u32 DecryptTitlekeys(void)
{
EncKeysInfo *info = (EncKeysInfo*)0x20316000;
if (!DebugFileOpen("/encTitleKeys.bin"))
return 1;
if (!DebugFileRead(info, 16, 0)) {
FileClose();
return 1;
}
if (!info->n_entries || info->n_entries > MAX_ENTRIES) {
Debug("Too many/few entries specified: %i", info->n_entries);
FileClose();
return 1;
}
Debug("Number of entries: %i", info->n_entries);
if (!DebugFileRead(info->entries, info->n_entries * sizeof(TitleKeyEntry), 16)) {
FileClose();
return 1;
}
FileClose();
Debug("Decrypting Title Keys...");
u8 ctr[16] __attribute__((aligned(32)));
u8 keyY[16] __attribute__((aligned(32)));
u32 i;
for (i = 0; i < info->n_entries; i++) {
memset(ctr, 0, 16);
memcpy(ctr, info->entries[i].titleId, 8);
set_ctr(AES_BIG_INPUT|AES_NORMAL_INPUT, ctr);
memcpy(keyY, (void *)common_keyy[info->entries[i].commonKeyIndex], 16);
setup_aeskey(0x3D, AES_BIG_INPUT|AES_NORMAL_INPUT, keyY);
use_aeskey(0x3D);
aes_decrypt(info->entries[i].encryptedTitleKey, info->entries[i].encryptedTitleKey, ctr, 1, AES_CBC_DECRYPT_MODE);
}
if (!DebugFileCreate("/decTitleKeys.bin", true))
return 1;
if (!DebugFileWrite(info, info->n_entries * sizeof(TitleKeyEntry) + 16, 0)) {
FileClose();
return 1;
}
FileClose();
Debug("Done!");
return 0;
}
u32 SdPadgen()
{
u32 result;
SdInfo *info = (SdInfo*)0x20316000;
u8 movable_seed[0x120] = {0};
// Load console 0x34 keyY from movable.sed if present on SD card
if (DebugFileOpen("/movable.sed")) {
if (!DebugFileRead(&movable_seed, 0x120, 0)) {
FileClose();
return 1;
}
FileClose();
if (memcmp(movable_seed, "SEED", 4) != 0) {
Debug("movable.sed is too corrupt!");
return 1;
}
setup_aeskey(0x34, AES_BIG_INPUT|AES_NORMAL_INPUT, &movable_seed[0x110]);
use_aeskey(0x34);
}
if (!DebugFileOpen("/SDinfo.bin"))
return 1;
if (!DebugFileRead(info, 4, 0)) {
FileClose();
return 1;
}
if (!info->n_entries || info->n_entries > MAX_ENTRIES) {
Debug("Too many/few entries!");
return 1;
}
Debug("Number of entries: %i", info->n_entries);
if (!DebugFileRead(info->entries, info->n_entries * sizeof(SdInfoEntry), 4)) {
FileClose();
return 1;
}
FileClose();
for(u32 i = 0; i < info->n_entries; i++) {
Debug ("Creating pad number: %i. Size (MB): %i", i+1, info->entries[i].size_mb);
PadInfo padInfo = {.keyslot = 0x34, .setKeyY = 0, .size_mb = info->entries[i].size_mb};
memcpy(padInfo.CTR, info->entries[i].CTR, 16);
memcpy(padInfo.filename, info->entries[i].filename, 180);
result = CreatePad(&padInfo);
if (!result)
Debug("Done!");
else
return 1;
}
return 0;
}
static u8* FindNandCtr()
{
static const char* versions[] = {"4.x", "5.x", "6.x", "7.x", "8.x", "9.x"};
static const u8* version_ctrs[] = {
(u8*)0x080D7CAC,
(u8*)0x080D858C,
(u8*)0x080D748C,
(u8*)0x080D740C,
(u8*)0x080D74CC,
(u8*)0x080D794C
};
static const u32 version_ctrs_len = sizeof(version_ctrs) / sizeof(u32);
