Fujitsu iRMC S4, S5, S6 License
@qwertykoleaFoL:
- Firmware, in our case: FTS_TX2540M1D3099iRMCKronos4FirmwareUpdatef_TX2540M10969Fsdr0336_1265146.BIN
- 7Zip
- Python or PyCharm, I'll use Python
- Ghidra
- Serial number
- PoC script (Links #3)
Body:
- Extracting libfts_license.so.1.12.1 via 7Zip

- Obtaining values for HMAC_KEY, HMAC_MSG, and AES_IV




HMAC_KEY = 01 02 03 04 01 02 03 04 01 02 03 04 01 02 03 04
HMAC_MSG = 46 75 6a 69 74 73 75 21 01 01 80 28 00 00 ff ff
- Transforming values for HMAC_KEY, HMAC_MSG, and AES_IV on hex
HMAC_KEY = b"\x01\x02\x03\x04\x01\x02\x03\x04\x01\x02\x03\x04\x01\x02\x03\x04"
HMAC_MSG = b"\x46\x75\x6a\x69\x74\x73\x75\x21\x01\x01\x80\x28\x00\x00\xff\xff" * 4
AES_IV = b"\x0d\x0e\x0a\x0d\x0b\x0e\x0e\x0f\x00\x01\x02\x03\x09\x08\x07\x06"
- Put HMAC_KEY, HMAC_MSG, and AES_IV on PoC script (Links #3)

- Run script


- Type in your serial number


Links:
- https://support.ts.fujitsu.com
- https://watchmysys.com/blog/2023/01/fujitsu-irmc-s4-license/
- https://gist.github.com/halmartin/28e013a9034be04777073bccc918cb95
- https://gist.github.com/bjornbouetsmith/a9a46931fa2741aee62b79a67b3edd53
- https://notepad-plus-plus.org/downloads/
- https://www.7-zip.org/
- https://www.python.org/downloads/
- https://github.com/NationalSecurityAgency/ghidra