2010-12-18 22:07:58 +01:00
|
|
|
#include "../WiiQt/includes.h"
|
|
|
|
#include "../WiiQt/nandbin.h"
|
|
|
|
#include "../WiiQt/sharedcontentmap.h"
|
|
|
|
#include "../WiiQt/uidmap.h"
|
|
|
|
#include "../WiiQt/tools.h"
|
|
|
|
#include "../WiiQt/tiktmd.h"
|
|
|
|
|
|
|
|
|
|
|
|
//yippie for global variables
|
|
|
|
NandBin nand;
|
|
|
|
SharedContentMap sharedM;
|
|
|
|
UIDmap uidM;
|
|
|
|
QList< quint64 > tids;
|
|
|
|
QList< quint64 > validIoses;//dont put stubs in this list.
|
|
|
|
QTreeWidgetItem *root;
|
|
|
|
QList<quint16> fats;
|
2011-01-15 23:21:43 +01:00
|
|
|
quint32 verbose = 0;
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
|
|
|
|
bool CheckTitleIntegrity( quint64 tid );
|
|
|
|
|
|
|
|
void Usage()
|
|
|
|
{
|
|
|
|
qDebug() << "usage" << QCoreApplication::arguments().at( 0 ) << "nand.bin" << "<other options>";
|
|
|
|
qDebug() << "\nOther options:";
|
|
|
|
qDebug() << " -boot shows information about boot 1 and 2";
|
|
|
|
qDebug() << " -fs verify the filesystem is in tact";
|
|
|
|
qDebug() << " verifies presence of uid & content.map & checks the hashes in the content.map";
|
|
|
|
qDebug() << " check installed titles for RSA & sha1 validity";
|
|
|
|
qDebug() << " check installed titles for required IOS, proper uid & gid";
|
|
|
|
qDebug() << " -clInfo shows free, used, and lost ( marked used, but dont belong to any file ) clusters";
|
|
|
|
qDebug() << " -spare calculate & compare ecc for all pages in the nand";
|
2011-01-15 23:21:43 +01:00
|
|
|
qDebug() << " calculate & compare hmac signatures for all files and superblocks";
|
|
|
|
qDebug() << " -all does all of the above";
|
|
|
|
qDebug() << " -v increase verbosity";
|
2010-12-18 22:07:58 +01:00
|
|
|
exit( 1 );
|
|
|
|
}
|
|
|
|
|
|
|
|
void Fail( const QString& str )
|
|
|
|
{
|
|
|
|
qDebug() << str;
|
|
|
|
exit( 1 );
|
|
|
|
}
|
|
|
|
|
|
|
|
QString TidTxt( quint64 tid )
|
|
|
|
{
|
|
|
|
return QString( "%1" ).arg( tid, 16, 16, QChar( '0' ) );
|
|
|
|
}
|
|
|
|
|
|
|
|
void ShowBootInfo( quint8 boot1, QList<Boot2Info> boot2stuff )
|
|
|
|
{
|
|
|
|
switch( boot1 )
|
|
|
|
{
|
|
|
|
case BOOT_1_A:
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "Boot1 A (vulnerable)";
|
|
|
|
break;
|
2010-12-18 22:07:58 +01:00
|
|
|
case BOOT_1_B:
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "Boot1 B (vulnerable)";
|
|
|
|
break;
|
2010-12-18 22:07:58 +01:00
|
|
|
case BOOT_1_C:
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "Boot1 C (fixed)";
|
|
|
|
break;
|
2010-12-18 22:07:58 +01:00
|
|
|
case BOOT_1_D:
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "Boot1 D (fixed)";
|
|
|
|
break;
|
2010-12-18 22:07:58 +01:00
|
|
|
default:
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "unrecognized boot1 version";
|
|
|
|
break;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
quint16 cnt = boot2stuff.size();
|
|
|
|
if( !cnt )
|
2011-01-02 07:15:26 +01:00
|
|
|
Fail( "didnt find any boot2. this nand wont work" );
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
qDebug() << "found" << cnt << "copies of boot2";
|
|
|
|
for( quint16 i = 0; i < cnt; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
Boot2Info bi = boot2stuff.at( i );
|
|
|
|
QString str = QString( "blocks %1 & %2: " ).arg( bi.firstBlock ).arg( bi.secondBlock );
|
|
|
|
if( bi.state == BOOT_2_ERROR_PARSING || bi.state == BOOT_2_ERROR )
|
|
|
|
str += "parsing error";
|
2010-12-18 22:07:58 +01:00
