uint8_t* decryptFirmTitleNcch(uint8_t* title, unsigned int size){
ctr_ncchheader NCCH;
uint8_t CTR[16];
PartitionInfo INFO;
NCCH = *((ctr_ncchheader*)title);
if(memcmp(NCCH.magic, "NCCH", 4) != 0) return NULL;
ncch_get_counter(NCCH, CTR, 2);
INFO.ctr = CTR; INFO.buffer = title + getle32(NCCH.exefsoffset)*0x200; INFO.keyY = NCCH.signature; INFO.size = size; INFO.keyslot = 0x2C;
DecryptPartition(&INFO);
uint8_t* firm = (uint8_t*)(INFO.buffer + 0x200);
return firm;
}
void LoadPack(){
packInfo.keyslot = 0x2C; packInfo.keyY = KeyY; packInfo.ctr = Ctr; packInfo.size = FILEPACK_SIZE; packInfo.buffer = FILEPACK_ADDR;
File FilePack; FileOpen(&FilePack, "rxTools.dat", 0);
curSize = FileRead(&FilePack, FILEPACK_ADDR, FILEPACK_SIZE, FILEPACK_OFF);
FileClose(&FilePack);
DecryptPartition(&packInfo);
nEntry = *((unsigned int*)(FILEPACK_ADDR));
Entry = ((PackEntry*)(FILEPACK_ADDR + 0x10));
for(int i = 0; i < nEntry; i++){
Entry[i].off += (int)FILEPACK_ADDR;
if(!CheckHash((void*)Entry[i].off, Entry[i].size, Entry[i].hash)){
DrawString(TOP_SCREEN, " rxTools.dat is corrupted!", 0, 240-8, BLACK, WHITE); //Who knows, if there is any corruption in our files, we need to stop
while(1);
}
}
}
int emunand_writesectors(uint32_t sector_no, uint32_t numsectors, uint8_t *out, unsigned int partition){
PartitionInfo info;
u8 myCtr[16];
for (int i = 0; i < 16; i++) myCtr[i] = NANDCTR[i];
info.ctr = &myCtr; info.buffer = out; info.size = numsectors * 0x200; info.keyY = NULL;
add_ctr(info.ctr, partition / 16);
switch (partition){
case TWLN: info.keyslot = 0x3; break;
case TWLP: info.keyslot = 0x3; break;
case AGB_SAVE: info.keyslot = 0x7; break;
case FIRM0: info.keyslot = 0x6; break;
case FIRM1: info.keyslot = 0x6; break;
case CTRNAND: info.keyslot = 0x4; break;
}
add_ctr(info.ctr, sector_no * 0x20);
DecryptPartition(&info);
sdmmc_sdcard_writesectors(sector_no + partition / 0x200, numsectors, out); //Stubbed, i don't wanna risk
}
void nand_readsectors(uint32_t sector_no, uint32_t numsectors, uint8_t *out, unsigned int partition) {
PartitionInfo info;
uint8_t myCtr[16];
if (partition == CTRNAND && getMpInfo() == MPINFO_KTR) partition = KTR_CTRNAND; //SWITCH TO KTR_CTRNAND IF ON N3DS
for (int i = 0; i < 16; i++) { myCtr[i] = NANDCTR[i]; }
info.ctr = myCtr; info.buffer = out; info.size = numsectors * 0x200; info.keyY = NULL;
add_ctr(info.ctr, partition / 16);
switch (partition) {
case TWLN : info.keyslot = 0x3; break;
case TWLP : info.keyslot = 0x3; break;
case AGB_SAVE : info.keyslot = 0x7; break;
case FIRM0 : info.keyslot = 0x6; break;
case FIRM1 : info.keyslot = 0x6; break;
case CTRNAND : info.keyslot = 0x4; break;
case KTR_CTRNAND: info.keyslot = 0x5; break;
}
add_ctr(info.ctr, sector_no * 0x20);
