From 471bc7cc92db0312686dff47c4b75bab40436ce9 Mon Sep 17 00:00:00 2001 From: Jan4V Date: Sun, 19 Jan 2020 09:26:10 +0100 Subject: [PATCH] fusee/exo/sept: fix dev key derivation --- Makefile | 2 ++ exosphere/src/fuse.c | 6 +++-- exosphere/src/masterkey.c | 8 +++--- fusee/fusee-secondary/Makefile | 12 ++++++++- fusee/fusee-secondary/src/masterkey.c | 9 +++---- fusee/fusee-secondary/src/nxboot.c | 38 +++++++++++++++++++++------ sept/sept-secondary/KEYS_template.py | 20 +++++++++++++- sept/sept-secondary/Makefile | 8 +++++- sept/sept-secondary/sept_sign.py | 3 ++- 9 files changed, 83 insertions(+), 23 deletions(-) diff --git a/Makefile b/Makefile index 37c89a2a0..dd03d7f95 100644 --- a/Makefile +++ b/Makefile @@ -73,6 +73,8 @@ dist-no-debug: all cp sept/sept-secondary/sept-secondary.bin atmosphere-$(AMSVER)/sept/sept-secondary.bin cp sept/sept-secondary/sept-secondary_00.enc atmosphere-$(AMSVER)/sept/sept-secondary_00.enc cp sept/sept-secondary/sept-secondary_01.enc atmosphere-$(AMSVER)/sept/sept-secondary_01.enc + cp sept/sept-secondary/sept-secondary_dev_00.enc atmosphere-$(AMSVER)/sept/sept-secondary_dev_00.enc + cp sept/sept-secondary/sept-secondary_dev_01.enc atmosphere-$(AMSVER)/sept/sept-secondary_dev_01.enc cp config_templates/BCT.ini atmosphere-$(AMSVER)/atmosphere/config/BCT.ini cp config_templates/override_config.ini atmosphere-$(AMSVER)/atmosphere/config_templates/override_config.ini cp config_templates/system_settings.ini atmosphere-$(AMSVER)/atmosphere/config_templates/system_settings.ini diff --git a/exosphere/src/fuse.c b/exosphere/src/fuse.c index 77e6e2111..3a05a34cf 100644 --- a/exosphere/src/fuse.c +++ b/exosphere/src/fuse.c @@ -281,8 +281,10 @@ uint32_t fuse_get_expected_fuse_version(uint32_t target_firmware) { if (target_firmware > ATMOSPHERE_TARGET_FIRMWARE_COUNT) { generic_panic(); } - - return expected_versions[target_firmware]; + if (fuse_get_retail_type() != 0) + return expected_versions[target_firmware]; + else + return (target_firmware > ATMOSPHERE_TARGET_FIRMWARE_200) ? 1 : 0; } /* Check for RCM bug patches. */ diff --git a/exosphere/src/masterkey.c b/exosphere/src/masterkey.c index e24b33b42..79888e7a6 100644 --- a/exosphere/src/masterkey.c +++ b/exosphere/src/masterkey.c @@ -42,9 +42,9 @@ static const uint8_t mkey_vectors_dev[MASTERKEY_REVISION_MAX][0x10] = {0x78, 0xD5, 0xF1, 0x20, 0x3D, 0x16, 0xE9, 0x30, 0x32, 0x27, 0x34, 0x6F, 0xCF, 0xE0, 0x27, 0xDC}, /* Master key 04 encrypted with Master key 05. */ {0x6F, 0xD2, 0x84, 0x1D, 0x05, 0xEC, 0x40, 0x94, 0x5F, 0x18, 0xB3, 0x81, 0x09, 0x98, 0x8D, 0x4E}, /* Master key 05 encrypted with Master key 06. */ {0x37, 0xAF, 0xAB, 0x35, 0x79, 0x09, 0xD9, 0x48, 0x29, 0xD2, 0xDB, 0xA5, 0xA5, 0xF5, 0x30, 0x19}, /* Master key 06 encrypted with Master key 07. */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 07 encrypted with Master key 08. */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 08 encrypted with Master key 09. */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 09 encrypted with Master key 0A. */ + {0xEC, 0xE1, 0x46, 0x89, 0x37, 0xFD, 0xD2, 0x15, 0x8C, 0x3F, 0x24, 0x82, 0xEF, 0x49, 0x68, 0x04}, /* Master key 07 encrypted with Master key 