|
|
|
else if( bi.state == BOOT_2_BAD_SIGNATURE )
|
2011-01-02 07:15:26 +01:00
|
|
|
str += "Bad RSA Signature";
|
2010-12-18 22:07:58 +01:00
|
|
|
else if( bi.state == BOOT_2_BAD_CONTENT_HASH )
|
2011-01-02 07:15:26 +01:00
|
|
|
str += "Content hash doesn't match TMD";
|
2010-12-18 22:07:58 +01:00
|
|
|
else if( bi.state == BOOT_2_ERROR_PARSING )
|
2011-01-02 07:15:26 +01:00
|
|
|
str += "Error parsing boot2";
|
2010-12-18 22:07:58 +01:00
|
|
|
else
|
|
|
|
{
|
|
|
|
|
2011-01-02 07:15:26 +01:00
|
|
|
if( bi.state & BOOT_2_MARKED_BAD )
|
|
|
|
str += "Marked as bad blocks; ";
|
|
|
|
else if( bi.state & BOOT_2_USED_TO_BOOT )
|
|
|
|
{
|
|
|
|
str += "Used for booting; ";
|
|
|
|
if( boot1 != BOOT_1_A && boot1 != BOOT_1_B
|
|
|
|
&& (( bi.state & BOOT_2_TIK_FAKESIGNED) ||
|
|
|
|
( bi.state & BOOT_2_TMD_FAKESIGNED ) ) )
|
|
|
|
Fail( "The version of boot1 installed doesn't have the strncmp bug and the copy of boot2 used for booting is fakesigned" );
|
|
|
|
}
|
|
|
|
else if( bi.state & BOOT_2_BACKUP_COPY )
|
|
|
|
str += "Backup copy; ";
|
|
|
|
|
|
|
|
|
|
|
|
str += "Content Sha1 matches TMD; ";
|
|
|
|
|
|
|
|
if( bi.state & BOOT_2_TMD_FAKESIGNED )
|
|
|
|
str += "TMD is fakesigned; ";
|
|
|
|
else if( bi.state & BOOT_2_TMD_SIG_OK )
|
|
|
|
str += "TMD officially signed; ";
|
|
|
|
else
|
|
|
|
str += "Error checking TMD; " ;
|
|
|
|
|
|
|
|
if( bi.state & BOOT_2_TIK_FAKESIGNED )
|
|
|
|
str += "Ticket is fakesigned; ";
|
|
|
|
else if( bi.state & BOOT_2_TIK_SIG_OK )
|
|
|
|
str += "Ticket officially signed; ";
|
|
|
|
else
|
|
|
|
str += "Error checking ticket; ";
|
|
|
|
|
|
|
|
QString ver;
|
|
|
|
switch( bi.version )
|
|
|
|
{
|
|
|
|
case BOOTMII_11:
|
|
|
|
ver = "BootMii 1.1";
|
|
|
|
break;
|
|
|
|
case BOOTMII_13:
|
|
|
|
ver = "BootMii 1.3";
|
|
|
|
break;
|
|
|
|
case BOOTMII_UNK:
|
|
|
|
ver = "BootMii (Unk)";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ver = QString( "Version %1" ).arg( bi.version );
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
str += ver;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
qDebug() << str;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
QTreeWidgetItem *FindItem( const QString &s, QTreeWidgetItem *parent )
|
|
|
|
{
|
|
|
|
int cnt = parent->childCount();
|
|
|
|
for( int i = 0; i <cnt; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
QTreeWidgetItem *r = parent->child( i );
|
|
|
|
if( r->text( 0 ) == s )
|
|
|
|
{
|
|
|
|
return r;
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
QTreeWidgetItem *ItemFromPath( const QString &path )
|
|
|
|
{
|
|
|
|
QTreeWidgetItem *item = root;
|
|
|
|
if( !path.startsWith( "/" ) || path.contains( "//" ))
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
return NULL;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
int slash = 1;
|
|
|
|
while( slash )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
int nextSlash = path.indexOf( "/", slash + 1 );
|
|
|
|
QString lookingFor = path.mid( slash, nextSlash - slash );
|
|
|
|
item = FindItem( lookingFor, item );
|
|
|
|
if( !item )
|
|
|
|
{
|
|
|
|
qWarning() << "ItemFromPath ->item not found" << path;
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
slash = nextSlash + 1;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
return item;
|
|
|
|
}
|
|
|
|
|
|
|
|
QString PathFromItem( QTreeWidgetItem *item )
|
|
|
|
{
|
|
|
|
QString ret;
|
|
|
|
