2023-01-26 10:33:29 +00:00
#!/usr/bin/env python3
import typing as t
from hashlib import sha256
from pathlib import Path
import click
import ecdsa
from trezorlib.firmware.legacy import LegacyV2Firmware
2023-10-16 10:38:24 +00:00
from trezorlib.firmware.models import LEGACY_V3_DEV
2023-01-26 10:33:29 +00:00
ecdsa.SigningKey.from_string(bytes.fromhex(sk), curve=ecdsa.SECP256k1)
for sk in (
PUBLIC_KEYS: list[ecdsa.VerifyingKey] = [sk.get_verifying_key() for sk in SECRET_KEYS]
# Should be these public keys
2023-10-16 10:38:24 +00:00
assert [pk.to_string("compressed") for pk in PUBLIC_KEYS] == LEGACY_V3_DEV.firmware_keys
2023-01-26 10:33:29 +00:00
def signmessage(digest: bytes, key: ecdsa.SigningKey) -> bytes:
"""Sign via SignMessage"""
btc_digest = b"\x18Bitcoin Signed Message:\n\x20" + digest
final_digest = sha256(sha256(btc_digest).digest()).digest()
return key.sign_digest_deterministic(final_digest, hashfunc=sha256)
@click.argument("firmware", type=click.File("rb"))
@click.option("-i", "--index", "indices", type=int, multiple=True)
def cli(firmware: click.utils.LazyFile, indices: t.Sequence[int]) -> None:
fw = LegacyV2Firmware.parse(firmware.read())
if not indices:
indices = [1, 2]
if len(indices) > 3:
raise click.ClickException("Too many indices")
digest = fw.digest()
for i, idx in enumerate(indices):
sk = SECRET_KEYS[idx - 1]
sig = signmessage(digest, sk)
fw.header.v1_key_indexes[i] = idx
fw.header.v1_signatures[i] = sig
new_fw = Path(firmware.name).with_suffix(".signed.bin")
click.echo(f"Wrote signed firmware to {new_fw}")
if __name__ == "__main__":