From 3ddd1c26ad126f1b47e4ba36300852a41084b14a Mon Sep 17 00:00:00 2001
From: CTCaer <ctcaer@gmail.com>
Date: Tue, 14 Jul 2020 23:29:48 +0300
Subject: [PATCH] pkg1: Fix PK11 component split in pkg1/2 dump tool

---
 bootloader/frontend/fe_tools.c   | 29 +++++++---
 bootloader/hos/pkg1.c            | 99 ++++++++++++++++----------------
 bootloader/hos/pkg1.h            |  6 +-
 nyx/nyx_gui/frontend/gui_tools.c | 28 ++++++---
 nyx/nyx_gui/hos/pkg1.c           | 64 ++++++++++-----------
 nyx/nyx_gui/hos/pkg1.h           |  6 +-
 6 files changed, 131 insertions(+), 101 deletions(-)

diff --git a/bootloader/frontend/fe_tools.c b/bootloader/frontend/fe_tools.c
index 24dab72..1ab05b2 100644
--- a/bootloader/frontend/fe_tools.c
+++ b/bootloader/frontend/fe_tools.c
@@ -88,7 +88,6 @@ void dump_packages12()
 
 		goto out_free;
 	}
-	const pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + pkg1_id->pkg11_off + 0x20);
 
 	kb = pkg1_id->kb;
 
@@ -130,16 +129,30 @@ void dump_packages12()
 
 	if (kb <= KB_FIRMWARE_VERSION_620)
 	{
-		pkg1_unpack(warmboot, secmon, loader, pkg1_id, pkg1);
+		const u8 *sec_map = pkg1_unpack(warmboot, secmon, loader, pkg1_id, pkg1);
+
+		pk11_hdr_t *hdr_pk11 = (pk11_hdr_t *)(pkg1 + pkg1_id->pkg11_off + 0x20);
+
+		// Use correct sizes.
+		u32 sec_size[3] = { hdr_pk11->wb_size, hdr_pk11->ldr_size, hdr_pk11->sm_size };
+		for (u32 i = 0; i < 3; i++)
+		{
+			if (sec_map[i] == PK11_SECTION_WB)
+				hdr_pk11->wb_size = sec_size[i];
+			else if (sec_map[i] == PK11_SECTION_LD)
+				hdr_pk11->ldr_size = sec_size[i];
+			else if (sec_map[i] == PK11_SECTION_SM)
+				hdr_pk11->sm_size = sec_size[i];
+		}
 
 		// Display info.
-		gfx_printf("%kNX Bootloader size:  %k0x%05X\n\n", 0xFFC7EA46, 0xFFCCCCCC, hdr->ldr_size);
+		gfx_printf("%kNX Bootloader size:  %k0x%05X\n\n", 0xFFC7EA46, 0xFFCCCCCC, hdr_pk11->ldr_size);
 
 		gfx_printf("%kSecure monitor addr: %k0x%05X\n", 0xFFC7EA46, 0xFFCCCCCC, pkg1_id->secmon_base);
-		gfx_printf("%kSecure monitor size: %k0x%05X\n\n", 0xFFC7EA46, 0xFFCCCCCC, hdr->sm_size);
+		gfx_printf("%kSecure monitor size: %k0x%05X\n\n", 0xFFC7EA46, 0xFFCCCCCC, hdr_pk11->sm_size);
 
 		gfx_printf("%kWarmboot addr:       %k0x%05X\n", 0xFFC7EA46, 0xFFCCCCCC, pkg1_id->warmboot_base);
-		gfx_printf("%kWarmboot size:       %k0x%05X\n\n", 0xFFC7EA46, 0xFFCCCCCC, hdr->wb_size);
+		gfx_printf("%kWarmboot size:       %k0x%05X\n\n", 0xFFC7EA46, 0xFFCCCCCC, hdr_pk11->wb_size);
 
