gnmmarechal/SafeA9LHInstaller
1
0
Fork 1
mirror of https://github.com/AuroraWright/SafeA9LHInstaller.git synced 2025-06-26 13:42:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

otp.bin is not needed from A9LH, just use the SHA register leftovers

Browse Source
This commit is contained in:
Aurora 2016-03-20 04:34:20 +01:00
parent 1698c8afe5
commit 06b81f1458
3 changed files with 43 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
source/crypto.c
View File

@ -295,8 +295,11 @@ void readFirm0(u8 *outbuf, u32 size){
u8 CTRtmp[sizeof(CTR)]; u8 CTRtmp[sizeof(CTR)];
memcpy(CTRtmp, CTR, sizeof(CTR)); memcpy(CTRtmp, CTR, sizeof(CTR));
aes_advctr(CTRtmp, 0x0B130000 / 0x10, AES_INPUT_BE | AES_INPUT_NORMAL); //Read FIRM0 data
sdmmc_nand_readsectors(0x0B130000 / 0x200, size / 0x200, outbuf); sdmmc_nand_readsectors(0x0B130000 / 0x200, size / 0x200, outbuf);
//Decrypt
aes_advctr(CTRtmp, 0x0B130000 / 0x10, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x06); aes_use_keyslot(0x06);
aes(outbuf, outbuf, size / AES_BLOCK_SIZE, CTRtmp, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL); aes(outbuf, outbuf, size / AES_BLOCK_SIZE, CTRtmp, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
} }
@ -307,21 +310,27 @@ void writeFirm(u8 *inbuf, u32 firm, u32 size){
u8 CTRtmp[sizeof(CTR)]; u8 CTRtmp[sizeof(CTR)];
memcpy(CTRtmp, CTR, sizeof(CTR)); memcpy(CTRtmp, CTR, sizeof(CTR));
//Encrypt FIRM data
aes_advctr(CTRtmp, offset / 0x10, AES_INPUT_BE | AES_INPUT_NORMAL); aes_advctr(CTRtmp, offset / 0x10, AES_INPUT_BE | AES_INPUT_NORMAL);
aes_use_keyslot(0x06); aes_use_keyslot(0x06);
aes(inbuf, inbuf, size / AES_BLOCK_SIZE, CTRtmp, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL); aes(inbuf, inbuf, size / AES_BLOCK_SIZE, CTRtmp, AES_CTR_MODE, AES_INPUT_BE | AES_INPUT_NORMAL);
//Write to NAND
sdmmc_nand_writesectors(offset / 0x200, size / 0x200, inbuf); sdmmc_nand_writesectors(offset / 0x200, size / 0x200, inbuf);
} }
//Setup keyslot 0x11 for key sector de/encryption //Setup keyslot 0x11 for key sector de/encryption
void setupKeyslot0x11(const u8 *otp){ void setupKeyslot0x11(u32 a9lhBoot, const u8 *otp){
u8 shasum[0x20]; u8 shasum[0x20];
u8 keyX[0x10]; u8 keyX[0x10];
u8 keyY[0x10]; u8 keyY[0x10];
//If booting via A9LH, use the leftover contents of the SHA register
if(a9lhBoot) memcpy((void *)shasum, (void *)REG_SHA_HASH, 0x20);
//Else calculate the otp.bin hash
else sha(shasum, otp, 0x90, SHA_256_MODE);
//Set keyX and keyY //Set keyX and keyY
sha(shasum, otp, 0x90, SHA_256_MODE);
memcpy(keyX, shasum, 0x10); memcpy(keyX, shasum, 0x10);
memcpy(keyY, shasum + 0x10, 0x10); memcpy(keyY, shasum + 0x10, 0x10);
aes_setkey(0x11, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL); aes_setkey(0x11, keyX, AES_KEYX, AES_INPUT_BE | AES_INPUT_NORMAL);
@ -340,7 +349,7 @@ void generateSector(u8 *keySector){
} }
//Test the OTP to be correct by verifying key2 //Test the OTP to be correct by verifying key2
u32 testOtp(u32 mode){ u32 testOtp(u32 a9lhBoot){
//Read keysector from NAND //Read keysector from NAND
sdmmc_nand_readsectors(0x96, 0x1, (vu8 *)0x24500000); sdmmc_nand_readsectors(0x96, 0x1, (vu8 *)0x24500000);
@ -349,7 +358,7 @@ u32 testOtp(u32 mode){
aes((void *)0x24500000 + 0x10, (void *)0x24500000 + 0x10, 1, NULL, AES_ECB_DECRYPT_MODE, 0); aes((void *)0x24500000 + 0x10, (void *)0x24500000 + 0x10, 1, NULL, AES_ECB_DECRYPT_MODE, 0);
//Test key2 //Test key2
if(memcmp((void *)0x24500000 + 0x10, mode ? key2 : a9lhKey2, 0x10) != 0) return 0; if(memcmp((void *)0x24500000 + 0x10, a9lhBoot ? a9lhKey2 : key2, 0x10) != 0) return 0;
return 1; return 1;
} }

