本篇讲解如何使用CmAct私钥来解析RAU和DYN文件
本来,我也想用RAU文件作为例子的,但是RAU文件对应的wbc文件还差一个系统特征没有对上,导致我没有办法获得CmAct证书的私钥,也就没有办法去解析RAU文件。
实际的机器也不在我手上,没有办法通过调试来查找原因,所以先用DYN文件作为例子,这个问题有空再解决。
DYN文件最容易获得,所以本文将以DYN文件为例。
DYN文件在每次导入LIC文件时都会产生一份新的,所以可以在虚拟机环境下也可以获取。
DYN文件和RAU文件的结构类似,所以解析DYN文件的过程同样能用于RAU文件。
本节从头演示在虚拟机中导入LIF、生成wbc和DYN文件、获取私钥的过程:
当前环境一览:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
> uname
-
a
Linux ubuntu
5.4
.
0
-
132
-
generic
#148~18.04.1-Ubuntu SMP Mon Oct 24 20:41:14 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
> cmu
-
v
cmu
-
CodeMeter Universal Support Tool.
Version
6.60
of
2017
-
Dec
-
18
(Build
2869
)
for
Linux
Copyright (C)
2007
-
2017
by WIBU
-
SYSTEMS AG.
All
rights reserved.
Operating System:
Name: Ubuntu
18.04
.
6
LTS (Kernel
5.4
.
0
-
132
-
generic)
Architecture: x86_64
Current system user:
username: mjs
domain:
RunTime version information:
cmu:
6.60
.
2869.500
2017
-
12
-
18
CodeMeter
-
Service:
6.60
.
2869.500
2017
-
12
-
18
CodeMeterAct:
6.60
.
2869.500
2017
-
12
-
18
Library:
6.60
.
2869.500
2017
-
12
-
18
Installed
file
version information:
CodeMeter
-
Service:
6.60
.
2869.500
2017
-
12
-
18
(
64bit
)
CodeMeterCC:
6.60
.
2869.500
2017
-
12
-
18
(
64bit
)
codemeter
-
info:
6.60
.
2869.500
2017
-
12
-
18
(
64bit
)
cmu:
6.60
.
2869.500
2017
-
12
-
18
(
64bit
)
CM Lib (
/
usr
/
lib
/
i386
-
linux
-
gnu):
6.60
.
2869.500
2017
-
12
-
18
(
32bit
)
CM Lib (
/
usr
/
lib
/
x86_64
-
linux
-
gnu):
6.60
.
2869.500
2017
-
12
-
18
(
64bit
)
Note on libusb program library used on Linux
-
operating systems by
CodeMeter License Server:
The programming library serves to read
and
write USB devices. The code
is
licensed under the GNU Lesser General Public License (LGPL) Version
2.1
.
Call cmu
-
-
licensing
-
terms to view it.
The code of the programming library libusb can be downloaded at the project
website http:
/
/
www.libusb.org
/
. On request the source can also be electronically
obtained free of charge contacting Wibu
-
Systems (support@wibu.com).
|
如果在虚拟机里导入LIF,则最好清除一遍中间文件,这样不会把新生成的中间文件和之前的弄混。
注意,如果在实体机上操作,不要清除中间文件,否则你的之前授权将无法正常工作。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
> sudo rm
/
var
/
lib
/
CodeMeter
/
CmAct
/
*
-
f
> cmu
-
i
-
f dji_aeroscope_pro.WibuCmLIF
cmu
-
CodeMeter Universal Support Tool.
Version
6.60
of
2017
-
Dec
-
18
(Build
2869
)
for
Linux
Copyright (C)
2007
-
2017
by WIBU
-
SYSTEMS AG.
All
rights reserved.
The
file
contains
1
Update:
CmActLtLicense binding information: FirmCode
6000316
Execute Update ...
The
file
contains
1
Update:
CmActLtLicense update: Serial number
130
-
1021612743
, FirmCode
6000316.
-
-
> successful
1
successful update done
> cmu
-
c
6000316
-
s130
-
1021612743
-
f update
-
130
-
1021612743.WibuCmRaC
cmu
-
CodeMeter Universal Support Tool.
Version
6.60
of
2017
-
Dec
-
18
(Build
2869
)
for
Linux
Copyright (C)
2007
-
2017
by WIBU
-
SYSTEMS AG.
All
rights reserved.
Write CmFAS
for
130
-
1021612743
for
FirmItem
6000316
> cp
/
var
/
lib
/
CodeMeter
/
CmAct .
-
r
|
备份好wbc文件后,就可以尝试获取私钥。
wbc.py将尝试获取系统特征并与item节匹配,一旦wbc文件里的所有item节匹配成功,则可以输出私钥。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
> python test.py
# wbc = wbc_file("6000316_820064b5af57b09a70db832e589ab841a6a268c6.wbc")
# if(wbc.check()):
# k = wbc.get_private_key()
# print("private_key: %s" % k.hex())
code_5001 check ok, match item_10
code_5003 check ok, match item_9
code_6001 check ok, match item_0
code_6101 check ok, match item_2
code_6103 check ok, match item_7
code_6104 check faild,
not
match
any
item
code_6105 check ok, match item_4
code_6106 check ok, match item_5
code_6107 check ok, match item_6
code_6108 check ok, match item_3
code_6109 check ok, match item_8
code_6110 check ok, match item_1
code_8001 check ok, match item_11
code_200001 check faild,
not
match
any
item
code_200002 check faild,
not
match
any
item
code_200003 check faild,
not
match
any
item
wbc
id
count:
12
system featue count:
16
system featue ok:
12
all
wbc item check ok
part1:
2295bf3c4cdbb01a457c2955d514637074c771d7b638dbadb22a1b4a3d1a9782e661e8819f3c98945e91d7022254fc447689be8c833f732b338498e5351b32
part2:
64742897b75b86aa15e282b0b2585b7c33a11c5fc8749601d864adad327db4
part3:
None
private_key: d9352ca798fde876a6c093e60bb39870ddb10e722276ab78eea3cc40
|
CmAct证书的私钥可以通过Q=dG来验证其有效性,其中Q为公钥,G为基点。
验证可以使用wibu_asn1.py的check_CmAct_key函数,但使用check_CmAct_key函数之前,需要调用解析rac_proc函数来处理RAC文件,rac_proc会解析RAC文件中的所有证书并添加到证书链中。
以下代码首先解析了RAC文件并将结果打印出来,接着调用check_CmAct_key函数来验证私钥是否与CmAct证书对应。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
> rac_proc(
"testcase/update-130-1021612743.WibuCmRaC"
)
<container
-
type
-
specific>
<cmact>
<lif> A0
82
04
95
06
09
2A
86
48
86
F7
0D
01
07
02
A0
82
04
86
30
82
04
82
02
01
01
31
0D
30
0B
06
09
60
86
48
01
65
03
04
02
01
30
81
C1
06
0A
2B
06
01
04
01
82
DB
45
02
01
A0
81
B2 FF
81
64
81
AD FF
81
21
37
DF
81
35
08
63
6D
62
6F
78
70
67
6D
FF
81
25
12
DF
4E
02
00
01
DF
54
02
00
01
DF
20
05
00
00
00
00
00
FF
7A
12
DF
4E
02
00
01
DF
54
02
00
01
DF
20
05
00
00
00
00
00
FF
64
12
DF
81
32
05
00
22
8D
3B
86
DF
81
33
05
00
20
F0 EE C0 FF
7D
22
DE
18
44
00
4A
00
49
00
20
00
46
00
69
00
72
00
6D
00
43
00
6F
00
64
00
65
00
DF
72
05
00
00
5B
8E
BC FF
81
08
26
DF
81
14
04
32
30
30
30
DF
7F
05
00
00
00
00
00
FF
81
00
12
FF
81
01
0E
DF
1F
02
00
00
DF
81
02
05
00
00
00
00
02
FF
81
05
0A
DF
81
5B
01
00
DF
81
5C
01
00
A0
82
03
30
30
82
01
78
30
82
01
28
A0
03
02
01
02
02
04
B2 D0
5E
18
30
0A
06
08
2A
86
48
CE
3D
04
03
02
30
26
31
15
30
13
06
03
55
04
0A
0C
0C
57
49
42
55
2D
53
59
53
54
45
4D
53
31
0D
30
0B
06
03
55
04
03
0C
04
52
6F
6F
74
30
1E
17
0D
31
35
30
31
30
31
30
30
30
30
30
30
5A
17
0D
33
35
31
32
33
31
32
33
35
39
35
39
5A
30
31
31
15
30
13
06
03
55
04
0A
0C
0C
57
49
42
55
2D
53
59
53
54
45
4D
53
31
18
30
16
06
03
55
04
03
0C
0F
57
69
62
75
2D
50
72
6F
64
75
63
74
69
6F
6E
30
4E
30
10
06
07
2A
86
48
CE
3D
02
01
06
05
2B
81
04
00
21
03
3A
00
04
32
37
DD
50
E5 A0 A5 A9
38
E2
88
47
36
13
12
39
26
B1 C2 FB
11
52
77
BE
21
88
45
BD A6 E0
14
EC F1 D1
99
05
8F
77
05
78
80
ED
3C
C5
83
F9 EF
09
B9 E4
80
D7
8E
30
F2
4A
81
15
00
78
A4
68
59
55
F6
77
32
49
E8
57
6C
2A
5D
48
FB BB EA C6 E2
82
15
00
94
A0 F2 F5
23
80
3A
59
C6 AB
27
5E
3B
B3 A2 F4
65
C2 EF
37
A3
16
30
14
30
12
06
03
55
1D
13
01
01
FF
04
08
30
06
01
01
FF
02
01
01
30
0A
06
08
2A
86
48
CE
3D
04
03
02
03
3E
00
30
3B
02
1C
32
32
36
8C
C8 B1
07
01
CA B6 FA F3 B0
03
F9
0E
28
A2
64
59
48
C3
84
32
12
FD
96
C7
02
1B
75
12
AF
9B
72
60
FF
70
BE
44
D8 C9 A8
7E
74
6B
CB C9 DB FB
1E
13
AD
99
63
4B
B1
30
82
01
B0
30
82
01
5E
A0
03
02
01
02
02
04
B2 D0
5F
DC
30
0A
06
08
2A
86
48
CE
3D
04
03
02
30
31
31
15
30
13
06
03
55
04
0A
0C
0C
57
49
42
55
2D
53
59
53
54
45
4D
53
31
18
30
16
06
03
55
04
03
0C
0F
57
69
62
75
2D
50
72
6F
64
75
63
74
69
6F
6E
30
1E
17
0D
31
35
30
31
30
31
30
30
30
30
30
30
5A
17
0D
33
35
31
32
33
31
32
33
35
39
35
39
5A
30
20
31
10
30
0E
06
03
55
04
0A
0C
07
36
30
30
30
33
31
36
31
0C
30
0A
06
03
55
04
03
0C
03
4C
50
4B
30
4E
30
10
06
07
2A
86
48
CE
3D
02
01
06
05
2B
81
04
00
21
03
3A
00
04
96
63
0D
AA AC CA F5
7A
0F
85
CD
46
6E
81
36
28
DE
7C
A7 F8
1E
42
B6
64
41
B6
64
62
C4 EA C5
44
BE CE
27
7B
F6
40
46
41
CA
81
38
1C
1C
A3 CA
83
36
7A
0C
6C
71
91
1B
5B
81
15
00
94
A0 F2 F5
23
80
3A
59
C6 AB
27
5E
3B
B3 A2 F4
65
C2 EF
37
82
15
00
6F
CC
87
03
09
98
E9
51
20
3F
58
EE CC
06
01
FB
64
FB
75
F4 A3
52
30
50
30
0F
06
03
