Fix tickets using the vWii common key (#9)

* had to download libogc's aes driver, hoping this works
2024-11-21 23:59:18 +01:00 · 2024-03-01 07:18:50 -05:00 · 2024-03-01 07:18:50 -05:00 · cb2351b877
commit cb2351b877
parent abd5f48be9
3 changed files with 249 additions and 35 deletions
--- a/source/aes.c
+++ b/source/aes.c
@ -0,0 +1,125 @@
 /*-------------------------------------------------------------
 aes.c -- AES Engine
 Copyright (C) 2022
 GaryOderNichts 
 Joris 'DacoTaco' Vermeylen info@dacotaco.com
 This software is provided 'as-is', without any express or implied
 warranty.  In no event will the authors be held liable for any
 damages arising from the use of this software.
 Permission is granted to anyone to use this software for any
 purpose, including commercial applications, and to alter it and
 redistribute it freely, subject to the following restrictions:
 1.	The origin of this software must not be misrepresented; you
 must not claim that you wrote the original software. If you use
 this software in a product, an acknowledgment in the product
 documentation would be appreciated but is not required.
 2.	Altered source versions must be plainly marked as such, and
 must not be misrepresented as being the original software.
 3.	This notice may not be removed or altered from any source
 distribution.
 -------------------------------------------------------------*/
 #if defined(HW_RVL)
 #include <string.h>
 #include <gctypes.h>
 #include <gcutil.h>
 #include <ogc/ipc.h>
 #include "aes.h"
 #define AES_HEAPSIZE 0x200
 #define AES_IOCTLV_ENCRYPT 2
 #define AES_IOCTLV_DECRYPT 3
 static s32 __aes_fd = -1;
 static s32 __aes_hid = -1;
 static s32 AES_ExecuteCommand(s32 command, const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size)
 {
 	if ((((u32)in_data | (u32)out_data) & 0xF) != 0)
 		return -4;
 	if (key_size != 16 || iv_size != 16 || (data_size & 15) != 0)
 		return -4;
 	ioctlv* params = (ioctlv*)iosAlloc(__aes_hid, sizeof(ioctlv) * 4);
 	if (!params)
 		return -1;
 	s32 ret = -1;
 	for (u32 i = 0; i < data_size; i += AES_BLOCK_SIZE) {
 		u32 size = i+AES_BLOCK_SIZE >= data_size
 			? data_size - i
 			: AES_BLOCK_SIZE;
 		params[0].data	= (void*)((u32)in_data + i);
 		params[0].len	= size;
 		params[1].data	= (void*) key;
 		params[1].len	= key_size;
 		params[2].data	= (void*)((u32)out_data + i);
 		params[2].len	= size;
 		params[3].data	= iv;
 		params[3].len	= iv_size;
 		ret = IOS_Ioctlv(__aes_fd, command, 2, 2, params);
 		if (ret < 0)
 			break;
 	}
 	iosFree(__aes_hid, params);
 	return ret;
 }
 s32 AES_Init(void)
 {
 	if (__aes_fd >= 0)
 		return -1;
 	__aes_fd = IOS_Open("/dev/aes", 0);
 	if (__aes_fd < 0)
 		return __aes_fd;
 	//only create heap if it wasn't created yet.
 	//its never disposed, so only create once.
 	if(__aes_hid < 0)
 		__aes_hid = iosCreateHeap(AES_HEAPSIZE);
 	if (__aes_hid < 0) {
 		AES_Close();
 		return __aes_hid;
 	}
 	return 0;
 }
 s32 AES_Close(void)
 {
 	if (__aes_fd < 0)
 		return -1;
 	IOS_Close(__aes_fd);
 	__aes_fd = -1;
 	return 0;
 }
 s32 AES_Encrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size)
 {
 	return AES_ExecuteCommand(AES_IOCTLV_ENCRYPT, key, key_size, iv, iv_size, in_data, out_data, data_size);
 }
 s32 AES_Decrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size)
 {
 	return AES_ExecuteCommand(AES_IOCTLV_DECRYPT, key, key_size, iv, iv_size, in_data, out_data, data_size);
 }
 #endif
--- a/source/aes.h
+++ b/source/aes.h
@ -0,0 +1,53 @@
 /*-------------------------------------------------------------
 aes.h -- AES Engine
 Copyright (C) 2022
 GaryOderNichts 
 Joris 'DacoTaco' Vermeylen info@dacotaco.com
 This software is provided 'as-is', without any express or implied
 warranty.  In no event will the authors be held liable for any
 damages arising from the use of this software.
 Permission is granted to anyone to use this software for any
 purpose, including commercial applications, and to alter it and
 redistribute it freely, subject to the following restrictions:
 1.	The origin of this software must not be misrepresented; you
 must not claim that you wrote the original software. If you use
 this software in a product, an acknowledgment in the product
 documentation would be appreciated but is not required.
 2.	Altered source versions must be plainly marked as such, and
 must not be misrepresented as being the original software.
 3.	This notice may not be removed or altered from any source
 distribution.
