Skip to content
/ scalpel Public

snipping around firmware images to replace chunks of it for easier batch firmware generation, extraction, and most importantly signing

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nello-io/scalpel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
src
src
 
 
tmp
tmp
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
README.md
README.md
 
 

Repository files navigation

scalpel

A scalpel and stitch tool for binaries. Maybe also a signing tool, maybe.

Snip around, stich up and/or sign binaries

This is mostly used for the case where parts of the binary need to be extracted or replaced.

Use Cases

  • cut firmware into pieces from an all-in-one blob

    scalpel cut --start 0 --end 4Ki --output bootloader.bin firmware.bin
scalpel cut --start 4Ki --size 241664 --output part_A.bin firmware.bin
scalpel cut --start 282624 --size 241664 --output part_B.bin firmware.bin

  • stitch firmware pieces together such as bootloader and application

    scalpel stitch --binary tmp/test_bytes --offset 0    --binary tmp/test_bytes --offset 2048 --fill-pattern zero --output stitched.bin
scalpel stitch --binary tmp/test_bytes --offset 2Ki --binary tmp/test_bytes --offset 0 --fill-pattern one --output stitched.bin
scalpel stitch --binary tmp/test_bytes --offset 2058 --binary tmp/test_bytes --offset 10 --fill-pattern random --output stitched.bin

  • replace a section with a new file

    scalpel replace --start 1Ki --end 2Ki --replace tmp/test_cut_out --output cut tmp/test_bytes
scalpel replace --end 2Ki --replace tmp/test_cut_out --output cut tmp/test_bytes
scalpel replace --start 1Ki --size 1Ki --replace tmp/test_cut_out --output cut tmp/test_bytes

  • [alpha] sign firmware for authenticity

    scalpel sign tmp/ed25519_keypair.pk8 --format pkcs8 tmp/signme.bin
scalpel sign tmp/ed25519_keypair.pk8 --output tmp/signme_signed.bin tmp/signme.bin
scalpel sign tmp/ed25519_keypair.pk8 tmp/test_bytes tmp/signme.bin

Features

  • cut off a binary at specific start and end/size
  • Add signature verification and appendix features (using preferably ring and [webpki] or as an alternative [sodiumoxide] (linking it statically))
  • Handle endianness of checksums properly
  • Replace parts (i.e. cert files or non volatile memory and/or sections) (with resigning if necessary)
  • Allow hexadecimal input
  • Allow multipile input scales (K = 1000, Ki = 1024, M = 1e6, Mi = 1024*1024, ...)
  • Add verifier option for alignment to given sector/page size

Common / Hints

  • You need th extracted binary as include? Use xxd -i sliced.bin > sliced_binary.h to create a header file out of the result.

  • Convert RSA keys in .pem format to pkcs8 format via openssl (see ring doc doc-ring ), openssl supports Ed25519 algorithm currently only on master branch

    openssl pkcs8 -toppk8 -nocrypt -outform der -in [key.pem] > [pkcs8_key.pk8]

  • Generate valid Ed25519 Keypair use small tool from ring author:

    cargo install kt
kt generate ed25519 --out=FILE

About

snipping around firmware images to replace chunks of it for easier batch firmware generation, extraction, and most importantly signing

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

7 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages