Fix tickets using the vWii common key (#9)

* had to download libogc's aes driver, hoping this works
2024-11-21 23:59:18 +01:00 · 2024-03-01 07:18:50 -05:00 · 2024-03-01 07:18:50 -05:00 · cb2351b877
commit cb2351b877
parent abd5f48be9
3 changed files with 249 additions and 35 deletions
--- a/source/aes.c
+++ b/source/aes.c
@ -0,0 +1,125 @@
+/*-------------------------------------------------------------
+
+aes.c -- AES Engine
+
+Copyright (C) 2022
+GaryOderNichts 
+Joris 'DacoTaco' Vermeylen info@dacotaco.com
+
+This software is provided 'as-is', without any express or implied
+warranty.  In no event will the authors be held liable for any
+damages arising from the use of this software.
+
+Permission is granted to anyone to use this software for any
+purpose, including commercial applications, and to alter it and
+redistribute it freely, subject to the following restrictions:
+
+1.	The origin of this software must not be misrepresented; you
+must not claim that you wrote the original software. If you use
+this software in a product, an acknowledgment in the product
+documentation would be appreciated but is not required.
+
+2.	Altered source versions must be plainly marked as such, and
+must not be misrepresented as being the original software.
+
+3.	This notice may not be removed or altered from any source
+distribution.
+
+-------------------------------------------------------------*/
+#if defined(HW_RVL)
+
+#include <string.h>
+#include <gctypes.h>
+#include <gcutil.h>
+#include <ogc/ipc.h>
+
+#include "aes.h"
+
+#define AES_HEAPSIZE 0x200
+
+#define AES_IOCTLV_ENCRYPT 2
+#define AES_IOCTLV_DECRYPT 3
+
+static s32 __aes_fd = -1;
+static s32 __aes_hid = -1;
+
+static s32 AES_ExecuteCommand(s32 command, const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size)
+{
+	if ((((u32)in_data | (u32)out_data) & 0xF) != 0)
+		return -4;
+
+	if (key_size != 16 || iv_size != 16 || (data_size & 15) != 0)
+		return -4;
+
+	ioctlv* params = (ioctlv*)iosAlloc(__aes_hid, sizeof(ioctlv) * 4);
+	if (!params)
+		return -1;
+
+	s32 ret = -1;
+	for (u32 i = 0; i < data_size; i += AES_BLOCK_SIZE) {
+		u32 size = i+AES_BLOCK_SIZE >= data_size
+			? data_size - i
+			: AES_BLOCK_SIZE;
+
+		params[0].data	= (void*)((u32)in_data + i);
+		params[0].len	= size;
+		params[1].data	= (void*) key;
+		params[1].len	= key_size;
+		params[2].data	= (void*)((u32)out_data + i);
+		params[2].len	= size;
+		params[3].data	= iv;
+		params[3].len	= iv_size;
+
+		ret = IOS_Ioctlv(__aes_fd, command, 2, 2, params);
+		if (ret < 0)
+			break;
+	}
+
+	iosFree(__aes_hid, params);
+	return ret;
+}
+
+s32 AES_Init(void)
+{
+	if (__aes_fd >= 0)
+		return -1;
+
+	__aes_fd = IOS_Open("/dev/aes", 0);
+	if (__aes_fd < 0)
+		return __aes_fd;
+
+	//only create heap if it wasn't created yet.
+	//its never disposed, so only create once.
+	if(__aes_hid < 0)
+		__aes_hid = iosCreateHeap(AES_HEAPSIZE);
+
+	if (__aes_hid < 0) {
+		AES_Close();
+		return __aes_hid;
+	}
+
+	return 0;
+}
+
+s32 AES_Close(void)
+{
+	if (__aes_fd < 0)
+		return -1;
+
+	IOS_Close(__aes_fd);
+	__aes_fd = -1;
+
+	return 0;
+}
+
+s32 AES_Encrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size)
+{
+	return AES_ExecuteCommand(AES_IOCTLV_ENCRYPT, key, key_size, iv, iv_size, in_data, out_data, data_size);
+}
+
+s32 AES_Decrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size)
+{
+	return AES_ExecuteCommand(AES_IOCTLV_DECRYPT, key, key_size, iv, iv_size, in_data, out_data, data_size);
+}
+
+#endif
--- a/source/aes.h
+++ b/source/aes.h
@ -0,0 +1,53 @@
+/*-------------------------------------------------------------
+
+aes.h -- AES Engine
+
+Copyright (C) 2022
+GaryOderNichts 
+Joris 'DacoTaco' Vermeylen info@dacotaco.com
+
+This software is provided 'as-is', without any express or implied
+warranty.  In no event will the authors be held liable for any
+damages arising from the use of this software.
+
+Permission is granted to anyone to use this software for any
+purpose, including commercial applications, and to alter it and
+redistribute it freely, subject to the following restrictions:
+
+1.	The origin of this software must not be misrepresented; you
+must not claim that you wrote the original software. If you use
+this software in a product, an acknowledgment in the product
+documentation would be appreciated but is not required.
+
+2.	Altered source versions must be plainly marked as such, and
+must not be misrepresented as being the original software.
+
+3.	This notice may not be removed or altered from any source
+distribution.
+
+-------------------------------------------------------------*/
+
+
+#ifndef __AES_H___
+#define __AES_H___
+
+#if defined(HW_RVL)
+#include <gctypes.h>
+#include <gcutil.h>
+
+#define AES_BLOCK_SIZE 0x10000
+
+#ifdef __cplusplus
+	extern "C" {
+#endif /* __cplusplus */
+
+s32 AES_Init(void);
+s32 AES_Close(void);
+s32 AES_Decrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size);
+s32 AES_Encrypt(const void* key, u32 key_size, void* iv, u32 iv_size, const void* in_data, void* out_data, u32 data_size);
+
+#ifdef __cplusplus
+	}
+#endif /* __cplusplus */
+#endif
+#endif
--- a/source/wad.c
+++ b/source/wad.c
@ -2,11 +2,13 @@
 #include <string.h>
 #include <ogcsys.h>
 #include <ogc/pad.h>
+#include <ogc/es.h>
 #include <unistd.h>