while( item )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
ret.prepend( "/" + item->text( 0 ) );
|
|
|
|
item = item->parent();
|
|
|
|
if( item->text( 0 ) == "/" )// dont add the root
|
|
|
|
break;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
//get the installed titles in the nand - first check for tickets and then check for TMDs that match that ticket
|
|
|
|
QList< quint64 > InstalledTitles()
|
|
|
|
{
|
|
|
|
QList< quint64 > ret;
|
|
|
|
QTreeWidgetItem *tikFolder = ItemFromPath( "/ticket" );
|
|
|
|
if( !tikFolder )
|
2011-01-02 07:15:26 +01:00
|
|
|
Fail( "Couldnt find a ticket folder in this nand" );
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
quint16 subfc = tikFolder->childCount();
|
|
|
|
for( quint16 i = 0; i < subfc; i++ )//check all subfolders of "/ticket"
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
QTreeWidgetItem *subF = tikFolder->child( i );
|
2011-01-13 17:43:49 +01:00
|
|
|
//qDebug() << "checking folder" << subF->text( 0 );
|
2011-01-02 07:15:26 +01:00
|
|
|
bool ok = false;
|
2011-01-13 17:43:49 +01:00
|
|
|
quint32 upper = subF->text( 0 ).toUInt( &ok, 16 );//make sure it can be converted to int
|
2011-01-02 07:15:26 +01:00
|
|
|
if ( !ok )
|
|
|
|
continue;
|
|
|
|
|
|
|
|
quint16 subfc2 = subF->childCount();//get all entries in this subfolder
|
|
|
|
for( quint16 j = 0; j < subfc2; j++ )
|
|
|
|
{
|
|
|
|
QTreeWidgetItem *tikI = subF->child( j );
|
|
|
|
QString name = tikI->text( 0 );
|
2011-01-13 17:43:49 +01:00
|
|
|
//qDebug() << "checking item" << subF->text( 0 ) + "/" + name;
|
2011-01-02 07:15:26 +01:00
|
|
|
if( !name.endsWith( ".tik" ) )
|
|
|
|
{
|
2011-01-13 17:43:49 +01:00
|
|
|
//qDebug() << "!tik";
|
2011-01-02 07:15:26 +01:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
name.resize( 8 );
|
2011-01-13 17:43:49 +01:00
|
|
|
quint32 lower = name.toUInt( &ok, 16 );
|
2011-01-02 07:15:26 +01:00
|
|
|
if( !ok )
|
|
|
|
{
|
2011-01-13 17:43:49 +01:00
|
|
|
//qDebug() << "!ok";
|
2011-01-02 07:15:26 +01:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
//now see if there is a tmd
|
|
|
|
QTreeWidgetItem *tmdI = ItemFromPath( "/title/" + subF->text( 0 ) + "/" + name + "/content/title.tmd" );
|
|
|
|
if( !tmdI )
|
|
|
|
{
|
2011-01-13 17:43:49 +01:00
|
|
|
//qDebug() << "no tmd";
|
2011-01-02 07:15:26 +01:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
quint64 tid = (( (quint64)upper << 32) | lower );
|
2011-01-13 17:43:49 +01:00
|
|
|
//qDebug() << "adding item to list" << TidTxt( tid );
|
2011-01-02 07:15:26 +01:00
|
|
|
ret << tid;
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
2011-01-13 17:43:49 +01:00
|
|
|
qSort( ret.begin(), ret.end() );
|
2010-12-18 22:07:58 +01:00
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
void CheckShared()
|
|
|
|
{
|
|
|
|
QByteArray ba = nand.GetData( "/shared1/content.map" );
|
|
|
|
if( ba.isEmpty() )
|
2011-01-02 07:15:26 +01:00
|
|
|
Fail( "No content map found in the nand" );
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
sharedM = SharedContentMap( ba );
|
|
|
|
quint16 cnt = sharedM.Count();
|
|
|
|
for( quint16 i = 0; i < cnt; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
QString path = "/shared1/" + sharedM.Cid( i ) + ".app";
|
|
|
|
qDebug() << "checking" << path << "...";
|
|
|
|
QByteArray stuff = nand.GetData( path );
|
|
|
|
if( stuff.isEmpty() )
|
|
|
|
Fail( "One of the shared contents in this nand is missing" );
|
|
|
|
|
|
|
|
QByteArray realHash = GetSha1( stuff );
|
|
|
|
if( realHash != sharedM.Hash( i ) )
|
|
|
|
Fail( "The hash for at least 1 content is bad" );
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void BuildGoodIosList()
|
|
|
|
{
|
|
|
|
foreach( quint64 tid, tids )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
quint32 upper = ( tid >> 32 ) & 0xffffffff;
|
|
|
|
if( upper != 1 )
|
|
|
|
continue;
|
|
|
|
|
|
|
|
quint32 lower = tid & 0xffffffff;
|
|
|
|
|
|
|
|
if( lower < 3 || lower > 255 )
|
|
|
|
continue;
|
|
|
|
|
|
|
|
QString tmdp = TidTxt( tid );
|
|
|
|
tmdp.insert( 8, "/" );
|
|
|
|
tmdp.prepend( "/title/" );
|
|
|
|
tmdp += "/content/title.tmd";
|
|
|
|
QByteArray ba = nand.GetData( tmdp );
|
|
|
|
if( ba.isEmpty() )
|
|
|
|
continue;
|
|
|
|
|
|
|
|
Tmd t( ba ); //skip stubbzzzzz
|
|
|
|
if( !( t.Version() % 0x100 ) && //version is a nice pretty round number
|
|
|
|
t.Count() == 3 && //3 contents, 1 private and 2 shared
|
|
|
|
t.Type( 0 ) == 1 &&
|
|
|
|
t.Type( 1 ) == 0x8001 &&
|
|
|
|
t.Type( 2 ) == 0x8001 )
|
|
|
|
{
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if( !CheckTitleIntegrity( tid ) )
|
|
|
|
continue;
|
|
|
|
|
|
|
|
validIoses << tid;//seems good enough. add it to the list
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-01-13 17:43:49 +01:00
|
|
|
bool RecurseCheckGidUid( QTreeWidgetItem *item, const QString &uidS, const QString &gidS, const QString &path )
|
|
|
|
{
|
|
|
|
bool ret = true;
|
|
|
|
quint16 cnt = item->childCount();
|
|
|
|
for( quint16 i = 0; i < cnt; i++ )
|
|
|
|
{
|
|
|
|
QTreeWidgetItem *child = item->child( i );
|
|
|
|
if( child->text( 3 ) != uidS || !child->text( 4 ).startsWith( gidS ) )
|
|
|
|
{
|
|
|
|
ret = false;
|
|
|
|
qDebug() << "\tincorrect uid/gid for" << QString( path + child->text( 0 ) );
|
|
|
|
}
|
|
|
|
if( !RecurseCheckGidUid( child, uidS, gidS, path + child->text( 0 ) + "/" ) )
|
|
|
|
ret = false;
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2010-12-18 22:07:58 +01:00
|
|
|
bool CheckTitleIntegrity( quint64 tid )
|
|
|
|
{
|
|
|
|
if( validIoses.contains( tid ) )//this one has already been checked
|
2011-01-02 07:15:26 +01:00
|
|
|
return true;
|
2010-12-19 23:24:54 +01:00
|
|
|
|
2010-12-18 22:07:58 +01:00
|
|
|
qDebug() << "Checking" << TidTxt( tid ).insert( 8, "-" ) << "...";
|
|
|
|
QString p = TidTxt( tid );
|
|
|
|
p.insert( 8 ,"/" );
|
|
|
|
QString tikp = p;
|
|
|
|
tikp.prepend( "/ticket/" );
|
|
|
|
tikp += ".tik";
|
|
|
|
|
|
|
|
QString tmdp = p;
|
|
|
|
tmdp.prepend( "/title/" );
|
|
|
|
tmdp += "/content/title.tmd";
|
|
|
|
|
|
|
|
Tmd t;
|
|
|
|
//check the presence of the tmd & ticket. also check their signatures
|
|
|
|
//remember the tmd for checking the actual contents
|
|
|
|
for( quint8 i = 0; i < 2; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
QString it = ( i ? "tmd" : "ticket" );
|
|
|
|
QByteArray ba = nand.GetData( i ? tmdp : tikp );
|
|
|
|
if( ba.isEmpty() )
|
|
|
|
{
|
|
|
|
qDebug() << "error getting" << it << "data";
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
switch( check_cert_chain( ba ) )
|
|
|
|
{
|
|
|
|
case ERROR_SIG_TYPE:
|
|
|
|
case ERROR_SUB_TYPE:
|
|
|
|
case ERROR_RSA_HASH:
|
|
|
|
case ERROR_RSA_TYPE_UNKNOWN:
|
|
|
|
case ERROR_RSA_TYPE_MISMATCH:
|
|
|
|
case ERROR_CERT_NOT_FOUND:
|
|
|
|
qDebug() << "\t" << it << "RSA signature isn't even close";
|
|
|
|
//return false; //maye in the future this will be true, but for now, this doesnt mean it wont boot
|
|
|
|
break;
|
|
|
|
case ERROR_RSA_FAKESIGNED:
|
|
|
|
qDebug() << "\t" << it << "fakesigned";
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if( i )
|
|
|
|
{
|
|
|
|
t = Tmd( ba );
|
|
|
|
if( t.Tid() != tid )
|
|
|
|
{
|
2011-01-15 23:21:43 +01:00
|
|
|
qDebug() << "\tthe TMD contains the wrong TID";
|
2011-01-02 07:15:26 +01:00
|
|
|
return false;
|
|
|
|
}
|
2011-01-15 23:21:43 +01:00
|
|
|
if( verbose )
|
|
|
|
{
|
|
|
|
qDebug() << "\tversion:" << t.Version() << hex << t.Version();
|
2011-01-16 15:40:14 +01:00
|
|
|
if( t.AccessFlags() )
|
|
|
|
qDebug() << "\taccess :" << hex << t.AccessFlags();
|
2011-01-15 23:21:43 +01:00
|
|
|
}
|
2011-01-02 07:15:26 +01:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2011-01-13 17:43:49 +01:00
|
|
|
Ticket ticket( ba, false );
|
2011-01-02 07:15:26 +01:00
|
|
|
if( ticket.Tid() != tid )
|
|
|
|
{
|
2011-01-15 23:21:43 +01:00
|
|
|
qDebug() << "\tthe ticket contains the wrong TID";
|
2011-01-02 07:15:26 +01:00
|
|
|
return false;
|
2011-01-15 23:21:43 +01:00
|
|
|
}
|
2011-01-02 07:15:26 +01:00
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
|
2010-12-19 23:24:54 +01:00
|
|
|
quint32 upper = ((tid >>32 ) & 0xffffffff);
|
|
|
|
if( upper == 0x10005 || upper == 0x10007 ) //dont try to verify all the contents of DLC, it will just find a bunch of missing contents and bitch about them
|
2011-01-02 07:15:26 +01:00
|
|
|
return true;
|
2010-12-19 23:24:54 +01:00
|
|
|
|
|
|
|
|
2010-12-18 22:07:58 +01:00
|
|
|
quint16 cnt = t.Count();
|
|
|
|
for( quint16 i = 0; i < cnt; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
if( t.Type( i ) == 0x8001 )//shared
|
|
|
|
{
|
|
|
|
if( sharedM.GetAppFromHash( t.Hash( i ) ).isEmpty() )
|
|
|
|
{
|
2011-01-13 17:43:49 +01:00
|
|
|
qDebug() << "\tone of the shared contents is missing";
|
2011-01-02 07:15:26 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else//private
|
|
|
|
{
|
|
|
|
QString cid = t.Cid( i );
|
|
|
|
QString pA = tmdp;
|
|
|
|
pA.resize( 33 );
|
|
|
|
pA += cid + ".app";
|
|
|
|
QByteArray ba = nand.GetData( pA );
|
|
|
|
if( ba.isEmpty() )
|
|
|
|
{
|
2011-01-13 17:43:49 +01:00
|
|
|
qDebug() << "\t error reading one of the private contents" << pA;
|
2011-01-02 07:15:26 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
QByteArray realH = GetSha1( ba );
|
|
|
|
if( realH != t.Hash( i ) )
|
|
|
|
{
|
|
|
|
qDebug() << "\tone of the private contents' hash doesnt check out" << i << pA <<
|
|
|
|
"\n\texpected" << t.Hash( i ).toHex() <<
|
|
|
|
"\n\tactual " << realH.toHex();
|
|
|
|
//return false; //dont return false, as this this title may still boot
|
|
|
|
}
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
quint64 ios = t.IOS();
|
|
|
|
if( ios && !validIoses.contains( ios ) )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "\tthe IOS for this title is not bootable\n\t" << TidTxt( ios ).insert( 8, "-" ) ;
|
|
|
|
return false;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
quint32 uid = uidM.GetUid( tid, false );
|
|
|
|
if( !uid )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "\tthis title has no UID entry";
|
|
|
|
return false;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
|
2010-12-19 23:24:54 +01:00
|
|
|
//make sure all the stuff in this title's data directory belongs to it, and all the contents belong to nobody
|
|
|
|
