Hacker voice: *i'm in* (to the emmc)

2024-11-08 13:11:54 +00:00 · 2020-12-26 23:41:25 +01:00 · 2020-12-26 23:41:25 +01:00 · 831adc0080
commit 831adc0080
parent 07540b4651
8 changed files with 116 additions and 17 deletions
--- a/source/err.c
+++ b/source/err.c
@ -25,6 +25,7 @@ const char *TEErrors[] = {
    [TE_EXCEPTION_DATA_ABORT - 1] = "E Data abort",
    [TE_ERR_SAME_LOC - 1] = "Same copy location",
    [TE_ERR_KEYDUMP_FAIL - 1] = "Keydump failed",
+    [TE_ERR_PARTITION_NOT_FOUND - 1] = "Failed to find partition"
 };

 const char *GetErrStr(u32 err){
--- a/source/err.h
+++ b/source/err.h
@ -14,7 +14,8 @@ enum {
    TE_EXCEPTION_PREF_ABORT,
    TE_EXCEPTION_DATA_ABORT,
    TE_ERR_SAME_LOC,
-    TE_ERR_KEYDUMP_FAIL
+    TE_ERR_KEYDUMP_FAIL,
+    TE_ERR_PARTITION_NOT_FOUND,
 };

 #define newErrCode(err) (ErrCode_t) {err, __LINE__, __FILE__}
--- a/source/keys/keys.c
+++ b/source/keys/keys.c
@ -28,6 +28,7 @@
 #include <utils/util.h>
 #include "../gfx/gfx.h"
 #include "../tegraexplorer/tconf.h"
+#include "../storage/mountmanager.h"

 #include "key_sources.inl"

@ -213,12 +214,16 @@ static bool _derive_tsec_keys(tsec_ctxt_t *tsec_ctxt, u32 kb, key_derivation_ctx
    return true;
 }

-static ALWAYS_INLINE u8 *_read_pkg1(sdmmc_t *sdmmc, const pkg1_id_t **pkg1_id) {
+static ALWAYS_INLINE u8 *_read_pkg1(const pkg1_id_t **pkg1_id) {

-    if (emummc_storage_init_mmc(&emmc_storage, sdmmc)) {
+    /*
+    if (emummc_storage_init_mmc(&emmc_storage, &emmc_sdmmc)) {
        DPRINTF("Unable to init MMC.");
        return NULL;
    }
+    */
+    if (connectMMC(MMC_CONN_EMMC))
+        return NULL;

    // Read package1.
    u8 *pkg1 = (u8 *)malloc(PKG1_MAX_SIZE);
@ -248,14 +253,15 @@ int DumpKeys(){
    if (h_cfg.t210b01) // i'm not even attempting to dump on mariko
        return 2;

-    sdmmc_t sdmmc;
-
    const pkg1_id_t *pkg1_id;
-    u8 *pkg1 = _read_pkg1(&sdmmc, &pkg1_id);
+    u8 *pkg1 = _read_pkg1(&pkg1_id);
    if (!pkg1) {
        return 1;
    }

+    TConf.pkg1ID = pkg1_id->id;
+    TConf.pkg1ver = (u8)pkg1_id->kb;
+
    bool res = true;

    tsec_ctxt_t tsec_ctxt;
@ -271,13 +277,13 @@ int DumpKeys(){
        return 1;
    _derive_bis_keys(&dumpedKeys);
    _derive_misc_keys(&dumpedKeys);
+    
+
    return 0;
 }

 void PrintKey(u8 *key, u32 len){
-    //gfx_con.fntsz = 8;
    for (int i = 0; i < len; i++){
        gfx_printf("%02x", key[i]);
    }
-    gfx_con.fntsz = 16;
 }
--- a/source/main.c
+++ b/source/main.c
@ -51,6 +51,7 @@
 #include <soc/pmc.h>
 #include "keys/keys.h"
 #include "keys/keyfile.h"
+#include "storage/mountmanager.h"


 hekate_config h_cfg;
@ -297,6 +298,9 @@ void ipl_main()
 	if (res > 0)
 		DrawError(newErrCode(TE_ERR_KEYDUMP_FAIL));
 	
