Esempio n. 1
0
uint8_t *decryptFirmTitle(uint8_t *title, unsigned int size, uint8_t key[16])
{
	uint8_t iv[0x10] = {0};
	aes_context aes_ctxt;
	aes_setkey_dec(&aes_ctxt, &key[0], 0x80);
	aes_crypt_cbc(&aes_ctxt, AES_DECRYPT, size, iv, title, title);
	return decryptFirmTitleNcch(title, size);
}
Esempio n. 2
0
uint8_t *decryptFirmTitle(uint8_t *title, size_t size, size_t *firmSize, uint8_t key[16])
{
	aes_context aes_ctxt;

	uint8_t iv[16] = { 0 };
	aes_setkey_dec(&aes_ctxt, &key[0], 0x80);
	aes_crypt_cbc(&aes_ctxt, AES_DECRYPT, size, iv, title, title);
	return decryptFirmTitleNcch(title, firmSize);
}
Esempio n. 3
0
u8* decryptFirmTitle(u8* title, unsigned int size, unsigned int tid){
	u8 key[0x10] = {0};
	u8 iv[0x10] = {0};
	GetTitleKey(&key[0], 0x00040138, tid);
	aes_context aes_ctxt;
	aes_setkey_dec(&aes_ctxt, &key[0], 0x80);
	aes_crypt_cbc(&aes_ctxt, AES_DECRYPT, size, iv, title, title);
	return decryptFirmTitleNcch(title, size);
}
Esempio n. 4
0
int InstallData(char* drive){
	static const FirmInfo agb_info = { 0x8B800, 0x4CE00, 0x08006800, 0xD600, 0xE200, 0x08020000};
	static const FirmInfo twl_info = { 0x153600, 0x4D200, 0x08006800, 0xD600, 0xE200, 0x08020000};
	FIL firmfile;
	unsigned int progressWidth, progressX;
	wchar_t progressbar[8] = {0,};
	wchar_t *progress = progressbar;
	int i;

	progressWidth = getMpInfo() == MPINFO_CTR ? 7 : 3;
	progressX = (BOT_SCREEN_WIDTH - progressWidth * FONT_WIDTH) / 2;

	for (i = 0; i < progressWidth; i++)
		wcscat(progressbar, strings[STR_PROGRESS]);
	print(L"%ls", progressbar);
	ConsolePrevLine();

	//Create the workdir
	sprintf(tmpstr, "%s:%s", drive, DATAFOLDER);
	f_mkdir(tmpstr);

	//Read firmware data
	if (f_open(&firmfile, "firmware.bin", FA_READ | FA_OPEN_EXISTING) != FR_OK) return CONF_NOFIRMBIN;
	wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
	progress += wcslen(strings[STR_PROGRESS_OK]);
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	//Create decrypted native_firm
	f_read(&firmfile, WORKBUF, NAT_SIZE, &tmpu32);
	uint8_t* n_firm = decryptFirmTitle(WORKBUF, NAT_SIZE, 0x00000002, 1);
	wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
	progress += wcslen(strings[STR_PROGRESS_OK]);
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	getFirmPath(tmpstr, getMpInfo() == MPINFO_KTR ?
		TID_KTR_NATIVE_FIRM : TID_CTR_NATIVE_FIRM);
	if(FileOpen(&tempfile, tmpstr, 1)){
		FileWrite(&tempfile, n_firm, NAT_SIZE, 0);
		FileClose(&tempfile);
	}else {
		f_close(&firmfile);
		return CONF_ERRNFIRM;
	}
	wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
	progress += wcslen(strings[STR_PROGRESS_OK]);
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	if (getMpInfo() != MPINFO_CTR)
		goto end;

	//Create AGB patched firmware
	f_read(&firmfile, WORKBUF, AGB_SIZE, &tmpu32);
	uint8_t* a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 1);
	if (!a_firm && checkEmuNAND())
	{
		/* Try to get the Title Key from the EmuNAND */
		a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 2);
		if (!a_firm) {
			/* If we cannot decrypt it from firmware.bin because of titlekey messed up,
			it probably means that AGB has been modified in some way. */
			//So we read it from his installed ncch...
			FindApp(0x00040138, 0x00000202, 1);
			char* path = getContentAppPath();
			if (!FileOpen(&tempfile, path, 0) && checkEmuNAND())
			{
				/* Try with EmuNAND */
				FindApp(0x00040138, 0x00000202, 2);
				path = getContentAppPath();
				if (!FileOpen(&tempfile, path, 0))
				{
					f_close(&firmfile);
					return CONF_ERRNFIRM;
				}
			}