for (u32 i = 0; i < version_ctrs_len; i++) {
if (*(u32*)version_ctrs[i] == 0x5C980) {
Debug("System version %s", versions[i]);
return (u8*)(version_ctrs[i] + 0x30);
}
}
// If value not in previous list start memory scanning (test range)
for (u8* c = (u8*)0x080D8FFF; c > (u8*)0x08000000; c--) {
if (*(u32*)c == 0x5C980 && *(u32*)(c + 1) == 0x800005C9) {
Debug("CTR Start 0x%08X", c + 0x30);
return c + 0x30;
}
}
return NULL;
}
u32 DumpPartition(char* filename, u32 offset, u32 size, u32 keyslot) {
DecryptBufferInfo info;
u8* buffer = BUFFER_ADDRESS;
u8* ctrStart = FindNandCtr();
u32 result = 0;
Debug("Dumping System NAND Partition. Size (MB): %u", size / (1024 * 1024));
Debug("Filename: %s", filename);
if (ctrStart == NULL)
return 1;
info.keyslot = keyslot;
info.setKeyY = 0;
info.size = SECTORS_PER_READ * NAND_SECTOR_SIZE;
info.buffer = buffer;
for (u32 i = 0; i < 16; i++) {
info.CTR[i] = *(ctrStart + (0xF - i)); // The CTR is stored backwards in memory.
}
add_ctr(info.CTR, offset / 0x10);
if (!DebugFileCreate(filename, true))
return 1;
u32 n_sectors = size / NAND_SECTOR_SIZE;
u32 start_sector = offset / NAND_SECTOR_SIZE;
for (u32 i = 0; i < n_sectors; i += SECTORS_PER_READ) {
ShowProgress(i, n_sectors);
sdmmc_nand_readsectors(start_sector + i, SECTORS_PER_READ, buffer);
DecryptBuffer(&info);
if (!DebugFileWrite(buffer, NAND_SECTOR_SIZE * SECTORS_PER_READ, i * NAND_SECTOR_SIZE)) {
result = 1;
break;
}
}
ShowProgress(0, 0);
FileClose();
return result;
}
u32 NcchPadgen()
{
u32 result;
NcchInfo *info = (NcchInfo*)0x20316000;
SeedInfo *seedinfo = (SeedInfo*)0x20400000;
if (DebugFileOpen("/slot0x25KeyX.bin")) {
u8 slot0x25KeyX[16] = {0};
if (!DebugFileRead(&slot0x25KeyX, 16, 0)) {
FileClose();
return 1;
}
FileClose();
setup_aeskeyX(0x25, slot0x25KeyX);
} else {
Debug("7.x game decryption will fail on less than 7.x!");
}
if (DebugFileOpen("/seeddb.bin")) {
if (!DebugFileRead(seedinfo, 16, 0)) {
FileClose();
return 1;
}
if (!seedinfo->n_entries || seedinfo->n_entries > MAX_ENTRIES) {
Debug("Too many/few seeddb entries.");
return 1;
}
if (!DebugFileRead(seedinfo->entries, seedinfo->n_entries * sizeof(SeedInfoEntry), 16)) {
FileClose();
return 1;
}
FileClose();
} else {
// Debug("Warning, didn't open seeddb.bin");
Debug("9.x seed crypto game decryption will fail!");
}
if (!DebugFileOpen("/ncchinfo.bin"))
return 1;
if (!DebugFileRead(info, 16, 0)) {
FileClose();
return 1;
}
if (!info->n_entries || info->n_entries > MAX_ENTRIES) {
Debug("Too many/few entries in ncchinfo.bin");
return 1;
}
if (info->ncch_info_version != 0xF0000004) {
Debug("Wrong version ncchinfo.bin");
return 1;
}
if (!DebugFileRead(info->entries, info->n_entries * sizeof(NcchInfoEntry), 16)) {
FileClose();
return 1;
}
FileClose();
Debug("Number of entries: %i", info->n_entries);
