uint8_t *decryptFirmTitle(uint8_t *title, unsigned int size, uint8_t key[16])
{
uint8_t iv[0x10] = {0};
aes_context aes_ctxt;
aes_setkey_dec(&aes_ctxt, &key[0], 0x80);
aes_crypt_cbc(&aes_ctxt, AES_DECRYPT, size, iv, title, title);
return decryptFirmTitleNcch(title, size);
}
uint8_t *decryptFirmTitle(uint8_t *title, size_t size, size_t *firmSize, uint8_t key[16])
{
aes_context aes_ctxt;
uint8_t iv[16] = { 0 };
aes_setkey_dec(&aes_ctxt, &key[0], 0x80);
aes_crypt_cbc(&aes_ctxt, AES_DECRYPT, size, iv, title, title);
return decryptFirmTitleNcch(title, firmSize);
}
u8* decryptFirmTitle(u8* title, unsigned int size, unsigned int tid){
u8 key[0x10] = {0};
u8 iv[0x10] = {0};
GetTitleKey(&key[0], 0x00040138, tid);
aes_context aes_ctxt;
aes_setkey_dec(&aes_ctxt, &key[0], 0x80);
aes_crypt_cbc(&aes_ctxt, AES_DECRYPT, size, iv, title, title);
return decryptFirmTitleNcch(title, size);
}
int InstallData(char* drive){
static const FirmInfo agb_info = { 0x8B800, 0x4CE00, 0x08006800, 0xD600, 0xE200, 0x08020000};
static const FirmInfo twl_info = { 0x153600, 0x4D200, 0x08006800, 0xD600, 0xE200, 0x08020000};
FIL firmfile;
unsigned int progressWidth, progressX;
wchar_t progressbar[8] = {0,};
wchar_t *progress = progressbar;
int i;
progressWidth = getMpInfo() == MPINFO_CTR ? 7 : 3;
progressX = (BOT_SCREEN_WIDTH - progressWidth * FONT_WIDTH) / 2;
for (i = 0; i < progressWidth; i++)
wcscat(progressbar, strings[STR_PROGRESS]);
print(L"%ls", progressbar);
ConsolePrevLine();
//Create the workdir
sprintf(tmpstr, "%s:%s", drive, DATAFOLDER);
f_mkdir(tmpstr);
//Read firmware data
if (f_open(&firmfile, "firmware.bin", FA_READ | FA_OPEN_EXISTING) != FR_OK) return CONF_NOFIRMBIN;
wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
progress += wcslen(strings[STR_PROGRESS_OK]);
DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
//Create decrypted native_firm
f_read(&firmfile, WORKBUF, NAT_SIZE, &tmpu32);
uint8_t* n_firm = decryptFirmTitle(WORKBUF, NAT_SIZE, 0x00000002, 1);
wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
progress += wcslen(strings[STR_PROGRESS_OK]);
DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
getFirmPath(tmpstr, getMpInfo() == MPINFO_KTR ?
TID_KTR_NATIVE_FIRM : TID_CTR_NATIVE_FIRM);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, n_firm, NAT_SIZE, 0);
FileClose(&tempfile);
}else {
f_close(&firmfile);
return CONF_ERRNFIRM;
}
wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
progress += wcslen(strings[STR_PROGRESS_OK]);
DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
if (getMpInfo() != MPINFO_CTR)
goto end;
//Create AGB patched firmware
f_read(&firmfile, WORKBUF, AGB_SIZE, &tmpu32);
uint8_t* a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 1);
if (!a_firm && checkEmuNAND())
{
/* Try to get the Title Key from the EmuNAND */
a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 2);
if (!a_firm) {
/* If we cannot decrypt it from firmware.bin because of titlekey messed up,
it probably means that AGB has been modified in some way. */
//So we read it from his installed ncch...
