Refactor AutoRCM tools

This commit is contained in:
CTCaer 2020-12-26 16:38:21 +02:00
parent 2628044ba8
commit a85891ae00
8 changed files with 92 additions and 59 deletions

View file

@ -270,8 +270,6 @@ void _toggle_autorcm(bool enable)
sdmmc_storage_t storage; sdmmc_storage_t storage;
sdmmc_t sdmmc; sdmmc_t sdmmc;
u8 randomXor = 0;
gfx_clear_partial_grey(0x1B, 0, 1256); gfx_clear_partial_grey(0x1B, 0, 1256);
gfx_con_setpos(0, 0); gfx_con_setpos(0, 0);
@ -285,28 +283,25 @@ void _toggle_autorcm(bool enable)
sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0); sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0);
int i, sect = 0; int i, sect = 0;
u8 corr_mod_byte0; u8 corr_mod0, mod1;
if ((fuse_read_odm(4) & 3) != 3)
corr_mod_byte0 = 0xF7;
else
corr_mod_byte0 = 0x37;
// Get the correct RSA modulus byte masks.
nx_emmc_get_autorcm_masks(&corr_mod0, &mod1);
// Iterate BCTs.
for (i = 0; i < 4; i++) for (i = 0; i < 4; i++)
{ {
sect = (0x200 + (0x4000 * i)) / NX_EMMC_BLOCKSIZE; sect = (0x200 + (0x4000 * i)) / NX_EMMC_BLOCKSIZE;
sdmmc_storage_read(&storage, sect, 1, tempbuf); sdmmc_storage_read(&storage, sect, 1, tempbuf);
if (enable) // Check if 2nd byte of modulus is correct.
{ if (tempbuf[0x11] != mod1)
do continue;
{
randomXor = get_tmr_us() & 0xFF; // Bricmii style of bricking.
} while (!randomXor); // Avoid the lottery.
tempbuf[0x10] ^= randomXor; if (enable)
} tempbuf[0x10] = 0;
else else
tempbuf[0x10] = corr_mod_byte0; tempbuf[0x10] = corr_mod0;
sdmmc_storage_write(&storage, sect, 1, tempbuf); sdmmc_storage_write(&storage, sect, 1, tempbuf);
} }
@ -354,20 +349,18 @@ void menu_autorcm()
return; return;
} }
u8 mod0, mod1;
// Get the correct RSA modulus byte masks.
nx_emmc_get_autorcm_masks(&mod0, &mod1);
u8 *tempbuf = (u8 *)malloc(0x200); u8 *tempbuf = (u8 *)malloc(0x200);
sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0); sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0);
sdmmc_storage_read(&storage, 0x200 / NX_EMMC_BLOCKSIZE, 1, tempbuf); sdmmc_storage_read(&storage, 0x200 / NX_EMMC_BLOCKSIZE, 1, tempbuf);
if ((fuse_read_odm(4) & 3) != 3) // Check if 2nd byte of modulus is correct.
{ if (tempbuf[0x11] == mod1)
if (tempbuf[0x10] != 0xF7) if (tempbuf[0x10] != mod0)
disabled = false; disabled = false;
}
else
{
if (tempbuf[0x10] != 0x37)
disabled = false;
}
free(tempbuf); free(tempbuf);
sdmmc_storage_end(&storage); sdmmc_storage_end(&storage);

View file

@ -314,20 +314,23 @@ void config_exosphere(launch_ctxt_t *ctxt, u32 warmboot_base, bool exo_new)
sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0); sdmmc_storage_set_mmc_partition(&emmc_storage, EMMC_BOOT0);
u32 sector; u32 sector;
u8 mod0, mod1;
// Get the correct RSA modulus byte masks.
nx_emmc_get_autorcm_masks(&mod0, &mod1);
// Iterate BCTs.
for (u32 i = 0; i < 4; i++) for (u32 i = 0; i < 4; i++)
{ {
sector = 1 + (32 * i); // 0x4000 bct + 0x200 offset. sector = 1 + (32 * i); // 0x4000 bct + 0x200 offset.
sdmmc_storage_read(&emmc_storage, sector, 1, rsa_mod); sdmmc_storage_read(&emmc_storage, sector, 1, rsa_mod);
// Check if 2nd byte of modulus is correct. // Check if 2nd byte of modulus is correct.
if (rsa_mod[0x11] != 0x86) if (rsa_mod[0x11] != mod1)
continue; continue;
// Patch AutoRCM out. // Patch AutoRCM out.
if ((fuse_read_odm(4) & 3) != 3) rsa_mod[0x10] = mod0;
rsa_mod[0x10] = 0xF7;
else
rsa_mod[0x10] = 0x37;
break; break;
} }

