From 2bb088897396f8e6aa334fb48958836aa892acbd Mon Sep 17 00:00:00 2001
From: d0k3 <tore.anon@gmail.com>
Date: Fri, 3 Feb 2017 02:21:55 +0100
Subject: [PATCH] Improved sector0x96 crypto check

---
 source/nand/nand.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/source/nand/nand.c b/source/nand/nand.c
index d03b36f..015ac23 100644
--- a/source/nand/nand.c
+++ b/source/nand/nand.c
@@ -19,6 +19,11 @@ static const u8 slot0x24KeyY_sha256[0x20] = { // hash for slot0x24KeyY (16 byte)
     0x5F, 0x04, 0x01, 0x22, 0x95, 0xB2, 0x23, 0x70, 0x12, 0x40, 0x53, 0x30, 0xC0, 0xA7, 0xBF, 0x7C, 
     0xD4, 0x40, 0x92, 0x25, 0xD1, 0x9D, 0xA2, 0xDE, 0xCD, 0xC7, 0x12, 0x97, 0x08, 0x46, 0x54, 0xB7
 };
+
+static const u8 slot0x11Key95_sha256[0x20] = { // slot0x11Key95 hash (first 16 byte of sector0x96)
+    0xBA, 0xC1, 0x40, 0x9C, 0x6E, 0xE4, 0x1F, 0x04, 0xAA, 0xC4, 0xE2, 0x09, 0x5C, 0xE9, 0x4F, 0x78, 
+    0x6C, 0x78, 0x5F, 0xAC, 0xEC, 0x7E, 0xC0, 0x11, 0x26, 0x9D, 0x4E, 0x47, 0xB3, 0x64, 0xC4, 0xA5
+};
     
 static const u8 nand_magic_n3ds[0x60] = { // NCSD NAND header N3DS magic
     0x4E, 0x43, 0x53, 0x44, 0x00, 0x00, 0x28, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -113,7 +118,8 @@ bool InitNandCrypto(void)
     u32 NandCid[4];
     u8 shasum[32];
     
-    sdmmc_get_cid( 1, NandCid);
+    sdmmc_sdcard_init();
+    sdmmc_get_cid(1, NandCid);
     sha_quick(shasum, (u8*) NandCid, 16, SHA256_MODE);
     memcpy(CtrNandCtr, shasum, 16);
     sha_quick(shasum, (u8*) NandCid, 16, SHA1_MODE);
@@ -168,9 +174,7 @@ bool InitNandCrypto(void)
 bool CheckSlot0x05Crypto(void)
 {
     // step #1 - check the slot0x05KeyY SHA-256
-    u8 shasum[32];
-    sha_quick(shasum, slot0x05KeyY, 16, SHA256_MODE);
-    if (memcmp(shasum, slot0x05KeyY_sha256, 32) == 0)
+    if (sha_cmp(slot0x05KeyY_sha256, slot0x05KeyY, 16, SHA256_MODE) == 0)
         return true;
     
     // step #2 - check actual CTRNAND magic
@@ -187,8 +191,9 @@ bool CheckSlot0x05Crypto(void)
 
 bool CheckSector0x96Crypto(void)
 {
-    const u8 zeroes[32] = { 0 };
-    return !(memcmp(OtpSha256, zeroes, 32) == 0);
+    u8 buffer[0x200];
+    ReadNandSectors(buffer, 0x96, 1, 0x11, NAND_SYSNAND);
+    return (sha_cmp(slot0x11Key95_sha256, buffer, 16, SHA256_MODE) == 0);
 }
 
 bool CheckA9lh(void)