keys: Split crypto functions by sysmodule

This commit is contained in:
shchmue 2022-11-05 14:39:02 -07:00
parent c7d90ec8ca
commit dd41e3fee8
14 changed files with 621 additions and 326 deletions

View file

@ -17,10 +17,13 @@
#include "crypto.h" #include "crypto.h"
#include "../../keygen/tsec_keygen.h"
#include "../config.h" #include "../config.h"
#include "../hos/hos.h" #include "../hos/hos.h"
#include <sec/se.h> #include <sec/se.h>
#include <sec/se_t210.h> #include <sec/se_t210.h>
#include <sec/tsec.h>
#include <soc/fuse.h> #include <soc/fuse.h>
#include <utils/util.h> #include <utils/util.h>
@ -28,6 +31,27 @@
extern hekate_config h_cfg; extern hekate_config h_cfg;
int key_exists(const void *data) {
return memcmp(data, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0;
}
int run_ams_keygen(key_storage_t *keys) {
tsec_ctxt_t tsec_ctxt;
tsec_ctxt.fw = tsec_keygen;
tsec_ctxt.size = sizeof(tsec_keygen);
tsec_ctxt.type = TSEC_FW_TYPE_NEW;
u32 retries = 0;
while (tsec_query(keys->temp_key, &tsec_ctxt) < 0) {
retries++;
if (retries > 15) {
return -1;
}
}
return 0;
}
bool check_keyslot_access() { bool check_keyslot_access() {
u8 test_data[SE_KEY_128_SIZE] = {0}; u8 test_data[SE_KEY_128_SIZE] = {0};
const u8 test_ciphertext[SE_KEY_128_SIZE] = {0}; const u8 test_ciphertext[SE_KEY_128_SIZE] = {0};
@ -53,20 +77,8 @@ bool test_rsa_keypair(const void *public_exponent, const void *private_exponent,
return memcmp(plaintext, work, SE_RSA2048_DIGEST_SIZE) == 0; return memcmp(plaintext, work, SE_RSA2048_DIGEST_SIZE) == 0;
} }
bool test_eticket_rsa_keypair(const rsa_keypair_t *keypair) {
// Unlike the SSL RSA key, we don't need to check the gmac - we can just verify the public exponent
// and test the keypair since we have the modulus
if ((byte_swap_32(keypair->public_exponent) != RSA_PUBLIC_EXPONENT) ||
(!test_rsa_keypair(&keypair->public_exponent, keypair->private_exponent, keypair->modulus))
) {
return false;
}
return true;
}
// _mgf1_xor() and rsa_oaep_decode were derived from Atmosphère // _mgf1_xor() and rsa_oaep_decode were derived from Atmosphère
static void _mgf1_xor(void *masked, u32 masked_size, const void *seed, u32 seed_size) static void _mgf1_xor(void *masked, u32 masked_size, const void *seed, u32 seed_size) {
{
u8 cur_hash[0x20] __attribute__((aligned(4))); u8 cur_hash[0x20] __attribute__((aligned(4)));
u8 hash_buf[0xe4] __attribute__((aligned(4))); u8 hash_buf[0xe4] __attribute__((aligned(4)));
@ -132,6 +144,12 @@ u32 rsa_oaep_decode(void *dst, u32 dst_size, const void *label_digest, u32 label
return msg_size; return msg_size;
} }
void derive_rsa_kek(u32 ks, key_storage_t *keys, void *out_rsa_kek, const void *kekek_source, const void *kek_source, u32 generation, u32 option) {
u32 access_key[SE_KEY_128_SIZE / 4] = {0};
generate_aes_kek(ks, keys, access_key, kekek_source, generation, option);
get_device_unique_data_key(ks, out_rsa_kek, access_key, kek_source);
}
// Equivalent to spl::GenerateAesKek // Equivalent to spl::GenerateAesKek
void generate_aes_kek(u32 ks, key_storage_t *keys, void *out_kek, const void *kek_source, u32 generation, u32 option) { void generate_aes_kek(u32 ks, key_storage_t *keys, void *out_kek, const void *kek_source, u32 generation, u32 option) {
bool device_unique = GET_IS_DEVICE_UNIQUE(option); bool device_unique = GET_IS_DEVICE_UNIQUE(option);
@ -162,7 +180,7 @@ void load_aes_key(u32 ks, void *out_key, const void *access_key, const void *key
// Equivalent to spl::GenerateAesKey // Equivalent to spl::GenerateAesKey
void generate_aes_key(u32 ks, key_storage_t *keys, void *out_key, u32 key_size, const void *access_key, const void *key_source) { void generate_aes_key(u32 ks, key_storage_t *keys, void *out_key, u32 key_size, const void *access_key, const void *key_source) {
void *aes_key = keys->temp_key; u32 aes_key[SE_KEY_128_SIZE / 4] = {0};
load_aes_key(ks, aes_key, access_key, aes_key_generation_source); load_aes_key(ks, aes_key, access_key, aes_key_generation_source);
se_aes_key_set(ks, aes_key, SE_KEY_128_SIZE); se_aes_key_set(ks, aes_key, SE_KEY_128_SIZE);
se_aes_crypt_ecb(ks, DECRYPT, out_key, key_size, key_source, key_size); se_aes_crypt_ecb(ks, DECRYPT, out_key, key_size, key_source, key_size);
@ -175,7 +193,7 @@ void get_device_unique_data_key(u32 ks, void *out_key, const void *access_key, c
// Equivalent to spl::DecryptAesKey. // Equivalent to spl::DecryptAesKey.
void decrypt_aes_key(u32 ks, key_storage_t *keys, void *out_key, const void *key_source, u32 generation, u32 option) { void decrypt_aes_key(u32 ks, key_storage_t *keys, void *out_key, const void *key_source, u32 generation, u32 option) {
void *access_key = keys->temp_key; u32 access_key[SE_KEY_128_SIZE / 4] = {0};
generate_aes_kek(ks, keys, access_key, aes_key_decryption_source, generation, option); generate_aes_kek(ks, keys, access_key, aes_key_decryption_source, generation, option);
generate_aes_key(ks, keys, out_key, SE_KEY_128_SIZE, access_key, key_source); generate_aes_key(ks, keys, out_key, SE_KEY_128_SIZE, access_key, key_source);
} }

View file

@ -17,10 +17,14 @@
#ifndef _CRYPTO_H_ #ifndef _CRYPTO_H_
#define _CRYPTO_H_ #define _CRYPTO_H_
#include "es_types.h"
#include "../hos/hos.h" #include "../hos/hos.h"
#include <sec/se_t210.h> #include <sec/se_t210.h>
#include <utils/types.h> #include <utils/types.h>
#include <string.h>
static const u8 aes_kek_generation_source[0x10] __attribute__((aligned(4))) = { static const u8 aes_kek_generation_source[0x10] __attribute__((aligned(4))) = {
0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9}; 0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9};
@ -129,13 +133,6 @@ static const u8 secure_data_tweaks[1][0x10] __attribute__((aligned(4))) = {
#define TICKET_SIG_TYPE_RSA2048_SHA256 0x10004 #define TICKET_SIG_TYPE_RSA2048_SHA256 0x10004
typedef struct {
u8 private_exponent[SE_RSA2048_DIGEST_SIZE];
u8 modulus[SE_RSA2048_DIGEST_SIZE];
u32 public_exponent;
u8 reserved[0xC];
} rsa_keypair_t;
typedef struct { typedef struct {
u8 master_kek[SE_KEY_128_SIZE]; u8 master_kek[SE_KEY_128_SIZE];
u8 data[0x70]; u8 data[0x70];
@ -179,7 +176,7 @@ typedef struct {
tsec_root_key[SE_KEY_128_SIZE]; tsec_root_key[SE_KEY_128_SIZE];
u32 sbk[4]; u32 sbk[4];
keyblob_t keyblob[KB_FIRMWARE_VERSION_600 + 1]; keyblob_t keyblob[KB_FIRMWARE_VERSION_600 + 1];
rsa_keypair_t eticket_rsa_keypair; eticket_rsa_keypair_t eticket_rsa_keypair;
} key_storage_t; } key_storage_t;
typedef enum { typedef enum {
@ -201,12 +198,17 @@ typedef enum {
#define GET_SEAL_KEY_INDEX(x) (((x) >> 5) & 7) #define GET_SEAL_KEY_INDEX(x) (((x) >> 5) & 7)
#define GET_IS_DEVICE_UNIQUE(x) ((x) & 1) #define GET_IS_DEVICE_UNIQUE(x) ((x) & 1)
int key_exists(const void *data);
int run_ams_keygen(key_storage_t *keys);
bool check_keyslot_access(); bool check_keyslot_access();
bool test_rsa_keypair(const void *public_exponent, const void *private_exponent, const void *modulus); bool test_rsa_keypair(const void *public_exponent, const void *private_exponent, const void *modulus);
bool test_eticket_rsa_keypair(const rsa_keypair_t *keypair);
u32 rsa_oaep_decode(void *dst, u32 dst_size, const void *label_digest, u32 label_digest_size, u8 *buf, u32 buf_size); u32 rsa_oaep_decode(void *dst, u32 dst_size, const void *label_digest, u32 label_digest_size, u8 *buf, u32 buf_size);
void derive_rsa_kek(u32 ks, key_storage_t *keys, void *out_rsa_kek, const void *kekek_source, const void *kek_source, u32 generation, u32 option);
// Equivalent to spl::GenerateAesKek // Equivalent to spl::GenerateAesKek
void generate_aes_kek(u32 ks, key_storage_t *keys, void *out_kek, const void *kek_source, u32 generation, u32 option); void generate_aes_kek(u32 ks, key_storage_t *keys, void *out_kek, const void *kek_source, u32 generation, u32 option);
// Equivalent to spl::GenerateAesKey // Equivalent to spl::GenerateAesKey

58
source/keys/es_crypto.c Normal file
View file

@ -0,0 +1,58 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "es_crypto.h"
#include "../config.h"
extern hekate_config h_cfg;
bool test_eticket_rsa_keypair(const eticket_rsa_keypair_t *keypair) {
if (byte_swap_32(keypair->public_exponent) != RSA_PUBLIC_EXPONENT)
return false;
return test_rsa_keypair(&keypair->public_exponent, keypair->private_exponent, keypair->modulus);
}
void es_derive_rsa_kek_device_unique(key_storage_t *keys, void *out_rsa_kek, u32 generation, bool is_dev) {
if ((!h_cfg.t210b01 && !key_exists(keys->device_key)) || (h_cfg.t210b01 && (!key_exists(keys->master_key[0]) || !key_exists(keys->device_key_4x)))) {
return;
}
const void *kek_source = is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source;
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | IS_DEVICE_UNIQUE;
derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, eticket_rsa_kekek_source, kek_source, generation, option);
}
void es_derive_rsa_kek_legacy(key_storage_t *keys, void *out_rsa_kek) {
if (!key_exists(keys->master_key[0])) {
return;
}
const u32 generation = 0;
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | NOT_DEVICE_UNIQUE;
derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, eticket_rsa_kekek_source, eticket_rsa_kek_source_legacy, generation, option);
}
void es_derive_rsa_kek_original(key_storage_t *keys, void *out_rsa_kek, bool is_dev) {
if (!key_exists(keys->master_key[0])) {
return;
}
const void *kek_source = is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source;
const u32 generation = 0;
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | NOT_DEVICE_UNIQUE;
derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, eticket_rsa_kekek_source, kek_source, generation, option);
}

