Export the created firmware file (instead of flashing directly)

Running swift-format

Author: Sn0wfreezeDev

CVE-2020-9986/OFReadKeys/OFFetchReports/AppDelegate.swift

@@ -13,30 +13,30 @@ import SwiftUI
 @main
 class AppDelegate: NSObject, NSApplicationDelegate {
 
-    var window: NSWindow!
-
-    func applicationDidFinishLaunching(_ aNotification: Notification) {
-        // Create the SwiftUI view that provides the window contents.
-        let contentView = OFFetchReportsMainView()
-
-        // Create the window and set the content view.
-        window = NSWindow(
-            contentRect: NSRect(x: 0, y: 0, width: 480, height: 300),
-            styleMask: [.titled, .closable, .miniaturizable, .resizable, .fullSizeContentView],
-            backing: .buffered, defer: false)
-        window.isReleasedWhenClosed = false
-        window.center()
-        window.setFrameAutosaveName("Main Window")
-        window.contentView = NSHostingView(rootView: contentView)
-        window.makeKeyAndOrderFront(nil)
-    }
-
-    func applicationWillTerminate(_ aNotification: Notification) {
-        // Insert code here to tear down your application
-    }
-
-    func applicationShouldTerminateAfterLastWindowClosed(_ sender: NSApplication) -> Bool {
-        return true
-    }
+  var window: NSWindow!
+
+  func applicationDidFinishLaunching(_ aNotification: Notification) {
+    // Create the SwiftUI view that provides the window contents.
+    let contentView = OFFetchReportsMainView()
+
+    // Create the window and set the content view.
+    window = NSWindow(
+      contentRect: NSRect(x: 0, y: 0, width: 480, height: 300),
+      styleMask: [.titled, .closable, .miniaturizable, .resizable, .fullSizeContentView],
+      backing: .buffered, defer: false)
+    window.isReleasedWhenClosed = false
+    window.center()
+    window.setFrameAutosaveName("Main Window")
+    window.contentView = NSHostingView(rootView: contentView)
+    window.makeKeyAndOrderFront(nil)
+  }
+
+  func applicationWillTerminate(_ aNotification: Notification) {
+    // Insert code here to tear down your application
+  }
+
+  func applicationShouldTerminateAfterLastWindowClosed(_ sender: NSApplication) -> Bool {
+    return true
+  }
 
 }

CVE-2020-9986/OFReadKeys/OFFetchReports/ContentView.swift

@@ -10,14 +10,14 @@
 import SwiftUI
 
 struct ContentView: View {
-    var body: some View {
-        Text("Hello, World!")
-            .frame(maxWidth: .infinity, maxHeight: .infinity)
-    }
+  var body: some View {
+    Text("Hello, World!")
+      .frame(maxWidth: .infinity, maxHeight: .infinity)
+  }
 }
 
 struct ContentView_Previews: PreviewProvider {
-    static var previews: some View {
-        ContentView()
-    }
+  static var previews: some View {
+    ContentView()
+  }
 }

CVE-2020-9986/OFReadKeys/OFFetchReports/FindMy/DecryptReports.swift

@@ -7,93 +7,100 @@
 //  SPDX-License-Identifier: AGPL-3.0-only
 //
 
-import Foundation
 import CryptoKit
+import Foundation
 
 struct DecryptReports {
 
-    /// Decrypt a find my report with the according key
-    /// - Parameters:
-    ///   - report: An encrypted FindMy Report
-    ///   - key: A FindMyKey
-    /// - Throws: Errors if the decryption fails
-    /// - Returns: An decrypted location report
-    static func decrypt(report: FindMyReport, with key: FindMyKey) throws -> FindMyLocationReport {
-        let payloadData = report.payload
-        let keyData = key.privateKey
+  /// Decrypt a find my report with the according key
+  /// - Parameters:
+  ///   - report: An encrypted FindMy Report
+  ///   - key: A FindMyKey
+  /// - Throws: Errors if the decryption fails
+  /// - Returns: An decrypted location report
+  static func decrypt(report: FindMyReport, with key: FindMyKey) throws -> FindMyLocationReport {
+    let payloadData = report.payload
+    let keyData = key.privateKey
+
+    let privateKey = keyData
+    let ephemeralKey = payloadData.subdata(in: 5..<62)
+
+    guard
+      let sharedKey = BoringSSL.deriveSharedKey(
+        fromPrivateKey: privateKey,
+        andEphemeralKey: ephemeralKey)
+    else {
+      throw FindMyError.decryptionError(description: "Failed generating shared key")
+    }
 
-        let privateKey = keyData
-        let ephemeralKey = payloadData.subdata(in: 5..<62)
+    let derivedKey = self.kdf(fromSharedSecret: sharedKey, andEphemeralKey: ephemeralKey)
 
-        guard let sharedKey = BoringSSL.deriveSharedKey(
-                fromPrivateKey: privateKey,
-                andEphemeralKey: ephemeralKey) else {
-            throw FindMyError.decryptionError(description: "Failed generating shared key")
-        }
+    print("Derived key \(derivedKey.base64EncodedString())")
 
-        let derivedKey = self.kdf(fromSharedSecret: sharedKey, andEphemeralKey: ephemeralKey)
+    let encData = payloadData.subdata(in: 62..<72)
+    let tag = payloadData.subdata(in: 72..<payloadData.endIndex)
 
-        print("Derived key \(derivedKey.base64EncodedString())")
+    let decryptedContent = try self.decryptPayload(
+      payload: encData, symmetricKey: derivedKey, tag: tag)
+    let locationReport = self.decode(content: decryptedContent, report: report)
+    print(locationReport)
+    return locationReport
+  }
 
