mirror of
https://github.com/shchmue/Lockpick_RCM.git
synced 2025-01-15 23:49:11 +01:00
Add support for 8.1.0, new Sept, and master_key_08
This commit is contained in:
parent
0b2442fb8e
commit
54d14196e0
@ -34,6 +34,7 @@ static const pkg1_id_t _pkg1_ids[] = {
|
||||
{ "20181218175730", 7 }, //7.0.0
|
||||
{ "20190208150037", 7 }, //7.0.1
|
||||
{ "20190314172056", 7 }, //8.0.0
|
||||
{ "20190531152432", 8 }, //8.1.0
|
||||
{ NULL } //End.
|
||||
};
|
||||
|
||||
|
@ -59,15 +59,15 @@ extern boot_cfg_t b_cfg;
|
||||
extern void sd_unmount();
|
||||
extern void reloc_patcher(u32 payload_dst, u32 payload_src, u32 payload_size);
|
||||
|
||||
int reboot_to_sept(const u8 *tsec_fw)
|
||||
int reboot_to_sept(const u8 *tsec_fw, const u32 tsec_size, const u32 kb)
|
||||
{
|
||||
FIL fp;
|
||||
|
||||
// Copy warmboot reboot code and TSEC fw.
|
||||
memcpy((u8 *)(SEPT_PK1T_ADDR - WB_RST_SIZE), (u8 *)warmboot_reboot, sizeof(warmboot_reboot));
|
||||
memcpy((void *)SEPT_PK1T_ADDR, tsec_fw, 0x3000);
|
||||
*(vu32 *)SEPT_TCSZ_ADDR = 0x3000;
|
||||
|
||||
memcpy((void *)SEPT_PK1T_ADDR, tsec_fw, tsec_size);
|
||||
*(vu32 *)SEPT_TCSZ_ADDR = tsec_size;
|
||||
|
||||
// Copy sept-primary.
|
||||
if (f_open(&fp, "sd:/sept/sept-primary.bin", FA_READ))
|
||||
goto error;
|
||||
@ -80,7 +80,9 @@ int reboot_to_sept(const u8 *tsec_fw)
|
||||
f_close(&fp);
|
||||
|
||||
// Copy sept-secondary.
|
||||
if (f_open(&fp, "sd:/sept/sept-secondary.enc", FA_READ))
|
||||
if ((kb == 7) && f_open(&fp, "sd:/sept/sept-secondary.enc", FA_READ) && f_open(&fp, "sd:/sept/sept-secondary_00.enc", FA_READ))
|
||||
goto error;
|
||||
else if ((kb == 8) && f_open(&fp, "sd:/sept/sept-secondary_01.enc", FA_READ))
|
||||
goto error;
|
||||
|
||||
if (f_read(&fp, (u8 *)SEPT_STG2_ADDR, f_size(&fp), NULL))
|
||||
|
@ -19,6 +19,6 @@
|
||||
|
||||
#include "../utils/types.h"
|
||||
|
||||
int reboot_to_sept(const u8 *tsec_fw);
|
||||
int reboot_to_sept(const u8 *tsec_fw, const u32 tsec_size, const u32 kb);
|
||||
|
||||
#endif
|
||||
|
@ -26,8 +26,9 @@ static const u8 keyblob_key_source[][0x10] = {
|
||||
};
|
||||
|
||||
static const u8 master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_600][0x10] = {
|
||||
{0x37, 0x4B, 0x77, 0x29, 0x59, 0xB4, 0x04, 0x30, 0x81, 0xF6, 0xE5, 0x8C, 0x6D, 0x36, 0x17, 0x9A},
|
||||
{0x9A, 0x3E, 0xA9, 0xAB, 0xFD, 0x56, 0x46, 0x1C, 0x9B, 0xF6, 0x48, 0x7F, 0x5C, 0xFA, 0x09, 0x5C}
|
||||
{0x37, 0x4B, 0x77, 0x29, 0x59, 0xB4, 0x04, 0x30, 0x81, 0xF6, 0xE5, 0x8C, 0x6D, 0x36, 0x17, 0x9A}, //6.2.0
|
||||
{0x9A, 0x3E, 0xA9, 0xAB, 0xFD, 0x56, 0x46, 0x1C, 0x9B, 0xF6, 0x48, 0x7F, 0x5C, 0xFA, 0x09, 0x5C}, //7.0.0
|
||||
{0xDE, 0xDC, 0xE3, 0x39, 0x30, 0x88, 0x16, 0xF8, 0xAE, 0x97, 0xAD, 0xEC, 0x64, 0x2D, 0x41, 0x41}, //8.1.0
|
||||
};
|
||||
|
||||
static const u8 mkey_vectors[KB_FIRMWARE_VERSION_MAX+1][0x10] =
|
||||
