mirror of
https://github.com/Atmosphere-NX/Atmosphere
synced 2024-12-22 04:11:18 +00:00
fusee/exo/sept: fix dev key derivation
This commit is contained in:
parent
9df7f0aada
commit
471bc7cc92
9 changed files with 83 additions and 23 deletions
2
Makefile
2
Makefile
|
@ -73,6 +73,8 @@ dist-no-debug: all
|
|||
cp sept/sept-secondary/sept-secondary.bin atmosphere-$(AMSVER)/sept/sept-secondary.bin
|
||||
cp sept/sept-secondary/sept-secondary_00.enc atmosphere-$(AMSVER)/sept/sept-secondary_00.enc
|
||||
cp sept/sept-secondary/sept-secondary_01.enc atmosphere-$(AMSVER)/sept/sept-secondary_01.enc
|
||||
cp sept/sept-secondary/sept-secondary_dev_00.enc atmosphere-$(AMSVER)/sept/sept-secondary_dev_00.enc
|
||||
cp sept/sept-secondary/sept-secondary_dev_01.enc atmosphere-$(AMSVER)/sept/sept-secondary_dev_01.enc
|
||||
cp config_templates/BCT.ini atmosphere-$(AMSVER)/atmosphere/config/BCT.ini
|
||||
cp config_templates/override_config.ini atmosphere-$(AMSVER)/atmosphere/config_templates/override_config.ini
|
||||
cp config_templates/system_settings.ini atmosphere-$(AMSVER)/atmosphere/config_templates/system_settings.ini
|
||||
|
|
|
@ -281,8 +281,10 @@ uint32_t fuse_get_expected_fuse_version(uint32_t target_firmware) {
|
|||
if (target_firmware > ATMOSPHERE_TARGET_FIRMWARE_COUNT) {
|
||||
generic_panic();
|
||||
}
|
||||
|
||||
return expected_versions[target_firmware];
|
||||
if (fuse_get_retail_type() != 0)
|
||||
return expected_versions[target_firmware];
|
||||
else
|
||||
return (target_firmware > ATMOSPHERE_TARGET_FIRMWARE_200) ? 1 : 0;
|
||||
}
|
||||
|
||||
/* Check for RCM bug patches. */
|
||||
|
|
|
@ -42,9 +42,9 @@ static const uint8_t mkey_vectors_dev[MASTERKEY_REVISION_MAX][0x10] =
|
|||
{0x78, 0xD5, 0xF1, 0x20, 0x3D, 0x16, 0xE9, 0x30, 0x32, 0x27, 0x34, 0x6F, 0xCF, 0xE0, 0x27, 0xDC}, /* Master key 04 encrypted with Master key 05. */
|
||||
{0x6F, 0xD2, 0x84, 0x1D, 0x05, 0xEC, 0x40, 0x94, 0x5F, 0x18, 0xB3, 0x81, 0x09, 0x98, 0x8D, 0x4E}, /* Master key 05 encrypted with Master key 06. */
|
||||
{0x37, 0xAF, 0xAB, 0x35, 0x79, 0x09, 0xD9, 0x48, 0x29, 0xD2, 0xDB, 0xA5, 0xA5, 0xF5, 0x30, 0x19}, /* Master key 06 encrypted with Master key 07. */
|
||||
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 07 encrypted with Master key 08. */
|
||||
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 08 encrypted with Master key 09. */
|
||||
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 09 encrypted with Master key 0A. */
|
||||
{0xEC, 0xE1, 0x46, 0x89, 0x37, 0xFD, 0xD2, 0x15, 0x8C, 0x3F, 0x24, 0x82, 0xEF, 0x49, 0x68, 0x04}, /* Master key 07 encrypted with Master key 08. */
|
||||
{0x43, 0x3D, 0xC5, 0x3B, 0xEF, 0x91, 0x02, 0x21, 0x61, 0x54, 0x63, 0x8A, 0x35, 0xE7, 0xCA, 0xEE}, /* Master key 08 encrypted with Master key 09. */
|
||||
{0x6C, 0x2E, 0xCD, 0xB3, 0x34, 0x61, 0x77, 0xF5, 0xF9, 0xB1, 0xDD, 0x61, 0x98, 0x19, 0x3E, 0xD4}, /* Master key 09 encrypted with Master key 0A. */
|
||||
};
|
||||
|
||||
/* Retail unit keys. */
