mirror of
https://github.com/shchmue/Lockpick_RCM.git
synced 2024-12-22 19:15:38 +00:00
keys: Improve readability, read keyblobs at once
This commit is contained in:
parent
49dfca45a5
commit
c4172d77e1
|
@ -20,7 +20,7 @@
|
|||
|
||||
#include <utils/types.h>
|
||||
|
||||
#define TSEC_KEY_DATA_ADDR 0x300
|
||||
#define TSEC_KEY_DATA_OFFSET 0x300
|
||||
|
||||
typedef struct _tsec_ctxt_t
|
||||
{
|
||||
|
@ -43,6 +43,7 @@ typedef struct _tsec_key_data_t
|
|||
u32 blob2_size;
|
||||
u32 blob3_size;
|
||||
u32 blob4_size;
|
||||
u8 reserved[0x7C];
|
||||
} tsec_key_data_t;
|
||||
|
||||
int tsec_query(u8 *tsec_keys, u8 kb, tsec_ctxt_t *tsec_ctxt);
|
||||
|
|
|
@ -33,6 +33,10 @@
|
|||
#define FS_SD_NCA_KEY_SOURCE 11
|
||||
#define FS_SD_SAVE_KEY_SOURCE 12
|
||||
|
||||
#define PKG1_MAX_SIZE 0x40000
|
||||
#define PKG1_OFFSET 0x100000
|
||||
#define KEYBLOB_OFFSET 0x180000
|
||||
|
||||
typedef struct _key_info_t
|
||||
{
|
||||
u32 start_offset;
|
||||
|
|
|
@ -33,7 +33,7 @@ static const u8 master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION
|
|||
{0x30, 0x3F, 0x02, 0x7E, 0xD8, 0x38, 0xEC, 0xD7, 0x93, 0x25, 0x34, 0xB5, 0x30, 0xEB, 0xCA, 0x7A}, //9.1.0
|
||||
};
|
||||
|
||||
static const u8 mkey_vectors[KB_FIRMWARE_VERSION_MAX+1][0x10] =
|
||||
static const u8 master_key_vectors[KB_FIRMWARE_VERSION_MAX+1][0x10] =
|
||||
{
|
||||
{0x0C, 0xF0, 0x59, 0xAC, 0x85, 0xF6, 0x26, 0x65, 0xE1, 0xE9, 0x19, 0x55, 0xE6, 0xF2, 0x67, 0x3D}, /* Zeroes encrypted with Master Key 00. */
|
||||
{0x29, 0x4C, 0x04, 0xC8, 0xEB, 0x10, 0xED, 0x9D, 0x51, 0x64, 0x97, 0xFB, 0xF3, 0x4D, 0x50, 0xDD}, /* Master key 00 encrypted with Master key 01. */
|
||||
|
@ -70,57 +70,39 @@ static const u8 master_key_source[0x10] = {
|
|||
0xD8, 0xA2, 0x41, 0x0A, 0xC6, 0xC5, 0x90, 0x01, 0xC6, 0x1D, 0x6A, 0x26, 0x7C, 0x51, 0x3F, 0x3C};
|
||||
static const u8 per_console_key_source[0x10] = {
|
||||
0x4F, 0x02, 0x5F, 0x0E, 0xB6, 0x6D, 0x11, 0x0E, 0xDC, 0x32, 0x7D, 0x41, 0x86, 0xC2, 0xF4, 0x78};
|
||||
static const u8 per_console_key_source_4x[0x10] = {
|
||||
static const u8 device_master_key_source_kek_source[0x10] = {
|
||||
0x0C, 0x91, 0x09, 0xDB, 0x93, 0x93, 0x07, 0x81, 0x07, 0x3C, 0xC4, 0x16, 0x22, 0x7C, 0x6C, 0x28};
|
||||
static const u8 mariko_master_kek_source[0x10] = {
|
||||
0x0E, 0x44, 0x0C, 0xED, 0xB4, 0x36, 0xC0, 0x3F, 0xAA, 0x1D, 0xAE, 0xBF, 0x62, 0xB1, 0x09, 0x82};
|
||||
|
||||
static const u8 new_device_key_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][0x10] = {
|
||||
{0x8B, 0x4E, 0x1C, 0x22, 0x42, 0x07, 0xC8, 0x73, 0x56, 0x94, 0x08, 0x8B, 0xCC, 0x47, 0x0F, 0x5D}, /* 4.x New Device Key Source. */
|
||||
{0x6C, 0xEF, 0xC6, 0x27, 0x8B, 0xEC, 0x8A, 0x91, 0x99, 0xAB, 0x24, 0xAC, 0x4F, 0x1C, 0x8F, 0x1C}, /* 5.x New Device Key Source. */
|
||||
{0x70, 0x08, 0x1B, 0x97, 0x44, 0x64, 0xF8, 0x91, 0x54, 0x9D, 0xC6, 0x84, 0x8F, 0x1A, 0xB2, 0xE4}, /* 6.x New Device Key Source. */
|
||||
{0x8E, 0x09, 0x1F, 0x7A, 0xBB, 0xCA, 0x6A, 0xFB, 0xB8, 0x9B, 0xD5, 0xC1, 0x25, 0x9C, 0xA9, 0x17}, /* 6.2.0 New Device Key Source. */
|
||||
{0x8F, 0x77, 0x5A, 0x96, 0xB0, 0x94, 0xFD, 0x8D, 0x28, 0xE4, 0x19, 0xC8, 0x16, 0x1C, 0xDB, 0x3D}, /* 7.0.0 New Device Key Source. */
|
||||
{0x67, 0x62, 0xD4, 0x8E, 0x55, 0xCF, 0xFF, 0x41, 0x31, 0x15, 0x3B, 0x24, 0x0C, 0x7C, 0x07, 0xAE}, /* 8.1.0 New Device Key Source. */