for(u32 i = 0; i < info->n_entries; i++) {
Debug("Creating pad number: %i. Size (MB): %i", i+1, info->entries[i].size_mb);
PadInfo padInfo = {.setKeyY = 1, .size_mb = info->entries[i].size_mb};
memcpy(padInfo.CTR, info->entries[i].CTR, 16);
memcpy(padInfo.filename, info->entries[i].filename, 112);
if (info->entries[i].uses7xCrypto && info->entries[i].usesSeedCrypto) {
u8 keydata[32];
memcpy(keydata, info->entries[i].keyY, 16);
u32 found_seed = 0;
for (u32 j = 0; j < seedinfo->n_entries; j++) {
if (seedinfo->entries[j].titleId == info->entries[i].titleId) {
found_seed = 1;
memcpy(&keydata[16], seedinfo->entries[j].external_seed, 16);
break;
}
}
if (!found_seed)
{
Debug("Failed to find seed in seeddb.bin");
return 0;
}
u8 sha256sum[32];
sha256_context shactx;
sha256_starts(&shactx);
sha256_update(&shactx, keydata, 32);
sha256_finish(&shactx, sha256sum);
memcpy(padInfo.keyY, sha256sum, 16);
}
else
memcpy(padInfo.keyY, info->entries[i].keyY, 16);
if(info->entries[i].uses7xCrypto == 0xA) // won't work on an Old 3DS
padInfo.keyslot = 0x18;
else if(info->entries[i].uses7xCrypto >> 8 == 0xDEC0DE) // magic value to manually specify keyslot
padInfo.keyslot = info->entries[i].uses7xCrypto & 0x3F;
else if(info->entries[i].uses7xCrypto)
padInfo.keyslot = 0x25;
else
padInfo.keyslot = 0x2C;
Debug("Using keyslot: %02X", padInfo.keyslot);
result = CreatePad(&padInfo);
if (!result)
Debug("Done!");
else
return 1;
}
return 0;
}
u32 NcchPadgen(u32 param)
{
(void) (param); // param is unused here
NcchInfo *info = (NcchInfo*)0x20316000;
SeedInfo *seedinfo = (SeedInfo*)0x20400000;
if (CheckKeySlot(0x25, 'X') != 0) {
Debug("slot0x25KeyX not set up");
Debug("7.x crypto will fail on O3DS < 7.x or A9LH");
}
if ((GetUnitPlatform() == PLATFORM_3DS) && (CheckKeySlot(0x18, 'X') != 0)) {
Debug("slot0x18KeyX not set up");
Debug("Secure3 crypto will fail");
}
if (CheckKeySlot(0x1B, 'X') != 0) {
Debug("slot0x1BKeyX not set up");
Debug("Secure4 crypto will fail");
}
if (DebugFileOpen("seeddb.bin")) {
if (!DebugFileRead(seedinfo, 16, 0)) {
FileClose();
return 1;
}
if (!seedinfo->n_entries || seedinfo->n_entries > MAX_ENTRIES) {
FileClose();
Debug("Bad number of seeddb entries");
return 1;
}
if (!DebugFileRead(seedinfo->entries, seedinfo->n_entries * sizeof(SeedInfoEntry), 16)) {
FileClose();
return 1;
}
FileClose();
} else {
Debug("9.x seed crypto will fail");
}
if (!DebugFileOpen("ncchinfo.bin"))
return 1;
if (!DebugFileRead(info, 16, 0)) {
FileClose();
return 1;
}
if (!info->n_entries || info->n_entries > MAX_ENTRIES) {
FileClose();
Debug("Bad number of entries in ncchinfo.bin");
return 1;
}
if (info->ncch_info_version == 0xF0000004) { // ncchinfo v4
if (!DebugFileRead(info->entries, info->n_entries * sizeof(NcchInfoEntry), 16)) {
FileClose();
return 1;
}
} else if (info->ncch_info_version == 0xF0000003) { // ncchinfo v3
// read ncchinfo v3 entry & convert to ncchinfo v4
for (u32 i = 0; i < info->n_entries; i++) {
u8* entry_data = (u8*) (info->entries + i);
if (!DebugFileRead(entry_data, 160, 16 + (160*i))) {
FileClose();
return 1;
}
memmove(entry_data + 56, entry_data + 48, 112);
*(u64*) (entry_data + 48) = 0;
}
} else { // unknown file / ncchinfo version
FileClose();
Debug("Incompatible version ncchinfo.bin");
return 1;
}
FileClose();
Debug("Number of entries: %i", info->n_entries);
for (u32 i = 0; i < info->n_entries; i++) { // check and fix filenames
char* filename = info->entries[i].filename;
if (filename[1] == 0x00) { // convert UTF-16 -> UTF-8
for (u32 j = 1; j < (112 / 2); j++)
filename[j] = filename[j*2];
}
if (memcmp(filename, "sdmc:", 5) == 0) // fix sdmc: prefix
memmove(filename, filename + 5, 112 - 5);
}
for (u32 i = 0; i < info->n_entries; i++) {
PadInfo padInfo = {.setKeyY = 1, .size_mb = info->entries[i].size_mb, .mode = AES_CNT_CTRNAND_MODE};
memcpy(padInfo.ctr, info->entries[i].ctr, 16);
memcpy(padInfo.filename, info->entries[i].filename, 112);
Debug ("%2i: %s (%iMB)", i, info->entries[i].filename, info->entries[i].size_mb);
// workaround to still be able to process old ncchinfo.bin
if ((info->entries[i].ncchFlag7 == 0x01) && info->entries[i].ncchFlag3)
info->entries[i].ncchFlag7 = 0x20; // this combination means seed crypto rather than FixedKey
if (info->entries[i].ncchFlag7 & 0x20) { // seed crypto
u8 keydata[32];
memcpy(keydata, info->entries[i].keyY, 16);
u32 found_seed = 0;
for (u32 j = 0; j < seedinfo->n_entries; j++) {
if (seedinfo->entries[j].titleId == info->entries[i].titleId) {
found_seed = 1;
memcpy(&keydata[16], seedinfo->entries[j].external_seed, 16);
break;
}
}
if (!found_seed) {
Debug("Failed to find seed in seeddb.bin");
return 1;
}
u8 sha256sum[32];
sha_quick(sha256sum, keydata, 32, SHA256_MODE);
memcpy(padInfo.keyY, sha256sum, 16);
} else {
memcpy(padInfo.keyY, info->entries[i].keyY, 16);
}
if (info->entries[i].ncchFlag7 == 0x01) {
u8 zeroKey[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
u8 sysKey[16] = {0x52, 0x7C, 0xE6, 0x30, 0xA9, 0xCA, 0x30, 0x5F, 0x36, 0x96, 0xF3, 0xCD, 0xE9, 0x54, 0x19, 0x4B};
setup_aeskey(0x11, (info->entries[i].titleId & ((u64) 0x10 << 32)) ? sysKey : zeroKey);
padInfo.setKeyY = 0;
padInfo.keyslot = 0x11; // fixedKey crypto
} else if (info->entries[i].ncchFlag3 == 0x0A) {
padInfo.keyslot = 0x18; // Secure3 crypto, needs slot0x18KeyX.bin on O3DS
} else if (info->entries[i].ncchFlag3 == 0x0B) {
padInfo.keyslot = 0x1B; // Secure4 crypto, needs slot0x1BKeyX.bin
} else if(info->entries[i].ncchFlag3 >> 8 == 0xDEC0DE) { // magic value to manually specify keyslot
padInfo.keyslot = info->entries[i].ncchFlag3 & 0x3F;
} else if (info->entries[i].ncchFlag3) {