View file

@ -1134,25 +1134,25 @@ static void _patched_rcm_protection()
sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0); sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0);
u32 sector; u32 sector;
u8 corr_mod_byte0; u8 corr_mod0, mod1;
if ((fuse_read_odm(4) & 3) != 3)
corr_mod_byte0 = 0xF7;
else
corr_mod_byte0 = 0x37;
// Get the correct RSA modulus byte masks.
nx_emmc_get_autorcm_masks(&corr_mod0, &mod1);
// Iterate BCTs.
for (u32 i = 0; i < 4; i++) for (u32 i = 0; i < 4; i++)
{ {
sector = 1 + (32 * i); // 0x4000 bct + 0x200 offset. sector = 1 + (32 * i); // 0x4000 bct + 0x200 offset.
sdmmc_storage_read(&storage, sector, 1, buf); sdmmc_storage_read(&storage, sector, 1, buf);
// Check if 2nd byte of modulus is correct. // Check if 2nd byte of modulus is correct.
if (buf[0x11] != 0x86) if (buf[0x11] != mod1)
continue; continue;
// If AutoRCM is enabled, disable it. // If AutoRCM is enabled, disable it.
if (buf[0x10] != corr_mod_byte0) if (buf[0x10] != corr_mod0)
{ {
buf[0x10] = corr_mod_byte0; buf[0x10] = corr_mod0;
sdmmc_storage_write(&storage, sector, 1, buf); sdmmc_storage_write(&storage, sector, 1, buf);
} }

View file

@ -1,5 +1,6 @@
/* /*
* Copyright (c) 2018 naehrwert * Copyright (c) 2018 naehrwert
* Copyright (c) 2019-2020 CTCaer
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License, * under the terms and conditions of the GNU General Public License,
@ -19,6 +20,7 @@
#include "nx_emmc.h" #include "nx_emmc.h"
#include "emummc.h" #include "emummc.h"
#include <mem/heap.h> #include <mem/heap.h>
#include <soc/fuse.h>
#include <storage/mbr_gpt.h> #include <storage/mbr_gpt.h>
#include <utils/list.h> #include <utils/list.h>
@ -66,6 +68,7 @@ emmc_part_t *nx_emmc_part_find(link_t *gpt, const char *name)
LIST_FOREACH_ENTRY(emmc_part_t, part, gpt, link) LIST_FOREACH_ENTRY(emmc_part_t, part, gpt, link)
if (!strcmp(part->name, name)) if (!strcmp(part->name, name))
return part; return part;
return NULL; return NULL;
} }
@ -74,6 +77,7 @@ int nx_emmc_part_read(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_of
// The last LBA is inclusive. // The last LBA is inclusive.
if (part->lba_start + sector_off > part->lba_end) if (part->lba_start + sector_off > part->lba_end)
return 0; return 0;
return emummc_storage_read(storage, part->lba_start + sector_off, num_sectors, buf); return emummc_storage_read(storage, part->lba_start + sector_off, num_sectors, buf);
} }
@ -82,5 +86,20 @@ int nx_emmc_part_write(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_o
// The last LBA is inclusive. // The last LBA is inclusive.
if (part->lba_start + sector_off > part->lba_end) if (part->lba_start + sector_off > part->lba_end)
return 0; return 0;
return sdmmc_storage_write(storage, part->lba_start + sector_off, num_sectors, buf); return sdmmc_storage_write(storage, part->lba_start + sector_off, num_sectors, buf);
} }
void nx_emmc_get_autorcm_masks(u8 *mod0, u8 *mod1)
{
if (fuse_read_hw_state() == FUSE_NX_HW_STATE_PROD)
{
*mod0 = 0xF7;
*mod1 = 0x86;
}
else
{
*mod0 = 0x37;
*mod1 = 0x84;
}
}

View file

@ -1,5 +1,6 @@
/* /*
* Copyright (c) 2018 naehrwert * Copyright (c) 2018 naehrwert
* Copyright (c) 2019-2020 CTCaer
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License, * under the terms and conditions of the GNU General Public License,
@ -43,7 +44,9 @@ extern FATFS emmc_fs;
void nx_emmc_gpt_parse(link_t *gpt, sdmmc_storage_t *storage); void nx_emmc_gpt_parse(link_t *gpt, sdmmc_storage_t *storage);
void nx_emmc_gpt_free(link_t *gpt); void nx_emmc_gpt_free(link_t *gpt);
emmc_part_t *nx_emmc_part_find(link_t *gpt, const char *name); emmc_part_t *nx_emmc_part_find(link_t *gpt, const char *name);
int nx_emmc_part_read(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_off, u32 num_sectors, void *buf); int nx_emmc_part_read(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_off, u32 num_sectors, void *buf);
int nx_emmc_part_write(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_off, u32 num_sectors, void *buf); int nx_emmc_part_write(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_off, u32 num_sectors, void *buf);
void nx_emmc_get_autorcm_masks(u8 *mod0, u8 *mod1);
#endif #endif