 		// Dump package1.1.
 		emmcsn_path_impl(path, "/pkg1", "pkg1_decr.bin", &storage);
@@ -149,19 +162,19 @@ void dump_packages12()
 
 		// Dump nxbootloader.
 		emmcsn_path_impl(path, "/pkg1", "nxloader.bin", &storage);
-		if (sd_save_to_file(loader, hdr->ldr_size, path))
+		if (sd_save_to_file(loader, hdr_pk11->ldr_size, path))
 			goto out_free;
 		gfx_puts("NX Bootloader dumped to nxloader.bin\n");
 
 		// Dump secmon.
 		emmcsn_path_impl(path, "/pkg1", "secmon.bin", &storage);
-		if (sd_save_to_file(secmon, hdr->sm_size, path))
+		if (sd_save_to_file(secmon, hdr_pk11->sm_size, path))
 			goto out_free;
 		gfx_puts("Secure Monitor dumped to secmon.bin\n");
 
 		// Dump warmboot.
 		emmcsn_path_impl(path, "/pkg1", "warmboot.bin", &storage);
-		if (sd_save_to_file(warmboot, hdr->wb_size, path))
+		if (sd_save_to_file(warmboot, hdr_pk11->wb_size, path))
 			goto out_free;
 		gfx_puts("Warmboot dumped to warmboot.bin\n\n\n");
 	}
diff --git a/bootloader/hos/pkg1.c b/bootloader/hos/pkg1.c
index 1db36cb..649248a 100644
--- a/bootloader/hos/pkg1.c
+++ b/bootloader/hos/pkg1.c
@@ -26,43 +26,38 @@
 #include <sec/se.h>
 #include <utils/aarch64_util.h>
 
-#define PK11_SECTION_WB 0
-#define PK11_SECTION_LD 1
-#define PK11_SECTION_SM 2
-
-#define _NOPv7() 0xE320F000
-
+// Secmon package2 signature/hash checks patches for Erista.
 #define SM_100_ADR 0x4002B020 // Original: 0x40014020.
 PATCHSET_DEF(_secmon_1_patchset,
 	// Patch the relocator to be able to run from SM_100_ADR.
 	{ 0x1E0, _ADRP(0, 0x7C013000 - _PAGEOFF(SM_100_ADR)) },
-	//Patch package2 decryption and signature/hash checks.
-	{ 0x9F0 + 0xADC, _NOP() } // Header signature.
+	// Patch package2 signature/hash checks.
+	{ 0x9F0 + 0xADC, _NOP() }
 );
 
 PATCHSET_DEF(_secmon_2_patchset,
-	// Patch package2 decryption and signature/hash checks.
-	{ 0xAC8 + 0xAAC, _NOP() } // Header signature.
+	// Patch package2 signature/hash checks.
+	{ 0xAC8 + 0xAAC, _NOP() }
 );
 
 PATCHSET_DEF(_secmon_3_patchset,
-	// Patch package2 decryption and signature/hash checks.
-	{ 0xAC8 + 0xA30, _NOP() } // Header signature.
+	// Patch package2 signature/hash checks.
+	{ 0xAC8 + 0xA30, _NOP() }
 );
 
 PATCHSET_DEF(_secmon_4_patchset,
-	// Patch package2 decryption and signature/hash checks.
-	{ 0x2300 + 0x5EFC, _NOP() } // Header signature.
+	// Patch package2 signature/hash checks.
+	{ 0x2300 + 0x5EFC, _NOP() }
 );
 
 PATCHSET_DEF(_secmon_5_patchset,
-	// Patch package2 decryption and signature/hash checks.
-	{ 0xDA8 + 0xC9C, _NOP() } // Header signature.
+	// Patch package2 signature/hash checks.
+	{ 0xDA8 + 0xC9C, _NOP() }
 );
 
 PATCHSET_DEF(_secmon_6_patchset,
-	// Patch package2 decryption and signature/hash checks.
-	{ 0xDC8 + 0xE90, _NOP() } // Header signature.
+	// Patch package2 signature/hash checks.
+	{ 0xDC8 + 0xE90, _NOP() }
 	// Fix sleep mode for debug.
 	// { 0x1A68 + 0x3854, 0x94000E45 }, //gpio_config_for_uart.
 	// { 0x1A68 + 0x3858, 0x97FFFC0F }, //clkrst_reboot_uarta.
@@ -74,8 +69,8 @@ PATCHSET_DEF(_secmon_6_patchset,
 );
 
 PATCHSET_DEF(_secmon_620_patchset,
-	// Patch package2 decryption and signature/hash checks.
-	{ 0xDC8 + 0xC74, _NOP() } // Header signature.
+	// Patch package2 signature/hash checks.
+	{ 0xDC8 + 0xC74, _NOP() }
 	// Fix sleep mode for debug.
 	// { 0x2AC8 + 0x3854, 0x94000F42 }, //gpio_config_for_uart.
 	// { 0x2AC8 + 0x3858, 0x97FFFC0F }, //clkrst_reboot_uarta.
@@ -86,6 +81,8 @@ PATCHSET_DEF(_secmon_620_patchset,
 	// { 0x2AC8 + 0x3A6C, _NOP() }      // warmboot UARTA cfg.
 );
 
+// Erista fuse check warmboot patches.
+#define _NOPv7() 0xE320F000
 PATCHSET_DEF(_warmboot_1_patchset,
 	{ 0x4DC, _NOPv7() } // Fuse check.
 );
@@ -108,29 +105,31 @@ PATCHSET_DEF(_warmboot_4_patchset,
  * package1.1 header: <wb, ldr, sm>
  * package1.1 layout:
  * 1.0:  {sm, ldr, wb} { 2, 1, 0 }
- * 2.0:  {wb, ldr, sm} { 0, 1, 2 }
- * 3.0:  {wb, ldr, sm} { 0, 1, 2 }
- * 3.1:  {wb, ldr, sm} { 0, 1, 2 }
+ * 2.0+: {wb, ldr, sm} { 0, 1, 2 }
  * 4.0+: {ldr, sm, wb} { 1, 2, 0 }
  */
 
+static const u8 sec_map_100[3] = { PK11_SECTION_SM, PK11_SECTION_LD, PK11_SECTION_WB };
+static const u8 sec_map_2xx[3] = { PK11_SECTION_WB, PK11_SECTION_LD, PK11_SECTION_SM };
+static const u8 sec_map_4xx[3] = { PK11_SECTION_LD, PK11_SECTION_SM, PK11_SECTION_WB };
+
 static const pkg1_id_t _pkg1_ids[] = {
-	{ "20161121183008",  0, 0x1900, 0x3FE0, SM_100_ADR, 0x8000D000,  _secmon_1_patchset, _warmboot_1_patchset },   //1.0.0 (Patched relocator)
-	{ "20170210155124",  0, 0x1900, 0x3FE0, 0x4002D000, 0x8000D000,  _secmon_2_patchset, _warmboot_2_patchset },   //2.0.0 - 2.3.0
-	{ "20170519101410",  1, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000,  _secmon_3_patchset, _warmboot_3_patchset },   //3.0.0
-	{ "20170710161758",  2, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000,  _secmon_3_patchset, _warmboot_3_patchset },   //3.0.1 - 3.0.2
-	{ "20170921172629",  3, 0x1800, 0x3FE0, 0x4002B000, 0x4003B000, _secmon_4_patchset, _warmboot_4_patchset },   //4.0.0 - 4.1.0
-	{ "20180220163747",  4, 0x1900, 0x3FE0, 0x4002B000, 0x4003B000, _secmon_5_patchset, _warmboot_4_patchset },   //5.0.0 - 5.1.0
-	{ "20180802162753",  5, 0x1900, 0x3FE0, 0x4002B000, 0x4003D800, _secmon_6_patchset, _warmboot_4_patchset },   //6.0.0 - 6.1.0
-	{ "20181107105733",  6, 0x0E00, 0x6FE0, 0x4002B000, 0x4003D800, _secmon_620_patchset, _warmboot_4_patchset }, //6.2.0
-	{ "20181218175730",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, //7.0.0
-	{ "20190208150037",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, //7.0.1
-	{ "20190314172056",  7, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, //8.0.0 - 8.0.1
-	{ "20190531152432",  8, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, //8.1.0
-	{ "20190809135709",  9, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, //9.0.0 - 9.0.1
-	{ "20191021113848", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, //9.1.0
-	{ "20200303104606", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, //10.0.0
-	{ NULL } //End.
+	{ "20161121183008",  0, 0x1900, 0x3FE0, SM_100_ADR, 0x8000D000,  _secmon_1_patchset,  _warmboot_1_patchset }, // 1.0.0 (Patched relocator).
+	{ "20170210155124",  0, 0x1900, 0x3FE0, 0x4002D000, 0x8000D000,  _secmon_2_patchset,  _warmboot_2_patchset }, // 2.0.0 - 2.3.0.
+	{ "20170519101410",  1, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000,  _secmon_3_patchset,  _warmboot_3_patchset }, // 3.0.0.
+	{ "20170710161758",  2, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000,  _secmon_3_patchset,  _warmboot_3_patchset }, // 3.0.1 - 3.0.2.
+	{ "20170921172629",  3, 0x1800, 0x3FE0, 0x4002B000, 0x4003B000, _secmon_4_patchset,   _warmboot_4_patchset }, // 4.0.0 - 4.1.0.
+	{ "20180220163747",  4, 0x1900, 0x3FE0, 0x4002B000, 0x4003B000, _secmon_5_patchset,   _warmboot_4_patchset }, // 5.0.0 - 5.1.0.
+	{ "20180802162753",  5, 0x1900, 0x3FE0, 0x4002B000, 0x4003D800, _secmon_6_patchset,   _warmboot_4_patchset }, // 6.0.0 - 6.1.0.
+	{ "20181107105733",  6, 0x0E00, 0x6FE0, 0x4002B000, 0x4003D800, _secmon_620_patchset, _warmboot_4_patchset }, // 6.2.0.
+	{ "20181218175730",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, // 7.0.0.
+	{ "20190208150037",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, // 7.0.1.
+	{ "20190314172056",  7, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, // 8.0.0 - 8.0.1.
+	{ "20190531152432",  8, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, // 8.1.0.
+	{ "20190809135709",  9, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, // 9.0.0 - 9.0.1.
+	{ "20191021113848", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, // 9.1.0.
+	{ "20200303104606", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000, NULL, NULL }, // 10.0.0.
+	{ NULL } // End.
 };
 
 const pkg1_id_t *pkg1_get_latest()
@@ -159,18 +158,15 @@ void pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1)
 	se_aes_crypt_ctr(11, pkg11 + 0x20, pkg11_size, pkg11 + 0x20, pkg11_size, pkg11 + 0x10);
 }
 
-void pkg1_unpack(void *warmboot_dst, void *secmon_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1)
+const u8 *pkg1_unpack(void *wm_dst, void *sm_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1)
 {
-	u8 *sec_map;
-	u8  sec_map_100[3] = { PK11_SECTION_SM, PK11_SECTION_LD, PK11_SECTION_WB };
-	u8  sec_map_2xx[3] = { PK11_SECTION_WB, PK11_SECTION_LD, PK11_SECTION_SM };
-	u8  sec_map_4xx[3] = { PK11_SECTION_LD, PK11_SECTION_SM, PK11_SECTION_WB };
-
-	pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + id->pkg11_off + 0x20);
+	const u8 *sec_map;
+	const pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + id->pkg11_off + 0x20);
 
 	u32 sec_size[3] = { hdr->wb_size, hdr->ldr_size, hdr->sm_size };
 	//u32 sec_off[3] = { hdr->wb_off, hdr->ldr_off, hdr->sm_off };
 
