diff --git a/source/crypto.c b/source/crypto.c index f82f7a8..83cc8dc 100755 --- a/source/crypto.c +++ b/source/crypto.c @@ -16,258 +16,258 @@ #ifndef __thumb__ #define BSWAP32(x) {\ - __asm__\ - (\ - "eor r1, %1, %1, ror #16\n\t"\ - "bic r1, r1, #0xFF0000\n\t"\ - "mov %0, %1, ror #8\n\t"\ - "eor %0, %0, r1, lsr #8\n\t"\ - :"=r"(x)\ - :"0"(x)\ - :"r1"\ - );\ + __asm__\ + (\ + "eor r1, %1, %1, ror #16\n\t"\ + "bic r1, r1, #0xFF0000\n\t"\ + "mov %0, %1, ror #8\n\t"\ + "eor %0, %0, r1, lsr #8\n\t"\ + :"=r"(x)\ + :"0"(x)\ + :"r1"\ + );\ }; #define ADD_u128_u32(u128_0, u128_1, u128_2, u128_3, u32_0) {\ __asm__\ - (\ - "adds %0, %4\n\t"\ - "addcss %1, %1, #1\n\t"\ - "addcss %2, %2, #1\n\t"\ - "addcs %3, %3, #1\n\t"\ - : "+r"(u128_0), "+r"(u128_1), "+r"(u128_2), "+r"(u128_3)\ - : "r"(u32_0)\ - : "cc"\ - );\ + (\ + "adds %0, %4\n\t"\ + "addcss %1, %1, #1\n\t"\ + "addcss %2, %2, #1\n\t"\ + "addcs %3, %3, #1\n\t"\ + : "+r"(u128_0), "+r"(u128_1), "+r"(u128_2), "+r"(u128_3)\ + : "r"(u32_0)\ + : "cc"\ + );\ } #else #define BSWAP32(x) {x = __builtin_bswap32(x);} #define ADD_u128_u32(u128_0, u128_1, u128_2, u128_3, u32_0) {\ __asm__\ - (\ - "mov r4, #0\n\t"\ - "add %0, %0, %4\n\t"\ - "adc %1, %1, r4\n\t"\ - "adc %2, %2, r4\n\t"\ - "adc %3, %3, r4\n\t"\ - : "+r"(u128_0), "+r"(u128_1), "+r"(u128_2), "+r"(u128_3)\ - : "r"(u32_0)\ - : "cc", "r4"\ - );\ + (\ + "mov r4, #0\n\t"\ + "add %0, %0, %4\n\t"\ + "adc %1, %1, r4\n\t"\ + "adc %2, %2, r4\n\t"\ + "adc %3, %3, r4\n\t"\ + : "+r"(u128_0), "+r"(u128_1), "+r"(u128_2), "+r"(u128_3)\ + : "r"(u32_0)\ + : "cc", "r4"\ + );\ } #endif /*__thumb__*/ static void aes_setkey(u8 keyslot, const void *key, u32 keyType, u32 mode) { - if(keyslot <= 0x03) return; // Ignore TWL keys for now - u32 *key32 = (u32 *)key; - *REG_AESCNT = (*REG_AESCNT & ~(AES_CNT_INPUT_ENDIAN | AES_CNT_INPUT_ORDER)) | mode; - *REG_AESKEYCNT = (*REG_AESKEYCNT >> 6 << 6) | keyslot | AES_KEYCNT_WRITE; + if(keyslot <= 0x03) return; // Ignore TWL keys for now + u32 *key32 = (u32 *)key; + *REG_AESCNT = (*REG_AESCNT & ~(AES_CNT_INPUT_ENDIAN | AES_CNT_INPUT_ORDER)) | mode; + *REG_AESKEYCNT = (*REG_AESKEYCNT >> 6 << 6) | keyslot | AES_KEYCNT_WRITE; - REG_AESKEYFIFO[keyType] = key32[0]; - REG_AESKEYFIFO[keyType] = key32[1]; - REG_AESKEYFIFO[keyType] = key32[2]; - REG_AESKEYFIFO[keyType] = key32[3]; + REG_AESKEYFIFO[keyType] = key32[0]; + REG_AESKEYFIFO[keyType] = key32[1]; + REG_AESKEYFIFO[keyType] = key32[2]; + REG_AESKEYFIFO[keyType] = key32[3]; } static void aes_use_keyslot(u8 keyslot) { - if(keyslot > 0x3F) - return; + if(keyslot > 0x3F) + return; - *REG_AESKEYSEL = keyslot; - *REG_AESCNT = *REG_AESCNT | 0x04000000; /* mystery bit */ + *REG_AESKEYSEL = keyslot; + *REG_AESCNT = *REG_AESCNT | 0x04000000; /* mystery bit */ } static void aes_setiv(const void *iv, u32 mode) { - const u32 *iv32 = (const u32 *)iv; - *REG_AESCNT = (*REG_AESCNT & ~(AES_CNT_INPUT_ENDIAN | AES_CNT_INPUT_ORDER)) | mode; + const u32 *iv32 = (const u32 *)iv; + *REG_AESCNT = (*REG_AESCNT & ~(AES_CNT_INPUT_ENDIAN | AES_CNT_INPUT_ORDER)) | mode; - // Word order for IV can't be changed in REG_AESCNT and always default to reversed - if(mode & AES_INPUT_NORMAL) - { - REG_AESCTR[0] = iv32[3]; - REG_AESCTR[1] = iv32[2]; - REG_AESCTR[2] = iv32[1]; - REG_AESCTR[3] = iv32[0]; - } - else - { - REG_AESCTR[0] = iv32[0]; - REG_AESCTR[1] = iv32[1]; - REG_AESCTR[2] = iv32[2]; - REG_AESCTR[3] = iv32[3]; - } + // Word order for IV can't be changed in REG_AESCNT and always default to reversed + if(mode & AES_INPUT_NORMAL) + { + REG_AESCTR[0] = iv32[3]; + REG_AESCTR[1] = iv32[2]; + REG_AESCTR[2] = iv32[1]; + REG_AESCTR[3] = iv32[0]; + } + else + { + REG_AESCTR[0] = iv32[0]; + REG_AESCTR[1] = iv32[1]; + REG_AESCTR[2] = iv32[2]; + REG_AESCTR[3] = iv32[3]; + } } static void aes_advctr(void *ctr, u32 val, u32 mode) { - u32 *ctr32 = (u32 *)ctr; - - int i; - if(mode & AES_INPUT_BE) - { - for(i = 0; i < 4; ++i) // Endian swap - BSWAP32(ctr32[i]); - } - - if(mode & AES_INPUT_NORMAL) - { - ADD_u128_u32(ctr32[3], ctr32[2], ctr32[1], ctr32[0], val); - } - else - { - ADD_u128_u32(ctr32[0], ctr32[1], ctr32[2], ctr32[3], val); - } - - if(mode & AES_INPUT_BE) - { - for(i = 0; i < 4; ++i) // Endian swap - BSWAP32(ctr32[i]); - } + u32 *ctr32 = (u32 *)ctr; + + int i; + if(mode & AES_INPUT_BE) + { + for(i = 0; i < 4; ++i) // Endian swap + BSWAP32(ctr32[i]); + } + + if(mode & AES_INPUT_NORMAL) + { + ADD_u128_u32(ctr32[3], ctr32[2], ctr32[1], ctr32[0], val); + } + else + { + ADD_u128_u32(ctr32[0], ctr32[1], ctr32[2], ctr32[3], val); + } + + if(mode & AES_INPUT_BE) + { + for(i = 0; i < 4; ++i) // Endian swap + BSWAP32(ctr32[i]); + } } static void aes_change_ctrmode(void *ctr, u32 fromMode, u32 toMode) { - u32 *ctr32 = (u32 *)ctr; - int i; - if((fromMode ^ toMode) & AES_CNT_INPUT_ENDIAN) - { - for(i = 0; i < 4; ++i) - BSWAP32(ctr32[i]); - } + u32 *ctr32 = (u32 *)ctr; + int i; + if((fromMode ^ toMode) & AES_CNT_INPUT_ENDIAN) + { + for(i = 0; i < 4; ++i) + BSWAP32(ctr32[i]); + } - if((fromMode ^ toMode) & AES_CNT_INPUT_ORDER) - { - u32 temp = ctr32[0]; - ctr32[0] = ctr32[3]; - ctr32[3] = temp; + if((fromMode ^ toMode) & AES_CNT_INPUT_ORDER) + { + u32 temp = ctr32[0]; + ctr32[0] = ctr32[3]; + ctr32[3] = temp; - temp = ctr32[1]; - ctr32[1] = ctr32[2]; - ctr32[2] = temp; - } + temp = ctr32[1]; + ctr32[1] = ctr32[2]; + ctr32[2] = temp; + } } static void aes_batch(void *dst, const void *src, u32 blockCount) { - *REG_AESBLKCNT = blockCount << 16; - *REG_AESCNT |= AES_CNT_START; - - const u32 *src32 = (const u32 *)src; - u32 *dst32 = (u32 *)dst; - - u32 wbc = blockCount; - u32 rbc = blockCount; - - while(rbc) - { - if(wbc && ((*REG_AESCNT & 0x1F) <= 0xC)) // There's space for at least 4 ints - { - *REG_AESWRFIFO = *src32++; - *REG_AESWRFIFO = *src32++; - *REG_AESWRFIFO = *src32++; - *REG_AESWRFIFO = *src32++; - wbc--; - } - - if(rbc && ((*REG_AESCNT & (0x1F << 0x5)) >= (0x4 << 0x5))) // At least 4 ints available for read - { - *dst32++ = *REG_AESRDFIFO; - *dst32++ = *REG_AESRDFIFO; - *dst32++ = *REG_AESRDFIFO; - *dst32++ = *REG_AESRDFIFO; - rbc--; - } - } + *REG_AESBLKCNT = blockCount << 16; + *REG_AESCNT |= AES_CNT_START; + + const u32 *src32 = (const u32 *)src; + u32 *dst32 = (u32 *)dst; + + u32 wbc = blockCount; + u32 rbc = blockCount; + + while(rbc) + { + if(wbc && ((*REG_AESCNT & 0x1F) <= 0xC)) // There's space for at least 4 ints + { + *REG_AESWRFIFO = *src32++; + *REG_AESWRFIFO = *src32++; + *REG_AESWRFIFO = *src32++; + *REG_AESWRFIFO = *src32++; + wbc--; + } + + if(rbc && ((*REG_AESCNT & (0x1F << 0x5)) >= (0x4 << 0x5))) // At least 4 ints available for read + { + *dst32++ = *REG_AESRDFIFO; + *dst32++ = *REG_AESRDFIFO; + *dst32++ = *REG_AESRDFIFO; + *dst32++ = *REG_AESRDFIFO; + rbc--; + } + } } static void aes(void *dst, const void *src, u32 blockCount, void *iv, u32 mode, u32 ivMode) { - *REG_AESCNT = mode | - AES_CNT_INPUT_ORDER | AES_CNT_OUTPUT_ORDER | - AES_CNT_INPUT_ENDIAN | AES_CNT_OUTPUT_ENDIAN | - AES_CNT_FLUSH_READ | AES_CNT_FLUSH_WRITE; + *REG_AESCNT = mode | + AES_CNT_INPUT_ORDER | AES_CNT_OUTPUT_ORDER | + AES_CNT_INPUT_ENDIAN | AES_CNT_OUTPUT_ENDIAN | + AES_CNT_FLUSH_READ | AES_CNT_FLUSH_WRITE; - u32 blocks; - while(blockCount != 0) - { - if((mode & AES_ALL_MODES) != AES_ECB_ENCRYPT_MODE - && (mode & AES_ALL_MODES) != AES_ECB_DECRYPT_MODE) - aes_setiv(iv, ivMode); + u32 blocks; + while(blockCount != 0) + { + if((mode & AES_ALL_MODES) != AES_ECB_ENCRYPT_MODE + && (mode & AES_ALL_MODES) != AES_ECB_DECRYPT_MODE) + aes_setiv(iv, ivMode); - blocks = (blockCount >= 0xFFFF) ? 0xFFFF : blockCount; + blocks = (blockCount >= 0xFFFF) ? 0xFFFF : blockCount; - // Save the last block for the next decryption CBC batch's iv - if((mode & AES_ALL_MODES) == AES_CBC_DECRYPT_MODE) - { - memcpy(iv, src + (blocks - 1) * AES_BLOCK_SIZE, AES_BLOCK_SIZE); - aes_change_ctrmode(iv, AES_INPUT_BE | AES_INPUT_NORMAL, ivMode); - } + // Save the last block for the next decryption CBC batch's iv + if((mode & AES_ALL_MODES) == AES_CBC_DECRYPT_MODE) + { + memcpy(iv, src + (blocks - 1) * AES_BLOCK_SIZE, AES_BLOCK_SIZE); + aes_change_ctrmode(iv, AES_INPUT_BE | AES_INPUT_NORMAL, ivMode); + } - // Process the current batch - aes_batch(dst, src, blocks); + // Process the current batch + aes_batch(dst, src, blocks); - // Save the last block for the next