first poc tool to generate dfu package working

Author: acalatrava

apps/firmware/dfu_images/README.md

@@ -0,0 +1,10 @@
+## Formato de fichero DFU
+
+Primeros 9 bytes => 12 8a 01 0a 44 08 01 12 40 
+[ 
+siguiente 24 bytes => 08 01 10 34 1a 02 83 02 20 00 28 00 30 00 38 84 8c 03 42 24 08 03 12 20
+Byte 34 => 32 bytes sha256 bin file - little endian
+byte 65 => 48 00 52 04 08 01 12 00 
+] <-- esto se firma con ecds y se pone a partir del byte 77
+byte 73 => 10 00 1a 40 
+byte 77 => 

apps/firmware/dfu_images/build_and_flash.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+cd ../build
+make
+cd ../dfu_images
+cp ../../firmware/build/_build/nrf52810_xxaa.hex . 
+nrfutil settings generate --family NRF52810 --application nrf52810_xxaa.hex --application-version 1 --bootloader-version 1 --bl-settings-version 2 bl_settings.hex
+mergehex -m bl_settings.hex secure_bootloader_moko.hex nrf52810_xxaa.hex ../../../nRF5_SDK_17.0.2_d674dde/components/softdevice/s112/hex/s112_nrf52_7.2.0_softdevice.hex --output full_dfu.hex
+nrfjprog -f nrf52 --recover; while [ $? != 0 ]; do nrfjprog -f nrf52 --recover; done;
+nrfjprog -f nrf52 --program full_dfu.hex --reset

apps/firmware/dfu_images/build_and_zip.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+cd ../build
+make
+cd ../dfu_images
+cp ../../firmware/build/_build/nrf52810_xxaa.hex .
+nrfutil pkg generate --hw-version 52 --sd-req 0x0100 --application-version 1 --application nrf52810_xxaa.hex --sd-id 0x103 --key-file private.key app.zip

apps/firmware/dfu_images/generate_dat.js

@@ -0,0 +1,116 @@
+const fs = require('fs');
+const crypto = require('crypto');
+
+const filePath = './nrf52810_xxaa.bin';
+const privateKeyFile = '../../private.key';
+const algo = 'sha256';
+const curve = 'p256';
+
+
+const initPacket_header = new Buffer.from([0x12 ,0x8a ,0x01 ,0x0a ,0x44 ,0x08 ,0x01 ,0x12 ,0x40]);
+let initPacket = new Buffer.from([0x08 ,0x01 ,0x10 ,0x34 ,0x1a ,0x02 ,0x83 ,0x02 ,0x20 ,0x00 ,0x28 ,0x00 ,0x30 ,0x00 ,0x38 ,0x84 ,0x8c ,0x03 ,0x42 ,0x24 ,0x08 ,0x03 ,0x12 ,0x20]);
+
+if (process.argv.length < 2) {
+    console.log("base64 adv key expected");
+    exit();
+}
+
+const file = fs.readFileSync(filePath);
+const str = file.toString("hex");
+let keyBuffer = new Buffer.from(process.argv[2], 'base64');
+let offlineBuffer = new Buffer.from("OFFLINEFINDINGPUBLICKEYHERE!", 'ascii');
+let newStr = str.replace(offlineBuffer.toString("hex"), keyBuffer.toString("hex"));
+let buffer = Buffer.from( newStr, "hex" );
+fs.writeFileSync(filePath + ".patched", buffer);
+
+fs.readFile(filePath +".patched", (err, data) => {
+    if (err) {
+        console.error(err);
+        return;
+    }
+    const hash = crypto.createHash('sha256');
+    hash.update(data);
+	const hashBuffer = hash.digest();
+
+    // Añadimos SHA256 en little endian
+    initPacket = Buffer.concat([initPacket, hashBuffer.reverse()]);
+
+    // Añadimos data fijo
+    initPacket = Buffer.concat([initPacket, new Buffer.from([0x48, 0x00, 0x52, 0x04, 0x08, 0x01, 0x12, 0x00])]);
+
+    // Firmamos lo que tenemos con ecdsa
+    fs.readFile('../../private.key', 'utf8', (err, sk_pem) => {
+        /*
+        if (err) throw err;
+        const EC = require('elliptic').ec;
+        const ec = new EC('p256');
+
+        console.log("initPacket to be signed: ", initPacket);
+
+        const sk = ec.keyFromPrivate(sk_pem, 'hex');
+        const hash = crypto.createHash('sha256');
+        hash.update(initPacket);
+        const sha256packet = hash.digest();
+        console.log("initPacket", initPacket.length, initPacket);
+        console.log("sha256packet", sha256packet);
+        const sig = sk.sign(sha256packet);
+        const sigBuffer1 = Buffer.from(sig.toDER().slice(0,32)).reverse();
+        const sigBuffer2 = Buffer.from(sig.toDER().slice(32,64)).reverse();
+        console.log("sig", sig.toDER());
+        console.log("sigBuffer1", sigBuffer1);
+        console.log("sigBuffer2", sigBuffer2);
+        console.log("sigBufferR", Buffer.from(sig.r.toArray()));
+        console.log("sigBufferS", Buffer.from(sig.s.toArray()));
+        initPacket = Buffer.concat([initPacket, Buffer.from([0x10, 0x00, 0x1a, 0x40]), Buffer.from(sig.r.toArray()).reverse(), Buffer.from(sig.s.toArray()).reverse()]);
+        //initPacket = Buffer.concat([initPacket, sigBuffer1, sigBuffer2]);
+        */
+
+        //fs.writeFileSync("initPacket.bin", initPacket);
+        const sign = crypto.createSign('SHA256');
+        sign.update(initPacket);
+        sign.end();
+
+
+        const signature = sign.sign({ key: sk_pem, dsaEncoding: 'ieee-p1363', curve: 'p256' });
+        console.log(signature);
+        //fs.writeFileSync("sign.bin", signature);
+        let r = signature.subarray(0,32);
+        let s = signature.subarray(32,64);
+        console.log(r,s);
+        initPacket = Buffer.concat([initPacket, Buffer.from([0x10, 0x00, 0x1a, 0x40]), Buffer.from(r).reverse(), Buffer.from(s).reverse()]);
+
+        /*
+        let r = signature.subarray(0, 32);
+        let s = signature.subarray(32, 64);
+        console.log("sigBufferR", r.reverse());
+        console.log("sigBufferR", s.reverse());
+        */
+
+        /*
+        const elliptic = require("elliptic").ec;
+        const ec = new elliptic("p256");
+        const key = ec.keyFromPrivate(sk_pem);
+        const signature = key.sign(initPacket);
+        let r = new Buffer.from(signature.r.toArray());
+        let s = new Buffer.from(signature.s.toArray());
+        console.log(r, s);
+
+        initPacket = Buffer.concat([initPacket, r.reverse(), s.reverse()]);
+
+        */
+
+
+        // Finalizamos packet
+        initPacket = Buffer.concat([initPacket_header, initPacket]);
+
+        fs.writeFile('my.dat', initPacket, (err) => {
+            if (err) throw err;
+            console.log('The buffer was written to the file!');
+        });
+    });
+
+    //const hashArray = Array.from(hashBuffer);
+    //const littleEndian = hashArray.reverse().map((val) => ('0' + val.toString(16)).slice(-2)).join('');
+    //console.log(`The SHA-256 hash of ${filePath} in little-endian format is: ${littleEndian}`);
+
+});