u32 SdPadgen(u32 param)
{
(void) (param); // param is unused here
SdInfo *info = (SdInfo*) 0x20316000;
// setup AES key from SD
SetupSdKeyY0x34(false, NULL);
if (!DebugFileOpen("SDinfo.bin"))
return 1;
if (!DebugFileRead(info, 4, 0)) {
FileClose();
return 1;
}
if (!info->n_entries || info->n_entries > MAX_ENTRIES) {
FileClose();
Debug("Bad number of entries!");
return 1;
}
if (!DebugFileRead(info->entries, info->n_entries * sizeof(SdInfoEntry), 4)) {
FileClose();
return 1;
}
FileClose();
Debug("Number of entries: %i", info->n_entries);
for(u32 i = 0; i < info->n_entries; i++) {
PadInfo padInfo = {.keyslot = 0x34, .setKeyY = 0, .size_mb = info->entries[i].size_mb, .mode = AES_CNT_CTRNAND_MODE};
memcpy(padInfo.ctr, info->entries[i].ctr, 16);
memcpy(padInfo.filename, info->entries[i].filename, 180);
Debug ("%2i: %s (%iMB)", i, info->entries[i].filename, info->entries[i].size_mb);
if (CreatePad(&padInfo) != 0)
return 1; // this can't fail anyways
}
return 0;
}
u32 SdPadgenDirect(u32 param)
{
(void) (param); // param is unused here
SdInfo *info = (SdInfo*) 0x20316000;
char basepath[256];
u8 movable_keyY[16];
if (SetupSdKeyY0x34(true, movable_keyY) != 0)
return 1; // movable.sed has to be present in NAND
Debug("");
if (SdFolderSelector(basepath, movable_keyY) != 0)
return 1;
Debug("");
if (SdInfoGen(info, basepath) != 0)
return 1;
if (!info->n_entries) {
Debug("Nothing found in folder");
return 1;
}
Debug("Number of entries: %i", info->n_entries);
for(u32 i = 0; i < info->n_entries; i++) {
PadInfo padInfo = {.keyslot = 0x34, .setKeyY = 0, .size_mb = info->entries[i].size_mb, .mode = AES_CNT_CTRNAND_MODE};
memcpy(padInfo.ctr, info->entries[i].ctr, 16);
memcpy(padInfo.filename, info->entries[i].filename, 180);
Debug ("%2i: %s (%iMB)", i, info->entries[i].filename, info->entries[i].size_mb);
if (CreatePad(&padInfo) != 0)
return 1; // this can't fail anyways
}
return 0;
}
u32 AnyPadgen(u32 param)
{
(void) (param); // param is unused here
AnyPadInfo *info = (AnyPadInfo*) 0x20316000;
// get header
if ((FileGetData("anypad.bin", info, 16, 0) != 16) || !info->n_entries || info->n_entries > MAX_ENTRIES) {
Debug("Corrupt or not existing: anypad.bin");
return 1;
}
// get data
u32 data_size = info->n_entries * sizeof(AnyPadInfoEntry);
if (FileGetData("anypad.bin", (u8*) info + 16, data_size, 16) != data_size) {
Debug("File is missing data: anypad.bin");
return 1;
}
Debug("Processing anypad.bin...");
Debug("Number of entries: %i", info->n_entries);
for (u32 i = 0; i < info->n_entries; i++) { // this translates all entries to a standard padInfo struct
AnyPadInfoEntry* entry = &(info->entries[i]);
PadInfo padInfo = {.keyslot = entry->keyslot, .setKeyY = 0, .size_mb = 0, .size_b = entry->size_b, .mode = entry->mode};
memcpy(padInfo.filename, entry->filename, 80);
memcpy(padInfo.ctr, entry->ctr, 16);
// process keys
if (entry->setNormalKey)
setup_aeskey(entry->keyslot, entry->normalKey);
if (entry->setKeyX)
setup_aeskeyX(entry->keyslot, entry->keyX);
if (entry->setKeyY)
setup_aeskeyY(entry->keyslot, entry->keyY);
use_aeskey(entry->keyslot);
// process flags