encryption CBC batch's iv - if((mode & AES_ALL_MODES) == AES_CBC_ENCRYPT_MODE) - { - memcpy(iv, dst + (blocks - 1) * AES_BLOCK_SIZE, AES_BLOCK_SIZE); - aes_change_ctrmode(iv, AES_INPUT_BE | AES_INPUT_NORMAL, ivMode); - } - - // Advance counter for CTR mode - else if((mode & AES_ALL_MODES) == AES_CTR_MODE) - aes_advctr(iv, blocks, ivMode); + // Save the last block for the next encryption CBC batch's iv + if((mode & AES_ALL_MODES) == AES_CBC_ENCRYPT_MODE) + { + memcpy(iv, dst + (blocks - 1) * AES_BLOCK_SIZE, AES_BLOCK_SIZE); + aes_change_ctrmode(iv, AES_INPUT_BE | AES_INPUT_NORMAL, ivMode); + } + + // Advance counter for CTR mode + else if((mode & AES_ALL_MODES) == AES_CTR_MODE) + aes_advctr(iv, blocks, ivMode); - src += blocks * AES_BLOCK_SIZE; - dst += blocks * AES_BLOCK_SIZE; - blockCount -= blocks; - } + src += blocks * AES_BLOCK_SIZE; + dst += blocks * AES_BLOCK_SIZE; + blockCount -= blocks; + } } static void sha_wait_idle() { - while(*REG_SHA_CNT & 1); + while(*REG_SHA_CNT & 1); } static void sha(void *res, const void *src, u32 size, u32 mode) { - sha_wait_idle(); - *REG_SHA_CNT = mode | SHA_CNT_OUTPUT_ENDIAN | SHA_NORMAL_ROUND; - - const u32 *src32 = (const u32 *)src; - int i; - while(size >= 0x40) - { - sha_wait_idle(); - for(i = 0; i < 4; ++i) - { - *REG_SHA_INFIFO = *src32++; - *REG_SHA_INFIFO = *src32++; - *REG_SHA_INFIFO = *src32++; - *REG_SHA_INFIFO = *src32++; - } + sha_wait_idle(); + *REG_SHA_CNT = mode | SHA_CNT_OUTPUT_ENDIAN | SHA_NORMAL_ROUND; + + const u32 *src32 = (const u32 *)src; + int i; + while(size >= 0x40) + { + sha_wait_idle(); + for(i = 0; i < 4; ++i) + { + *REG_SHA_INFIFO = *src32++; + *REG_SHA_INFIFO = *src32++; + *REG_SHA_INFIFO = *src32++; + *REG_SHA_INFIFO = *src32++; + } - size -= 0x40; - } - - sha_wait_idle(); - memcpy((void *)REG_SHA_INFIFO, src32, size); - - *REG_SHA_CNT = (*REG_SHA_CNT & ~SHA_NORMAL_ROUND) | SHA_FINAL_ROUND; - - while(*REG_SHA_CNT & SHA_FINAL_ROUND); - sha_wait_idle(); - - u32 hashSize = SHA_256_HASH_SIZE; - if(mode == SHA_224_MODE) - hashSize = SHA_224_HASH_SIZE; - else if(mode == SHA_1_MODE) - hashSize = SHA_1_HASH_SIZE; + size -= 0x40; + } + + sha_wait_idle(); + memcpy((void *)REG_SHA_INFIFO, src32, size); + + *REG_SHA_CNT = (*REG_SHA_CNT & ~SHA_NORMAL_ROUND) | SHA_FINAL_ROUND; + + while(*REG_SHA_CNT & SHA_FINAL_ROUND); + sha_wait_idle(); + + u32 hashSize = SHA_256_HASH_SIZE; + if(mode == SHA_224_MODE) + hashSize = SHA_224_HASH_SIZE; + else if(mode == SHA_1_MODE) + hashSize = SHA_1_HASH_SIZE; - memcpy(res, (void *)REG_SHA_HASH, hashSize); + memcpy(res, (void *)REG_SHA_HASH, hashSize); } /**************************************************************** @@ -289,7 +289,7 @@ void ctrNandInit(void) sha(shaSum, cid, 0x10, SHA_256_MODE); memcpy(nandCTR, shaSum, 0x10); - if(console) + if(isN3DS) { u8 keyY0x5[0x10] = {0x4D, 0x80, 0x4F, 0x4E, 0x99, 0x90, 0x19, 0x46, 0x13, 0xA2, 0x04, 0xAC, 0x58, 0x44, 0x60, 0xBE}; aes_setkey(0x05, keyY0x5, AES_KEYY, AES_INPUT_BE | AES_INPUT_NORMAL); @@ -312,7 +312,7 @@ u32 ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf) //Read u32 result; - if(!firmSource) + if(firmSource == FIRMWARE_SYSNAND) result = sdmmc_nand_readsectors(sector + fatStart, sectorCount, outbuf); else { @@ -368,7 +368,7 @@ void arm9Loader(u8 *arm9Section, u32 mode) key2[0x10] = {0x42, 0x3F, 0x81, 0x7A, 0x23, 0x52, 0x58, 0x31, 0x6E, 0x75, 0x8E, 0x3A, 0x39, 0x43, 0x2E, 0xD0}; u8 keyX[0x10]; - aes_setkey(0x11, mode == 1 ? key2 : key1, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL); + aes_setkey(0x11, mode == 2 ? key2 : key1, AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL); aes_use_keyslot(0x11); aes(keyX, arm9Section + 0x60, 1, NULL, AES_ECB_DECRYPT_MODE, 0); aes_setkey(arm9BinSlot, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL); @@ -382,7 +382,7 @@ void arm9Loader(u8 *arm9Section, u32 mode) aes(arm9Section + 0x800, arm9Section + 0x800, arm9BinSize / AES_BLOCK_SIZE, arm9BinCTR, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL); //Set >=9.6 KeyXs - if(mode == 1) + if(mode == 2) { u8 keyData[0x10] = {0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98}, decKey[0x10]; diff --git a/source/crypto.h