40
source/keys/es_crypto.h Normal file
View file

@ -0,0 +1,40 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _ES_CRYPTO_H_
#define _ES_CRYPTO_H_
#include "crypto.h"
#include "es_types.h"
#include <utils/types.h>
static const u8 eticket_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
0XDB, 0XA4, 0X51, 0X12, 0X4C, 0XA0, 0XA9, 0X83, 0X68, 0X14, 0XF5, 0XED, 0X95, 0XE3, 0X12, 0X5B};
static const u8 eticket_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
0xBE, 0xC0, 0xBC, 0x8E, 0x75, 0xA0, 0xF6, 0x0C, 0x4A, 0x56, 0x64, 0x02, 0x3E, 0xD4, 0x9C, 0xD5};
static const u8 eticket_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
0x88, 0x87, 0x50, 0x90, 0xA6, 0x2F, 0x75, 0x70, 0xA2, 0xD7, 0x71, 0x51, 0xAE, 0x6D, 0x39, 0x87};
static const u8 eticket_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
0X46, 0X6E, 0X57, 0XB7, 0X4A, 0X44, 0X7F, 0X02, 0XF3, 0X21, 0XCD, 0XE5, 0X8F, 0X2F, 0X55, 0X35};
bool test_eticket_rsa_keypair(const eticket_rsa_keypair_t *keypair);
void es_derive_rsa_kek_device_unique(key_storage_t *keys, void *out_rsa_kek, u32 generation, bool is_dev);
void es_derive_rsa_kek_legacy(key_storage_t *keys, void *out_rsa_kek);
void es_derive_rsa_kek_original(key_storage_t *keys, void *out_rsa_kek, bool is_dev);
#endif

30
source/keys/es_types.h Normal file
View file

@ -0,0 +1,30 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _ES_TYPES_H_
#define _ES_TYPES_H_
#include <sec/se_t210.h>
#include <utils/types.h>
typedef struct {
u8 private_exponent[SE_RSA2048_DIGEST_SIZE];
u8 modulus[SE_RSA2048_DIGEST_SIZE];
u32 public_exponent;
u8 reserved[0xC];
} eticket_rsa_keypair_t;
#endif

69
source/keys/fs_crypto.c Normal file
View file

@ -0,0 +1,69 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "fs_crypto.h"
#include "../config.h"
#include <sec/se_t210.h>
#include <string.h>
extern hekate_config h_cfg;
void fs_derive_bis_keys(key_storage_t *keys, u8 out_bis_keys[4][32], u32 generation) {
if ((!h_cfg.t210b01 && !key_exists(keys->device_key)) || (h_cfg.t210b01 && (!key_exists(keys->master_key[0]) || !key_exists(keys->device_key_4x)))) {
return;
}
generate_specific_aes_key(KS_AES_ECB, keys, out_bis_keys[0], bis_key_sources[0], generation);
u32 access_key[SE_KEY_128_SIZE / 4] = {0};
const u32 option = IS_DEVICE_UNIQUE;
generate_aes_kek(KS_AES_ECB, keys, access_key, bis_kek_source, generation, option);
generate_aes_key(KS_AES_ECB, keys, out_bis_keys[1], sizeof(bis_key_sources[1]), access_key, bis_key_sources[1]);
generate_aes_key(KS_AES_ECB, keys, out_bis_keys[2], sizeof(bis_key_sources[2]), access_key, bis_key_sources[2]);
memcpy(out_bis_keys[3], out_bis_keys[2], sizeof(bis_key_sources[2]));
}
void fs_derive_header_key(key_storage_t *keys, void *out_key) {
if (!key_exists(keys->master_key[0])) {
return;
}
u32 access_key[SE_KEY_128_SIZE / 4] = {0};
const u32 generation = 0;
const u32 option = NOT_DEVICE_UNIQUE;
generate_aes_kek(KS_AES_ECB, keys, access_key, header_kek_source, generation, option);
generate_aes_key(KS_AES_ECB, keys, out_key, sizeof(header_key_source), access_key, header_key_source);
}
void fs_derive_key_area_key(key_storage_t *keys, void *out_key, u32 source_type, u32 generation) {
u32 access_key[SE_KEY_128_SIZE / 4] = {0};
const u32 option = NOT_DEVICE_UNIQUE;
generate_aes_kek(KS_AES_ECB, keys, access_key, key_area_key_sources[source_type], generation + 1, option);
load_aes_key(KS_AES_ECB, out_key, access_key, aes_key_generation_source);
}
void fs_derive_save_mac_key(key_storage_t *keys, void *out_key) {
if ((!h_cfg.t210b01 && !key_exists(keys->device_key)) || (h_cfg.t210b01 && (!key_exists(keys->master_key[0]) || !key_exists(keys->device_key_4x)))) {
return;
}
u32 access_key[SE_KEY_128_SIZE / 4] = {0};
const u32 generation = 0;
const u32 option = IS_DEVICE_UNIQUE;
generate_aes_kek(KS_AES_ECB, keys, access_key, save_mac_kek_source, generation, option);
load_aes_key(KS_AES_ECB, out_key, access_key, save_mac_key_source);
}

74
source/keys/fs_crypto.h Normal file
View file

@ -0,0 +1,74 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _FS_CRYPTO_H_
#define _FS_CRYPTO_H_
#include "crypto.h"
#include <utils/types.h>
static const u8 bis_kek_source[0x10] __attribute__((aligned(4))) = {
0x34, 0xC1, 0xA0, 0xC4, 0x82, 0x58, 0xF8, 0xB4, 0xFA, 0x9E, 0x5E, 0x6A, 0xDA, 0xFC, 0x7E, 0x4F};
static const u8 bis_key_sources[3][0x20] __attribute__((aligned(4))) = {
{0xF8, 0x3F, 0x38, 0x6E, 0x2C, 0xD2, 0xCA, 0x32, 0xA8, 0x9A, 0xB9, 0xAA, 0x29, 0xBF, 0xC7, 0x48,
0x7D, 0x92, 0xB0, 0x3A, 0xA8, 0xBF, 0xDE, 0xE1, 0xA7, 0x4C, 0x3B, 0x6E, 0x35, 0xCB, 0x71, 0x06},
{0x41, 0x00, 0x30, 0x49, 0xDD, 0xCC, 0xC0, 0x65, 0x64, 0x7A, 0x7E, 0xB4, 0x1E, 0xED, 0x9C, 0x5F,
0x44, 0x42, 0x4E, 0xDA, 0xB4, 0x9D, 0xFC, 0xD9, 0x87, 0x77, 0x24, 0x9A, 0xDC, 0x9F, 0x7C, 0xA4},
{0x52, 0xC2, 0xE9, 0xEB, 0x09, 0xE3, 0xEE, 0x29, 0x32, 0xA1, 0x0C, 0x1F, 0xB6, 0xA0, 0x92, 0x6C,
0x4D, 0x12, 0xE1, 0x4B, 0x2A, 0x47, 0x4C, 0x1C, 0x09, 0xCB, 0x03, 0x59, 0xF0, 0x15, 0xF4, 0xE4}
};
static const u8 header_kek_source[0x10] __attribute__((aligned(4))) = {
0x1F, 0x12, 0x91, 0x3A, 0x4A, 0xCB, 0xF0, 0x0D, 0x4C, 0xDE, 0x3A, 0xF6, 0xD5, 0x23, 0x88, 0x2A};
static const u8 header_key_source[0x20] __attribute__((aligned(4))) = {
0x5A, 0x3E, 0xD8, 0x4F, 0xDE, 0xC0, 0xD8, 0x26, 0x31, 0xF7, 0xE2, 0x5D, 0x19, 0x7B, 0xF5, 0xD0,
0x1C, 0x9B, 0x7B, 0xFA, 0xF6, 0x28, 0x18, 0x3D, 0x71, 0xF6, 0x4D, 0x73, 0xF1, 0x50, 0xB9, 0xD2};
static const u8 key_area_key_sources[3][0x10] __attribute__((aligned(4))) = {
{0x7F, 0x59, 0x97, 0x1E, 0x62, 0x9F, 0x36, 0xA1, 0x30, 0x98, 0x06, 0x6F, 0x21, 0x44, 0xC3, 0x0D}, // application
{0x32, 0x7D, 0x36, 0x08, 0x5A, 0xD1, 0x75, 0x8D, 0xAB, 0x4E, 0x6F, 0xBA, 0xA5, 0x55, 0xD8, 0x82}, // ocean
{0x87, 0x45, 0xF1, 0xBB, 0xA6, 0xBE, 0x79, 0x64, 0x7D, 0x04, 0x8B, 0xA6, 0x7B, 0x5F, 0xDA, 0x4A}, // system
};
static const u8 save_mac_kek_source[0x10] __attribute__((aligned(4))) = {
0XD8, 0X9C, 0X23, 0X6E, 0XC9, 0X12, 0X4E, 0X43, 0XC8, 0X2B, 0X03, 0X87, 0X43, 0XF9, 0XCF, 0X1B};
static const u8 save_mac_key_source[0x10] __attribute__((aligned(4))) = {
0XE4, 0XCD, 0X3D, 0X4A, 0XD5, 0X0F, 0X74, 0X28, 0X45, 0XA4, 0X87, 0XE5, 0XA0, 0X63, 0XEA, 0X1F};
static const u8 save_mac_sd_card_kek_source[0x10] __attribute__((aligned(4))) = {
0X04, 0X89, 0XEF, 0X5D, 0X32, 0X6E, 0X1A, 0X59, 0XC4, 0XB7, 0XAB, 0X8C, 0X36, 0X7A, 0XAB, 0X17};
static const u8 save_mac_sd_card_key_source[0x10] __attribute__((aligned(4))) = {
0X6F, 0X64, 0X59, 0X47, 0XC5, 0X61, 0X46, 0XF9, 0XFF, 0XA0, 0X45, 0XD5, 0X95, 0X33, 0X29, 0X18};
static const u8 sd_card_custom_storage_key_source[0x20] __attribute__((aligned(4))) = {
0X37, 0X0C, 0X34, 0X5E, 0X12, 0XE4, 0XCE, 0XFE, 0X21, 0XB5, 0X8E, 0X64, 0XDB, 0X52, 0XAF, 0X35,
0X4F, 0X2C, 0XA5, 0XA3, 0XFC, 0X99, 0X9A, 0X47, 0XC0, 0X3E, 0XE0, 0X04, 0X48, 0X5B, 0X2F, 0XD0};
static const u8 sd_card_kek_source[0x10] __attribute__((aligned(4))) = {
0X88, 0X35, 0X8D, 0X9C, 0X62, 0X9B, 0XA1, 0XA0, 0X01, 0X47, 0XDB, 0XE0, 0X62, 0X1B, 0X54, 0X32};
static const u8 sd_card_nca_key_source[0x20] __attribute__((aligned(4))) = {
0X58, 0X41, 0XA2, 0X84, 0X93, 0X5B, 0X56, 0X27, 0X8B, 0X8E, 0X1F, 0XC5, 0X18, 0XE9, 0X9F, 0X2B,
0X67, 0XC7, 0X93, 0XF0, 0XF2, 0X4F, 0XDE, 0XD0, 0X75, 0X49, 0X5D, 0XCA, 0X00, 0X6D, 0X99, 0XC2};
static const u8 sd_card_save_key_source[0x20] __attribute__((aligned(4))) = {
0X24, 0X49, 0XB7, 0X22, 0X72, 0X67, 0X03, 0XA8, 0X19, 0X65, 0XE6, 0XE3, 0XEA, 0X58, 0X2F, 0XDD,
0X9A, 0X95, 0X15, 0X17, 0XB1, 0X6E, 0X8F, 0X7F, 0X1F, 0X68, 0X26, 0X31, 0X52, 0XEA, 0X29, 0X6A};
void fs_derive_bis_keys(key_storage_t *keys, u8 out_bis_keys[4][32], u32 generation);
void fs_derive_header_key(key_storage_t *keys, void *out_key);
void fs_derive_key_area_key(key_storage_t *keys, void *out_key, u32 source_type, u32 generation);
void fs_derive_save_mac_key(key_storage_t *keys, void *out_key);
#endif

