1
0
Fork 0
mirror of https://github.com/DarkMatterCore/nxdumptool.git synced 2024-12-28 19:36:03 +00:00
Commit graph

9 commits

Author SHA1 Message Date
Pablo Curiel
fc5226bfce [skip ci] Update copyright year. 2024-04-12 11:49:03 +02:00
Pablo Curiel
54c5677cd0 QoL changes
* codebase: remove all references to Lockpick / Lockpick_RCM.

* keys: retrieve Atmosphère's key generation in keysLoadKeyset().
* keys: replace all "key_gen_val" references with "mkey_index".
* keys: move latest master key checks in keysReadKeysFromFile() to keysDeriveMasterKeys().
* keys: update latest master key checks to determine if nxdumptool's hardcoded master key vectors are outdated, using the key generation value from Atmosphère. If the master key vectors are outdated, and the newer master key(s) are not available, an error will be displayed.

* nxdt_utils: update logic in utilsReplaceIllegalCharacters() to replace consecutive illegal characters with a single underscore.
* nxdt_utils: move servicesGetExosphereApiVersion() to nxdt_utils as utilsGetExosphereApiVersion().
* nxdt_utils: define internal UtilsExosphereApiVersion struct, which is used to parse the output from utilsGetExosphereApiVersion().
* nxdt_utils: add utilsGetAtmosphereVersion(), utilsGetAtmosphereKeyGeneration() and utilsGetAtmosphereTargetFirmware() functions.

* services: remove servicesGetExosphereApiVersion().
* services: Atmosphère version is now retrieved via utilsGetAtmosphereVersion().
2024-04-05 23:25:32 +02:00
Pablo Curiel
9a4b8b573d Update copyright year 2023-04-08 13:42:22 +02:00
Pablo Curiel
f79680184d Runtime key derivation with hardcoded key sources
* aes: add aes128EcbCrypt() as a one-shot function to perform AES-128-ECB crypto. The rest of the codebase now calls this function whenever suitable.

* fs_ext: add const keyword to IPC input structs wherever suitable.

* key_sources: add hardcoded master key vectors (prod, dev); master KEK sources (Erista, Mariko); master key source; ticket common key source; SMC key type sources; SMC seal key masks; AES key generation source; NCA header KEK source; NCA header key source and NCA KAEK sources. Also fixed the hardcoded gamecard CardInfo key source for dev units (it was previously generated using retail keydata, my bad).

* keys: remove keysGetNcaMainSignatureModulus(); remove keysDecryptNcaKeyAreaEntry(); repurpose keyset struct to only hold keys that can actually be used for the current hardware type; remove KeysGameCardKeyset; remove keysIsXXModulusYYMandatory() helpers; remove keysRetrieveKeysFromProgramMemory(); remove keysDeriveSealedNcaKeyAreaEncryptionKeys(); add keysDeriveMasterKeys() and keysDerivePerGenerationKeys(); rename keysDeriveGameCardKeys() -> keysDeriveGcCardInfoKey(); add small reimplementations of GenerateAesKek, LoadAesKey and GenerateAesKey; add keysLoadAesKeyFromAesKek() and keysGenerateAesKeyFromAesKek() wrappers. Furthermore, master key derivation is now carried out manually using hardcoded key sources and the last known master key, which is loaded from the Lockpick_RCM keys file -- if the last known master key is unavailable, the key derivation algorithm will then fallback to TSEC root key / Mariko KEK based key derivation, depending on the hardware type.

* nca: add hardcoded NCA man signature moduli (prod, dev); merge ncaDecryptKeyArea() and ncaEncryptKeyArea() into ncaKeyAreaCrypt().

* nxdt_utils: add utilsIsMarikoUnit(); remove _utilsAppletModeCheck(); rename utilsAppletModeCheck() -> utilsIsAppletMode().

* services: remove spl:mig dependency (yay).

* smc: add SmcKeyType enum; add SmcSealKey enum; add SmcGenerateAesKekOption struct; add smcPrepareGenerateAesKekOption().
2023-04-08 13:38:28 +02:00
Pablo Curiel
2fa61dc228 Update copyright year. 2022-03-17 13:58:40 +01:00
Pablo Curiel
21d1b001ee LAFW shenanigans.
* Added custom key sources to derive CardInfo keys at runtime using SPL.

* Implemented CardInfo area decryption.

* Implemented LAFW blob lookup in FS .data segment to retrieve the current LAFW version.

P.S.: still need to move around code to perform the LAFW version check at the places we need. But the current code is good enough for a test.
2021-05-22 04:45:40 -04:00
Pablo Curiel
f526d4e6f4 Crypto changes.
* Implemented RSA-2048-PSS + SHA256 signature verification.

* Refactored RSA-2048-OAEP decryption steps to use mbedtls function calls.

* Implemented NCA header main signature verification.

* Replaced Björn Samuelsson's CRC32 algorithm with the hardware accelerated CRC32 checksum calculation from libnx (latest commit with support for calculation in blocks).
2021-05-21 09:34:43 -04:00
Pablo Curiel
4c0c7d2c56 Small code refactor.
* Refactored keydata handling.

* Sealed NCA KAEKs are now generated at startup, and NCA key area entries are now decrypted by keysDecryptNcaKeyAreaEntry(), reducing the number of calls to spl functions.

* The eTicket RSA device key is now retrieved and decrypted at startup. RSA-OAEP wrapped titlekeys are now decrypted by keysDecryptRsaOaepWrappedTitleKey().

* Renamed titlekek -> ticket common key throughout the codebase.

* Added NcaKeyAreaEncryptionKeyIndex_Count and NcaKeyGeneration_Max enum values to nca.h.

* Proper usage of strcasecmp() in some functions.

* Moved syscall hint checks from keys.c to mem.c.

* Define illegal FS characters as an array rather than a char pointer.

* Services are now initialized before the CFW type checks.

* Fixed pcv/clkrst service initialization.

* Implemented additional thread safety and logfile output to service functions.

* Slightly tweaked running service checks.

* Added proper Markdown documentation for the USB ABI.
2021-05-11 02:00:33 -04:00
Pablo Curiel
c6c5667bf0 Change project layout + upgrade license to GPLv3. 2021-03-25 15:26:58 -04:00
Renamed from source/keys.h (Browse further)