b/source/crypto.h index f5fc441..157c143 100755 --- a/source/crypto.h +++ b/source/crypto.h @@ -9,77 +9,78 @@ #include "types.h" /**************************AES****************************/ -#define REG_AESCNT ((vu32 *)0x10009000) -#define REG_AESBLKCNT ((vu32 *)0x10009004) -#define REG_AESWRFIFO ((vu32 *)0x10009008) -#define REG_AESRDFIFO ((vu32 *)0x1000900C) -#define REG_AESKEYSEL ((vu8 *)0x10009010) -#define REG_AESKEYCNT ((vu8 *)0x10009011) -#define REG_AESCTR ((vu32 *)0x10009020) +#define REG_AESCNT ((vu32 *)0x10009000) +#define REG_AESBLKCNT ((vu32 *)0x10009004) +#define REG_AESWRFIFO ((vu32 *)0x10009008) +#define REG_AESRDFIFO ((vu32 *)0x1000900C) +#define REG_AESKEYSEL ((vu8 *)0x10009010) +#define REG_AESKEYCNT ((vu8 *)0x10009011) +#define REG_AESCTR ((vu32 *)0x10009020) -#define REG_AESKEYFIFO ((vu32 *)0x10009100) -#define REG_AESKEYXFIFO ((vu32 *)0x10009104) -#define REG_AESKEYYFIFO ((vu32 *)0x10009108) +#define REG_AESKEYFIFO ((vu32 *)0x10009100) +#define REG_AESKEYXFIFO ((vu32 *)0x10009104) +#define REG_AESKEYYFIFO ((vu32 *)0x10009108) -#define AES_CCM_DECRYPT_MODE (0u << 27) -#define AES_CCM_ENCRYPT_MODE (1u << 27) -#define AES_CTR_MODE (2u << 27) -#define AES_CTR_MODE (2u << 27) -#define AES_CBC_DECRYPT_MODE (4u << 27) -#define AES_CBC_ENCRYPT_MODE (5u << 27) -#define AES_ECB_DECRYPT_MODE (6u << 27) -#define AES_ECB_ENCRYPT_MODE (7u << 27) -#define AES_ALL_MODES (7u << 27) +#define AES_CCM_DECRYPT_MODE (0u << 27) +#define AES_CCM_ENCRYPT_MODE (1u << 27) +#define AES_CTR_MODE (2u << 27) +#define AES_CTR_MODE (2u << 27) +#define AES_CBC_DECRYPT_MODE (4u << 27) +#define AES_CBC_ENCRYPT_MODE (5u << 27) +#define AES_ECB_DECRYPT_MODE (6u << 27) +#define AES_ECB_ENCRYPT_MODE (7u << 27) +#define AES_ALL_MODES (7u << 27) -#define AES_CNT_START 0x80000000 -#define AES_CNT_INPUT_ORDER 0x02000000 -#define AES_CNT_OUTPUT_ORDER 0x01000000 -#define AES_CNT_INPUT_ENDIAN 0x00800000 -#define AES_CNT_OUTPUT_ENDIAN 0x00400000 -#define AES_CNT_FLUSH_READ 0x00000800 -#define AES_CNT_FLUSH_WRITE 0x00000400 +#define AES_CNT_START 0x80000000 +#define AES_CNT_INPUT_ORDER 0x02000000 +#define AES_CNT_OUTPUT_ORDER 0x01000000 +#define AES_CNT_INPUT_ENDIAN 0x00800000 +#define AES_CNT_OUTPUT_ENDIAN 0x00400000 +#define AES_CNT_FLUSH_READ 0x00000800 +#define AES_CNT_FLUSH_WRITE 0x00000400 -#define AES_INPUT_BE (AES_CNT_INPUT_ENDIAN) -#define AES_INPUT_LE 0 -#define AES_INPUT_NORMAL (AES_CNT_INPUT_ORDER) -#define AES_INPUT_REVERSED 0 +#define AES_INPUT_BE (AES_CNT_INPUT_ENDIAN) +#define AES_INPUT_LE 0 +#define AES_INPUT_NORMAL (AES_CNT_INPUT_ORDER) +#define AES_INPUT_REVERSED 0 -#define AES_BLOCK_SIZE 0x10 +#define AES_BLOCK_SIZE 0x10 -#define AES_KEYCNT_WRITE (1 << 0x7) -#define AES_KEYNORMAL 0 -#define AES_KEYX 1 -#define AES_KEYY 2 +#define AES_KEYCNT_WRITE (1 << 0x7) +#define AES_KEYNORMAL 0 +#define AES_KEYX 1 +#define AES_KEYY 2 /**************************SHA****************************/ -#define REG_SHA_CNT ((vu32 *)0x1000A000) -#define REG_SHA_BLKCNT ((vu32 *)0x1000A004) -#define REG_SHA_HASH ((vu32 *)0x1000A040) -#define REG_SHA_INFIFO ((vu32 *)0x1000A080) +#define REG_SHA_CNT ((vu32 *)0x1000A000) +#define REG_SHA_BLKCNT ((vu32 *)0x1000A004) +#define REG_SHA_HASH ((vu32 *)0x1000A040) +#define REG_SHA_INFIFO ((vu32 *)0x1000A080) -#define SHA_CNT_STATE 0x00000003 -#define SHA_CNT_UNK2 0x00000004 -#define SHA_CNT_OUTPUT_ENDIAN 0x00000008 -#define SHA_CNT_MODE 0x00000030 -#define SHA_CNT_ENABLE 0x00010000 -#define SHA_CNT_ACTIVE 0x00020000 +#define SHA_CNT_STATE 0x00000003 +#define SHA_CNT_UNK2 0x00000004 +#define SHA_CNT_OUTPUT_ENDIAN 0x00000008 +#define SHA_CNT_MODE 0x00000030 +#define SHA_CNT_ENABLE 0x00010000 +#define SHA_CNT_ACTIVE 0x00020000 -#define SHA_HASH_READY 0x00000000 -#define SHA_NORMAL_ROUND 0x00000001 -#define SHA_FINAL_ROUND 0x00000002 +#define SHA_HASH_READY 0x00000000 +#define SHA_NORMAL_ROUND 0x00000001 +#define SHA_FINAL_ROUND 0x00000002 -#define SHA_OUTPUT_BE SHA_CNT_OUTPUT_ENDIAN -#define SHA_OUTPUT_LE 0 +#define SHA_OUTPUT_BE SHA_CNT_OUTPUT_ENDIAN +#define SHA_OUTPUT_LE 0 -#define SHA_256_MODE 0 -#define SHA_224_MODE 0x00000010 -#define SHA_1_MODE 0x00000020 +#define SHA_256_MODE 0 +#define SHA_224_MODE 0x00000010 +#define SHA_1_MODE 0x00000020 -#define SHA_256_HASH_SIZE (256 / 8) -#define SHA_224_HASH_SIZE (224 / 8) -#define SHA_1_HASH_SIZE (160 / 8) +#define SHA_256_HASH_SIZE (256 / 8) +#define SHA_224_HASH_SIZE (224 / 8) +#define SHA_1_HASH_SIZE (160 / 8) -extern u32 emuOffset, console, firmSource; +extern u32 emuOffset, isN3DS; +extern FirmwareSource firmSource; void ctrNandInit(void); u32 ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf); diff --git a/source/emunand.c b/source/emunand.c index 99ba3f3..4c1068b 100644 --- a/source/emunand.c +++ b/source/emunand.c @@ -7,12 +7,12 @@ #include "fatfs/sdmmc/sdmmc.h" #include "../build/emunandpatch.h" -void locateEmuNAND(u32 *off, u32 *head, u32 *emuNAND) +void locateEmuNAND(u32 *off, u32 *head, FirmwareSource *emuNAND) { static u8 *const temp = (u8 *)0x24300000; const u32 nandSize = getMMCDevice(0)->total_size; - u32 nandOffset = *emuNAND == 1 ? 0 : + u32 nandOffset = *emuNAND == FIRMWARE_EMUNAND ? 0 : (nandSize > 0x200000 ? 0x400000 : 0x200000); //Check for RedNAND @@ -35,7 +35,7 @@ void locateEmuNAND(u32 *off, u32 *head, u32 *emuNAND) or to SysNAND if there isn't any */ else { - (*emuNAND)--; + *emuNAND = (*emuNAND == FIRMWARE_EMUNAND2) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND; if(*emuNAND) locateEmuNAND(off, head, emuNAND); } } diff --git a/source/emunand.h b/source/emunand.h index 1d2c44a..fc58b32 100644 --- a/source/emunand.h +++ b/source/emunand.h @@ -8,5 +8,5 @@ #define NCSD_MAGIC 0x4453434E -void locateEmuNAND(u32 *off, u32 *head, u32 *emuNAND); +void locateEmuNAND(u32 *off, u32 *head, FirmwareSource *emuNAND); void patchEmuNAND(u8 *arm9Section, u32 arm9SectionSize, u8 *process9Offset, u32 process9Size, u32 emuOffset, u32 emuHeader, u32 branchAdditive); \ No newline at end of file diff --git a/source/firm.c b/source/firm.c index 45ed4ab..a09454b 100755 --- a/source/firm.c +++ b/source/firm.c @@ -19,24 +19,26 @@ static firmHeader *const firm = (firmHeader *)0x24000000; static const firmSectionHeader *section; u32 config, - console, - firmSource, + isN3DS, emuOffset; + +FirmwareSource firmSource; void main(void) { - u32 bootType, - firmType, - nandType, - a9lhMode, + u32 isFirmlaunch, updatedSys, - needConfig, newConfig, emuHeader, - chronoStarted = 0; + nbChronoStarted = 0; + FirmwareType firmType; + FirmwareSource nandType; + ConfigurationStatus needConfig; + A9LHMode a9lhMode; + //Detect the console being used - console = PDN_MPCORE_CFG == 7; + isN3DS = PDN_MPCORE_CFG == 7; //Mount filesystems. CTRNAND will be mounted only if/when needed mountFs(); @@ -44,22 +46,22 @@ void main(void) const char configPath[] = "/luma/config.bin"; //Attempt to read the configuration file - needConfig = fileRead(&config, configPath) ? 1 : 2; + needConfig = fileRead(&config, configPath) ? MODIFY_CONFIGURATION : CREATE_CONFIGURATION; //Determine if this is a firmlaunch boot if(*(vu8 *)0x23F00005) { - if(needConfig == 2) mcuReboot(); + if(needConfig == CREATE_CONFIGURATION) mcuReboot(); - bootType = 1; + isFirmlaunch = 1; //'0' = NATIVE_FIRM, '1' = TWL_FIRM, '2' = AGB_FIRM - firmType = *(vu8 *)0x23F00009 == '3' ? 3 : *(vu8 *)0x23F00005 - '0'; + firmType = *(vu8 *)0x23F00009 == '3' ? SAFE_FIRM : (FirmwareType)(*(vu8 *)0x23F00005 - '0'); - nandType = BOOTCONFIG(0, 3); - firmSource = BOOTCONFIG(2, 1); - a9lhMode = BOOTCONFIG(3, 1); - updatedSys = a9lhMode && CONFIG(1); + nandType = (FirmwareSource)BOOTCONFIG(0, 3); + firmSource = (FirmwareSource)BOOTCONFIG(2, 1); + a9lhMode = (A9LHMode)BOOTCONFIG(3, 1); + updatedSys = a9lhMode != NO_A9LH && CONFIG(1); } else { @@ -67,14 +69,14 @@ void main(void) u32 pressed = HID_PAD; //If no configuration file exists or SELECT is held, load configuration menu - if(needConfig == 2 || ((pressed & BUTTON_SELECT) && !(pressed & BUTTON_L1))) + if(needConfig == CREATE_CONFIGURATION || ((pressed & BUTTON_SELECT) && !