@ -40,6 +41,7 @@ static const u8 mkey_vectors[KB_FIRMWARE_VERSION_MAX+1][0x10] =
|
||||
{0xEB, 0xF5, 0x6F, 0x83, 0x61, 0x9E, 0xF8, 0xFA, 0xE0, 0x87, 0xD7, 0xA1, 0x4E, 0x25, 0x36, 0xEE}, /* Master key 04 encrypted with Master key 05. */
|
||||
{0x1E, 0x1E, 0x22, 0xC0, 0x5A, 0x33, 0x3C, 0xB9, 0x0B, 0xA9, 0x03, 0x04, 0xBA, 0xDB, 0x07, 0x57}, /* Master key 05 encrypted with Master key 06. */
|
||||
{0xA4, 0xD4, 0x52, 0x6F, 0xD1, 0xE4, 0x36, 0xAA, 0x9F, 0xCB, 0x61, 0x27, 0x1C, 0x67, 0x65, 0x1F}, /* Master key 06 encrypted with Master key 07. */
|
||||
{0xEA, 0x60, 0xB3, 0xEA, 0xCE, 0x8F, 0x24, 0x46, 0x7D, 0x33, 0x9C, 0xD1, 0xBC, 0x24, 0x98, 0x29}, /* Master key 07 encrypted with Master key 08. */
|
||||
};
|
||||
|
||||
//======================================Keys======================================//
|
||||
|
@ -135,6 +135,10 @@ void dump_keys() {
|
||||
goto out_wait;
|
||||
}
|
||||
|
||||
tsec_key_data_t *key_data = (tsec_key_data_t *)(tsec_ctxt.fw + TSEC_KEY_DATA_ADDR);
|
||||
tsec_ctxt.pkg1 = pkg1;
|
||||
tsec_ctxt.size = 0x100 + key_data->blob0_size + key_data->blob1_size + key_data->blob2_size + key_data->blob3_size + key_data->blob4_size;
|
||||
|
||||
u32 MAX_KEY = 6;
|
||||
if (pkg1_id->kb >= KB_FIRMWARE_VERSION_620)
|
||||
MAX_KEY = pkg1_id->kb + 1;
|
||||
@ -149,8 +153,8 @@ void dump_keys() {
|
||||
// bundle lp0 fw for sept instead of loading it from SD as hekate does
|
||||
sdram_lp0_save_params(sdram_get_params_patched());
|
||||
FIL fp;
|
||||
if (f_stat("sd:/sept/sept-primary.bin", NULL) || f_stat("sd:/sept/sept-secondary.enc", NULL)) {
|
||||
EPRINTF("On firmware 7.x or higher but no sept payload present\nSkipping new key derivation...");
|
||||
if (f_stat("sd:/sept", NULL)) {
|
||||
EPRINTF("On firmware 7.x+ but Sept missing.\nSkipping new key derivation...");
|
||||
goto get_tsec;
|
||||
}
|
||||
// backup post-reboot payload
|
||||
@ -164,7 +168,7 @@ void dump_keys() {
|
||||
gfx_printf("%kFirmware 7.x or higher detected.\n%kRenamed /sept/payload.bin", colors[0], colors[1]);
|
||||
gfx_printf("\n%k to /sept/payload.bak\n%kCopied self to /sept/payload.bin",colors[2], colors[3]);
|
||||
sdmmc_storage_end(&storage);
|
||||
if (!reboot_to_sept((u8 *)tsec_ctxt.fw))
|
||||
if (!reboot_to_sept((u8 *)tsec_ctxt.fw, tsec_ctxt.size, pkg1_id->kb))
|
||||
goto out_wait;
|
||||
} else {
|
||||
se_aes_key_read(12, master_key[pkg1_id->kb], 0x10);
|
||||
@ -174,14 +178,6 @@ void dump_keys() {
|
||||
get_tsec: ;
|
||||
u8 tsec_keys[0x10 * 2] = {0};
|
||||
|
||||
tsec_key_data_t *key_data = (tsec_key_data_t *)(tsec_ctxt.fw + TSEC_KEY_DATA_ADDR);
|
||||
tsec_ctxt.pkg1 = pkg1;
|
||||
tsec_ctxt.size = 0x100 + key_data->blob0_size + key_data->blob1_size + key_data->blob2_size + key_data->blob3_size + key_data->blob4_size;
|
||||
if (pkg1_id->kb >= KB_FIRMWARE_VERSION_700) {
|
||||
// Exit after TSEC key generation.
