you need access to the aes engine. what happens is the bootloader has a "salt", if that is the correct word for it, as I am not a crypto expert, and that is encrypted with the system gid key. the result of that was used as the key, with an IV of 0, to decrypt the firmware files. now, the thing is, this gid key is never loaded into ram, so any time you need to need to utilize it, you need direct access to the aes engine. this means, basically, you need to be able to write to the registers directly, no kernel or anything to get in the way. hopefully this helps, that is how it worked for the iPod touch and iPhone before Apple came out with the new KBAG method, so it should probably give you a push in the right direction. I have no idea how the nano does stuff, so I don't know how feasible this would actually be for you all.
Chronic 01:50, 26 March 2009 (UTC)
Can DSP be involved in encrypt-decrypt process? Newer chips sometimes include embedded encryption unit, but n2g's CPU does not - so why dont use DSP. Need more info on "CalmRisc16+MAC2424".