(pressed & BUTTON_L1))) { configureCFW(configPath); //Zero the last booted FIRM flag CFG_BOOTENV = 0; - chronoStarted = 1; + nbChronoStarted = 1; chrono(0); chrono(2); @@ -82,8 +84,8 @@ void main(void) pressed = HID_PAD; } - bootType = 0; - firmType = 0; + isFirmlaunch = 0; + firmType = NATIVE_FIRM; //Determine if booting with A9LH u32 a9lhBoot = !PDN_SPI_CNT; @@ -91,31 +93,28 @@ void main(void) //Determine if A9LH is installed and the user has an updated sysNAND if(a9lhBoot || CONFIG(2)) { - a9lhMode = 1; + a9lhMode = A9LH_WITH_NFIRM_FIRMPROT; updatedSys = CONFIG(1); } else { - a9lhMode = 0; + a9lhMode = NO_A9LH; updatedSys = 0; } - newConfig = a9lhMode << 3; + newConfig = (u32)a9lhMode << 3; if(a9lhBoot) { - //Retrieve the last booted FIRM - u32 previousFirm = CFG_BOOTENV; - //If it's a MCU reboot, try to force boot options - if(previousFirm) + if(CFG_BOOTENV) { //Always force a sysNAND boot when quitting AGB_FIRM - if(previousFirm == 7) + if(CFG_BOOTENV == 7) { - nandType = 0; - firmSource = updatedSys ? 0 : BOOTCONFIG(2, 1); - needConfig = 0; + nandType = FIRMWARE_SYSNAND; + firmSource = updatedSys ? FIRMWARE_SYSNAND : (FirmwareSource)BOOTCONFIG(2, 1); + needConfig = DONT_CONFIGURE; //Flag to prevent multiple boot options-forcing newConfig |= 1 << 4; @@ -125,19 +124,19 @@ void main(void) or the no-forcing flag is set */ else if(!pressed && !BOOTCONFIG(4, 1)) { - nandType = BOOTCONFIG(0, 3); - firmSource = BOOTCONFIG(2, 1); - needConfig = 0; + nandType = (FirmwareSource)BOOTCONFIG(0, 3); + firmSource = (FirmwareSource)BOOTCONFIG(2, 1); + needConfig = DONT_CONFIGURE; } } //If the SAFE MODE combo is held, force a sysNAND boot else if(pressed == SAFE_MODE) { - a9lhMode = 2; - nandType = 0; - firmSource = 0; - needConfig = 0; + a9lhMode = A9LH_WITH_SFIRM_FIRMPROT; + nandType = FIRMWARE_SYSNAND; + firmSource = FIRMWARE_SYSNAND; + needConfig = DONT_CONFIGURE; } } @@ -152,45 +151,45 @@ void main(void) //If screens are inited or the corresponding option is set, load splash screen if((PDN_GPU_CNT != 1 || CONFIG(7)) && loadSplash()) { - chronoStarted = 2; + nbChronoStarted = 2; chrono(0); } //If R is pressed, boot the non-updated NAND with the FIRM of the opposite one if(pressed & BUTTON_R1) { - nandType = updatedSys; - firmSource = !nandType; + nandType = (updatedSys) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND; + firmSource = (updatedSys) ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND; } /* Else, boot the NAND the user set to autoboot or the opposite one, depending on L, with their own FIRM */ else { - nandType = CONFIG(0) != !(pressed & BUTTON_L1); + nandType = (CONFIG(0) != !(pressed & BUTTON_L1)) ? FIRMWARE_EMUNAND : FIRMWARE_SYSNAND; firmSource = nandType; } /* If we're booting emuNAND the second emuNAND is set as default and B isn't pressed, or vice-versa, boot the second emuNAND */ - if(nandType && (CONFIG(3) == !(pressed & BUTTON_B))) nandType = 2; + if(nandType != FIRMWARE_SYSNAND && (CONFIG(3) == !(pressed & BUTTON_B))) nandType = FIRMWARE_EMUNAND2; } } //If we need to boot emuNAND, make sure it exists - if(nandType) + if(nandType != FIRMWARE_SYSNAND) { locateEmuNAND(&emuOffset, &emuHeader, &nandType); - if(!nandType) firmSource = 0; + if(nandType == FIRMWARE_SYSNAND) firmSource = FIRMWARE_SYSNAND; } //Same if we're using emuNAND as the FIRM source - else if(firmSource) + else if(firmSource != FIRMWARE_SYSNAND) locateEmuNAND(&emuOffset, &emuHeader, &firmSource); - if(!bootType) + if(!isFirmlaunch) { - newConfig |= nandType | (firmSource << 2); + newConfig |= (u32)nandType | ((u32)firmSource << 2); /* If the boot configuration is different from previously, overwrite it. Just the no-forcing flag being set is not enough */ @@ -203,14 +202,14 @@ void main(void) } } - loadFirm(firmType, !firmType && updatedSys == !firmSource); + loadFirm(firmType, firmType == NATIVE_FIRM && firmSource == ((updatedSys) ? FIRMWARE_SYSNAND : FIRMWARE_EMUNAND)); switch(firmType) { - case 0: + case NATIVE_FIRM: patchNativeFirm(nandType, emuHeader, a9lhMode); break; - case 3: + case SAFE_FIRM: patchSafeFirm(); break; default: @@ -218,22 +217,22 @@ void main(void) break; } - if(chronoStarted) + if(nbChronoStarted) { - if(chronoStarted == 2) chrono(3); + if(nbChronoStarted == 2) chrono(3); stopChrono(); } - launchFirm(firmType, bootType); + launchFirm(firmType, isFirmlaunch); } -static inline void loadFirm(u32 firmType, u32 externalFirm) +static inline void loadFirm(FirmwareType firmType, u32 externalFirm) { section = firm->section; u32 externalFirmLoaded = externalFirm && fileRead(firm, "/luma/firmware.bin") && - (((u32)section[2].address >> 8) & 0xFF) == (console ? 