-        let encData = payloadData.subdata(in: 62..<72)
-        let tag = payloadData.subdata(in: 72..<payloadData.endIndex)
+  /// Decrypt the payload
+  /// - Parameters:
+  ///   - payload: Encrypted payload part
+  ///   - symmetricKey: Symmetric key
+  ///   - tag: AES GCM tag
+  /// - Throws: AES GCM error
+  /// - Returns: Decrypted error
+  static func decryptPayload(payload: Data, symmetricKey: Data, tag: Data) throws -> Data {
+    let decryptionKey = symmetricKey.subdata(in: 0..<16)
+    let iv = symmetricKey.subdata(in: 16..<symmetricKey.endIndex)
 
-        let decryptedContent = try self.decryptPayload(payload: encData, symmetricKey: derivedKey, tag: tag)
-        let locationReport = self.decode(content: decryptedContent, report: report)
-        print(locationReport)
-        return locationReport
-    }
+    print("Decryption Key \(decryptionKey.base64EncodedString())")
+    print("IV \(iv.base64EncodedString())")
 
-    /// Decrypt the payload
-    /// - Parameters:
-    ///   - payload: Encrypted payload part
-    ///   - symmetricKey: Symmetric key
-    ///   - tag: AES GCM tag
-    /// - Throws: AES GCM error
-    /// - Returns: Decrypted error
-    static func decryptPayload(payload: Data, symmetricKey: Data, tag: Data) throws -> Data {
-        let decryptionKey = symmetricKey.subdata(in: 0..<16)
-        let iv = symmetricKey.subdata(in: 16..<symmetricKey.endIndex)
-
-        print("Decryption Key \(decryptionKey.base64EncodedString())")
-        print("IV \(iv.base64EncodedString())")
-
-        let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: iv), ciphertext: payload, tag: tag)
-        let symKey = SymmetricKey(data: decryptionKey)
-        let decrypted = try AES.GCM.open(sealedBox, using: symKey)
-
-        return decrypted
-    }
+    let sealedBox = try AES.GCM.SealedBox(
+      nonce: AES.GCM.Nonce(data: iv), ciphertext: payload, tag: tag)
+    let symKey = SymmetricKey(data: decryptionKey)
+    let decrypted = try AES.GCM.open(sealedBox, using: symKey)
 
-    static func decode(content: Data, report: FindMyReport) -> FindMyLocationReport {
-        var longitude: Int32 = 0
-        _ = withUnsafeMutableBytes(of: &longitude, {content.subdata(in: 4..<8).copyBytes(to: $0)})
-        longitude = Int32(bigEndian: longitude)
+    return decrypted
+  }
 
-        var latitude: Int32 = 0
-        _ = withUnsafeMutableBytes(of: &latitude, {content.subdata(in: 0..<4).copyBytes(to: $0)})
-        latitude = Int32(bigEndian: latitude)
+  static func decode(content: Data, report: FindMyReport) -> FindMyLocationReport {
+    var longitude: Int32 = 0
+    _ = withUnsafeMutableBytes(of: &longitude, { content.subdata(in: 4..<8).copyBytes(to: $0) })
+    longitude = Int32(bigEndian: longitude)
 
-        var accuracy: UInt8 = 0
-        _ = withUnsafeMutableBytes(of: &accuracy, {content.subdata(in: 8..<9).copyBytes(to: $0)})
+    var latitude: Int32 = 0
+    _ = withUnsafeMutableBytes(of: &latitude, { content.subdata(in: 0..<4).copyBytes(to: $0) })
+    latitude = Int32(bigEndian: latitude)
 
-        let latitudeDec = Double(latitude)/10000000.0
-        let longitudeDec = Double(longitude)/10000000.0
+    var accuracy: UInt8 = 0
+    _ = withUnsafeMutableBytes(of: &accuracy, { content.subdata(in: 8..<9).copyBytes(to: $0) })
 
-        return FindMyLocationReport(lat: latitudeDec, lng: longitudeDec, acc: accuracy, dP: report.datePublished, t: report.timestamp, c: report.confidence)
-    }
+    let latitudeDec = Double(latitude) / 10000000.0
+    let longitudeDec = Double(longitude) / 10000000.0
 
-    static func kdf(fromSharedSecret secret: Data, andEphemeralKey ephKey: Data) -> Data {
+    return FindMyLocationReport(
+      lat: latitudeDec, lng: longitudeDec, acc: accuracy, dP: report.datePublished,
+      t: report.timestamp, c: report.confidence)
+  }
 
-        var shaDigest = SHA256()
-        shaDigest.update(data: secret)
-        var counter: Int32 = 1
-        let counterData = Data(Data(bytes: &counter, count: MemoryLayout.size(ofValue: counter)).reversed())
-        shaDigest.update(data: counterData)
-        shaDigest.update(data: ephKey)
+  static func kdf(fromSharedSecret secret: Data, andEphemeralKey ephKey: Data) -> Data {
 
-        let derivedKey = shaDigest.finalize()
+    var shaDigest = SHA256()
+    shaDigest.update(data: secret)
+    var counter: Int32 = 1
+    let counterData = Data(
+      Data(bytes: &counter, count: MemoryLayout.size(ofValue: counter)).reversed())
+    shaDigest.update(data: counterData)
+    shaDigest.update(data: ephKey)
 
-        return Data(derivedKey)
-    }
+    let derivedKey = shaDigest.finalize()
+
+    return Data(derivedKey)
+  }
 }