View file

@ -70,7 +70,7 @@ static lv_obj_t *_create_container(lv_obj_t *parent)
bool get_autorcm_status(bool change) bool get_autorcm_status(bool change)
{ {
u8 corr_mod_byte0; u8 corr_mod0, mod1;
sdmmc_storage_t storage; sdmmc_storage_t storage;
sdmmc_t sdmmc; sdmmc_t sdmmc;
bool enabled = false; bool enabled = false;
@ -84,41 +84,37 @@ bool get_autorcm_status(bool change)
sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0); sdmmc_storage_set_mmc_partition(&storage, EMMC_BOOT0);
sdmmc_storage_read(&storage, 0x200 / NX_EMMC_BLOCKSIZE, 1, tempbuf); sdmmc_storage_read(&storage, 0x200 / NX_EMMC_BLOCKSIZE, 1, tempbuf);
if ((fuse_read_odm(4) & 3) != 3) // Get the correct RSA modulus byte masks.
corr_mod_byte0 = 0xF7; nx_emmc_get_autorcm_masks(&corr_mod0, &mod1);
else
corr_mod_byte0 = 0x37;
if (tempbuf[0x10] != corr_mod_byte0) // Check if 2nd byte of modulus is correct.
if (tempbuf[0x11] != mod1)
goto out;
if (tempbuf[0x10] != corr_mod0)
enabled = true; enabled = true;
// Change autorcm status if requested. // Change autorcm status if requested.
if (change) if (change)
{ {
int i, sect = 0; int i, sect = 0;
u8 randomXor = 0;
// Iterate BCTs.
for (i = 0; i < 4; i++) for (i = 0; i < 4; i++)
{ {
sect = (0x200 + (0x4000 * i)) / NX_EMMC_BLOCKSIZE; sect = (0x200 + (0x4000 * i)) / NX_EMMC_BLOCKSIZE;
sdmmc_storage_read(&storage, sect, 1, tempbuf); sdmmc_storage_read(&storage, sect, 1, tempbuf);
if (!enabled) if (!enabled)
{ tempbuf[0x10] = 0;
do
{
randomXor = get_tmr_us() & 0xFF; // Bricmii style of bricking.
} while (!randomXor); // Avoid the lottery.
tempbuf[0x10] ^= randomXor;
}
else else
tempbuf[0x10] = corr_mod_byte0; tempbuf[0x10] = corr_mod0;
sdmmc_storage_write(&storage, sect, 1, tempbuf); sdmmc_storage_write(&storage, sect, 1, tempbuf);
} }
enabled = !(enabled); enabled = !(enabled);
} }
out:
free(tempbuf); free(tempbuf);
sdmmc_storage_end(&storage); sdmmc_storage_end(&storage);

View file

@ -1,5 +1,6 @@
/* /*
* Copyright (c) 2018 naehrwert * Copyright (c) 2018 naehrwert
* Copyright (c) 2019-2020 CTCaer
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License, * under the terms and conditions of the GNU General Public License,
@ -16,9 +17,10 @@
#include <string.h> #include <string.h>
#include <storage/mbr_gpt.h>
#include "nx_emmc.h" #include "nx_emmc.h"
#include <mem/heap.h> #include <mem/heap.h>
#include <soc/fuse.h>
#include <storage/mbr_gpt.h>
#include <utils/list.h> #include <utils/list.h>
sdmmc_t emmc_sdmmc; sdmmc_t emmc_sdmmc;
@ -83,3 +85,17 @@ int nx_emmc_part_write(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_o
return 0; return 0;
return sdmmc_storage_write(storage, part->lba_start + sector_off, num_sectors, buf); return sdmmc_storage_write(storage, part->lba_start + sector_off, num_sectors, buf);
} }
void nx_emmc_get_autorcm_masks(u8 *mod0, u8 *mod1)
{
if (fuse_read_hw_state() == FUSE_NX_HW_STATE_PROD)
{
*mod0 = 0xF7;
*mod1 = 0x86;
}
else
{
*mod0 = 0x37;
*mod1 = 0x84;
}
}

View file

@ -1,5 +1,6 @@
/* /*
* Copyright (c) 2018 naehrwert * Copyright (c) 2018 naehrwert
* Copyright (c) 2019-2020 CTCaer
* *
* This program is free software; you can redistribute it and/or modify it * This program is free software; you can redistribute it and/or modify it
* under the terms and conditions of the GNU General Public License, * under the terms and conditions of the GNU General Public License,
@ -43,7 +44,9 @@ extern FATFS emmc_fs;
void nx_emmc_gpt_parse(link_t *gpt, sdmmc_storage_t *storage); void nx_emmc_gpt_parse(link_t *gpt, sdmmc_storage_t *storage);
void nx_emmc_gpt_free(link_t *gpt); void nx_emmc_gpt_free(link_t *gpt);
emmc_part_t *nx_emmc_part_find(link_t *gpt, const char *name); emmc_part_t *nx_emmc_part_find(link_t *gpt, const char *name);
int nx_emmc_part_read(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_off, u32 num_sectors, void *buf); int nx_emmc_part_read(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_off, u32 num_sectors, void *buf);
int nx_emmc_part_write(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_off, u32 num_sectors, void *buf); int nx_emmc_part_write(sdmmc_storage_t *storage, emmc_part_t *part, u32 sector_off, u32 num_sectors, void *buf);
void nx_emmc_get_autorcm_masks(u8 *mod0, u8 *mod1);
#endif #endif