2017-01-01 12:58:02 +00:00
|
|
|
// Copyright 2017 Citra Emulator Project
|
|
|
|
|
// Licensed under GPLv2 or any later version
|
|
|
|
|
// Refer to the license.txt file included.
|
|
|
|
|
|
|
|
|
|
#include <algorithm>
|
|
|
|
|
#include <exception>
|
2018-10-05 10:37:55 +00:00
|
|
|
#include <optional>
|
2017-01-01 12:58:02 +00:00
|
|
|
#include <sstream>
|
2018-10-17 08:13:55 +00:00
|
|
|
#include <fmt/format.h>
|
2017-01-01 12:58:02 +00:00
|
|
|
#include "common/common_paths.h"
|
|
|
|
|
#include "common/file_util.h"
|
|
|
|
|
#include "common/logging/log.h"
|
|
|
|
|
#include "common/string_util.h"
|
2018-10-13 22:06:39 +00:00
|
|
|
#include "core/file_sys/archive_ncch.h"
|
|
|
|
|
#include "core/hle/service/fs/archive.h"
|
2017-01-01 12:58:02 +00:00
|
|
|
#include "core/hw/aes/arithmetic128.h"
|
|
|
|
|
#include "core/hw/aes/key.h"
|
|
|
|
|
|
|
|
|
|
namespace HW {
|
|
|
|
|
namespace AES {
|
|
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
|
|
2018-10-17 14:07:11 +00:00
|
|
|
// The generator constant was calculated using the 0x39 KeyX and KeyY retrieved from a 3DS and the
|
|
|
|
|
// normal key dumped from a Wii U solving the equation:
|
|
|
|
|
// NormalKey = (((KeyX ROL 2) XOR KeyY) + constant) ROL 87
|
|
|
|
|
// On a real 3DS the generation for the normal key is hardware based, and thus the constant can't
|
|
|
|
|
// get dumped . generated normal keys are also not accesible on a 3DS. The used formula for
|
|
|
|
|
// calculating the constant is a software implementation of what the hardware generator does.
|
|
|
|
|
constexpr AESKey generator_constant = {{0x1F, 0xF9, 0xE9, 0xAA, 0xC5, 0xFE, 0x04, 0x08, 0x02, 0x45,
|
|
|
|
|
0x91, 0xDC, 0x5D, 0x52, 0x76, 0x8A}};
|
2017-01-01 12:58:02 +00:00
|
|
|
|
2018-10-17 08:13:55 +00:00
|
|
|
struct KeyDesc {
|
|
|
|
|
char key_type;
|
|
|
|
|
std::size_t slot_id;
|
|
|
|
|
// This key is identical to the key with the same key_type and slot_id -1
|
|
|
|
|
bool same_as_before;
|
|
|
|
|
};
|
|
|
|
|
|
2017-01-01 12:58:02 +00:00
|
|
|
struct KeySlot {
|
2018-10-05 10:37:55 +00:00
|
|
|
std::optional<AESKey> x;
|
|
|
|
|
std::optional<AESKey> y;
|
|
|
|
|
std::optional<AESKey> normal;
|
2017-01-01 12:58:02 +00:00
|
|
|
|
2018-10-05 10:37:55 +00:00
|
|
|
void SetKeyX(std::optional<AESKey> key) {
|
2017-01-01 12:58:02 +00:00
|
|
|
x = key;
|
2018-09-04 16:27:48 +00:00
|
|
|
GenerateNormalKey();
|
2017-01-01 12:58:02 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-05 10:37:55 +00:00
|
|
|
void SetKeyY(std::optional<AESKey> key) {
|
2017-01-01 12:58:02 +00:00
|
|
|
y = key;
|
2018-09-04 16:27:48 +00:00
|
|
|
GenerateNormalKey();
|
2017-01-01 12:58:02 +00:00
|
|
|
}
|
|
|
|
|
|
2018-10-05 10:37:55 +00:00
|
|
|
void SetNormalKey(std::optional<AESKey> key) {
|
2017-01-01 12:58:02 +00:00
|
|
|
normal = key;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void GenerateNormalKey() {
|
2018-10-17 14:07:11 +00:00