			FileRead(&tempfile, WORKBUF, AGB_SIZE, 0);
			FileClose(&tempfile);
			a_firm = decryptFirmTitleNcch(WORKBUF, AGB_SIZE);
		}
	}

	if (a_firm) {
		if (applyPatch(a_firm, "/rxTools/system/patches/ctr/agb_firm.elf", &agb_info))
			return CONF_ERRPATCH;

		getFirmPath(tmpstr, TID_CTR_TWL_FIRM);
		if(FileOpen(&tempfile, tmpstr, 1)){
			FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
			FileClose(&tempfile);
		}else {
			f_close(&firmfile);
			return CONF_ERRNFIRM;
		}
		wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
		progress += wcslen(strings[STR_PROGRESS_OK]);
	} else {
		wcsncpy(progress, strings[STR_PROGRESS_FAIL], wcslen(strings[STR_PROGRESS_FAIL]));
		progress += wcslen(strings[STR_PROGRESS_FAIL]); //If we get here, then we'll play without AGB, lol
	}

	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	//Create TWL patched firmware
	f_read(&firmfile, WORKBUF, TWL_SIZE, &tmpu32);
	uint8_t* t_firm = decryptFirmTitle(WORKBUF, TWL_SIZE, 0x00000102, 1);
	if(t_firm){
		if (applyPatch(t_firm, "/rxTools/system/patches/ctr/twl_firm.elf", &twl_info))
			return CONF_ERRPATCH;

		getFirmPath(tmpstr, TID_CTR_TWL_FIRM);
		if(FileOpen(&tempfile, tmpstr, 1)){
			FileWrite(&tempfile, t_firm, TWL_SIZE, 0);
			FileClose(&tempfile);
			//FileCopy("0004013800000102.bin", tmpstr);
		}else {
			f_close(&firmfile);
			return CONF_ERRNFIRM;
		}
		wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
		progress += wcslen(strings[STR_PROGRESS_OK]);
	}else{
		wcsncpy(progress, strings[STR_PROGRESS_FAIL], wcslen(strings[STR_PROGRESS_FAIL]));
		progress += wcslen(strings[STR_PROGRESS_FAIL]);
	}
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	sprintf(tmpstr, "%s:%s/data.bin", drive, DATAFOLDER);
	if(FileOpen(&tempfile, tmpstr, 1)){
		FileWrite(&tempfile, __DATE__, 12, 0);
		FileWrite(&tempfile, __TIME__, 9, 12);
		FileClose(&tempfile);
	}else {
		f_close(&firmfile);
		return CONF_CANTOPENFILE;
	}
	wcsncpy(progress, strings[STR_PROGRESS_OK], wcslen(strings[STR_PROGRESS_OK]));
	progress += wcslen(strings[STR_PROGRESS_OK]);
	DrawString(BOT_SCREEN, progressbar, progressX, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

end:
	f_close(&firmfile);
	return 0;
}
Esempio n. 5
0
int InstallData(char* drive){
	FIL firmfile;
	char* progressbar = "[       ]";
	char* progress = progressbar+1;
	print("%s", progressbar);  ConsolePrevLine();
	
	//Create the workdir
	sprintf(tmpstr, "%s:%s", drive, DATAFOLDER);
	f_mkdir(tmpstr);
	f_chmod(tmpstr, AM_HID, AM_HID);
	