|
||||
|
@ -76,7 +76,7 @@ bool check_mkey_revision(unsigned int revision, bool is_retail) {
|
|||
}
|
||||
}
|
||||
|
||||
se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, mkey_vectors[0], 0x10);
|
||||
se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, is_retail ? mkey_vectors[0] : mkey_vectors_dev[0], 0x10);
|
||||
for (unsigned int i = 0; i < 0x10; i++) {
|
||||
if (final_vector[i] != 0) {
|
||||
return false;
|
||||
|
|
|
@ -100,7 +100,7 @@ KIPFILES := loader.kip pm.kip sm.kip ams_mitm.kip spl.kip boot.kip
|
|||
BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*))) fusee-primary.bin \
|
||||
exosphere.bin lp0fw.bin rebootstub.bin thermosphere.bin splash_screen.bmp \
|
||||
sept-primary.bin sept-secondary_00.enc sept-secondary_01.enc emummc.kip \
|
||||
kernel_ldr.bin $(KIPFILES)
|
||||
sept-secondary_dev_00.enc sept-secondary_dev_01.enc kernel_ldr.bin $(KIPFILES)
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
# use CXX for linking C++ projects, CC for standard C
|
||||
|
@ -221,6 +221,16 @@ sept_secondary_01.enc.o sept_secondary_01_enc.h: sept-secondary_01.enc
|
|||
#---------------------------------------------------------------------------------
|
||||
@echo $(notdir $<)
|
||||
@$(_bin2o)
|
||||
|
||||
sept_secondary_dev_00.enc.o sept_secondary_dev_00_enc.h: sept-secondary_dev_00.enc
|
||||
#---------------------------------------------------------------------------------
|
||||
@echo $(notdir $<)
|
||||
@$(_bin2o)
|
||||
|
||||
sept_secondary_dev_01.enc.o sept_secondary_dev_01_enc.h: sept-secondary_dev_01.enc
|
||||
#---------------------------------------------------------------------------------
|
||||
@echo $(notdir $<)
|
||||
@$(_bin2o)
|
||||
|
||||
%.bin.o %_bin.h: %.bin
|
||||
#---------------------------------------------------------------------------------
|
||||
|
|
|
@ -39,10 +39,9 @@ static const uint8_t mkey_vectors_dev[MASTERKEY_REVISION_MAX][0x10] =
|
|||
{0x78, 0xD5, 0xF1, 0x20, 0x3D, 0x16, 0xE9, 0x30, 0x32, 0x27, 0x34, 0x6F, 0xCF, 0xE0, 0x27, 0xDC}, /* Master key 04 encrypted with Master key 05. */
|
||||
{0x6F, 0xD2, 0x84, 0x1D, 0x05, 0xEC, 0x40, 0x94, 0x5F, 0x18, 0xB3, 0x81, 0x09, 0x98, 0x8D, 0x4E}, /* Master key 05 encrypted with Master key 06. */
|
||||
{0x37, 0xAF, 0xAB, 0x35, 0x79, 0x09, 0xD9, 0x48, 0x29, 0xD2, 0xDB, 0xA5, 0xA5, 0xF5, 0x30, 0x19}, /* Master key 06 encrypted with Master key 07. */
|
||||
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 07 encrypted with Master key 08. */
|
||||
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 08 encrypted with Master key 09. */
|
||||
{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, /* TODO: Master key 09 encrypted with Master key 0A. */
|
||||
};
|
||||
{0xEC, 0xE1, 0x46, 0x89, 0x37, 0xFD, 0xD2, 0x15, 0x8C, 0x3F, 0x24, 0x82, 0xEF, 0x49, 0x68, 0x04}, /* Master key 07 encrypted with Master key 08. */
|
||||
{0x43, 0x3D, 0xC5, 0x3B, 0xEF, 0x91, 0x02, 0x21, 0x61, 0x54, 0x63, 0x8A, 0x35, 0xE7, 0xCA, 0xEE}, /* Master key 08 encrypted with Master key 09. */
