From 2cc94be6b4ba9c75e8b28a74429325736f38048c Mon Sep 17 00:00:00 2001 From: d0k3 Date: Wed, 16 Aug 2017 18:02:41 +0200 Subject: [PATCH] Added ability to install FIRM files --- source/common/sighax.h | 82 +++++++++++++++++++++++++++++++ source/filesys/filetype.h | 1 + source/game/firm.c | 9 ++-- source/godmode.c | 19 ++++++-- source/nand/nand.c | 34 +++++-------- source/nand/nand.h | 2 +- source/nand/nandutil.c | 100 +++++++++++++++++++++++++++++++++++++- source/nand/nandutil.h | 1 + 8 files changed, 216 insertions(+), 32 deletions(-) create mode 100644 source/common/sighax.h diff --git a/source/common/sighax.h b/source/common/sighax.h new file mode 100644 index 0000000..8152307 --- /dev/null +++ b/source/common/sighax.h @@ -0,0 +1,82 @@ +#pragma once + +#include "common.h" + +// see https://gist.github.com/SciresM/cdd2266efb80175d37eabbe86f9d8c52 for source +// thanks SciresM, Myria, Normmatt, TuxSH and hedgeberg for the signatures! + +u8 sig_nand_firm_retail[256] = { + 0xB6, 0x72, 0x45, 0x31, 0xC4, 0x48, 0x65, 0x7A, 0x2A, 0x2E, 0xE3, 0x06, 0x45, 0x7E, 0x35, 0x0A, + 0x10, 0xD5, 0x44, 0xB4, 0x28, 0x59, 0xB0, 0xE5, 0xB0, 0xBE, 0xD2, 0x75, 0x34, 0xCC, 0xCC, 0x2A, + 0x4D, 0x47, 0xED, 0xEA, 0x60, 0xA7, 0xDD, 0x99, 0x93, 0x99, 0x50, 0xA6, 0x35, 0x7B, 0x1E, 0x35, + 0xDF, 0xC7, 0xFA, 0xC7, 0x73, 0xB7, 0xE1, 0x2E, 0x7C, 0x14, 0x81, 0x23, 0x4A, 0xF1, 0x41, 0xB3, + 0x1C, 0xF0, 0x8E, 0x9F, 0x62, 0x29, 0x3A, 0xA6, 0xBA, 0xAE, 0x24, 0x6C, 0x15, 0x09, 0x5F, 0x8B, + 0x78, 0x40, 0x2A, 0x68, 0x4D, 0x85, 0x2C, 0x68, 0x05, 0x49, 0xFA, 0x5B, 0x3F, 0x14, 0xD9, 0xE8, + 0x38, 0xA2, 0xFB, 0x9C, 0x09, 0xA1, 0x5A, 0xBB, 0x40, 0xDC, 0xA2, 0x5E, 0x40, 0xA3, 0xDD, 0xC1, + 0xF5, 0x8E, 0x79, 0xCE, 0xC9, 0x01, 0x97, 0x43, 0x63, 0xA9, 0x46, 0xE9, 0x9B, 0x43, 0x46, 0xE8, + 0xA3, 0x72, 0xB6, 0xCD, 0x55, 0xA7, 0x07, 0xE1, 0xEA, 0xB9, 0xBE, 0xC0, 0x20, 0x0B, 0x5B, 0xA0, + 0xB6, 0x61, 0x23, 0x6A, 0x87, 0x08, 0xD7, 0x04, 0x51, 0x7F, 0x43, 0xC6, 0xC3, 0x8E, 0xE9, 0x56, + 0x01, 0x11, 0xE1, 0x40, 0x5E, 0x5E, 0x8E, 0xD3, 0x56, 0xC4, 0x9C, 0x4F, 0xF6, 0x82, 0x3D, 0x12, + 0x19, 0xAF, 0xAE, 0xEB, 0x3D, 0xF3, 0xC3, 0x6B, 0x62, 0xBB, 0xA8, 0x8F, 0xC1, 0x5B, 0xA8, 0x64, + 0x8F, 0x93, 0x33, 0xFD, 0x9F, 0xC0, 0x92, 0xB8, 0x14, 0x6C, 0x3D, 0x90, 0x8F, 0x73, 0x15, 0x5D, + 0x48, 0xBE, 0x89, 0xD7, 0x26, 0x12, 0xE1, 0x8E, 0x4A, 0xA8, 0xEB, 0x9B, 0x7F, 0xD2, 0xA5, 0xF7, + 0x32, 0x8C, 0x4E, 0xCB, 0xFB, 0x00, 0x83, 0x83, 0x3C, 0xBD, 0x5C, 0x98, 