|
|
|
if (x && y) {
|
|
|
|
|
normal = Lrot128(Add128(Xor128(Lrot128(*x, 2), *y), generator_constant), 87);
|
2018-09-04 16:27:48 +00:00
|
|
|
} else {
|
2018-10-05 10:37:55 +00:00
|
|
|
normal = {};
|
2018-09-04 16:27:48 +00:00
|
|
|
}
|
2017-01-01 12:58:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void Clear() {
|
|
|
|
|
x.reset();
|
|
|
|
|
y.reset();
|
|
|
|
|
normal.reset();
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
std::array<KeySlot, KeySlotID::MaxKeySlotID> key_slots;
|
2018-10-05 10:37:55 +00:00
|
|
|
std::array<std::optional<AESKey>, 6> common_key_y_slots;
|
2017-01-01 12:58:02 +00:00
|
|
|
|
|
|
|
|
AESKey HexToKey(const std::string& hex) {
|
|
|
|
|
if (hex.size() < 32) {
|
|
|
|
|
throw std::invalid_argument("hex string is too short");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
AESKey key;
|
2018-09-06 20:03:28 +00:00
|
|
|
for (std::size_t i = 0; i < key.size(); ++i) {
|
2017-01-01 12:58:02 +00:00
|
|
|
key[i] = static_cast<u8>(std::stoi(hex.substr(i * 2, 2), 0, 16));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return key;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-13 22:06:39 +00:00
|
|
|
std::string KeyToString(AESKey& key) {
|
|
|
|
|
std::string s;
|
|
|
|
|
for (auto pos : key) {
|
|
|
|
|
s += fmt::format("{:02X}", pos);
|
|
|
|
|
}
|
|
|
|
|
return s;
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-17 08:13:55 +00:00
|
|
|
void LoadBootromKeys() {
|
|
|
|
|
constexpr std::array<KeyDesc, 80> keys = {
|
|
|
|
|
{{'X', 0x2C, false}, {'X', 0x2D, true}, {'X', 0x2E, true}, {'X', 0x2F, true},
|
|
|
|
|
{'X', 0x30, false}, {'X', 0x31, true}, {'X', 0x32, true}, {'X', 0x33, true},
|
|
|
|
|
{'X', 0x34, false}, {'X', 0x35, true}, {'X', 0x36, true}, {'X', 0x37, true},
|
|
|
|
|
{'X', 0x38, false}, {'X', 0x39, true}, {'X', 0x3A, true}, {'X', 0x3B, true},
|
|
|
|
|
{'X', 0x3C, false}, {'X', 0x3D, false}, {'X', 0x3E, false}, {'X', 0x3F, false},
|
|
|
|
|
{'Y', 0x4, false}, {'Y', 0x5, false}, {'Y', 0x6, false}, {'Y', 0x7, false},
|
|
|
|
|
{'Y', 0x8, false}, {'Y', 0x9, false}, {'Y', 0xA, false}, {'Y', 0xB, false},
|
|
|
|
|
{'N', 0xC, false}, {'N', 0xD, true}, {'N', 0xE, true}, {'N', 0xF, true},
|
|
|
|
|
{'N', 0x10, false}, {'N', 0x11, true}, {'N', 0x12, true}, {'N', 0x13, true},
|
|
|
|
|
{'N', 0x14, false}, {'N', 0x15, false}, {'N', 0x16, false}, {'N', 0x17, false},
|
|
|
|
|
{'N', 0x18, false}, {'N', 0x19, true}, {'N', 0x1A, true}, {'N', 0x1B, true},
|
|
|
|
|
{'N', 0x1C, false}, {'N', 0x1D, true}, {'N', 0x1E, true}, {'N', 0x1F, true},
|
|
|
|
|
{'N', 0x20, false}, {'N', 0x21, true}, {'N', 0x22, true}, {'N', 0x23, true},
|
|
|
|
|
{'N', 0x24, false}, {'N', 0x25, true}, {'N', 0x26, true}, {'N', 0x27, true},
|
|
|
|
|
{'N', 0x28, true}, {'N', 0x29, false}, {'N', 0x2A, false}, {'N', 0x2B, false},
|
|
|
|
|
{'N', 0x2C, false}, {'N', 0x2D, true}, {'N', 0x2E, true}, {'N', 0x2F, true},
|
|
|
|
|
{'N', 0x30, false}, {'N', 0x31, true}, {'N', 0x32, true}, {'N', 0x33, true},
|
|
|
|
|
{'N', 0x34, false}, {'N', 0x35, true}, {'N', 0x36, true}, {'N', 0x37, true},
|
|
|
|
|
{'N', 0x38, false}, {'N', 0x39, true}, {'N', 0x3A, true}, {'N', 0x3B, true},
|
|
|
|
|
{'N', 0x3C, true}, {'N', 0x3D, false}, {'N', 0x3E, false}, {'N', 0x3F, false}}};
|
|
|
|
|
|
|
|
|
|
// Bootrom sets all these keys when executed, but later some of the normal keys get overwritten
|
|
|
|
|
// by other applications e.g. process9. These normal keys thus aren't used by any application
|
|
|
|
|
// and have no value for emulation
|
|
|
|
|
|
|
|
|
|
const std::string filepath = FileUtil::GetUserPath(FileUtil::UserPath::SysDataDir) + BOOTROM9;
|
|
|
|
|
auto file = FileUtil::IOFile(filepath, "rb");
|
|
|
|
|
if (!file) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const std::size_t length = file.GetSize();
|
|
|
|
|
if (length != 65536) {
|
|
|
|
|
LOG_ERROR(HW_AES, "Bootrom9 size is wrong: {}", length);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
constexpr std::size_t KEY_SECTION_START = 55760;
|
|
|
|
|
file.Seek(KEY_SECTION_START, SEEK_SET); // Jump to the key section
|
|
|
|
|
|
|
|
|
|
AESKey new_key;
|
|
|
|
|
for (const auto& key : keys) {
|
|
|
|
|
if (!key.same_as_before) {
|
|
|
|
|
file.ReadArray(new_key.data(), new_key.size());
|
|
|
|
|
if (!file) {
|
|
|
|
|
LOG_ERROR(HW_AES, "Reading from Bootrom9 failed");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-13 22:06:39 +00:00
|
|
|
LOG_DEBUG(HW_AES, "Loaded Slot{:#02x} Key{}: {}", key.slot_id, key.key_type,
|
|
|
|
|
KeyToString(new_key));
|
2018-10-17 08:13:55 +00:00
|
|
|
|
|
|
|
|
switch (key.key_type) {
|
|
|
|
|
case 'X':
|
|
|
|
|
key_slots.at(key.slot_id).SetKeyX(new_key);
|
|
|
|
|
break;
|
|
|
|
|
case 'Y':
|
|
|
|
|
key_slots.at(key.slot_id).SetKeyY(new_key);
|
|
|
|
|
break;
|
|
|
|
|
case 'N':
|
|
|
|
|
key_slots.at(key.slot_id).SetNormalKey(new_key);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
LOG_ERROR(HW_AES, "Invalid key type {}", key.key_type);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-13 22:06:39 +00:00
|
|
|
void LoadNativeFirmKeysOld3DS() {
|
|
|
|
|
// Use the save mode native firm instead of the normal mode since there are only 2 version of it
|
|
|
|
|
// and thus we can use fixed offsets
|
|
|
|
|
constexpr u64_le save_mode_native_firm_id_low = 0x0004013800000003;
|
|
|
|
|
|
|
|
|
|
FileSys::NCCHArchive archive(save_mode_native_firm_id_low, Service::FS::MediaType::NAND);
|
|
|
|
|
std::array<char, 8> exefs_filepath = {'.', 'f', 'i', 'r', 'm', 0, 0, 0};
|
|
|
|
|
FileSys::Path file_path = FileSys::MakeNCCHFilePath(
|
|
|
|
|
FileSys::NCCHFileOpenType::NCCHData, 0, FileSys::NCCHFilePathType::ExeFS, exefs_filepath);
|
|
|
|
|
FileSys::Mode open_mode = {};
|
|
|
|
|
open_mode.read_flag.Assign(1);
|
|
|
|
|
auto file_result = archive.OpenFile(file_path, open_mode);
|
|
|
|
|
if (file_result.Failed())