4
source/crypto.h
View File

@ -79,7 +79,7 @@
void getNandCTR(void); void getNandCTR(void);
void readFirm0(u8 *outbuf, u32 size); void readFirm0(u8 *outbuf, u32 size);
void writeFirm(u8 *inbuf, u32 offset, u32 size); void writeFirm(u8 *inbuf, u32 offset, u32 size);
void setupKeyslot0x11(const u8 *otp); void setupKeyslot0x11(u32 a9lhBoot, const u8 *otp);
void generateSector(u8 *keySector); void generateSector(u8 *keySector);
u32 testOtp(u32 mode); u32 testOtp(u32 a9lhBoot);
u32 verifyHash(const void *data, u32 size, const u8 *hash); u32 verifyHash(const void *data, u32 size, const u8 *hash);

44
source/installer.c
View File

@ -26,7 +26,7 @@ static void installStage2(u32 mode, int pos_y){
char *path = "a9lh/payload_stage2.bin"; char *path = "a9lh/payload_stage2.bin";
u32 size = fileSize(path); u32 size = fileSize(path);
if(!size || size > MAXSTAGE2SIZE) if(!size || size > MAXSTAGE2SIZE)
shutdown(1, pos_y, "Error: stage2 doesn't exist or exceeds max size"); shutdown(1, pos_y, "Error: stage2.bin doesn't exist or exceeds\nmax size");
memset((u8 *)STAGE2OFFSET, 0, MAXSTAGE2SIZE); memset((u8 *)STAGE2OFFSET, 0, MAXSTAGE2SIZE);
fileRead((u8 *)STAGE2OFFSET, path, size); fileRead((u8 *)STAGE2OFFSET, path, size);
if(mode) return; if(mode) return;
@ -35,7 +35,7 @@ static void installStage2(u32 mode, int pos_y){
} }
void installer(void){ void installer(void){
drawString("Safe A9LH Installer v1.1", 10, 10, 0x0000FF); drawString("Safe A9LH Installer v1.2", 10, 10, 0x0000FF);
int pos_y = drawString("Thanks to delebile, #cakey and StandardBus", 10, 40, 0xFFFFFF); int pos_y = drawString("Thanks to delebile, #cakey and StandardBus", 10, 40, 0xFFFFFF);
pos_y = drawString("Press SELECT for a full install", 10, pos_y + SPACING_VERT, 0xFFFFFF); pos_y = drawString("Press SELECT for a full install", 10, pos_y + SPACING_VERT, 0xFFFFFF);
pos_y = drawString("Press START to only update stage2", 10, pos_y, 0xFFFFFF); pos_y = drawString("Press START to only update stage2", 10, pos_y, 0xFFFFFF);
@ -50,28 +50,38 @@ void installer(void){
//Detect the console being used //Detect the console being used
u32 console = (PDN_MPCORE_CFG == 1) ? 0 : 1; u32 console = (PDN_MPCORE_CFG == 1) ? 0 : 1;
const char *path;
//If making a first install, we need the OTP
if(!a9lhBoot){
//Read OTP
path = "a9lh/otp.bin";
if(fileSize(path) != 256)
shutdown(1, pos_y, "Error: otp.bin doesn't exist or has a wrong size");
fileRead((u8 *)OTPOFFSET, path, 256);
}
//Setup the key sector de/encryption with the SHA register or otp.bin
setupKeyslot0x11(a9lhBoot, (u8 *)OTPOFFSET);
if(a9lhBoot && !testOtp(a9lhBoot))
shutdown(1, pos_y, "Error: the OTP hash is invalid");
if(!a9lhBoot && console && !testOtp(a9lhBoot))
shutdown(1, pos_y, "Error: otp.bin is invalid or corrupted");
//Calculate the CTR for the 3DS partitions //Calculate the CTR for the 3DS partitions
getNandCTR(); getNandCTR();