|
||||
{0x4A, 0xC3, 0x4E, 0x14, 0x8B, 0x96, 0x4A, 0xD5, 0xD4, 0x99, 0x73, 0xC4, 0x45, 0xAB, 0x8B, 0x49}, /* 9.0.0 New Device Key Source. */
|
||||
{0x14, 0xB8, 0x74, 0x12, 0xCB, 0xBD, 0x0B, 0x8F, 0x20, 0xFB, 0x30, 0xDA, 0x27, 0xE4, 0x58, 0x94}, /* 9.1.0 New Device Key Source. */
|
||||
};
|
||||
|
||||
static const u8 fs_keys[13][0x20] = {
|
||||
{0x1F, 0x12, 0x91, 0x3A, 0x4A, 0xCB, 0xF0, 0x0D, 0x4C, 0xDE, 0x3A, 0xF6, 0xD5, 0x23, 0x88, 0x2A}, // header key source
|
||||
{0x5A, 0x3E, 0xD8, 0x4F, 0xDE, 0xC0, 0xD8, 0x26, 0x31, 0xF7, 0xE2, 0x5D, 0x19, 0x7B, 0xF5, 0xD0,
|
||||
0x1C, 0x9B, 0x7B, 0xFA, 0xF6, 0x28, 0x18, 0x3D, 0x71, 0xF6, 0x4D, 0x73, 0xF1, 0x50, 0xB9, 0xD2}, // encrypted header key
|
||||
{0x7F, 0x59, 0x97, 0x1E, 0x62, 0x9F, 0x36, 0xA1, 0x30, 0x98, 0x06, 0x6F, 0x21, 0x44, 0xC3, 0x0D}, // kak appli
|
||||
{0x32, 0x7D, 0x36, 0x08, 0x5A, 0xD1, 0x75, 0x8D, 0xAB, 0x4E, 0x6F, 0xBA, 0xA5, 0x55, 0xD8, 0x82}, // kak ocean
|
||||
{0x87, 0x45, 0xF1, 0xBB, 0xA6, 0xBE, 0x79, 0x64, 0x7D, 0x04, 0x8B, 0xA6, 0x7B, 0x5F, 0xDA, 0x4A}, // kak system
|
||||
{0xd8, 0x9c, 0x23, 0x6e, 0xc9, 0x12, 0x4e, 0x43, 0xc8, 0x2b, 0x03, 0x87, 0x43, 0xf9, 0xcf, 0x1b}, // save mac kek source
|
||||
{0xe4, 0xcd, 0x3d, 0x4a, 0xd5, 0x0f, 0x74, 0x28, 0x45, 0xa4, 0x87, 0xe5, 0xa0, 0x63, 0xea, 0x1f}, // save mac key source
|
||||
{0x04, 0x89, 0xef, 0x5d, 0x32, 0x6e, 0x1a, 0x59, 0xc4, 0xb7, 0xab, 0x8c, 0x36, 0x7a, 0xab, 0x17}, // save mac sd kek source
|
||||
{0x6f, 0x64, 0x59, 0x47, 0xc5, 0x61, 0x46, 0xf9, 0xff, 0xa0, 0x45, 0xd5, 0x95, 0x33, 0x29, 0x18}, // save mac sd key source
|
||||
{0x37, 0x0c, 0x34, 0x5e, 0x12, 0xe4, 0xce, 0xfe, 0x21, 0xb5, 0x8e, 0x64, 0xdb, 0x52, 0xaf, 0x35,
|
||||
0x4f, 0x2c, 0xa5, 0xa3, 0xfc, 0x99, 0x9a, 0x47, 0xc0, 0x3e, 0xe0, 0x04, 0x48, 0x5b, 0x2f, 0xd0}, // sd custom key source
|
||||
{0x88, 0x35, 0x8d, 0x9c, 0x62, 0x9b, 0xa1, 0xa0, 0x01, 0x47, 0xdb, 0xe0, 0x62, 0x1b, 0x54, 0x32}, // sd card kek source
|
||||
{0x58, 0x41, 0xa2, 0x84, 0x93, 0x5b, 0x56, 0x27, 0x8b, 0x8e, 0x1f, 0xc5, 0x18, 0xe9, 0x9f, 0x2b,
|
||||
0x67, 0xc7, 0x93, 0xf0, 0xf2, 0x4f, 0xde, 0xd0, 0x75, 0x49, 0x5d, 0xca, 0x00, 0x6d, 0x99, 0xc2}, // sd nca key source
|
||||
{0x24, 0x49, 0xb7, 0x22, 0x72, 0x67, 0x03, 0xa8, 0x19, 0x65, 0xe6, 0xe3, 0xea, 0x58, 0x2f, 0xdd,
|
||||
0x9a, 0x95, 0x15, 0x17, 0xb1, 0x6e, 0x8f, 0x7f, 0x1f, 0x68, 0x26, 0x31, 0x52, 0xea, 0x29, 0x6a} // sd nca save source
|
||||
static const u8 device_master_key_source_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][0x10] = {
|
||||
{0x8B, 0x4E, 0x1C, 0x22, 0x42, 0x07, 0xC8, 0x73, 0x56, 0x94, 0x08, 0x8B, 0xCC, 0x47, 0x0F, 0x5D}, /* 4.0.0 Device Master Key Source Source. */
|
||||
{0x6C, 0xEF, 0xC6, 0x27, 0x8B, 0xEC, 0x8A, 0x91, 0x99, 0xAB, 0x24, 0xAC, 0x4F, 0x1C, 0x8F, 0x1C}, /* 5.0.0 Device Master Key Source Source. */
|
||||
{0x70, 0x08, 0x1B, 0x97, 0x44, 0x64, 0xF8, 0x91, 0x54, 0x9D, 0xC6, 0x84, 0x8F, 0x1A, 0xB2, 0xE4}, /* 6.0.0 Device Master Key Source Source. */
|
||||
{0x8E, 0x09, 0x1F, 0x7A, 0xBB, 0xCA, 0x6A, 0xFB, 0xB8, 0x9B, 0xD5, 0xC1, 0x25, 0x9C, 0xA9, 0x17}, /* 6.2.0 Device Master Key Source Source. */
|
||||
{0x8F, 0x77, 0x5A, 0x96, 0xB0, 0x94, 0xFD, 0x8D, 0x28, 0xE4, 0x19, 0xC8, 0x16, 0x1C, 0xDB, 0x3D}, /* 7.0.0 Device Master Key Source Source. */