|
||||
{0x6C, 0x2E, 0xCD, 0xB3, 0x34, 0x61, 0x77, 0xF5, 0xF9, 0xB1, 0xDD, 0x61, 0x98, 0x19, 0x3E, 0xD4}, /* Master key 09 encrypted with Master key 0A. */ };
|
||||
|
||||
/* Retail unit keys. */
|
||||
static const uint8_t mkey_vectors[MASTERKEY_REVISION_MAX][0x10] =
|
||||
|
@ -73,7 +72,7 @@ static bool check_mkey_revision(unsigned int revision, bool is_retail) {
|
|||
}
|
||||
}
|
||||
|
||||
se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, mkey_vectors[0], 0x10);
|
||||
se_aes_ecb_decrypt_block(check_keyslot, final_vector, 0x10, is_retail ? mkey_vectors[0] : mkey_vectors_dev[0], 0x10);
|
||||
for (unsigned int i = 0; i < 0x10; i++) {
|
||||
if (final_vector[i] != 0) {
|
||||
return false;
|
||||
|
|
|
@ -56,6 +56,8 @@
|
|||
#include "exosphere_bin.h"
|
||||
#include "sept_secondary_00_enc.h"
|
||||
#include "sept_secondary_01_enc.h"
|
||||
#include "sept_secondary_dev_00_enc.h"
|
||||
#include "sept_secondary_dev_01_enc.h"
|
||||
#include "lp0fw_bin.h"
|
||||
#include "emummc_kip.h"
|
||||
#undef u8
|
||||
|
@ -607,11 +609,21 @@ uint32_t nxboot_main(void) {
|
|||
}
|
||||
|
||||
if (tsec_fw_size == 0x3000) {
|
||||
sept_secondary_enc = sept_secondary_00_enc;
|
||||
sept_secondary_enc_size = sept_secondary_00_enc_size;
|
||||
if (fuse_get_retail_type() != 0) {
|
||||
sept_secondary_enc = sept_secondary_00_enc;
|
||||
sept_secondary_enc_size = sept_secondary_00_enc_size;
|
||||
} else {
|
||||
sept_secondary_enc = sept_secondary_dev_00_enc;
|
||||
sept_secondary_enc_size = sept_secondary_dev_00_enc_size;
|
||||
}
|
||||
} else if (tsec_fw_size == 0x3300) {
|
||||
sept_secondary_enc = sept_secondary_01_enc;
|
||||
sept_secondary_enc_size = sept_secondary_01_enc_size;
|
||||
if (fuse_get_retail_type() != 0) {
|
||||
sept_secondary_enc = sept_secondary_01_enc;
|
||||
sept_secondary_enc_size = sept_secondary_01_enc_size;
|
||||
} else {
|
||||
sept_secondary_enc = sept_secondary_dev_01_enc;
|
||||
sept_secondary_enc_size = sept_secondary_dev_01_enc_size;
|
||||
}
|
||||
} else {
|
||||
fatal_error("[NXBOOT] Unable to identify sept revision to run.");
|
||||
}
|
||||
|
@ -620,12 +632,22 @@ uint32_t nxboot_main(void) {
|
|||
fatal_error("[NXBOOT] Failed to read the TSEC firmware from Package1loader!\n");
|
||||
}
|
||||
if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_810) {
|
||||
sept_secondary_enc = sept_secondary_01_enc;
|
||||
sept_secondary_enc_size = sept_secondary_01_enc_size;
|
||||
if (fuse_get_retail_type() != 0) {
|
||||
sept_secondary_enc = sept_secondary_01_enc;
|
||||
sept_secondary_enc_size = sept_secondary_01_enc_size;
|
||||
} else {
|
||||
sept_secondary_enc = sept_secondary_dev_01_enc;
|
||||
sept_secondary_enc_size = sept_secondary_dev_01_enc_size;
|
||||
}
|
||||
tsec_fw_size = 0x3300;
|
||||
} else if (target_firmware >= ATMOSPHERE_TARGET_FIRMWARE_700) {
|
||||
sept_secondary_enc = sept_secondary_00_enc;
|
||||
sept_secondary_enc_size = sept_secondary_00_enc_size;
|
||||
if (fuse_get_retail_type() != 0) {
|
||||
sept_secondary_enc = sept_secondary_00_enc;
|
||||
sept_secondary_enc_size = sept_secondary_00_enc_size;
|
||||
} else {
|
||||
sept_secondary_enc = sept_secondary_dev_00_enc;
|
||||
sept_secondary_enc_size = sept_secondary_dev_00_enc_size;
|
||||
}
|
||||
tsec_fw_size = 0x3000;
|
||||
} else if (target_firmware == ATMOSPHERE_TARGET_FIRMWARE_620) {
|
||||
tsec_fw_size = 0x2900;
|
||||
|
|
|
@ -10,11 +10,29 @@ HOVI_SIG_KEY_PRD = [
|
|||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
]
|
||||
|
||||
HOVI_ENC_KEY_DEV = [
|
||||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
]
|
||||
|
||||
HOVI_SIG_KEY_DEV = [
|
||||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
]
|
||||
|
||||
IV = [
|
||||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
]
|
||||
|
||||
IV_DEV = [
|
||||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
bytearray.fromhex('00000000000000000000000000000000'),
|
||||
]
|
||||
|
||||
assert len(HOVI_ENC_KEY_PRD) == NUM_KEYS
|
||||
assert len(HOVI_SIG_KEY_PRD) == NUM_KEYS
|
||||
assert len(IV) == NUM_KEYS
|
||||
assert len(HOVI_ENC_KEY_DEV) == NUM_KEYS
|
||||
assert len(HOVI_SIG_KEY_DEV) == NUM_KEYS
|
||||
assert len(IV) == NUM_KEYS
|
||||
assert len(IV_DEV) == NUM_KEYS
|
|
@ -131,6 +131,8 @@ else
|
|||
@touch $(TOPDIR)/$(TARGET).bin
|
||||
@cp $(SEPT_00_ENC_PATH) $(TOPDIR)/$(TARGET)_00.enc
|
||||
@cp $(SEPT_01_ENC_PATH) $(TOPDIR)/$(TARGET)_01.enc
|
||||
@cp $(SEPT_DEV_00_ENC_PATH) $(TOPDIR)/$(TARGET)_dev_00.enc
|
||||
@cp $(SEPT_DEV_01_ENC_PATH) $(TOPDIR)/$(TARGET)_dev_01.enc
|
||||
endif
|
||||
|
||||
#---------------------------------------------------------------------------------
|
||||
|
@ -150,7 +152,11 @@ DEPENDS := $(OFILES:.o=.d)
|
|||
#---------------------------------------------------------------------------------
|
||||
# main targets
|
||||
#---------------------------------------------------------------------------------
|
||||
all : $(OUTPUT)_01.enc
|
||||
all : $(OUTPUT)_dev_01.enc
|
||||
|
||||
$(OUTPUT)_dev_01.enc : $(OUTPUT)_dev_00.enc
|
||||
|
||||
$(OUTPUT)_dev_00.enc : $(OUTPUT)_01.enc
|
||||
|
||||
$(OUTPUT)_01.enc : $(OUTPUT)_00.enc
|
||||
|
||||
|
|
|
@ -71,11 +71,12 @@ def main(argc, argv):
|
|||
code = f.read()
|
||||
if len(code) & 0xF:
|
||||
code = code + bytearray(0x10 - (len(code) & 0xF))
|
||||
# TODO: Support dev unit crypto
|
||||
fn, fext = os.path.splitext(argv[2])
|
||||
for key in range(KEYS.NUM_KEYS):
|
||||
with open(fn + ('_%02X' % key) + fext, 'wb') as f:
|
||||
f.write(sign_encrypt_code(code, KEYS.HOVI_SIG_KEY_PRD[key], KEYS.HOVI_ENC_KEY_PRD[key], KEYS.IV[key], b'THANKS_NVIDIA_<3', key))
|
||||
with open(fn + ('_dev_%02X' % key) + fext, 'wb') as f:
|
||||
f.write(sign_encrypt_code(code, KEYS.HOVI_SIG_KEY_DEV[key], KEYS.HOVI_ENC_KEY_DEV[key], KEYS.IV_DEV[key], b'THANKS_NVIDIA_<3', key))
|
||||
return 0
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue