diff --git a/bootloader/hos/hos.c b/bootloader/hos/hos.c index 85ef47a..e01f5bc 100644 --- a/bootloader/hos/hos.c +++ b/bootloader/hos/hos.c @@ -543,23 +543,41 @@ int hos_keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_c static int _read_emmc_pkg1(launch_ctxt_t *ctxt) { + static const u32 BOOTLOADER_SIZE = 0x40000; + static const u32 BOOTLOADER_MAIN_OFFSET = 0x100000; + static const u32 BOOTLOADER_BACKUP_OFFSET = 0x140000; + static const u32 HOS_KEYBLOBS_OFFSET = 0x180000; + + u32 bootloader_offset = BOOTLOADER_MAIN_OFFSET; + ctxt->pkg1 = (void *)malloc(BOOTLOADER_SIZE); + +try_load: // Read package1. - ctxt->pkg1 = (void *)malloc(0x40000); emummc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0); - emummc_storage_read(&emmc_storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, ctxt->pkg1); + emummc_storage_read(&emmc_storage, bootloader_offset / NX_EMMC_BLOCKSIZE, BOOTLOADER_SIZE / NX_EMMC_BLOCKSIZE, ctxt->pkg1); + ctxt->pkg1_id = pkg1_identify(ctxt->pkg1); if (!ctxt->pkg1_id) { _hos_crit_error("Unknown pkg1 version."); - EHPRINTFARGS("HOS version not supported!%s", + EPRINTFARGS("HOS version not supported!%s", (emu_cfg.enabled && !h_cfg.emummc_force_disable) ? "\nOr emuMMC corrupt!" : ""); + + // Try backup bootloader. + if (bootloader_offset != BOOTLOADER_BACKUP_OFFSET) + { + EPRINTF("Trying backup bootloader..."); + bootloader_offset = BOOTLOADER_BACKUP_OFFSET; + goto try_load; + } + return 0; } gfx_printf("Identified pkg1 and mkey %d\n\n", ctxt->pkg1_id->kb); // Read the correct keyblob. ctxt->keyblob = (u8 *)calloc(NX_EMMC_BLOCKSIZE, 1); - emummc_storage_read(&emmc_storage, 0x180000 / NX_EMMC_BLOCKSIZE + ctxt->pkg1_id->kb, 1, ctxt->keyblob); + emummc_storage_read(&emmc_storage, HOS_KEYBLOBS_OFFSET / NX_EMMC_BLOCKSIZE + ctxt->pkg1_id->kb, 1, ctxt->keyblob); return 1; } diff --git a/nyx/nyx_gui/frontend/gui_info.c b/nyx/nyx_gui/frontend/gui_info.c index 1f5bf48..40a037b 100644 --- a/nyx/nyx_gui/frontend/gui_info.c +++ b/nyx/nyx_gui/frontend/gui_info.c @@ -264,6 +264,7 @@ static lv_res_t _create_mbox_cal0(lv_obj_t *btn) lv_mbox_set_text(mbox, "#C7EA46 CAL0 Info#"); char *txt_buf = (char *)malloc(0x4000); + txt_buf[0] = 0; lv_obj_t * lb_desc = lv_label_create(mbox, NULL); lv_label_set_long_mode(lb_desc, LV_LABEL_LONG_BREAK); @@ -271,24 +272,39 @@ static lv_res_t _create_mbox_cal0(lv_obj_t *btn) lv_label_set_style(lb_desc, &monospace_text); lv_obj_set_width(lb_desc, LV_HOR_RES / 9 * 3); + sd_mount(); + // Read package1. + static const u32 BOOTLOADER_SIZE = 0x40000; + static const u32 BOOTLOADER_MAIN_OFFSET = 0x100000; + static const u32 BOOTLOADER_BACKUP_OFFSET = 0x140000; + static const u32 HOS_KEYBLOBS_OFFSET = 0x180000; + u8 kb = 0; - char *build_date = malloc(32); - u8 *pkg1 = (u8 *)malloc(0x40000); + u32 bootloader_offset = BOOTLOADER_MAIN_OFFSET; + u8 *pkg1 = (u8 *)malloc(BOOTLOADER_SIZE); sdmmc_storage_init_mmc(&emmc_storage, &emmc_sdmmc, SDMMC_BUS_WIDTH_8, SDHCI_TIMING_MMC_HS400); sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0); - sdmmc_storage_read(&emmc_storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, pkg1); +try_load: + sdmmc_storage_read(&emmc_storage, bootloader_offset / NX_EMMC_BLOCKSIZE, BOOTLOADER_SIZE / NX_EMMC_BLOCKSIZE, pkg1); + + char *build_date = malloc(32); const pkg1_id_t *pkg1_id = pkg1_identify(pkg1, build_date); - s_printf(txt_buf, "#00DDFF Found pkg1 ('%s')#\n", build_date); + s_printf(txt_buf + strlen(txt_buf), "#00DDFF Found pkg1 ('%s')#\n", build_date); free(build_date); - sd_mount(); - if (!pkg1_id) { - strcat(txt_buf, "#FFDD00 Unknown pkg1 version for reading#\n#FFDD00 TSEC firmware!#"); + strcat(txt_buf, "#FFDD00 Unknown pkg1 version for reading#\n#FFDD00 TSEC firmware!#\n"); + // Try backup bootloader. + if (bootloader_offset != BOOTLOADER_BACKUP_OFFSET) + { + strcat(txt_buf, "Trying backup bootloader...