if (entry->flags & (AP_USE_NAND_CTR|AP_USE_SD_CTR)) {
u32 ctr_add = getbe32(padInfo.ctr + 12);
u8 shasum[32];
u8 cid[16];
sdmmc_get_cid((entry->flags & AP_USE_NAND_CTR) ? 1 : 0, (uint32_t*) cid);
if (entry->mode == AES_CNT_TWLNAND_MODE) {
sha_quick(shasum, cid, 16, SHA1_MODE);
for (u32 i = 0; i < 16; i++)
padInfo.ctr[i] = shasum[15-i];
} else {
sha_quick(shasum, cid, 16, SHA256_MODE);
memcpy(padInfo.ctr, shasum, 16);
}
add_ctr(padInfo.ctr, ctr_add);
}
// create the pad
Debug ("%2i: %s (%ikB)", i, entry->filename, entry->size_b / 1024);
if (CreatePad(&padInfo) != 0)
return 1; // this can't fail anyways
}
return 0;
}
u32 CtrNandPadgen(u32 param)
{
char* filename = (param & PG_FORCESLOT4) ? "nand.fat16.slot0x04.xorpad" : "nand.fat16.xorpad";
u32 keyslot;
u32 nand_size;
// legacy sizes & offset, to work with Python 3DSFAT16Tool
if (GetUnitPlatform() == PLATFORM_3DS) {
if (param & PG_FORCESLOT4) {
Debug("This is a N3DS only feature");
return 1;
}
keyslot = 0x4;
nand_size = 758;
} else {
keyslot = (param & PG_FORCESLOT4) ? 0x4 : 0x5;
nand_size = 1055;
}
Debug("Creating NAND FAT16 xorpad. Size (MB): %u", nand_size);
Debug("Filename: %s", filename);
PadInfo padInfo = {
.keyslot = keyslot,
.setKeyY = 0,
.size_mb = nand_size,
.mode = AES_CNT_CTRNAND_MODE
};
strncpy(padInfo.filename, filename, 64);
if(GetNandCtr(padInfo.ctr, 0xB930000) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 TwlNandPadgen(u32 param)
{
(void) (param); // param is unused here
PartitionInfo* twln_info = GetPartitionInfo(P_TWLN);
u32 size_mb = (twln_info->size + (1024 * 1024) - 1) / (1024 * 1024);
Debug("Creating TWLN FAT16 xorpad. Size (MB): %u", size_mb);
Debug("Filename: twlnand.fat16.xorpad");
PadInfo padInfo = {
.keyslot = twln_info->keyslot,
.setKeyY = 0,
.size_mb = size_mb,
.filename = "twlnand.fat16.xorpad",
.mode = AES_CNT_TWLNAND_MODE
};
if(GetNandCtr(padInfo.ctr, twln_info->offset) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 Firm0Firm1Padgen(u32 param)
{
(void) (param); // param is unused here
PartitionInfo* firm0_info = GetPartitionInfo(P_FIRM0);
PartitionInfo* firm1_info = GetPartitionInfo(P_FIRM1);
u32 size_mb = (firm0_info->size + firm1_info->size + (1024 * 1024) - 1) / (1024 * 1024);
Debug("Creating FIRM0FIRM1 xorpad. Size (MB): %u", size_mb);
Debug("Filename: firm0firm1.xorpad");
PadInfo padInfo = {
.keyslot = firm0_info->keyslot,
.setKeyY = 0,
.size_mb = size_mb,
.filename = "firm0firm1.xorpad",
.mode = AES_CNT_CTRNAND_MODE
};
if(GetNandCtr(padInfo.ctr, firm0_info->offset) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 CtrNandPadgen(u32 param)
{
u32 keyslot;
u32 nand_size;
// legacy sizes & offset, to work with 3DSFAT16Tool
if (GetUnitPlatform() == PLATFORM_3DS) {
keyslot = 0x4;
nand_size = 758;
} else {
keyslot = 0x5;
nand_size = 1055;
}
Debug("Creating NAND FAT16 xorpad. Size (MB): %u", nand_size);
Debug("Filename: nand.fat16.xorpad");
PadInfo padInfo = {
.keyslot = keyslot,
.setKeyY = 0,
.size_mb = nand_size,
.filename = "nand.fat16.xorpad",
.mode = AES_CNT_CTRNAND_MODE
};
if(GetNandCtr(padInfo.ctr, 0xB930000) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 TwlNandPadgen(u32 param)