sdmmc_nand_readsectors(sector_no + partition / 0x200, numsectors, out);
DecryptPartition(&info);
}
uint8_t* decryptFirmTitleNcch(uint8_t* title, size_t *size)
{
const size_t sector = 512;
const size_t header = 512;
ctr_ncchheader NCCH;
uint8_t CTR[16];
PartitionInfo INFO;
NCCH = *((ctr_ncchheader*)title);
if(memcmp(NCCH.magic, "NCCH", 4) != 0) return NULL;
ncch_get_counter(NCCH, CTR, 2);
INFO.ctr = CTR; INFO.buffer = title + getle32(NCCH.exefsoffset)*sector; INFO.keyY = NCCH.signature; INFO.size = getle32(NCCH.exefssize)*sector; INFO.keyslot = 0x2C;
DecryptPartition(&INFO);
if (size != NULL)
*size = INFO.size - header;
uint8_t* firm = (uint8_t*)(INFO.buffer + header);
if (getMpInfo() == MPINFO_KTR)
if (decryptFirmKtrArm9(firm))
return NULL;
return firm;
}
int ProcessCTR(char* path){
PartitionInfo myInfo;
File myFile;
char myString[256]; //In case it is needed...
if(FileOpen(&myFile, path, 0)){
ConsoleInit();
ConsoleAddText(TITLE);
unsigned int ncch_base = 0x100;
unsigned char magic[] = { 0, 0, 0, 0, 0};
FileRead(&myFile, magic, 4, ncch_base);
if(magic[0] == 'N' && magic[1] == 'C' && magic[2] == 'S' && magic[3] == 'D'){
ncch_base = 0x4000;
FileRead(&myFile, magic, 4, ncch_base+0x100);
if(!(magic[0] == 'N' && magic[1] == 'C' && magic[2] == 'C' && magic[3] == 'H')){
FileClose(&myFile);
return 2;
}
}else if(magic[0] == 'N' && magic[1] == 'C' && magic[2] == 'C' && magic[3] == 'H'){
ncch_base = 0x0;
}else{
FileClose(&myFile);
return 2;
}
ctr_ncchheader NCCH; unsigned int mediaunitsize = 0x200;
FileRead(&myFile, &NCCH, 0x200, ncch_base);
//ConsoleAddText(path);
ConsoleAddText(NCCH.productcode);
unsigned int NEWCRYPTO = 0, CRYPTO = 1;
if(NCCH.flags[3] != 0) NEWCRYPTO = 1;
if(NCCH.flags[7] & 4) CRYPTO = 0;
if(NEWCRYPTO){
ConsoleAddText("\nCryptoType : 7.X Key security");
}else if(CRYPTO){
ConsoleAddText("\nCryptoType : Secure");
}else{
ConsoleAddText("\nCryptoType : None");
ConsoleAddText("Decryption completed!");
FileClose(&myFile);
ConsoleShow();
return 3;
}
ConsoleShow();
u8 CTR[16];
if(getle32(NCCH.extendedheadersize) > 0){
ConsoleAddText("Decrypting ExHeader..."); ConsoleShow();
ncch_get_counter(NCCH, CTR, 1);
FileRead(&myFile, BUFFER_ADDR, 0x800, ncch_base + 0x200);
myInfo.buffer = BUFFER_ADDR;
myInfo.size = 0x800;
myInfo.keyslot = 0x2C;
myInfo.ctr = CTR;
myInfo.keyY = NCCH.signature;
DecryptPartition(&myInfo);
FileWrite(&myFile, BUFFER_ADDR, 0x800, ncch_base + 0x200);
}
if(getle32(NCCH.exefssize) > 0){
ConsoleAddText("Decrypting ExeFS..."); ConsoleShow();
ncch_get_counter(NCCH, CTR, 2);
myInfo.buffer = BUFFER_ADDR;
myInfo.keyslot = NEWCRYPTO ? 0x25 : 0x2C;
myInfo.ctr = CTR;
myInfo.keyY = NCCH.signature;