FindApp(0x00040138, 0x00000202, 1);
char* path = getContentAppPath();
if (!FileOpen(&tempfile, path, 0) && checkEmuNAND())
{
/* Try with EmuNAND */
FindApp(0x00040138, 0x00000202, 2);
path = getContentAppPath();
if (!FileOpen(&tempfile, path, 0))
{
f_close(&firmfile);
return CONF_ERRNFIRM;
}
}
FileRead(&tempfile, WORKBUF, AGB_SIZE, 0);
FileClose(&tempfile);
a_firm = decryptFirmTitleNcch(WORKBUF, AGB_SIZE);
}
}
if (a_firm) {
if (applyPatch(a_firm, "/rxTools/system/patches/ctr/agb_firm.elf", &agb_info))
return CONF_ERRPATCH;
getFirmPath(tmpstr, TID_CTR_TWL_FIRM);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
FileClose(&tempfile);
}else {
f_close(&firmfile);
return CONF_ERRNFIRM;
}
wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
progress += wcslen(strings[STR_PROGRESS_OK]);
} else {
wcsncpy(progress, strings[STR_PROGRESS_FAIL], wcslen(strings[STR_PROGRESS_FAIL]));
progress += wcslen(strings[STR_PROGRESS_FAIL]); //If we get here, then we'll play without AGB, lol
}
DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
//Create TWL patched firmware
f_read(&firmfile, WORKBUF, TWL_SIZE, &tmpu32);
uint8_t* t_firm = decryptFirmTitle(WORKBUF, TWL_SIZE, 0x00000102, 1);
if(t_firm){
if (applyPatch(t_firm, "/rxTools/system/patches/ctr/twl_firm.elf", &twl_info))
return CONF_ERRPATCH;
getFirmPath(tmpstr, TID_CTR_TWL_FIRM);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, t_firm, TWL_SIZE, 0);
FileClose(&tempfile);
//FileCopy("0004013800000102.bin", tmpstr);
}else {
f_close(&firmfile);
return CONF_ERRNFIRM;
}
wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
progress += wcslen(strings[STR_PROGRESS_OK]);
}else{
wcsncpy(progress, strings[STR_PROGRESS_FAIL], wcslen(strings[STR_PROGRESS_FAIL]));
progress += wcslen(strings[STR_PROGRESS_FAIL]);
}
DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
sprintf(tmpstr, "%s:%s/data.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, __DATE__, 12, 0);
FileWrite(&tempfile, __TIME__, 9, 12);
FileClose(&tempfile);
}else {
f_close(&firmfile);
return CONF_CANTOPENFILE;
}
wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
progress += wcslen(strings[STR_PROGRESS_OK]);
DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
end:
f_close(&firmfile);
return 0;
}
int InstallData(char* drive){
FIL firmfile;
char* progressbar = "[ ]";
char* progress = progressbar+1;
print("%s", progressbar); ConsolePrevLine();
//Create the workdir
sprintf(tmpstr, "%s:%s", drive, DATAFOLDER);
f_mkdir(tmpstr);
f_chmod(tmpstr, AM_HID, AM_HID);
//Read firmware data
if(f_open(&firmfile, "firmware.bin", FA_READ | FA_OPEN_EXISTING) == FR_OK){
//... We'll see
}else return CONF_NOFIRMBIN;
*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
//Create patched native_firm
f_read(&firmfile, WORKBUF, NAT_SIZE, &tmpu32);
u8* n_firm = decryptFirmTitle(WORKBUF, NAT_SIZE, 0x00000002);
u8* n_firm_patch = GetFilePack("nat_patch.bin");
applyPatch(n_firm, n_firm_patch);
u8 keyx[16] = {0};
if(GetSystemVersion() < 3){
FileOpen(&tempfile, KEYFILENAME, 0);
FileRead(&tempfile, &keyx[0], 16, 0);
FileClose(&tempfile);
}
*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
for(int i = 0; i < NAT_SIZE; i+=0x4){
if(!strcmp((char*)n_firm + i, "Shit")){
if(1){
memcpy((char*)n_firm + i, rxmode_emu_label, 4);
}else{
memcpy((char*)n_firm + i, rxmode_sys_label , 4);
}
}
if(!strcmp((char*)n_firm + i, "InsertKeyXHere!") && keyx[0] != 0){
memcpy(n_firm + i, keyx, 16);
}
if(*((unsigned int*)(n_firm + i)) == 0xAAAABBBB){
*((unsigned int*)(n_firm + i)) = (checkEmuNAND() / 0x200) - 1;
}
}
*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
sprintf(tmpstr, "%s:%s/0004013800000002.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, n_firm, NAT_SIZE, 0);
FileClose(&tempfile);
//FileCopy("0004013800000002.bin", tmpstr);
}else return CONF_ERRNFIRM;
*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
//Create AGB patched firmware
f_read(&firmfile, WORKBUF, AGB_SIZE, &tmpu32);
u8* a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202);
u8* a_firm_patch = GetFilePack("agb_patch.bin");
if(a_firm){
applyPatch(a_firm, a_firm_patch);
sprintf(tmpstr, "%s:%s/0004013800000202.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
FileClose(&tempfile);
}else return CONF_ERRNFIRM;
*progress++ = '.';
}else{
//If we cannot decrypt it from firmware.bin becouse of titlekey messed up, it probably means that AGB has been modified in some way.
