* nandBinCheck: check multiple versions of tickets instead of just the first one

This commit is contained in:
giantpune@gmail.com 2011-04-28 21:44:18 +00:00
parent 1617433aea
commit c75547111b

View File

@ -680,45 +680,86 @@ bool CheckTitleIntegrity( quint64 tid )
qDebug() << "error getting" << it << "data"; qDebug() << "error getting" << it << "data";
return false; return false;
} }
if( calcRsa ) if( i )//tmd
{ {
qint32 ch = check_cert_chain( ba ); t = Tmd( ba );
switch( ch ) if( t.Tid() != tid )
{ {
case ERROR_SIG_TYPE: qWarning() << "\tthe TMD contains the wrong TID";
case ERROR_SUB_TYPE: return false;
case ERROR_RSA_HASH: }
case ERROR_RSA_TYPE_UNKNOWN: if( calcRsa )
case ERROR_RSA_TYPE_MISMATCH: {
case ERROR_CERT_NOT_FOUND: qint32 ch = check_cert_chain( ba );
qWarning().nospace() << "\t" << qPrintable( it ) << " RSA signature isn't even close ( " << ch << " )"; switch( ch )
//return false; //maye in the future this will be true, but for now, this doesnt mean it wont boot {
break; case ERROR_SIG_TYPE:
case ERROR_RSA_FAKESIGNED: case ERROR_SUB_TYPE:
qWarning().nospace() << "\t" << qPrintable( it ) << " fakesigned"; case ERROR_RSA_HASH:
break; case ERROR_RSA_TYPE_UNKNOWN:
default: case ERROR_RSA_TYPE_MISMATCH:
break; case ERROR_CERT_NOT_FOUND:
} qWarning().nospace() << "\t" << qPrintable( it ) << " RSA signature isn't even close ( " << ch << " )";
} //return false; //maye in the future this will be true, but for now, this doesnt mean it wont boot
if( i ) break;
{ case ERROR_RSA_FAKESIGNED:
t = Tmd( ba ); qWarning().nospace() << "\t" << qPrintable( it ) << " fakesigned";
if( t.Tid() != tid ) break;
{ default:
qWarning() << "\tthe TMD contains the wrong TID"; break;
return false; }
} }
} }
else else
{ {
Ticket ticket( ba, false ); if( calcRsa )
if( ticket.Tid() != tid ) {
{ Ticket ticket( ba, false );
qWarning() << "\tthe ticket contains the wrong TID"; if( ticket.Tid() != tid )
return false; {
} qWarning() << "\tthe ticket contains the wrong TID";
} return false;
}
int tikVersions = ba.size() / 0x2a4;
qint32 ch = ERROR_RSA_TYPE_UNKNOWN;
bool ok = false;
for( int rr = 0; rr < tikVersions && !ok; rr++ )
{
ch = check_cert_chain( ba.mid( rr * 0x2a4, 0x2a4 ) );
switch( ch )
{
default:
break;
case ERROR_RSA_FAKESIGNED:
case ERROR_SUCCESS:
ok = true;
break;
}
}
switch( ch )
{
case ERROR_SIG_TYPE:
case ERROR_SUB_TYPE:
case ERROR_RSA_HASH:
case ERROR_RSA_TYPE_UNKNOWN:
case ERROR_RSA_TYPE_MISMATCH:
case ERROR_CERT_NOT_FOUND:
qWarning().nospace() << "\t" << qPrintable( it ) << " RSA signature isn't even close ( " << ch << " )";
//return false; //maye in the future this will be true, but for now, this doesnt mean it wont boot
break;
case ERROR_RSA_FAKESIGNED:
qWarning().nospace() << "\t" << qPrintable( it ) << " fakesigned";
break;
default:
break;
}
}
}
} }
if( upper == 0x10005 || upper == 0x10007 ) //dont try to verify all the contents of DLC, it will just find a bunch of missing contents and bitch about them if( upper == 0x10005 || upper == 0x10007 ) //dont try to verify all the contents of DLC, it will just find a bunch of missing contents and bitch about them