View file

@ -19,16 +19,6 @@ static const u8 null_hash[0x20] __attribute__((aligned(4))) = {
0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24, 0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C, 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55}; 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C, 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55};
static const u8 keyblob_key_sources[][0x10] __attribute__((aligned(4))) = {
{0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3}, //1.0.0
{0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC}, //3.0.0
{0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B}, //3.0.1
{0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE}, //4.0.0
{0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80}, //5.0.0
{0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0} //6.0.0
};
//!TODO: Update on mkey changes.
static const u8 master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_620 + 1][0x10] __attribute__((aligned(4))) = { static const u8 master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_620 + 1][0x10] __attribute__((aligned(4))) = {
{0x37, 0x4B, 0x77, 0x29, 0x59, 0xB4, 0x04, 0x30, 0x81, 0xF6, 0xE5, 0x8C, 0x6D, 0x36, 0x17, 0x9A}, //6.2.0 {0x37, 0x4B, 0x77, 0x29, 0x59, 0xB4, 0x04, 0x30, 0x81, 0xF6, 0xE5, 0x8C, 0x6D, 0x36, 0x17, 0x9A}, //6.2.0
{0x9A, 0x3E, 0xA9, 0xAB, 0xFD, 0x56, 0x46, 0x1C, 0x9B, 0xF6, 0x48, 0x7F, 0x5C, 0xFA, 0x09, 0x5C}, //7.0.0 {0x9A, 0x3E, 0xA9, 0xAB, 0xFD, 0x56, 0x46, 0x1C, 0x9B, 0xF6, 0x48, 0x7F, 0x5C, 0xFA, 0x09, 0x5C}, //7.0.0
@ -39,9 +29,8 @@ static const u8 master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION
{0x68, 0x3B, 0xCA, 0x54, 0xB8, 0x6F, 0x92, 0x48, 0xC3, 0x05, 0x76, 0x87, 0x88, 0x70, 0x79, 0x23}, //13.0.0 {0x68, 0x3B, 0xCA, 0x54, 0xB8, 0x6F, 0x92, 0x48, 0xC3, 0x05, 0x76, 0x87, 0x88, 0x70, 0x79, 0x23}, //13.0.0
{0xF0, 0x13, 0x37, 0x9A, 0xD5, 0x63, 0x51, 0xC3, 0xB4, 0x96, 0x35, 0xBC, 0x9C, 0xE8, 0x76, 0x81}, //14.0.0 {0xF0, 0x13, 0x37, 0x9A, 0xD5, 0x63, 0x51, 0xC3, 0xB4, 0x96, 0x35, 0xBC, 0x9C, 0xE8, 0x76, 0x81}, //14.0.0
{0x6E, 0x77, 0x86, 0xAC, 0x83, 0x0A, 0x8D, 0x3E, 0x7D, 0xB7, 0x66, 0xA0, 0x22, 0xB7, 0x6E, 0x67}, //15.0.0 {0x6E, 0x77, 0x86, 0xAC, 0x83, 0x0A, 0x8D, 0x3E, 0x7D, 0xB7, 0x66, 0xA0, 0x22, 0xB7, 0x6E, 0x67}, //15.0.0
}; }; //!TODO: Update on mkey changes.
//!TODO: Update on mkey changes.
static const u8 master_key_vectors[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribute__((aligned(4))) = { static const u8 master_key_vectors[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribute__((aligned(4))) = {
{0x0C, 0xF0, 0x59, 0xAC, 0x85, 0xF6, 0x26, 0x65, 0xE1, 0xE9, 0x19, 0x55, 0xE6, 0xF2, 0x67, 0x3D}, /* Zeroes encrypted with Master Key 00. */ {0x0C, 0xF0, 0x59, 0xAC, 0x85, 0xF6, 0x26, 0x65, 0xE1, 0xE9, 0x19, 0x55, 0xE6, 0xF2, 0x67, 0x3D}, /* Zeroes encrypted with Master Key 00. */
{0x29, 0x4C, 0x04, 0xC8, 0xEB, 0x10, 0xED, 0x9D, 0x51, 0x64, 0x97, 0xFB, 0xF3, 0x4D, 0x50, 0xDD}, /* Master key 00 encrypted with Master key 01. */ {0x29, 0x4C, 0x04, 0xC8, 0xEB, 0x10, 0xED, 0x9D, 0x51, 0x64, 0x97, 0xFB, 0xF3, 0x4D, 0x50, 0xDD}, /* Master key 00 encrypted with Master key 01. */
@ -58,9 +47,8 @@ static const u8 master_key_vectors[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribut
{0xA3, 0x24, 0x65, 0x75, 0xEA, 0xCC, 0x6E, 0x8D, 0xFB, 0x5A, 0x16, 0x50, 0x74, 0xD2, 0x15, 0x06}, /* Master key 0B encrypted with Master key 0C. */ {0xA3, 0x24, 0x65, 0x75, 0xEA, 0xCC, 0x6E, 0x8D, 0xFB, 0x5A, 0x16, 0x50, 0x74, 0xD2, 0x15, 0x06}, /* Master key 0B encrypted with Master key 0C. */
{0x83, 0x67, 0xAF, 0x01, 0xCF, 0x93, 0xA1, 0xAB, 0x80, 0x45, 0xF7, 0x3F, 0x72, 0xFD, 0x3B, 0x38}, /* Master key 0C encrypted with Master key 0D. */ {0x83, 0x67, 0xAF, 0x01, 0xCF, 0x93, 0xA1, 0xAB, 0x80, 0x45, 0xF7, 0x3F, 0x72, 0xFD, 0x3B, 0x38}, /* Master key 0C encrypted with Master key 0D. */
{0xB1, 0x81, 0xA6, 0x0D, 0x72, 0xC7, 0xEE, 0x15, 0x21, 0xF3, 0xC0, 0xB5, 0x6B, 0x61, 0x6D, 0xE7}, /* Master key 0D encrypted with Master key 0E. */ {0xB1, 0x81, 0xA6, 0x0D, 0x72, 0xC7, 0xEE, 0x15, 0x21, 0xF3, 0xC0, 0xB5, 0x6B, 0x61, 0x6D, 0xE7}, /* Master key 0D encrypted with Master key 0E. */
}; }; //!TODO: Update on mkey changes.
//!TODO: Update on mkey changes.
static const u8 master_key_vectors_dev[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribute__((aligned(4))) = { static const u8 master_key_vectors_dev[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribute__((aligned(4))) = {
{0x46, 0x22, 0xB4, 0x51, 0x9A, 0x7E, 0xA7, 0x7F, 0x62, 0xA1, 0x1F, 0x8F, 0xC5, 0x3A, 0xDB, 0xFE}, /* Zeroes encrypted with Master Key 00. */ {0x46, 0x22, 0xB4, 0x51, 0x9A, 0x7E, 0xA7, 0x7F, 0x62, 0xA1, 0x1F, 0x8F, 0xC5, 0x3A, 0xDB, 0xFE}, /* Zeroes encrypted with Master Key 00. */
{0x39, 0x33, 0xF9, 0x31, 0xBA, 0xE4, 0xA7, 0x21, 0x2C, 0xDD, 0xB7, 0xD8, 0xB4, 0x4E, 0x37, 0x23}, /* Master key 00 encrypted with Master key 01. */ {0x39, 0x33, 0xF9, 0x31, 0xBA, 0xE4, 0xA7, 0x21, 0x2C, 0xDD, 0xB7, 0xD8, 0xB4, 0x4E, 0x37, 0x23}, /* Master key 00 encrypted with Master key 01. */
@ -77,7 +65,7 @@ static const u8 master_key_vectors_dev[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attr
{0x8A, 0xCE, 0xC4, 0x7F, 0xBE, 0x08, 0x61, 0x88, 0xD3, 0x73, 0x64, 0x51, 0xE2, 0xB6, 0x53, 0x15}, /* Master key 0B encrypted with Master key 0C. */ {0x8A, 0xCE, 0xC4, 0x7F, 0xBE, 0x08, 0x61, 0x88, 0xD3, 0x73, 0x64, 0x51, 0xE2, 0xB6, 0x53, 0x15}, /* Master key 0B encrypted with Master key 0C. */
{0x08, 0xE0, 0xF4, 0xBE, 0xAA, 0x6E, 0x5A, 0xC3, 0xA6, 0xBC, 0xFE, 0xB9, 0xE2, 0xA3, 0x24, 0x12}, /* Master key 0C encrypted with Master key 0D. */ {0x08, 0xE0, 0xF4, 0xBE, 0xAA, 0x6E, 0x5A, 0xC3, 0xA6, 0xBC, 0xFE, 0xB9, 0xE2, 0xA3, 0x24, 0x12}, /* Master key 0C encrypted with Master key 0D. */
{0xD6, 0x80, 0x98, 0xC0, 0xFA, 0xC7, 0x13, 0xCB, 0x93, 0xD2, 0x0B, 0x82, 0x4C, 0xA1, 0x7B, 0x8D}, /* Master key 0D encrypted with Master key 0E. */ {0xD6, 0x80, 0x98, 0xC0, 0xFA, 0xC7, 0x13, 0xCB, 0x93, 0xD2, 0x0B, 0x82, 0x4C, 0xA1, 0x7B, 0x8D}, /* Master key 0D encrypted with Master key 0E. */
}; }; //!TODO: Update on mkey changes.
static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = { static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = {
{0x20, 0x9E, 0x97, 0xAE, 0xAF, 0x7E, 0x6A, 0xF6, 0x9E, 0xF5, 0xA7, 0x17, 0x2F, 0xF4, 0x49, 0xA6}, /* Zeroes encrypted with AES Class Key 00. */ {0x20, 0x9E, 0x97, 0xAE, 0xAF, 0x7E, 0x6A, 0xF6, 0x9E, 0xF5, 0xA7, 0x17, 0x2F, 0xF4, 0x49, 0xA6}, /* Zeroes encrypted with AES Class Key 00. */
@ -96,16 +84,22 @@ static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = {
{0x95, 0x48, 0xC1, 0x59, 0x0F, 0x84, 0x19, 0xC4, 0xAB, 0x69, 0x05, 0x88, 0x01, 0x31, 0x52, 0x59}, /* Zeroes encrypted with Mariko BEK. */ {0x95, 0x48, 0xC1, 0x59, 0x0F, 0x84, 0x19, 0xC4, 0xAB, 0x69, 0x05, 0x88, 0x01, 0x31, 0x52, 0x59}, /* Zeroes encrypted with Mariko BEK. */
}; };
//======================================Keys======================================//
// from Package1 -> Secure_Monitor
static const u8 package2_key_source[0x10] __attribute__((aligned(4))) = { static const u8 package2_key_source[0x10] __attribute__((aligned(4))) = {
0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7}; 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7};
static const u8 titlekek_source[0x10] __attribute__((aligned(4))) = { static const u8 titlekek_source[0x10] __attribute__((aligned(4))) = {
0x1E, 0xDC, 0x7B, 0x3B, 0x60, 0xE6, 0xB4, 0xD8, 0x78, 0xB8, 0x17, 0x15, 0x98, 0x5E, 0x62, 0x9B}; 0x1E, 0xDC, 0x7B, 0x3B, 0x60, 0xE6, 0xB4, 0xD8, 0x78, 0xB8, 0x17, 0x15, 0x98, 0x5E, 0x62, 0x9B};
// from Package1ldr (or Secure_Monitor on 6.2.0+) static const u8 keyblob_key_sources[][0x10] __attribute__((aligned(4))) = {
{0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3}, //1.0.0
{0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC}, //3.0.0
{0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B}, //3.0.1
{0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE}, //4.0.0
{0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80}, //5.0.0
{0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0} //6.0.0
};
static const u8 keyblob_mac_key_source[0x10] __attribute__((aligned(4))) = { static const u8 keyblob_mac_key_source[0x10] __attribute__((aligned(4))) = {
0x59, 0xC7, 0xFB, 0x6F, 0xBE, 0x9B, 0xBE, 0x87, 0x65, 0x6B, 0x15, 0xC0, 0x53, 0x73, 0x36, 0xA5}; 0x59, 0xC7, 0xFB, 0x6F, 0xBE, 0x9B, 0xBE, 0x87, 0x65, 0x6B, 0x15, 0xC0, 0x53, 0x73, 0x36, 0xA5};