//So we read it from his installed ncch...
FindApp(0x00040138, 0x00000202, 1);
char* path = getContentAppPath();
FileOpen(&tempfile, path, 0);
FileRead(&tempfile, WORKBUF, AGB_SIZE, 0);
FileClose(&tempfile);
a_firm = decryptFirmTitleNcch(WORKBUF, AGB_SIZE);
if(a_firm){
applyPatch(a_firm, a_firm_patch);
sprintf(tmpstr, "%s:%s/0004013800000202.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
FileClose(&tempfile);
}else return CONF_ERRNFIRM;
*progress++ = '.';
}else{
*progress++ = 'x'; //If we get here, then we'll play without AGB, lol
}
}
DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
//Create TWL patched firmware
f_read(&firmfile, WORKBUF, TWL_SIZE, &tmpu32);
u8* t_firm = decryptFirmTitle(WORKBUF, TWL_SIZE, 0x00000102);
u8* t_firm_patch = GetFilePack("twl_patch.bin");
if(t_firm){
applyPatch(t_firm, t_firm_patch);
sprintf(tmpstr, "%s:%s/0004013800000102.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, t_firm, TWL_SIZE, 0);
FileClose(&tempfile);
//FileCopy("0004013800000102.bin", tmpstr);
}else return CONF_ERRNFIRM;
*progress++ = '.';
}else{
*progress++ = 'x';
}
DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
sprintf(tmpstr, "%s:%s/data.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, __DATE__, 12, 0);
FileWrite(&tempfile, __TIME__, 9, 12);
FileClose(&tempfile);
}else return CONF_CANTOPENFILE;
*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
f_close(&firmfile);
return 0;
}
int InstallData(char* drive){
static const FirmInfo native_info = { 0x66000, 0x84A00, 0x08006800, 0x35000, 0x31000, 0x1FF80000, 0x15B00, 0x16700, 0x08028000};
static const FirmInfo agb_info = { 0x8B800, 0x4CE00, 0x08006800, 0, 0, 0, 0xD600, 0xE200, 0x08020000};
static const FirmInfo twl_info = { 0x153600, 0x4D200, 0x08006800, 0, 0, 0, 0xD600, 0xE200, 0x08020000};
FIL firmfile;
wchar_t *progressbar = L"⬜⬜⬜⬜⬜⬜⬜";
wchar_t *progress = progressbar+0;
print(L"%ls", progressbar);
ConsolePrevLine();
//Create the workdir
sprintf(tmpstr, "%s:%s", drive, DATAFOLDER);
f_mkdir(tmpstr);
//Read firmware data
if (f_open(&firmfile, "firmware.bin", FA_READ | FA_OPEN_EXISTING) != FR_OK) return CONF_NOFIRMBIN;
*progress++ = PROGRESS_OK;
DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
//Create patched native_firm
f_read(&firmfile, WORKBUF, NAT_SIZE, &tmpu32);
u8* n_firm = decryptFirmTitle(WORKBUF, NAT_SIZE, 0x00000002, 1);
if (applyPatch(n_firm, "/rxTools/system/patches/native_firm.elf", &native_info))
return CONF_ERRPATCH;
u8 keyx[16] = {0};
if(GetSystemVersion() < 3){
if (!FileOpen(&tempfile, KEYFILENAME, 0))
{
f_close(&firmfile);
return CONF_CANTOPENFILE;
}
FileRead(&tempfile, &keyx[0], 16, 0);
FileClose(&tempfile);
}
*progress++ = PROGRESS_OK;
DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
for(int i = 0; i < NAT_SIZE; i+=0x4){
if(!strcmp((char*)n_firm + i, "InsertKeyXHere!") && keyx[0] != 0){
