From 8c9ac3713f8e3d526ae00a9eb23268d6495bd16e Mon Sep 17 00:00:00 2001 From: jimzrt Date: Thu, 26 Sep 2019 08:56:27 +0200 Subject: [PATCH] encrypting not working yet (tweak magic) --- source/keys/keys.c | 78 ++++++++++++++++++++++++++++---------- source/libs/fatfs/diskio.c | 7 ++-- source/sec/se.c | 17 +++++++++ 3 files changed, 78 insertions(+), 24 deletions(-) diff --git a/source/keys/keys.c b/source/keys/keys.c index 25e7fd7..2285a2d 100644 --- a/source/keys/keys.c +++ b/source/keys/keys.c @@ -378,43 +378,67 @@ void dump_keys() { se_aes_key_set(9, bis_key[0] + 0x10, 0x10); //u32 length = 0x18; - u8 buffer[0x18];// = (u8 *)malloc(length); - readData(buffer, 0x250, sizeof(buffer)); - + // u8* buffer = (u8 *)malloc(NX_EMMC_BLOCKSIZE); + // readData(buffer, 0, NX_EMMC_BLOCKSIZE); + // gfx_hexdump(0, buffer, 0x08); + + // readData(buffer, NX_EMMC_BLOCKSIZE, NX_EMMC_BLOCKSIZE); + // gfx_hexdump(0, buffer, 100); + + + // free(buffer); // const char junkSerial[] = "XAJ40030770863"; // gfx_hexdump(0, (u8 *)junkSerial, strlen(junkSerial)); // writeData((u8 *)junkSerial, 0x250, strlen(junkSerial)); - gfx_hexdump(0, buffer, sizeof(buffer)); + // gfx_hexdump(0, buffer, sizeof(buffer)); //free(buffer); // restore(); // verify(); - u8 *tmp = (u8 *)malloc(NX_EMMC_BLOCKSIZE); - u8 *tmp_dec = (u8 *)malloc(NX_EMMC_BLOCKSIZE); - nx_emmc_part_read(&storage, prodinfo_part, 0, 1, tmp); + u8 *tmp = (u8 *)malloc(NX_EMMC_BLOCKSIZE); + u8 *tmp_dec = (u8 *)malloc(NX_EMMC_BLOCKSIZE); + nx_emmc_part_read(&storage, prodinfo_part, 1, 1, tmp); - aes_xts_ctxt_t context; - aes_xts_init(&context, AES_DECRYPT, bis_key[0], bis_key[0] + 0x10, 128); - aes_xts_crypt(&context, 0, NX_EMMC_BLOCKSIZE, tmp, tmp_dec); + gfx_hexdump(0, tmp, 0x100); + // aes_xts_ctxt_t context; + // aes_xts_init(&context, AES_DECRYPT, bis_key[0], bis_key[0] + 0x10, 128); + // // aes_xts_crypt(&context, 0, NX_EMMC_BLOCKSIZE, tmp, tmp_dec); - gfx_hexdump(0, tmp_dec, 0x10); + // // gfx_hexdump(0, tmp_dec, 0x100); - aes_xts_crypt(&context, prodinfo_part->lba_start, NX_EMMC_BLOCKSIZE, tmp, tmp_dec); + // aes_xts_crypt(&context, 1, NX_EMMC_BLOCKSIZE, tmp, tmp_dec); - gfx_hexdump(0, tmp_dec, 0x10); + // gfx_hexdump(0, tmp_dec, 0x100); - se_aes_xts_crypt_sec(9, 8, 0, 0, tmp_dec, tmp, NX_EMMC_BLOCKSIZE); + disk_read_prod(tmp_dec, 1, 1); + //readData(tmp_dec, NX_EMMC_BLOCKSIZE, NX_EMMC_BLOCKSIZE); - gfx_hexdump(0, tmp_dec, 0x10); + gfx_hexdump(0, tmp_dec, 0x100); - se_aes_xts_crypt_sec(9, 8, 0, prodinfo_part->lba_start, tmp_dec, tmp, NX_EMMC_BLOCKSIZE); + //disk_write_prod(tmp_dec, 1, 1); + //gfx_hexdump(0, tmp_dec, 0x100); - gfx_hexdump(0, tmp_dec, 0x10); + se_aes_xts_crypt_sec(9, 8, 1, 1, tmp, tmp_dec, NX_EMMC_BLOCKSIZE); + gfx_hexdump(0, tmp, 0x100); + + + + + // se_aes_xts_crypt_sec(9, 8, 1, 0, tmp, tmp_dec, NX_EMMC_BLOCKSIZE); + + // se_aes_xts_crypt_sec(9, 8, 0, 0, tmp_dec, tmp, NX_EMMC_BLOCKSIZE); + + // gfx_hexdump(0, tmp_dec, 0x10); + + + + free(tmp); + free(tmp_dec); // writeClientCertHash(); @@ -644,10 +668,11 @@ static inline u32 _read_le_u32(const void *buffer, u32 offset) { bool readData(u8 *buffer, u32 offset, u32 length) { - u32 sector = (offset / NX_EMMC_BLOCKSIZE); - u32 newOffset = (offset % NX_EMMC_BLOCKSIZE); - u8 sectorCount = ((newOffset + length - 1) / (NX_EMMC_BLOCKSIZE)) + 1; + u32 sector = (offset / NX_EMMC_BLOCKSIZE); // 1 + u32 newOffset = (offset % NX_EMMC_BLOCKSIZE); // 80 + + u32 sectorCount = ((newOffset + length - 1) / (NX_EMMC_BLOCKSIZE)) + 1; // 1 // if(length + newOffset > NX_EMMC_BLOCKSIZE * 2){ // EPRINTF("TOO BIG!!"); @@ -656,6 +681,15 @@ bool readData(u8 *buffer, u32 offset, u32 length) //bool needMultipleSectors = newOffset + length > NX_EMMC_BLOCKSIZE; u8 *tmp = (u8 *)malloc(sectorCount * NX_EMMC_BLOCKSIZE); + + // nx_emmc_part_read(&storage, prodinfo_part, sector, sectorCount, tmp); + + // se_aes_xts_crypt(9, 8, 0, sector, tmp, tmp, NX_EMMC_BLOCKSIZE, sectorCount); + + // memcpy(buffer, tmp + newOffset, length); + + + disk_read_prod(tmp, sector, sectorCount); // if (!needMultipleSectors) @@ -691,6 +725,10 @@ bool writeData(u8 *buffer, u32 offset, u32 length) //bool needMultipleSectors = newOffset + length > NX_EMMC_BLOCKSIZE; u8 *tmp = (u8 *)malloc(sectorCount * NX_EMMC_BLOCKSIZE); + + + + disk_read_prod(tmp, sector, sectorCount); // if (!needMultipleSectors) diff --git a/source/libs/fatfs/diskio.c b/source/libs/fatfs/diskio.c index 1941db6..892e921 100644 --- a/source/libs/fatfs/diskio.c +++ b/source/libs/fatfs/diskio.c @@ -182,7 +182,7 @@ DRESULT disk_write_prod ( u32 tweak_exp = 0; bool regen_tweak = true; - + if (prev_cluster != sector / 0x20) { // sector in different cluster than last read @@ -196,13 +196,12 @@ DRESULT disk_write_prod ( } // fatfs will never pull more than a cluster - _emmc_xts(9, 8, 1, tweak, regen_tweak, tweak_exp, prev_cluster, buff, buff, count * 0x200); - nx_emmc_part_write(&storage, prodinfo_part, sector, count, buff); + _emmc_xts(9, 8, 0, tweak, regen_tweak, tweak_exp, prev_cluster, buff, buff, count * 0x200); + prev_sector = sector + count - 1; return RES_OK; - // return RES_ERROR; } diff --git a/source/sec/se.c b/source/sec/se.c index 6070400..48812f3 100644 --- a/source/sec/se.c +++ b/source/sec/se.c @@ -277,6 +277,10 @@ int se_aes_xts_crypt_sec(u32 ks1, u32 ks2, u32 enc, u64 sec, void *dst, const vo if (!se_aes_crypt_block_ecb(ks1, 1, tweak, tweak)) goto out; + + u8 temptweak[0x10]; + memcpy(temptweak, tweak, 0x10); + //We are assuming a 0x10-aligned sector size in this implementation. for (u32 i = 0; i < secsize / 0x10; i++) { @@ -291,6 +295,19 @@ int se_aes_xts_crypt_sec(u32 ks1, u32 ks2, u32 enc, u64 sec, void *dst, const vo pdst += 0x10; } + + se_aes_crypt_ecb(ks2, enc, dst, secsize, src, secsize); + + pdst = (u8 *)dst; + + memcpy(tweak, temptweak, 0x10); + for (u32 i = 0; i < secsize / 0x10; i++) { + for (u32 j = 0; j < 0x10; j++) + pdst[j] = pdst[j] ^ tweak[j]; + _gf256_mul_x_le(tweak); + pdst += 0x10; + } + res = 1; out:;