static const u8 master_key_source[0x10] __attribute__((aligned(4))) = { static const u8 master_key_source[0x10] __attribute__((aligned(4))) = {
0xD8, 0xA2, 0x41, 0x0A, 0xC6, 0xC5, 0x90, 0x01, 0xC6, 0x1D, 0x6A, 0x26, 0x7C, 0x51, 0x3F, 0x3C}; 0xD8, 0xA2, 0x41, 0x0A, 0xC6, 0xC5, 0x90, 0x01, 0xC6, 0x1D, 0x6A, 0x26, 0x7C, 0x51, 0x3F, 0x3C};
static const u8 per_console_key_source[0x10] __attribute__((aligned(4))) = { static const u8 per_console_key_source[0x10] __attribute__((aligned(4))) = {
@ -136,96 +130,3 @@ static const u8 mariko_master_kek_sources_dev[KB_FIRMWARE_VERSION_MAX - KB_FIRMW
{0xEC, 0x5E, 0xB5, 0x11, 0xD5, 0x43, 0x1E, 0x6A, 0x4E, 0x54, 0x6F, 0xD4, 0xD3, 0x22, 0xCE, 0x87}, // 14.0.0. {0xEC, 0x5E, 0xB5, 0x11, 0xD5, 0x43, 0x1E, 0x6A, 0x4E, 0x54, 0x6F, 0xD4, 0xD3, 0x22, 0xCE, 0x87}, // 14.0.0.
{0x18, 0xA5, 0x6F, 0xEF, 0x72, 0x11, 0x62, 0xC5, 0x1A, 0x14, 0xF1, 0x8C, 0x21, 0x83, 0x27, 0xB7}, // 15.0.0. {0x18, 0xA5, 0x6F, 0xEF, 0x72, 0x11, 0x62, 0xC5, 0x1A, 0x14, 0xF1, 0x8C, 0x21, 0x83, 0x27, 0xB7}, // 15.0.0.
}; //!TODO: Update on mkey changes. }; //!TODO: Update on mkey changes.
// from ES
static const u8 eticket_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
0XDB, 0XA4, 0X51, 0X12, 0X4C, 0XA0, 0XA9, 0X83, 0X68, 0X14, 0XF5, 0XED, 0X95, 0XE3, 0X12, 0X5B};
static const u8 eticket_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
0xBE, 0xC0, 0xBC, 0x8E, 0x75, 0xA0, 0xF6, 0x0C, 0x4A, 0x56, 0x64, 0x02, 0x3E, 0xD4, 0x9C, 0xD5};
static const u8 eticket_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
0x88, 0x87, 0x50, 0x90, 0xA6, 0x2F, 0x75, 0x70, 0xA2, 0xD7, 0x71, 0x51, 0xAE, 0x6D, 0x39, 0x87};
static const u8 eticket_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
0X46, 0X6E, 0X57, 0XB7, 0X4A, 0X44, 0X7F, 0X02, 0XF3, 0X21, 0XCD, 0XE5, 0X8F, 0X2F, 0X55, 0X35};
// from SSL
static const u8 ssl_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
0X7F, 0X5B, 0XB0, 0X84, 0X7B, 0X25, 0XAA, 0X67, 0XFA, 0XC8, 0X4B, 0XE2, 0X3D, 0X7B, 0X69, 0X03};
static const u8 ssl_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
0X9A, 0X38, 0X3B, 0XF4, 0X31, 0XD0, 0XBD, 0X81, 0X32, 0X53, 0X4B, 0XA9, 0X64, 0X39, 0X7D, 0XE3};
static const u8 ssl_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
0xD5, 0xD2, 0xFC, 0x00, 0xFD, 0x49, 0xDD, 0xF8, 0xEE, 0x7B, 0xC4, 0x4B, 0xE1, 0x4C, 0xAA, 0x99};
static const u8 ssl_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
0xED, 0x36, 0xB1, 0x32, 0x27, 0x17, 0xD2, 0xB0, 0xBA, 0x1F, 0xC1, 0xBD, 0x4D, 0x38, 0x0F, 0x5E};
static const u8 ssl_client_cert_kek_source[0x10] __attribute__((aligned(4))) = {
0x64, 0xB8, 0x30, 0xDD, 0x0F, 0x3C, 0xB7, 0xFB, 0x4C, 0x16, 0x01, 0x97, 0xEA, 0x9D, 0x12, 0x10};
static const u8 ssl_client_cert_key_source[0x10] __attribute__((aligned(4))) = {
0x4D, 0x92, 0x5A, 0x69, 0x42, 0x23, 0xBB, 0x92, 0x59, 0x16, 0x3E, 0x51, 0x8C, 0x78, 0x14, 0x0F};
// from FS
static const u8 bis_kek_source[0x10] __attribute__((aligned(4))) = {
0x34, 0xC1, 0xA0, 0xC4, 0x82, 0x58, 0xF8, 0xB4, 0xFA, 0x9E, 0x5E, 0x6A, 0xDA, 0xFC, 0x7E, 0x4F};
static const u8 bis_key_sources[3][0x20] __attribute__((aligned(4))) = {
{0xF8, 0x3F, 0x38, 0x6E, 0x2C, 0xD2, 0xCA, 0x32, 0xA8, 0x9A, 0xB9, 0xAA, 0x29, 0xBF, 0xC7, 0x48,
0x7D, 0x92, 0xB0, 0x3A, 0xA8, 0xBF, 0xDE, 0xE1, 0xA7, 0x4C, 0x3B, 0x6E, 0x35, 0xCB, 0x71, 0x06},
{0x41, 0x00, 0x30, 0x49, 0xDD, 0xCC, 0xC0, 0x65, 0x64, 0x7A, 0x7E, 0xB4, 0x1E, 0xED, 0x9C, 0x5F,
0x44, 0x42, 0x4E, 0xDA, 0xB4, 0x9D, 0xFC, 0xD9, 0x87, 0x77, 0x24, 0x9A, 0xDC, 0x9F, 0x7C, 0xA4},
{0x52, 0xC2, 0xE9, 0xEB, 0x09, 0xE3, 0xEE, 0x29, 0x32, 0xA1, 0x0C, 0x1F, 0xB6, 0xA0, 0x92, 0x6C,
0x4D, 0x12, 0xE1, 0x4B, 0x2A, 0x47, 0x4C, 0x1C, 0x09, 0xCB, 0x03, 0x59, 0xF0, 0x15, 0xF4, 0xE4}
};
static const u8 header_kek_source[0x10] __attribute__((aligned(4))) = {
0x1F, 0x12, 0x91, 0x3A, 0x4A, 0xCB, 0xF0, 0x0D, 0x4C, 0xDE, 0x3A, 0xF6, 0xD5, 0x23, 0x88, 0x2A};
static const u8 header_key_source[0x20] __attribute__((aligned(4))) = {
0x5A, 0x3E, 0xD8, 0x4F, 0xDE, 0xC0, 0xD8, 0x26, 0x31, 0xF7, 0xE2, 0x5D, 0x19, 0x7B, 0xF5, 0xD0,
0x1C, 0x9B, 0x7B, 0xFA, 0xF6, 0x28, 0x18, 0x3D, 0x71, 0xF6, 0x4D, 0x73, 0xF1, 0x50, 0xB9, 0xD2};
static const u8 key_area_key_sources[3][0x10] __attribute__((aligned(4))) = {
{0x7F, 0x59, 0x97, 0x1E, 0x62, 0x9F, 0x36, 0xA1, 0x30, 0x98, 0x06, 0x6F, 0x21, 0x44, 0xC3, 0x0D}, // application
{0x32, 0x7D, 0x36, 0x08, 0x5A, 0xD1, 0x75, 0x8D, 0xAB, 0x4E, 0x6F, 0xBA, 0xA5, 0x55, 0xD8, 0x82}, // ocean
{0x87, 0x45, 0xF1, 0xBB, 0xA6, 0xBE, 0x79, 0x64, 0x7D, 0x04, 0x8B, 0xA6, 0x7B, 0x5F, 0xDA, 0x4A}, // system
};
static const u8 save_mac_kek_source[0x10] __attribute__((aligned(4))) = {
0XD8, 0X9C, 0X23, 0X6E, 0XC9, 0X12, 0X4E, 0X43, 0XC8, 0X2B, 0X03, 0X87, 0X43, 0XF9, 0XCF, 0X1B};
static const u8 save_mac_key_source[0x10] __attribute__((aligned(4))) = {
0XE4, 0XCD, 0X3D, 0X4A, 0XD5, 0X0F, 0X74, 0X28, 0X45, 0XA4, 0X87, 0XE5, 0XA0, 0X63, 0XEA, 0X1F};
static const u8 save_mac_sd_card_kek_source[0x10] __attribute__((aligned(4))) = {
0X04, 0X89, 0XEF, 0X5D, 0X32, 0X6E, 0X1A, 0X59, 0XC4, 0XB7, 0XAB, 0X8C, 0X36, 0X7A, 0XAB, 0X17};
static const u8 save_mac_sd_card_key_source[0x10] __attribute__((aligned(4))) = {
0X6F, 0X64, 0X59, 0X47, 0XC5, 0X61, 0X46, 0XF9, 0XFF, 0XA0, 0X45, 0XD5, 0X95, 0X33, 0X29, 0X18};
static const u8 sd_card_custom_storage_key_source[0x20] __attribute__((aligned(4))) = {
0X37, 0X0C, 0X34, 0X5E, 0X12, 0XE4, 0XCE, 0XFE, 0X21, 0XB5, 0X8E, 0X64, 0XDB, 0X52, 0XAF, 0X35,
0X4F, 0X2C, 0XA5, 0XA3, 0XFC, 0X99, 0X9A, 0X47, 0XC0, 0X3E, 0XE0, 0X04, 0X48, 0X5B, 0X2F, 0XD0};
static const u8 sd_card_kek_source[0x10] __attribute__((aligned(4))) = {
0X88, 0X35, 0X8D, 0X9C, 0X62, 0X9B, 0XA1, 0XA0, 0X01, 0X47, 0XDB, 0XE0, 0X62, 0X1B, 0X54, 0X32};
static const u8 sd_card_nca_key_source[0x20] __attribute__((aligned(4))) = {
0X58, 0X41, 0XA2, 0X84, 0X93, 0X5B, 0X56, 0X27, 0X8B, 0X8E, 0X1F, 0XC5, 0X18, 0XE9, 0X9F, 0X2B,
0X67, 0XC7, 0X93, 0XF0, 0XF2, 0X4F, 0XDE, 0XD0, 0X75, 0X49, 0X5D, 0XCA, 0X00, 0X6D, 0X99, 0XC2};
static const u8 sd_card_save_key_source[0x20] __attribute__((aligned(4))) = {
0X24, 0X49, 0XB7, 0X22, 0X72, 0X67, 0X03, 0XA8, 0X19, 0X65, 0XE6, 0XE3, 0XEA, 0X58, 0X2F, 0XDD,
0X9A, 0X95, 0X15, 0X17, 0XB1, 0X6E, 0X8F, 0X7F, 0X1F, 0X68, 0X26, 0X31, 0X52, 0XEA, 0X29, 0X6A};
// from NFC
static const u8 nfc_key_source[0x10] __attribute__((aligned(4))) = {
0x83, 0xF6, 0xEF, 0xD8, 0x13, 0x26, 0x49, 0xAB, 0x97, 0x5F, 0xEA, 0xBA, 0x65, 0x71, 0xCA, 0xCA};
static const u8 encrypted_nfc_keys[0x80] __attribute__((aligned(4))) = {
0x76, 0x50, 0x87, 0x02, 0x40, 0xA6, 0x5A, 0x98, 0xCE, 0x39, 0x2F, 0xC8, 0x83, 0xAF, 0x54, 0x76,
0x28, 0xFF, 0x50, 0xFC, 0xC1, 0xFB, 0x26, 0x14, 0xA2, 0x4A, 0xA6, 0x74, 0x90, 0xA4, 0x37, 0x06,
0x03, 0x63, 0xC2, 0xB1, 0xAF, 0x9F, 0xF7, 0x07, 0xFC, 0x8A, 0xB9, 0xCA, 0x28, 0x68, 0x6E, 0xF7,
0x42, 0xCD, 0x68, 0x13, 0xCD, 0x7B, 0x3A, 0x60, 0x3E, 0x8B, 0xAB, 0x3A, 0xCC, 0xED, 0xE0, 0xDD,
0x71, 0x1F, 0xA5, 0xDE, 0xB8, 0xB1, 0xF5, 0x1D, 0x14, 0x73, 0xBE, 0x27, 0xCC, 0xA1, 0x9B, 0x23,
0x06, 0x91, 0x89, 0x05, 0xED, 0xD6, 0x92, 0x76, 0x3F, 0x42, 0xFB, 0xD1, 0x8F, 0x2D, 0x6D, 0x72,
0xC8, 0x9E, 0x48, 0xE8, 0x03, 0x64, 0xF0, 0x3C, 0x0E, 0x2A, 0xF1, 0x26, 0x83, 0x02, 0x4F, 0xE2,
0x41, 0xAA, 0xC8, 0x33, 0x68, 0x84, 0x3A, 0xFB, 0x87, 0x18, 0xEA, 0xF7, 0x36, 0xA2, 0x4E, 0xA9};
static const u8 encrypted_nfc_keys_dev[0x80] __attribute__((aligned(4))) = {
0x13, 0xB0, 0xFB, 0xC2, 0x91, 0x6D, 0x6E, 0x5A, 0x10, 0x31, 0x40, 0xB7, 0xDF, 0xCF, 0x69, 0x69,
0xB0, 0xFA, 0xAE, 0x7F, 0xB2, 0x4D, 0x27, 0xC9, 0xE9, 0x3F, 0x5B, 0x38, 0x39, 0x24, 0x98, 0xCE,
0xED, 0xD2, 0xA9, 0x6C, 0x6F, 0xA7, 0x72, 0xD7, 0x11, 0x31, 0x17, 0x93, 0x12, 0x49, 0x32, 0x85,
0x21, 0xE5, 0xE1, 0x88, 0x0F, 0x08, 0xF2, 0x30, 0x5C, 0xC3, 0xAA, 0xFF, 0xC0, 0xAB, 0x21, 0x96,
0x74, 0x39, 0xED, 0xE0, 0x5A, 0xB6, 0x75, 0xC2, 0x3B, 0x08, 0x61, 0xE4, 0xA7, 0xD6, 0xED, 0x8C,
0xA9, 0x02, 0x12, 0xA6, 0xCC, 0x27, 0x4C, 0x1C, 0x41, 0x9C, 0xD8, 0x4C, 0x00, 0xC7, 0x5B, 0x5D,
0xED, 0xC2, 0x3D, 0x5E, 0x00, 0xF5, 0x49, 0xFA, 0x6C, 0x75, 0x67, 0xCF, 0x1F, 0x73, 0x1A, 0xE8,
0x47, 0xD4, 0x3D, 0x9B, 0x83, 0x5B, 0x18, 0x2F, 0x95, 0xA9, 0x04, 0xBC, 0x2E, 0xBB, 0x64, 0x4A};
static const u8 nfc_blob_hash[0x20] __attribute__((aligned(4))) = {
0x7F, 0x92, 0x83, 0x65, 0x4E, 0xC1, 0x09, 0x7F, 0xBD, 0xFF, 0x31, 0xDE, 0x94, 0x66, 0x51, 0xAE,
0x60, 0xC2, 0x85, 0x4A, 0xFB, 0x54, 0x4A, 0xBE, 0x89, 0x63, 0xD3, 0x89, 0x63, 0x9C, 0x71, 0x0E};
static const u8 nfc_blob_hash_dev[0x20] __attribute__((aligned(4))) = {
0x4E, 0x36, 0x59, 0x1C, 0x75, 0x80, 0x23, 0x03, 0x98, 0x2D, 0x45, 0xD9, 0x85, 0xB8, 0x60, 0x18,
0x7C, 0x85, 0x37, 0x9B, 0xCB, 0xBA, 0xF3, 0xDC, 0x25, 0x38, 0x73, 0xDB, 0x2F, 0xFA, 0xAE, 0x26};

View file

@ -17,9 +17,11 @@
#include "keys.h" #include "keys.h"
#include "cal0_read.h" #include "cal0_read.h"
#include "es_crypto.h"
#include "fs_crypto.h"
#include "gmac.h" #include "gmac.h"
#include "nfc_crypto.h"
#include "../../keygen/tsec_keygen.h" #include "ssl_crypto.h"
#include "../config.h" #include "../config.h"
#include <display/di.h> #include <display/di.h>
@ -35,9 +37,7 @@
#include <mem/sdram.h> #include <mem/sdram.h>
#include <sec/se.h> #include <sec/se.h>
#include <sec/se_t210.h> #include <sec/se_t210.h>
#include <sec/tsec.h>
#include <soc/fuse.h> #include <soc/fuse.h>
#include <mem/smmu.h>
#include <soc/t210.h> #include <soc/t210.h>
#include "../storage/emummc.h" #include "../storage/emummc.h"
#include "../storage/nx_emmc.h" #include "../storage/nx_emmc.h"
@ -59,49 +59,49 @@ static u32 _key_count = 0, _titlekey_count = 0;
static u32 start_time, end_time; static u32 start_time, end_time;
u32 color_idx = 0; u32 color_idx = 0;
// key functions static void _save_key(const char *name, const void *data, u32 len, char *outbuf) {
static int _key_exists(const void *data) { return memcmp(data, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0; }; if (!key_exists(data))
static void _save_key(const char *name, const void *data, u32 len, char *outbuf); return;
static void _save_key_family(const char *name, const void *data, u32 start_key, u32 num_keys, u32 len, char *outbuf); u32 pos = strlen(outbuf);
pos += s_printf(&outbuf[pos], "%s = ", name);
for (u32 i = 0; i < len; i++)
pos += s_printf(&outbuf[pos], "%02x", *(u8*)(data + i));
s_printf(&outbuf[pos], "\n");
_key_count++;
}
static void _derive_master_key_mariko(key_storage_t *keys, bool is_dev) { static void _save_key_family(const char *name, const void *data, u32 start_key, u32 num_keys, u32 len, char *outbuf) {
char *temp_name = calloc(1, 0x40);
for (u32 i = 0; i < num_keys; i++) {
s_printf(temp_name, "%s_%02x", name, i + start_key);
_save_key(temp_name, data + i * len, len, outbuf);
}
free(temp_name);
}
static void _derive_master_keys_mariko(key_storage_t *keys, bool is_dev) {
minerva_periodic_training(); minerva_periodic_training();
// Relies on the SBK being properly set in slot 14 // Relies on the SBK being properly set in slot 14
se_aes_crypt_block_ecb(KS_SECURE_BOOT, DECRYPT, keys->device_key_4x, device_master_key_source_kek_source); se_aes_crypt_block_ecb(KS_SECURE_BOOT, DECRYPT, keys->device_key_4x, device_master_key_source_kek_source);
// Derive all master keys based on Mariko KEK // Derive all master keys based on Mariko KEK
for (u32 i = KB_FIRMWARE_VERSION_600; i < ARRAY_SIZE(mariko_master_kek_sources) + KB_FIRMWARE_VERSION_600; i++) { for (u32 i = KB_FIRMWARE_VERSION_600; i < ARRAY_SIZE(mariko_master_kek_sources) + KB_FIRMWARE_VERSION_600; i++) {
// Relies on the Mariko KEK being properly set in slot 12 // Relies on the Mariko KEK being properly set in slot 12
se_aes_crypt_block_ecb(KS_MARIKO_KEK, DECRYPT, keys->master_kek[i], is_dev ? &mariko_master_kek_sources_dev[i - KB_FIRMWARE_VERSION_600] : &mariko_master_kek_sources[i - KB_FIRMWARE_VERSION_600]); u32 kek_source_index = i - KB_FIRMWARE_VERSION_600;
const void *kek_source = is_dev ? &mariko_master_kek_sources_dev[kek_source_index] : &mariko_master_kek_sources[kek_source_index];
se_aes_crypt_block_ecb(KS_MARIKO_KEK, DECRYPT, keys->master_kek[i], kek_source);
load_aes_key(KS_AES_ECB, keys->master_key[i], keys->master_kek[i], master_key_source); load_aes_key(KS_AES_ECB, keys->master_key[i], keys->master_kek[i], master_key_source);
} }
} }
static int _run_ams_keygen(key_storage_t *keys) {
tsec_ctxt_t tsec_ctxt;
tsec_ctxt.fw = tsec_keygen;
tsec_ctxt.size = sizeof(tsec_keygen);
tsec_ctxt.type = TSEC_FW_TYPE_NEW;
u32 retries = 0;
while (tsec_query(keys->temp_key, &tsec_ctxt) < 0) {
retries++;
if (retries > 15) {
EPRINTF("Failed to run keygen.");
return -1;
}
}
return 0;
}
static void _derive_master_keys_from_latest_key(key_storage_t *keys, bool is_dev) { static void _derive_master_keys_from_latest_key(key_storage_t *keys, bool is_dev) {
minerva_periodic_training(); minerva_periodic_training();
if (!h_cfg.t210b01) { if (!h_cfg.t210b01) {
u32 tsec_root_key_slot = is_dev ? 11 : 13; u32 tsec_root_key_slot = is_dev ? KS_TSEC_ROOT_DEV : KS_TSEC_ROOT;
// Derive all master keys based on current root key // Derive all master keys based on current root key
for (u32 i = KB_FIRMWARE_VERSION_810 - KB_FIRMWARE_VERSION_620; i < ARRAY_SIZE(master_kek_sources); i++) { for (u32 i = KB_FIRMWARE_VERSION_810 - KB_FIRMWARE_VERSION_620; i < ARRAY_SIZE(master_kek_sources); i++) {
se_aes_crypt_block_ecb(tsec_root_key_slot, DECRYPT, keys->master_kek[i + KB_FIRMWARE_VERSION_620], master_kek_sources[i]); u32 key_index = i + KB_FIRMWARE_VERSION_620;
load_aes_key(KS_AES_ECB, keys->master_key[i + KB_FIRMWARE_VERSION_620], keys->master_kek[i + KB_FIRMWARE_VERSION_620], master_key_source); se_aes_crypt_block_ecb(tsec_root_key_slot, DECRYPT, keys->master_kek[key_index], master_kek_sources[i]);
load_aes_key(KS_AES_ECB, keys->master_key[key_index], keys->master_kek[key_index], master_key_source);
} }
} }
@ -113,7 +113,7 @@ static void _derive_master_keys_from_latest_key(key_storage_t *keys, bool is_dev
} }
load_aes_key(KS_AES_ECB, keys->temp_key, keys->master_key[0], is_dev ? master_key_vectors_dev[0] : master_key_vectors[0]); load_aes_key(KS_AES_ECB, keys->temp_key, keys->master_key[0], is_dev ? master_key_vectors_dev[0] : master_key_vectors[0]);
if (_key_exists(keys->temp_key)) { if (key_exists(keys->temp_key)) {
EPRINTFARGS("Unable to derive master keys for %s.", is_dev ? "dev" : "prod"); EPRINTFARGS("Unable to derive master keys for %s.", is_dev ? "dev" : "prod");
memset(keys->master_key, 0, sizeof(keys->master_key)); memset(keys->master_key, 0, sizeof(keys->master_key));
} }
@ -176,7 +176,7 @@ static void _derive_keyblob_keys(key_storage_t *keys) {
memcpy(keys->package1_key[i], keys->keyblob[i].package1_key, sizeof(keys->package1_key[i])); memcpy(keys->package1_key[i], keys->keyblob[i].package1_key, sizeof(keys->package1_key[i]));
memcpy(keys->master_kek[i], keys->keyblob[i].master_kek, sizeof(keys->master_kek[i])); memcpy(keys->master_kek[i], keys->keyblob[i].master_kek, sizeof(keys->master_kek[i]));
if (!_key_exists(keys->master_key[i])) { if (!key_exists(keys->master_key[i])) {
load_aes_key(KS_AES_ECB, keys->master_key[i], keys->master_kek[i], master_key_source); load_aes_key(KS_AES_ECB, keys->master_key[i], keys->master_kek[i], master_key_source);
} }
} }
@ -186,67 +186,26 @@ static void _derive_keyblob_keys(key_storage_t *keys) {
static void _derive_bis_keys(key_storage_t *keys) { static void _derive_bis_keys(key_storage_t *keys) {
minerva_periodic_training(); minerva_periodic_training();
u32 generation = fuse_read_odm_keygen_rev(); u32 generation = fuse_read_odm_keygen_rev();
fs_derive_bis_keys(keys, keys->bis_key, generation);
if (!(_key_exists(keys->device_key) || (generation && _key_exists(keys->master_key[0]) && _key_exists(keys->device_key_4x)))) {
return;
}
generate_specific_aes_key(KS_AES_ECB, keys, &keys->bis_key[0], bis_key_sources[0], generation);
u32 access_key[SE_KEY_128_SIZE / 4] = {0};
const u32 option = IS_DEVICE_UNIQUE;
generate_aes_kek(KS_AES_ECB, keys, access_key, bis_kek_source, generation, option);
generate_aes_key(KS_AES_ECB, keys, keys->bis_key[1], sizeof(keys->bis_key[1]), access_key, bis_key_sources[1]);
generate_aes_key(KS_AES_ECB, keys, keys->bis_key[2], sizeof(keys->bis_key[2]), access_key, bis_key_sources[2]);
memcpy(keys->bis_key[3], keys->bis_key[2], sizeof(keys->bis_key[3]));
}
static void _derive_non_unique_keys(key_storage_t *keys, bool is_dev) {
minerva_periodic_training();
if (_key_exists(keys->master_key[0])) {
const u32 generation = 0;
const u32 option = GET_IS_DEVICE_UNIQUE(NOT_DEVICE_UNIQUE);
generate_aes_kek(KS_AES_ECB, keys, keys->temp_key, header_kek_source, generation, option);