//( im looking at you priibricker & dop-mii )
|
2010-12-18 22:07:58 +01:00
|
|
|
QString dataP = tmdp;
|
|
|
|
dataP.resize( 25 );
|
|
|
|
dataP += "data";
|
|
|
|
QTreeWidgetItem *dataI = ItemFromPath( dataP );
|
|
|
|
if( dataI )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
quint16 gid = t.Gid();
|
|
|
|
QString uidS = QString( "%1" ).arg( uid, 8, 16, QChar( '0' ) );
|
|
|
|
QString gidS = QString( "%1" ).arg( gid, 4, 16, QChar( '0' ) );
|
|
|
|
if( dataI->text( 3 ) != uidS || !dataI->text( 4 ).startsWith( gidS ) )//dont necessarily fail for this. the title will still be bootable without its data
|
|
|
|
qDebug() << "\tincorrect uid/gid for data folder";
|
2011-01-13 17:43:49 +01:00
|
|
|
|
|
|
|
RecurseCheckGidUid( dataI, uidS, gidS, "data/" );
|
|
|
|
/*quint16 cnt = dataI->childCount();
|
2011-01-02 07:15:26 +01:00
|
|
|
for( quint16 i = 0; i < cnt; i++ )
|
|
|
|
{
|
|
|
|
QTreeWidgetItem *item = dataI->child( i );
|
|
|
|
if( item->text( 3 ) != uidS || !item->text( 4 ).startsWith( gidS ) )
|
|
|
|
qDebug() << "\tincorrect uid/gid for" << QString( "data/" + item->text( 0 ) );
|
2011-01-13 17:43:49 +01:00
|
|
|
}*/
|
2010-12-19 23:24:54 +01:00
|
|
|
}
|
|
|
|
dataP.resize( 25 );
|
|
|
|
dataP += "content";
|
|
|
|
dataI = ItemFromPath( dataP );
|
|
|
|
if( dataI )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
quint16 cnt = dataI->childCount();
|
|
|
|
for( quint16 i = 0; i < cnt; i++ )
|
|
|
|
{
|
|
|
|
QTreeWidgetItem *item = dataI->child( i );
|
|
|
|
if( item->text( 3 ) != "00000000" || !item->text( 4 ).startsWith( "0000" ) )
|
|
|
|
qDebug() << "\tincorrect uid/gid for" << QString( "content/" + item->text( 0 ) );
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
void CheckLostClusters()
|
|
|
|
{
|
|
|
|
QList<quint16> u = nand.GetFatsForEntry( 0 );//all clusters actually used for a file
|
|
|
|
qDebug() << "total used clusters" << hex << u.size() << "of 0x8000";
|
|
|
|
quint16 lost = 0;
|
|
|
|
QList<quint16> ffs;
|
|
|
|
QList<quint16> frs;
|
|
|
|
fats = nand.GetFats();
|
|
|
|
for( quint16 i = 0; i < 0x8000; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
if( u.contains( fats.at( i ) ) )//this cluster is really used
|
|
|
|
continue;
|
|
|
|
switch( fats.at( i ) )
|
|
|
|
{
|
|
|
|
case 0xFFFB:
|
|
|
|
case 0xFFFC:
|
|
|
|
case 0xFFFD:
|
|
|
|
break;
|
|
|
|
case 0xFFFE:
|
|
|
|
frs << i;
|
|
|
|
break;
|
|
|
|
case 0xFFFF:
|
|
|
|
ffs << i;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
lost++;
|
|
|
|
//qDebug() << hex << i << fats.at( i );
|
|
|
|
break;
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
qDebug() << "found" << lost << "lost clusters\nUNK ( 0xffff )" << hex << ffs.size() << ffs <<
|
2011-01-02 07:15:26 +01:00
|
|
|
"\nfree " << frs.size();
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
void CheckEcc()
|
|
|
|
{
|
|
|
|
QList< quint32 > bad;
|
|
|
|
QList< quint16 > clusters;
|
|
|
|
fats = nand.GetFats();
|
|
|
|
quint32 checked = 0;
|
|
|
|
quint16 badClustersNotSpecial = 0;
|
|
|
|
for( quint16 i = 0; i < 0x8000; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
if( fats.at( i ) == 0xfffd || fats.at( i ) == 0xfffe )
|
|
|
|
continue;
|
|
|
|
//qDebug() << hex << i;
|
|
|
|
|
|
|
|
for( quint8 j = 0; j < 8; j++, checked += 8 )
|
|
|
|
{
|
|
|
|
quint32 page = ( i * 8 ) + j;
|
|
|
|
if( !nand.CheckEcc( page ) )
|
|
|
|
{
|
|
|
|
bad << page;
|
|
|
|
if( !clusters.contains( i ) )
|
|
|
|
clusters << i;
|
|
|
|
}
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
QList< quint16 > blocks;
|
|
|
|
QList< quint16 > clustersCpy = clusters;
|
|
|
|
|
|
|
|
while( clustersCpy.size() )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
quint16 p = clustersCpy.takeFirst();
|
|
|
|
if( fats.at( p ) < 0xfff0 )
|
|
|
|
badClustersNotSpecial ++;
|
|
|
|
//qDebug() << p << hex << fats.at( p );
|
|
|
|
quint16 block = p/8;
|
|
|
|
if( !blocks.contains( block ) )
|
|
|
|
blocks << block;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
/*QList< quint32 > badCpy = bad;
|
|
|
|
while( badCpy.size() )
|
|
|
|
{
|
|
|
|
quint16 p = badCpy.takeFirst();
|
|
|
|
quint16 block = p/64;
|
|
|
|
if( !blocks.contains( block ) )
|
|
|
|
blocks << block;
|
|
|
|
}*/
|
|
|
|
qDebug() << bad.size() << "out of" << checked << "pages had incorrect ecc.\nthey were spread through"
|
2011-01-02 07:15:26 +01:00
|
|
|
<< clusters.size() << "clusters in" << blocks.size() << "blocks:\n" << blocks;
|
2010-12-18 22:07:58 +01:00
|
|
|
qDebug() << badClustersNotSpecial << "of those clusters are non-special (they belong to the fs)";
|
|
|
|
//qDebug() << bad;
|
|
|
|
}
|
|
|
|
|
|
|
|
void SetUpTree()
|
|
|
|
{
|
|
|
|
if( root )
|
2011-01-02 07:15:26 +01:00
|
|
|
return;
|
2010-12-18 22:07:58 +01:00
|
|
|
QTreeWidgetItem *r = nand.GetTree();
|
|
|
|
if( r->childCount() != 1 || r->child( 0 )->text( 0 ) != "/" )
|
2011-01-02 07:15:26 +01:00
|
|
|
Fail( "The nand FS is seriously broken. I Couldn't even find a correct root" );
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
root = r->takeChild( 0 );
|
|
|
|
delete r;
|
|
|
|
}
|
|
|
|
|
|
|
|
int RecurseCountFiles( QTreeWidgetItem *dir )
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
quint16 cnt = dir->childCount();
|
|
|
|
for( quint16 i = 0; i < cnt; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
QTreeWidgetItem *item = dir->child( i );
|
|
|
|
if( item->text( 7 ).startsWith( "02" ) )
|
|
|
|
ret += RecurseCountFiles( item );
|
|
|
|
else
|
|
|
|
{
|
|
|
|
ret++;
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
int RecurseCheckHmac( QTreeWidgetItem *dir )
|
|
|
|
{
|
|
|
|
int ret = 0;
|
|
|
|
quint16 cnt = dir->childCount();
|
|
|
|
for( quint16 i = 0; i < cnt; i++ )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
QTreeWidgetItem *item = dir->child( i );
|
|
|
|
if( item->text( 7 ).startsWith( "02" ) )
|
|
|
|
ret += RecurseCheckHmac( item );
|
|
|
|
else
|
|
|
|
{
|
|
|
|
bool ok = false;
|
|
|
|
quint16 entry = item->text( 1 ).toInt( &ok );
|
|
|
|
if( !ok )
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if( !nand.CheckHmacData( entry ) )
|
|
|
|
{
|
|
|
|
qDebug() << "bad HMAC for" << PathFromItem( item );
|
|
|
|
ret++;
|
|
|
|
}
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
void CheckHmac()
|
|
|
|
{
|
|
|
|
quint16 total = RecurseCountFiles( root );
|
|
|
|
qDebug() << "verifying hmac for" << total << "files";
|
|
|
|
quint16 bad = RecurseCheckHmac( root );
|
|
|
|
qDebug() << bad << "files had bad HMAC data";
|
|
|
|
qDebug() << "checking HMAC for superclusters...";
|
|
|
|
QList<quint16> sclBad;
|
|
|
|
for( quint16 i = 0x7f00; i < 0x8000; i += 0x10 )
|
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
if( !nand.CheckHmacMeta( i ) )
|
|
|
|
sclBad << i;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
qDebug() << sclBad.size() << "superClusters had bad HMAC data";
|
|
|
|
if( sclBad.size() )
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << sclBad;
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int main( int argc, char *argv[] )
|
|
|
|
{
|
|
|
|
QCoreApplication a( argc, argv );
|
2011-01-13 17:43:49 +01:00
|
|
|
QStringList args = QCoreApplication::arguments();
|
|
|
|
if( args.size() < 2 )
|
2011-01-02 07:15:26 +01:00
|
|
|
Usage();
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
if( !QFile( args.at( 1 ) ).exists() )
|
2011-01-02 07:15:26 +01:00
|
|
|
Usage();
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
if( !nand.SetPath( args.at( 1 ) ) || !nand.InitNand() )
|
2011-01-02 07:15:26 +01:00
|
|
|
Fail( "Error setting path to nand object" );
|
2010-12-18 22:07:58 +01:00
|
|
|
|
|
|
|
root = NULL;
|
|
|
|
|
2011-01-15 23:21:43 +01:00
|
|
|
verbose = args.count( "-v" );
|
|
|
|
|
2010-12-18 22:07:58 +01:00
|
|
|
//these only serve to show info. no action is taken
|
2010-12-21 21:01:39 +01:00
|
|
|
if( args.contains( "-boot", Qt::CaseInsensitive ) || args.contains( "-all", Qt::CaseInsensitive ) )
|
2010-12-18 22:07:58 +01:00
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "checking boot1 & 2...";
|
|
|
|
ShowBootInfo( nand.Boot1Version(), nand.Boot2Infos() );
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
|
2010-12-21 21:01:39 +01:00
|
|
|
if( args.contains( "-fs", Qt::CaseInsensitive ) || args.contains( "-all", Qt::CaseInsensitive ) )
|
2010-12-18 22:07:58 +01:00
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "checking uid.sys...";
|
|
|
|
QByteArray ba = nand.GetData( "/sys/uid.sys" );
|
|
|
|
if( ba.isEmpty() )
|
|
|
|
Fail( "No uid map found in the nand" );
|
|
|
|
uidM = UIDmap( ba );
|
|
|
|
uidM.Check(); //dont really take action, the check should spit out info if there is an error. not all errors are fatal
|
|
|
|
|
|
|
|
qDebug() << "checking content.map...";
|
|
|
|
CheckShared(); //check for the presence of the content.map as well as verify all the hashes
|
|
|
|
|
|
|
|
SetUpTree();
|
|
|
|
|
|
|
|
tids = InstalledTitles();
|
|
|
|
|
|
|
|
qDebug() << "found" << tids.size() << "titles installed";
|
|
|
|
BuildGoodIosList();
|
|
|
|
qDebug() << "found" << validIoses.size() << "bootable IOS";
|
|
|
|
foreach( quint64 tid, tids )
|
|
|
|
{
|
|
|
|
CheckTitleIntegrity( tid );
|
|
|
|
//if( !CheckTitleIntegrity( tid ) && tid == 0x100000002ull ) //well, this SHOULD be the case. but nintendo doesnt care so much about
|
|
|
|
//Fail( "The System menu isnt valid" ); //checking signatures & hashes as the rest of us.
|
|
|
|
}
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
|
2010-12-21 21:01:39 +01:00
|
|
|
if( args.contains( "-clInfo", Qt::CaseInsensitive ) || args.contains( "-all", Qt::CaseInsensitive ) )
|
2010-12-18 22:07:58 +01:00
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "checking for lost clusters...";
|
|
|
|
CheckLostClusters();
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
|
2010-12-21 21:01:39 +01:00
|
|
|
if( args.contains( "-spare", Qt::CaseInsensitive ) || args.contains( "-all", Qt::CaseInsensitive ) )
|
2010-12-18 22:07:58 +01:00
|
|
|
{
|
2011-01-02 07:15:26 +01:00
|
|
|
qDebug() << "verifying ecc...";
|
|
|
|
CheckEcc();
|
2010-12-18 22:07:58 +01:00
|
|
|
|
2011-01-02 07:15:26 +01:00
|
|
|
SetUpTree();
|
|
|
|
qDebug() << "verifying hmac...";
|
|
|
|
CheckHmac();
|
2010-12-18 22:07:58 +01:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|