//Test that the CTR is correct //Test that the CTR is correct
readFirm0((u8 *)TEMPOFFSET, 0x200); readFirm0((u8 *)TEMPOFFSET, 0x200);
if(memcmp((void *)TEMPOFFSET, "FIRM", 4) != 0) if(memcmp((void *)TEMPOFFSET, "FIRM", 4) != 0)
shutdown(1, pos_y, "Error: couldn't setup NAND FIRM encryption"); shutdown(1, pos_y, "Error: failed to setup FIRM encryption");
//Read OTP
const char *path = "a9lh/otp.bin";
if(fileSize(path) != 256)
shutdown(1, pos_y, "Error: otp.bin doesn't exist or has a wrong size");
fileRead((u8 *)OTPOFFSET, path, 256);
setupKeyslot0x11((u8 *)OTPOFFSET);
if((a9lhBoot && !testOtp(0)) || (!a9lhBoot && console && !testOtp(1)))
shutdown(1, pos_y, "Error: your OTP is invalid or corrupted");
//Read decrypted key sector //Read decrypted key sector
path = "a9lh/secret_sector.bin"; path = "a9lh/secret_sector.bin";
if(fileSize(path) != 0x200) if(fileSize(path) != 0x200)
shutdown(1, pos_y, "Error: secret_sector.bin doesn't exist or has a wrong size"); shutdown(1, pos_y, "Error: secret_sector.bin doesn't exist or has\na wrong size");
fileRead((u8 *)SECTOROFFSET, path, 0x200); fileRead((u8 *)SECTOROFFSET, path, 0x200);
if(!verifyHash((u8 *)SECTOROFFSET, 0x200, sectorHash)) if(!verifyHash((u8 *)SECTOROFFSET, 0x200, sectorHash))
shutdown(1, pos_y, "Error: secret_sector is invalid"); shutdown(1, pos_y, "Error: secret_sector is invalid");
@ -86,7 +96,7 @@ void installer(void){
shutdown(1, pos_y, "Error: firm0.bin doesn't exist"); shutdown(1, pos_y, "Error: firm0.bin doesn't exist");
fileRead((u8 *)FIRM0OFFSET, path, firm0Size); fileRead((u8 *)FIRM0OFFSET, path, firm0Size);
if(!verifyHash((u8 *)FIRM0OFFSET, firm0Size, firm0Hash)) if(!verifyHash((u8 *)FIRM0OFFSET, firm0Size, firm0Hash))
shutdown(1, pos_y, "Error: firmo is invalid"); shutdown(1, pos_y, "Error: firm0.bin is invalid or corrupted");
//Read FIRM1 //Read FIRM1
path = "a9lh/firm1.bin"; path = "a9lh/firm1.bin";
@ -95,13 +105,13 @@ void installer(void){
shutdown(1, pos_y, "Error: firm1.bin doesn't exist"); shutdown(1, pos_y, "Error: firm1.bin doesn't exist");
fileRead((u8 *)FIRM1OFFSET, path, firm1Size); fileRead((u8 *)FIRM1OFFSET, path, firm1Size);
if(!verifyHash((u8 *)FIRM1OFFSET, firm1Size, firm1Hash)) if(!verifyHash((u8 *)FIRM1OFFSET, firm1Size, firm1Hash))
shutdown(1, pos_y, "Error: firm1 is invalid"); shutdown(1, pos_y, "Error: firm1.bin is invalid or corrupted");
//Inject stage1 //Inject stage1
path = "a9lh/payload_stage1.bin"; path = "a9lh/payload_stage1.bin";
u32 size = fileSize(path); u32 size = fileSize(path);
if(!size || size > MAXSTAGE1SIZE) if(!size || size > MAXSTAGE1SIZE)
shutdown(1, pos_y, "Error: stage1 doesn't exist or exceeds max size"); shutdown(1, pos_y, "Error: stage1.bin doesn't exist or exceeds\nmax size");
fileRead((u8 *)STAGE1OFFSET, path, size); fileRead((u8 *)STAGE1OFFSET, path, size);
installStage2(1, pos_y); installStage2(1, pos_y);