generate_aes_key(KS_AES_ECB, keys, keys->header_key, sizeof(keys->header_key), keys->temp_key, header_key_source);
}
}
static void _derive_rsa_kek(u32 ks, key_storage_t *keys, void *out_rsa_kek, const void *kekek_source, const void *kek_source, u32 generation, u32 option) {
void *access_key = keys->temp_key;
generate_aes_kek(ks, keys, access_key, kekek_source, generation, option);
get_device_unique_data_key(ks, out_rsa_kek, access_key, kek_source);
} }
static void _derive_misc_keys(key_storage_t *keys, bool is_dev) { static void _derive_misc_keys(key_storage_t *keys, bool is_dev) {
minerva_periodic_training(); minerva_periodic_training();
if (_key_exists(keys->device_key) || (_key_exists(keys->master_key[0]) && _key_exists(keys->device_key_4x))) { fs_derive_save_mac_key(keys, keys->save_mac_key);
void *access_key = keys->temp_key; es_derive_rsa_kek_original(keys, keys->eticket_rsa_kek, is_dev);
const u32 generation = 0; ssl_derive_rsa_kek_original(keys, keys->ssl_rsa_kek, is_dev);
const u32 option = IS_DEVICE_UNIQUE;
generate_aes_kek(KS_AES_ECB, keys, access_key, save_mac_kek_source, generation, option);
load_aes_key(KS_AES_ECB, keys->save_mac_key, access_key, save_mac_key_source);
}
if (_key_exists(keys->master_key[0])) {
const void *eticket_kek_source = is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source;
const u32 generation = 0;
u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | NOT_DEVICE_UNIQUE;
_derive_rsa_kek(KS_AES_ECB, keys, keys->eticket_rsa_kek, eticket_rsa_kekek_source, eticket_kek_source, generation, option);
const void *ssl_kek_source = is_dev ? ssl_rsa_kek_source_dev : ssl_rsa_kek_source;
option = SET_SEAL_KEY_INDEX(SEAL_KEY_DECRYPT_DEVICE_UNIQUE_DATA) | NOT_DEVICE_UNIQUE;
_derive_rsa_kek(KS_AES_ECB, keys, keys->ssl_rsa_kek, ssl_rsa_kekek_source, ssl_kek_source, generation, option);
}
} }
static void _derive_per_generation_keys(key_storage_t *keys) { static void _derive_non_unique_keys(key_storage_t *keys) {
minerva_periodic_training();
fs_derive_header_key(keys, keys->header_key);
for (u32 generation = 0; generation < ARRAY_SIZE(keys->master_key); generation++) { for (u32 generation = 0; generation < ARRAY_SIZE(keys->master_key); generation++) {
minerva_periodic_training(); minerva_periodic_training();
if (!_key_exists(keys->master_key[generation])) if (!key_exists(keys->master_key[generation]))
continue; continue;
for (u32 source_type = 0; source_type < ARRAY_SIZE(key_area_key_sources); source_type++) { for (u32 source_type = 0; source_type < ARRAY_SIZE(key_area_key_sources); source_type++) {
void *access_key = keys->temp_key; fs_derive_key_area_key(keys, keys->key_area_key[source_type][generation], source_type, generation);
const u32 option = GET_IS_DEVICE_UNIQUE(NOT_DEVICE_UNIQUE);
generate_aes_kek(KS_AES_ECB, keys, access_key, key_area_key_sources[source_type], generation + 1, option);
load_aes_key(KS_AES_ECB, keys->key_area_key[source_type][generation], access_key, aes_key_generation_source);
} }
load_aes_key(KS_AES_ECB, keys->package2_key[generation], keys->master_key[generation], package2_key_source); load_aes_key(KS_AES_ECB, keys->package2_key[generation], keys->master_key[generation], package2_key_source);
load_aes_key(KS_AES_ECB, keys->titlekek[generation], keys->master_key[generation], titlekek_source); load_aes_key(KS_AES_ECB, keys->titlekek[generation], keys->master_key[generation], titlekek_source);
@ -292,7 +251,7 @@ static void _decode_tickets(u32 buf_size, titlekey_buffer_t *titlekey_buffer, u3
} }
} }
static bool _get_titlekeys_from_save(u32 buf_size, const u8 *save_mac_key, titlekey_buffer_t *titlekey_buffer, rsa_keypair_t *rsa_keypair) { static bool _get_titlekeys_from_save(u32 buf_size, const u8 *save_mac_key, titlekey_buffer_t *titlekey_buffer, eticket_rsa_keypair_t *rsa_keypair) {
FIL fp; FIL fp;
u64 br = buf_size; u64 br = buf_size;
u64 offset = 0; u64 offset = 0;
@ -471,14 +430,12 @@ static bool _decrypt_ssl_rsa_key(key_storage_t *keys, titlekey_buffer_t *titleke
return true; return true;
} }
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_DECRYPT_DEVICE_UNIQUE_DATA) | NOT_DEVICE_UNIQUE; ssl_derive_rsa_kek_legacy(keys, keys->ssl_rsa_kek_legacy);
ctr_key = keys->ssl_rsa_kek_legacy; ctr_key = keys->ssl_rsa_kek_legacy;
_derive_rsa_kek(KS_AES_ECB, keys, ctr_key, ssl_rsa_kekek_source, ssl_rsa_kek_source_legacy, generation, option);
enforce_unique = false; enforce_unique = false;
} else if (generation) { } else if (generation) {
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_SSL_KEY) | IS_DEVICE_UNIQUE; ssl_derive_rsa_kek_device_unique(keys, keys->ssl_rsa_kek_personalized, generation);
ctr_key = keys->ssl_rsa_kek_personalized; ctr_key = keys->ssl_rsa_kek_personalized;
_derive_rsa_kek(KS_AES_ECB, keys, ctr_key, ssl_client_cert_kek_source, ssl_client_cert_key_source, generation, option);
} else { } else {
ctr_key = keys->ssl_rsa_kek; ctr_key = keys->ssl_rsa_kek;
} }
@ -520,9 +477,9 @@ static bool _decrypt_eticket_rsa_key(key_storage_t *keys, titlekey_buffer_t *tit
// Handle legacy case // Handle legacy case
if (key_size == ETICKET_RSA_KEYPAIR_SIZE) { if (key_size == ETICKET_RSA_KEYPAIR_SIZE) {
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | NOT_DEVICE_UNIQUE; u32 temp_key[SE_KEY_128_SIZE / 4] = {0};
ctr_key = keys->temp_key; es_derive_rsa_kek_legacy(keys, temp_key);
_derive_rsa_kek(KS_AES_ECB, keys, ctr_key, eticket_rsa_kekek_source, eticket_rsa_kek_source_legacy, generation, option); ctr_key = temp_key;
se_aes_key_set(KS_AES_CTR, ctr_key, SE_KEY_128_SIZE); se_aes_key_set(KS_AES_CTR, ctr_key, SE_KEY_128_SIZE);
se_aes_crypt_ctr(KS_AES_CTR, &keys->eticket_rsa_keypair, sizeof(keys->eticket_rsa_keypair), encrypted_key, sizeof(keys->eticket_rsa_keypair), iv); se_aes_crypt_ctr(KS_AES_CTR, &keys->eticket_rsa_keypair, sizeof(keys->eticket_rsa_keypair), encrypted_key, sizeof(keys->eticket_rsa_keypair), iv);
@ -535,10 +492,8 @@ static bool _decrypt_eticket_rsa_key(key_storage_t *keys, titlekey_buffer_t *tit
} }
if (generation) { if (generation) {
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | IS_DEVICE_UNIQUE; es_derive_rsa_kek_device_unique(keys, keys->eticket_rsa_kek_personalized, generation, is_dev);
ctr_key = keys->eticket_rsa_kek_personalized; ctr_key = keys->eticket_rsa_kek_personalized;
const void *kek_source = is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source;
_derive_rsa_kek(KS_AES_ECB, keys, ctr_key, eticket_rsa_kekek_source, kek_source, generation, option);
} else { } else {
ctr_key = keys->eticket_rsa_kek; ctr_key = keys->eticket_rsa_kek;
} }
@ -556,16 +511,12 @@ static bool _decrypt_eticket_rsa_key(key_storage_t *keys, titlekey_buffer_t *tit
} }
static bool _derive_titlekeys(key_storage_t *keys, titlekey_buffer_t *titlekey_buffer, bool is_dev) { static bool _derive_titlekeys(key_storage_t *keys, titlekey_buffer_t *titlekey_buffer, bool is_dev) {
if (!_key_exists(keys->eticket_rsa_kek)) { if (!key_exists(keys->eticket_rsa_kek)) {
return false; return false;
} }
gfx_printf("%kTitlekeys... \n", colors[(color_idx++) % 6]); gfx_printf("%kTitlekeys... \n", colors[(color_idx++) % 6]);
if (!_decrypt_eticket_rsa_key(keys, titlekey_buffer, is_dev)) {
return false;
}
const u32 buf_size = SAVE_BLOCK_SIZE_DEFAULT; const u32 buf_size = SAVE_BLOCK_SIZE_DEFAULT;
_get_titlekeys_from_save(buf_size, keys->save_mac_key, titlekey_buffer, NULL); _get_titlekeys_from_save(buf_size, keys->save_mac_key, titlekey_buffer, NULL);
_get_titlekeys_from_save(buf_size, keys->save_mac_key, titlekey_buffer, &keys->eticket_rsa_keypair); _get_titlekeys_from_save(buf_size, keys->save_mac_key, titlekey_buffer, &keys->eticket_rsa_keypair);
@ -591,6 +542,17 @@ static bool _derive_emmc_keys(key_storage_t *keys, titlekey_buffer_t *titlekey_b
EPRINTF("Unable to set partition."); EPRINTF("Unable to set partition.");
return false; return false;
} }
bool res = _decrypt_ssl_rsa_key(keys, titlekey_buffer);
if (!res) {
EPRINTF("Unable to derive SSL key.");
}
res =_decrypt_eticket_rsa_key(keys, titlekey_buffer, is_dev);
if (!res) {
EPRINTF("Unable to derive ETicket key.");
}
// Parse eMMC GPT // Parse eMMC GPT
LIST_INIT(gpt); LIST_INIT(gpt);
nx_emmc_gpt_parse(&gpt, &emmc_storage); nx_emmc_gpt_parse(&gpt, &emmc_storage);
@ -616,11 +578,6 @@ static bool _derive_emmc_keys(key_storage_t *keys, titlekey_buffer_t *titlekey_b
EPRINTF("Unable to get SD seed."); EPRINTF("Unable to get SD seed.");
} }
bool res = _decrypt_ssl_rsa_key(keys, titlekey_buffer);
if (!res) {
EPRINTF("Unable to derive SSL key.");
}
res = _derive_titlekeys(keys, titlekey_buffer, is_dev); res = _derive_titlekeys(keys, titlekey_buffer, is_dev);
if (!res) { if (!res) {
EPRINTF("Unable to derive titlekeys."); EPRINTF("Unable to derive titlekeys.");
@ -660,7 +617,7 @@ int save_mariko_partial_keys(u32 start, u32 count, bool append) {
// Check if key is as expected // Check if key is as expected
if (ks < ARRAY_SIZE(mariko_key_vectors)) { if (ks < ARRAY_SIZE(mariko_key_vectors)) {
se_aes_crypt_block_ecb(ks, DECRYPT, &data[0], mariko_key_vectors[ks]); se_aes_crypt_block_ecb(ks, DECRYPT, &data[0], mariko_key_vectors[ks]);
if (_key_exists(data)) { if (key_exists(data)) {
EPRINTFARGS("Failed to validate keyslot %d.", ks); EPRINTFARGS("Failed to validate keyslot %d.", ks);
continue; continue;
} }
@ -858,19 +815,19 @@ static void _derive_master_keys(key_storage_t *prod_keys, key_storage_t *dev_key
key_storage_t *keys = is_dev ? dev_keys : prod_keys; key_storage_t *keys = is_dev ? dev_keys : prod_keys;
if (h_cfg.t210b01) { if (h_cfg.t210b01) {
_derive_master_key_mariko(keys, is_dev); _derive_master_keys_mariko(keys, is_dev);
_derive_master_keys_from_latest_key(keys, is_dev); _derive_master_keys_from_latest_key(keys, is_dev);
} else { } else {
int res = _run_ams_keygen(keys); if (run_ams_keygen(keys)) {
if (res) { EPRINTF("Failed to run keygen.");
return; return;
} }
u8 *aes_keys = (u8 *)calloc(SZ_4K, 1); u8 *aes_keys = (u8 *)calloc(SZ_4K, 1);
se_get_aes_keys(aes_keys + SZ_2K, aes_keys, SE_KEY_128_SIZE); se_get_aes_keys(aes_keys + SZ_2K, aes_keys, SE_KEY_128_SIZE);
memcpy(&dev_keys->tsec_root_key, aes_keys + KS_TSEC_ROOT_DEV * SE_KEY_128_SIZE, SE_KEY_128_SIZE); memcpy(&dev_keys->tsec_root_key, aes_keys + KS_TSEC_ROOT_DEV * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
memcpy(keys->tsec_key, aes_keys + KS_TSEC * SE_KEY_128_SIZE, SE_KEY_128_SIZE); memcpy(keys->tsec_key, aes_keys + KS_TSEC * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
memcpy(&prod_keys->tsec_root_key, aes_keys + KS_TSEC_ROOT * SE_KEY_128_SIZE, SE_KEY_128_SIZE); memcpy(&prod_keys->tsec_root_key, aes_keys + KS_TSEC_ROOT * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
free(aes_keys); free(aes_keys);
_derive_master_keys_from_latest_key(prod_keys, false); _derive_master_keys_from_latest_key(prod_keys, false);
@ -916,17 +873,15 @@ static void _derive_keys() {
TPRINTFARGS("%kBIS keys... ", colors[(color_idx++) % 6]); TPRINTFARGS("%kBIS keys... ", colors[(color_idx++) % 6]);
_derive_misc_keys(keys, is_dev); _derive_misc_keys(keys, is_dev);
_derive_non_unique_keys(&prod_keys, is_dev); _derive_non_unique_keys(&prod_keys);
_derive_non_unique_keys(&dev_keys, is_dev); _derive_non_unique_keys(&dev_keys);
_derive_per_generation_keys(&prod_keys);
_derive_per_generation_keys(&dev_keys);
titlekey_buffer_t *titlekey_buffer = (titlekey_buffer_t *)TITLEKEY_BUF_ADR; titlekey_buffer_t *titlekey_buffer = (titlekey_buffer_t *)TITLEKEY_BUF_ADR;
// Requires BIS key for SYSTEM partition // Requires BIS key for SYSTEM partition
if (!emmc_storage.initialized) { if (!emmc_storage.initialized) {
EPRINTF("eMMC not initialized.\nSkipping SD seed and titlekeys."); EPRINTF("eMMC not initialized.\nSkipping SD seed and titlekeys.");
} else if (_key_exists(keys->bis_key[2])) { } else if (key_exists(keys->bis_key[2])) {
_derive_emmc_keys(keys, titlekey_buffer, is_dev); _derive_emmc_keys(keys, titlekey_buffer, is_dev);
} else { } else {
EPRINTF("Missing needed BIS keys.\nSkipping SD seed and titlekeys."); EPRINTF("Missing needed BIS keys.\nSkipping SD seed and titlekeys.");
@ -946,37 +901,6 @@ static void _derive_keys() {
} }
} }
static void _decrypt_amiibo_keys(key_storage_t *keys, const u8 *encrypted_keys, nfc_save_key_t nfc_save_keys[2]) {
u32 kek[SE_KEY_128_SIZE / 4] = {0};
decrypt_aes_key(KS_AES_ECB, keys, kek, nfc_key_source, 0, 0);
nfc_keyblob_t __attribute__((aligned(4))) nfc_keyblob;
static const u8 nfc_iv[SE_KEY_128_SIZE] = {
0xB9, 0x1D, 0xC1, 0xCF, 0x33, 0x5F, 0xA6, 0x13, 0x2A, 0xEF, 0x90, 0x99, 0xAA, 0xCA, 0x93, 0xC8};
se_aes_key_set(KS_AES_CTR, kek, SE_KEY_128_SIZE);
se_aes_crypt_ctr(KS_AES_CTR, &nfc_keyblob, sizeof(nfc_keyblob), encrypted_keys, sizeof(nfc_keyblob), &nfc_iv);
minerva_periodic_training();
u32 xor_pad[0x20 / 4] = {0};
se_aes_key_set(KS_AES_CTR, nfc_keyblob.ctr_key, SE_KEY_128_SIZE);
se_aes_crypt_ctr(KS_AES_CTR, xor_pad, sizeof(xor_pad), xor_pad, sizeof(xor_pad), nfc_keyblob.ctr_iv);
minerva_periodic_training();
memcpy(nfc_save_keys[0].hmac_key, nfc_keyblob.hmac_key, sizeof(nfc_keyblob.hmac_key));
memcpy(nfc_save_keys[0].phrase, nfc_keyblob.phrase, sizeof(nfc_keyblob.phrase));
nfc_save_keys[0].seed_size = sizeof(nfc_keyblob.seed);
memcpy(nfc_save_keys[0].seed, nfc_keyblob.seed, sizeof(nfc_keyblob.seed));
memcpy(nfc_save_keys[0].xor_pad, xor_pad, sizeof(xor_pad));
memcpy(nfc_save_keys[1].hmac_key, nfc_keyblob.hmac_key_for_verif, sizeof(nfc_keyblob.hmac_key_for_verif));
memcpy(nfc_save_keys[1].phrase, nfc_keyblob.phrase_for_verif, sizeof(nfc_keyblob.phrase_for_verif));
nfc_save_keys[1].seed_size = sizeof(nfc_keyblob.seed_for_verif);
memcpy(nfc_save_keys[1].seed, nfc_keyblob.seed_for_verif, sizeof(nfc_keyblob.seed_for_verif));
memcpy(nfc_save_keys[1].xor_pad, xor_pad, sizeof(xor_pad));
}
void derive_amiibo_keys() { void derive_amiibo_keys() {
minerva_change_freq(FREQ_1600); minerva_change_freq(FREQ_1600);
@ -984,7 +908,6 @@ void derive_amiibo_keys() {
key_storage_t __attribute__((aligned(4))) prod_keys = {0}, dev_keys = {0}; key_storage_t __attribute__((aligned(4))) prod_keys = {0}, dev_keys = {0};
key_storage_t *keys = is_dev ? &dev_keys : &prod_keys; key_storage_t *keys = is_dev ? &dev_keys : &prod_keys;
const u8 *encrypted_keys = is_dev ? encrypted_nfc_keys_dev : encrypted_nfc_keys;
_derive_master_keys(&prod_keys, &dev_keys, is_dev); _derive_master_keys(&prod_keys, &dev_keys, is_dev);
@ -998,7 +921,7 @@ void derive_amiibo_keys() {
minerva_periodic_training(); minerva_periodic_training();
if (!_key_exists(keys->master_key[0])) { if (!key_exists(keys->master_key[0])) {
EPRINTF("Unable to derive master keys for NFC."); EPRINTF("Unable to derive master keys for NFC.");
minerva_change_freq(FREQ_800); minerva_change_freq(FREQ_800);
btn_wait(); btn_wait();
@ -1007,7 +930,7 @@ void derive_amiibo_keys() {
nfc_save_key_t __attribute__((aligned(4))) nfc_save_keys[2] = {0}; nfc_save_key_t __attribute__((aligned(4))) nfc_save_keys[2] = {0};
_decrypt_amiibo_keys(keys, encrypted_keys, nfc_save_keys); nfc_decrypt_amiibo_keys(keys, nfc_save_keys, is_dev);
minerva_periodic_training(); minerva_periodic_training();
@ -1073,23 +996,3 @@ void dump_keys() {
} }
gfx_clear_grey(0x1B); gfx_clear_grey(0x1B);
} }
static void _save_key(const char *name, const void *data, u32 len, char *outbuf) {
if (!_key_exists(data))
return;
u32 pos = strlen(outbuf);
pos += s_printf(&outbuf[pos], "%s = ", name);
for (u32 i = 0; i < len; i++)
pos += s_printf(&outbuf[pos], "%02x", *(u8*)(data + i));
s_printf(&outbuf[pos], "\n");
_key_count++;
}
static void _save_key_family(const char *name, const void *data, u32 start_key, u32 num_keys, u32 len, char *outbuf) {
char *temp_name = calloc(1, 0x40);
for (u32 i = 0; i < num_keys; i++) {
s_printf(temp_name, "%s_%02x", name, i + start_key);
_save_key(temp_name, data + i * len, len, outbuf);
}
free(temp_name);
}

