From b42c551a20440e6e5ee74fa146c018e98276ba17 Mon Sep 17 00:00:00 2001 From: jakcron Date: Wed, 6 Jun 2018 21:27:46 +0800 Subject: [PATCH] [nstool] Fix XCI partition validation. --- programs/nstool/source/PfsProcess.cpp | 4 ++-- programs/nstool/source/XciProcess.cpp | 17 ++++++++++------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/programs/nstool/source/PfsProcess.cpp b/programs/nstool/source/PfsProcess.cpp index 2fd27db..30dd139 100644 --- a/programs/nstool/source/PfsProcess.cpp +++ b/programs/nstool/source/PfsProcess.cpp @@ -146,11 +146,11 @@ void PfsProcess::validateHfs() { mCache.alloc(file[i].hash_protected_size); mFile->read(mCache.getBytes(), file[i].offset, file[i].hash_protected_size); - crypto::sha::Sha256(mCache.getBytes(), mCache.getSize(), hash.bytes); + crypto::sha::Sha256(mCache.getBytes(), file[i].hash_protected_size, hash.bytes); if (hash != file[i].hash) { if (mCliOutputType >= OUTPUT_MINIMAL) - printf("[WARNING] HFS0 %s%s%s: FAIL (bad hash)\n", !mMountName.empty()? mMountName.c_str() : "", !mMountName.empty()? "/" : "", file[i].name.c_str()); + printf("[WARNING] HFS0 %s%s%s: FAIL (bad hash)\n", !mMountName.empty()? mMountName.c_str() : "", (!mMountName.empty() && mMountName.at(mMountName.length()-1) != '/' )? "/" : "", file[i].name.c_str()); } } diff --git a/programs/nstool/source/XciProcess.cpp b/programs/nstool/source/XciProcess.cpp index 6e4281b..45fad92 100644 --- a/programs/nstool/source/XciProcess.cpp +++ b/programs/nstool/source/XciProcess.cpp @@ -225,16 +225,13 @@ void XciProcess::validateXciSignature() void XciProcess::processRootPfs() { - if (mVerify) + if (mVerify && validateRegionOfFile(mHdr.getPartitionFsAddress(), mHdr.getPartitionFsSize(), mHdr.getPartitionFsHash().bytes) == false) { - if (validateRegionOfFile(mHdr.getPartitionFsAddress(), mHdr.getPartitionFsSize(), mHdr.getPartitionFsHash().bytes) == false) - { - printf("[WARNING] XCI Root HFS0: FAIL (bad hash)\n"); - } + printf("[WARNING] XCI Root HFS0: FAIL (bad hash)\n"); } mRootPfs.setInputFile(new OffsetAdjustedIFile(mFile, SHARED_IFILE, mHdr.getPartitionFsAddress(), mHdr.getPartitionFsSize()), OWN_IFILE); mRootPfs.setListFs(mListFs); - mRootPfs.setVerifyMode(mVerify); + mRootPfs.setVerifyMode(false); mRootPfs.setCliOutputMode(mCliOutputType); mRootPfs.setMountPointName(kXciMountPointName); mRootPfs.process(); @@ -244,7 +241,13 @@ void XciProcess::processPartitionPfs() { const fnd::List& rootPartitions = mRootPfs.getPfsHeader().getFileList(); for (size_t i = 0; i < rootPartitions.getSize(); i++) - { + { + // this must be validated here because only the size of the root partiton header is known at verification time + if (mVerify && validateRegionOfFile(mHdr.getPartitionFsAddress() + rootPartitions[i].offset, rootPartitions[i].hash_protected_size, rootPartitions[i].hash.bytes) == false) + { + printf("[WARNING] XCI %s Partition HFS0: FAIL (bad hash)\n", rootPartitions[i].name.c_str()); + } + PfsProcess tmp; tmp.setInputFile(new OffsetAdjustedIFile(mFile, SHARED_IFILE, mHdr.getPartitionFsAddress() + rootPartitions[i].offset, rootPartitions[i].size), OWN_IFILE); tmp.setListFs(mListFs);