|
||||
{0x67, 0x62, 0xD4, 0x8E, 0x55, 0xCF, 0xFF, 0x41, 0x31, 0x15, 0x3B, 0x24, 0x0C, 0x7C, 0x07, 0xAE}, /* 8.1.0 Device Master Key Source Source. */
|
||||
{0x4A, 0xC3, 0x4E, 0x14, 0x8B, 0x96, 0x4A, 0xD5, 0xD4, 0x99, 0x73, 0xC4, 0x45, 0xAB, 0x8B, 0x49}, /* 9.0.0 Device Master Key Source Source. */
|
||||
{0x14, 0xB8, 0x74, 0x12, 0xCB, 0xBD, 0x0B, 0x8F, 0x20, 0xFB, 0x30, 0xDA, 0x27, 0xE4, 0x58, 0x94}, /* 9.1.0 Device Master Key Source Source. */
|
||||
};
|
||||
|
||||
static const u8 es_keys[3][0x10] = {
|
||||
{0xdb, 0xa4, 0x51, 0x12, 0x4c, 0xa0, 0xa9, 0x83, 0x68, 0x14, 0xf5, 0xed, 0x95, 0xe3, 0x12, 0x5b},
|
||||
{0x46, 0x6e, 0x57, 0xb7, 0x4a, 0x44, 0x7f, 0x02, 0xf3, 0x21, 0xcd, 0xe5, 0x8f, 0x2f, 0x55, 0x35},
|
||||
{0x7f, 0x5b, 0xb0, 0x84, 0x7b, 0x25, 0xaa, 0x67, 0xfa, 0xc8, 0x4b, 0xe2, 0x3d, 0x7b, 0x69, 0x03}
|
||||
{0xdb, 0xa4, 0x51, 0x12, 0x4c, 0xa0, 0xa9, 0x83, 0x68, 0x14, 0xf5, 0xed, 0x95, 0xe3, 0x12, 0x5b}, // eticket_rsa_kek_source
|
||||
{0x46, 0x6e, 0x57, 0xb7, 0x4a, 0x44, 0x7f, 0x02, 0xf3, 0x21, 0xcd, 0xe5, 0x8f, 0x2f, 0x55, 0x35}, // eticket_rsa_kekek_source
|
||||
{0x7f, 0x5b, 0xb0, 0x84, 0x7b, 0x25, 0xaa, 0x67, 0xfa, 0xc8, 0x4b, 0xe2, 0x3d, 0x7b, 0x69, 0x03}, // ssl_rsa_kek_source_x
|
||||
};
|
||||
|
||||
static const u8 ssl_keys[0x10] = {
|
||||
0x9a, 0x38, 0x3b, 0xf4, 0x31, 0xd0, 0xbd, 0x81, 0x32, 0x53, 0x4b, 0xa9, 0x64, 0x39, 0x7d, 0xe3};
|
||||
0x9a, 0x38, 0x3b, 0xf4, 0x31, 0xd0, 0xbd, 0x81, 0x32, 0x53, 0x4b, 0xa9, 0x64, 0x39, 0x7d, 0xe3}; // ssl_rsa_kek_source_y
|
||||
|
||||
static const u8 new_device_keygen_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][0x10] = {
|
||||
{0x88, 0x62, 0x34, 0x6E, 0xFA, 0xF7, 0xD8, 0x3F, 0xE1, 0x30, 0x39, 0x50, 0xF0, 0xB7, 0x5D, 0x5D}, /* 4.x New Device Keygen Source. */
|
||||
{0x06, 0x1E, 0x7B, 0xE9, 0x6D, 0x47, 0x8C, 0x77, 0xC5, 0xC8, 0xE7, 0x94, 0x9A, 0xA8, 0x5F, 0x2E}, /* 5.x New Device Keygen Source. */
|
||||
{0x99, 0xFA, 0x98, 0xBD, 0x15, 0x1C, 0x72, 0xFD, 0x7D, 0x9A, 0xD5, 0x41, 0x00, 0xFD, 0xB2, 0xEF}, /* 6.x New Device Keygen Source. */
|
||||
{0x81, 0x3C, 0x6C, 0xBF, 0x5D, 0x21, 0xDE, 0x77, 0x20, 0xD9, 0x6C, 0xE3, 0x22, 0x06, 0xAE, 0xBB}, /* 6.2.0 New Device Keygen Source. */
|
||||
{0x86, 0x61, 0xB0, 0x16, 0xFA, 0x7A, 0x9A, 0xEA, 0xF6, 0xF5, 0xBE, 0x1A, 0x13, 0x5B, 0x6D, 0x9E}, /* 7.0.0 New Device Keygen Source. */
|
||||
{0xA6, 0x81, 0x71, 0xE7, 0xB5, 0x23, 0x74, 0xB0, 0x39, 0x8C, 0xB7, 0xFF, 0xA0, 0x62, 0x9F, 0x8D}, /* 8.1.0 New Device Keygen Source. */
|
||||
{0x03, 0xE7, 0xEB, 0x43, 0x1B, 0xCF, 0x5F, 0xB5, 0xED, 0xDC, 0x97, 0xAE, 0x21, 0x8D, 0x19, 0xED}, /* 9.0.0 New Device Keygen Source. */
|
||||
static const u8 device_master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][0x10] = {
|
||||
{0x88, 0x62, 0x34, 0x6E, 0xFA, 0xF7, 0xD8, 0x3F, 0xE1, 0x30, 0x39, 0x50, 0xF0, 0xB7, 0x5D, 0x5D}, /* 4.0.0 Device Master Kek Source. */
|
||||
{0x06, 0x1E, 0x7B, 0xE9, 0x6D, 0x47, 0x8C, 0x77, 0xC5, 0xC8, 0xE7, 0x94, 0x9A, 0xA8, 0x5F, 0x2E}, /* 5.0.0 Device Master Kek Source. */
|
||||
{0x99, 0xFA, 0x98, 0xBD, 0x15, 0x1C, 0x72, 0xFD, 0x7D, 0x9A, 0xD5, 0x41, 0x00, 0xFD, 0xB2, 0xEF}, /* 6.0.0 Device Master Kek Source. */
|
||||
{0x81, 0x3C, 0x6C, 0xBF, 0x5D, 0x21, 0xDE, 0x77, 0x20, 0xD9, 0x6C, 0xE3, 0x22, 0x06, 0xAE, 0xBB}, /* 6.2.0 Device Master Kek Source. */
|
||||
{0x86, 0x61, 0xB0, 0x16, 0xFA, 0x7A, 0x9A, 0xEA, 0xF6, 0xF5, 0xBE, 0x1A, 0x13, 0x5B, 0x6D, 0x9E}, /* 7.0.0 Device Master Kek Source. */
|
||||
{0xA6, 0x81, 0x71, 0xE7, 0xB5, 0x23, 0x74, 0xB0, 0x39, 0x8C, 0xB7, 0xFF, 0xA0, 0x62, 0x9F, 0x8D}, /* 8.1.0 Device Master Kek Source. */
|
||||
{0x03, 0xE7, 0xEB, 0x43, 0x1B, 0xCF, 0x5F, 0xB5, 0xED, 0xDC, 0x97, 0xAE, 0x21, 0x8D, 0x19, 0xED}, /* 9.0.0 Device Master Kek Source. */
|
||||
{0xCE, 0xFE, 0x41, 0x0F, 0x46, 0x9A, 0x30, 0xD6, 0xF2, 0xE9, 0x0C, 0x6B, 0xB7, 0x15, 0x91, 0x36}, /* 9.1.0 Device Master Kek Source. */
|
||||
};
|
||||
|
||||
|
@ -142,3 +124,22 @@ static const u8 bis_key_source[3][0x20] = {
|
|||
0x52, 0xC2, 0xE9, 0xEB, 0x09, 0xE3, 0xEE, 0x29, 0x32, 0xA1, 0x0C, 0x1F, 0xB6, 0xA0, 0x92, 0x6C,
|
||||
0x4D, 0x12, 0xE1, 0x4B, 0x2A, 0x47, 0x4C, 0x1C, 0x09, 0xCB, 0x03, 0x59, 0xF0, 0x15, 0xF4, 0xE4}
|
||||
};
|
||||
static const u8 fs_keys[13][0x20] = {
|
||||
{0x1F, 0x12, 0x91, 0x3A, 0x4A, 0xCB, 0xF0, 0x0D, 0x4C, 0xDE, 0x3A, 0xF6, 0xD5, 0x23, 0x88, 0x2A}, // header key source
|
||||
{0x5A, 0x3E, 0xD8, 0x4F, 0xDE, 0xC0, 0xD8, 0x26, 0x31, 0xF7, 0xE2, 0x5D, 0x19, 0x7B, 0xF5, 0xD0,
|
||||
0x1C, 0x9B, 0x7B, 0xFA, 0xF6, 0x28, 0x18, 0x3D, 0x71, 0xF6, 0x4D, 0x73, 0xF1, 0x50, 0xB9, 0xD2}, // encrypted header key
|
||||
{0x7F, 0x59, 0x97, 0x1E, 0x62, 0x9F, 0x36, 0xA1, 0x30, 0x98, 0x06, 0x6F, 0x21, 0x44, 0xC3, 0x0D}, // kak appli
|
||||
{0x32, 0x7D, 0x36, 0x08, 0x5A, 0xD1, 0x75, 0x8D, 0xAB, 0x4E, 0x6F, 0xBA, 0xA5, 0x55, 0xD8, 0x82}, // kak ocean
|
||||
{0x87, 0x45, 0xF1, 0xBB, 0xA6, 0xBE, 0x79, 0x64, 0x7D, 0x04, 0x8B, 0xA6, 0x7B, 0x5F, 0xDA, 0x4A}, // kak system
|
||||
{0xd8, 0x9c, 0x23, 0x6e, 0xc9, 0x12, 0x4e, 0x43, 0xc8, 0x2b, 0x03, 0x87, 0x43, 0xf9, 0xcf, 0x1b}, // save mac kek source
|
||||
{0xe4, 0xcd, 0x3d, 0x4a, 0xd5, 0x0f, 0x74, 0x28, 0x45, 0xa4, 0x87, 0xe5, 0xa0, 0x63, 0xea, 0x1f}, // save mac key source
|
||||
{0x04, 0x89, 0xef, 0x5d, 0x32, 0x6e, 0x1a, 0x59, 0xc4, 0xb7, 0xab, 0x8c, 0x36, 0x7a, 0xab, 0x17}, // save mac sd kek source
|
||||
{0x6f, 0x64, 0x59, 0x47, 0xc5, 0x61, 0x46, 0xf9, 0xff, 0xa0, 0x45, 0xd5, 0x95, 0x33, 0x29, 0x18}, // save mac sd key source
|
||||
{0x37, 0x0c, 0x34, 0x5e, 0x12, 0xe4, 0xce, 0xfe, 0x21, 0xb5, 0x8e, 0x64, 0xdb, 0x52, 0xaf, 0x35,
|
||||
0x4f, 0x2c, 0xa5, 0xa3, 0xfc, 0x99, 0x9a, 0x47, 0xc0, 0x3e, 0xe0, 0x04, 0x48, 0x5b, 0x2f, 0xd0}, // sd custom key source
|
||||
{0x88, 0x35, 0x8d, 0x9c, 0x62, 0x9b, 0xa1, 0xa0, 0x01, 0x47, 0xdb, 0xe0, 0x62, 0x1b, 0x54, 0x32}, // sd card kek source
|
||||
{0x58, 0x41, 0xa2, 0x84, 0x93, 0x5b, 0x56, 0x27, 0x8b, 0x8e, 0x1f, 0xc5, 0x18, 0xe9, 0x9f, 0x2b,
|
||||
0x67, 0xc7, 0x93, 0xf0, 0xf2, 0x4f, 0xde, 0xd0, 0x75, 0x49, 0x5d, 0xca, 0x00, 0x6d, 0x99, 0xc2}, // sd nca key source
|
||||
{0x24, 0x49, 0xb7, 0x22, 0x72, 0x67, 0x03, 0xa8, 0x19, 0x65, 0xe6, 0xe3, 0xea, 0x58, 0x2f, 0xdd,
|
||||
0x9a, 0x95, 0x15, 0x17, 0xb1, 0x6e, 0x8f, 0x7f, 0x1f, 0x68, 0x26, 0x31, 0x52, 0xea, 0x29, 0x6a}, // sd nca save source
|
||||
};
|
||||
|
|
|
@ -88,21 +88,23 @@ static void _get_device_key(u32 ks, void *out_device_key, u32 revision, const v
|
|||
static bool _test_key_pair(const void *E, const void *D, const void *N);
|
||||
static void _mgf1_xor(void *masked, u32 masked_size, const void *seed, u32 seed_size);
|
