void nand_readsectors(uint32_t sector_no, uint32_t numsectors, uint8_t *out, unsigned int partition) {
PartitionInfo info;
u8 myCtr[16];
for (int i = 0; i < 16; i++) {
myCtr[i] = NANDCTR[i];
}
info.ctr = myCtr;
info.buffer = out;
info.size = numsectors * 0x200;
info.keyY = NULL;
add_ctr(info.ctr, partition / 16);
switch (partition) {
case TWLN :
info.keyslot = 0x3;
break;
case TWLP :
info.keyslot = 0x3;
break;
case AGB_SAVE :
info.keyslot = 0x7;
break;
case FIRM0 :
info.keyslot = 0x6;
break;
case FIRM1 :
info.keyslot = 0x6;
break;
case CTRNAND :
info.keyslot = 0x4;
break;
}
add_ctr(info.ctr, sector_no * 0x20);
sdmmc_nand_readsectors(sector_no + partition / 0x200, numsectors, out);
DecryptPartition(&info);
}
int main()
{
// Initialize sdcard and nand
*(u32*)0x10000020 = 0;
*(u32*)0x10000020 = 0x340;
sdmmc_sdcard_init();
sdmmc_nand_readsectors(0x5C000, 0x20, (u8*)0x08006000);
// Jump to secondary payload
((void (*)())0x08006000)();
return 0;
}
static inline int ReadNandSectors(u32 sector_no, u32 numsectors, u8 *out)
{
if (emunand_header) {
if (sector_no == 0) {
int errorcode = sdmmc_sdcard_readsectors(emunand_header, 1, out);
if (errorcode) return errorcode;
sector_no = 1;
numsectors--;
out += 0x200;
}
return sdmmc_sdcard_readsectors(sector_no + emunand_offset, numsectors, out);
} else return sdmmc_nand_readsectors(sector_no, numsectors, out);
}
void NandDumper(){
File myFile;
int isEmuNand = SYS_NAND;
if(checkEmuNAND() && (isEmuNand = NandSwitch()) == UNK_NAND) return;
isEmuNand--;
ConsoleInit();
ConsoleSetTitle(L"%sNAND Dumper", isEmuNand ? "emu" : "sys");
unsigned char* buf = (void*)0x21000000;
unsigned int nsectors = 0x200; //sectors in a row
wchar_t ProgressBar[] = L"⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜⬜ ";
unsigned int progress = 0;
/* int BACKCOLOR = */ConsoleGetBackgroundColor(); //can be removed, left only to keep binaries the same
if(FileOpen(&myFile, isEmuNand ? "rxTools/nand/EMUNAND.bin" : "rxTools/nand/NAND.bin", 1)){
print(L"Dumping...\n\n");
ConsoleShow();
int x, y;
ConsoleGetXY(&x, &y);
y += FONT_HEIGHT * 6;
x += FONT_HWIDTH * 2;
DrawString(BOT_SCREEN, ProgressBar, x, y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
DrawString(BOT_SCREEN, L"Press Ⓑ anytime to abort", x, y + FONT_HEIGHT*2, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
for(int count = 0; count < NAND_SIZE/NAND_SECTOR_SIZE/nsectors; count++){
if(isEmuNand) sdmmc_sdcard_readsectors(count*nsectors, nsectors, buf);
else sdmmc_nand_readsectors(count*nsectors, nsectors, buf);
FileWrite(&myFile, buf, nsectors*NAND_SECTOR_SIZE, count*NAND_SECTOR_SIZE*nsectors);
TryScreenShot();
if((count % (int)(NAND_SIZE/NAND_SECTOR_SIZE/nsectors/16)) == 0 && count != 0){
DrawString(BOT_SCREEN, PROGRESS_OK, x+(FONT_WIDTH*(progress++)), y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
}
unsigned int pad = GetInput();
if(pad & BUTTON_B) break;
}
if(isEmuNand){
sdmmc_sdcard_readsectors(checkEmuNAND()/0x200, 1, buf);
FileWrite(&myFile, buf, 0x200, 0);
}
FileClose(&myFile);
print(L"\nFinished dumping!\n");
ConsoleShow();
}else{
print(L"Failed to create the dump.\n");
ConsoleShow();
}
print(L"\nPress Ⓐ to exit\n");
ConsoleShow();
WaitForButton(BUTTON_A);
