mirror of
https://github.com/CTCaer/hekate.git
synced 2024-11-22 18:06:40 +00:00
More unfattening (like always)
This commit is contained in:
Kostas Missos
parent
9401897f93
commit
bc67798f43
3 changed files with 39 additions and 53 deletions
36
ipl/hos.c
36
ipl/hos.c
|
|
@ -84,7 +84,7 @@ typedef struct _merge_kip_t
|
|||
#define KB_FIRMWARE_VERSION_500 4
|
||||
#define KB_FIRMWARE_VERSION_MAX KB_FIRMWARE_VERSION_500
|
||||
|
||||
// Exosphère magic "XBC0"
|
||||
// Exosphère magic "XBC0".
|
||||
#define MAGIC_EXOSPHERE 0x30434258
|
||||
|
||||
static const u8 keyblob_keyseeds[][0x10] = {
|
||||
|
|
@ -122,12 +122,12 @@ static void _se_lock()
|
|||
for (u32 i = 0; i < 2; i++)
|
||||
se_rsa_acc_ctrl(i, 1);
|
||||
|
||||
SE(0x4) = 0; //Make this reg secure only.
|
||||
SE(SE_KEY_TABLE_ACCESS_LOCK_OFFSET) = 0; //Make all key access regs secure only.
|
||||
SE(SE_RSA_KEYTABLE_ACCESS_LOCK_OFFSET) = 0; //Make all rsa access regs secure only.
|
||||
SE(SE_SECURITY_0) &= 0xFFFFFFFB; //Make access lock regs secure only.
|
||||
SE(0x4) = 0; // Make this reg secure only.
|
||||
SE(SE_KEY_TABLE_ACCESS_LOCK_OFFSET) = 0; // Make all key access regs secure only.
|
||||
SE(SE_RSA_KEYTABLE_ACCESS_LOCK_OFFSET) = 0; // Make all RSA access regs secure only.
|
||||
SE(SE_SECURITY_0) &= 0xFFFFFFFB; // Make access lock regs secure only.
|
||||
|
||||
//This is useful for documenting the bits in the SE config registers, so we can keep it around.
|
||||
// This is useful for documenting the bits in the SE config registers, so we can keep it around.
|
||||
/*gfx_printf(&gfx_con, "SE(SE_SECURITY_0) = %08X\n", SE(SE_SECURITY_0));
|
||||
gfx_printf(&gfx_con, "SE(0x4) = %08X\n", SE(0x4));
|
||||
gfx_printf(&gfx_con, "SE(SE_KEY_TABLE_ACCESS_LOCK_OFFSET) = %08X\n", SE(SE_KEY_TABLE_ACCESS_LOCK_OFFSET));
|
||||
|
|
@ -151,19 +151,19 @@ int keygen(u8 *keyblob, u32 kb, void *tsec_fw)
|
|||
se_key_acc_ctrl(13, 0x15);
|
||||
se_key_acc_ctrl(14, 0x15);
|
||||
|
||||
//Get TSEC key.
|
||||
// Get TSEC key.
|
||||
if (tsec_query(tmp, 1, tsec_fw) < 0)
|
||||
return 0;
|
||||
|
||||
se_aes_key_set(13, tmp, 0x10);
|
||||
|
||||
//Derive keyblob keys from TSEC+SBK.
|
||||
// Derive keyblob keys from TSEC+SBK.
|
||||
se_aes_crypt_block_ecb(13, 0, tmp, keyblob_keyseeds[0]);
|
||||
se_aes_unwrap_key(15, 14, tmp);
|
||||
se_aes_crypt_block_ecb(13, 0, tmp, keyblob_keyseeds[kb]);
|
||||
se_aes_unwrap_key(13, 14, tmp);
|
||||
|
||||
//Clear SBK.
|
||||
// Clear SBK.
|
||||
se_aes_key_clear(14);
|
||||
|
||||
//TODO: verify keyblob CMAC.
