checking AES_Decrypt

source/wad.c

@@ -95,58 +95,58 @@ static inline void DecEncTxtBuffer(char* buffer)
 
 u64 get_title_ios(u64 title) {
 	s32 ret, fd;
-	static char filepath[256] ATTRIBUTE_ALIGN(32);	
-	
+	static char filepath[256] ATTRIBUTE_ALIGN(32);
+
 	// Check to see if title exists
 	if (ES_GetDataDir(title, filepath) >= 0 ) {
 		u32 tmd_size = 0;
 		static u8 tmd_buf[MAX_SIGNED_TMD_SIZE] ATTRIBUTE_ALIGN(32);
-	
+
 		ret = ES_GetStoredTMDSize(title, &tmd_size);
 		if (ret < 0){
 			// If we fail to use the ES function, try reading manually
 			// This is a workaround added since some IOS (like 21) don't like our
 			// call to ES_GetStoredTMDSize
-			
+
 			//printf("Error! ES_GetStoredTMDSize: %d\n", ret);
-					
+
 			sprintf(filepath, "/title/%08x/%08x/content/title.tmd", TITLE_UPPER(title), TITLE_LOWER(title));
-			
+
 			ret = ISFS_Open(filepath, ISFS_OPEN_READ);
 			if (ret <= 0)
 			{
 				//printf("Error! ISFS_Open (ret = %d)\n", ret);
 				return 0;
 			}
-			
+
 			fd = ret;
-			
+
 			ret = ISFS_Seek(fd, 0x184, 0);
 			if (ret < 0)
 			{
 				//printf("Error! ISFS_Seek (ret = %d)\n", ret);
 				return 0;
 			}
-			
+
 			ret = ISFS_Read(fd,tmd_buf,8);
 			if (ret < 0)
 			{
 				//printf("Error! ISFS_Read (ret = %d)\n", ret);
 				return 0;
 			}
-			
+
 			ret = ISFS_Close(fd);
 			if (ret < 0)
 			{
 				//printf("Error! ISFS_Close (ret = %d)\n", ret);
 				return 0;
 			}
-			
+
 			return be64(tmd_buf);
-			
+
 		} else {
 			// Normal versions of IOS won't have a problem, so we do things the "right" way.
-			
+
 			// Some of this code adapted from bushing's title_lister.c
 			signed_blob *s_tmd = (signed_blob *)tmd_buf;
 			ret = ES_GetStoredTMD(title, s_tmd, tmd_size);
@@ -157,9 +157,9 @@ u64 get_title_ios(u64 title) {
 			tmd *t = SIGNATURE_PAYLOAD(s_tmd);
 			return t->sys_version;
 		}
-		
-		
-	} 
+
+
+	}
 	return 0;
 }
 
@@ -173,7 +173,7 @@ static bool GetRegionFromTXT(char* region)
 		return false;
 
 	DecEncTxtBuffer(buffer);
-	
+
 	char* current = strstr(buffer, "AREA");
 
 	if(current)
@@ -184,7 +184,7 @@ static bool GetRegionFromTXT(char* region)
 		if (start && end)
 		{
 			start++;
-			
+
 			if (!strncmp(start, "JPN", 3))
 				*region = 'J';
 			else if (!strncmp(start, "USA", 3))
@@ -193,12 +193,12 @@ static bool GetRegionFromTXT(char* region)
 				*region = 'E';
 			else if (!strncmp(start, "KOR", 3))
 				*region = 'K';
-			
+
 			if (*region != 0)
 			{
 				free(buffer);
 				return true;
-			}	
+			}
 		}
 	}
 	else
@@ -234,7 +234,7 @@ s32 GetSysMenuRegion(u16* version, char* region)
 bool VersionIsOriginal(u16 version)
 {
 	s32 i;
-	
+
 	for (i = 0; i < VersionListSize; i++)
 	{
 		if (VersionList[i] == version)
@@ -328,7 +328,7 @@ bool GetSysMenuExecPath(char path[ISFS_MAXPATH], bool mainDOL)
 bool IsPriiloaderInstalled()
 {
 	char path[ISFS_MAXPATH] ATTRIBUTE_ALIGN(0x20);
-	
+
 	if (!GetSysMenuExecPath(path, true))
 		return false;
 