padInfo.keyslot = 0x25; // 7.x crypto
} else {
padInfo.keyslot = 0x2C; // standard crypto
}
Debug("Using keyslot: %02X", padInfo.keyslot);
if (CreatePad(&padInfo) != 0)
return 1; // this can't fail anyways
}
return 0;
}
u32 SdPadgen(u32 param)
{
(void) (param); // param is unused here
SdInfo *info = (SdInfo*) 0x20316000;
// setup AES key from SD
SetupSdKeyY0x34(false, NULL);
if (!DebugFileOpen("SDinfo.bin"))
return 1;
if (!DebugFileRead(info, 4, 0)) {
FileClose();
return 1;
}
if (!info->n_entries || info->n_entries > MAX_ENTRIES) {
FileClose();
Debug("Bad number of entries!");
return 1;
}
if (!DebugFileRead(info->entries, info->n_entries * sizeof(SdInfoEntry), 4)) {
FileClose();
return 1;
}
FileClose();
Debug("Number of entries: %i", info->n_entries);
for(u32 i = 0; i < info->n_entries; i++) {
PadInfo padInfo = {.keyslot = 0x34, .setKeyY = 0, .size_mb = info->entries[i].size_mb, .mode = AES_CNT_CTRNAND_MODE};
memcpy(padInfo.ctr, info->entries[i].ctr, 16);
memcpy(padInfo.filename, info->entries[i].filename, 180);
Debug ("%2i: %s (%iMB)", i, info->entries[i].filename, info->entries[i].size_mb);
if (CreatePad(&padInfo) != 0)
return 1; // this can't fail anyways
}
return 0;
}
u32 SdPadgenDirect(u32 param)
{
(void) (param); // param is unused here
SdInfo *info = (SdInfo*) 0x20316000;
char basepath[256];
u8 movable_keyY[16];
if (SetupSdKeyY0x34(true, movable_keyY) != 0)
return 1; // movable.sed has to be present in NAND
Debug("");
if (SdFolderSelector(basepath, movable_keyY) != 0)
return 1;
Debug("");
if (SdInfoGen(info, basepath) != 0)
return 1;
if (!info->n_entries) {
Debug("Nothing found in folder");
return 1;
}
Debug("Number of entries: %i", info->n_entries);
for(u32 i = 0; i < info->n_entries; i++) {
PadInfo padInfo = {.keyslot = 0x34, .setKeyY = 0, .size_mb = info->entries[i].size_mb, .mode = AES_CNT_CTRNAND_MODE};
memcpy(padInfo.ctr, info->entries[i].ctr, 16);
memcpy(padInfo.filename, info->entries[i].filename, 180);
Debug ("%2i: %s (%iMB)", i, info->entries[i].filename, info->entries[i].size_mb);
if (CreatePad(&padInfo) != 0)
return 1; // this can't fail anyways
}
return 0;
}
u32 AnyPadgen(u32 param)
{
(void) (param); // param is unused here
AnyPadInfo *info = (AnyPadInfo*) 0x20316000;
// get header
if ((FileGetData("anypad.bin", info, 16, 0) != 16) || !info->n_entries || info->n_entries > MAX_ENTRIES) {
Debug("Corrupt or not existing: anypad.bin");
return 1;
}
// get data
u32 data_size = info->n_entries * sizeof(AnyPadInfoEntry);
if (FileGetData("anypad.bin", (u8*) info + 16, data_size, 16) != data_size) {
Debug("File is missing data: anypad.bin");
return 1;
}
Debug("Processing anypad.bin...");
Debug("Number of entries: %i", info->n_entries);
for (u32 i = 0; i < info->n_entries; i++) { // this translates all entries to a standard padInfo struct