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
auto firm = std::move(file_result).Unwrap();
|
|
|
|
|
const std::size_t size = firm->GetSize();
|
|
|
|
|
if (size != 843776) {
|
|
|
|
|
LOG_ERROR(HW_AES, "save mode native firm has wrong size {}", size);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
std::vector<u8> firm_buffer(size);
|
|
|
|
|
firm->Read(0, firm_buffer.size(), firm_buffer.data());
|
|
|
|
|
firm->Close();
|
|
|
|
|
|
|
|
|
|
AESKey key;
|
|
|
|
|
constexpr std::size_t SLOT_0x31_KEY_Y_OFFSET = 817672;
|
|
|
|
|
std::memcpy(key.data(), firm_buffer.data() + SLOT_0x31_KEY_Y_OFFSET, sizeof(key));
|
|
|
|
|
key_slots.at(0x31).SetKeyY(key);
|
|
|
|
|
LOG_DEBUG(HW_AES, "Loaded Slot0x31 KeyY: {}", KeyToString(key));
|
|
|
|
|
|
|
|
|
|
auto LoadCommonKey = [&firm_buffer](std::size_t key_slot) -> AESKey {
|
|
|
|
|
constexpr std::size_t START_OFFSET = 836533;
|
|
|
|
|
constexpr std::size_t OFFSET = 0x14; // 0x10 bytes for key + 4 bytes between keys
|
|
|
|
|
AESKey key;
|
|
|
|
|
std::memcpy(key.data(), firm_buffer.data() + START_OFFSET + OFFSET * key_slot, sizeof(key));
|
|
|
|
|
return key;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
for (std::size_t key_slot{0}; key_slot < 6; ++key_slot) {
|
|
|
|
|
AESKey key = LoadCommonKey(key_slot);
|
|
|
|
|
common_key_y_slots[key_slot] = key;
|
|
|
|
|
LOG_DEBUG(HW_AES, "Loaded common key{}: {}", key_slot, KeyToString(key));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-01 12:58:02 +00:00
|
|
|
void LoadPresetKeys() {
|
2018-07-21 19:52:42 +00:00
|
|
|
const std::string filepath = FileUtil::GetUserPath(FileUtil::UserPath::SysDataDir) + AES_KEYS;
|
2017-01-01 12:58:02 +00:00
|
|
|
FileUtil::CreateFullPath(filepath); // Create path if not already created
|
|
|
|
|
std::ifstream file;
|
|
|
|
|
OpenFStream(file, filepath, std::ios_base::in);
|
|
|
|
|
if (!file) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
while (!file.eof()) {
|
|
|
|
|
std::string line;
|
|
|
|
|
std::getline(file, line);
|
|
|
|
|
std::vector<std::string> parts;
|
|
|
|
|
Common::SplitString(line, '=', parts);
|
|
|
|
|
if (parts.size() != 2) {
|
2018-06-29 11:18:07 +00:00
|
|
|
LOG_ERROR(HW_AES, "Failed to parse {}", line);
|
2017-01-01 12:58:02 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const std::string& name = parts[0];
|
|
|
|
|
AESKey key;
|
|
|
|
|
try {
|
|
|
|
|
key = HexToKey(parts[1]);
|
|
|
|
|
} catch (const std::logic_error& e) {
|
2018-06-29 11:18:07 +00:00
|
|
|
LOG_ERROR(HW_AES, "Invalid key {}: {}", parts[1], e.what());
|
2017-01-01 12:58:02 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-04 16:27:48 +00:00
|
|
|
std::size_t common_key_index;
|
|
|
|
|
if (std::sscanf(name.c_str(), "common%zd", &common_key_index) == 1) {
|
|
|
|
|
if (common_key_index >= common_key_y_slots.size()) {
|
|
|
|
|
LOG_ERROR(HW_AES, "Invalid common key index {}", common_key_index);
|
|
|
|
|
} else {
|