0x3A, 0x25, 0xCE, 0xB8, + 0xB9, 0x41, 0xCC, 0x68, 0xEB, 0x01, 0x7C, 0xE8, 0x7F, 0x5D, 0x79, 0x3A, 0xCA, 0x09, 0xAC, 0xF7 +}; + +u8 sig_nand_firm_dev[256] = { + 0x88, 0x69, 0x7C, 0xDC, 0xA9, 0xD1, 0xEA, 0x31, 0x82, 0x56, 0xFC, 0xD9, 0xCE, 0xD4, 0x29, 0x64, + 0xC1, 0xE9, 0x8A, 0xBC, 0x64, 0x86, 0xB2, 0xF1, 0x28, 0xEC, 0x02, 0xE7, 0x1C, 0x5A, 0xE3, 0x5D, + 0x63, 0xD3, 0xBF, 0x12, 0x46, 0x13, 0x40, 0x81, 0xAF, 0x68, 0x75, 0x47, 0x87, 0xFC, 0xB9, 0x22, + 0x57, 0x1D, 0x7F, 0x61, 0xA3, 0x0D, 0xE4, 0xFC, 0xFA, 0x82, 0x93, 0xA9, 0xDA, 0x51, 0x23, 0x96, + 0xF1, 0x31, 0x9A, 0x36, 0x49, 0x68, 0x46, 0x4C, 0xA9, 0x80, 0x6E, 0x0A, 0x52, 0x56, 0x74, 0x86, + 0x75, 0x4C, 0xDD, 0xD4, 0xC3, 0xA6, 0x2B, 0xDC, 0xE2, 0x55, 0xE0, 0xDE, 0xEC, 0x23, 0x01, 0x29, + 0xC1, 0xBA, 0xE1, 0xAE, 0x95, 0xD7, 0x86, 0x86, 0x56, 0x37, 0xC1, 0xE6, 0x5F, 0xAE, 0x83, 0xED, + 0xF8, 0xE7, 0xB0, 0x7D, 0x17, 0xC0, 0xAA, 0xDA, 0x8F, 0x05, 0x5B, 0x64, 0x0D, 0x45, 0xAB, 0x0B, + 0xAC, 0x76, 0xFF, 0x7B, 0x34, 0x39, 0xF5, 0xA4, 0xBF, 0xE8, 0xF7, 0xE0, 0xE1, 0x03, 0xBC, 0xE9, + 0x95, 0xFA, 0xD9, 0x13, 0xFB, 0x72, 0x9D, 0x3D, 0x03, 0x0B, 0x26, 0x44, 0xEC, 0x48, 0x39, 0x64, + 0x24, 0xE0, 0x56, 0x3A, 0x1B, 0x3E, 0x6A, 0x1F, 0x68, 0x0B, 0x39, 0xFC, 0x14, 0x61, 0x88, 0x6F, + 0xA7, 0xA6, 0x0B, 0x6B, 0x56, 0xC5, 0xA8, 0x46, 0x55, 0x4A, 0xE6, 0x48, 0xFC, 0x46, 0xE3, 0x0E, + 0x24, 0x67, 0x8F, 0xAF, 0x1D, 0xC3, 0xCE, 0xB1, 0x0C, 0x2A, 0x95, 0x0F, 0x4F, 0xFA, 0x20, 0x83, + 0x23, 0x4E, 0xD8, 0xDC, 0xC3, 0x58, 0x7A, 0x6D, 0x75, 0x1A, 0x7E, 0x9A, 0xFA, 0x06, 0x15, 0x69, + 0x55, 0x08, 0x4F, 0xF2, 0x72, 0x5B, 0x69, 0x8E, 0xB1, 0x74, 0x54, 0xD9, 0xB0, 0x2B, 0x6B, 0x76, + 0xBE, 0x47, 0xAB, 0xBE, 0x20, 0x62, 0x94, 0x36, 0x69, 0x87, 0xA4, 0xCA, 0xB4, 0x2C, 0xBD, 0x0B +}; + +u8 sig_nand_ncsd_retail[256] = { + 0x6C, 0xF5, 0x2F, 0x89, 0xF3, 0x78, 0x12, 0x0B, 0xFA, 0x4E, 0x10, 0x61, 0xD7, 0x36, 0x16, 0x34, + 0xD9, 0xA2, 0x54, 0xA4, 0xF5, 0x7A, 0xA5, 0xBD, 0x9F, 0x2C, 0x30, 0x93, 0x4F, 0x0E, 0x68, 0xCB, + 0xE6, 0x61, 0x1D, 0x90, 0xD7, 0x4C, 0xAA, 0xAC, 0xB6, 0xA9, 0x95, 0x56, 0x56, 0x47, 0x33, 0x3D, + 0xC1, 0x70, 0x92, 0xD3, 0x20, 0x13, 0x10, 0x89, 0xCC, 0xCD, 0x63, 0x31, 0xCB, 0x3A, 0x59, 0x5D, + 0x1B, 0xA2, 0x99, 0xA3, 0x2F, 0xF4, 0xD8, 0xE5, 0xDD, 0x1E, 0xB4, 0x6A, 0x2A, 0x57, 0x93, 0x5F, + 0x6F, 0xE6, 0x37, 0x32, 0x2D, 0x3B, 0xC4, 0xF6, 0x7C, 0xFE, 0xD6, 0xC2, 0x25, 0x4C, 0x08, 0x9C, + 0x62, 0xFA, 0x11, 0xD0, 0x82, 0x4A, 0x84, 0x4C, 0x79, 0xEE, 0x5A, 0x4F, 0x27, 