Open milenovic opened 2 years ago
mefistotelis
commented
2 years ago If you wish to start looking into keys, make sure to read: https://github.com/o-gs/dji-firmware-tools/wiki/Firmware-m0901#boot-process https://github.com/o-gs/dji-firmware-tools/wiki/Firmware-m0801#keys-derivation .. and the whole pages above.
milenovic
commented
1 year ago A year later, I finally found time to keep digging into this again :) I still do not fully understand key derivation process, but I am making progress!
One thing that is confusing me in the Readme and other docs here is the mention of the file wm230_0801_v10.00.07.12_20180126.pro.fw_0801.bootarea_p0_BLLK.bin which is a part of the bootarea.img for the wm230. But for this platform, the TBIE key required to decrypt the bootarea is not (publicly) available. I see that for that file, the sections are identified, their memory addresses are mapped, and even some symbols are available! Having the file would help me understand how to do the same on other BLLK files from other platforms. Could I ask how was the file obtained? Or, could someone upload this file?
mefistotelis
commented
1 year ago Hm, you're right - TBIE-2018-01 is still not public..
Ok then, file attached.
wm230_0801_v10.00.07.12_20180126.pro.fw_0801.bootarea_p0_BLLK.bin.gz
milenovic
commented
6 months ago One year later... Maybe it's time to make the key public? 0x7b, 0xca, 0x59, 0x6f, 0x22, 0x73, 0xc5, 0x19, 0x5e, 0x41, 0x42, 0xaa, 0x3d, 0x20, 0x1e, 0x25
gogisoft
commented
6 months ago Thanks for sharing. Tring to get a Mini 3 gimbal working again on spare time. Does your post imply DJI has ecryprion keys protecting the firmware?
milenovic
commented
6 months ago That question is best answered by fully reading this amazing repository ;)
Is there any chance to determine TBIE key used in WM232 firmware (V02.04.1604 - V02.04.2120) bootarea.img/rtos.img/normal.img partitions? The correct PRAK key for them is PRAK-2020-01, but none of the TBIE keys available in this repository are correct. Correct UFIE key is UFIE-2020-04.