@@ -341,7 +341,7 @@ bool IsPriiloaderInstalled()
 static bool BackUpPriiloader()
 {
 	char path[ISFS_MAXPATH] ATTRIBUTE_ALIGN(0x20);
-	
+
 	if (!GetSysMenuExecPath(path, false))
 		return false;
 
@@ -352,7 +352,7 @@ static bool BackUpPriiloader()
 		printf("Error! NANDBackUpFile: Failed! (Error: %d)\n", ret);
 		return false;
 	}
-						
+
 	ret = NANDGetFileSize("/tmp/priiload.app", &gPriiloaderSize);
 
 	return (gPriiloaderSize == size);
@@ -405,7 +405,7 @@ static bool RestorePriiloader()
 
 static void PrintCleanupResult(s32 result)
 {
-	
+
 	if (result < 0)
 	{
 		switch (result)
@@ -448,9 +448,9 @@ static void CleanupPriiloaderLeftOvers(bool retain)
 		printf("\r\t\t>> File: main.bin...");
 		PrintCleanupResult(NANDDeleteFile("/title/00000001/00000002/data/main.bin"));
 	}
-	
+
 	printf("\n\t\tRemoving Priiloader hacks...\n");
-	
+
 	printf("\r\t\t>> File: hacks_s.ini...");
 	PrintCleanupResult(NANDDeleteFile("/title/00000001/00000002/data/hacks_s.ini"));
 	printf("\r\t\t>> File: hacks.ini...");
@@ -464,7 +464,7 @@ static void CleanupPriiloaderLeftOvers(bool retain)
 	{
 		printf("\n\t\tPriiloader hacks will be reset!\n");
 		printf("\t\tRemember to set them again.\n");
-	}	
+	}
 }
 
 static bool CompareHashes(bool priiloader)
@@ -490,7 +490,7 @@ static bool CompareHashes(bool priiloader)
 		free(dataA);
 		return false;
 	}
-	
+
 	bool ret = (sizeA == sizeB) && !CompareHash(dataA, sizeA, dataB, sizeB);
 
 	free(dataA);
@@ -554,10 +554,10 @@ out:
 
 static const aeskey WiiCommonKey = { 0xeb, 0xe4, 0x2a, 0x22, 0x5e, 0x85, 0x93, 0xe4, 0x48, 0xd9, 0xc5, 0x45, 0x73, 0x81, 0xaa, 0xf7 };
 
-void __Wad_FixTicket(signed_blob *p_tik)
+void __Wad_FixTicket(signed_blob *s_tik)
 {
-	u8 *data = (u8 *)p_tik;
-	u8 *ckey = data + 0x1F1;
+	tik* p_tik = SIGNATURE_PAYLOAD(s_tik);
+	u8 *ckey = ((u8*)s_tik) + 0x1F1;
 
 	/*
 	 * Alright. I'd hate to pull this off on signed tickets using the vWii common key.
@@ -574,15 +574,15 @@ void __Wad_FixTicket(signed_blob *p_tik)
 			__attribute__((aligned(0x10)))
 			static unsigned char keybuf[0x10], iv[0x10];
 
-			u8* titlekey = data + sizeof(sig_rsa2048) + offsetof(tik, cipher_title_key);
-			u64* titleid = data + sizeof(sig_rsa2048) + offsetof(tik, titleid);
+			u8* titlekey = &p_tik->cipher_title_key;
+			u64* titleid = &p_tik->titleid;
 
 			memcpy(keybuf, titlekey, sizeof(keybuf));
-			// Static so it's already zero-initialized. Ideally the bottom 8 bytes don't get touched somehow.
-			//
-			memcpy(iv, titleid, sizeof(*titleid));
+			memcpy(iv, titleid, sizeof(u64));
+			memset(iv + 8, 0, sizeof(iv) - sizeof(u64));
 			AES_Init();
-			AES_Decrypt(WiiCommonKey, 0x10, iv, 0x10, keybuf, keybuf, 0x10);
+			int ret = AES_Decrypt(WiiCommonKey, 0x10, iv, 0x10, keybuf, keybuf, 0x10);
+			printf("decrypt:%i\n", ret);
 			memcpy(titlekey, keybuf, sizeof(keybuf));
 		}