eamuse/docs
2
2
Fork 0
Code Issues 3 Pull Requests Projects Releases Wiki Activity

JS-based generator

Browse Source
This commit is contained in:
Bottersnike 2023-05-26 07:57:27 +01:00
parent 9fd61d1453
commit 7104bb1390
Signed by: Bottersnike
SSH Key Fingerprint: SHA256:3g0ghwd4dNX1k1RX8qazbiT+3RIYn/daeBevHZVCiU0
1 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
templates/pages/sega/software/security/index.html
View File

@ -32,8 +32,6 @@
<p>This can be bypassed either by extracting the password used, or by first powering on the Ring* system with the drive <p>This can be bypassed either by extracting the password used, or by first powering on the Ring* system with the drive
connected, then hotplugging the SATA data cable on the drive while keeping the drive powered.</p> connected, then hotplugging the SATA data cable on the drive while keeping the drive powered.</p>
{% markdown %}{% include relative("~ata.md") %}{% endmarkdown %}
<details> <details>
<summary>Why does this work?</summary> <summary>Why does this work?</summary>
<p>The following is the sequence of possible security modes for an ATA drive:</p> <p>The following is the sequence of possible security modes for an ATA drive:</p>
@ -254,6 +252,45 @@
<p>This allows us full read-write access to the drive without ever knowing the password!</p> <p>This allows us full read-write access to the drive without ever knowing the password!</p>
</details> </details>
{% markdown %}{% include relative("~ata.md") %}{% endmarkdown %}
<h3 id="ata-gen">Generate drive passsword:</h3>
<table>
<tr>
<td>Model number:</td>
<td><input id="ata-model" placeholder="Type model number here"></td>
</tr>
<tr>
<td>ATA password:</td>
<td><code id="ata-password"></code></td>
</tr>
</table>
<script>
function charset_index(x) {
if (x == 0) return 0x55;
const index = "/-AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz0123456789".indexOf(x);
if (index == -1) return 0x55;
return index;
}
document.getElementById("ata-model").addEventListener("input", function () {
password = new Array(32);
for (let i = 0; i < 32; i++) {
const a = charset_index(this.value[i] || 0);
const b = charset_index(this.value[39 - i] || 0);
if (i == 0) console.log(a, b, this.value[39 - i], this.value[39 - i] || 0);
if (i % 2 == 0)
password[i] = (((i ^ a) & 0x1f) << 3) ^ ((b & 0x2e) >> 1);
else
password[i] = (((i ^ b) & 0x3b) << 2) ^ ((a & 0x66) >> 1);
}
document.getElementById("ata-password").innerText = password.map(x => x.toString(16).padStart(2, "0")).join("");
});
</script>
<h2 id="windows">Windows Password</h2> <h2 id="windows">Windows Password</h2>
<p>It seems silly to mention, but it's worth noting. <code>AppUser</code> will automatically log in, but if you need to <p>It seems silly to mention, but it's worth noting. <code>AppUser</code> will automatically log in, but if you need to
log back in, or wish to login as <code>SystemUser</code>, you'll need the passwords.</p> log back in, or wish to login as <code>SystemUser</code>, you'll need the passwords.</p>