add initial hacks

2 files changed, 319 insertions, 0 deletions

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..2e695d0
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,7 @@
+CFLAGS := -g3 -Wall -O2 `pkg-config libusb-1.0 --cflags` `pkg-config openssl --cflags`
+LIBS := `pkg-config libusb-1.0 --libs` `pkg-config openssl --libs`
+
+dl3: dl3.c
+	$(CC) $(CFLAGS) -o dl3 dl3.c $(LIBS)
+
+all: dl3
diff --git a/dl3.c b/dl3.c
new file mode 100644
index 0000000..aa11336
--- /dev/null
+++ b/dl3.c
@@ -0,0 +1,312 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+
+#include "libusb.h"
+
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+
+static int VID = 0x17e9;
+static int PID = 0x4301;
+
+
+/* this is a copy of the 546 byte packet we get back from the device
+   that looks like a HDCP cert. - I'm currently
+   assuming 522 bytes from the end is the start of the HDCPv2 cert. */
+static unsigned char dplinkcert[] =
+{0x00, 0x00, 0x1e, 0x02, 0x04, 0x00, 0x00, 0x80, 
+ 0x00, 0x00, 0x00, 0x00, 0xae, 0x02, 0x00, 0x00, 
+ 0x10, 0x02, 0x84, 0x00, 0x30, 0xef, 0x03, 0x01, 
+ 0xd6, 0xb4, 0x33, 0x38, 0xf0, 0x92, 0xe6, 0x43, 
+0x1e, 0x1e, 0x31, 0x25, 0x7f, 0xb4, 0xa7, 0x3c, 
+0x92, 0x65, 0x86, 0x29, 0x00, 0x47, 0xe9, 0x22, 
+0x15, 0xfc, 0xf7, 0x55, 0xfd, 0x8c, 0x9e, 0xf1, 
+0xc1, 0x57, 0xe7, 0xcb, 0x79, 0x21, 0x6b, 0x6b, 
+0xfd, 0x1d, 0x4a, 0xfe, 0xc5, 0xf6, 0x5c, 0x60, 
+0xd8, 0x13, 0xf2, 0xee, 0x9b, 0x70, 0xdb, 0xee, 
+0x4c, 0x0a, 0x30, 0x4e, 0x14, 0x18, 0xe1, 0x84, 
+0x46, 0x8a, 0xb8, 0xa5, 0xf9, 0x26, 0x08, 0x35, 
+0xf2, 0x2e, 0xd3, 0x84, 0x2a, 0x47, 0xc7, 0x78, 
+0xee, 0x20, 0x7b, 0xca, 0xb9, 0x4c, 0x1a, 0xd8, 
+0x18, 0x02, 0x3c, 0xfd, 0x87, 0x88, 0x77, 0xc7, 
+0x10, 0x70, 0x11, 0x49, 0xc0, 0xce, 0xa6, 0x29, 
+0x38, 0xdc, 0x93, 0x41, 0x8b, 0x8e, 0x93, 0xda, 
+0x50, 0x3c, 0x96, 0xee, 0xc6, 0x82, 0x38, 0xad, 
+0xba, 0x08, 0x5a, 0x1b, 0xa6, 0x92, 0xe8, 0x47, 
+0x58, 0xba, 0x89, 0x14, 0xf3, 0x01, 0x00, 0x01, 
+0x00, 0x00, 0x26, 0x27, 0x84, 0x9a, 0x55, 0x8f, 
+0x00, 0x27, 0x7a, 0xa5, 0xa9, 0x13, 0x75, 0x4a, 
+0x86, 0xc3, 0x63, 0x88, 0xef, 0x21, 0xa5, 0x7c, 
+0xc2, 0x22, 0xea, 0x34, 0x89, 0x71, 0x2f, 0xc1, 
+0x0e, 0x1e, 0xa3, 0xfd, 0x06, 0xc0, 0x7a, 0xd2, 
+0x04, 0x73, 0xc0, 0x2d, 0x3b, 0x86, 0x28, 0x9c, 
+0xdd, 0x2d, 0x00, 0x48, 0xb2, 0x13, 0xff, 0xef, 
+0x20, 0x75, 0xb3, 0xe0, 0xfa, 0x61, 0x71, 0xcd, 
+0x3a, 0x1d, 0x66, 0x3f, 0xde, 0x91, 0xad, 0x35, 
+0x3c, 0x59, 0x7f, 0x36, 0x1b, 0xe2, 0xb5, 0xb3, 
+0x6e, 0x0f, 0xae, 0x27, 0x20, 0x86, 0x12, 0x76, 
+0x64, 0x07, 0x22, 0xa0, 0x12, 0x9f, 0x81, 0xb7, 
+0xa6, 0xc2, 0x3d, 0xe6, 0x5e, 0x5d, 0x5a, 0xc6, 
+0xb7, 0x96, 0xc5, 0xb9, 0x99, 0x70, 0xdc, 0xb5, 
+0xcb, 0xfa, 0xe0, 0xff, 0xbd, 0xb8, 0xe5, 0xb8, 
+0xd8, 0xc2, 0x24, 0xec, 0x19, 0x6d, 0xe8, 0x62, 
+0x39, 0xf8, 0x48, 0x5c, 0xfa, 0xcf, 0xba, 0x47, 
+0x2f, 0x4f, 0x9a, 0xf0, 0xbc, 0x05, 0x49, 0x78, 
+0xc1, 0x00, 0x14, 0x76, 0x03, 0x77, 0x77, 0xf2, 
+0x52, 0xe2, 0xf0, 0x83, 0xb2, 0x3f, 0x8a, 0xf5, 
+0xaa, 0x75, 0xdc, 0x25, 0x30, 0x03, 0xbb, 0xdd, 
+0xa0, 0xeb, 0x67, 0x99, 0x8f, 0x38, 0x45, 0x87, 
+0x70, 0x72, 0x3f, 0xf6, 0x98, 0xbd, 0xd7, 0xcf, 
+0x21, 0xbe, 0xdc, 0xb2, 0x7b, 0x19, 0x25, 0xce, 
+0x73, 0x3c, 0x9f, 0xb8, 0xd0, 0x36, 0x46, 0xf5, 
+0x18, 0xb3, 0xed, 0x4f, 0x6a, 0x4f, 0x78, 0x98, 
+0x24, 0x7b, 0x26, 0xab, 0x42, 0x7c, 0x5a, 0x94, 
+0x64, 0xd9, 0x71, 0x06, 0xc7, 0xb5, 0x6e, 0xba, 
+0x40, 0x3f, 0xca, 0x8e, 0xca, 0x1b, 0xaf, 0xf2, 
+0x30, 0x57, 0x4f, 0x8a, 0xac, 0xe8, 0x22, 0x53, 
+0xdb, 0x1f, 0x78, 0x9a, 0x34, 0xe8, 0x42, 0x28, 
+0x69, 0xc1, 0xf9, 0xc4, 0x08, 0x5d, 0x93, 0xae, 
+0xd9, 0xe2, 0x14, 0x39, 0x06, 0x05, 0x4c, 0xb7, 
+0x4a, 0x12, 0xaf, 0x32, 0x32, 0x17, 0x61, 0x31, 
+0x51, 0xca, 0x58, 0x70, 0xef, 0x5e, 0x08, 0x5a, 
+0x62, 0xda, 0x50, 0xa5, 0xf5, 0xe2, 0xd9, 0x09, 
+0xf1, 0x36, 0x37, 0x3d, 0xd4, 0x9c, 0xdd, 0xd5, 
+0x3f, 0x0c, 0xd4, 0xec, 0x51, 0xb0, 0x65, 0x5b, 
+0x68, 0x6e, 0xa4, 0x37, 0x44, 0x26, 0xe8, 0x2a, 
+0xdf, 0x7c, 0x20, 0x05, 0x98, 0xee, 0xe7, 0x1b, 
+0x3d, 0x83, 0x3f, 0x76, 0x60, 0x0c, 0x17, 0xfb, 
+0x6a, 0x51, 0xcb, 0x2d, 0x36, 0xb4, 0x0b, 0x4f, 
+0x3b, 0x24, 0x5d, 0x36, 0xa3, 0x12, 0xf2, 0xb6, 
+0x4a, 0x68, 0xa9, 0x5c, 0x1c, 0xec, 0xdb, 0xe3, 
+0x49, 0x23, 0x9d, 0x94, 0x54, 0x1a, 0xfa, 0x52, 
+0xc6, 0xee, 0x65, 0xdb, 0x9e, 0xe8, 0xf2, 0x40, 
+0x00, 0x25, 0xaa, 0x79, 0x0b, 0x21, 0xa4, 0x59, 
+0x81, 0xf1, 0xc6, 0x18, 0xd0, 0xc4, 0x85, 0x3d, 
+					     0x2b, 0x2b };
+    
+static unsigned char buf0[] = {00, 0x00, 0x1C, 0x00, 0x02, 0x00, 0x00, 0x00,
+			     04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     00, 0x00, 0x2D, 0x00, 0x04, 0x00, 0x00, 0x00,
+			     04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     0x1F, 0x00, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00,