View file

@ -62,27 +62,6 @@ typedef struct {
u8 titlekeys[SZ_256K / 0x10][0x10]; u8 titlekeys[SZ_256K / 0x10][0x10];
} titlekey_buffer_t; } titlekey_buffer_t;
typedef struct {
char phrase[0xE];
u8 seed[0xE];
u8 hmac_key[0x10];
char phrase_for_verif[0xE];
u8 seed_for_verif[0x10];
u8 hmac_key_for_verif[0x10];
u8 ctr_key[0x10];
u8 ctr_iv[0x10];
u8 pad[6];
} nfc_keyblob_t;
typedef struct {
u8 hmac_key[0x10];
char phrase[0xE];
u8 rsvd;
u8 seed_size;
u8 seed[0x10];
u8 xor_pad[0x20];
} nfc_save_key_t;
typedef struct { typedef struct {
char rights_id[0x20]; char rights_id[0x20];
char equals[3]; char equals[3];

54
source/keys/nfc_crypto.c Normal file
View file

@ -0,0 +1,54 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "nfc_crypto.h"
#include <mem/minerva.h>
#include <sec/se.h>
#include <string.h>
void nfc_decrypt_amiibo_keys(key_storage_t *keys, nfc_save_key_t out_nfc_save_keys[2], bool is_dev) {
const u8 *encrypted_keys = is_dev ? encrypted_nfc_keys_dev : encrypted_nfc_keys;
u32 kek[SE_KEY_128_SIZE / 4] = {0};
decrypt_aes_key(KS_AES_ECB, keys, kek, nfc_key_source, 0, 0);
nfc_keyblob_t __attribute__((aligned(4))) nfc_keyblob;
static const u8 nfc_iv[SE_KEY_128_SIZE] = {
0xB9, 0x1D, 0xC1, 0xCF, 0x33, 0x5F, 0xA6, 0x13, 0x2A, 0xEF, 0x90, 0x99, 0xAA, 0xCA, 0x93, 0xC8};
se_aes_key_set(KS_AES_CTR, kek, SE_KEY_128_SIZE);
se_aes_crypt_ctr(KS_AES_CTR, &nfc_keyblob, sizeof(nfc_keyblob), encrypted_keys, sizeof(nfc_keyblob), &nfc_iv);
minerva_periodic_training();
u32 xor_pad[0x20 / 4] = {0};
se_aes_key_set(KS_AES_CTR, nfc_keyblob.ctr_key, SE_KEY_128_SIZE);
se_aes_crypt_ctr(KS_AES_CTR, xor_pad, sizeof(xor_pad), xor_pad, sizeof(xor_pad), nfc_keyblob.ctr_iv);
minerva_periodic_training();
memcpy(out_nfc_save_keys[0].hmac_key, nfc_keyblob.hmac_key, sizeof(nfc_keyblob.hmac_key));
memcpy(out_nfc_save_keys[0].phrase, nfc_keyblob.phrase, sizeof(nfc_keyblob.phrase));
out_nfc_save_keys[0].seed_size = sizeof(nfc_keyblob.seed);
memcpy(out_nfc_save_keys[0].seed, nfc_keyblob.seed, sizeof(nfc_keyblob.seed));
memcpy(out_nfc_save_keys[0].xor_pad, xor_pad, sizeof(xor_pad));
memcpy(out_nfc_save_keys[1].hmac_key, nfc_keyblob.hmac_key_for_verif, sizeof(nfc_keyblob.hmac_key_for_verif));
memcpy(out_nfc_save_keys[1].phrase, nfc_keyblob.phrase_for_verif, sizeof(nfc_keyblob.phrase_for_verif));
out_nfc_save_keys[1].seed_size = sizeof(nfc_keyblob.seed_for_verif);
memcpy(out_nfc_save_keys[1].seed, nfc_keyblob.seed_for_verif, sizeof(nfc_keyblob.seed_for_verif));
memcpy(out_nfc_save_keys[1].xor_pad, xor_pad, sizeof(xor_pad));
}

75
source/keys/nfc_crypto.h Normal file
View file

@ -0,0 +1,75 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _NFC_CRYPTO_H_
#define _NFC_CRYPTO_H_
#include "crypto.h"
#include <sec/se_t210.h>
#include <utils/types.h>
static const u8 nfc_key_source[0x10] __attribute__((aligned(4))) = {
0x83, 0xF6, 0xEF, 0xD8, 0x13, 0x26, 0x49, 0xAB, 0x97, 0x5F, 0xEA, 0xBA, 0x65, 0x71, 0xCA, 0xCA};
static const u8 encrypted_nfc_keys[0x80] __attribute__((aligned(4))) = {
0x76, 0x50, 0x87, 0x02, 0x40, 0xA6, 0x5A, 0x98, 0xCE, 0x39, 0x2F, 0xC8, 0x83, 0xAF, 0x54, 0x76,
0x28, 0xFF, 0x50, 0xFC, 0xC1, 0xFB, 0x26, 0x14, 0xA2, 0x4A, 0xA6, 0x74, 0x90, 0xA4, 0x37, 0x06,
0x03, 0x63, 0xC2, 0xB1, 0xAF, 0x9F, 0xF7, 0x07, 0xFC, 0x8A, 0xB9, 0xCA, 0x28, 0x68, 0x6E, 0xF7,
0x42, 0xCD, 0x68, 0x13, 0xCD, 0x7B, 0x3A, 0x60, 0x3E, 0x8B, 0xAB, 0x3A, 0xCC, 0xED, 0xE0, 0xDD,
0x71, 0x1F, 0xA5, 0xDE, 0xB8, 0xB1, 0xF5, 0x1D, 0x14, 0x73, 0xBE, 0x27, 0xCC, 0xA1, 0x9B, 0x23,
0x06, 0x91, 0x89, 0x05, 0xED, 0xD6, 0x92, 0x76, 0x3F, 0x42, 0xFB, 0xD1, 0x8F, 0x2D, 0x6D, 0x72,
0xC8, 0x9E, 0x48, 0xE8, 0x03, 0x64, 0xF0, 0x3C, 0x0E, 0x2A, 0xF1, 0x26, 0x83, 0x02, 0x4F, 0xE2,
0x41, 0xAA, 0xC8, 0x33, 0x68, 0x84, 0x3A, 0xFB, 0x87, 0x18, 0xEA, 0xF7, 0x36, 0xA2, 0x4E, 0xA9};
static const u8 encrypted_nfc_keys_dev[0x80] __attribute__((aligned(4))) = {
0x13, 0xB0, 0xFB, 0xC2, 0x91, 0x6D, 0x6E, 0x5A, 0x10, 0x31, 0x40, 0xB7, 0xDF, 0xCF, 0x69, 0x69,
0xB0, 0xFA, 0xAE, 0x7F, 0xB2, 0x4D, 0x27, 0xC9, 0xE9, 0x3F, 0x5B, 0x38, 0x39, 0x24, 0x98, 0xCE,
0xED, 0xD2, 0xA9, 0x6C, 0x6F, 0xA7, 0x72, 0xD7, 0x11, 0x31, 0x17, 0x93, 0x12, 0x49, 0x32, 0x85,
0x21, 0xE5, 0xE1, 0x88, 0x0F, 0x08, 0xF2, 0x30, 0x5C, 0xC3, 0xAA, 0xFF, 0xC0, 0xAB, 0x21, 0x96,
0x74, 0x39, 0xED, 0xE0, 0x5A, 0xB6, 0x75, 0xC2, 0x3B, 0x08, 0x61, 0xE4, 0xA7, 0xD6, 0xED, 0x8C,
0xA9, 0x02, 0x12, 0xA6, 0xCC, 0x27, 0x4C, 0x1C, 0x41, 0x9C, 0xD8, 0x4C, 0x00, 0xC7, 0x5B, 0x5D,
0xED, 0xC2, 0x3D, 0x5E, 0x00, 0xF5, 0x49, 0xFA, 0x6C, 0x75, 0x67, 0xCF, 0x1F, 0x73, 0x1A, 0xE8,
0x47, 0xD4, 0x3D, 0x9B, 0x83, 0x5B, 0x18, 0x2F, 0x95, 0xA9, 0x04, 0xBC, 0x2E, 0xBB, 0x64, 0x4A};
static const u8 nfc_blob_hash[SE_SHA_256_SIZE] __attribute__((aligned(4))) = {
0x7F, 0x92, 0x83, 0x65, 0x4E, 0xC1, 0x09, 0x7F, 0xBD, 0xFF, 0x31, 0xDE, 0x94, 0x66, 0x51, 0xAE,
0x60, 0xC2, 0x85, 0x4A, 0xFB, 0x54, 0x4A, 0xBE, 0x89, 0x63, 0xD3, 0x89, 0x63, 0x9C, 0x71, 0x0E};
static const u8 nfc_blob_hash_dev[SE_SHA_256_SIZE] __attribute__((aligned(4))) = {
0x4E, 0x36, 0x59, 0x1C, 0x75, 0x80, 0x23, 0x03, 0x98, 0x2D, 0x45, 0xD9, 0x85, 0xB8, 0x60, 0x18,
0x7C, 0x85, 0x37, 0x9B, 0xCB, 0xBA, 0xF3, 0xDC, 0x25, 0x38, 0x73, 0xDB, 0x2F, 0xFA, 0xAE, 0x26};
typedef struct {
char phrase[0xE];
u8 seed[0xE];
u8 hmac_key[0x10];
char phrase_for_verif[0xE];
u8 seed_for_verif[0x10];
u8 hmac_key_for_verif[0x10];
u8 ctr_key[0x10];
u8 ctr_iv[0x10];
u8 pad[6];
} nfc_keyblob_t;
typedef struct {
u8 hmac_key[0x10];
char phrase[0xE];
u8 rsvd;
u8 seed_size;
u8 seed[0x10];
u8 xor_pad[0x20];
} nfc_save_key_t;
void nfc_decrypt_amiibo_keys(key_storage_t *keys, nfc_save_key_t out_nfc_save_keys[2], bool is_dev);
#endif

51
source/keys/ssl_crypto.c Normal file
View file

@ -0,0 +1,51 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "ssl_crypto.h"
#include "../config.h"
extern hekate_config h_cfg;
void ssl_derive_rsa_kek_device_unique(key_storage_t *keys, void *out_rsa_kek, u32 generation) {
if ((!h_cfg.t210b01 && !key_exists(keys->device_key)) || (h_cfg.t210b01 && (!key_exists(keys->master_key[0]) || !key_exists(keys->device_key_4x)))) {
return;
}
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_SSL_KEY) | IS_DEVICE_UNIQUE;
derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, ssl_client_cert_kek_source, ssl_client_cert_key_source, generation, option);
}
void ssl_derive_rsa_kek_legacy(key_storage_t *keys, void *out_rsa_kek) {
if (!key_exists(keys->master_key[0])) {
return;
}
const u32 generation = 0;
const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_DECRYPT_DEVICE_UNIQUE_DATA) | NOT_DEVICE_UNIQUE;
derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, ssl_rsa_kekek_source, ssl_rsa_kek_source_legacy, generation, option);
}
void ssl_derive_rsa_kek_original(key_storage_t *keys, void *out_rsa_kek, bool is_dev) {
if (!key_exists(keys->master_key[0])) {
return;
}
const void *ssl_kek_source = is_dev ? ssl_rsa_kek_source_dev : ssl_rsa_kek_source;
const u32 generation = 0;
u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_DECRYPT_DEVICE_UNIQUE_DATA) | NOT_DEVICE_UNIQUE;
derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, ssl_rsa_kekek_source, ssl_kek_source, generation, option);
}

41
source/keys/ssl_crypto.h Normal file
View file

@ -0,0 +1,41 @@
/*
* Copyright (c) 2022 shchmue
*
* This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License,
* version 2, as published by the Free Software Foundation.
*
* This program is distributed in the hope it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
* more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _SSL_CRYPTO_H_
#define _SSL_CRYPTO_H_
#include "crypto.h"
#include <utils/types.h>
static const u8 ssl_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
0X7F, 0X5B, 0XB0, 0X84, 0X7B, 0X25, 0XAA, 0X67, 0XFA, 0XC8, 0X4B, 0XE2, 0X3D, 0X7B, 0X69, 0X03};
static const u8 ssl_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
0X9A, 0X38, 0X3B, 0XF4, 0X31, 0XD0, 0XBD, 0X81, 0X32, 0X53, 0X4B, 0XA9, 0X64, 0X39, 0X7D, 0XE3};
static const u8 ssl_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
0xD5, 0xD2, 0xFC, 0x00, 0xFD, 0x49, 0xDD, 0xF8, 0xEE, 0x7B, 0xC4, 0x4B, 0xE1, 0x4C, 0xAA, 0x99};
static const u8 ssl_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
0xED, 0x36, 0xB1, 0x32, 0x27, 0x17, 0xD2, 0xB0, 0xBA, 0x1F, 0xC1, 0xBD, 0x4D, 0x38, 0x0F, 0x5E};
static const u8 ssl_client_cert_kek_source[0x10] __attribute__((aligned(4))) = {
0x64, 0xB8, 0x30, 0xDD, 0x0F, 0x3C, 0xB7, 0xFB, 0x4C, 0x16, 0x01, 0x97, 0xEA, 0x9D, 0x12, 0x10};
static const u8 ssl_client_cert_key_source[0x10] __attribute__((aligned(4))) = {
0x4D, 0x92, 0x5A, 0x69, 0x42, 0x23, 0xBB, 0x92, 0x59, 0x16, 0x3E, 0x51, 0x8C, 0x78, 0x14, 0x0F};
void ssl_derive_rsa_kek_device_unique(key_storage_t *keys, void *out_rsa_kek, u32 generation);
void ssl_derive_rsa_kek_legacy(key_storage_t *keys, void *out_rsa_kek);
void ssl_derive_rsa_kek_original(key_storage_t *keys, void *out_rsa_kek, bool is_dev);
#endif