0x3D, 0x46, 0xC2, + 0x3B, 0xBB, 0xF0, 0xA2, 0xAF, 0x6A, 0xCA, 0xDB, 0xE6, 0x46, 0xF4, 0x6B, 0x86, 0xD1, 0x28, 0x9C, + 0x7F, 0xF7, 0xE8, 0x16, 0xCF, 0xDA, 0x4B, 0xC3, 0x3D, 0xFF, 0x9D, 0x17, 0x5A, 0xC6, 0x9F, 0x72, + 0x40, 0x6C, 0x07, 0x1B, 0x51, 0xF4, 0x5A, 0x1A, 0xCB, 0x87, 0xF1, 0x68, 0xC1, 0x77, 0xCB, 0x9B, + 0xE6, 0xC3, 0x92, 0xF0, 0x34, 0x18, 0x49, 0xAE, 0x5D, 0x51, 0x0D, 0x26, 0xEE, 0xC1, 0x09, 0x7B, + 0xEB, 0xFB, 0x9D, 0x14, 0x4A, 0x16, 0x47, 0x30, 0x1B, 0xEA, 0xF9, 0x52, 0x0D, 0x22, 0xC5, 0x5A, + 0xF4, 0x6D, 0x49, 0x28, 0x4C, 0xC7, 0xF9, 0xFB, 0xBA, 0x37, 0x1A, 0x6D, 0x6E, 0x4C, 0x55, 0xF1, + 0xE5, 0x36, 0xD6, 0x23, 0x7F, 0xFF, 0x54, 0xB3, 0xE9, 0xC1, 0x1A, 0x20, 0xCF, 0xCC, 0xAC, 0x0C, + 0x6B, 0x06, 0xF6, 0x95, 0x76, 0x6A, 0xCE, 0xB1, 0x8B, 0xE3, 0x32, 0x99, 0xA9, 0x4C, 0xFC, 0xA7, + 0xE2, 0x58, 0x81, 0x86, 0x52, 0xF7, 0x52, 0x6B, 0x30, 0x6B, 0x52, 0xE0, 0xAE, 0xD0, 0x42, 0x18 +}; + +u8 sig_nand_ncsd_dev[256] = { + 0x53, 0xCB, 0x0E, 0x4E, 0xB1, 0xA6, 0xFF, 0x84, 0x28, 0x4B, 0xE0, 0xE7, 0x38, 0x5A, 0xB4, 0xA6, + 0x86, 0xA8, 0xBB, 0xCB, 0xC1, 0x61, 0x02, 0x47, 0x92, 0x80, 0xE0, 0x58, 0x36, 0x55, 0xD2, 0x71, + 0x3F, 0xE5, 0x06, 0xFA, 0xEE, 0x74, 0xF8, 0xD1, 0x0F, 0x12, 0x20, 0x44, 0x1C, 0xC2, 0xFF, 0x5D, + 0x6D, 0xDE, 0x99, 0xBE, 0x79, 0xC1, 0x9B, 0x38, 0x6C, 0xAF, 0x68, 0xD5, 0xEB, 0x8C, 0xED, 0x1A, + 0xAB, 0x4D, 0x24, 0x3C, 0x5F, 0x39, 0x86, 0x80, 0xD3, 0x1C, 0xD2, 0xE3, 0xC9, 0xDD, 0x56, 0x70, + 0xF2, 0xA8, 0x8D, 0x56, 0x3B, 0x8F, 0x65, 0xF5, 0xB2, 0x34, 0xFD, 0x2E, 0xBB, 0x3B, 0xE4, 0x4A, + 0x3B, 0x6C, 0x30, 0x27, 0x22, 0xA2, 0xAD, 0xFB, 0x56, 0xAE, 0x3E, 0x1F, 0x64, 0x17, 0xBD, 0xEC, + 0x1E, 0x5A, 0x86, 0xAA, 0xBB, 0xAF, 0xBE, 0x94, 0x19, 0xAC, 0xA8, 0xFD, 0xCD, 0x45, 0xE2, 0xCD, + 0xF1, 0xEB, 0x69, 0x5F, 0x6E, 0xA8, 0x78, 0x16, 0x12, 0x2D, 0x7B, 0xE9, 0x8E, 0xEF, 0x92, 0xC0, + 0x81, 0x4B, 0x16, 0xB2, 0x15, 0xB3, 0x1D, 0x8C, 0x81, 0x3B, 0xB3, 0x55, 0xCE, 0xA8, 0x13, 0x8F, + 0xB3, 0xBF, 0x23, 0x74, 0x24, 0x68, 0x42, 0xCD, 0x91, 0xE1, 0xF9, 0xAA, 0xFF, 0x76, 0x87, 0x86, + 0x17, 0xCE, 0x02, 0x06, 0x47, 0x77, 0xAE, 0xA0, 0x87, 0x6A, 0x2C, 0x24, 0x5C, 0x78, 0x43, 0x41, + 0xCD, 0xEE, 0x90, 0xD6, 0x91, 0x74, 0x59, 0x08, 0xA6, 0xFF, 0x9C, 0xE7, 0x81, 0x16, 0x67, 0x96, + 0xF9, 0xF1, 0x23, 0x8F, 0x88, 0x4C, 0x84, 0xD6, 0xF1, 0xEE, 0xBB, 0x2E, 0x40, 0xB4, 0xBC, 0xA0, + 0x0A, 0x7B, 0x1E, 0x91, 0x3E, 0x09, 0x80, 0xD2, 0x9F, 0xF6, 0x06, 0x1D, 0x8A, 0xA9, 0x44, 0xC6, + 0x63, 0xF2, 0x63, 0x81, 