+	// Get correct header mapping.
 	if (id->kb == KB_FIRMWARE_VERSION_100_200 && !strcmp(id->id, "20161121183008"))
 		sec_map = sec_map_100;
 	else if (id->kb >= KB_FIRMWARE_VERSION_100_200 && id->kb <= KB_FIRMWARE_VERSION_301)
@@ -178,15 +174,18 @@ void pkg1_unpack(void *warmboot_dst, void *secmon_dst, void *ldr_dst, const pkg1
 	else
 		sec_map = sec_map_4xx;
 
+	// Copy secmon, warmboot and nx bootloader payloads.
 	u8 *pdata = (u8 *)hdr + sizeof(pk11_hdr_t);
 	for (u32 i = 0; i < 3; i++)
 	{
-		if (sec_map[i] == PK11_SECTION_WB && warmboot_dst)
-			memcpy(warmboot_dst, pdata, sec_size[sec_map[i]]);
+		if (sec_map[i] == PK11_SECTION_WB && wm_dst)
+			memcpy(wm_dst, pdata, sec_size[sec_map[i]]);
 		else if (sec_map[i] == PK11_SECTION_LD && ldr_dst)
 			memcpy(ldr_dst, pdata, sec_size[sec_map[i]]);
-		else if (sec_map[i] == PK11_SECTION_SM && secmon_dst)
-			memcpy(secmon_dst, pdata, sec_size[sec_map[i]]);
+		else if (sec_map[i] == PK11_SECTION_SM && sm_dst)
+			memcpy(sm_dst, pdata, sec_size[sec_map[i]]);
 		pdata += sec_size[sec_map[i]];
 	}
+
+	return sec_map;
 }
diff --git a/bootloader/hos/pkg1.h b/bootloader/hos/pkg1.h
index 1c7ec4b..bcaa1bd 100644
--- a/bootloader/hos/pkg1.h
+++ b/bootloader/hos/pkg1.h
@@ -19,6 +19,10 @@
 
 #include <utils/types.h>
 
+#define PK11_SECTION_WB 0
+#define PK11_SECTION_LD 1
+#define PK11_SECTION_SM 2
+
 typedef struct _patch_t
 {
 	u32 off;
@@ -58,6 +62,6 @@ typedef struct _pk11_hdr_t
 const pkg1_id_t *pkg1_get_latest();
 const pkg1_id_t *pkg1_identify(u8 *pkg1);
 void pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1);
-void pkg1_unpack(void *warmboot_dst, void *secmon_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1);
+const u8 *pkg1_unpack(void *wm_dst, void *sm_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1);
 
 #endif
diff --git a/nyx/nyx_gui/frontend/gui_tools.c b/nyx/nyx_gui/frontend/gui_tools.c
index e9b547a..390e186 100644
--- a/nyx/nyx_gui/frontend/gui_tools.c
+++ b/nyx/nyx_gui/frontend/gui_tools.c
@@ -1081,12 +1081,12 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn)
 
 	char path[128];
 
+	u8 kb = 0;
 	u8 *pkg1 = (u8 *)calloc(1, 0x40000);
 	u8 *warmboot = (u8 *)calloc(1, 0x40000);
 	u8 *secmon = (u8 *)calloc(1, 0x40000);
 	u8 *loader = (u8 *)calloc(1, 0x40000);
 	u8 *pkg2 = NULL;
-	u8 kb = 0;
 
 	char *txt_buf  = (char *)malloc(0x4000);
 
@@ -1132,8 +1132,6 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn)
 		goto out_free;
 	}
 