AnyPadInfoEntry* entry = &(info->entries[i]);
PadInfo padInfo = {.keyslot = entry->keyslot, .setKeyY = 0, .size_mb = 0, .size_b = entry->size_b, .mode = entry->mode};
memcpy(padInfo.filename, entry->filename, 80);
memcpy(padInfo.ctr, entry->ctr, 16);
// process keys
if (entry->setNormalKey)
setup_aeskey(entry->keyslot, entry->normalKey);
if (entry->setKeyX)
setup_aeskeyX(entry->keyslot, entry->keyX);
if (entry->setKeyY)
setup_aeskeyY(entry->keyslot, entry->keyY);
use_aeskey(entry->keyslot);
// process flags
if (entry->flags & (AP_USE_NAND_CTR|AP_USE_SD_CTR)) {
u32 ctr_add = getbe32(padInfo.ctr + 12);
u8 shasum[32];
u8 cid[16];
sdmmc_get_cid((entry->flags & AP_USE_NAND_CTR) ? 1 : 0, (uint32_t*) cid);
if (entry->mode == AES_CNT_TWLNAND_MODE) {
sha_quick(shasum, cid, 16, SHA1_MODE);
for (u32 i = 0; i < 16; i++)
padInfo.ctr[i] = shasum[15-i];
} else {
sha_quick(shasum, cid, 16, SHA256_MODE);
memcpy(padInfo.ctr, shasum, 16);
}
add_ctr(padInfo.ctr, ctr_add);
}
// create the pad
Debug ("%2i: %s (%ikB)", i, entry->filename, entry->size_b / 1024);
if (CreatePad(&padInfo) != 0)
return 1; // this can't fail anyways
}
return 0;
}
u32 CtrNandPadgen(u32 param)
{
char* filename = (param & PG_FORCESLOT4) ? "nand.fat16.slot0x04.xorpad" : "nand.fat16.xorpad";
u32 keyslot;
u32 nand_size;
// legacy sizes & offset, to work with Python 3DSFAT16Tool
if (GetUnitPlatform() == PLATFORM_3DS) {
if (param & PG_FORCESLOT4) {
Debug("This is a N3DS only feature");
return 1;
}
keyslot = 0x4;
nand_size = 758;
} else {
keyslot = (param & PG_FORCESLOT4) ? 0x4 : 0x5;
nand_size = 1055;
}
Debug("Creating NAND FAT16 xorpad. Size (MB): %u", nand_size);
Debug("Filename: %s", filename);
PadInfo padInfo = {
.keyslot = keyslot,
.setKeyY = 0,
.size_mb = nand_size,
.mode = AES_CNT_CTRNAND_MODE
};
strncpy(padInfo.filename, filename, 64);
if(GetNandCtr(padInfo.ctr, 0xB930000) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 TwlNandPadgen(u32 param)
{
(void) (param); // param is unused here
PartitionInfo* twln_info = GetPartitionInfo(P_TWLN);
u32 size_mb = (twln_info->size + (1024 * 1024) - 1) / (1024 * 1024);
Debug("Creating TWLN FAT16 xorpad. Size (MB): %u", size_mb);
Debug("Filename: twlnand.fat16.xorpad");
PadInfo padInfo = {
.keyslot = twln_info->keyslot,
.setKeyY = 0,
.size_mb = size_mb,
.filename = "twlnand.fat16.xorpad",
.mode = AES_CNT_TWLNAND_MODE
};
if(GetNandCtr(padInfo.ctr, twln_info->offset) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 Firm0Firm1Padgen(u32 param)
{
(void) (param); // param is unused here
PartitionInfo* firm0_info = GetPartitionInfo(P_FIRM0);
PartitionInfo* firm1_info = GetPartitionInfo(P_FIRM1);
u32 size_mb = (firm0_info->size + firm1_info->size + (1024 * 1024) - 1) / (1024 * 1024);
Debug("Creating FIRM0FIRM1 xorpad. Size (MB): %u", size_mb);
Debug("Filename: firm0firm1.xorpad");
