( (i_val & 512) == 512 )
673 {
674 p_acei[ 25 + i ] ^= p_drms_tab_xor[ 15 - i ][ x ];
675 }
676 else if( (i_val & 256) == 256 )
677 {
678 p_acei[ 25 + i ] -= p_drms_tab_sub[ 15 - i ][ x ];
679 }
680 else
681 {
682 p_acei[ 25 + i ] += p_drms_tab_add[ 15 - i ][ x ];
683 }
684 }
686 static void acei( uint32_t *p_acei, uint8_t *p_buffer, uint32_t i_len )
687 {
688 uint32_t i, x;
689 uint32_t p_tmp[ 26 ];
691 for( i = 5; i < 25; i++ )
692 {
693 if( p_acei[ i ] )
694 {
695 acei_taxs( p_acei, p_acei[ i ] );
696 }
697 }
699 TAOS_INIT( p_tmp, 2 );
700 taos_add2e( p_tmp, &p_acei[ 25 ], sizeof(*p_acei) * 4 );
701 taos_end2( p_tmp );
703 x = i_len < 16 ? i_len : 16;
705 if( x > 0 )
706 {
707 for( i = 0; i < x; i++ )
708 {
709 p_buffer[ i ] ^= ((uint8_t *)&p_tmp)[ 88 + i ];
710 }
711 }
712 }
714 static uint32_t ttov_calc( uint32_t *p_acei )
715 {
716 int32_t i_val;
717 uint32_t p_tmp[ 26 ];
719 TAOS_INIT( p_tmp, 2 );
720 taos_add2e( p_tmp, &p_acei[ 0 ], 4 );
721 taos_add2e( p_tmp, &p_acei[ 4 ], 1 );
722 taos_end2( p_tmp );
724 p_acei[ 4 ]++;
726 i_val = ((int32_t)U32_AT(&p_tmp[ 22 ])) % 1024;
728 return( i_val < 0 ? i_val * -1 : i_val );
729 }
731 static void acei_init( uint32_t *p_acei, uint32_t *p_sys_key )
732 {
733 uint32_t i;
735 for( i = 0; i < 4; i++ )
736 {
737 p_acei[ i ] = U32_AT(&p_sys_key[ i ]);
738 }
740 p_acei[ 4 ] = 0x5476212A;
742 for( i = 5; i < 25; i++ )
743 {
744 p_acei[ i ] = ttov_calc( p_acei );
745 }
747 p_acei[ 25 + 0 ] = p_acei[ 0 ];
748 p_acei[ 25 + 1 ] = 0x68723876;
749 p_acei[ 25 + 2 ] = 0x41617376;
750 p_acei[ 25 + 3 ] = 0x4D4B4F76;
752 p_acei[ 25 + 4 ] = p_acei[ 1 ];
753 p_acei[ 25 + 5 ] = 0x48556646;
754 p_acei[ 25 + 6 ] = 0x38393725;
755 p_acei[ 25 + 7 ] = 0x2E3B5B3D;
757 p_acei[ 25 + 8 ] = p_acei[ 2 ];
758 p_acei[ 25 + 9 ] = 0x37363866;
759 p_acei[ 25 + 10 ] = 0x30383637;
760 p_acei[ 25 + 11 ] = 0x34333661;
762 p_acei[ 25 + 12 ] = p_acei[ 3 ];
763 p_acei[ 25 + 13 ] = 0x37386162;
764 p_acei[ 25 + 14 ] = 0x494F6E66;
765 p_acei[ 25 + 15 ] = 0x2A282966;
766 }
768 static __inline void block_xor( uint32_t *p_in, uint32_t *p_key,
769 uint32_t *p_out )
770 {
771 uint32_t i;
773 for( i = 0; i < 4; i++ )
774 {
775 p_out[ i ] = p_key[ i ] ^ p_in[ i ];
776 }
777 }
779 int drms_get_sys_key( uint32_t *p_sys_key )
780 {
781 uint32_t p_tmp[ 128 ];
782 uint32_t p_tmp_key[ 4 ];
784 TAOS_INIT( p_tmp, 8 );
785 if( taos_osi( p_tmp ) )
786 {
787 return( -1 );
788 }
789 taos_end1( p_tmp, p_tmp_key );
791 TAOS_INIT( p_tmp, 2 );
792 taos_add2( p_tmp, "YuaFlafu", 8 );
793 taos_add2( p_tmp, (uint8_t *)p_tmp_key, 6 );