-	const pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + pkg1_id->pkg11_off + 0x20);
-
 	kb = pkg1_id->kb;
 
 	if (!h_cfg.se_keygen_done)
@@ -1183,7 +1181,21 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn)
 
 	if (kb <= KB_FIRMWARE_VERSION_620)
 	{
-		pkg1_unpack(warmboot, secmon, loader, pkg1_id, pkg1);
+		const u8 *sec_map = pkg1_unpack(warmboot, secmon, loader, pkg1_id, pkg1);
+
+		pk11_hdr_t *hdr_pk11 = (pk11_hdr_t *)(pkg1 + pkg1_id->pkg11_off + 0x20);
+
+		// Use correct sizes.
+		u32 sec_size[3] = { hdr_pk11->wb_size, hdr_pk11->ldr_size, hdr_pk11->sm_size };
+		for (u32 i = 0; i < 3; i++)
+		{
+			if (sec_map[i] == PK11_SECTION_WB)
+				hdr_pk11->wb_size = sec_size[i];
+			else if (sec_map[i] == PK11_SECTION_LD)
+				hdr_pk11->ldr_size = sec_size[i];
+			else if (sec_map[i] == PK11_SECTION_SM)
+				hdr_pk11->sm_size = sec_size[i];
+		}
 
 		// Display info.
 		s_printf(txt_buf + strlen(txt_buf),
@@ -1192,7 +1204,7 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn)
 			"#C7EA46 Secure monitor size: #0x%05X\n"
 			"#C7EA46 Warmboot addr:       #0x%05X\n"
 			"#C7EA46 Warmboot size:       #0x%05X\n\n",
-			hdr->ldr_size, pkg1_id->secmon_base, hdr->sm_size, pkg1_id->warmboot_base, hdr->wb_size);
+			hdr_pk11->ldr_size, pkg1_id->secmon_base, hdr_pk11->sm_size, pkg1_id->warmboot_base, hdr_pk11->wb_size);
 
 		lv_label_set_text(lb_desc, txt_buf);
 		manual_system_maintenance(true);
@@ -1207,7 +1219,7 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn)
 
 		// Dump nxbootloader.
 		emmcsn_path_impl(path, "/pkg1", "nxloader.bin", &storage);
-		if (sd_save_to_file(loader, hdr->ldr_size, path))
+		if (sd_save_to_file(loader, hdr_pk11->ldr_size, path))
 			goto out_free;
 		strcat(txt_buf, "NX Bootloader dumped to nxloader.bin\n");
 		lv_label_set_text(lb_desc, txt_buf);
@@ -1215,7 +1227,7 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn)
 
 		// Dump secmon.
 		emmcsn_path_impl(path, "/pkg1", "secmon.bin", &storage);
-		if (sd_save_to_file(secmon, hdr->sm_size, path))
+		if (sd_save_to_file(secmon, hdr_pk11->sm_size, path))
 			goto out_free;
 		strcat(txt_buf, "Secure Monitor dumped to secmon.bin\n");
 		lv_label_set_text(lb_desc, txt_buf);
@@ -1223,7 +1235,7 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn)
 
 		// Dump warmboot.
 		emmcsn_path_impl(path, "/pkg1", "warmboot.bin", &storage);
-		if (sd_save_to_file(warmboot, hdr->wb_size, path))
+		if (sd_save_to_file(warmboot, hdr_pk11->wb_size, path))
 			goto out_free;
 		strcat(txt_buf, "Warmboot dumped to warmboot.bin\n\n");
 		lv_label_set_text(lb_desc, txt_buf);
diff --git a/nyx/nyx_gui/hos/pkg1.c b/nyx/nyx_gui/hos/pkg1.c
index fcd0ebb..df6f420 100644
--- a/nyx/nyx_gui/hos/pkg1.c
+++ b/nyx/nyx_gui/hos/pkg1.c
@@ -26,36 +26,34 @@
 #include <sec/se.h>
 #include <utils/aarch64_util.h>
 