+			     02, 0xC0, 0xAF, 0x52, 0xCE, 0x64, 0x22, 0xF4,
+			     0xBB, 0x00, 0x00, 0x00 };
+
+static void decode_cert(const unsigned char *buf, int len)
+{
+	const unsigned char *start = buf + (len - 522);
+	BIGNUM *e, *m;
+	int i, ret;
+	EVP_PKEY *pRsaKey = EVP_PKEY_new();
+	EVP_PKEY_CTX *ctx;
+	EVP_MD_CTX *mdctx = NULL;
+
+	RSA *rsa = RSA_new();
+	printf("recv id: %02x %02x %02x %02x %02x\n",
+	       start[0], start[1], start[2], start[3], start[4]);
+
+	printf("rect pub key:\n");
+
+	m = BN_bin2bn(start + 5, 128, NULL);
+
+	e = BN_bin2bn(start + 133, 3, NULL);
+
+	rsa->n = m;
+	rsa->e = e;
+
+	EVP_PKEY_assign_RSA(pRsaKey, rsa);
+
+	for (i = 5; i < 5 + 128; i++) {
+		printf("%02x", start[i]);
+	}
+	printf("\n");
+	for (i = 133; i < 133 + 3; i++) {
+		printf("%02x", start[i]);
+	}
+	printf("\n");
+	printf("proto descrip + rsvd: \n");
+	for (i = 136; i < 136 + 2; i++) {
+		printf("%02x", start[i]);
+	}
+	printf("\nllc sig: \n");
+	for (i = 138; i < 136 + 384; i++) {
+		printf("%02x", start[i]);
+	}
+	printf("\n");
+
+	ctx = EVP_PKEY_CTX_new(pRsaKey, NULL);
+	if (EVP_PKEY_verify_init(ctx) <= 0) {
+		printf("fail 1\n");
+		return;
+	}
+
+	mdctx = EVP_MD_CTX_create();
+	EVP_DigestVerifyInit(mdctx, NULL, EVP_sha256(), NULL, pRsaKey);
+
+	EVP_DigestVerifyUpdate(mdctx, start, 138);
+	ret = EVP_DigestVerifyFinal(mdctx, start + 138, 384);
+#if 0
+	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING) <= 0) {
+		printf("fail passing\n");
+		return;
+	}
+#if 1
+	if (EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()) <= 0) {
+		printf("fail sig\n");
+		return;
+	}
+#endif	
+	ret = EVP_PKEY_verify(ctx, start + 138, 384, start, 138);
+#endif
+	printf("ret is %d\n", ret);
+}
+static int send_buffer(libusb_device_handle *handle, int endpoint_out, int endpoint_in)
+{
+	unsigned char buf[1024];
+	int r, i = 0;
+	int size;
+
+	memset(buf, 0, 255);
+#if 0
+	buf[2] = 0x1c;
+	buf[4] = 0x02;
+	buf[8] = 0x25;
+	buf[16] = 0x05;
+#endif
+
+	buf[2] = 0x0c;
+	buf[4] = 0x01;
+
+	do {
+		r = libusb_bulk_transfer(handle, endpoint_out, buf, 16, &size, 1000);
+		if (r == LIBUSB_ERROR_PIPE)
+			libusb_clear_halt(handle, endpoint_out);
+		i++;
+	} while ((r == LIBUSB_ERROR_PIPE) && (i < 5));
+
+	buf[2] = 0x1c;
+	buf[4] = 0x02;
+	buf[8] = 0x25;
+	buf[16] = 0x05;
+
+	do {
+		r = libusb_bulk_transfer(handle, endpoint_out, buf, 32, &size, 1000);
+		if (r == LIBUSB_ERROR_PIPE)
+			libusb_clear_halt(handle, endpoint_out);
+		i++;
+	} while ((r == LIBUSB_ERROR_PIPE) && (i < 5));
+
+	do {
+		r = libusb_bulk_transfer(handle, endpoint_out, buf0, 84, &size, 1000);
+		if (r == LIBUSB_ERROR_PIPE)
+			libusb_clear_halt(handle, endpoint_out);
+		i++;
+	} while ((r == LIBUSB_ERROR_PIPE) && (i < 5));
+
+	r = libusb_bulk_transfer(handle, endpoint_in, buf, 38, &size, 1000);
+	if (r < 0) {
+		printf("libusb_bulk_transfer failed: %s\n", libusb_error_name(r));
+		return;
+	}
+	printf(" rx %d\n", size);
+
+	for (i = 0; i < size; i++) {
+		printf("%02x ", buf[i]);
+	}
+	printf("\n");
+
+	r = libusb_bulk_transfer(handle, endpoint_in, buf, 546, &size, 1000);
+	if (r < 0) {
+		printf("libusb_bulk_transfer failed: %s\n", libusb_error_name(r));
+		return;
+	}
+	printf(" rx %d\n", size);
+
+	printf("{");
+	for (i = 0; i < size; i++) {
+		printf("0x%02x, ", buf[i]);
+		if ((i % 8) == 7)
+			printf("\n");
+	}
+	printf("}\n");
+
+	decode_cert(buf, size);
+
+	return 0;
+
+	return 0;
+}
+
+int test_device(uint16_t vid, uint16_t pid)
+{
+	libusb_device_handle *handle;
+	libusb_device *dev;
+	uint8_t bus;
+	int r;
+	struct libusb_config_descriptor *conf_desc;
+	int nb_ifaces;
+	int iface;
+
+	handle = libusb_open_device_with_vid_pid(NULL, vid, pid);
+	if (handle == NULL) {
+		return -1;
+	}
+
+	dev = libusb_get_device(handle);
+	bus = libusb_get_bus_number(dev);
+
+	r = libusb_get_config_descriptor(dev, 0, &conf_desc);
+	if (r < 0)
+		return -1;
+
+	nb_ifaces = conf_desc->bNumInterfaces;
+	libusb_free_config_descriptor(conf_desc);
+	for (iface = 0; iface < nb_ifaces; iface++)
+	{
+		printf("\nClaiming interface %d...\n", iface);
+		r = libusb_claim_interface(handle, iface);
+		if (r != LIBUSB_SUCCESS) {
+			perror("   Failed.\n");
+		}
+	}
+
+	printf("num interfaces %d\n", nb_ifaces);
+
+	
+				
+	send_buffer(handle, 0x02, 0x84);
+	printf("\n");
+	for (iface = 0; iface<nb_ifaces; iface++) {
+		printf("Releasing interface %d...\n", iface);
+		libusb_release_interface(handle, iface);
+	}
+
+
+
+	libusb_close(handle);
+	return 0;
+}
+
+int main(int argc, char** argv)
+{
+	int r;
+
+	decode_cert(dplinkcert, 546);
+#if 0
+	r = libusb_init(NULL);
+	if (r < 0)
+		return r;
+		libusb_set_debug(NULL, LIBUSB_LOG_LEVEL_DEBUG);
+	test_device(VID, PID);
+
+	libusb_exit(NULL);
+#endif
+}