memcpy(n_firm + i, keyx, 16);
}
if(*((unsigned int*)(n_firm + i)) == 0xAAAABBBB){
*((unsigned int*)(n_firm + i)) = (checkEmuNAND() / 0x200) - 1;
}
}
*progress++ = PROGRESS_OK;
DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
sprintf(tmpstr, "%s:%s/0004013800000002.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, n_firm, NAT_SIZE, 0);
FileClose(&tempfile);
}else {
f_close(&firmfile);
return CONF_ERRNFIRM;
}
*progress++ = PROGRESS_OK;
DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
//Create AGB patched firmware
f_read(&firmfile, WORKBUF, AGB_SIZE, &tmpu32);
u8* a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 1);
if (!a_firm && checkEmuNAND())
{
/* Try to get the Title Key from the EmuNAND */
a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 2);
if (!a_firm) {
/* If we cannot decrypt it from firmware.bin because of titlekey messed up,
it probably means that AGB has been modified in some way. */
//So we read it from his installed ncch...
FindApp(0x00040138, 0x00000202, 1);
char* path = getContentAppPath();
if (!FileOpen(&tempfile, path, 0) && checkEmuNAND())
{
/* Try with EmuNAND */
FindApp(0x00040138, 0x00000202, 2);
path = getContentAppPath();
if (!FileOpen(&tempfile, path, 0))
{
f_close(&firmfile);
return CONF_ERRNFIRM;
}
}
FileRead(&tempfile, WORKBUF, AGB_SIZE, 0);
FileClose(&tempfile);
a_firm = decryptFirmTitleNcch(WORKBUF, AGB_SIZE);
}
}
if (a_firm) {
if (applyPatch(a_firm, "/rxTools/system/patches/agb_firm.elf", &agb_info))
return CONF_ERRPATCH;
sprintf(tmpstr, "%s:%s/0004013800000202.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
FileClose(&tempfile);
}else {
f_close(&firmfile);
return CONF_ERRNFIRM;
}
*progress++ = PROGRESS_OK;
} else {
*progress++ = PROGRESS_FAIL; //If we get here, then we'll play without AGB, lol
}
DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
//Create TWL patched firmware
f_read(&firmfile, WORKBUF, TWL_SIZE, &tmpu32);
u8* t_firm = decryptFirmTitle(WORKBUF, TWL_SIZE, 0x00000102, 1);
if(t_firm){
if (applyPatch(t_firm, "/rxTools/system/patches/twl_firm.elf", &twl_info))
return CONF_ERRPATCH;
sprintf(tmpstr, "%s:%s/0004013800000102.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, t_firm, TWL_SIZE, 0);
FileClose(&tempfile);
//FileCopy("0004013800000102.bin", tmpstr);
}else {
f_close(&firmfile);
return CONF_ERRNFIRM;
}
*progress++ = PROGRESS_OK;
}else{
*progress++ = PROGRESS_FAIL;
}
DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
sprintf(tmpstr, "%s:%s/data.bin", drive, DATAFOLDER);
if(FileOpen(&tempfile, tmpstr, 1)){
FileWrite(&tempfile, __DATE__, 12, 0);
FileWrite(&tempfile, __TIME__, 9, 12);
FileClose(&tempfile);
}else {
f_close(&firmfile);
return CONF_CANTOPENFILE;
}
*progress++ = PROGRESS_OK;
DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
f_close(&firmfile);
return 0;
}