 -------------------------------------------------------------*/
 #ifndef __AES_H___
 #define __AES_H___
 #if defined(HW_RVL)
 #include <gctypes.h>
 #include <gcutil.h>
 #define AES_BLOCK_SIZE 0x10000
 #ifdef __cplusplus
 	extern "C" {
 #endif /* __cplusplus */
 s32 AES_Init(void);
 s32 AES_Close(void);
 s32 AES_Decrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size);
 s32 AES_Encrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size);
 #ifdef __cplusplus
 	}
 #endif /* __cplusplus */
 #endif
 #endif
--- a/source/wad.c
+++ b/source/wad.c
@ -2,11 +2,13 @@
 #include <string.h>
 #include <ogcsys.h>
 #include <ogc/pad.h>
 #include <ogc/es.h>
 #include <unistd.h>
 #include "sys.h"
 #include "title.h"
 #include "utils.h"
 #include "aes.h"
 #include "video.h"
 #include "wad.h"
 #include "wpad.h"
@ -93,58 +95,58 @@ static inline void DecEncTxtBuffer(char* buffer)
 u64 get_title_ios(u64 title) {
 	s32 ret, fd;
-	static char filepath[256] ATTRIBUTE_ALIGN(32);	
+	static char filepath[256] ATTRIBUTE_ALIGN(32);
-	
+
 	// Check to see if title exists
 	if (ES_GetDataDir(title, filepath) >= 0 ) {
 		u32 tmd_size = 0;
 		static u8 tmd_buf[MAX_SIGNED_TMD_SIZE] ATTRIBUTE_ALIGN(32);
-	
+
 		ret = ES_GetStoredTMDSize(title, &tmd_size);
 		if (ret < 0){
 			// If we fail to use the ES function, try reading manually
 			// This is a workaround added since some IOS (like 21) don't like our
 			// call to ES_GetStoredTMDSize
-			
+
 			//printf("Error! ES_GetStoredTMDSize: %d\n", ret);
-					
+
 			sprintf(filepath, "/title/%08x/%08x/content/title.tmd", TITLE_UPPER(title), TITLE_LOWER(title));
-			
+
 			ret = ISFS_Open(filepath, ISFS_OPEN_READ);
 			if (ret <= 0)
 			{
 				//printf("Error! ISFS_Open (ret = %d)\n", ret);
 				return 0;
 			}
-			
+
 			fd = ret;
-			
+
 			ret = ISFS_Seek(fd, 0x184, 0);
 			if (ret < 0)
 			{
 				//printf("Error! ISFS_Seek (ret = %d)\n", ret);
 				return 0;
 			}
-			
+
 			ret = ISFS_Read(fd,tmd_buf,8);
 			if (ret < 0)
 			{
 				//printf("Error! ISFS_Read (ret = %d)\n", ret);
 				return 0;
 			}
-			
+
 			ret = ISFS_Close(fd);
 			if (ret < 0)
 			{
 				//printf("Error! ISFS_Close (ret = %d)\n", ret);
 				return 0;
 			}
-			
+
 			return be64(tmd_buf);
-			
+
 		} else {
 			// Normal versions of IOS won't have a problem, so we do things the "right" way.
-			
+
 			// Some of this code adapted from bushing's title_lister.c
 			signed_blob *s_tmd = (signed_blob *)tmd_buf;
 			ret = ES_GetStoredTMD(title, s_tmd, tmd_size);
@ -155,9 +157,9 @@ u64 get_title_ios(u64 title) {
 			tmd *t = SIGNATURE_PAYLOAD(s_tmd);
 			return t->sys_version;
 		}
-		
+
-		
+
-	} 
+	}
 	return 0;
 }
@ -171,7 +173,7 @@ static bool GetRegionFromTXT(char* region)
 		return false;
 	DecEncTxtBuffer(buffer);
-	
+
 	char* current = strstr(buffer, "AREA");
 	if(current)
@ -182,7 +184,7 @@ static bool GetRegionFromTXT(char* region)
 		if (start && end)
 		{
 			start++;
-			
+
 			if (!strncmp(start, "JPN", 3))
 				*region = 'J';
 			else if (!strncmp(start, "USA", 3))
@ -191,12 +193,12 @@ static bool GetRegionFromTXT(char* region)
 				*region = 'E';
 			else if (!strncmp(start, "KOR", 3))
 				*region = 'K';
-			
+
 			if (*region != 0)
 			{
 				free(buffer);
 				return true;
-			}	
+			}
 		}
 	}
 	else
@ -232,7 +234,7 @@ s32 GetSysMenuRegion(u16* version, char* region)
 bool VersionIsOriginal(u16 version)
 {
 	s32 i;
-	
+
 	for (i = 0; i < VersionListSize; i++)
 	{
 		if (VersionList[i] == version)
