Incorrect OpenSSL salt value
jankais3r opened this issue · comments
Jan Kaiser commented
Binwalk v2.3.3, macOS 12.3.1
When I binwalk an encrypted firmware file, the salt value presented by binwalk is missing one zero ('0').
% binwalk neeo_firmware_0.53.8-20180424-05eb8e2-0201-092014_emmc.img
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 OpenSSL encryption, salted, salt: 0x1C71100B7A525EF
9177690 0x8C0A5A PGP RSA encrypted session key - keyid: 1E80D960 7D722BB6 RSA (Encrypt or Sign) 1024b
118578988 0x7115F2C Uncompressed Adobe Flash SWF file, Version 123, File size (header included) 48125275
142827605 0x8836055 MySQL ISAM index file Version 9
155150271 0x93F67BF MySQL MISAM compressed data file Version 3
196302979 0xBB35883 MPEG transport stream data
% binwalk -W neeo_firmware_0.53.8-20180424-05eb8e2-0201-092014_emmc.img -l 128
OFFSET neeo_firmware_0.53.8-20180424-05eb8e2-0201-092014_emmc.img
--------------------------------------------------------------------------------
0x00000000 53 61 6C 74 65 64 5F 5F 1C 71 10 0B 07 A5 25 EF |Salted__.q....%.|
0x00000010 D6 6E 67 60 CA 59 2F 29 2E 89 B6 FD FE CD 77 DF |.ng`.Y/)......w.|
0x00000020 0B 05 19 1F 96 73 6C E7 83 7C 33 3D 8D B9 16 54 |.....sl..|3=...T|
0x00000030 B6 FC 7C 9F AF E0 E8 DD B6 23 6C F7 23 13 4B BE |..|......#l.#.K.|
0x00000040 82 F8 30 E8 6E 47 83 A3 FC 1C B8 E4 B8 54 96 E1 |..0.nG.......T..|
0x00000050 13 7C 9C 09 75 5F 28 75 45 DA 1B 3B 8C 98 BF C0 |.|..u_(uE..;....|
0x00000060 13 CE 92 CF 39 91 16 2B 81 ED D7 02 DB 51 0B E8 |....9..+.....Q..|
0x00000070 11 18 ED A4 F8 B8 C3 41 9B 20 75 4E 3F F4 FB 66 |.......A..uN?..f|
The correct salt value is 1C71100B07A525EF
, but binwalk says it is 1C71100B7A525EF
.