55
1D
13
01
01
FF
04
05
30
03
01
01
00
30
0F
06
03
55
1D
0F
01
01
FF
04
05
03
03
00
0F
00
30
2C
06
0A
2B
06
01
04
01
82
DB
45
03
01
01
01
FF
04
1B
FF
76
18
DF
72
03
5B
8E
BC FF
78
0F
DF
81
5D
01
FF DF
81
5E
01
FF DF
81
5F
01
FF
30
0A
06
08
2A
86
48
CE
3D
04
03
02
03
40
00
30
3D
02
1D
00
CB
86
37
84
31
E1 DF D8 E7 CD E0
61
70
94
A4 C9 F5
3F
A2 E1
8F
2E
E4
26
EB
55
FA
8F
02
1C
65
1F
79
BA
62
E8
90
21
7D
5D
99
A7
3D
41
C7
84
ED
8A
AD
84
45
A8 FA
43
42
C7
41
A0
31
76
30
74
02
01
01
82
14
6F
CC
87
03
09
98
E9
51
20
3F
58
EE CC
06
01
FB
64
FB
75
F4
30
0B
06
09
60
86
48
01
65
03
04
02
01
30
0A
06
08
2A
86
48
CE
3D
04
03
02
04
40
30
3E
02
1D
00
E0
1B
B5
18
4A
BF DA FE E9 DB
48
98
45
99
2E
1C
6E
4C
FB
00
75
49
E4
21
48
66
5C
2B
02
1D
00
BB
4A
CC
62
71
85
82
56
45
AA
91
50
06
86
1C
BA
40
36
DE
2A
B1
35
93
F8 E8
2E
C4 DD <
/
lif>
<
is
-
running
-
in
-
vm>
False
<
/
is
-
running
-
in
-
vm>
<operating
-
system>
50
<
/
operating
-
system>
<finger
-
print
>
<host
-
info>
<
0
>
63479
<
/
0
>
<
1
>
63284
<
/
1
>
<
2
>
48324
<
/
2
>
<
3
>
57981
<
/
3
>
<
/
host
-
info>
<host
-
info
-
name> ubuntu <
/
host
-
info
-
name>
<
/
finger
-
print
>
<
/
cmact>
<
/
container
-
type
-
specific>
<receiver
-
pi>
<
/
receiver
-
pi>
> check_CmAct_key(
0xd9352ca798fde876a6c093e60bb39870ddb10e722276ab78eea3cc40
)
CmAct key check ok
|
现在已经获得CmAct密钥并且验证了其正确性。
DYN文件是一段envelope数据,满足PKCS#7的标准。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
<envelope>
<contentType>
1.2
.
840.113549
.
1.7
.
3
<
/
contentType>
<content>
<version>
1
<
/
version>
<recipientInfos>
<
0
>
<version>
1
<
/
version>
<signerIdentifier>
<subjectKeyIdentifier> F0
39
CF
56
75
90
8E
BA F8
7C
E9
3A
5C
8C
82
7C
E4 F2
2E
E7 <
/
subjectKeyIdentifier>
<
/
signerIdentifier>
<keyEncryptionAlgorithm>
<
0
>
1.3
.
6.1
.
4.1
.
44485.4
.
2
<
/
0
>
<
/
keyEncryptionAlgorithm>
<encryptedKey>
28
AF
56
D1 BA
14
6E
90
0C
B6
53
E3 B5 B9 BF
71
D8
30
91
A4 B2
3F
19
00
05
E4
40
92
D5
54
94
E1 EC F4 D9
6F
10
09
96
BE BC
4F
F0
25
00
00
00
00
F8 F9 AE D0
7D
88
83
C9
09
69
2D
A8 A7
2A
1A
27
BD
78
CB
10
A6
89
51
E0 C3 A8
5F
52
00
00
00
00
<
/
encryptedKey>
<
/
0
>
<
/
recipientInfos>
<encryptedContentInfo>
<contentType>
1.3
.
6.1
.
4.1
.
44485.2
.
6
<
/
contentType>
<contentEncryptionAlgorithm>
<
0
>
2.16
.
840.1
.
101.3
.
4.1
.