|
||||
|
|
@ -175,7 +175,7 @@ int keygen(u8 *keyblob, u32 kb, void *tsec_fw)
|
|||
se_aes_crypt_block_ecb(13, 0, tmp, cmac_keyseed);
|
||||
se_aes_unwrap_key(11, 13, cmac_keyseed);
|
||||
|
||||
//Decrypt keyblob and set keyslots.
|
||||
// Decrypt keyblob and set keyslots.
|
||||
se_aes_crypt_ctr(13, keyblob + 0x20, 0x90, keyblob + 0x20, 0x90, keyblob + 0x10);
|
||||
se_aes_key_set(11, keyblob + 0x20 + 0x80, 0x10); //Package1 key.
|
||||
se_aes_key_set(12, keyblob + 0x20, 0x10);
|
||||
|
|
@ -205,7 +205,7 @@ int keygen(u8 *keyblob, u32 kb, void *tsec_fw)
|
|||
break;
|
||||
}
|
||||
|
||||
//Package2 key.
|
||||
// Package2 key.
|
||||
se_key_acc_ctrl(8, 0x15);
|
||||
se_aes_unwrap_key(8, 12, key8_keyseed);
|
||||
|
||||
|
|
@ -219,7 +219,7 @@ static void _copy_bootconfig()
|
|||
|
||||
sdmmc_storage_init_mmc(&storage, &sdmmc, SDMMC_4, SDMMC_BUS_WIDTH_8, 4);
|
||||
|
||||
//Read BCT.
|
||||
// Read BCT.
|
||||
u8 *buf = (u8 *)0x4003D000;
|
||||
sdmmc_storage_set_mmc_partition(&storage, 1);
|
||||
sdmmc_storage_read(&storage, 0, 0x3000 / NX_EMMC_BLOCKSIZE, buf);
|
||||
|
|
@ -237,19 +237,19 @@ static int _read_emmc_pkg1(launch_ctxt_t *ctxt)
|
|||
|
||||
sdmmc_storage_init_mmc(&storage, &sdmmc, SDMMC_4, SDMMC_BUS_WIDTH_8, 4);
|
||||
|
||||
//Read package1.
|
||||
// Read package1.
|
||||
ctxt->pkg1 = (u8 *)malloc(0x40000);
|
||||
sdmmc_storage_set_mmc_partition(&storage, 1);
|
||||
sdmmc_storage_read(&storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, ctxt->pkg1);
|
||||
ctxt->pkg1_id = pkg1_identify(ctxt->pkg1);
|
||||
if (!ctxt->pkg1_id)
|
||||
{
|
||||
gfx_printf(&gfx_con, "%kCould not identify package1,\nVersion (= '%s').%k\n", 0xFFFF0000, (char *)ctxt->pkg1 + 0x10, 0xFFCCCCCC);
|
||||
gfx_printf(&gfx_con, "%kUnknown package1,\nVersion (= '%s').%k\n", 0xFFFF0000, (char *)ctxt->pkg1 + 0x10, 0xFFCCCCCC);
|
||||
goto out;
|
||||
}
|
||||
gfx_printf(&gfx_con, "Identified package1 ('%s'),\nKeyblob version %d\n\n", (char *)(ctxt->pkg1 + 0x10), ctxt->pkg1_id->kb);
|
||||
|
||||
//Read the correct keyblob.
|
||||
// Read the correct keyblob.
|
||||
ctxt->keyblob = (u8 *)calloc(NX_EMMC_BLOCKSIZE, 1);
|
||||
sdmmc_storage_read(&storage, 0x180000 / NX_EMMC_BLOCKSIZE + ctxt->pkg1_id->kb, 1, ctxt->keyblob);
|
||||
|
||||
|
|
@ -269,16 +269,16 @@ static int _read_emmc_pkg2(launch_ctxt_t *ctxt)
|
|||
sdmmc_storage_init_mmc(&storage, &sdmmc, SDMMC_4, SDMMC_BUS_WIDTH_8, 4);
|
||||
sdmmc_storage_set_mmc_partition(&storage, 0);
|
||||
|
||||
//Parse eMMC GPT.
|
||||
// Parse eMMC GPT.
|
||||
LIST_INIT(gpt);
|
||||
nx_emmc_gpt_parse(&gpt, &storage);
|
||||
DPRINTF("Parsed GPT\n");
|
||||
//Find package2 partition.
|
||||
// Find package2 partition.
|
||||
emmc_part_t *pkg2_part = nx_emmc_part_find(&gpt, "BCPKG2-1-Normal-Main");
|
||||
if (!pkg2_part)
|
||||
goto out;
|
||||
|
||||
//Read in package2 header and get package2 real size.
|
||||
// Read in package2 header and get package2 real size.
|
||||
//TODO: implement memalign for DMA buffers.
|
||||
u8 *tmp = (u8 *)malloc(NX_EMMC_BLOCKSIZE);
|
||||
nx_emmc_part_read(&storage, pkg2_part, 0x4000 / NX_EMMC_BLOCKSIZE, 1, tmp);
|
||||
|
|
|
|||
42
ipl/main.c
42
ipl/main.c
|
|
@ -99,7 +99,7 @@ int sd_mount()
|
|||
}
|
||||
else
|
||||
{
|
||||
EPRINTFARGS("Failed to mount SD card (FatFS Error %d).\n(make sure that a FAT type partition exists)", res);
|
||||
EPRINTFARGS("Failed to mount SD card (FatFS Error %d).\nMake sure that a FAT partition exists..", res);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -390,12 +390,9 @@ void print_fuseinfo()
|
|||
{
|
||||
if (sd_mount())
|
||||
{
|
||||
char fuseFilename[23];
|
||||
f_mkdir("Backup");
|
||||
f_mkdir("Backup/Dumps");
|
||||
memcpy(fuseFilename, "Backup/Dumps/fuses.bin", 23);
|
||||
|
||||
if (!sd_save_to_file((u8 *)0x7000F900, 0x2FC, fuseFilename))
|
||||
if (!sd_save_to_file((u8 *)0x7000F900, 0x2FC, "Backup/Dumps/fuses.bin"))
|
||||
gfx_puts(&gfx_con, "\nDone!\n");
|
||||
sd_unmount();
|
||||
}
|
||||
|
|
@ -423,12 +420,9 @@ void print_kfuseinfo()
|
|||
{
|
||||
if (sd_mount())
|
||||
{
|
||||
char kfuseFilename[24];
|
||||
f_mkdir("Backup");
|
||||
f_mkdir("Backup/Dumps");
|
||||
memcpy(kfuseFilename, "Backup/Dumps/kfuses.bin", 24);
|
||||
|
||||
if (!sd_save_to_file((u8 *)buf, KFUSE_NUM_WORDS * 4, kfuseFilename))
|
||||
if (!sd_save_to_file((u8 *)buf, KFUSE_NUM_WORDS * 4, "Backup/Dumps/kfuses.bin"))
|
||||
gfx_puts(&gfx_con, "\nDone!\n");
|
||||
sd_unmount();
|
||||
}
|
||||
|
|
@ -457,7 +451,7 @@ void print_mmc_info()
|
|||
u16 card_type;
|
||||
u32 speed;
|
||||
|
||||
gfx_printf(&gfx_con, "%kCard IDentification:%k\n", 0xFF00DDFF, 0xFFCCCCCC);
|
||||
gfx_printf(&gfx_con, "%kCID:%k\n", 0xFF00DDFF, 0xFFCCCCCC);
|
||||
switch (storage.csd.mmca_vsn)
|
||||
{
|
||||
case 0: /* MMC v1.0 - v1.2 */
|
||||
|
|
@ -500,7 +494,7 @@ void print_mmc_info()
|
|||
EPRINTF("Unknown CSD structure.");
|
||||
else
|
||||
{
|
||||
gfx_printf(&gfx_con, "%kExtended Card-Specific Data V1.%d:%k\n",
|
||||