||||
|
||||
static inline const u8 *_find_tsec_fw(const u8 *pkg1) {
|
||||
static inline u8 *_find_tsec_fw(const u8 *pkg1) {
|
||||
const u32 tsec_fw_align = 0x100;
|
||||
const u32 tsec_fw_first_instruction = 0xCF42004D;
|
||||
|
||||
for (const u32 *pos = (const u32 *)pkg1; (u8 *)pos < pkg1 + PKG1_MAX_SIZE; pos += tsec_fw_align / sizeof(u32))
|
||||
if (*pos == tsec_fw_first_instruction)
|
||||
return (const u8 *)pos;
|
||||
return (u8 *)pos;
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static inline u32 _get_tsec_fw_size(tsec_key_data_t *key_data) {
|
||||
return 0x100 + key_data->blob0_size + key_data->blob1_size + key_data->blob2_size + key_data->blob3_size + key_data->blob4_size;
|
||||
return key_data->blob0_size + sizeof(tsec_key_data_t) + key_data->blob1_size + key_data->blob2_size + key_data->blob3_size + key_data->blob4_size;
|
||||
}
|
||||
|
||||
#define RELOC_META_OFF 0x7C
|
||||
|
||||
void dump_keys() {
|
||||
u8 temp_key[0x10],
|
||||
bis_key[4][0x20] = {0},
|
||||
|
@ -185,7 +187,7 @@ void dump_keys() {
|
|||
goto out_wait;
|
||||
}
|
||||
|
||||
u32 max_derivable_key_index = pkg1_id->kb >= KB_FIRMWARE_VERSION_620 ? pkg1_id->kb + 1 : 6;
|
||||
u32 derivable_key_count = pkg1_id->kb >= KB_FIRMWARE_VERSION_620 ? pkg1_id->kb + 1 : 6;
|
||||
|
||||
if (pkg1_id->kb >= KB_FIRMWARE_VERSION_700) {
|
||||
sd_mount();
|
||||
|
@ -198,6 +200,7 @@ void dump_keys() {
|
|||
if (!h_cfg.sept_run) {
|
||||
// bundle lp0 fw for sept instead of loading it from SD as hekate does
|
||||
sdram_lp0_save_params(sdram_get_params_patched());
|
||||
|
||||
FIL fp;
|
||||
if (f_stat("sd:/sept", NULL)) {
|
||||
EPRINTF("On firmware 7.x+ but Sept missing.\nSkipping new key derivation...");
|
||||
|
@ -211,7 +214,8 @@ void dump_keys() {
|
|||
}
|
||||
}
|
||||
// write self to payload.bin to run again when sept finishes
|
||||
u32 payload_size = _read_le_u32((u8 *)IPL_LOAD_ADDR, 0x84) - IPL_LOAD_ADDR;
|
||||
volatile reloc_meta_t *relocator = (reloc_meta_t *)(IPL_LOAD_ADDR + RELOC_META_OFF);
|
||||
u32 payload_size = relocator->end - IPL_LOAD_ADDR;
|
||||
if (f_open(&fp, "sd:/sept/payload.bin", FA_CREATE_NEW | FA_WRITE)) {
|
||||
EPRINTF("Unable to open /sept/payload.bin to write.");
|
||||
goto out_wait;
|
||||
|
@ -269,6 +273,8 @@ get_tsec: ;
|
|||
TPRINTFARGS("%kTSEC key(s)... ", colors[(color_idx++) % 6]);
|
||||
|
||||
// Master key derivation
|
||||
|
||||
// on firmware 6.2.0 only, tsec_query delivers the tsec_root_key
|
||||
if (pkg1_id->kb == KB_FIRMWARE_VERSION_620 && _key_exists(tsec_keys + 0x10)) {
|
||||
se_aes_key_set(8, tsec_keys + 0x10, 0x10); // mkek6 = unwrap(mkeks6, tsecroot)
|
||||
se_aes_crypt_block_ecb(8, 0, master_kek[6], master_kek_sources[0]);
|
||||
|
@ -281,10 +287,10 @@ get_tsec: ;
|
|||
if (_key_exists(master_key[pkg1_id->kb])) {
|
||||
for (u32 i = pkg1_id->kb; i > 0; i--) {
|
||||
se_aes_key_set(8, master_key[i], 0x10);
|
||||
se_aes_crypt_block_ecb(8, 0, master_key[i-1], mkey_vectors[i]);
|
||||
se_aes_crypt_block_ecb(8, 0, master_key[i-1], master_key_vectors[i]);
|
||||
}
|
||||
se_aes_key_set(8, master_key[0], 0x10);
|
||||
se_aes_crypt_block_ecb(8, 0, temp_key, mkey_vectors[0]);
|
||||
se_aes_crypt_block_ecb(8, 0, temp_key, master_key_vectors[0]);
|
||||
if (_key_exists(temp_key)) {
|
||||