	//Read firmware data
	if(f_open(&firmfile, "firmware.bin", FA_READ | FA_OPEN_EXISTING) == FR_OK){
		//... We'll see
	}else return CONF_NOFIRMBIN;
	*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	
	//Create patched native_firm
	f_read(&firmfile, WORKBUF, NAT_SIZE, &tmpu32);
	u8* n_firm = decryptFirmTitle(WORKBUF, NAT_SIZE, 0x00000002);
	u8* n_firm_patch = GetFilePack("nat_patch.bin");
	applyPatch(n_firm, n_firm_patch);
	u8 keyx[16] = {0};
	if(GetSystemVersion() < 3){
		FileOpen(&tempfile, KEYFILENAME, 0);
		FileRead(&tempfile, &keyx[0], 16, 0);
		FileClose(&tempfile);
	}
	*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	for(int i = 0; i < NAT_SIZE; i+=0x4){
		if(!strcmp((char*)n_firm + i, "Shit")){
			if(1){
				memcpy((char*)n_firm + i, rxmode_emu_label, 4);
			}else{
				memcpy((char*)n_firm + i, rxmode_sys_label , 4);
			}
		}
		if(!strcmp((char*)n_firm + i, "InsertKeyXHere!") && keyx[0] != 0){
			memcpy(n_firm + i, keyx, 16);
		}
		if(*((unsigned int*)(n_firm + i)) == 0xAAAABBBB){
			*((unsigned int*)(n_firm + i)) = (checkEmuNAND() / 0x200) - 1;
		}
	}
	*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	sprintf(tmpstr, "%s:%s/0004013800000002.bin", drive, DATAFOLDER);
	if(FileOpen(&tempfile, tmpstr, 1)){
		FileWrite(&tempfile, n_firm, NAT_SIZE, 0);
		FileClose(&tempfile);
		//FileCopy("0004013800000002.bin", tmpstr);
	}else return CONF_ERRNFIRM;
	*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	
	//Create AGB patched firmware
	f_read(&firmfile, WORKBUF, AGB_SIZE, &tmpu32);
	u8* a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202);
	u8* a_firm_patch = GetFilePack("agb_patch.bin");
	if(a_firm){
		applyPatch(a_firm, a_firm_patch);
		sprintf(tmpstr, "%s:%s/0004013800000202.bin", drive, DATAFOLDER);
		if(FileOpen(&tempfile, tmpstr, 1)){
			FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
			FileClose(&tempfile);
		}else return CONF_ERRNFIRM;
		*progress++ = '.';
	}else{	
		//If we cannot decrypt it from firmware.bin becouse of titlekey messed up, it probably means that AGB has been modified in some way.
		//So we read it from his installed ncch...
		FindApp(0x00040138, 0x00000202, 1);
		char* path = getContentAppPath();
		FileOpen(&tempfile, path, 0);
		FileRead(&tempfile, WORKBUF, AGB_SIZE, 0);
		FileClose(&tempfile);
		a_firm = decryptFirmTitleNcch(WORKBUF, AGB_SIZE);
		if(a_firm){
			applyPatch(a_firm, a_firm_patch);
			sprintf(tmpstr, "%s:%s/0004013800000202.bin", drive, DATAFOLDER);
			if(FileOpen(&tempfile, tmpstr, 1)){
				FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
				FileClose(&tempfile);
			}else return CONF_ERRNFIRM;
			*progress++ = '.';
		}else{
			*progress++ = 'x'; //If we get here, then we'll play without AGB, lol
		}
	}
	DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	
	//Create TWL patched firmware
	f_read(&firmfile, WORKBUF, TWL_SIZE, &tmpu32);
	u8* t_firm = decryptFirmTitle(WORKBUF, TWL_SIZE, 0x00000102);
	u8* t_firm_patch = GetFilePack("twl_patch.bin");
	if(t_firm){
		applyPatch(t_firm, t_firm_patch);
		sprintf(tmpstr, "%s:%s/0004013800000102.bin", drive, DATAFOLDER);
		if(FileOpen(&tempfile, tmpstr, 1)){
			FileWrite(&tempfile, t_firm, TWL_SIZE, 0);
			FileClose(&tempfile);
			//FileCopy("0004013800000102.bin", tmpstr);
		}else return CONF_ERRNFIRM;
		*progress++ = '.'; 
	}else{
		*progress++ = 'x'; 
	}
	DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	
	sprintf(tmpstr, "%s:%s/data.bin", drive, DATAFOLDER);
	if(FileOpen(&tempfile, tmpstr, 1)){
		FileWrite(&tempfile, __DATE__, 12, 0);
		FileWrite(&tempfile, __TIME__, 9, 12);
		FileClose(&tempfile);
	}else return CONF_CANTOPENFILE;
	*progress++ = '.'; DrawString(BOT_SCREEN, progressbar, 130, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	
	f_close(&firmfile);
	return 0;
}
Esempio n. 6
0
int InstallData(char* drive){
	static const FirmInfo native_info = { 0x66000, 0x84A00, 0x08006800, 0x35000, 0x31000, 0x1FF80000, 0x15B00, 0x16700, 0x08028000};
	static const FirmInfo agb_info = { 0x8B800, 0x4CE00, 0x08006800, 0, 0, 0, 0xD600, 0xE200, 0x08020000};
	static const FirmInfo twl_info = { 0x153600, 0x4D200, 0x08006800, 0, 0, 0, 0xD600, 0xE200, 0x08020000};
	FIL firmfile;
	wchar_t *progressbar = L"⬜⬜⬜⬜⬜⬜⬜";
	wchar_t *progress = progressbar+0;
	print(L"%ls", progressbar);
	ConsolePrevLine();

	//Create the workdir
	sprintf(tmpstr, "%s:%s", drive, DATAFOLDER);
	f_mkdir(tmpstr);