-#define PK11_SECTION_WB 0
-#define PK11_SECTION_LD 1
-#define PK11_SECTION_SM 2
-
 /*
  * package1.1 header: <wb, ldr, sm>
  * package1.1 layout:
  * 1.0:  {sm, ldr, wb} { 2, 1, 0 }
- * 2.0:  {wb, ldr, sm} { 0, 1, 2 }
- * 3.0:  {wb, ldr, sm} { 0, 1, 2 }
- * 3.1:  {wb, ldr, sm} { 0, 1, 2 }
+ * 2.0+: {wb, ldr, sm} { 0, 1, 2 }
  * 4.0+: {ldr, sm, wb} { 1, 2, 0 }
  */
 
+static const u8 sec_map_100[3] = { PK11_SECTION_SM, PK11_SECTION_LD, PK11_SECTION_WB };
+static const u8 sec_map_2xx[3] = { PK11_SECTION_WB, PK11_SECTION_LD, PK11_SECTION_SM };
+static const u8 sec_map_4xx[3] = { PK11_SECTION_LD, PK11_SECTION_SM, PK11_SECTION_WB };
+
 static const pkg1_id_t _pkg1_ids[] = {
-	{ "20161121183008",  0, 0x1900, 0x3FE0, 0x40014020, 0x8000D000 }, //1.0.0
-	{ "20170210155124",  0, 0x1900, 0x3FE0, 0x4002D000, 0x8000D000 }, //2.0.0 - 2.3.0
-	{ "20170519101410",  1, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000 }, //3.0.0
-	{ "20170710161758",  2, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000 }, //3.0.1 - 3.0.2
-	{ "20170921172629",  3, 0x1800, 0x3FE0, 0x4002B000, 0x4003B000 }, //4.0.0 - 4.1.0
-	{ "20180220163747",  4, 0x1900, 0x3FE0, 0x4002B000, 0x4003B000 }, //5.0.0 - 5.1.0
-	{ "20180802162753",  5, 0x1900, 0x3FE0, 0x4002B000, 0x4003D800 }, //6.0.0 - 6.1.0
-	{ "20181107105733",  6, 0x0E00, 0x6FE0, 0x4002B000, 0x4003D800 }, //6.2.0
-	{ "20181218175730",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000 }, //7.0.0
-	{ "20190208150037",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000 }, //7.0.1
-	{ "20190314172056",  7, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //8.0.0 - 8.0.1
-	{ "20190531152432",  8, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //8.1.0
-	{ "20190809135709",  9, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //9.0.0 - 9.0.1
-	{ "20191021113848", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //9.1.0
-	{ "20200303104606", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //10.0.0
+	{ "20161121183008",  0, 0x1900, 0x3FE0, 0x40014020, 0x8000D000 }, // 1.0.0.
+	{ "20170210155124",  0, 0x1900, 0x3FE0, 0x4002D000, 0x8000D000 }, // 2.0.0 - 2.3.0.
+	{ "20170519101410",  1, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000 }, // 3.0.0.
+	{ "20170710161758",  2, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000 }, // 3.0.1 - 3.0.2.
+	{ "20170921172629",  3, 0x1800, 0x3FE0, 0x4002B000, 0x4003B000 }, // 4.0.0 - 4.1.0.
+	{ "20180220163747",  4, 0x1900, 0x3FE0, 0x4002B000, 0x4003B000 }, // 5.0.0 - 5.1.0.
+	{ "20180802162753",  5, 0x1900, 0x3FE0, 0x4002B000, 0x4003D800 }, // 6.0.0 - 6.1.0.
+	{ "20181107105733",  6, 0x0E00, 0x6FE0, 0x4002B000, 0x4003D800 }, // 6.2.0.
+	{ "20181218175730",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000 }, // 7.0.0.
+	{ "20190208150037",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000 }, // 7.0.1.
+	{ "20190314172056",  7, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 8.0.0 - 8.0.1.
+	{ "20190531152432",  8, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 8.1.0.
+	{ "20190809135709",  9, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 9.0.0 - 9.0.1.
+	{ "20191021113848", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 9.1.0.
+	{ "20200303104606", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 10.0.0.
 	{ NULL } //End.
 };
 