0x27, 0xF7, 0xCC, 0xAB, 0x6F, 0xC7, 0x15, 0x38, 0x47, 0x1A, 0x51, 0x38 +}; diff --git a/source/filesys/filetype.h b/source/filesys/filetype.h index 46e5a43..f868062 100644 --- a/source/filesys/filetype.h +++ b/source/filesys/filetype.h @@ -49,5 +49,6 @@ #define FTYPE_KEYINIT(tp) (tp&(BIN_KEYDB)) #define FTYPE_SCRIPT(tp) (tp&(TXT_SCRIPT)) #define FTYPE_BOOTABLE(tp) (tp&(SYS_FIRM)) +#define FTYPE_INSTALLABLE(tp) (tp&(SYS_FIRM)) u32 IdentifyFileType(const char* path); diff --git a/source/game/firm.c b/source/game/firm.c index ade7d42..878fb55 100644 --- a/source/game/firm.c +++ b/source/game/firm.c @@ -106,13 +106,10 @@ u32 GetArm9BinarySize(FirmA9LHeader* a9l) { } u32 SetupSecretKey(u32 keynum) { + // try to get key from sector 0x96 static u8 __attribute__((aligned(32))) sector[0x200]; - - // safety check - if (keynum >= 0x200/0x10) return 1; - - // seach for secret sector data... - if (GetLegitSector0x96(sector) == 0) { + ReadNandSectors(sector, 0x96, 1, 0x11, NAND_SYSNAND); + if ((keynum < 0x200/0x10) && (ValidateSecretSector(sector) == 0)) { setup_aeskey(0x11, sector + (keynum*0x10)); use_aeskey(0x11); return 0; diff --git a/source/godmode.c b/source/godmode.c index e074299..e57b764 100644 --- a/source/godmode.c +++ b/source/godmode.c @@ -911,9 +911,8 @@ u32 FileHandlerMenu(char* current_path, u32* cursor, u32* scroll, DirStruct* cur bool keyinitable = (FTYPE_KEYINIT(filetype)); bool scriptable = (FTYPE_SCRIPT(filetype)); bool bootable = (FTYPE_BOOTABLE(filetype) && !(drvtype & DRV_VIRTUAL)); - bool special_opt = mountable || verificable || decryptable || encryptable || cia_buildable || cia_buildable_legit || cxi_dumpable || - tik_buildable || key_buildable || titleinfo || renamable || transferable || hsinjectable || restorable || xorpadable || - ebackupable || keyinitable || bootable || scriptable; + bool installable = (FTYPE_INSTALLABLE(filetype) && !(drvtype & DRV_VIRTUAL)); + bool special_opt = mountable || verificable || decryptable || encryptable || cia_buildable || cia_buildable_legit || cxi_dumpable || tik_buildable || key_buildable || titleinfo || renamable || transferable || hsinjectable || restorable || xorpadable || ebackupable || keyinitable || bootable || scriptable || installable; char pathstr[32+1]; TruncateString(pathstr, curr_entry->path, 32, 8); @@ -1069,6 +1068,7 @@ u32 FileHandlerMenu(char* current_path, u32* cursor, u32* scroll, DirStruct* cur int xorpad = (xorpadable) ? ++n_opt : -1; int xorpad_inplace = (xorpadable) ? ++n_opt : -1; int keyinit = (keyinitable) ? ++n_opt : -1; + int install = (installable) ? ++n_opt : -1; int boot = (bootable) ? ++n_opt : -1; int script = (scriptable) ? ++n_opt : -1; if (mount > 0) optionstr[mount-1] = "Mount image to drive"; @@ -1090,6 +1090,7 @@ u32 FileHandlerMenu(char* current_path, u32* cursor, u32* scroll, DirStruct* cur if (xorpad > 0) optionstr[xorpad-1] = "Build XORpads (SD output)"; if (xorpad_inplace > 0) optionstr[xorpad_inplace-1] = "Build XORpads (inplace)"; if (keyinit > 0) optionstr[keyinit-1] = "Init " KEYDB_NAME; + if (install > 0) optionstr[install-1] = "Install FIRM"; if (boot > 0) optionstr[boot-1] = "Boot FIRM"; if (script > 0) optionstr[script-1] = "Execute GM9 script"; @@ -1428,6 +1429,18 @@ u32 FileHandlerMenu(char* current_path, u32* cursor, u32* scroll, DirStruct* cur if (ShowPrompt(true, "Warning: Keys are not verified.\nContinue on your own risk?")) ShowPrompt(false, "%s\nAESkeydb init %s", pathstr, (InitKeyDb(curr_entry->path) == 0) ? "success" : "failed"); return 0; + } else if ((user_select == install)) { + size_t firm_size = FileGetSize(curr_entry->path); + u32 slots = 1; + if (GetNandPartitionInfo(NULL, NP_TYPE_FIRM, NP_SUBTYPE_CTR, 1, NAND_SYSNAND) == 0) { + optionstr[0] = "Install to FIRM0"; + optionstr[1] = "Install to FIRM1"; + optionstr[2] = "Install to both"; + // this only works up to FIRM1; + slots = ShowSelectPrompt(3, optionstr, "%s (%dkB)\nInstall to SysNAND?", pathstr, firm_size / 1024); + } else slots = ShowPrompt(true, "%s (%dkB)\nInstall to SysNAND?", pathstr, firm_size / 1024) ? 1 : 0; + if (slots) SafeInstallFirm(curr_entry->path, slots); + return 0; } else if ((user_select == boot)) { size_t firm_size = FileGetSize(curr_entry->path); if (firm_size > TEMP_BUFFER_SIZE) { diff --git a/source/nand/nand.c b/source/nand/nand.c index fbb6381..50e10da 100644 --- a/source/nand/nand.c +++ b/source/nand/nand.c @@ -56,6 +56,7 @@ static const u8 sector0x96dev_sha256[0x20] = { // hash for legit sector 0x96 (di static u8 CtrNandCtr[16]; static u8 TwlNandCtr[16]; static u8 OtpSha256[32] = { 0 }; +static bool Crypto0x96 = false; static u32 emunand_base_sector = 0x000000; @@ -88,6 +89,7 @@ bool InitNandCrypto(bool init_full) if (IS_UNLOCKED) { // if OTP is unlocked // see: https://www.3dbrew.org/wiki/OTP_Registers sha_quick(OtpSha256, (u8*) 0x10012000, 0x90, SHA256_MODE); + Crypto0x96 = true; // valid 100% in that case, others need checking } else if (IS_A9LH) { // for a9lh // store the current SHA256 from register memcpy(OtpSha256, (void*) REG_SHAHASH, 32); @@ -192,9 +194,12 @@ bool CheckSlot0x05Crypto(void) bool CheckSector0x96Crypto(void) { - u8 buffer[0x200]; - ReadNandSectors(buffer, SECTOR_SECRET, 1, 0x11, NAND_SYSNAND); - return (sha_cmp(KEY95_SHA256, buffer, 16, SHA256_MODE) == 0); + if (!Crypto0x96) { + u8 buffer[0x200]; + ReadNandSectors(buffer, SECTOR_SECRET, 1, 0x11, NAND_SYSNAND); + Crypto0x96 = (sha_cmp(KEY95_SHA256, buffer, 16, SHA256_MODE) == 0); + } + return Crypto0x96; } bool CheckGenuineNandNcsd(void) @@ -376,6 +381,11 @@ int WriteNandSectors(const void* buffer, u32 sector, u32 count, u32 keyslot, u32 return 0; } +u32 ValidateSecretSector(u8* sector) +{ + return (sha_cmp(SECTOR_SHA256, sector, 0x200, SHA256_MODE) == 0) ? 0 : 1; +} + // shamelessly stolen from myself // see: https://github.com/d0k3/GodMode9/blob/master/source/game/ncsd.c#L4 u32 ValidateNandNcsdHeader(NandNcsdHeader* header) @@ -524,24 +534,6 @@ u32 GetNandPartitionInfo(NandPartitionInfo* info, u32 type, u32 subtype, u32 ind return 0; } -u32 GetLegitSector0x96(u8* sector) -{ - // secret sector already in buffer? - if (sha_cmp(SECTOR_SHA256, sector, 0x200, SHA256_MODE) == 0) - return 0; - - // search for valid secret sector in SysNAND / EmuNAND - const u32 nand_src[] = { NAND_SYSNAND, NAND_EMUNAND }; - for (u32 i = 0; i < sizeof(nand_src) / sizeof(u32); i++) { - ReadNandSectors(sector, SECTOR_SECRET, 1, 0x11, nand_src[i]); - if (sha_cmp(SECTOR_SHA256, sector, 0x200, SHA256_MODE) == 0) - return 0; - } - - // failed if we arrive here - return 1; -} - // OTP hash is 32 byte in size u32 GetOtpHash(void* hash) { if (!CheckSector0x96Crypto()) return 1; diff --git a/source/nand/nand.h b/source/nand/nand.h index 8171a6e..b8d818d 100644 --- a/source/nand/nand.h +++ b/source/nand/nand.h @@ -75,7 +75,7 @@ u32 GetNandSizeSectors(u32 nand_src); u32 GetNandNcsdPartitionInfo(NandPartitionInfo* info, u32 type, u32 subtype, u32 index, NandNcsdHeader* ncsd); u32 GetNandPartitionInfo(NandPartitionInfo* info, u32 type, u32 subtype, u32 index, u32 nand_src); -u32 GetLegitSector0x96(u8* sector); +u32 ValidateSecretSector(u8* sector); u32 GetOtpHash(void* hash); u32 GetNandCid(void* cid); diff --git a/source/nand/nandutil.c b/source/nand/nandutil.c index 47e99ef..e92316f 100644 --- a/source/nand/nandutil.c +++ b/source/nand/nandutil.c @@ -6,6 +6,7 @@ #include "image.h" #include "fsinit.h" #include "fsperm.h" +#include "sighax.h" #include "unittype.h" #include "sha.h" #include "ui.h" @@ -297,4 +298,101 @@ u32 SafeRestoreNandDump(const char* path) { WriteNandSectors((u8*) essential, ESSENTIAL_SECTOR, (sizeof(EssentialBackup) + 0x1FF) / 0x200, 0xFF, NAND_SYSNAND); return ret; -} \ No newline at end of file +} + +u32 SafeInstallFirm(const char* path, u32 slots) { + char pathstr[32 + 1]; // truncated path string + TruncateString(pathstr, path, 32, 8); + + // load / check FIRM + u8* firm = (u8*) TEMP_BUFFER; + UINT firm_size; + if ((fvx_qread(path, firm, 0, TEMP_BUFFER_SIZE, &firm_size) != FR_OK) || + !firm_size || (firm_size >= TEMP_BUFFER_SIZE) || (ValidateFirm(firm, firm_size) != 0)) { + ShowPrompt(false, "%s\nFIRM load/verify error.", pathstr); + return 1; + } + + // inject sighax signature, get hash + u8 firm_sha[0x20]; + memcpy(firm + 0x100, (IS_DEVKIT) ? sig_nand_firm_dev : sig_nand_firm_retail, 0x200); + sha_quick(firm_sha, firm, firm_size, SHA256_MODE); + + // check install slots + for (u32 s = 0; s < 8; s++) { + u8 firm_magic[] = { FIRM_MAGIC }; + u8 lmagic[sizeof(firm_magic)]; + NandPartitionInfo info; + if (!((slots>>s)&0x1)) continue; + if ((GetNandPartitionInfo(&info, NP_TYPE_FIRM, NP_SUBTYPE_CTR, s, NAND_SYSNAND) != 0) || + ((info.count * 0x200) < firm_size)) { + ShowPrompt(false, "%s\nFIRM%lu not found or too small.", pathstr, s); + return 1; + } + if ((ReadNandBytes(lmagic, info.sector*0x200, sizeof(firm_magic), info.keyslot, NAND_SYSNAND) != 0) || + (memcmp(lmagic, firm_magic, sizeof(firm_magic)) != 0)) { + ShowPrompt(false, "%s\nFIRM%lu crypto fail.", pathstr, s); + return 1; + } + } + + // check sector 0x96 on N3DS, offer fix if required + u8 sector0x96[0x200]; + bool fix_sector0x96 = false; + ReadNandSectors(sector0x96, 0x96, 1, 0x11, NAND_SYSNAND); + if (!IS_O3DS && !CheckSector0x96Crypto()) { + ShowPrompt(false, "%s\nSector 0x96 crypto fail.", pathstr); + return 1; + } + if (!IS_O3DS && (ValidateSecretSector(sector0x96) != 0)) { + char path_sector[256]; + strncpy(path_sector, path, 256); + char* slash = strrchr(path_sector, '/'); + if (slash) strncpy(slash+1, "secret_sector.bin", 256 - (slash+1-path_sector)); + else *path_sector = '\0'; + if ((fvx_qread(path_sector, sector0x96, 0, 0x200, NULL) != FR_OK) || + (ValidateSecretSector(sector0x96) != 0)) { + ShowPrompt(false, "%s\nSector 0x96 is corrupted.