EPRINTFARGS("Unable to derive master key. kb = %d.\n Put current sept files on SD and retry.", pkg1_id->kb);
|
||||
memset(master_key, 0, sizeof(master_key));
|
||||
|
@ -294,10 +300,10 @@ get_tsec: ;
|
|||
for (u32 kb = KB_FIRMWARE_VERSION_MAX; kb >= KB_FIRMWARE_VERSION_620; kb--) {
|
||||
for (u32 i = kb; i > 0; i--) {
|
||||
se_aes_key_set(8, master_key[i], 0x10);
|
||||
se_aes_crypt_block_ecb(8, 0, master_key[i-1], mkey_vectors[i]);
|
||||
se_aes_crypt_block_ecb(8, 0, master_key[i-1], master_key_vectors[i]);
|
||||
}
|
||||
se_aes_key_set(8, master_key[0], 0x10);
|
||||
se_aes_crypt_block_ecb(8, 0, temp_key, mkey_vectors[0]);
|
||||
se_aes_crypt_block_ecb(8, 0, temp_key, master_key_vectors[0]);
|
||||
if (!_key_exists(temp_key)) {
|
||||
break;
|
||||
}
|
||||
|
@ -305,19 +311,25 @@ get_tsec: ;
|
|||
memset(master_key[kb], 0, 0x10);
|
||||
}
|
||||
if (_key_exists(temp_key)) {
|
||||
EPRINTF("Unable to derive master key.");
|
||||
EPRINTF("Unable to derive master keys via sept.");
|
||||
memset(master_key, 0, sizeof(master_key));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
u8 *keyblob_block = (u8 *)calloc(NX_EMMC_BLOCKSIZE, 1);
|
||||
u8 *keyblob_block = (u8 *)calloc(KB_FIRMWARE_VERSION_600 + 1, NX_EMMC_BLOCKSIZE);
|
||||
u8 *current_keyblob = keyblob_block;
|
||||
u8 keyblob_mac[0x10] = {0};
|
||||
u32 sbk[4] = {FUSE(FUSE_PRIVATE_KEY0), FUSE(FUSE_PRIVATE_KEY1),
|
||||
FUSE(FUSE_PRIVATE_KEY2), FUSE(FUSE_PRIVATE_KEY3)};
|
||||
se_aes_key_set(8, tsec_keys, 0x10);
|
||||
se_aes_key_set(9, sbk, 0x10);
|
||||
for (u32 i = 0; i <= KB_FIRMWARE_VERSION_600; i++) {
|
||||
|
||||
if (!emummc_storage_read(&emmc_storage, KEYBLOB_OFFSET / NX_EMMC_BLOCKSIZE, KB_FIRMWARE_VERSION_600 + 1, keyblob_block)) {
|
||||
EPRINTF("Unable to read keyblob.");
|
||||
}
|
||||
|
||||
for (u32 i = 0; i <= KB_FIRMWARE_VERSION_600; i++, current_keyblob += NX_EMMC_BLOCKSIZE) {
|
||||
minerva_periodic_training();
|
||||
se_aes_crypt_block_ecb(8, 0, keyblob_key[i], keyblob_key_source[i]); // temp = unwrap(kbks, tsec)
|
||||
se_aes_crypt_block_ecb(9, 0, keyblob_key[i], keyblob_key[i]); // kbk = unwrap(temp, sbk)
|
||||
|
@ -325,26 +337,22 @@ get_tsec: ;
|
|||
se_aes_crypt_block_ecb(7, 0, keyblob_mac_key[i], keyblob_mac_key_source); // kbm = unwrap(kbms, kbk)
|
||||
if (i == 0) {
|
||||
se_aes_crypt_block_ecb(7, 0, device_key, per_console_key_source); // devkey = unwrap(pcks, kbk0)
|
||||
se_aes_crypt_block_ecb(7, 0, device_key_4x, per_console_key_source_4x);
|
||||
se_aes_crypt_block_ecb(7, 0, device_key_4x, device_master_key_source_kek_source);
|
||||
}
|
||||
|
||||
// verify keyblob is not corrupt
|
||||
if (!emummc_storage_read(&emmc_storage, 0x180000 / NX_EMMC_BLOCKSIZE + i, 1, keyblob_block)) {
|
||||
EPRINTFARGS("Unable to read keyblob %x.", i);
|
||||
continue;
|
||||
}
|
||||
se_aes_key_set(10, keyblob_mac_key[i], 0x10);
|
||||
se_aes_cmac(10, keyblob_mac, 0x10, keyblob_block + 0x10, 0xa0);
|
||||
if (memcmp(keyblob_block, keyblob_mac, 0x10) != 0) {
|
||||
se_aes_cmac(10, keyblob_mac, 0x10, current_keyblob + 0x10, 0xa0);
|
||||
if (memcmp(current_keyblob, keyblob_mac, 0x10) != 0) {
|
||||
EPRINTFARGS("Keyblob %x corrupt.", i);
|
||||
gfx_hexdump(i, keyblob_block, 0x10);
|
||||
gfx_hexdump(i, current_keyblob, 0x10);
|
||||
gfx_hexdump(i, keyblob_mac, 0x10);
