From f26cfac10da8b7b78a939264b3eab65f1a1c9b58 Mon Sep 17 00:00:00 2001 From: "ctcaer@gmail.com" Date: Sat, 6 Jul 2019 22:10:23 +0300 Subject: [PATCH] [HOS] Add CFW custom keygen for 6.2.0 --- bootloader/hos/hos.c | 36 ++++++++++++++++++++++++++++-------- bootloader/hos/hos.h | 2 +- bootloader/hos/secmon_exo.c | 4 ---- 3 files changed, 29 insertions(+), 13 deletions(-) diff --git a/bootloader/hos/hos.c b/bootloader/hos/hos.c index add3aac..e78eb5c 100644 --- a/bootloader/hos/hos.c +++ b/bootloader/hos/hos.c @@ -183,9 +183,9 @@ void _sysctr0_reset() SYSCTR0(SYSCTR0_COUNTERID11) = 0; } -int keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt) +int keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_ctxt) { - u8 tmp[0x20]; + u8 tmp[0x30]; u32 retries = 0; if (kb > KB_FIRMWARE_VERSION_MAX) @@ -234,11 +234,31 @@ int keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt) // Set TSEC root key. se_aes_key_set(13, tmp + 0x10, 0x10); - // Package2 key. - se_aes_key_set(8, tmp + 0x10, 0x10); - se_aes_unwrap_key(8, 8, master_keyseed_620); - se_aes_unwrap_key(8, 8, master_keyseed_retail); - se_aes_unwrap_key(8, 8, package2_keyseed); + if (!(emu_cfg.enabled && !h_cfg.emummc_force_disable) && hos_ctxt->stock) + { + // Package2 key. + se_aes_key_set(8, tmp + 0x10, 0x10); + se_aes_unwrap_key(8, 8, master_keyseed_620); + se_aes_unwrap_key(8, 8, master_keyseed_retail); + se_aes_unwrap_key(8, 8, package2_keyseed); + } + else + { + // Decrypt keyblob and set keyslots + se_aes_crypt_block_ecb(12, 0, tmp + 0x20, keyblob_keyseeds[0]); + se_aes_unwrap_key(15, 14, tmp + 0x20); + se_aes_unwrap_key(14, 15, console_keyseed_4xx_5xx); + se_aes_unwrap_key(15, 15, console_keyseed); + + se_aes_unwrap_key(13, 13, master_keyseed_620); + se_aes_unwrap_key(12, 13, master_keyseed_retail); + se_aes_unwrap_key(10, 13, master_keyseed_4xx_5xx_610); + + // Package2 key. + se_aes_unwrap_key(8, 12, package2_keyseed); + + h_cfg.se_keygen_done = 1; + } } else { @@ -447,7 +467,7 @@ int hos_launch(ini_sec_t *cfg) return 0; } - if (!keygen(ctxt.keyblob, ctxt.pkg1_id->kb, &tsec_ctxt)) + if (!keygen(ctxt.keyblob, ctxt.pkg1_id->kb, &tsec_ctxt, &ctxt)) return 0; DPRINTF("Generated keys\n"); if (ctxt.pkg1_id->kb <= KB_FIRMWARE_VERSION_600) diff --git a/bootloader/hos/hos.h b/bootloader/hos/hos.h index 2a93584..8c1dd35 100644 --- a/bootloader/hos/hos.h +++ b/bootloader/hos/hos.h @@ -74,6 +74,6 @@ typedef struct _merge_kip_t } merge_kip_t; int hos_launch(ini_sec_t *cfg); -int keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt); +int keygen(u8 *keyblob, u32 kb, tsec_ctxt_t *tsec_ctxt, launch_ctxt_t *hos_ctxt); #endif diff --git a/bootloader/hos/secmon_exo.c b/bootloader/hos/secmon_exo.c index 6a8edfa..74bf4c5 100644 --- a/bootloader/hos/secmon_exo.c +++ b/bootloader/hos/secmon_exo.c @@ -132,7 +132,6 @@ typedef struct _atm_fatal_error_ctx // Exosphère mailbox defines. #define EXO_CFG_ADDR 0x8000F000 #define EXO_MAGIC_VAL 0x304F5845 -#define EXO_FLAG_620_KGN (1 << 0) #define EXO_FLAG_DBG_PRIV (1 << 1) #define EXO_FLAG_DBG_USER (1 << 2) @@ -163,9 +162,6 @@ void config_exosphere(const char *id, u32 kb, void *warmboot, bool stock) break; } - if (kb == KB_FIRMWARE_VERSION_620) - exoFlags |= EXO_FLAG_620_KGN; - // To avoid problems, make private debug mode always on if not semi-stock. if (!stock || (emu_cfg.enabled && !h_cfg.emummc_force_disable)) exoFlags |= EXO_FLAG_DBG_PRIV;