{
u32 size_mb = (partitions[0].size + (1024 * 1024) - 1) / (1024 * 1024);
Debug("Creating TWLN FAT16 xorpad. Size (MB): %u", size_mb);
Debug("Filename: twlnand.fat16.xorpad");
PadInfo padInfo = {
.keyslot = partitions[0].keyslot,
.setKeyY = 0,
.size_mb = size_mb,
.filename = "twlnand.fat16.xorpad",
.mode = AES_CNT_TWLNAND_MODE
};
if(GetNandCtr(padInfo.ctr, partitions[0].offset) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 Firm0Firm1Padgen(u32 param)
{
u32 size_mb = (partitions[3].size + partitions[4].size + (1024 * 1024) - 1) / (1024 * 1024);
Debug("Creating FIRM0FIRM1 xorpad. Size (MB): %u", size_mb);
Debug("Filename: firm0firm1.xorpad");
PadInfo padInfo = {
.keyslot = partitions[3].keyslot,
.setKeyY = 0,
.size_mb = size_mb,
.filename = "firm0firm1.xorpad",
.mode = AES_CNT_CTRNAND_MODE
};
if(GetNandCtr(padInfo.ctr, partitions[3].offset) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 GetNandCtr(u8* ctr, u32 offset)
{
static const char* versions[] = {"4.x", "5.x", "6.x", "7.x", "8.x", "9.x"};
static const u8* version_ctrs[] = {
(u8*)0x080D7CAC,
(u8*)0x080D858C,
(u8*)0x080D748C,
(u8*)0x080D740C,
(u8*)0x080D74CC,
(u8*)0x080D794C
};
static const u32 version_ctrs_len = sizeof(version_ctrs) / sizeof(u32);
static u8* ctr_start = NULL;
if (ctr_start == NULL) {
for (u32 i = 0; i < version_ctrs_len; i++) {
if (*(u32*)version_ctrs[i] == 0x5C980) {
Debug("System version %s", versions[i]);
ctr_start = (u8*) version_ctrs[i] + 0x30;
}
}
// If value not in previous list start memory scanning (test range)
if (ctr_start == NULL) {
for (u8* c = (u8*) 0x080D8FFF; c > (u8*) 0x08000000; c--) {
if (*(u32*)c == 0x5C980 && *(u32*)(c + 1) == 0x800005C9) {
ctr_start = c + 0x30;
Debug("CTR start 0x%08X", ctr_start);
break;
}
}
}
if (ctr_start == NULL) {
Debug("CTR start not found!");
return 1;
}
}
// the ctr is stored backwards in memory
if (offset >= 0x0B100000) { // CTRNAND/AGBSAVE region
for (u32 i = 0; i < 16; i++)
ctr[i] = *(ctr_start + (0xF - i));
} else { // TWL region
for (u32 i = 0; i < 16; i++)
ctr[i] = *(ctr_start + 0x88 + (0xF - i));
}
// increment counter
add_ctr(ctr, offset / 0x10);
return 0;
}
u32 DecryptNandToMem(u8* buffer, u32 offset, u32 size, PartitionInfo* partition)
{
CryptBufferInfo info = {.keyslot = partition->keyslot, .setKeyY = 0, .size = size, .buffer = buffer, .mode = partition->mode};
if(GetNandCtr(info.ctr, offset) != 0)
return 1;
u32 n_sectors = (size + NAND_SECTOR_SIZE - 1) / NAND_SECTOR_SIZE;
u32 start_sector = offset / NAND_SECTOR_SIZE;
ReadNandSectors(start_sector, n_sectors, buffer);
CryptBuffer(&info);
return 0;
}
u32 DecryptNandToFile(const char* filename, u32 offset, u32 size, PartitionInfo* partition)
{
u8* buffer = BUFFER_ADDRESS;
u32 result = 0;
if (!DebugFileCreate(filename, true))
return 1;
for (u32 i = 0; i < size; i += NAND_SECTOR_SIZE * SECTORS_PER_READ) {
u32 read_bytes = min(NAND_SECTOR_SIZE * SECTORS_PER_READ, (size - i));
ShowProgress(i, size);
DecryptNandToMem(buffer, offset + i, read_bytes, partition);
if(!DebugFileWrite(buffer, read_bytes, i)) {
result = 1;
break;
}
}
ShowProgress(0, 0);
FileClose();
return result;
}