PadInfo padInfo = {
.keyslot = firm0_info->keyslot,
.setKeyY = 0,
.size_mb = size_mb,
.filename = "firm0firm1.xorpad",
.mode = AES_CNT_CTRNAND_MODE
};
if(GetNandCtr(padInfo.ctr, firm0_info->offset) != 0)
return 1;
return CreatePad(&padInfo);
}
u32 UpdateSeedDb(u32 param)
{
(void) (param); // param is unused here
PartitionInfo* ctrnand_info = GetPartitionInfo(P_CTRNAND);
u8* buffer = BUFFER_ADDRESS;
SeedInfo *seedinfo = (SeedInfo*) 0x20400000;
u32 nNewSeeds = 0;
u32 offset;
u32 size;
// load full seedsave to memory
Debug("Searching for seedsave...");
if (SeekFileInNand(&offset, &size, "DATA ???????????SYSDATA 0001000F 00000000 ", ctrnand_info) != 0) {
Debug("Failed!");
return 1;
}
Debug("Found at %08X, size %ukB", offset, size / 1024);
if (size != 0xAC000) {
Debug("Expected %ukB, failed!", 0xAC000);
return 1;
}
if (DecryptNandToMem(buffer, offset, size, ctrnand_info) != 0)
return 1;
// load / create seeddb.bin
if (DebugFileOpen("seeddb.bin")) {
if (!DebugFileRead(seedinfo, 16, 0)) {
FileClose();
return 1;
}
if (seedinfo->n_entries > MAX_ENTRIES) {
Debug("seeddb.bin seems to be corrupt!");
FileClose();
return 1;
}
if (!DebugFileRead(seedinfo->entries, seedinfo->n_entries * sizeof(SeedInfoEntry), 16)) {
FileClose();
return 1;
}
} else {
if (!DebugFileCreate("seeddb.bin", true))
return 1;
memset(seedinfo, 0x00, 16);
DebugFileWrite(seedinfo, 16, 0);
}
// search and extract seeds
for ( int n = 0; n < 2; n++ ) {
// there are two offsets where seeds can be found - 0x07000 & 0x5C000
static const int seed_offsets[2] = {0x7000, 0x5C000};
unsigned char* seed_data = buffer + seed_offsets[n];
for ( size_t i = 0; i < 2000; i++ ) {
static const u8 zeroes[16] = { 0x00 };
// magic number is the reversed first 4 byte of a title id
static const u8 magic[4] = { 0x00, 0x00, 0x04, 0x00 };
// 2000 seed entries max, splitted into title id and seed area
u8* titleId = seed_data + (i*8);
u8* seed = seed_data + (2000*8) + (i*16);
if (memcmp(titleId + 4, magic, 4) != 0)
continue;
// Bravely Second demo seed workaround
if (memcmp(seed, zeroes, 16) == 0)
seed = buffer + seed_offsets[(n+1)%2] + (2000 * 8) + (i*16);
if (memcmp(seed, zeroes, 16) == 0)
continue;
// seed found, check if it already exists
u32 entryPos = 0;
for (entryPos = 0; entryPos < seedinfo->n_entries; entryPos++)
if (memcmp(titleId, &(seedinfo->entries[entryPos].titleId), 8) == 0)
break;
if (entryPos < seedinfo->n_entries) {
Debug("Found %08X%08X seed (duplicate)", getle32(titleId + 4), getle32(titleId));
continue;
}
// seed is new, create a new entry
Debug("Found %08X%08X seed (new)", getle32(titleId + 4), getle32(titleId));
memset(&(seedinfo->entries[entryPos]), 0x00, sizeof(SeedInfoEntry));
memcpy(&(seedinfo->entries[entryPos].titleId), titleId, 8);
memcpy(&(seedinfo->entries[entryPos].external_seed), seed, 16);