size_t bytesRead = FileRead(&myFile, BUFFER_ADDR, getle32(NCCH.exefssize) * mediaunitsize, ncch_base + getle32(NCCH.exefsoffset) * mediaunitsize);
myInfo.size = bytesRead;
ProcessExeFS(&myInfo); //Explanation at function definition
FileWrite(&myFile, BUFFER_ADDR, getle32(NCCH.exefssize) * mediaunitsize, ncch_base + getle32(NCCH.exefsoffset) * mediaunitsize);
}
if(getle32(NCCH.romfssize) > 0){
ConsoleAddText("Decrypting RomFS..."); ConsoleShow();
ncch_get_counter(NCCH, CTR, 3);
myInfo.buffer = BUFFER_ADDR;
myInfo.keyslot = NEWCRYPTO ? 0x25 : 0x2C;
myInfo.ctr = CTR;
myInfo.keyY = NCCH.signature;
for(int i = 0; i < getle32(NCCH.romfssize) * mediaunitsize / BLOCK_SIZE; i++){
sprintf(myString, "%i%%", (int)((i*BLOCK_SIZE)/(getle32(NCCH.romfssize) * mediaunitsize/ 100)));
int x, y; ConsoleGetXY(&x, &y); y += CHAR_WIDTH * 4; x += CHAR_WIDTH*22;
DrawString(TOP_SCREEN, myString, x, y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
size_t bytesRead = FileRead(&myFile, BUFFER_ADDR, BLOCK_SIZE, ncch_base + getle32(NCCH.romfsoffset) * mediaunitsize + i*BLOCK_SIZE);
myInfo.size = bytesRead;
DecryptPartition(&myInfo);
add_ctr(myInfo.ctr, bytesRead/16);
FileWrite(&myFile, BUFFER_ADDR, BLOCK_SIZE, ncch_base + getle32(NCCH.romfsoffset) * mediaunitsize + i*BLOCK_SIZE);
}
}
NCCH.flags[7] |= 4; //Disable encryption
NCCH.flags[3] = 0; //Disable 7.XKey usage
FileWrite(&myFile, &NCCH, 0x200, ncch_base);
if(ncch_base == 0x4000) FileWrite(&myFile, ((u8*)&NCCH) + 0x100, 0x100, 0x1100); //Only for NCSD
FileClose(&myFile);
ConsoleAddText("Decryption completed!"); ConsoleShow();
return 0;
}else return 1;
}
/**
*
* This function
*
* @param
*
* @return
*
*
* @note None
*
****************************************************************************/
u32 LoadBootImage(void)
{
u32 RebootStatusRegister = 0;
u32 MultiBootReg = 0;
u32 ImageStartAddress = 0;
u32 PartitionNum;
u32 PartitionDataLength;
u32 PartitionImageLength;
u32 PartitionTotalSize;
u32 PartitionExecAddr;
u32 PartitionAttr;
u32 ExecAddress = 0;
u32 PartitionLoadAddr;
u32 PartitionStartAddr;
u32 PartitionChecksumOffset;
u8 ExecAddrFlag = 0 ;
u32 Status;
PartHeader *HeaderPtr;
u32 EfuseStatusRegValue;
#ifdef RSA_SUPPORT
u32 HeaderSize;
#endif
/*
* Resetting the Flags
*/
BitstreamFlag = 0;
ApplicationFlag = 0;
RebootStatusRegister = Xil_In32(REBOOT_STATUS_REG);
fsbl_printf(DEBUG_INFO,
"Reboot status register: 0x%08x\r\n",RebootStatusRegister);
if (Silicon_Version == SILICON_VERSION_1) {
/*
* Clear out fallback mask from previous run
* We start from the first partition again
*/
if ((RebootStatusRegister & FSBL_FAIL_MASK) ==
FSBL_FAIL_MASK) {
fsbl_printf(DEBUG_INFO,
"Reboot status shows previous run falls back\r\n");
RebootStatusRegister &= ~(FSBL_FAIL_MASK);
Xil_Out32(REBOOT_STATUS_REG, RebootStatusRegister);