|
||||
*((vu16 *)((u32)tsec_ctxt.fw + 0x2DB5)) = 0x02F8;
|
||||
}
|
||||
|
||||
if (pkg1_id->kb == KB_FIRMWARE_VERSION_620) {
|
||||
u8 *tsec_paged = (u8 *)page_alloc(3);
|
||||
memcpy(tsec_paged, (void *)tsec_ctxt.fw, tsec_ctxt.size);
|
||||
@ -404,6 +400,7 @@ get_tsec: ;
|
||||
alignment = 8;
|
||||
break;
|
||||
case KB_FIRMWARE_VERSION_700:
|
||||
case KB_FIRMWARE_VERSION_810:
|
||||
start_offset = 0x29c50;
|
||||
hks_offset_from_end -= 0x6a73;
|
||||
alignment = 8;
|
||||
@ -553,6 +550,7 @@ pkg2_done:
|
||||
start_offset = 0x5674;
|
||||
break;
|
||||
case KB_FIRMWARE_VERSION_700:
|
||||
case KB_FIRMWARE_VERSION_810:
|
||||
start_offset = 0x5563;
|
||||
break;
|
||||
}
|
||||
@ -603,6 +601,7 @@ pkg2_done:
|
||||
start_offset = 0x1d5be;
|
||||
break;
|
||||
case KB_FIRMWARE_VERSION_700:
|
||||
case KB_FIRMWARE_VERSION_810:
|
||||
start_offset = 0x1d437;
|
||||
break;
|
||||
}
|
||||
@ -716,6 +715,7 @@ key_output: ;
|
||||
SAVE_KEY_FAMILY("master_kek", master_kek, MAX_KEY, 0x10);
|
||||
SAVE_KEY("master_kek_source_06", master_kek_sources[0], 0x10);
|
||||
SAVE_KEY("master_kek_source_07", master_kek_sources[1], 0x10);
|
||||
SAVE_KEY("master_kek_source_08", master_kek_sources[2], 0x10);
|
||||
SAVE_KEY_FAMILY("master_key", master_key, MAX_KEY, 0x10);
|
||||
SAVE_KEY("master_key_source", master_key_source, 0x10);
|
||||
SAVE_KEY_FAMILY("package1_key", package1_key, 6, 0x10);
|
||||
|
@ -34,7 +34,8 @@
|
||||
#define KB_FIRMWARE_VERSION_600 5
|
||||
#define KB_FIRMWARE_VERSION_620 6
|
||||
#define KB_FIRMWARE_VERSION_700 7
|
||||
#define KB_FIRMWARE_VERSION_MAX KB_FIRMWARE_VERSION_700
|
||||
#define KB_FIRMWARE_VERSION_810 8
|
||||
#define KB_FIRMWARE_VERSION_MAX KB_FIRMWARE_VERSION_810
|
||||
|
||||
#define HOS_PKG11_MAGIC 0x31314B50
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user