|
1 | | -Cuber |
| 1 | +cuber |
2 | 2 | ===== |
3 | 3 |
|
4 | | -This is a tool that signs recovery/boot images for Little Kernel bootloaders missing the patch for for CVE-2014-0973 |
| 4 | +This is a tool that signs recovery and boot images for Little Kernel bootloaders affected by [CVE-2014-0973](https://www.codeaurora.org/projects/security-advisories/incomplete-signature-parsing-during-boot-image-authentication-leads-to-signature-forgery-cve-2014-0973). |
5 | 5 |
|
6 | | -Who is vulnurable? |
7 | | ---- |
8 | | -Kindle Fire HDX tablets with FW version older than 3.2.4. On 3.2.4 it is **NOT** working. |
9 | | -Probably many devices using pre 13 June 2014 Little Kernel Bootloaders |
| 6 | +vulnerability |
| 7 | +-- |
| 8 | +cuber has been tested working for 3rd-generation Kindle Fire HDX tablets with firmware versions older than 14/13.3.2.4. |
| 9 | +Most likely affects many other devices using Little Kernel bootloaders built prior to June 13, 2014. |
10 | 10 |
|
11 | | -Requirements on an example Ubuntu system: |
| 11 | +requirements |
12 | 12 | --- |
| 13 | +* gcc |
| 14 | +* libmpc-dev |
| 15 | +* libmpfr-dev |
| 16 | +* libgmp3-dev |
| 17 | +* libssl-dev |
| 18 | +* python |
| 19 | +* python-dev |
| 20 | +* python-pip |
13 | 21 |
|
14 | | -libmpc-dev |
15 | | -libmpfr-dev |
16 | | -libgmp3-dev |
17 | | -libssl-dev |
18 | | -python |
19 | | -python-pip |
20 | | - |
21 | | -and the following python package: |
22 | | -gmpy2 |
23 | | -install it using pip: |
24 | | -`sudo pip install gmpy2` |
| 22 | +...and python package `gmpy2` which can be installed with pip: |
| 23 | +``` |
| 24 | +$ pip install gmpy2 |
| 25 | +``` |
25 | 26 |
|
26 | | -Why python? |
| 27 | +installation |
27 | 28 | --- |
28 | | -It is easier to handle bignums in python than in c++. |
| 29 | +After ensuring you have all the above packages installed, download the source and compile. |
| 30 | +```bash |
| 31 | +$ wget https://github.com/Verteo/Cuber/archive/master.zip |
| 32 | +$ unzip master.zip |
| 33 | +$ cd Cuber-master |
| 34 | +$ make |
| 35 | +``` |
29 | 36 |
|
30 | | -Installation: |
31 | | ---- |
32 | | -Download source to a folder, go to the folder and run make. |
33 | | - |
34 | | -Usage: |
| 37 | +usage |
35 | 38 | --- |
36 | | - |
37 | | -```Cuber -check path/to/image.img``` |
38 | | -checks if the image would pass the signature verification |
39 | | - |
40 | | -```Cuber -sign path/to/input/image.img path/to/output/image.img``` |
41 | | -creates a signature for the given image and creates a new signed at the specified location |
42 | | - |
43 | | -The files ```prodcert.pem``` and ```signature.py``` are required by the program to work |
| 39 | +``` |
| 40 | +$ ./cuber --check /path/to/file.img |
| 41 | +``` |
| 42 | +Checks if image would pass signature verification.<br> |
| 43 | +*You may also use `-c` in place of `--check`.* |
| 44 | + |
| 45 | + |
| 46 | +``` |
| 47 | +$ ./cuber --sign /path/to/input/file.img /path/to/output/file.img |
| 48 | +``` |
| 49 | +Creates a signature and outputs a signed image.<br> |
| 50 | +*You may also use `-s` in place of `--sign`.* |
0 commit comments