@ -286,7 +288,7 @@ static u32 GetSysMenuBootContent(void)
 		return 0;
 	}
-	ret = ES_GetStoredTMD(0x100000002LL, (u8*)s_tmd, size);
+	ret = ES_GetStoredTMD(0x100000002LL, s_tmd, size);
 	if (ret < 0)
 	{
 		printf("Error! ES_GetStoredTMD failed (ret=%i)\n", ret);
@ -326,7 +328,7 @@ bool GetSysMenuExecPath(char path[ISFS_MAXPATH], bool mainDOL)
 bool IsPriiloaderInstalled()
 {
 	char path[ISFS_MAXPATH] ATTRIBUTE_ALIGN(0x20);
-	
+
 	if (!GetSysMenuExecPath(path, true))
 		return false;
@ -339,7 +341,7 @@ bool IsPriiloaderInstalled()
 static bool BackUpPriiloader()
 {
 	char path[ISFS_MAXPATH] ATTRIBUTE_ALIGN(0x20);
-	
+
 	if (!GetSysMenuExecPath(path, false))
 		return false;
@ -350,7 +352,7 @@ static bool BackUpPriiloader()
 		printf("Error! NANDBackUpFile: Failed! (Error: %d)\n", ret);
 		return false;
 	}
-						
+
 	ret = NANDGetFileSize("/tmp/priiload.app", &gPriiloaderSize);
 	return (gPriiloaderSize == size);
@ -403,7 +405,7 @@ static bool RestorePriiloader()
 static void PrintCleanupResult(s32 result)
 {
-	
+
 	if (result < 0)
 	{
 		switch (result)
@ -446,9 +448,9 @@ static void CleanupPriiloaderLeftOvers(bool retain)
 		printf("\r\t\t>> File: main.bin...");
 		PrintCleanupResult(NANDDeleteFile("/title/00000001/00000002/data/main.bin"));
 	}
-	
+
 	printf("\n\t\tRemoving Priiloader hacks...\n");
-	
+
 	printf("\r\t\t>> File: hacks_s.ini...");
 	PrintCleanupResult(NANDDeleteFile("/title/00000001/00000002/data/hacks_s.ini"));
 	printf("\r\t\t>> File: hacks.ini...");
@ -462,7 +464,7 @@ static void CleanupPriiloaderLeftOvers(bool retain)
 	{
 		printf("\n\t\tPriiloader hacks will be reset!\n");
 		printf("\t\tRemember to set them again.\n");
-	}	
+	}
 }
 static bool CompareHashes(bool priiloader)
@ -488,7 +490,7 @@ static bool CompareHashes(bool priiloader)
 		free(dataA);
 		return false;
 	}
-	
+
 	bool ret = (sizeA == sizeB) && !CompareHash(dataA, sizeA, dataB, sizeB);
 	free(dataA);
@ -550,17 +552,51 @@ out:
 	return ret;
 }
-void __Wad_FixTicket(signed_blob *p_tik)
+static const aeskey
-{
+	WiiCommonKey  = { 0xeb, 0xe4, 0x2a, 0x22, 0x5e, 0x85, 0x93, 0xe4, 0x48, 0xd9, 0xc5, 0x45, 0x73, 0x81, 0xaa, 0xf7 },
-	u8 *data = (u8 *)p_tik;
+	vWiiCommonKey = { 0x30, 0xbf, 0xc7, 0x6e, 0x7c, 0x19, 0xaf, 0xbb, 0x23, 0x16, 0x33, 0x30, 0xce, 0xd7, 0xc2, 0x8d };
 	u8 *ckey = data + 0x1F1;
 void __Wad_FixTicket(signed_blob *s_tik)
 {
 	tik* p_tik = SIGNATURE_PAYLOAD(s_tik);
 	u8 *ckey = ((u8*)s_tik) + 0x1F1;
 	/*
 	 * Alright. I'd hate to pull this off on signed tickets using the vWii common key.
 	 * But this already does it, just without re-crypting the title key. So let's do it.
 	 */
 	bool fixKey = *ckey == 2;
 	if (*ckey > 1) {
 		/* Set common key */
 		*ckey = 0;
 		/* Fix tickets using vWii Common Key */
 		if (fixKey)
 		{
 			__attribute__((aligned(0x10)))
 			static unsigned char keybuf[0x10], iv[0x10];
 			u8* titlekey = p_tik->cipher_title_key;
 			u64* titleid = &p_tik->titleid;
 			memcpy(keybuf, titlekey, sizeof(keybuf));
 			memcpy(iv, titleid, sizeof(u64));
 			memset(iv + 8, 0, sizeof(iv) - 8);
 			AES_Init();
 			AES_Decrypt(vWiiCommonKey, 0x10, iv, 0x10, keybuf, keybuf, sizeof(keybuf));
 			memcpy(iv, titleid, sizeof(u64));
 			memset(iv + 8, 0, sizeof(iv) - 8);
 			AES_Encrypt(WiiCommonKey, 0x10, iv, 0x10, keybuf, keybuf, sizeof(keybuf));
 			memcpy(titlekey, keybuf, sizeof(keybuf));
 			AES_Close();
 		}
 		/* Fakesign ticket */
-		Title_FakesignTik(p_tik);
+		Title_FakesignTik(s_tik);
 	}
 }