}
/*
* Read the image start address
*/
ImageStartAddress = *(u32 *)BASEADDR_HOLDER;
} else {
/*
* read the multiboot register
*/
MultiBootReg = XDcfg_ReadReg(DcfgInstPtr->Config.BaseAddr,
XDCFG_MULTIBOOT_ADDR_OFFSET);
fsbl_printf(DEBUG_INFO,"Multiboot Register: 0x%08x\r\n",MultiBootReg);
/*
* Compute the image start address
*/
ImageStartAddress = (MultiBootReg & PCAP_MBOOT_REG_REBOOT_OFFSET_MASK)
* GOLDEN_IMAGE_OFFSET;
}
fsbl_printf(DEBUG_INFO,"Image Start Address: 0x%08x\r\n",ImageStartAddress);
/*
* Get partitions header information
*/
Status = GetPartitionHeaderInfo(ImageStartAddress);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL, "Partition Header Load Failed\r\n");
OutputStatus(GET_HEADER_INFO_FAIL);
FsblFallback();
}
/*
* RSA is not implemented in 1.0 and 2.0
* silicon
*/
if ((Silicon_Version != SILICON_VERSION_1) &&
(Silicon_Version != SILICON_VERSION_2)) {
/*
* Read Efuse Status Register
*/
EfuseStatusRegValue = Xil_In32(EFUSE_STATUS_REG);
if (EfuseStatusRegValue & EFUSE_STATUS_RSA_ENABLE_MASK) {
fsbl_printf(DEBUG_GENERAL,"RSA enabled for Chip\r\n");
#ifdef RSA_SUPPORT
/*
* Set the Ppk
*/
SetPpk();
/*
* Read partition header with signature
*/
Status = GetImageHeaderAndSignature(ImageStartAddress,
(u32 *)DDR_TEMP_START_ADDR);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL,
"Read Partition Header signature Failed\r\n");
OutputStatus(GET_HEADER_INFO_FAIL);
FsblFallback();
}
HeaderSize=TOTAL_HEADER_SIZE+RSA_SIGNATURE_SIZE;
Status = AuthenticatePartition((u8 *)DDR_TEMP_START_ADDR, HeaderSize);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL,
"Partition Header signature Failed\r\n");
OutputStatus(GET_HEADER_INFO_FAIL);
FsblFallback();
}
#else
/*
* In case user not enabled RSA authentication feature
*/
fsbl_printf(DEBUG_GENERAL,"RSA_SUPPORT_NOT_ENABLED_FAIL\r\n");
OutputStatus(RSA_SUPPORT_NOT_ENABLED_FAIL);
FsblFallback();
#endif
}
}
#ifdef MMC_SUPPORT
/*
* In case of MMC support
* boot image preset in MMC will not have FSBL partition
*/
PartitionNum = 0;
#else
/*
* First partition header was ignored by FSBL
* As it contain FSBL partition information
*/
PartitionNum = 1;
#endif
while (PartitionNum < PartitionCount) {
fsbl_printf(DEBUG_INFO, "Partition Number: %d\r\n", PartitionNum);
HeaderPtr = &PartitionHeader[PartitionNum];
/*
* Print partition header information
*/
HeaderDump(HeaderPtr);
/*
* Validate partition header
*/
Status = ValidateHeader(HeaderPtr);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL, "INVALID_HEADER_FAIL\r\n");
OutputStatus(INVALID_HEADER_FAIL);
FsblFallback();
}
/*
* Load partition header information in to local variables
*/
PartitionDataLength = HeaderPtr->DataWordLen;