|
||||
continue;
|
||||
}
|
||||
|
||||
// decrypt keyblobs
|
||||
se_aes_key_set(6, keyblob_key[i], 0x10);
|
||||
se_aes_crypt_ctr(6, keyblob[i], 0x90, keyblob_block + 0x20, 0x90, keyblob_block + 0x10);
|
||||
se_aes_crypt_ctr(6, keyblob[i], 0x90, current_keyblob + 0x20, 0x90, current_keyblob + 0x10);
|
||||
|
||||
memcpy(package1_key[i], keyblob[i] + 0x80, 0x10);
|
||||
memcpy(master_kek[i], keyblob[i], 0x10);
|
||||
|
@ -396,10 +404,10 @@ get_tsec: ;
|
|||
se_aes_crypt_block_ecb(8, 0, save_mac_key, fs_keys[FS_SAVE_MAC_KEY_SOURCE]);
|
||||
}
|
||||
|
||||
if (_key_exists(master_key[max_derivable_key_index])) {
|
||||
max_derivable_key_index = KB_FIRMWARE_VERSION_MAX + 1;
|
||||
if (_key_exists(master_key[derivable_key_count])) {
|
||||
derivable_key_count = KB_FIRMWARE_VERSION_MAX + 1;
|
||||
}
|
||||
for (u32 i = 0; i < max_derivable_key_index; i++) {
|
||||
for (u32 i = 0; i < derivable_key_count; i++) {
|
||||
if (!_key_exists(master_key[i]))
|
||||
continue;
|
||||
if (_key_exists(fs_keys[FS_KEY_AREA_KEY_APPLI_SOURCE]) && _key_exists(fs_keys[FS_KEY_AREA_KEY_OCEAN_SOURCE]) && _key_exists(fs_keys[FS_KEY_AREA_KEY_SYSTE_SOURCE])) {
|
||||
|
@ -529,12 +537,12 @@ get_titlekeys:
|
|||
|
||||
u8 keypair[0x230] = {0};
|
||||
|
||||
if (!emummc_storage_read(&emmc_storage, 0x4400 / NX_EMMC_BLOCKSIZE, 0x4000 / NX_EMMC_BLOCKSIZE, buffer)) {
|
||||
if (!emummc_storage_read(&emmc_storage, NX_EMMC_CALIBRATION_OFFSET / NX_EMMC_BLOCKSIZE, NX_EMMC_CALIBRATION_SIZE / NX_EMMC_BLOCKSIZE, buffer)) {
|
||||
EPRINTF("Unable to read PRODINFO.");
|
||||
goto dismount;
|
||||
}
|
||||
|
||||
se_aes_xts_crypt(1, 0, 0, 0, buffer, buffer, 0x4000, 1);
|
||||
se_aes_xts_crypt(1, 0, 0, 0, buffer, buffer, 0x4000, NX_EMMC_CALIBRATION_SIZE / 0x4000);
|
||||
|
||||
nx_emmc_cal0_t *cal0 = (nx_emmc_cal0_t *)buffer;
|
||||
if (cal0->magic != 0x304C4143) {
|
||||
|
@ -789,23 +797,23 @@ key_output: ;
|
|||
SAVE_KEY("header_kek_source", fs_keys[FS_HEADER_KEK_SOURCE], 0x10);
|
||||
SAVE_KEY("header_key", header_key, 0x20);
|
||||
SAVE_KEY("header_key_source", fs_keys[FS_HEADER_KEY_SOURCE], 0x20);
|
||||
SAVE_KEY_FAMILY("key_area_key_application", key_area_key[0], 0, max_derivable_key_index, 0x10);
|
||||
SAVE_KEY_FAMILY("key_area_key_application", key_area_key[0], 0, derivable_key_count, 0x10);
|
||||
SAVE_KEY("key_area_key_application_source", fs_keys[FS_KEY_AREA_KEY_APPLI_SOURCE], 0x10);
|
||||
SAVE_KEY_FAMILY("key_area_key_ocean", key_area_key[1], 0, max_derivable_key_index, 0x10);
|
||||
SAVE_KEY_FAMILY("key_area_key_ocean", key_area_key[1], 0, derivable_key_count, 0x10);
|
||||
SAVE_KEY("key_area_key_ocean_source", fs_keys[FS_KEY_AREA_KEY_OCEAN_SOURCE], 0x10);
|
||||
SAVE_KEY_FAMILY("key_area_key_system", key_area_key[2], 0, max_derivable_key_index, 0x10);
|
||||
SAVE_KEY_FAMILY("key_area_key_system", key_area_key[2], 0, derivable_key_count, 0x10);
|
||||
SAVE_KEY("key_area_key_system_source", fs_keys[FS_KEY_AREA_KEY_SYSTE_SOURCE], 0x10);
|
||||
SAVE_KEY_FAMILY("keyblob", keyblob, 0, 6, 0x90);
|
||||
SAVE_KEY_FAMILY("keyblob_key", keyblob_key, 0, 6, 0x10);
|
||||
SAVE_KEY_FAMILY("keyblob_key_source", keyblob_key_source, 0, 6, 0x10);
|
||||
SAVE_KEY_FAMILY("keyblob_mac_key", keyblob_mac_key, 0, 6, 0x10);
|
||||
SAVE_KEY("keyblob_mac_key_source", keyblob_mac_key_source, 0x10);
