From cb2351b87776b0f9d42f057194f016274626f3f5 Mon Sep 17 00:00:00 2001 From: thepikachugamer <44107089+Naim2000@users.noreply.github.com> Date: Fri, 1 Mar 2024 07:18:50 -0500 Subject: [PATCH] Fix tickets using the vWii common key (#9) * had to download libogc's aes driver, hoping this works --- source/aes.c | 125 +++++++++++++++++++++++++++++++++++++++++++++++++++ source/aes.h | 53 ++++++++++++++++++++++ source/wad.c | 106 ++++++++++++++++++++++++++++--------------- 3 files changed, 249 insertions(+), 35 deletions(-) create mode 100644 source/aes.c create mode 100644 source/aes.h diff --git a/source/aes.c b/source/aes.c new file mode 100644 index 0000000..a3e9d61 --- /dev/null +++ b/source/aes.c @@ -0,0 +1,125 @@ +/*------------------------------------------------------------- + +aes.c -- AES Engine + +Copyright (C) 2022 +GaryOderNichts +Joris 'DacoTaco' Vermeylen info@dacotaco.com + +This software is provided 'as-is', without any express or implied +warranty. In no event will the authors be held liable for any +damages arising from the use of this software. + +Permission is granted to anyone to use this software for any +purpose, including commercial applications, and to alter it and +redistribute it freely, subject to the following restrictions: + +1. The origin of this software must not be misrepresented; you +must not claim that you wrote the original software. If you use +this software in a product, an acknowledgment in the product +documentation would be appreciated but is not required. + +2. Altered source versions must be plainly marked as such, and +must not be misrepresented as being the original software. + +3. This notice may not be removed or altered from any source +distribution. + +-------------------------------------------------------------*/ +#if defined(HW_RVL) + +#include +#include +#include +#include + +#include "aes.h" + +#define AES_HEAPSIZE 0x200 + +#define AES_IOCTLV_ENCRYPT 2 +#define AES_IOCTLV_DECRYPT 3 + +static s32 __aes_fd = -1; +static s32 __aes_hid = -1; + +static s32 AES_ExecuteCommand(s32 command, const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size) +{ + if ((((u32)in_data | (u32)out_data) & 0xF) != 0) + return -4; + + if (key_size != 16 || iv_size != 16 || (data_size & 15) != 0) + return -4; + + ioctlv* params = (ioctlv*)iosAlloc(__aes_hid, sizeof(ioctlv) * 4); + if (!params) + return -1; + + s32 ret = -1; + for (u32 i = 0; i < data_size; i += AES_BLOCK_SIZE) { + u32 size = i+AES_BLOCK_SIZE >= data_size + ? data_size - i + : AES_BLOCK_SIZE; + + params[0].data = (void*)((u32)in_data + i); + params[0].len = size; + params[1].data = (void*) key; + params[1].len = key_size; + params[2].data = (void*)((u32)out_data + i); + params[2].len = size; + params[3].data = iv; + params[3].len = iv_size; + + ret = IOS_Ioctlv(__aes_fd, command, 2, 2, params); + if (ret < 0) + break; + } + + iosFree(__aes_hid, params); + return ret; +} + +s32 AES_Init(void) +{ + if (__aes_fd >= 0) + return -1; + + __aes_fd = IOS_Open("/dev/aes", 0); + if (__aes_fd < 0) + return __aes_fd; + + //only create heap if it wasn't created yet. + //its never disposed, so only create once. + if(__aes_hid < 0) + __aes_hid = iosCreateHeap(AES_HEAPSIZE); + + if (__aes_hid < 0) { + AES_Close(); + return __aes_hid; + } + + return 0; +} + +s32 AES_Close(void) +{ + if (__aes_fd < 0) + return -1; + + IOS_Close(__aes_fd); + __aes_fd = -1; + + return 0; +} + +s32 AES_Encrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size) +{ + return AES_ExecuteCommand(AES_IOCTLV_ENCRYPT, key, key_size, iv, iv_size, in_data, out_data, data_size); +} + +s32 AES_Decrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size) +{ + return AES_ExecuteCommand(AES_IOCTLV_DECRYPT, key, key_size, iv, iv_size, in_data, out_data, data_size); +} + +#endif diff --git a/source/aes.h b/source/aes.h new file mode 100644 index 0000000..a840187 --- /dev/null +++ b/source/aes.h @@ -0,0 +1,53 @@ +/*------------------------------------------------------------- + +aes.h -- AES Engine + +Copyright (C) 2022 +GaryOderNichts +Joris 'DacoTaco' Vermeylen info@dacotaco.com + +This software is provided 'as-is', without any express or implied +warranty. In no event will the authors be held liable for any +damages arising from the use of this software. + +Permission is granted to anyone to use this software for any +purpose, including commercial applications, and to alter it and +redistribute it freely, subject to the following restrictions: + +1. The origin of this software must not be misrepresented; you +must not claim that you wrote the original software. If you use +this software in a product, an acknowledgment in the product +documentation would be appreciated but is not required. + +2. Altered source versions must be plainly marked as such, and +must not be misrepresented as being the original software. + +3. This notice may not be removed or altered from any source +distribution. + +-------------------------------------------------------------*/ + + +#ifndef __AES_H___ +#define __AES_H___ + +#if defined(HW_RVL) +#include +#include + +#define AES_BLOCK_SIZE 0x10000 + +#ifdef __cplusplus + extern "C" { +#endif /* __cplusplus */ + +s32 AES_Init(void); +s32 AES_Close(void); +s32 AES_Decrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size); +s32 AES_Encrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size); + +#ifdef __cplusplus + } +#endif /* __cplusplus */ +#endif +#endif diff --git a/source/wad.c b/source/wad.c index 83a2f4c..4e25e0e 100644 --- a/source/wad.c +++ b/source/wad.c @@ -2,11 +2,13 @@ #include #include #include +#include #include #include "sys.h" #include "title.h" #include "utils.h" +#include "aes.h" #include "video.h" #include "wad.h" #include "wpad.h" @@ -93,58 +95,58 @@ static inline void DecEncTxtBuffer(char* buffer) u64 get_title_ios(u64 title) { s32 ret, fd; - static char filepath[256] ATTRIBUTE_ALIGN(32); - + static char filepath[256] ATTRIBUTE_ALIGN(32); + // Check to see if title exists if (ES_GetDataDir(title, filepath) >= 0 ) { u32 tmd_size = 0; static u8 tmd_buf[MAX_SIGNED_TMD_SIZE] ATTRIBUTE_ALIGN(32); - + ret = ES_GetStoredTMDSize(title, &tmd_size); if (ret < 0){ // If we fail to use the ES function, try reading manually // This is a workaround added since some IOS (like 21) don't like our // call to ES_GetStoredTMDSize - + //printf("Error! ES_GetStoredTMDSize: %d\n", ret); - + sprintf(filepath, "/title/%08x/%08x/content/title.tmd", TITLE_UPPER(title), TITLE_LOWER(title)); - + ret = ISFS_Open(filepath, ISFS_OPEN_READ); if (ret <= 0) { //printf("Error! ISFS_Open (ret = %d)\n", ret); return 0; } - + fd = ret; - + ret = ISFS_Seek(fd, 0x184, 0); if (ret < 0) { //printf("Error! ISFS_Seek (ret = %d)\n", ret); return 0; } - + ret = ISFS_Read(fd,tmd_buf,8); if (ret < 0) { //printf("Error! ISFS_Read (ret = %d)\n", ret); return 0; } - + ret = ISFS_Close(fd); if (ret < 0) { //printf("Error! ISFS_Close (ret = %d)\n", ret); return 0; } - + return be64(tmd_buf); - + } else { // Normal versions of IOS won't have a problem, so we do things the "right" way. - + // Some of this code adapted from bushing's title_lister.c signed_blob *s_tmd = (signed_blob *)tmd_buf; ret = ES_GetStoredTMD(title, s_tmd, tmd_size); @@ -155,9 +157,9 @@ u64 get_title_ios(u64 title) { tmd *t = SIGNATURE_PAYLOAD(s_tmd); return t->sys_version; } - - - } + + + } return 0; } @@ -171,7 +173,7 @@ static bool GetRegionFromTXT(char* region) return false; DecEncTxtBuffer(buffer); - + char* current = strstr(buffer, "AREA"); if(current) @@ -182,7 +184,7 @@ static bool GetRegionFromTXT(char* region) if (start && end) { start++; - + if (!strncmp(start, "JPN", 3)) *region = 'J'; else if (!strncmp(start, "USA", 3)) @@ -191,12 +193,12 @@ static bool GetRegionFromTXT(char* region) *region = 'E'; else if (!strncmp(start, "KOR", 3)) *region = 'K'; - + if (*region != 0) { free(buffer); return true; - } + } } } else @@ -232,7 +234,7 @@ s32 GetSysMenuRegion(u16* version, char* region) bool VersionIsOriginal(u16 version) { s32 i; - + for (i = 0; i < VersionListSize; i++) { if (VersionList[i] == version) @@ -286,7 +288,7 @@ static u32 GetSysMenuBootContent(void) return 0; } - ret = ES_GetStoredTMD(0x100000002LL, (u8*)s_tmd, size); + ret = ES_GetStoredTMD(0x100000002LL, s_tmd, size); if (ret < 0) { printf("Error! ES_GetStoredTMD failed (ret=%i)\n", ret); @@ -326,7 +328,7 @@ bool GetSysMenuExecPath(char path[ISFS_MAXPATH], bool mainDOL) bool IsPriiloaderInstalled() { char path[ISFS_MAXPATH] ATTRIBUTE_ALIGN(0x20); - + if (!GetSysMenuExecPath(path, true)) return false; @@ -339,7 +341,7 @@ bool IsPriiloaderInstalled() static bool BackUpPriiloader() { char path[ISFS_MAXPATH] ATTRIBUTE_ALIGN(0x20); - + if (!GetSysMenuExecPath(path, false)) return false; @@ -350,7 +352,7 @@ static bool BackUpPriiloader() printf("Error! NANDBackUpFile: Failed! (Error: %d)\n", ret); return false; } - + ret = NANDGetFileSize("/tmp/priiload.app", &gPriiloaderSize); return (gPriiloaderSize == size); @@ -403,7 +405,7 @@ static bool RestorePriiloader() static void PrintCleanupResult(s32 result) { - + if (result < 0) { switch (result) @@ -446,9 +448,9 @@ static void CleanupPriiloaderLeftOvers(bool retain) printf("\r\t\t>> File: main.bin..."); PrintCleanupResult(NANDDeleteFile("/title/00000001/00000002/data/main.bin")); } - + printf("\n\t\tRemoving Priiloader hacks...\n"); - + printf("\r\t\t>> File: hacks_s.ini..."); PrintCleanupResult(NANDDeleteFile("/title/00000001/00000002/data/hacks_s.ini")); printf("\r\t\t>> File: hacks.ini..."); @@ -462,7 +464,7 @@ static void CleanupPriiloaderLeftOvers(bool retain) { printf("\n\t\tPriiloader hacks will be reset!\n"); printf("\t\tRemember to set them again.\n"); - } + } } static bool CompareHashes(bool priiloader) @@ -488,7 +490,7 @@ static bool CompareHashes(bool priiloader) free(dataA); return false; } - + bool ret = (sizeA == sizeB) && !CompareHash(dataA, sizeA, dataB, sizeB); free(dataA); @@ -550,17 +552,51 @@ out: return ret; } -void __Wad_FixTicket(signed_blob *p_tik) -{ - u8 *data = (u8 *)p_tik; - u8 *ckey = data + 0x1F1; +static const aeskey + WiiCommonKey = { 0xeb, 0xe4, 0x2a, 0x22, 0x5e, 0x85, 0x93, 0xe4, 0x48, 0xd9, 0xc5, 0x45, 0x73, 0x81, 0xaa, 0xf7 }, + vWiiCommonKey = { 0x30, 0xbf, 0xc7, 0x6e, 0x7c, 0x19, 0xaf, 0xbb, 0x23, 0x16, 0x33, 0x30, 0xce, 0xd7, 0xc2, 0x8d }; +void __Wad_FixTicket(signed_blob *s_tik) +{ + tik* p_tik = SIGNATURE_PAYLOAD(s_tik); + u8 *ckey = ((u8*)s_tik) + 0x1F1; + + /* + * Alright. I'd hate to pull this off on signed tickets using the vWii common key. + * But this already does it, just without re-crypting the title key. So let's do it. + */ + bool fixKey = *ckey == 2; if (*ckey > 1) { /* Set common key */ *ckey = 0; + /* Fix tickets using vWii Common Key */ + if (fixKey) + { + __attribute__((aligned(0x10))) + static unsigned char keybuf[0x10], iv[0x10]; + + u8* titlekey = p_tik->cipher_title_key; + u64* titleid = &p_tik->titleid; + + memcpy(keybuf, titlekey, sizeof(keybuf)); + memcpy(iv, titleid, sizeof(u64)); + memset(iv + 8, 0, sizeof(iv) - 8); + + AES_Init(); + AES_Decrypt(vWiiCommonKey, 0x10, iv, 0x10, keybuf, keybuf, sizeof(keybuf)); + + memcpy(iv, titleid, sizeof(u64)); + memset(iv + 8, 0, sizeof(iv) - 8); + + AES_Encrypt(WiiCommonKey, 0x10, iv, 0x10, keybuf, keybuf, sizeof(keybuf)); + + memcpy(titlekey, keybuf, sizeof(keybuf)); + AES_Close(); + } + /* Fakesign ticket */ - Title_FakesignTik(p_tik); + Title_FakesignTik(s_tik); } }