0x60 : 0x68); + (((u32)section[2].address >> 8) & 0xFF) == (isN3DS ? 0x60 : 0x68); /* If the conditions to load the external FIRM aren't met, or reading fails, or the FIRM doesn't match the console, load FIRM from CTRNAND */ @@ -244,42 +243,45 @@ static inline void loadFirm(u32 firmType, u32 externalFirm) { "00000202", "20000202" }, { "00000003", "20000003" }}; - firmRead(firm, firmFolders[firmType][console]); + firmRead(firm, firmFolders[(u32)firmType][isN3DS]); decryptExeFs((u8 *)firm); } } -static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode) +static inline void patchNativeFirm(FirmwareSource nandType, u32 emuHeader, A9LHMode a9lhMode) { u8 *arm9Section = (u8 *)firm + section[2].offset; - u32 nativeFirmType; + u32 is90Firm; - if(console) + if(isN3DS) { - //Determine the NATIVE_FIRM version + u32 a9lVersion; + + //Determine the NATIVE_FIRM/arm9loader version switch(arm9Section[0x53]) { case 0xFF: - nativeFirmType = 0; + a9lVersion = 0; break; case '1': - nativeFirmType = 2; + a9lVersion = 1; break; default: - nativeFirmType = 1; + a9lVersion = 2; break; } //Decrypt ARM9Bin and patch ARM9 entrypoint to skip arm9loader - arm9Loader(arm9Section, nativeFirmType); + arm9Loader(arm9Section, a9lVersion); firm->arm9Entry = (u8 *)0x801B01C; + is90Firm = a9lVersion == 0; } else { //Determine if we're booting the 9.0 FIRM u8 firm90Hash[0x10] = {0x27, 0x2D, 0xFE, 0xEB, 0xAF, 0x3F, 0x6B, 0x3B, 0xF5, 0xDE, 0x4C, 0x41, 0xDE, 0x95, 0x27, 0x6A}; - nativeFirmType = memcmp(section[2].hash, firm90Hash, 0x10) != 0; + is90Firm = memcmp(section[2].hash, firm90Hash, 0x10) == 0; } //Find the Process9 .code location, size and memory address @@ -298,12 +300,12 @@ static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode) } //Apply FIRM0/1 writes patches on sysNAND to protect A9LH - else if(a9lhMode) patchFirmWrites(process9Offset, process9Size); + else if(a9lhMode != NO_A9LH) patchFirmWrites(process9Offset, process9Size); //Apply firmlaunch patches, not on 9.0 FIRM as it breaks firmlaunchhax - if(nativeFirmType || a9lhMode == 2) patchFirmlaunches(process9Offset, process9Size, process9MemAddr); + if(!is90Firm || a9lhMode == A9LH_WITH_SFIRM_FIRMPROT) patchFirmlaunches(process9Offset, process9Size, process9MemAddr); - if(nativeFirmType == 1) + if(!is90Firm) { //Apply anti-anti-DG patches for >= 11.0 firmwares patchTitleInstallMinVersionCheck(process9Offset, process9Size); @@ -313,23 +315,23 @@ static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode) } } -static inline void patchLegacyFirm(u32 firmType) +static inline void patchLegacyFirm(FirmwareType firmType) { //On N3DS, decrypt ARM9Bin and patch ARM9 entrypoint to skip arm9loader - if(console) + if(isN3DS) { arm9Loader((u8 *)firm + section[3].offset, 0); firm->arm9Entry = (u8 *)0x801301C; } - applyLegacyFirmPatches((u8 *)firm, firmType, console); + applyLegacyFirmPatches((u8 *)firm, firmType, isN3DS); } static inline void patchSafeFirm(void) { u8 *arm9Section = (u8 *)firm + section[2].offset; - if(console) + if(isN3DS) { //Decrypt ARM9Bin and patch ARM9 entrypoint to skip arm9loader arm9Loader(arm9Section, 0); @@ -352,11 +354,11 @@ static inline void copySection0AndInjectLoader(void) memcpy(section[0].address + loaderOffset + injector_size, arm11Section0 + loaderOffset + loaderSize, section[0].size - (loaderOffset + loaderSize)); } -static inline void launchFirm(u32 firmType, u32 bootType) +static inline void launchFirm(FirmwareType firmType, u32 isFirmlaunch) { //If we're booting NATIVE_FIRM, section0 needs to be copied separately to inject 3ds_injector u32 sectionNum; - if(!firmType) + if(firmType == NATIVE_FIRM) { copySection0AndInjectLoader(); sectionNum = 1; @@ -369,7 +371,7 @@ static inline void launchFirm(u32 firmType, u32 bootType) //Determine the ARM11 entry to use vu32 *arm11; - if(bootType) arm11 = (u32 *)0x1FFFFFFC; + if(isFirmlaunch) arm11 = (u32 *)0x1FFFFFFC; else { deinitScreens(); diff --git a/source/firm.h b/source/firm.h index 3115edc..31eeffc 100644 --- a/source/firm.h +++ b/source/firm.h @@ -28,9 +28,23 @@ typedef struct firmHeader { firmSectionHeader section[4]; } firmHeader; -static inline void loadFirm(u32 firmType, u32 externalFirm); -static inline void patchNativeFirm(u32 nandType, u32 emuHeader, u32 a9lhMode); -static inline void patchLegacyFirm(u32 firmType); +typedef enum ConfigurationStatus +{ + DONT_CONFIGURE = 0, + MODIFY_CONFIGURATION = 1, + CREATE_CONFIGURATION = 2 +} ConfigurationStatus; + +typedef enum A9LHMode +{ + NO_A9LH = 0, + A9LH_WITH_NFIRM_FIRMPROT = 1, + A9LH_WITH_SFIRM_FIRMPROT = 2 +} A9LHMode; + +static inline void loadFirm(FirmwareType firmType, u32 externalFirm); +static inline void patchNativeFirm(FirmwareSource nandType, u32 emuHeader, A9LHMode a9lhMode); +static inline void patchLegacyFirm(FirmwareType firmType); static inline void patchSafeFirm(void); static inline void copySection0AndInjectLoader(void); -static inline void launchFirm(u32 sectionNum, u32 bootType); \ No newline at end of file +static inline void launchFirm(FirmwareType firmType, u32 isFirmlaunch); \ No newline at end of file diff --git a/source/patches.c b/source/patches.c index bc1ffcf..2882d39 100644 --- a/source/patches.c +++ b/source/patches.c @@ -121,7 +121,7 @@ void patchTitleInstallMinVersionCheck(u8 *pos, u32 size) if(off != NULL) off[4] = 0xE0; } -void applyLegacyFirmPatches(u8 *pos, u32 firmType, u32 console) +void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType, u32 isN3DS) { const patchData twlPatches[] = { {{0x1650C0, 0x165D64}, {{ 6, 0x00, 0x20, 0x4E, 0xB0, 0x70, 0xBD }}, 0}, @@ -141,9 +141,9 @@ void applyLegacyFirmPatches(u8 *pos, u32 firmType, u32 console) /* Calculate the amount of patches to apply. Only count the boot screen patch for AGB_FIRM if the matching option was enabled (keep it as last) */ - u32 numPatches = firmType == 1 ? (sizeof(twlPatches) / sizeof(patchData)) : - (sizeof(agbPatches) / sizeof(patchData) - !CONFIG(6)); - const patchData *patches = firmType == 1 ? twlPatches : agbPatches; + u32 numPatches = firmType == TWL_FIRM ? (sizeof(twlPatches) / sizeof(patchData)) : + (sizeof(agbPatches) / sizeof(patchData) - !CONFIG(6)); + const patchData *patches = firmType == TWL_FIRM ? twlPatches : agbPatches; //Patch for(u32 i = 0; i < numPatches; i++) @@ -151,12 +151,12 @@ void applyLegacyFirmPatches(u8 *pos, u32 firmType, u32 console) switch(patches[i].type) { case 0: - memcpy(pos + patches[i].offset[console], patches[i].patch.type0 + 1, patches[i].patch.type0[0]); + memcpy(pos + patches[i].offset[isN3DS], patches[i].patch.type0 + 1, patches[i].patch.type0[0]); break; case 2: - *(u16 *)(pos + patches[i].offset[console] + 2) = 0; + *(u16 *)(pos + patches[i].offset[isN3DS] + 2) = 0; case 1: - *(u16 *)(pos + patches[i].offset[console]) = patches[i].patch.type1; + *(u16 *)(pos + patches[i].offset[isN3DS]) = patches[i].patch.type1; break; } } diff --git a/source/patches.h b/source/patches.h index a39fb40..c1d1255 100644 --- a/source/patches.h +++ b/source/patches.h @@ -22,5 +22,5 @@ void patchFirmlaunches(u8 *pos, u32 size, u32 process9MemAddr); void patchFirmWrites(u8 *pos, u32 size); void patchFirmWriteSafe(u8 *pos, u32 size); void reimplementSvcBackdoor(u8 *pos, u32 size); -void applyLegacyFirmPatches(u8 *pos, u32 firmType, u32 console); +void applyLegacyFirmPatches(u8 *pos, FirmwareType firmType, u32 isN3DS); u32 getLoader(u8 *pos, u32 *loaderSize); \ No newline at end of file diff --git a/source/types.h b/source/types.h index 7caf623..47b12b7 100644 --- a/source/types.h +++ b/source/types.h @@ -15,4 +15,20 @@ typedef uint64_t u64; typedef volatile u8 vu8; typedef volatile u16 vu16; typedef volatile u32 vu32; -typedef volatile u64 vu64; \ No newline at end of file +typedef volatile u64 vu64; + +//Used by multiple files: +typedef enum FirmwareSource +{ + FIRMWARE_SYSNAND = 0, + FIRMWARE_EMUNAND = 1, + FIRMWARE_EMUNAND2 = 2 +} FirmwareSource; + +typedef enum FirmwareType +{ + NATIVE_FIRM = 0, + TWL_FIRM = 1, + AGB_FIRM = 2, + SAFE_FIRM = 3 +} FirmwareType; \ No newline at end of file