\n \nProvide \"secret_sector.bin\"\nto fix sector 0x96.", pathstr); + return 1; + } else if (ShowPrompt(true, "%s\nSector 0x96 is corrupted.\n \nFix sector 0x96 during\nthe installation?", pathstr)) { + fix_sector0x96 = true; + } else return 1; + } + + // all checked, ready to go + if (!ShowUnlockSequence(6, "!WARNING!\n \nProceeding will install the\nprovided FIRM to the SysNAND.\n \nInstalling an unsupported FIRM\nwill BRICK your console!")) return 1; + // if (!SetWritePermissions(PERM_SYS_LVL3, true)) return 1; // one unlock sequence is enough + + // point of no return + ShowString(false, "Installing FIRM, please wait..."); + if (fix_sector0x96 && (WriteNandSectors(sector0x96, 0x96, 1, 0x11, NAND_SYSNAND) != 0)) { + ShowPrompt(false, "!THIS IS BAD!\n \nFailed writing sector 0x96.\nTry to fix before reboot!"); + return 1; + } + for (u32 s = 0; s < 8; s++) { + NandPartitionInfo info; + if (!((slots>>s)&0x1)) continue; + if ((GetNandPartitionInfo(&info, NP_TYPE_FIRM, NP_SUBTYPE_CTR, s, NAND_SYSNAND) != 0) || + (WriteNandBytes(firm, info.sector*0x200, firm_size, info.keyslot, NAND_SYSNAND) != 0)) { + ShowPrompt(false, "!THIS IS BAD!\n \nFailed writing FIRM%lu.\nTry to fix before reboot!", s); + return 1; + } + } + + // done, now check the installation + ShowString(false, "Checking installation, please wait..."); + if (fix_sector0x96 && ((ReadNandSectors(sector0x96, 0x96, 1, 0x11, NAND_SYSNAND) != 0) || + (ValidateSecretSector(sector0x96) != 0))) { + ShowPrompt(false, "!THIS IS BAD!\n \nFailed verifying sector 0x96.\nTry to fix before reboot!"); + } + for (u32 s = 0; s < 8; s++) { + NandPartitionInfo info; + if (!((slots>>s)&0x1)) continue; + if ((GetNandPartitionInfo(&info, NP_TYPE_FIRM, NP_SUBTYPE_CTR, s, NAND_SYSNAND) != 0) || + (ReadNandBytes(firm, info.sector*0x200, firm_size, info.keyslot, NAND_SYSNAND) != 0) || + (sha_cmp(firm_sha, firm, firm_size, SHA256_MODE) != 0)) + ShowPrompt(false, "!THIS IS BAD!\n \nFailed verifying FIRM%lu.\nTry to fix before reboot!", s); + } + + return 0; +} diff --git a/source/nand/nandutil.h b/source/nand/nandutil.h index 0789dd3..9ba537f 100644 --- a/source/nand/nandutil.h +++ b/source/nand/nandutil.h @@ -6,3 +6,4 @@ u32 CheckEmbeddedBackup(const char* path); u32 EmbedEssentialBackup(const char* path); u32 ValidateNandDump(const char* path); u32 SafeRestoreNandDump(const char* path); +u32 SafeInstallFirm(const char* path, u32 slots);