08. */ + {0x43, 0x3D, 0xC5, 0x3B, 0xEF, 0x91, 0x02, 0x21, 0x61, 0x54, 0x63, 0x8A, 0x35, 0xE7, 0xCA, 0xEE}, /* Master key 08 encrypted with Master key 09. */ + {0x6C, 0x2E, 0xCD, 0xB3, 0x34, 0x61, 0x77, 0xF5, 0xF9, 0xB1, 0xDD, 0x61, 0x98, 0x19, 0x3E, 0xD4}, /* Master key 09 encrypted with Master key 0A. */ }; /* Retail unit keys. */ @@ -76,7 +76,7 @@ bool check_mkey_revision(unsigned int revision, bool is_retail) { } } - se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, mkey_vectors[0], 0x10); + se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, is_retail ? mkey_vectors[0] : mkey_vectors_dev[0], 0x10); for (unsigned int i = 0; i < 0x10; i++) { if (final_vector[i] != 0) { return false; diff --git a/fusee/fusee-secondary/Makefile b/fusee/fusee-secondary/Makefile index 8681bc3cf..2f6f4e630 100644 --- a/fusee/fusee-secondary/Makefile +++ b/fusee/fusee-secondary/Makefile @@ -100,7 +100,7 @@ KIPFILES := loader.kip pm.kip sm.kip ams_mitm.kip spl.kip boot.kip BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*))) fusee-primary.bin \ exosphere.bin lp0fw.bin rebootstub.bin thermosphere.bin splash_screen.bmp \ sept-primary.bin sept-secondary_00.enc sept-secondary_01.enc emummc.kip \ - kernel_ldr.bin $(KIPFILES) + sept-secondary_dev_00.enc sept-secondary_dev_01.enc kernel_ldr.bin $(KIPFILES) #--------------------------------------------------------------------------------- # use CXX for linking C++ projects, CC for standard C @@ -221,6 +221,16 @@ sept_secondary_01.enc.o sept_secondary_01_enc.h: sept-secondary_01.enc #--------------------------------------------------------------------------------- @echo $(notdir $<) @$(_bin2o) + +sept_secondary_dev_00.enc.o sept_secondary_dev_00_enc.h: sept-secondary_dev_00.enc +#--------------------------------------------------------------------------------- + @echo $(notdir $<) + @$(_bin2o) + +sept_secondary_dev_01.enc.o sept_secondary_dev_01_enc.h: sept-secondary_dev_01.enc +#--------------------------------------------------------------------------------- + @echo $(notdir $<) + @$(_bin2o) %.bin.o %_bin.h: %.bin #--------------------------------------------------------------------------------- diff --git a/fusee/fusee-secondary/src/masterkey.c b/fusee/fusee-secondary/src/masterkey.c index 5cc466763..6eb3a10ea 100644 --- a/fusee/fusee-secondary/src/masterkey.c +++ b/fusee/fusee-secondary/src/masterkey.c @@ -39,10 +39,9 @@ static const uint8_t mkey_vectors_dev[MASTERKEY_REVISION_MAX][0x10] = {0x78, 0xD5, 0xF1, 0x20, 0x3D, 0x16, 0xE9, 0x30, 0x32, 0x27, 0x34, 0x6F, 0xCF, 0xE0, 0x27, 0xDC}, /* Master key 04 encrypted with Master key 05. */ {0x6F, 0xD2, 0x84, 0x1D, 0x05, 0xEC, 0x40, 0x94, 0x5F, 0x18, 0xB3, 0x81, 0x09, 0x98, 0x8D, 0x4E}, /* Master key 05 encrypted with Master key 06. */ {0x37, 0xAF, 0xAB, 0x35, 0x79, 0x09, 0xD9, 0x48, 0x29, 0xD2, 0xDB, 0xA5, 0xA5, 0xF5, 0x30, 0x19}, /* Master key 06 encrypted with Master key 07. */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 07 encrypted with Master key 08. */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 08 encrypted with Master key 09. */ - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 09 encrypted with Master key 0A. */ -}; + {0xEC, 0xE1, 0x46, 0x89, 0x37, 0xFD, 0xD2, 0x15, 0x8C, 0x3F, 0x24, 0x82, 0xEF, 0x49, 0x68, 0x04}, /* Master key 07 encrypted with Master key 08. */ + {0x43, 0x3D, 0xC5, 0x3B, 0xEF, 0x91, 0x02, 0x21, 0x61, 0x54, 0x63, 0x8A, 0x35, 0xE7, 0xCA, 0xEE}, /* Master key 08 encrypted with Master key 09. */ + {0x6C, 0x2E, 0xCD, 0xB3, 0x34, 0x61, 0x77, 0xF5, 0xF9, 0xB1, 0xDD, 0x61, 0x98, 0x19, 0x3E, 0xD4}, /* Master key 09 encrypted with Master key 0A. */ }; /* Retail unit keys. */ static const uint8_t mkey_vectors[MASTERKEY_REVISION_MAX][0x10] = @@ -73,7 +72,7 @@ static bool check_mkey_revision(unsigned int revision, bool is_retail) { } } - se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, mkey_vectors[0], 0x10); + se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, is_retail ? mkey_vectors[0] : mkey_vectors_dev[0], 0x10); for (unsigned int i = 0; i < 0x10; i++) { if (final_vector[i] != 0) { return false; diff --git a/fusee/fusee-secondary/src/nxboot.c b/fusee/fusee-secondary/src/nxboot.c index 201f2ceeb..cbae0a30e 100644 --- a/fusee/fusee-secondary/src/nxboot.c +++ b/fusee/fusee-secondary/src/nxboot.c @@ -56,6 +56,8 @@ #include "exosphere_bin.h" #include "sept_secondary_00_enc.h" #include "sept_secondary_01_enc.h" +#include "sept_secondary_dev_00_enc.h" +#include "sept_secondary_dev_01_enc.h" #include "lp0fw_bin.h" #include "emummc_kip.h" #undef u8 @@ -607,11 +609,21 @@ uint32_t nxboot_main(void) { } if (tsec_fw_size == 0x3000) { - sept_secondary_enc = sept_secondary_00_enc; - sept_secondary_enc_size = sept_secondary_00_enc_size; + if (fuse_get_retail_type() != 0) { + sept_secondary_enc = sept_secondary_00_enc; + sept_secondary_enc_size = sept_secondary_00_enc_size; + } else { + sept_secondary_enc = sept_secondary_dev_00_enc; + sept_secondary_enc_size = sept_secondary_dev_00_enc_size; + } } else if (tsec_fw_size == 0x3300) { - sept_secondary_enc = sept_secondary_01_enc; - sept_secondary_enc_size = sept_secondary_01_enc_size; + if (fuse_get_retail_type() != 0) { + sept_secondary_enc = sept_secondary_01_enc; + sept_secondary_enc_size = sept_secondary_01_enc_size; + } else { + sept_secondary_enc = sept_secondary_dev_01_enc; + sept_secondary_enc_size = sept_secondary_dev_01_enc_size; + } } else { fatal_error("[NXBOOT] Unable to identify sept revision to run."); } @@ -620,12 +632,22 @@ uint32_t nxboot_main(void) { fatal_error("[NXBOOT] Failed to read the TSEC firmware from Package1loader!\n"); } if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_810) { - sept_secondary_enc = sept_secondary_01_enc; - sept_secondary_enc_size = sept_secondary_01_enc_size; + if (fuse_get_retail_type() != 0) { + sept_secondary_enc = sept_secondary_01_enc; + sept_secondary_enc_size = sept_secondary_01_enc_size; + } else { + sept_secondary_enc = sept_secondary_dev_01_enc; + sept_secondary_enc_size = sept_secondary_dev_01_enc_size; + } tsec_fw_size = 0x3300; } else if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_700) { - sept_secondary_enc = sept_secondary_00_enc; - sept_secondary_enc_size = sept_secondary_00_enc_size; + if (fuse_get_retail_type() != 0) { + sept_secondary_enc = sept_secondary_00_enc; + sept_secondary_enc_size = sept_secondary_00_enc_size; + } else { + sept_secondary_enc = sept_secondary_dev_00_enc; + sept_secondary_enc_size = sept_secondary_dev_00_enc_size; + } tsec_fw_size = 0x3000; } else if (target_firmware == ATMOSPHERE_TARGET_FIRMWARE_620) { tsec_fw_size = 0x2900; diff --git a/sept/sept-secondary/KEYS_template.py b/sept/sept-secondary/KEYS_template.py index dd3bb7b91..bb605e6ef 100644 --- a/sept/sept-secondary/KEYS_template.py +++ b/sept/sept-secondary/KEYS_template.py @@ -10,11 +10,29 @@ HOVI_SIG_KEY_PRD = [ bytearray.fromhex('00000000000000000000000000000000'), ] +HOVI_ENC_KEY_DEV = [ + bytearray.fromhex('00000000000000000000000000000000'), + bytearray.fromhex('00000000000000000000000000000000'), +] + +HOVI_SIG_KEY_DEV = [ + bytearray.fromhex('00000000000000000000000000000000'), + bytearray.fromhex('00000000000000000000000000000000'), +] + IV = [ bytearray.fromhex('00000000000000000000000000000000'), bytearray.fromhex('00000000000000000000000000000000'), ] +IV_DEV = [ + bytearray.fromhex('00000000000000000000000000000000'), + bytearray.fromhex('00000000000000000000000000000000'), +] + assert len(HOVI_ENC_KEY_PRD) == NUM_KEYS assert len(HOVI_SIG_KEY_PRD) == NUM_KEYS -assert len(IV) == NUM_KEYS \ No newline at end of file +assert len(HOVI_ENC_KEY_DEV) == NUM_KEYS +assert len(HOVI_SIG_KEY_DEV) == NUM_KEYS +assert len(IV) == NUM_KEYS +assert len(IV_DEV) == NUM_KEYS \ No newline at end of file diff --git a/sept/sept-secondary/Makefile b/sept/sept-secondary/Makefile index 2bd0362f9..30a2d08a2 100644 --- a/sept/sept-secondary/Makefile +++ b/sept/sept-secondary/Makefile @@ -131,6 +131,8 @@ else @touch $(TOPDIR)/$(TARGET).bin @cp $(SEPT_00_ENC_PATH) $(TOPDIR)/$(TARGET)_00.enc @cp $(SEPT_01_ENC_PATH) $(TOPDIR)/$(TARGET)_01.enc + @cp $(SEPT_DEV_00_ENC_PATH) $(TOPDIR)/$(TARGET)_dev_00.enc + @cp $(SEPT_DEV_01_ENC_PATH) $(TOPDIR)/$(TARGET)_dev_01.enc endif #--------------------------------------------------------------------------------- @@ -150,7 +152,11 @@ DEPENDS := $(OFILES:.o=.d) #--------------------------------------------------------------------------------- # main targets #--------------------------------------------------------------------------------- -all : $(OUTPUT)_01.enc +all : $(OUTPUT)_dev_01.enc + +$(OUTPUT)_dev_01.enc : $(OUTPUT)_dev_00.enc + +$(OUTPUT)_dev_00.enc : $(OUTPUT)_01.enc $(OUTPUT)_01.enc : $(OUTPUT)_00.enc diff --git a/sept/sept-secondary/sept_sign.py b/sept/sept-secondary/sept_sign.py index a5ca66a36..428ee8b68 100644 --- a/sept/sept-secondary/sept_sign.py +++ b/sept/sept-secondary/sept_sign.py @@ -71,11 +71,12 @@ def main(argc, argv): code = f.read() if len(code) & 0xF: code = code + bytearray(0x10 - (len(code) & 0xF)) - # TODO: Support dev unit crypto fn, fext = os.path.splitext(argv[2]) for key in range(KEYS.NUM_KEYS): with open(fn + ('_%02X' % key) + fext, 'wb') as f: f.write(sign_encrypt_code(code, KEYS.HOVI_SIG_KEY_PRD[key], KEYS.HOVI_ENC_KEY_PRD[key], KEYS.IV[key], b'THANKS_NVIDIA_<3', key)) + with open(fn + ('_dev_%02X' % key) + fext, 'wb') as f: + f.write(sign_encrypt_code(code, KEYS.HOVI_SIG_KEY_DEV[key], KEYS.HOVI_ENC_KEY_DEV[key], KEYS.IV_DEV[key], b'THANKS_NVIDIA_<3', key)) return 0