	//Read firmware data
	if (f_open(&firmfile, "firmware.bin", FA_READ | FA_OPEN_EXISTING) != FR_OK) return CONF_NOFIRMBIN;
	*progress++ = PROGRESS_OK;
	DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	//Create patched native_firm
	f_read(&firmfile, WORKBUF, NAT_SIZE, &tmpu32);
	u8* n_firm = decryptFirmTitle(WORKBUF, NAT_SIZE, 0x00000002, 1);
	if (applyPatch(n_firm, "/rxTools/system/patches/native_firm.elf", &native_info))
		return CONF_ERRPATCH;

	u8 keyx[16] = {0};
	if(GetSystemVersion() < 3){
		if (!FileOpen(&tempfile, KEYFILENAME, 0))
		{
			f_close(&firmfile);
			return CONF_CANTOPENFILE;
		}
		FileRead(&tempfile, &keyx[0], 16, 0);
		FileClose(&tempfile);
	}
	*progress++ = PROGRESS_OK;
	DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	for(int i = 0; i < NAT_SIZE; i+=0x4){
		if(!strcmp((char*)n_firm + i, "InsertKeyXHere!") && keyx[0] != 0){
			memcpy(n_firm + i, keyx, 16);
		}
		if(*((unsigned int*)(n_firm + i)) == 0xAAAABBBB){
			*((unsigned int*)(n_firm + i)) = (checkEmuNAND() / 0x200) - 1;
		}
	}
	*progress++ = PROGRESS_OK;
	DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
	sprintf(tmpstr, "%s:%s/0004013800000002.bin", drive, DATAFOLDER);
	if(FileOpen(&tempfile, tmpstr, 1)){
		FileWrite(&tempfile, n_firm, NAT_SIZE, 0);
		FileClose(&tempfile);
	}else {
		f_close(&firmfile);
		return CONF_ERRNFIRM;
	}
	*progress++ = PROGRESS_OK;
	DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	//Create AGB patched firmware
	f_read(&firmfile, WORKBUF, AGB_SIZE, &tmpu32);
	u8* a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 1);
	if (!a_firm && checkEmuNAND())
	{
		/* Try to get the Title Key from the EmuNAND */
		a_firm = decryptFirmTitle(WORKBUF, AGB_SIZE, 0x00000202, 2);
		if (!a_firm) {
			/* If we cannot decrypt it from firmware.bin because of titlekey messed up,
			it probably means that AGB has been modified in some way. */
			//So we read it from his installed ncch...
			FindApp(0x00040138, 0x00000202, 1);
			char* path = getContentAppPath();
			if (!FileOpen(&tempfile, path, 0) && checkEmuNAND())
			{
				/* Try with EmuNAND */
				FindApp(0x00040138, 0x00000202, 2);
				path = getContentAppPath();
				if (!FileOpen(&tempfile, path, 0))
				{
					f_close(&firmfile);
					return CONF_ERRNFIRM;
				}
			}

			FileRead(&tempfile, WORKBUF, AGB_SIZE, 0);
			FileClose(&tempfile);
			a_firm = decryptFirmTitleNcch(WORKBUF, AGB_SIZE);
		}
	}

	if (a_firm) {
		if (applyPatch(a_firm, "/rxTools/system/patches/agb_firm.elf", &agb_info))
			return CONF_ERRPATCH;

		sprintf(tmpstr, "%s:%s/0004013800000202.bin", drive, DATAFOLDER);
		if(FileOpen(&tempfile, tmpstr, 1)){
			FileWrite(&tempfile, a_firm, AGB_SIZE, 0);
			FileClose(&tempfile);
		}else {
			f_close(&firmfile);
			return CONF_ERRNFIRM;
		}
		*progress++ = PROGRESS_OK;
	} else {
		*progress++ = PROGRESS_FAIL; //If we get here, then we'll play without AGB, lol
	}

	DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	//Create TWL patched firmware
	f_read(&firmfile, WORKBUF, TWL_SIZE, &tmpu32);
	u8* t_firm = decryptFirmTitle(WORKBUF, TWL_SIZE, 0x00000102, 1);
	if(t_firm){
		if (applyPatch(t_firm, "/rxTools/system/patches/twl_firm.elf", &twl_info))
			return CONF_ERRPATCH;

		sprintf(tmpstr, "%s:%s/0004013800000102.bin", drive, DATAFOLDER);
		if(FileOpen(&tempfile, tmpstr, 1)){
			FileWrite(&tempfile, t_firm, TWL_SIZE, 0);
			FileClose(&tempfile);
			//FileCopy("0004013800000102.bin", tmpstr);
		}else {
			f_close(&firmfile);
			return CONF_ERRNFIRM;
		}
		*progress++ = PROGRESS_OK;
	}else{
		*progress++ = PROGRESS_FAIL;
	}
	DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	sprintf(tmpstr, "%s:%s/data.bin", drive, DATAFOLDER);
	if(FileOpen(&tempfile, tmpstr, 1)){
		FileWrite(&tempfile, __DATE__, 12, 0);
		FileWrite(&tempfile, __TIME__, 9, 12);
		FileClose(&tempfile);
	}else {
		f_close(&firmfile);
		return CONF_CANTOPENFILE;
	}
	*progress++ = PROGRESS_OK;
	DrawString(BOT_SCREEN, progressbar, PROGRESS_X, 50, ConsoleGetTextColor(), ConsoleGetBackgroundColor());

	f_close(&firmfile);
	return 0;
}