794 taos_add2( p_tmp, (uint8_t *)p_tmp_key, 6 );
795 taos_add2( p_tmp, (uint8_t *)p_tmp_key, 6 );
796 taos_add2( p_tmp, "zPif98ga", 8 );
797 taos_end2( p_tmp );
799 memcpy( p_sys_key, &p_tmp[ 2 ], sizeof(*p_sys_key) * 4 );
801 return( 0 );
802 }
804 int drms_get_user_key( uint32_t *p_sys_key, uint32_t *p_user_key )
805 {
806 uint32_t i;
807 uint32_t p_tmp[ 4 ];
808 uint32_t *p_cur_key;
809 uint32_t p_acei[ 41 ];
810 uint32_t p_ctx[ 128 ];
811 uint32_t p_sci[ 2 ][ 11 ][ 4 ];
813 uint32_t p_sci_key[ 4 ] =
814 {
815 0x6E66556D, 0x6E676F70, 0x67666461, 0x33373866
816 };
818 if( p_sys_key == NULL )
819 {
820 if( drms_get_sys_key( p_tmp ) )
821 {
822 return( -1 );
823 }
825 p_sys_key = p_tmp;
826 }
828 if( get_sci_data( p_sci[ 0 ] ) )
829 {
830 return( -1 );
831 }
833 init_ctx( p_ctx, p_sys_key );
835 for( i = 0, p_cur_key = p_sci_key;
836 i < sizeof(p_sci[ 0 ])/sizeof(p_sci[ 0 ][ 0 ]); i++ )
837 {
838 ctx_xor( p_ctx, &p_sci[ 0 ][ i ][ 0 ], &p_sci[ 1 ][ i ][ 0 ],
839 p_drms_tab3, p_drms_tab4 );
840 block_xor( &p_sci[ 1 ][ i ][ 0 ], p_cur_key, &p_sci[ 1 ][ i ][ 0 ] );
842 p_cur_key = &p_sci[ 0 ][ i ][ 0 ];
843 }
845 acei_init( p_acei, p_sys_key );
847 for( i = 0; i < sizeof(p_sci[ 1 ])/sizeof(p_sci[ 1 ][ 0 ]); i++ )
848 {
849 acei( p_acei, (uint8_t *)&p_sci[ 1 ][ i ][ 0 ],
850 sizeof(p_sci[ 1 ][ i ]) );
851 }
853 memcpy( p_user_key, &p_sci[ 1 ][ 10 ][ 0 ], sizeof(p_sci[ 1 ][ i ]) );
855 return( 0 );
856 }
858 struct drms_s
859 {
860 uint8_t *p_iviv;
861 uint32_t i_iviv_len;
862 uint8_t *p_name;
863 uint32_t i_name_len;
865 uint32_t *p_tmp;
866 uint32_t i_tmp_len;
868 uint32_t p_key[ 4 ];
869 uint32_t p_ctx[ 128 ];
870 };
872 #define P_DRMS ((struct drms_s *)p_drms)
874 void *drms_alloc()
875 {
876 struct drms_s *p_drms;
878 p_drms = malloc( sizeof(struct drms_s) );
880 if( p_drms != NULL )
881 {
882 memset( p_drms, 0, sizeof(struct drms_s) );
884 p_drms->i_tmp_len = 1024;
885 p_drms->p_tmp = malloc( p_drms->i_tmp_len );
886 if( p_drms->p_tmp == NULL )
887 {
888 free( (void *)p_drms );
889 p_drms = NULL;
890 }
891 }
893 return( (void *)p_drms );
894 }
896 void drms_free( void *p_drms )
897 {
898 if( P_DRMS->p_name != NULL )
899 {
900 free( (void *)P_DRMS->p_name );
901 }
903 if( P_DRMS->p_iviv != NULL )
904 {
905 free( (void *)P_DRMS->p_iviv );
906 }
908 if( P_DRMS->p_tmp != NULL )
909 {
910 free( (void *)P_DRMS->p_tmp );
911 }
913 free( p_drms );
914 }
916 void drms_decrypt( void *p_drms, uint32_t *p_buffer, uint32_t i_len )
917 {
918 uint32_t i, x, y;
919 uint32_t *p_cur_key = P_DRMS->p_key;
921 x = (i_len / sizeof(P_DRMS->p_key)) * sizeof(P_DRMS->p_key);
923 if( P_DRMS->i_tmp_len < x )
924 {
925 free( (void *)P_DRMS->p_tmp );
927 P_DRMS->i_tmp_len = x;
928 P_DRMS->p_tmp = malloc( P_DRMS->i_tmp_len );
929 }
931 if( P_DRMS->p_tmp != NULL )
932 {
933 memcpy( P_DRMS->p_tmp, p_buffer, x );
935 for( i = 0, x /= sizeof(P_DRMS->p_key); i < x; i++ )
936 {
937 y = i * sizeof(*p_buffer);
939 ctx_xor( P_DRMS->p_ctx, P_DRMS->p_tmp + y, p_buffer + y,
940 p_drms_tab3, p_drms_tab4 );
941 block_xor( p_buffer + y, p_cur_key, p_buffer + y );
943 p_cur_key = P_DRMS->p_tmp + y;
944 }
945 }
946 }
948 int drms_init( void *p_drms, uint32_t i_type,
949 uint8_t *p_info, uint32_t i_len )
950 {
951 int i_ret = 0;
953 switch( i_type )
954 {
955 case DRMS_INIT_UKEY:
956 {
957 if( i_len != sizeof(P_DRMS->p_key) )
958 {
959 i_ret = -1;
960 break;
961 }
963 init_ctx( P_DRMS->p_ctx, (uint32_t *)p_info );
964 }
965 break;
967 case DRMS_INIT_IVIV:
968 {
969 if( i_len != sizeof(P_DRMS->p_key) )
970 {
971 i_ret = -1;
972 break;
973 }
975 P_DRMS->p_iviv = malloc( i_len );
976 if( P_DRMS->p_iviv == NULL )
977 {
978 i_ret = -1;
979 break;
980 }
982 memcpy( P_DRMS->p_iviv, p_info, i_len );
983 P_DRMS->i_iviv_len = i_len;
984 }
985 break;
987 case DRMS_INIT_NAME:
988 {
989 P_DRMS->p_name = malloc( i_len );
990 if( P_DRMS->p_name == NULL )
991 {
992 i_ret = -1;
993 break;
994 }
996 memcpy( P_DRMS->p_name, p_info, i_len );
997 P_DRMS->i_name_len = i_len;
998 }
999 break;
1001 case DRMS_INIT_PRIV:
1002 {
1003 uint32_t i;
1004 uint32_t p_priv[ 64 ];
1005 uint32_t p_tmp[ 128 ];
1007 if( i_len < 64 )
1008 {
1009 i_ret = -1;
1010 break;
1011 }
1013 TAOS_INIT( p_tmp, 0 );
1014 taos_add3( p_tmp, P_DRMS->p_name, P_DRMS->i_name_len );
1015 taos_add3( p_tmp, P_DRMS->p_iviv, P_DRMS->i_iviv_len );
1016 memcpy( p_priv, &p_tmp[ 4 ], sizeof(p_priv[ 0 ]) * 2 );
1017 i = (p_tmp[ 4 ] / 8) & 63;
1018 i = i >= 56 ? 120 - i : 56 - i;
1019 taos_add3( p_tmp, p_drms_tab_tend, i );
1020 taos_add3( p_tmp, (uint8_t *)p_priv, sizeof(p_priv[ 0 ]) * 2 );
1022 memcpy( p_priv, p_info, 64 );
1023 memcpy( P_DRMS->p_key, p_tmp, sizeof(P_DRMS->p_key) );
1024 drms_decrypt( p_drms, p_priv, sizeof(p_priv) );
1026 init_ctx( P_DRMS->p_ctx, &p_priv[ 6 ] );
1027 memcpy( P_DRMS->p_key, &p_priv[ 12 ], sizeof(P_DRMS->p_key) );
1029 free( (void *)P_DRMS->p_name );
1030 P_DRMS->p_name = NULL;
1031 free( (void *)P_DRMS->p_iviv );
1032 P_DRMS->p_iviv = NULL;
1033 }
1034 break;
1035 }
1037 return( i_ret );
1038 }
1040 #undef P_DRMS
1042 #endif