1
/*
2
 * Copyright (c) 2018 naehrwert
3
 * Copyright (c) 2018-2026 CTCaer
4
 *
5
 * This program is free software; you can redistribute it and/or modify it
6
 * under the terms and conditions of the GNU General Public License,
7
 * version 2, as published by the Free Software Foundation.
8
 *
9
 * This program is distributed in the hope it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
12
 * more details.
13
 *
14
 * You should have received a copy of the GNU General Public License
15
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
16
 */
17

18
#include <string.h>
19

20
#include <bdk.h>
21

22
#include "pkg2.h"
23
#include "hos.h"
24

25
#include "../config.h"
26
#include <libs/fatfs/ff.h>
27
#include <libs/compr/blz.h>
28

29
extern const u8 package2_keyseed[];
30

31
u32 pkg2_newkern_ini1_start;
32
u32 pkg2_newkern_ini1_end;
33

34
/*#define DPRINTF(...) gfx_printf(__VA_ARGS__)
35
#define DEBUG_PRINTING*/
36
#define DPRINTF(...)
37

38
u32 pkg2_calc_kip1_size(pkg2_kip1_t *kip1)
39
{
40
	u32 size = sizeof(pkg2_kip1_t);
41
	for (u32 j = 0; j < KIP1_NUM_SECTIONS; j++)
42
		size += kip1->sections[j].size_comp;
43
	return size;
44
}
45

46
void pkg2_get_newkern_info(u8 *kern_data)
47
{
48
	u32 crt_start = 0;
49
	u32 pkg2_newkern_ini1_info = 0;
50
	pkg2_newkern_ini1_start    = 0;
51

52
	u32 first_op = *(u32 *)kern_data;
53
	if ((first_op & 0xFE000000) == 0x14000000)
54
		crt_start = (first_op & 0x1FFFFFF) << 2;
55

56
	// Find static OP offset that is close to INI1 offset.
57
	u32 counter_ops = 0x100;
58
	while (counter_ops)
59
	{
60
		if (*(u32 *)(kern_data + crt_start + 0x100 - counter_ops) == PKG2_NEWKERN_GET_INI1_HEURISTIC)
61
		{
62
			// OP found. Add 12 for the INI1 info offset.
63
			pkg2_newkern_ini1_info = crt_start + 0x100 - counter_ops + 12;
64

65
			// On v2 kernel with dynamic crt there's a NOP after heuristic. Offset one op.
66
			if (crt_start)
67
				pkg2_newkern_ini1_info += 4;
68
			break;
69
		}
70

71
		counter_ops -= 4;
72
	}
73

74
	// Offset not found?
75
	if (!counter_ops)
76
		return;
77

78
	u32 info_op = *(u32 *)(kern_data + pkg2_newkern_ini1_info);
79
	pkg2_newkern_ini1_info += ((info_op & 0xFFFF) >> 3); // Parse ADR and PC.
80

81
	pkg2_newkern_ini1_start = *(u32 *)(kern_data + pkg2_newkern_ini1_info);
82
	pkg2_newkern_ini1_end   = *(u32 *)(kern_data + pkg2_newkern_ini1_info + 0x8);
83

84
	// On v2 kernel with dynamic crt, values are relative to value address.
85
	if (crt_start)
86
	{
87
		pkg2_newkern_ini1_start += pkg2_newkern_ini1_info;
88
		pkg2_newkern_ini1_end   += pkg2_newkern_ini1_info + 0x8;
89
	}
90
}
91

92
//!TODO: Update on mkey changes.
93
static const u8 mkey_vector_7xx[HOS_MKEY_VER_MAX - HOS_MKEY_VER_810 + 1][SE_KEY_128_SIZE] =
94
{
95
	// Master key 7  encrypted with 8.  (7.0.0 with 8.1.0)
96
	{ 0xEA, 0x60, 0xB3, 0xEA, 0xCE, 0x8F, 0x24, 0x46, 0x7D, 0x33, 0x9C, 0xD1, 0xBC, 0x24, 0x98, 0x29 },
97
	// Master key 8  encrypted with 9.  (8.1.0 with 9.0.0)
98
	{ 0x4D, 0xD9, 0x98, 0x42, 0x45, 0x0D, 0xB1, 0x3C, 0x52, 0x0C, 0x9A, 0x44, 0xBB, 0xAD, 0xAF, 0x80 },
99
	// Master key 9  encrypted with 10. (9.0.0 with 9.1.0)
100
	{ 0xB8, 0x96, 0x9E, 0x4A, 0x00, 0x0D, 0xD6, 0x28, 0xB3, 0xD1, 0xDB, 0x68, 0x5F, 0xFB, 0xE1, 0x2A },
101
	// Master key 10 encrypted with 11. (9.1.0 with 12.1.0)
102
	{ 0xC1, 0x8D, 0x16, 0xBB, 0x2A, 0xE4, 0x1D, 0xD4, 0xC2, 0xC1, 0xB6, 0x40, 0x94, 0x35, 0x63, 0x98 },
103
	// Master key 11 encrypted with 12. (12.1.0 with 13.0.0)
104
	{ 0xA3, 0x24, 0x65, 0x75, 0xEA, 0xCC, 0x6E, 0x8D, 0xFB, 0x5A, 0x16, 0x50, 0x74, 0xD2, 0x15, 0x06 },
105
	// Master key 12 encrypted with 13. (13.0.0 with 14.0.0)
106
	{ 0x83, 0x67, 0xAF, 0x01, 0xCF, 0x93, 0xA1, 0xAB, 0x80, 0x45, 0xF7, 0x3F, 0x72, 0xFD, 0x3B, 0x38 },
107
	// Master key 13 encrypted with 14. (14.0.0 with 15.0.0)
108
	{ 0xB1, 0x81, 0xA6, 0x0D, 0x72, 0xC7, 0xEE, 0x15, 0x21, 0xF3, 0xC0, 0xB5, 0x6B, 0x61, 0x6D, 0xE7 },
109
	// Master key 14 encrypted with 15. (15.0.0 with 16.0.0)
110
	{ 0xAF, 0x11, 0x4C, 0x67, 0x17, 0x7A, 0x52, 0x43, 0xF7, 0x70, 0x2F, 0xC7, 0xEF, 0x81, 0x72, 0x16 },
111
	// Master key 15 encrypted with 16. (16.0.0 with 17.0.0)
112
	{ 0x25, 0x12, 0x8B, 0xCB, 0xB5, 0x46, 0xA1, 0xF8, 0xE0, 0x52, 0x15, 0xB7, 0x0B, 0x57, 0x00, 0xBD },
113
	// Master key 16 encrypted with 17. (17.0.0 with 18.0.0)
114
	{ 0x58, 0x15, 0xD2, 0xF6, 0x8A, 0xE8, 0x19, 0xAB, 0xFB, 0x2D, 0x52, 0x9D, 0xE7, 0x55, 0xF3, 0x93 },
115
	// Master key 17 encrypted with 18. (18.0.0 with 19.0.0)
116
	{ 0x4A, 0x01, 0x3B, 0xC7, 0x44, 0x6E, 0x45, 0xBD, 0xE6, 0x5E, 0x2B, 0xEC, 0x07, 0x37, 0x52, 0x86 },
117
	// Master key 18 encrypted with 19. (19.0.0 with 20.0.0)
118
	{ 0x97, 0xE4, 0x11, 0xAB, 0x22, 0x72, 0x1A, 0x1F, 0x70, 0x5C, 0x00, 0xB3, 0x96, 0x30, 0x05, 0x28 },
119
	// Master key 19 encrypted with 20. (20.0.0 with 21.0.0)
120
	{ 0xF7, 0x92, 0xC0, 0xEC, 0xF3, 0xA4, 0x8C, 0xB7, 0x0D, 0xB3, 0xF3, 0xAB, 0x10, 0x9B, 0x18, 0xBA },
121
	// Master key 20 encrypted with 21. (21.0.0 with 22.0.0)
122
	{ 0x14, 0xCB, 0x60, 0x29, 0x3D, 0xE0, 0xFB, 0xF2, 0x5B, 0x60, 0xB6, 0xC5, 0x2E, 0x77, 0x8F, 0x98 },
123
};
124

125
static bool _pkg2_key_unwrap_validate(pkg2_hdr_t *tmp_test, pkg2_hdr_t *hdr, u8 src_slot, u8 *mkey, const u8 *key_seed)
126
{
127
	// Decrypt older encrypted mkey.
128
	se_aes_crypt_ecb(src_slot, DECRYPT, mkey, key_seed, SE_KEY_128_SIZE);
129
	// Set and unwrap pkg2 key.
130
	se_aes_key_set(9, mkey, SE_KEY_128_SIZE);
131
	se_aes_unwrap_key(9, 9, package2_keyseed);
132

133
	// Decrypt header.
134
	se_aes_crypt_ctr(9, tmp_test, hdr, sizeof(pkg2_hdr_t), hdr);
135

136
	// Return if header is valid.
137
	return (tmp_test->magic == PKG2_MAGIC);
138
}
139

140
pkg2_hdr_t *pkg2_decrypt(void *data, u8 mkey)
141
{
142
	pkg2_hdr_t mkey_test;
143
	u8 *pdata = (u8 *)data;
144
	u8 pkg2_keyslot = 8;
145

146
	// Skip signature.
147
	pdata += 0x100;
148

149
	pkg2_hdr_t *hdr = (pkg2_hdr_t *)pdata;
150

151
	// Skip header.
152
	pdata += sizeof(pkg2_hdr_t);
153

154
	// Check if we need to decrypt with newer mkeys. Valid for THK for 7.0.0 and up.
155
	se_aes_crypt_ctr(8, &mkey_test, hdr, sizeof(pkg2_hdr_t), hdr);
156

157
	if (mkey_test.magic == PKG2_MAGIC)
158
		goto key_found;
159

160
	// Decrypt older pkg2 via new mkeys.
161
	if ((mkey >= HOS_MKEY_VER_700) && (mkey < HOS_MKEY_VER_MAX))
162
	{
163
		u8 tmp_mkey[SE_KEY_128_SIZE];
164
		u8 decr_slot = 7; // THK mkey or T210B01 mkey.
165
		u8 mkey_seeds_cnt = sizeof(mkey_vector_7xx) / SE_KEY_128_SIZE;
166
		u8 mkey_seeds_idx = mkey_seeds_cnt; // Real index + 1.
167
		u8 mkey_seeds_min_idx = mkey_seeds_cnt - (HOS_MKEY_VER_MAX - mkey);
168

169
		while (mkey_seeds_cnt)
170
		{
171
			// Decrypt and validate mkey.
172
			int res = _pkg2_key_unwrap_validate(&mkey_test, hdr, decr_slot,
173
				tmp_mkey, mkey_vector_7xx[mkey_seeds_idx - 1]);
174

175
			if (res)
176
			{
177
				pkg2_keyslot = 9;
178
				goto key_found;
179
			}
180
			else
181
			{
182
				// Set current mkey in order to decrypt a lower mkey.
183
				mkey_seeds_idx--;
184
				se_aes_key_set(9, tmp_mkey, SE_KEY_128_SIZE);
185

186
				decr_slot = 9; // Temp key.
187

188
				// Check if we tried last key for that pkg2 version.
189
				// And start with a lower mkey in case mkey is older.
190
				if (mkey_seeds_idx == mkey_seeds_min_idx)
191
				{
192
					mkey_seeds_cnt--;
193
					mkey_seeds_idx = mkey_seeds_cnt;
194
					decr_slot = 7; // THK mkey or T210B01 mkey.
195
				}
196
			}
197
		}
198
	}
199

200
key_found:
201
	// Decrypt header.
202
	se_aes_crypt_ctr(pkg2_keyslot, hdr, hdr, sizeof(pkg2_hdr_t), hdr);
203

204
	if (hdr->magic != PKG2_MAGIC)
205
		return NULL;
206

207
	// Decrypt sections.
208
	for (u32 i = 0; i < 4; i++)
209
	{
210
DPRINTF("sec %d has size %08X\n", i, hdr->sec_size[i]);
211
		if (!hdr->sec_size[i])
212
			continue;
213

214
		se_aes_crypt_ctr(pkg2_keyslot, pdata, pdata, hdr->sec_size[i], hdr->sec_ctr[i]);
215

216
		pdata += hdr->sec_size[i];
217
	}
218

219
	return hdr;
220
}
221

222