|
|
||
|---|---|---|
| .. | ||
| calculate_iv | ||
| fsdecrypt.exe | ||
| fstool.exe | ||
| README.md | ||
Fstools
.app files
- Create a new file titled <PCB CODE>.bin
- Fill in the first 16 bytes of <PCB CODE>.bin with the AES key. (e.g. 9D 0B BA 20 D1 E8 4F 24 59 39 9F 53 83 BE EE 72)
- The next 16 bytes will be the NTFS header (EB 52 90 4E 54 46 53 20 20 20 20 00 10 01 00 00)the NTFS header is always the same
- Save this file, then decrypt the app files with the following command:
fsdecrypt \<PCB CODE>.bin 0x200000 <path/to/app> <out.vhd> - Once it finishes decrypting, run calculate_iv.py and save key 1
- Open <PCB CODE>.bin inside the hex editor once more, replace the NTFS header with the key 1
- Run "fsdecrypt <PCB CODE>.bin 0x200000 <path/to/app> <out.vhd>" once more
- Your app is now decrypted, you can extract the internal_0 with ofsmount
.opt files
- Decrypt the opt file using fstools with the following command:
fstool.exe dec OPT.bin in.opt out.vhd - Run calculate_iv.py and save key 3
- Replace the IV key of the OPT.bin with key 3, the IV key of OPT.bin are the second 16 bytes
- Decrypt the opt file once more with the new key