Complete kernel9Loader
This commit is contained in:
Aurora Wright
parent
f7cc2d295c
commit
f1dee68142
@ -320,23 +320,6 @@ static void sha(void *res, const void *src, u32 size, u32 mode)
|
||||
|
||||
/*****************************************************************/
|
||||
|
||||
void twlConsoleInfoInit(void)
|
||||
{
|
||||
u64 twlConsoleId = CFG_UNITINFO != 0 ? OTP_DEVCONSOLEID : (0x80000000ULL | (*(vu64 *)0x01FFB808 ^ 0x8C267B7B358A6AFULL));
|
||||
CFG_TWLUNITINFO = CFG_UNITINFO;
|
||||
OTP_TWLCONSOLEID = twlConsoleId;
|
||||
|
||||
*REG_AESCNT = 0;
|
||||
|
||||
vu32 *k3X = REGs_AESTWLKEYS[3][1], *k1X = REGs_AESTWLKEYS[1][1];
|
||||
|
||||
k3X[0] = (u32)twlConsoleId;
|
||||
k3X[3] = (u32)(twlConsoleId >> 32);
|
||||
|
||||
k1X[2] = (u32)(twlConsoleId >> 32);
|
||||
k1X[3] = (u32)twlConsoleId;
|
||||
}
|
||||
|
||||
__attribute__((aligned(4))) static u8 nandCtr[AES_BLOCK_SIZE];
|
||||
static u8 nandSlot;
|
||||
static u32 fatStart;
|
||||
@ -480,6 +463,23 @@ bool decryptNusFirm(const Ticket *ticket, Cxi *cxi, u32 ncchSize)
|
||||
return decryptExeFs(cxi);
|
||||
}
|
||||
|
||||
static inline void twlConsoleInfoInit(void)
|
||||
{
|
||||
u64 twlConsoleId = CFG_UNITINFO != 0 ? OTP_DEVCONSOLEID : (0x80000000ULL | (*(vu64 *)0x01FFB808 ^ 0x8C267B7B358A6AFULL));
|
||||
CFG_TWLUNITINFO = CFG_UNITINFO;
|
||||
OTP_TWLCONSOLEID = twlConsoleId;
|
||||
|
||||
*REG_AESCNT = 0;
|
||||
|
||||
vu32 *k3X = REGs_AESTWLKEYS[3][1], *k1X = REGs_AESTWLKEYS[1][1];
|
||||
|
||||
k3X[0] = (u32)twlConsoleId;
|
||||
k3X[3] = (u32)(twlConsoleId >> 32);
|
||||
|
||||
k1X[2] = (u32)(twlConsoleId >> 32);
|
||||
k1X[3] = (u32)twlConsoleId;
|
||||
}
|
||||
|
||||
void kernel9Loader(Arm9Bin *arm9Section)
|
||||
{
|
||||
//Determine the kernel9loader version
|
||||
@ -538,18 +538,42 @@ void kernel9Loader(Arm9Bin *arm9Section)
|
||||
if(*startOfArm9Bin != 0x47704770 && *startOfArm9Bin != 0xB0862000) error("Failed to decrypt the ARM9 binary.");
|
||||
}
|
||||
|
||||
//Set >=9.6 KeyXs
|
||||
__attribute__((aligned(4))) u8 keyBlocks[2][AES_BLOCK_SIZE] = {
|
||||
{0xA4, 0x8D, 0xE4, 0xF1, 0x0B, 0x36, 0x44, 0xAA, 0x90, 0x31, 0x28, 0xFF, 0x4D, 0xCA, 0x76, 0xDF},
|
||||
{0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98}
|
||||
}, decKey[AES_BLOCK_SIZE];
|
||||
|
||||
u8 firstKey;
|
||||
u32 keyBlocksIndex;
|
||||
|
||||
if(k9lVersion == 2)
|
||||
{
|
||||
__attribute__((aligned(4))) u8 keyData[AES_BLOCK_SIZE] = {0xDD, 0xDA, 0xA4, 0xC6, 0x2C, 0xC4, 0x50, 0xE9, 0xDA, 0xB6, 0x9B, 0x0D, 0x9D, 0x2A, 0x21, 0x98},
|
||||
decKey[sizeof(keyData)];
|
||||
firstKey = 0x19;
|
||||
keyBlocksIndex = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
firstKey = 0x18;
|
||||
keyBlocksIndex = 0;
|
||||
}
|
||||
|
||||
//Set keys 0x19..0x1F keyXs
|
||||
aes_use_keyslot(0x11);
|
||||
for(u8 slot = 0x19; slot < 0x20; slot++, keyData[0xF]++)
|
||||
aes_use_keyslot(0x11);
|
||||
for(u8 slot = firstKey; slot < 0x20; slot++, keyBlocks[keyBlocksIndex][0xF]++)
|
||||
{
|
||||
aes(decKey, keyBlocks[keyBlocksIndex], 1, NULL, AES_ECB_DECRYPT_MODE, 0);
|
||||
aes_setkey(slot, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
}
|
||||
|
||||
if(ISSIGHAX)
|
||||
{
|
||||
twlConsoleInfoInit();
|
||||
|
||||
if(k9lVersion == 2)
|
||||
{
|
||||
aes(decKey, keyData, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
|
||||
aes_setkey(slot, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
aes_setkey(0x11, key1s[ISDEVUNIT ? 1 : 0], AES_KEYNORMAL, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
aes_use_keyslot(0x11);
|
||||
aes(decKey, keyBlocks[0], 1, NULL, AES_ECB_DECRYPT_MODE, 0);
|
||||
aes_setkey(0x18, decKey, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -107,7 +107,6 @@
|
||||
extern u32 emuOffset;
|
||||
extern FirmwareSource firmSource;
|
||||
|
||||
void twlConsoleInfoInit(void);
|
||||
void ctrNandInit(void);
|
||||
int ctrNandRead(u32 sector, u32 sectorCount, u8 *outbuf);
|
||||
int ctrNandWrite(u32 sector, u32 sectorCount, const u8 *inbuf);
|
||||
|
||||
@ -117,9 +117,6 @@ u32 patchNativeFirm(u32 firmVersion, FirmwareSource nandType, u32 emuHeader, boo
|
||||
u8 *arm9Section = (u8 *)firm + firm->section[2].offset,
|
||||
*arm11Section1 = (u8 *)firm + firm->section[1].offset;
|
||||
|
||||
//On sighax cold boot, initialize TWL keys
|
||||
if(!(CFG_SYSPROT9 & 2)) twlConsoleInfoInit();
|
||||
|
||||
if(ISN3DS)
|
||||
{
|
||||
//Decrypt ARM9Bin and patch ARM9 entrypoint to skip kernel9loader
|
||||
|
||||
@ -52,6 +52,7 @@ typedef volatile u64 vu64;
|
||||
#define ISN3DS (PDN_MPCORE_CFG == 7)
|
||||
#define ISDEVUNIT (CFG_UNITINFO != 0)
|
||||
#define ISA9LH (!PDN_SPI_CNT)
|
||||
#define ISSIGHAX (!(CFG_SYSPROT9 & 2))
|
||||
#define ISFIRMLAUNCH (launchedFirmTidLow[5] != 0)
|
||||
|
||||
typedef struct __attribute__((packed))
|
||||
|
||||
Reference in New Issue
Block a user