2
<
/
0
>
<
/
contentEncryptionAlgorithm>
<encryptedContent>
76
42
C9
30
48
5E
33
45
08
55
2D
6D
19
01
4E
E4 C0
99
1D
DB
2B
68
E5 FF
2E
12
03
E9 BF B3
01
99
C9
09
63
F6
56
20
30
9D
29
28
1A
27
53
42
F9
4A
F2
65
F0 A6
4C
DF
0E
53
0A
27
FA
43
70
F3
2E
39
2F
B5
55
C4 AE EE
59
5E
0A
47
36
3A
C6 B2
14
06
CB
5F
0F
37
36
F3
1F
A0
2D
B0 F4
94
8C
74
FC
5C
39
52
F8
4F
7B
5D
29
E3 D3
93
A3
87
20
45
E2
6F
C3
44
FF
5B
1C
F4
4E
B4
84
77
B4 B0
12
77
C4 C0
9A
74
3D
FC
28
8C
D2 FA AE AA
0D
CA
6E
BB
4C
FB
2B
A4 F1
19
BF
0F
22
FD
27
6B
F1 B2
16
A8
53
A5
6C
CE
60
81
91
0D
44
20
DF
78
4D
D3
1F
C0
35
D0 <
/
encryptedContent>
<
/
encryptedContentInfo>
<
/
content>
<
/
envelope>
|
其中contentEncryptionAlgorithm为2.16.840.1.101.3.4.1.2,这表示接下来的encryptedContent是一段aes128-CBC加密的数据。
而aes的密钥则使用CmAct证书的公钥加密并存放于encryptedKey中,解密需要用到CmAct证书的私钥。
更加具体的过程见wibu_asn1.py的dyn_proc函数。
|
1
2
3
4
5
|
<encryptedKey>
<encrypted_aes_key>
28
AF
56
D1 BA
14
6E
90
0C
B6
53
E3 B5 B9 BF
71
<
/
encrypted_aes_key>
<tmp_Q_x>D8
30
91
A4 B2
3F
19
00
05
E4
40
92
D5
54
94
E1 EC F4 D9
6F
10
09
96
BE BC
4F
F0
25
00
00
00
00
<
/
tmp_Q_x>
<tmp_Q_y>F8 F9 AE D0
7D
88
83
C9
09
69
2D
A8 A7
2A
1A
27
BD
78
CB
10
A6
89
51
E0 C3 A8
5F
52
00
00
00
00
<
/
tmp_Q_y>
<
/
encryptedKey>
|
实际上,直接调用dyn_proc函数并传入私钥即可解密DYN文件(RAU文件同理),效果如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
> dyn_proc(
"testcase/CmAct/6000316_82004bd37fef2aeaf4b7964b85e65d3d6e9011b6.WibuCmActDyn"
,
0xd9352ca798fde876a6c093e60bb39870ddb10e722276ab78eea3cc40
)
<sw
-
specs>
<creator
-
name> CodeMeter Runtime <
/
creator
-
name>
<creator
-
version>
<sfl>
1
<
/
sfl>
<sfh>
1
<
/
sfh>
<feature
-
flags>
0
<
/
feature
-
flags>
<
/
creator
-
version>
<required
-
version>
<sfl>
1
<
/
sfl>
<sfh>
1
<
/
sfh>
<feature
-
flags>
0
<
/
feature
-
flags>
<
/
required
-
version>
<
/
sw
-
specs>
<cmact
-
serial
-
id
>
82
00
4B
D3
7F
EF
2A
EA F4 B7
96
4B
85
E6
5D
3D
6E
90
11
B6 <
/
cmact
-
serial
-
id
>
<clocks>
<box
-
time>
579681158
<
/
box
-
time>
<certified
-
time>
552660672
<
/
certified
-
time>
<
/
clocks>
<tag>
2
<
/
tag>
<pi
-
dynamics>
<
/
pi
-
dynamics>
|
实际上,DYN文件并不大,所以解析后感兴趣的数据并不是特别多。
也许RAU文件中的有用的数据会更多,存在条件的读者可以尝试解析一下RAU文件,本人也很好奇RAU文件的内容是怎么样的?
更多【wibu软授权(四)】相关视频教程:www.yxfzedu.com