seedinfo->n_entries++;
nNewSeeds++;
}
}
if (nNewSeeds == 0) {
Debug("Found no new seeds, %i total", seedinfo->n_entries);
FileClose();
return 0;
}
Debug("Found %i new seeds, %i total", nNewSeeds, seedinfo->n_entries);
if (!DebugFileWrite(seedinfo, 16 + seedinfo->n_entries * sizeof(SeedInfoEntry), 0))
return 1;
FileClose();
return 0;
}
u32 InjectHealthAndSafety(u32 param)
{
u8* buffer = BUFFER_ADDRESS;
PartitionInfo* ctrnand_info = GetPartitionInfo(P_CTRNAND);
TitleListInfo* health = titleList + ((GetUnitPlatform() == PLATFORM_3DS) ? 3 : 4);
TitleListInfo* health_alt = (GetUnitPlatform() == PLATFORM_N3DS) ? titleList + 3 : NULL;
NcchHeader* ncch = (NcchHeader*) 0x20316000;
char filename[64];
u32 offset_app[4];
u32 size_app[4];
u32 offset_tmd;
u32 size_tmd;
u32 size_hs;
if (!(param & N_NANDWRITE)) // developer screwup protection
return 1;
if ((DebugSeekTitleInNand(&offset_tmd, &size_tmd, offset_app, size_app, health, 4) != 0) && (!health_alt ||
(DebugSeekTitleInNand(&offset_tmd, &size_tmd, offset_app, size_app, health_alt, 4) != 0)))
return 1;
if (size_app[0] > 0x400000) {
Debug("H&S system app is too big!");
return 1;
}
if (DecryptNandToMem((void*) ncch, offset_app[0], 0x200, ctrnand_info) != 0)
return 1;
if (InputFileNameSelector(filename, NULL, "app", ncch->signature, 0x100, 0, false) != 0)
return 1;
if (!DebugFileOpen(filename))
return 1;
size_hs = FileGetSize();
memset(buffer, 0, size_app[0]);
if (size_hs > size_app[0]) {
Debug("H&S inject app is too big!");
return 1;
}
if (!DebugFileRead(buffer, size_hs, 0)) {
FileClose();
return 1;
}
FileClose();
if (!DebugFileCreate("hs.enc", true))
return 1;
if (!DebugFileWrite(buffer, size_app[0], 0)) {
FileClose();
return 1;
}
FileClose();
if (CryptNcch("hs.enc", 0, 0, 0, ncch->flags) != 0)
return 1;
Debug("Injecting H&S app...");
if (EncryptFileToNand("hs.enc", offset_app[0], size_app[0], ctrnand_info) != 0)
return 1;
Debug("Fixing TMD...");
u8* tmd_data = (u8*) 0x20316000;
if (DecryptNandToMem(tmd_data, offset_tmd, size_tmd, ctrnand_info) != 0)
return 1;
tmd_data += (tmd_data[3] == 3) ? 0x240 : (tmd_data[3] == 4) ? 0x140 : 0x80;
u8* content_list = tmd_data + 0xC4 + (64 * 0x24);
u32 cnt_count = getbe16(tmd_data + 0x9E);
if (GetHashFromFile("hs.enc", 0, size_app[0], content_list + 0x10) != 0) {
Debug("Failed!");
return 1;
}
for (u32 i = 0, kc = 0; i < 64 && kc < cnt_count; i++) {
u32 k = getbe16(tmd_data + 0xC4 + (i * 0x24) + 0x02);
u8* chunk_hash = tmd_data + 0xC4 + (i * 0x24) + 0x04;
sha_quick(chunk_hash, content_list + kc * 0x30, k * 0x30, SHA256_MODE);
kc += k;
}
u8* tmd_hash = tmd_data + 0xA4;
sha_quick(tmd_hash, tmd_data + 0xC4, 64 * 0x24, SHA256_MODE);
tmd_data = (u8*) 0x20316000;
if (EncryptMemToNand(tmd_data, offset_tmd, size_tmd, ctrnand_info) != 0)
return 1;
return 0;
}