}
void CFW_NandDumper(void){
//Nand dumper
unsigned char* buf = 0x21000000;
unsigned int nsectors = 0x200; //sectors in a row
//Here we draw the gui
TOP_Current = 0;
sprintf(str, "/3ds/PastaCFW/UI/%c/nand0.bin", cfw_theme);
DrawBottomSplash(str);
u32 pad_state = HidWaitForInput();
if (pad_state & BUTTON_A)
{
int PERCENTAGE = 0;
int NAND_SIZE;
if (cfw_FWValue == 'a' || cfw_FWValue == 'b') NAND_SIZE = NAND_SIZE_N3DS;
else NAND_SIZE = NAND_SIZE_O3DS;
sprintf(str, "/3ds/PastaCFW/UI/%c/nand1.bin", cfw_theme);
DrawBottomSplash(str);
if (FSFileCreate("/NAND.bin", true))
{
for (int count = 0; count < NAND_SIZE / NAND_SECTOR_SIZE / nsectors; count++)
{
sdmmc_nand_readsectors(count*nsectors, nsectors, buf);
FSFileWrite(buf, nsectors*NAND_SECTOR_SIZE, count*NAND_SECTOR_SIZE*nsectors);
if ((count % (int)(NAND_SIZE / NAND_SECTOR_SIZE / nsectors / 100)) == 0 && count != 0)
{
sprintf(str, "%d%%", PERCENTAGE);
DrawString(SCREEN_AREA_BOT0, str, 150, 195, RGB(255, 255, 255), RGB(187, 223, 249));
DrawString(SCREEN_AREA_BOT1, str, 150, 195, RGB(255, 255, 255), RGB(187, 223, 249));
PERCENTAGE++;
}
}
FSFileClose();
sprintf(str, "/3ds/PastaCFW/UI/%c/nand2O.bin", cfw_theme);
DrawBottomSplash(str);
}
else {
sprintf(str, "/3ds/PastaCFW/UI/%c/nand2E.bin", cfw_theme);
DrawBottomSplash(str);
}
}
HidWaitForInput();
}
void NandDumper(){
File myFile;
int isEmuNand = checkEmuNAND() ? NandSwitch() : 0;
if(isEmuNand == -1) return;
ConsoleInit();
ConsoleAddText(isEmuNand ? "EmuNAND Dumper\n" : "NAND Dumper\n");
unsigned char* buf = 0x21000000;
unsigned int nsectors = 0x200; //sectors in a row
char ProgressBar[] = "[ ]";
unsigned int progress = 1;
int BACKCOLOR = ConsoleGetBackgroundColor();
if(FileOpen(&myFile, isEmuNand ? "/nand/EMUNAND.bin" : "/nand/NAND.bin", 1)){
ConsoleAddText("Dumping...\n"); ConsoleShow();
int x, y; ConsoleGetXY(&x, &y); y += CHAR_WIDTH * 6; x += CHAR_WIDTH*2;
DrawString(TOP_SCREEN, ProgressBar, x, y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
DrawString(TOP_SCREEN, "Press B anytime to abort", x, y + CHAR_WIDTH*2, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
for(int count = 0; count < NAND_SIZE/NAND_SECTOR_SIZE/nsectors; count++){
if(isEmuNand) sdmmc_sdcard_readsectors(count*nsectors, nsectors, buf);
else sdmmc_nand_readsectors(count*nsectors, nsectors, buf);
FileWrite(&myFile, buf, nsectors*NAND_SECTOR_SIZE, count*NAND_SECTOR_SIZE*nsectors);
TryScreenShot();
if((count % (int)(NAND_SIZE/NAND_SECTOR_SIZE/nsectors/25)) == 0 && count != 0){
DrawString(TOP_SCREEN, "-", x+(CHAR_WIDTH*(progress++)), y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
}
unsigned int pad = GetInput();
if(pad & BUTTON_B) break;
}
if(isEmuNand){
sdmmc_sdcard_readsectors(checkEmuNAND()/0x200, 1, buf);
FileWrite(&myFile, buf, 0x200, 0);
}
FileClose(&myFile);
ConsoleAddText("\nFinished dumping!"); ConsoleShow();
}else{
ConsoleAddText("Failed to create the dump"); ConsoleShow();
}
ConsoleAddText("\nPress A to exit"); ConsoleShow();
WaitForButton(BUTTON_A);
}
u32 NandPadgen()
{
u8* ctrStart = FindNandCtr();
if (ctrStart == NULL)
return 1;
u8 ctr[16] = {0x0};
u32 i = 0;
for(i = 0; i < 16; i++)
ctr[i] = *(ctrStart + (15 - i)); //The CTR is stored backwards in memory.
add_ctr(ctr, 0xB93000); //The CTR stored in memory would theoretically be for NAND block 0, so we need to increment it some.
u32 keyslot = 0x0;
u32 nand_size = 0;
switch (GetUnitPlatform()) {
case PLATFORM_3DS:
keyslot = 0x4;
nand_size = 758;
break;
case PLATFORM_N3DS:
keyslot = 0x5;
nand_size = 1055;
break;
}
Debug("Creating NAND FAT16 xorpad. Size (MB): %u", nand_size);
Debug("Filename: nand.fat16.xorpad");
PadInfo padInfo = {.keyslot = keyslot, .setKeyY = 0, .size_mb = nand_size , .filename = "/nand.fat16.xorpad"};
memcpy(padInfo.CTR, ctr, 16);
u32 result = CreatePad(&padInfo);
if(result == 0) {
Debug("Done!");
return 0;
} else {
return 1;
}
}
u32 CreatePad(PadInfo *info)
{
static const uint8_t zero_buf[16] __attribute__((aligned(16))) = {0};
u8* buffer = BUFFER_ADDRESS;
u32 result = 0;
if (!FileCreate(info->filename, true)) // No DebugFileCreate() here - messages are already given
return 1;
if(info->setKeyY)
setup_aeskey(info->keyslot, AES_BIG_INPUT | AES_NORMAL_INPUT, info->keyY);
use_aeskey(info->keyslot);
u8 ctr[16] __attribute__((aligned(32)));
memcpy(ctr, info->CTR, 16);
u32 size_bytes = info->size_mb * 1024*1024;
for (u32 i = 0; i < size_bytes; i += BUFFER_MAX_SIZE) {
u32 curr_block_size = min(BUFFER_MAX_SIZE, size_bytes - i);
for (u32 j = 0; j < curr_block_size; j+= 16) {
set_ctr(AES_BIG_INPUT | AES_NORMAL_INPUT, ctr);
aes_decrypt((void*)zero_buf, (void*)buffer + j, ctr, 1, AES_CTR_MODE);
add_ctr(ctr, 1);
}
ShowProgress(i, size_bytes);
if (!DebugFileWrite((void*)buffer, curr_block_size, i)) {
result = 1;
break;
}
}
ShowProgress(0, 0);
FileClose();
return result;
}
u32 NandDumper() {
u8* buffer = BUFFER_ADDRESS;
u32 nand_size = (GetUnitPlatform() == PLATFORM_3DS) ? 0x3AF00000 : 0x4D800000;
u32 result = 0;
Debug("Dumping System NAND. Size (MB): %u", nand_size / (1024 * 1024));
if (!DebugFileCreate("/NAND.bin", true))
return 1;
u32 n_sectors = nand_size / NAND_SECTOR_SIZE;
for (u32 i = 0; i < n_sectors; i += SECTORS_PER_READ) {
ShowProgress(i, n_sectors);
sdmmc_nand_readsectors(i, SECTORS_PER_READ, buffer);
if(!DebugFileWrite(buffer, NAND_SECTOR_SIZE * SECTORS_PER_READ, i * NAND_SECTOR_SIZE)) {
result = 1;
break;
}
}
ShowProgress(0, 0);
FileClose();
return result;
}
u32 NandPartitionsDumper() {
u32 ctrnand_offset;
u32 ctrnand_size;
u32 keyslot;
switch (GetUnitPlatform()) {
case PLATFORM_3DS:
ctrnand_offset = 0x0B95CA00;
ctrnand_size = 0x2F3E3600;
keyslot = 0x4;
break;
case PLATFORM_N3DS:
ctrnand_offset = 0x0B95AE00;
ctrnand_size = 0x41D2D200;
keyslot = 0x5;
break;
}
// see: http://3dbrew.org/wiki/Flash_Filesystem
Debug("Dumping firm0.bin: %s!", DumpPartition("firm0.bin", 0x0B130000, 0x00400000, 0x6) == 0 ? "succeeded" : "failed");