|
||||
SAVE_KEY_FAMILY("master_kek", master_kek, 0, max_derivable_key_index, 0x10);
|
||||
SAVE_KEY_FAMILY("master_kek", master_kek, 0, derivable_key_count, 0x10);
|
||||
SAVE_KEY_FAMILY("master_kek_source", master_kek_sources, KB_FIRMWARE_VERSION_620, sizeof(master_kek_sources) / 0x10, 0x10);
|
||||
SAVE_KEY_FAMILY("master_key", master_key, 0, max_derivable_key_index, 0x10);
|
||||
SAVE_KEY_FAMILY("master_key", master_key, 0, derivable_key_count, 0x10);
|
||||
SAVE_KEY("master_key_source", master_key_source, 0x10);
|
||||
SAVE_KEY_FAMILY("package1_key", package1_key, 0, 6, 0x10);
|
||||
SAVE_KEY_FAMILY("package2_key", package2_key, 0, max_derivable_key_index, 0x10);
|
||||
SAVE_KEY_FAMILY("package2_key", package2_key, 0, derivable_key_count, 0x10);
|
||||
SAVE_KEY("package2_key_source", package2_key_source, 0x10);
|
||||
SAVE_KEY("per_console_key_source", per_console_key_source, 0x10);
|
||||
SAVE_KEY("retail_specific_aes_key_source", retail_specific_aes_key_source, 0x10);
|
||||
|
@ -829,7 +837,7 @@ key_output: ;
|
|||
SAVE_KEY("ssl_rsa_kek", ssl_rsa_kek, 0x10);
|
||||
SAVE_KEY("ssl_rsa_kek_source_x", es_keys[2], 0x10);
|
||||
SAVE_KEY("ssl_rsa_kek_source_y", ssl_keys, 0x10);
|
||||
SAVE_KEY_FAMILY("titlekek", titlekek, 0, max_derivable_key_index, 0x10);
|
||||
SAVE_KEY_FAMILY("titlekek", titlekek, 0, derivable_key_count, 0x10);
|
||||
SAVE_KEY("titlekek_source", titlekek_source, 0x10);
|
||||
SAVE_KEY("tsec_key", tsec_keys, 0x10);
|
||||
if (pkg1_id->kb == KB_FIRMWARE_VERSION_620)
|
||||
|
@ -840,7 +848,7 @@ key_output: ;
|
|||
end_time = get_tmr_us();
|
||||
gfx_printf("\n%k Found %d keys.\n\n", colors[(color_idx++) % 6], _key_count);
|
||||
gfx_printf("%kLockpick totally done in %d us\n\n", colors[(color_idx++) % 6], end_time - begin_time);
|
||||
gfx_printf("%kFound through master_key_%02x.\n\n", colors[(color_idx++) % 6], max_derivable_key_index - 1);
|
||||
gfx_printf("%kFound through master_key_%02x.\n\n", colors[(color_idx++) % 6], derivable_key_count - 1);
|
||||
|
||||
f_mkdir("sd:/switch");
|
||||
char keyfile_path[30] = "sd:/switch/";
|
||||
|
@ -921,9 +929,9 @@ static void _get_device_key(u32 ks, void *out_device_key, u32 revision, const vo
|
|||
revision -= KB_FIRMWARE_VERSION_400;
|
||||
u8 temp_key[0x10] = {0};
|
||||
se_aes_key_set(ks, device_key, 0x10);
|
||||
se_aes_crypt_ecb(ks, 0, temp_key, 0x10, new_device_key_sources[revision], 0x10);
|
||||
se_aes_crypt_ecb(ks, 0, temp_key, 0x10, device_master_key_source_sources[revision], 0x10);
|
||||
se_aes_key_set(ks, master_key, 0x10);
|
||||
se_aes_unwrap_key(ks, ks, new_device_keygen_sources[revision]);
|
||||
se_aes_unwrap_key(ks, ks, device_master_kek_sources[revision]);
|
||||
se_aes_crypt_ecb(ks, 0, out_device_key, 0x10, temp_key, 0x10);
|
||||
}
|
||||
|
||||
|
|
|
@ -224,6 +224,9 @@ typedef struct _nx_emmc_cal0_t
|
|||
u8 console_6axis_sensor_mount_type;
|
||||
} __attribute__((packed)) nx_emmc_cal0_t;
|
||||
|
||||
#define NX_EMMC_CALIBRATION_OFFSET 0x4400
|
||||
#define NX_EMMC_CALIBRATION_SIZE 0x8000
|
||||
|
||||
int nx_emmc_bis_read(u32 sector, u32 count, void *buff);
|
||||
int nx_emmc_bis_write(u32 sector, u32 count, void *buff);
|
||||
void nx_emmc_bis_cluster_cache_init();
|
||||
|
|
Loading…
Reference in a new issue