gfx_printf(&gfx_con, "%kExtended CSD V1.%d:%k\n",
|
||||
0xFF00DDFF, storage.ext_csd.ext_struct, 0xFFCCCCCC);
|
||||
card_type = storage.ext_csd.card_type;
|
||||
u8 card_type_support[96];
|
||||
|
|
@ -664,7 +658,7 @@ void print_tsec_key()
|
|||
const pkg1_id_t *pkg1_id = pkg1_identify(pkg1);
|
||||
if (!pkg1_id)
|
||||
{
|
||||
EPRINTFARGS("Could not identify package1 version\nto read TSEC firmware (= '%s').",
|
||||
EPRINTFARGS("Unknown package1 version for reading\nTSEC firmware (= '%s').",
|
||||
(char *)pkg1 + 0x10);
|
||||
goto out_wait;
|
||||
}
|
||||
|
|
@ -693,20 +687,15 @@ void print_tsec_key()
|
|||
{
|
||||
if (sd_mount())
|
||||
{
|
||||
char tsec_keyFilename[26];
|
||||
f_mkdir("Backup");
|
||||
f_mkdir("Backup/Dumps");
|
||||
memcpy(tsec_keyFilename, "Backup/Dumps/tsec_key.bin", 26);
|
||||
|
||||
if (!sd_save_to_file(keys, 0x10 * 3, tsec_keyFilename))
|
||||
if (!sd_save_to_file(keys, 0x10 * 3, "Backup/Dumps/tsec_key.bin"))
|
||||
gfx_puts(&gfx_con, "\nDone!\n");
|
||||
sd_unmount();
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
goto out;
|
||||
}
|
||||
|
||||
out_wait:;
|
||||
btn_wait();
|
||||
|
|
@ -1556,7 +1545,7 @@ void dump_packages12()
|
|||
if (!pkg1_id)
|
||||
{
|
||||
gfx_con.fntsz = 8;
|
||||
EPRINTFARGS("Could not identify package1 version to read TSEC firmware (= '%s').", (char *)pkg1 + 0x10);
|
||||
EPRINTFARGS("Unknown package1 version for reading\nTSEC firmware (= '%s').", (char *)pkg1 + 0x10);
|
||||
goto out;
|
||||
}
|
||||
|
||||
|
|
@ -1610,23 +1599,23 @@ void dump_packages12()
|
|||
goto out;
|
||||
gfx_puts(&gfx_con, "Warmboot dumped to warmboot.bin\n\n\n");
|
||||
|
||||
// Dump package2.1
|
||||
// Dump package2.1.
|
||||
sdmmc_storage_set_mmc_partition(&storage, 0);
|
||||
//Parse eMMC GPT.
|
||||
// Parse eMMC GPT.
|
||||
LIST_INIT(gpt);
|
||||
nx_emmc_gpt_parse(&gpt, &storage);
|
||||
//Find package2 partition.
|
||||
// Find package2 partition.
|
||||
emmc_part_t *pkg2_part = nx_emmc_part_find(&gpt, "BCPKG2-1-Normal-Main");
|
||||
if (!pkg2_part)
|
||||
goto out;
|
||||
|
||||
//Read in package2 header and get package2 real size.
|
||||
// Read in package2 header and get package2 real size.
|
||||
u8 *tmp = (u8 *)malloc(NX_EMMC_BLOCKSIZE);
|
||||
nx_emmc_part_read(&storage, pkg2_part, 0x4000 / NX_EMMC_BLOCKSIZE, 1, tmp);
|
||||
u32 *hdr_pkg2_raw = (u32 *)(tmp + 0x100);
|
||||
u32 pkg2_size = hdr_pkg2_raw[0] ^ hdr_pkg2_raw[2] ^ hdr_pkg2_raw[3];
|
||||
free(tmp);
|
||||
//Read in package2.
|
||||
// Read in package2.