Debug("Dumping firm1.bin: %s!", DumpPartition("firm1.bin", 0x0B530000, 0x00400000, 0x6) == 0 ? "succeeded" : "failed");
Debug("Dumping ctrnand.bin: %s!", DumpPartition("ctrnand.bin", ctrnand_offset, ctrnand_size, keyslot) == 0 ? "succeeded" : "failed");
return 0;
}
u32 SdPadgen()
{
u32 result;
SdInfo *info = (SdInfo*)0x20316000;
u8 movable_seed[0x120] = {0};
// Load console 0x34 keyY from movable.sed if present on SD card
if (DebugFileOpen("/movable.sed")) {
if (!DebugFileRead(&movable_seed, 0x120, 0)) {
FileClose();
return 1;
}
FileClose();
if (memcmp(movable_seed, "SEED", 4) != 0) {
Debug("movable.sed is too corrupt!");
return 1;
}
setup_aeskey(0x34, AES_BIG_INPUT|AES_NORMAL_INPUT, &movable_seed[0x110]);
use_aeskey(0x34);
}
if (!DebugFileOpen("/SDinfo.bin"))
return 1;
if (!DebugFileRead(info, 4, 0)) {
FileClose();
return 1;
}
if (!info->n_entries || info->n_entries > MAX_ENTRIES) {
Debug("Too many/few entries!");
return 1;
}
Debug("Number of entries: %i", info->n_entries);
if (!DebugFileRead(info->entries, info->n_entries * sizeof(SdInfoEntry), 4)) {
FileClose();
return 1;
}
FileClose();
for(u32 i = 0; i < info->n_entries; i++) {
Debug ("Creating pad number: %i. Size (MB): %i", i+1, info->entries[i].size_mb);
PadInfo padInfo = {.keyslot = 0x34, .setKeyY = 0, .size_mb = info->entries[i].size_mb};
memcpy(padInfo.CTR, info->entries[i].CTR, 16);
memcpy(padInfo.filename, info->entries[i].filename, 180);
result = CreatePad(&padInfo);
if (!result)
Debug("Done!");
else
return 1;
}
return 0;
}
static u8* FindNandCtr()
{
static const char* versions[] = {"4.x", "5.x", "6.x", "7.x", "8.x", "9.x"};
static const u8* version_ctrs[] = {
(u8*)0x080D7CAC,
(u8*)0x080D858C,
(u8*)0x080D748C,
(u8*)0x080D740C,
(u8*)0x080D74CC,
(u8*)0x080D794C
};
static const u32 version_ctrs_len = sizeof(version_ctrs) / sizeof(u32);
for (u32 i = 0; i < version_ctrs_len; i++) {
if (*(u32*)version_ctrs[i] == 0x5C980) {
Debug("System version %s", versions[i]);
return (u8*)(version_ctrs[i] + 0x30);
}
}
// If value not in previous list start memory scanning (test range)
for (u8* c = (u8*)0x080D8FFF; c > (u8*)0x08000000; c--) {
if (*(u32*)c == 0x5C980 && *(u32*)(c + 1) == 0x800005C9) {
Debug("CTR Start 0x%08X", c + 0x30);
return c + 0x30;
}
}
return NULL;
}
u32 DumpPartition(char* filename, u32 offset, u32 size, u32 keyslot) {
DecryptBufferInfo info;
u8* buffer = BUFFER_ADDRESS;
u8* ctrStart = FindNandCtr();
u32 result = 0;
Debug("Dumping System NAND Partition. Size (MB): %u", size / (1024 * 1024));
Debug("Filename: %s", filename);
if (ctrStart == NULL)
return 1;
info.keyslot = keyslot;
info.setKeyY = 0;
info.size = SECTORS_PER_READ * NAND_SECTOR_SIZE;
info.buffer = buffer;
for (u32 i = 0; i < 16; i++) {
info.CTR[i] = *(ctrStart + (0xF - i)); // The CTR is stored backwards in memory.