+	if (TConf.keysDumped)
+		SetKeySlots();
+	
 	if (res == 0)
 		hidWait();
 	EnterMainMenu();
--- a/source/storage/mountmanager.c
+++ b/source/storage/mountmanager.c
@ -0,0 +1,58 @@
+#include "mountmanager.h"
+#include "emummc.h"
+#include "../tegraexplorer/tconf.h"
+#include "nx_emmc.h"
+#include "../keys/keys.h"
+#include <sec/se.h>
+#include <libs/fatfs/ff.h>
+#include "nx_emmc_bis.h"
+
+void SetKeySlots(){
+    if (TConf.keysDumped){
+        se_aes_key_set(0, dumpedKeys.bis_key[0], AES_128_KEY_SIZE);
+        se_aes_key_set(1, dumpedKeys.bis_key[0] + AES_128_KEY_SIZE, AES_128_KEY_SIZE);
+        se_aes_key_set(2, dumpedKeys.bis_key[1], AES_128_KEY_SIZE);
+        se_aes_key_set(3, dumpedKeys.bis_key[1] + AES_128_KEY_SIZE, AES_128_KEY_SIZE);
+        se_aes_key_set(4, dumpedKeys.bis_key[2], AES_128_KEY_SIZE);
+        se_aes_key_set(5, dumpedKeys.bis_key[2] + AES_128_KEY_SIZE, AES_128_KEY_SIZE);
+    }
+}
+
+void disconnectMMC(){
+    if (TConf.connectedMMCMounted)
+        f_unmount("bis:");
+    TConf.connectedMMCMounted = 0;
+    emummc_storage_end(&emmc_storage);
+}
+
+int connectMMC(u8 mmcType){
+    if (mmcType == TConf.currentMMCConnected)
+        return 0;
+
+    //disconnectMMC();
+    emu_cfg.enabled = (mmcType == MMC_CONN_EMMC) ? 0 : 1;
+    int res = emummc_storage_init_mmc(&emmc_storage, &emmc_sdmmc);
+    if (!res)
+        TConf.currentMMCConnected = mmcType;
+        
+    return res; // deal with the errors later lol
+}
+
+ErrCode_t mountMMCPart(const char *partition){
+    emummc_storage_set_mmc_partition(&emmc_storage, 0);
+    LIST_INIT(curGpt);
+    nx_emmc_gpt_parse(&curGpt, &emmc_storage);
+    emmc_part_t *system_part = nx_emmc_part_find(&curGpt, partition);
+    if (!system_part)
+        return newErrCode(TE_ERR_PARTITION_NOT_FOUND);
+    
+    nx_emmc_bis_init(system_part);
+
+    int res = 0;
+    if ((res = f_mount(&emmc_fs, "bis:", 1)))
+        return newErrCode(res);
+
+    nx_emmc_gpt_free(&curGpt);
+    TConf.connectedMMCMounted = 1;
+    return newErrCode(0);
+}
--- a/source/storage/mountmanager.h
+++ b/source/storage/mountmanager.h
@ -0,0 +1,13 @@
+#pragma once
+#include <utils/types.h>
+#include "../err.h"
+
+enum {
+    MMC_CONN_None = 0,
+    MMC_CONN_EMMC,
+    MMC_CONN_EMUMMC
+};
+
+int connectMMC(u8 mmcType);
+ErrCode_t mountMMCPart(const char *partition);
+void SetKeySlots();
--- a/source/tegraexplorer/mainmenu.c
+++ b/source/tegraexplorer/mainmenu.c
@ -9,10 +9,12 @@
 #include <storage/nx_sd.h>
 #include "tconf.h"
 #include "../keys/keys.h"
+#include "../storage/mountmanager.h"

 MenuEntry_t mainMenuEntries[] = {
    {.R = 255, .G = 255, .B = 255, .skip = 1, .name = "-- Main Menu --"},
    {.G = 255, .name = "SD:/"},
+    {.optionUnion = COLORTORGB(COLOR_YELLOW), .name = "emmc:/SYSTEM"},
    {.B = 255, .G = 255, .name = "Test Controllers"},
    {.R = 255, .name = "Cause an exception"},
    {.optionUnion = COLORTORGB(COLOR_ORANGE), .name = "View dumped keys"},
@ -30,6 +32,19 @@ void HandleSD(){
        FileExplorer("sd:/");
 }

+void HandleEMMC(){
+    if (connectMMC(MMC_CONN_EMMC))
+        return;
+    
+    ErrCode_t err = mountMMCPart("SYSTEM");
+    if (err.err){
+        DrawError(err);
+        return;
+    }
+    
+    FileExplorer("bis:/");
+}
+
 void CrashTE(){
    gfx_printf("%d", *((int*)0));
 }
@ -48,12 +63,15 @@ void ViewKeys(){
    gfx_printf("\nSave mac key: ");
    PrintKey(dumpedKeys.save_mac_key, AES_128_KEY_SIZE);

+    gfx_printf("\n\nPkg1 ID: '%s', kb %d", TConf.pkg1ID, TConf.pkg1ver);
+
    hidWait();
 }

 menuPaths mainMenuPaths[] = {
    NULL,
    HandleSD,
+    HandleEMMC,
    TestControllers,
    CrashTE,
    ViewKeys,
@ -62,7 +80,8 @@ menuPaths mainMenuPaths[] = {

 void EnterMainMenu(){
    while (1){
-        mainMenuEntries[4].hide = !TConf.keysDumped;
+        mainMenuEntries[2].hide = !TConf.keysDumped;
+        mainMenuEntries[5].hide = !TConf.keysDumped;
        FunctionMenuHandler(mainMenuEntries, ARR_LEN(mainMenuEntries), mainMenuPaths, ALWAYSREDRAW);
    }
 }
--- a/source/tegraexplorer/tconf.h
+++ b/source/tegraexplorer/tconf.h
@ -15,26 +15,23 @@ enum {
    CMODE_Move
 };

-enum {
-    M_None = 0,
-    M_EMMC,
-    M_EMUMMC
-};
-
 typedef struct {
    u32 FSBuffSize;
    char *srcCopy;
    union {
        struct {
            u16 minervaEnabled:1;
+            u16 keysDumped:1;
            u16 curExplorerLoc:2;
            u16 heldExplorerCopyLoc:2;
            u16 explorerCopyMode:2;
-            u16 currentMMCMounted:2;
-            u16 keysDumped:1;
+            u16 currentMMCConnected:2;
+            u16 connectedMMCMounted:1;
        };
        u16 optionUnion;
    };
+    const char *pkg1ID;
+    u8 pkg1ver;
 } TConf_t;

 extern TConf_t TConf;