|
|
|
|
common_key_y_slots[common_key_index] = key;
|
|
|
|
|
}
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-06 20:03:28 +00:00
|
|
|
std::size_t slot_id;
|
2017-01-01 12:58:02 +00:00
|
|
|
char key_type;
|
|
|
|
|
if (std::sscanf(name.c_str(), "slot0x%zXKey%c", &slot_id, &key_type) != 2) {
|
2018-06-29 11:18:07 +00:00
|
|
|
LOG_ERROR(HW_AES, "Invalid key name {}", name);
|
2017-01-01 12:58:02 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (slot_id >= MaxKeySlotID) {
|
2018-06-29 11:18:07 +00:00
|
|
|
LOG_ERROR(HW_AES, "Out of range slot ID {:#X}", slot_id);
|
2017-01-01 12:58:02 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (key_type) {
|
|
|
|
|
case 'X':
|
|
|
|
|
key_slots.at(slot_id).SetKeyX(key);
|
|
|
|
|
break;
|
|
|
|
|
case 'Y':
|
|
|
|
|
key_slots.at(slot_id).SetKeyY(key);
|
|
|
|
|
break;
|
|
|
|
|
case 'N':
|
|
|
|
|
key_slots.at(slot_id).SetNormalKey(key);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2018-06-29 11:18:07 +00:00
|
|
|
LOG_ERROR(HW_AES, "Invalid key type {}", key_type);
|
2017-01-01 12:58:02 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
|
|
void InitKeys() {
|
2018-07-28 15:30:54 +00:00
|
|
|
static bool initialized = false;
|
|
|
|
|
if (initialized)
|
|
|
|
|
return;
|
2018-10-17 08:13:55 +00:00
|
|
|
LoadBootromKeys();
|
2018-10-13 22:06:39 +00:00
|
|
|
LoadNativeFirmKeysOld3DS();
|
|
|
|
|
// TODO(B3N30): Load new_3ds save_native_firm
|
2017-01-01 12:58:02 +00:00
|
|
|
LoadPresetKeys();
|
2018-07-28 15:30:54 +00:00
|
|
|
initialized = true;
|
2017-01-01 12:58:02 +00:00
|
|
|
}
|
|
|
|
|
|
2018-09-06 20:03:28 +00:00
|
|
|
void SetKeyX(std::size_t slot_id, const AESKey& key) {
|
2017-01-01 12:58:02 +00:00
|
|
|
key_slots.at(slot_id).SetKeyX(key);
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-06 20:03:28 +00:00
|
|
|
void SetKeyY(std::size_t slot_id, const AESKey& key) {
|
2017-01-01 12:58:02 +00:00
|
|
|
key_slots.at(slot_id).SetKeyY(key);
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-06 20:03:28 +00:00
|
|
|
void SetNormalKey(std::size_t slot_id, const AESKey& key) {
|
2017-01-01 12:58:02 +00:00
|
|
|
key_slots.at(slot_id).SetNormalKey(key);
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-06 20:03:28 +00:00
|
|
|
bool IsNormalKeyAvailable(std::size_t slot_id) {
|
2018-10-05 10:37:55 +00:00
|
|
|
return key_slots.at(slot_id).normal.has_value();
|
2017-01-01 12:58:02 +00:00
|
|
|
}
|
|
|
|
|
|
2018-09-06 20:03:28 +00:00
|
|
|
AESKey GetNormalKey(std::size_t slot_id) {
|
2017-01-01 12:58:02 +00:00
|
|
|
return key_slots.at(slot_id).normal.value_or(AESKey{});
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-04 16:27:48 +00:00
|
|
|
void SelectCommonKeyIndex(u8 index) {
|
|
|
|
|
key_slots[KeySlotID::TicketCommonKey].SetKeyY(common_key_y_slots.at(index));
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-01 12:58:02 +00:00
|
|
|
} // namespace AES
|
|
|
|
|
} // namespace HW
|