}
add_ctr(info.CTR, offset / 0x10);
if (!DebugFileCreate(filename, true))
return 1;
u32 n_sectors = size / NAND_SECTOR_SIZE;
u32 start_sector = offset / NAND_SECTOR_SIZE;
for (u32 i = 0; i < n_sectors; i += SECTORS_PER_READ) {
ShowProgress(i, n_sectors);
sdmmc_nand_readsectors(start_sector + i, SECTORS_PER_READ, buffer);
DecryptBuffer(&info);
if (!DebugFileWrite(buffer, NAND_SECTOR_SIZE * SECTORS_PER_READ, i * NAND_SECTOR_SIZE)) {
result = 1;
break;
}
}
ShowProgress(0, 0);
FileClose();
return result;
}
void NandDumper(){
ConsoleSetTitle(strings[STR_DUMP], strings[STR_NAND]);
File myFile;
int isEmuNand = SYS_NAND;
if(checkEmuNAND() && (isEmuNand = NandSwitch()) == UNK_NAND) return;
isEmuNand--;
ConsoleInit();
ConsoleSetTitle(strings[STR_DUMP], strings[STR_NAND]);
unsigned char* buf = (void*)0x21000000;
unsigned int nsectors = 0x200; //sectors in a row
wchar_t tmpstr[STR_MAX_LEN];
wchar_t ProgressBar[41] = {0,};
for(int i=0; i<PROGRESS_WIDTH; i++)
wcscat(ProgressBar, strings[STR_PROGRESS]);
unsigned int progress = 0;
wchar_t filename[_MAX_LFN];
swprintf(filename, _MAX_LFN, L"rxTools/nand/%sNAND.bin",
isEmuNand ? L"EMU" : L"");
if(FileOpen(&myFile, filename, 1)){
print(strings[STR_DUMPING], isEmuNand ? strings[STR_EMUNAND] : strings[STR_SYSNAND], filename);
ConsoleShow();
int x, y;
ConsoleGetXY(&x, &y);
y += FONT_HEIGHT * 6;
x += FONT_HWIDTH * 2;
DrawString(BOT_SCREEN, ProgressBar, x, y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
swprintf(tmpstr, STR_MAX_LEN, strings[STR_PRESS_BUTTON_ACTION], strings[STR_BUTTON_B], strings[STR_CANCEL]);
DrawString(BOT_SCREEN, tmpstr, x, y + FONT_HEIGHT*2, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
for(int count = 0; count < getNandSize()/NAND_SECTOR_SIZE/nsectors; count++){
if(isEmuNand) sdmmc_sdcard_readsectors(count*nsectors, nsectors, buf);
else sdmmc_nand_readsectors(count*nsectors, nsectors, buf);
FileWrite(&myFile, buf, nsectors*NAND_SECTOR_SIZE, count*NAND_SECTOR_SIZE*nsectors);
TryScreenShot();
if((count % (int)(getNandSize()/NAND_SECTOR_SIZE/nsectors/PROGRESS_WIDTH)) == 0 && count != 0){
DrawString(BOT_SCREEN, strings[STR_PROGRESS_OK], x+(FONT_WIDTH*(progress++)), y, ConsoleGetTextColor(), ConsoleGetBackgroundColor());
}
unsigned int pad = GetInput();
if (pad & BUTTON_B) {
FileClose(&myFile);
goto end;
}
}
if(isEmuNand){
sdmmc_sdcard_readsectors(checkEmuNAND()/0x200, 1, buf);
FileWrite(&myFile, buf, 0x200, 0);
}
FileClose(&myFile);
print(strings[STR_COMPLETED]);
ConsoleShow();
}else{
print(strings[STR_FAILED]);
ConsoleShow();
}
end:
print(strings[STR_PRESS_BUTTON_ACTION], strings[STR_BUTTON_A], strings[STR_CONTINUE]);
ConsoleShow();
WaitForButton(BUTTON_A);
}