PartitionImageLength = HeaderPtr->ImageWordLen;
PartitionExecAddr = HeaderPtr->ExecAddr;
PartitionAttr = HeaderPtr->PartitionAttr;
PartitionLoadAddr = HeaderPtr->LoadAddr;
PartitionChecksumOffset = HeaderPtr->CheckSumOffset;
PartitionStartAddr = HeaderPtr->PartitionStart;
PartitionTotalSize = HeaderPtr->PartitionWordLen;
/*
* Partition owner should be FSBL to validate the partition
*/
if ((PartitionAttr & ATTRIBUTE_PARTITION_OWNER_MASK) !=
ATTRIBUTE_PARTITION_OWNER_FSBL) {
/*
* if FSBL is not the owner of partition,
* skip this partition, continue with next partition
*/
fsbl_printf(DEBUG_INFO, "Skipping partition %0x\r\n",
PartitionNum);
/*
* Increment partition number
*/
PartitionNum++;
continue;
}
if (PartitionAttr & ATTRIBUTE_PL_IMAGE_MASK) {
fsbl_printf(DEBUG_INFO, "Bitstream\r\n");
PLPartitionFlag = 1;
PSPartitionFlag = 0;
BitstreamFlag = 1;
if (ApplicationFlag == 1) {
#ifdef STDOUT_BASEADDRESS
xil_printf("\r\nFSBL Warning !!!"
"Bitstream not loaded into PL\r\n");
xil_printf("Partition order invalid\r\n");
#endif
break;
}
}
if (PartitionAttr & ATTRIBUTE_PS_IMAGE_MASK) {
fsbl_printf(DEBUG_INFO, "Application\r\n");
PSPartitionFlag = 1;
PLPartitionFlag = 0;
ApplicationFlag = 1;
}
/*
* Encrypted partition will have different value
* for Image length and data length
*/
if (PartitionDataLength != PartitionImageLength) {
fsbl_printf(DEBUG_INFO, "Encrypted\r\n");
EncryptedPartitionFlag = 1;
} else {
EncryptedPartitionFlag = 0;
}
/*
* Check for partition checksum check
*/
if (PartitionAttr & ATTRIBUTE_CHECKSUM_TYPE_MASK) {
PartitionChecksumFlag = 1;
} else {
PartitionChecksumFlag = 0;
}
/*
* RSA signature check
*/
if (PartitionAttr & ATTRIBUTE_RSA_PRESENT_MASK) {
fsbl_printf(DEBUG_INFO, "RSA Signed\r\n");
SignedPartitionFlag = 1;
} else {
SignedPartitionFlag = 0;
}
/*
* Load address check
* Loop will break when PS load address zero and partition is
* un-signed or un-encrypted
*/
if ((PSPartitionFlag == 1) && (PartitionLoadAddr < DDR_START_ADDR)) {
if ((PartitionLoadAddr == 0) &&
(!((SignedPartitionFlag == 1) ||
(EncryptedPartitionFlag == 1)))) {
break;
} else {
fsbl_printf(DEBUG_GENERAL,
"INVALID_LOAD_ADDRESS_FAIL\r\n");
OutputStatus(INVALID_LOAD_ADDRESS_FAIL);
FsblFallback();
}
}
if (PSPartitionFlag && (PartitionLoadAddr > DDR_END_ADDR)) {
fsbl_printf(DEBUG_GENERAL,
"INVALID_LOAD_ADDRESS_FAIL\r\n");
OutputStatus(INVALID_LOAD_ADDRESS_FAIL);
FsblFallback();
}
/*
* Load execution address of first PS partition
*/
if (PSPartitionFlag && (!ExecAddrFlag)) {
ExecAddrFlag++;
ExecAddress = PartitionExecAddr;
}
/*
* FSBL user hook call before bitstream download
*/
if (PLPartitionFlag) {
Status = FsblHookBeforeBitstreamDload();
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL,"FSBL_BEFORE_BSTREAM_HOOK_FAIL\r\n");