 #include "sys.h"
 #include "title.h"
 #include "utils.h"
+#include "aes.h"
 #include "video.h"
 #include "wad.h"
 #include "wpad.h"
@ -286,7 +288,7 @@ static u32 GetSysMenuBootContent(void)
 		return 0;
 	}

-	ret = ES_GetStoredTMD(0x100000002LL, (u8*)s_tmd, size);
+	ret = ES_GetStoredTMD(0x100000002LL, s_tmd, size);
 	if (ret < 0)
 	{
 		printf("Error! ES_GetStoredTMD failed (ret=%i)\n", ret);
@ -550,17 +552,51 @@ out:
 	return ret;
 }

-void __Wad_FixTicket(signed_blob *p_tik)
-{
-	u8 *data = (u8 *)p_tik;
-	u8 *ckey = data + 0x1F1;
+static const aeskey
+	WiiCommonKey  = { 0xeb, 0xe4, 0x2a, 0x22, 0x5e, 0x85, 0x93, 0xe4, 0x48, 0xd9, 0xc5, 0x45, 0x73, 0x81, 0xaa, 0xf7 },
+	vWiiCommonKey = { 0x30, 0xbf, 0xc7, 0x6e, 0x7c, 0x19, 0xaf, 0xbb, 0x23, 0x16, 0x33, 0x30, 0xce, 0xd7, 0xc2, 0x8d };

+void __Wad_FixTicket(signed_blob *s_tik)
+{
+	tik* p_tik = SIGNATURE_PAYLOAD(s_tik);
+	u8 *ckey = ((u8*)s_tik) + 0x1F1;
+
+	/*
+	 * Alright. I'd hate to pull this off on signed tickets using the vWii common key.
+	 * But this already does it, just without re-crypting the title key. So let's do it.
+	 */
+	bool fixKey = *ckey == 2;
 	if (*ckey > 1) {
 		/* Set common key */
 		*ckey = 0;

+		/* Fix tickets using vWii Common Key */
+		if (fixKey)
+		{
+			__attribute__((aligned(0x10)))
+			static unsigned char keybuf[0x10], iv[0x10];
+
+			u8* titlekey = p_tik->cipher_title_key;
+			u64* titleid = &p_tik->titleid;
+
+			memcpy(keybuf, titlekey, sizeof(keybuf));
+			memcpy(iv, titleid, sizeof(u64));
+			memset(iv + 8, 0, sizeof(iv) - 8);
+
+			AES_Init();
+			AES_Decrypt(vWiiCommonKey, 0x10, iv, 0x10, keybuf, keybuf, sizeof(keybuf));
+
+			memcpy(iv, titleid, sizeof(u64));
+			memset(iv + 8, 0, sizeof(iv) - 8);
+
+			AES_Encrypt(WiiCommonKey, 0x10, iv, 0x10, keybuf, keybuf, sizeof(keybuf));
+
+			memcpy(titlekey, keybuf, sizeof(keybuf));
+			AES_Close();
+		}
+
 		/* Fakesign ticket */
-		Title_FakesignTik(p_tik);
+		Title_FakesignTik(s_tik);
 	}
 }