@@ -81,18 +79,15 @@ void pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1)
 	se_aes_crypt_ctr(11, pkg11 + 0x20, pkg11_size, pkg11 + 0x20, pkg11_size, pkg11 + 0x10);
 }
 
-void pkg1_unpack(void *warmboot_dst, void *secmon_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1)
+const u8 *pkg1_unpack(void *wm_dst, void *sm_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1)
 {
-	u8 *sec_map;
-	u8  sec_map_100[3] = { PK11_SECTION_SM, PK11_SECTION_LD, PK11_SECTION_WB };
-	u8  sec_map_2xx[3] = { PK11_SECTION_WB, PK11_SECTION_LD, PK11_SECTION_SM };
-	u8  sec_map_4xx[3] = { PK11_SECTION_LD, PK11_SECTION_SM, PK11_SECTION_WB };
-
-	pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + id->pkg11_off + 0x20);
+	const u8 *sec_map;
+	const pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + id->pkg11_off + 0x20);
 
 	u32 sec_size[3] = { hdr->wb_size, hdr->ldr_size, hdr->sm_size };
 	//u32 sec_off[3] = { hdr->wb_off, hdr->ldr_off, hdr->sm_off };
 
+	// Get correct header mapping.
 	if (id->kb == KB_FIRMWARE_VERSION_100_200 && !strcmp(id->id, "20161121183008"))
 		sec_map = sec_map_100;
 	else if (id->kb >= KB_FIRMWARE_VERSION_100_200 && id->kb <= KB_FIRMWARE_VERSION_301)
@@ -100,15 +95,18 @@ void pkg1_unpack(void *warmboot_dst, void *secmon_dst, void *ldr_dst, const pkg1
 	else
 		sec_map = sec_map_4xx;
 
+	// Copy secmon, warmboot and nx bootloader payloads.
 	u8 *pdata = (u8 *)hdr + sizeof(pk11_hdr_t);
 	for (u32 i = 0; i < 3; i++)
 	{
-		if (sec_map[i] == PK11_SECTION_WB && warmboot_dst)
-			memcpy(warmboot_dst, pdata, sec_size[sec_map[i]]);
+		if (sec_map[i] == PK11_SECTION_WB && wm_dst)
+			memcpy(wm_dst, pdata, sec_size[sec_map[i]]);
 		else if (sec_map[i] == PK11_SECTION_LD && ldr_dst)
 			memcpy(ldr_dst, pdata, sec_size[sec_map[i]]);
-		else if (sec_map[i] == PK11_SECTION_SM && secmon_dst)
-			memcpy(secmon_dst, pdata, sec_size[sec_map[i]]);
+		else if (sec_map[i] == PK11_SECTION_SM && sm_dst)
+			memcpy(sm_dst, pdata, sec_size[sec_map[i]]);
 		pdata += sec_size[sec_map[i]];
 	}
+
+	return sec_map;
 }
diff --git a/nyx/nyx_gui/hos/pkg1.h b/nyx/nyx_gui/hos/pkg1.h
index 5622ebe..74f101b 100644
--- a/nyx/nyx_gui/hos/pkg1.h
+++ b/nyx/nyx_gui/hos/pkg1.h
@@ -19,6 +19,10 @@
 
 #include <utils/types.h>
 
+#define PK11_SECTION_WB 0
+#define PK11_SECTION_LD 1
+#define PK11_SECTION_SM 2
+
 typedef struct _pkg1_id_t
 {
 	const char *id;
@@ -43,6 +47,6 @@ typedef struct _pk11_hdr_t
 
 const pkg1_id_t *pkg1_identify(u8 *pkg1, char *build_date);
 void pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1);
-void pkg1_unpack(void *warmboot_dst, void *secmon_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1);
+const u8 *pkg1_unpack(void *wm_dst, void *sm_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1);
 
 #endif