\n"); + bootloader_offset = BOOTLOADER_BACKUP_OFFSET; + goto try_load; + } lv_label_set_text(lb_desc, txt_buf); goto out; @@ -328,7 +344,7 @@ static lv_res_t _create_mbox_cal0(lv_obj_t *btn) // Read the correct keyblob. u8 *keyblob = (u8 *)calloc(NX_EMMC_BLOCKSIZE, 1); - sdmmc_storage_read(&emmc_storage, 0x180000 / NX_EMMC_BLOCKSIZE + kb, 1, keyblob); + sdmmc_storage_read(&emmc_storage, HOS_KEYBLOBS_OFFSET / NX_EMMC_BLOCKSIZE + kb, 1, keyblob); // Generate BIS keys hos_bis_keygen(keyblob, kb, &tsec_ctxt); @@ -848,23 +864,40 @@ static lv_res_t _create_window_tsec_keys_status(lv_obj_t *btn) lv_label_set_recolor(lb_desc, true); lv_label_set_style(lb_desc, &monospace_text); - // Read package1. - char *build_date = malloc(32); - u8 *pkg1 = (u8 *)malloc(0x40000); - sdmmc_storage_init_mmc(&emmc_storage, &emmc_sdmmc, SDMMC_BUS_WIDTH_8, SDHCI_TIMING_MMC_HS400); - sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0); - sdmmc_storage_read(&emmc_storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, pkg1); - sdmmc_storage_end(&emmc_storage); - const pkg1_id_t *pkg1_id = pkg1_identify(pkg1, build_date); - char *txt_buf = (char *)malloc(0x1000); char *txt_buf2 = (char *)malloc(0x1000); - s_printf(txt_buf, "#00DDFF Found pkg1 ('%s')#\n", build_date); + txt_buf[0] = 0; + + // Read package1. + static const u32 BOOTLOADER_SIZE = 0x40000; + static const u32 BOOTLOADER_MAIN_OFFSET = 0x100000; + static const u32 BOOTLOADER_BACKUP_OFFSET = 0x140000; + + u8 *pkg1 = (u8 *)malloc(0x40000); + u32 bootloader_offset = BOOTLOADER_MAIN_OFFSET; + +try_load: + sdmmc_storage_init_mmc(&emmc_storage, &emmc_sdmmc, SDMMC_BUS_WIDTH_8, SDHCI_TIMING_MMC_HS400); + sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0); + sdmmc_storage_read(&emmc_storage, bootloader_offset / NX_EMMC_BLOCKSIZE, BOOTLOADER_SIZE / NX_EMMC_BLOCKSIZE, pkg1); + sdmmc_storage_end(&emmc_storage); + + char *build_date = malloc(32); + const pkg1_id_t *pkg1_id = pkg1_identify(pkg1, build_date); + + s_printf(txt_buf + strlen(txt_buf), "#00DDFF Found pkg1 ('%s')#\n", build_date); free(build_date); if (!pkg1_id) { - strcat(txt_buf, "#FFDD00 Unknown pkg1 version for reading#\n#FFDD00 TSEC firmware!#"); + strcat(txt_buf, "#FFDD00 Unknown pkg1 version for reading#\n#FFDD00 TSEC firmware!#\n"); + // Try backup bootloader. + if (bootloader_offset != BOOTLOADER_BACKUP_OFFSET) + { + strcat(txt_buf, "Trying backup bootloader...\n"); + bootloader_offset = BOOTLOADER_BACKUP_OFFSET; + goto try_load; + } lv_label_set_text(lb_desc, txt_buf); lv_obj_set_width(lb_desc, lv_obj_get_width(desc)); diff --git a/nyx/nyx_gui/frontend/gui_tools.c b/nyx/nyx_gui/frontend/gui_tools.c index 390e186..af006da 100644 --- a/nyx/nyx_gui/frontend/gui_tools.c +++ b/nyx/nyx_gui/frontend/gui_tools.c @@ -1105,8 +1105,13 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn) sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0); // Read package1. + static const u32 BOOTLOADER_SIZE = 0x40000; + static const u32 BOOTLOADER_MAIN_OFFSET = 0x100000; + static const u32 HOS_KEYBLOBS_OFFSET = 0x180000; + char *build_date = malloc(32); - sdmmc_storage_read(&storage, 0x100000 / NX_EMMC_BLOCKSIZE, 0x40000 / NX_EMMC_BLOCKSIZE, pkg1); + sdmmc_storage_read(&storage, BOOTLOADER_MAIN_OFFSET / NX_EMMC_BLOCKSIZE, BOOTLOADER_SIZE / NX_EMMC_BLOCKSIZE, pkg1); + const pkg1_id_t *pkg1_id = pkg1_identify(pkg1, build_date); s_printf(txt_buf, "#00DDFF Found pkg1 ('%s')#\n\n", build_date); @@ -1122,7 +1127,7 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn) manual_system_maintenance(true); emmcsn_path_impl(path, "/pkg1", "pkg1_enc.bin", &storage); - if (sd_save_to_file(pkg1, 0x40000, path)) + if (sd_save_to_file(pkg1, BOOTLOADER_SIZE, path)) goto out_free; strcat(txt_buf, "\nEncrypted pkg1 dumped to pkg1_enc.bin"); @@ -1167,7 +1172,7 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn) // Read keyblob. u8 *keyblob = (u8 *)calloc(NX_EMMC_BLOCKSIZE, 1); - sdmmc_storage_read(&storage, 0x180000 / NX_EMMC_BLOCKSIZE + kb, 1, keyblob); + sdmmc_storage_read(&storage, HOS_KEYBLOBS_OFFSET / NX_EMMC_BLOCKSIZE + kb, 1, keyblob); // Decrypt. hos_keygen(keyblob, kb, &tsec_ctxt);