OutputStatus(FSBL_BEFORE_BSTREAM_HOOK_FAIL);
FsblFallback();
}
}
/*
* Move partitions from boot device
*/
Status = PartitionMove(ImageStartAddress, HeaderPtr);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL,"PARTITION_MOVE_FAIL\r\n");
OutputStatus(PARTITION_MOVE_FAIL);
FsblFallback();
}
if ((SignedPartitionFlag) || (PartitionChecksumFlag)) {
if(PLPartitionFlag) {
/*
* PL partition loaded in to DDR temporary address
* for authentication and checksum verification
*/
PartitionStartAddr = DDR_TEMP_START_ADDR;
} else {
PartitionStartAddr = PartitionLoadAddr;
}
if (PartitionChecksumFlag) {
/*
* Validate the partition data with checksum
*/
Status = ValidateParition(PartitionStartAddr,
(PartitionTotalSize << WORD_LENGTH_SHIFT),
ImageStartAddress +
(PartitionChecksumOffset << WORD_LENGTH_SHIFT));
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL,"PARTITION_CHECKSUM_FAIL\r\n");
OutputStatus(PARTITION_CHECKSUM_FAIL);
FsblFallback();
}
fsbl_printf(DEBUG_INFO, "Partition Validation Done\r\n");
}
/*
* Authentication Partition
*/
if (SignedPartitionFlag == 1 ) {
#ifdef RSA_SUPPORT
Xil_DCacheEnable();
Status = AuthenticatePartition((u8*)PartitionStartAddr,
(PartitionTotalSize << WORD_LENGTH_SHIFT));
if (Status != XST_SUCCESS) {
Xil_DCacheFlush();
Xil_DCacheDisable();
fsbl_printf(DEBUG_GENERAL,"AUTHENTICATION_FAIL\r\n");
OutputStatus(AUTHENTICATION_FAIL);
FsblFallback();
}
fsbl_printf(DEBUG_INFO,"Authentication Done\r\n");
Xil_DCacheFlush();
Xil_DCacheDisable();
#else
/*
* In case user not enabled RSA authentication feature
*/
fsbl_printf(DEBUG_GENERAL,"RSA_SUPPORT_NOT_ENABLED_FAIL\r\n");
OutputStatus(RSA_SUPPORT_NOT_ENABLED_FAIL);
FsblFallback();
#endif
}
/*
* Decrypt PS partition
*/
if (EncryptedPartitionFlag && PSPartitionFlag) {
Status = DecryptPartition(PartitionStartAddr,
PartitionDataLength,
PartitionImageLength);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL,"DECRYPTION_FAIL\r\n");
OutputStatus(DECRYPTION_FAIL);
FsblFallback();
}
}
/*
* Load Signed PL partition in Fabric
*/
if (PLPartitionFlag) {
Status = PcapLoadPartition((u32*)PartitionStartAddr,
(u32*)PartitionLoadAddr,
PartitionImageLength,
PartitionDataLength,
EncryptedPartitionFlag);
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL,"BITSTREAM_DOWNLOAD_FAIL\r\n");
OutputStatus(BITSTREAM_DOWNLOAD_FAIL);
FsblFallback();
}
}
}
/*
* FSBL user hook call after bitstream download
*/
if (PLPartitionFlag) {
Status = FsblHookAfterBitstreamDload();
if (Status != XST_SUCCESS) {
fsbl_printf(DEBUG_GENERAL,"FSBL_AFTER_BSTREAM_HOOK_FAIL\r\n");
OutputStatus(FSBL_AFTER_BSTREAM_HOOK_FAIL);
FsblFallback();
}
}
/*
* Increment partition number
*/
PartitionNum++;
}
return ExecAddress;
}
