From 0895174fbb695d90cd080b094740feb5ae7e2957 Mon Sep 17 00:00:00 2001
From: Naim2000 <naimarnohero@gmail.com>
Date: Tue, 23 Apr 2024 18:41:06 -0500
Subject: [PATCH] Korean Key detection pt.2

---
 source/sys.c         |  2 --
 source/title.c       |  2 --
 source/title.h       |  1 +
 source/wad-manager.c |  3 +++
 source/wad.c         | 54 +++++++++++++++++++++++++++++++++++++++-----
 5 files changed, 52 insertions(+), 10 deletions(-)

diff --git a/source/sys.c b/source/sys.c
index 524cf7a..59d1253 100644
--- a/source/sys.c
+++ b/source/sys.c
@@ -54,9 +54,7 @@ bool ES_CheckHasKoreanKey(void)
 	if (seeprom_read(korean_key, offsetof(struct SEEPROM, korean_key), sizeof(korean_key)) != sizeof(korean_key))
 		return false;
 
-	AES_Init();
 	AES_Decrypt(korean_key, 0x10, iv, 0x10, data, data, sizeof(data));
-	AES_Close();
 
 	//	return (!strcmp((char*) data, "thepikachugamer")) Just remembered that this is how the Trucha bug came to be
 	return (!memcmp(data, "thepikachugamer", sizeof(data)));
diff --git a/source/title.c b/source/title.c
index 2f01539..f5c4ef8 100644
--- a/source/title.c
+++ b/source/title.c
@@ -336,9 +336,7 @@ void Title_SetupCommonKeys(void)
 	unsigned char iv[0x10] = {};
 
 	memcpy(vWiiCommonKey, vwii_key_enc_bin, sizeof(vwii_key_enc_bin));
-	AES_Init();
 	AES_Decrypt(WiiCommonKey, sizeof(aeskey), iv, sizeof(iv), vWiiCommonKey, vWiiCommonKey, sizeof(aeskey));
-	AES_Close();
 
 	keys_ok = true;
 	return;
diff --git a/source/title.h b/source/title.h
index 44c04ea..0b233be 100644
--- a/source/title.h
+++ b/source/title.h
@@ -20,5 +20,6 @@ s32 Title_GetVersion(u64, u16 *);
 s32 Title_GetSysVersion(u64, u64 *);
 s32 Title_GetSize(u64, u32 *);
 s32 Title_GetIOSVersions(u8 **, u32 *);
+void Title_SetupCommonKeys(void);
 
 #endif
diff --git a/source/wad-manager.c b/source/wad-manager.c
index 7fbb1fc..2884931 100644
--- a/source/wad-manager.c
+++ b/source/wad-manager.c
@@ -8,6 +8,8 @@
 #include <wiidrc/wiidrc.h>
 
 #include "sys.h"
+#include "title.h"
+#include "aes.h"
 #include "gui.h"
 #include "menu.h"
 #include "restart.h"
@@ -183,6 +185,7 @@ int main(int argc, char **argv)
 	WKB_Initialize();
 	WIILIGHT_Init();
 
+	AES_Init();
 	Title_SetupCommonKeys();
 
 	/* Print disclaimer */
diff --git a/source/wad.c b/source/wad.c
index 3282051..d0611d0 100644
--- a/source/wad.c
+++ b/source/wad.c
@@ -577,7 +577,6 @@ bool __Wad_FixTicket(signed_blob *s_tik)
 			iv[0] = p_tik->titleid;
 			iv[1] = 0;
 
-			AES_Init();
 			AES_Decrypt(vWiiCommonKey, 0x10, iv, 0x10, tkeybuf, tkeybuf, sizeof(tkeybuf));
 
 			iv[0] = p_tik->titleid;
@@ -586,7 +585,6 @@ bool __Wad_FixTicket(signed_blob *s_tik)
 			AES_Encrypt(WiiCommonKey, 0x10, iv, 0x10, tkeybuf, tkeybuf, sizeof(tkeybuf));
 
 			memcpy(p_tik->cipher_title_key, tkeybuf, sizeof(tkeybuf));
-			AES_Close();
 		}
 
 		/* Fakesign ticket */
@@ -691,9 +689,9 @@ s32 Wad_Install(FILE *fp)
 
 	if (TITLE_UPPER(tmd_data->sys_version) == 0) // IOS
 	{
-		if (isvWiiTitle && !IS_WIIU)
+		if (isvWiiTitle ^ IS_WIIU) // xor is one of my favourite binary operators of all time
 		{
-			printf("\n    Cannot install vWii IOS on Wii.\n");
+			printf("\n    Cannot install vWii IOS on Wii (and vice versa).\n");
 			ret = -999;
 			goto err;
 		}
@@ -707,9 +705,53 @@ s32 Wad_Install(FILE *fp)
 				goto err;
 			}
 
-			else if (tid == TITLE_ID(1, 70) || tid == TITLE_ID(1, 80))
+			// this code feels like a MESS
+			else if (!IS_WIIU && (tid == TITLE_ID(1, 70) || tid == TITLE_ID(1, 80)))
 			{
-				/* Check build tag here */
+				tik* ticket = (tik*)SIGNATURE_PAYLOAD(p_tik);
+
+				__aligned(0x10)
+				aeskey titlekey;
+				u64 iv[2] = { tid };
+
+
+				memcpy(titlekey, ticket->cipher_title_key, sizeof(aeskey));
+				AES_Decrypt(WiiCommonKey, sizeof(aeskey), iv, sizeof(iv), titlekey, titlekey, sizeof(aeskey));
+
+				u32 content0_offset = offset;
+				for (tmd_content* con = tmd_data->contents; con < tmd_data->contents + tmd_data->num_contents; con++)
+				{
+					if (con->index == 0) break;
+					content0_offset += round_up(con->size, 0x40);
+				}
+
+				__aligned(0x20)
+				cIOSInfo build_tag = {};
+
+				printf("build_tag@%p\n", &build_tag);
+				__asm__ volatile ( ".long -1" );
+
+				ret = FSOPReadOpenFile(fp, (void*)&build_tag, content0_offset, sizeof(cIOSInfo));
+				if (ret != 1)
+					goto err;
+
+				iv[0] = 0;
+				iv[1] = 0;
+				AES_Decrypt(titlekey, sizeof(aeskey), iv, sizeof(iv), &build_tag, &build_tag, sizeof(cIOSInfo));
+
+				if (build_tag.hdr_magic != CIOS_INFO_MAGIC ||
+					build_tag.hdr_version != CIOS_INFO_VERSION ||
+					(build_tag.ios_base != 60 && ES_CheckHasKoreanKey()))
+				{
+					printf("\n"
+						"	Installing this System menu IOS will brick your Wii.\n"
+						"	Please remove the Korean key via KoreanKii,\n"
+						"	then try again.\n\n"
+					);
+
+					ret = -999;
+					goto err;
+				}
 			}
 		}