|
||||
u32 pkg2_size_aligned = ALIGN(pkg2_size, NX_EMMC_BLOCKSIZE);
|
||||
pkg2 = malloc(pkg2_size_aligned);
|
||||
nx_emmc_part_read(&storage, pkg2_part, 0x4000 / NX_EMMC_BLOCKSIZE,
|
||||
|
|
@ -2234,12 +2223,9 @@ void print_battery_info()
|
|||
{
|
||||
if (sd_mount())
|
||||
{
|
||||
char fuelFilename[28];
|
||||
f_mkdir("Backup");
|
||||
f_mkdir("Backup/Dumps");
|
||||
memcpy(fuelFilename, "Backup/Dumps/fuel_gauge.bin", 28);
|
||||
|
||||
if (sd_save_to_file((u8 *)buf, 0x200, fuelFilename))
|
||||
if (sd_save_to_file((u8 *)buf, 0x200, "Backup/Dumps/fuel_gauge.bin"))
|
||||
EPRINTF("\nError creating fuel.bin file.");
|
||||
else
|
||||
gfx_puts(&gfx_con, "\nDone!\n");
|
||||
|
|
|
|||
14
ipl/pkg2.c
14
ipl/pkg2.c
|
|
@ -296,15 +296,15 @@ pkg2_hdr_t *pkg2_decrypt(void *data)
|
|||
{
|
||||
u8 *pdata = (u8 *)data;
|
||||
|
||||
//Skip signature.
|
||||
// Skip signature.
|
||||
pdata += 0x100;
|
||||
|
||||
pkg2_hdr_t *hdr = (pkg2_hdr_t *)pdata;
|
||||
|
||||
//Skip header.
|
||||
// Skip header.
|
||||
pdata += sizeof(pkg2_hdr_t);
|
||||
|
||||
//Decrypt header.
|
||||
// Decrypt header.
|
||||
se_aes_crypt_ctr(8, hdr, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr);
|
||||
//gfx_hexdump(&gfx_con, (u32)hdr, hdr, 0x100);
|
||||
|
||||
|
|
@ -330,11 +330,11 @@ void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_i
|
|||
{
|
||||
u8 *pdst = (u8 *)dst;
|
||||
|
||||
//Signature.
|
||||
// Signature.
|
||||
memset(pdst, 0, 0x100);
|
||||
pdst += 0x100;
|
||||
|
||||
//Header.
|
||||
// Header.
|
||||
pkg2_hdr_t *hdr = (pkg2_hdr_t *)pdst;
|
||||
memset(hdr, 0, sizeof(pkg2_hdr_t));
|
||||
pdst += sizeof(pkg2_hdr_t);
|
||||
|
|
@ -342,7 +342,7 @@ void pkg2_build_encrypt(void *dst, void *kernel, u32 kernel_size, link_t *kips_i
|
|||
hdr->base = 0x10000000;
|
||||
DPRINTF("kernel @ %08X (%08X)\n", (u32)kernel, kernel_size);
|
||||
|
||||
//Kernel.
|
||||
// Kernel.
|
||||
memcpy(pdst, kernel, kernel_size);
|
||||
hdr->sec_size[PKG2_SEC_KERNEL] = kernel_size;
|
||||
hdr->sec_off[PKG2_SEC_KERNEL] = 0x10000000;
|
||||
|
|
@ -350,7 +350,7 @@ DPRINTF("kernel @ %08X (%08X)\n", (u32)kernel, kernel_size);
|
|||
pdst += kernel_size;
|
||||
DPRINTF("kernel encrypted\n");
|
||||
|
||||
//INI1.
|
||||
// INI1.
|
||||
u32 ini1_size = sizeof(pkg2_ini1_t);
|
||||
pkg2_ini1_t *ini1 = (pkg2_ini1_t *)pdst;
|
||||
memset(ini1, 0, sizeof(pkg2_ini1_t));
|
||||
|
|
|
|||
Loading…
Reference in a new issue