nold/nstool
1
0
Fork 0
mirror of https://github.com/jakcron/nstool synced 2024-11-15 02:06:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update NCA code

Browse source
This commit is contained in:
jakcron 2018-03-18 17:08:42 +08:00
parent e293b322c0
commit ed2e0f462d
3 changed files with 201 additions and 74 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
lib/libnx/include/nx/NcaHeader.h
View file

@ -34,18 +34,11 @@ namespace nx
TYPE_DATA,
};
enum EncryptionType
enum KeyBankIndex
{
CRYPT_AUTO,
CRYPT_NONE,
CRYPT_AESCTR = 3
};
enum EncryptionKeyIndex
{
KEY_UNUSED_0,
KEY_UNUSED_1,
KEY_DEFAULT,
KEY_AESXTS_0,
KEY_AESXTS_1,
KEY_AESCTR,
KEY_UNUSED_3,
};
@ -53,14 +46,12 @@ namespace nx
{
u64 offset;
u64 size;
EncryptionType enc_type;
crypto::sha::sSha256Hash hash;
const sSection& operator=(const sSection& other)
{
offset = other.offset;
size = other.size;
enc_type = other.enc_type;
hash = other.hash;
return *this;
@ -70,7 +61,6 @@ namespace nx
{
return (offset == other.offset) \
&& (size == other.size) \
&& (enc_type == other.enc_type) \
&& (hash == other.hash);
}
@ -100,14 +90,16 @@ namespace nx
// variables
void clear();
FormatVersion getFormatVersion() const;
void setFormatVersion(FormatVersion ver);
DistributionType getDistributionType() const;
void setDistributionType(DistributionType type);
ContentType getContentType() const;
void setContentType(ContentType type);
EncryptionType getEncryptionType() const;
void setEncryptionType(EncryptionType type);
EncryptionKeyIndex getKeyIndex() const;
void setKeyIndex(EncryptionKeyIndex index);
byte_t getCryptoType() const;
void setCryptoType(byte_t type);
byte_t getKaekIndex() const;
void setKaekIndex(byte_t index);
u64 getNcaSize() const;
void setNcaSize(u64 size);
u64 getProgramId() const;
@ -123,7 +115,8 @@ namespace nx
private:
const std::string kModuleName = "NCA_HEADER";
const std::string kNcaSig = "NCA2";
const std::string kNca2Sig = "NCA2";
const std::string kNca3Sig = "NCA3";
static const size_t kSectionNum = 4;
static const size_t kAesKeyNum = 4;
static const u32 kDefaultSdkAddonVersion = 721920;
@ -142,13 +135,15 @@ namespace nx
char signature[4];
byte_t distribution_type;
byte_t content_type;
byte_t key_generation;
byte_t crypto_type; // KeyGeneration
byte_t key_area_encryption_key_index;
le_uint64_t nca_size;
le_uint64_t program_id;
le_uint32_t content_index;
le_uint32_t sdk_addon_version;
byte_t reserved_2[0x20];
byte_t crypto_type_2;
byte_t reserved_2[0xf];
byte_t rights_id[0x10];
struct sNcaSection
{
le_uint32_t start; // block units
@ -166,10 +161,11 @@ namespace nx
fnd::MemoryBlob mBinaryBlob;
// data
FormatVersion mFormatVersion;
DistributionType mDistributionType;
ContentType mContentType;
EncryptionType mEncryptionType;
EncryptionKeyIndex mKeyIndex;
byte_t mCryptoType;
byte_t mKaekIndex;
u64 mNcaSize;
u64 mProgramId;
u32 mContentIndex;

86
lib/libnx/source/NcaHeader.cpp
View file

@ -8,15 +8,27 @@ void NcaHeader::exportBinary()
mBinaryBlob.alloc(sizeof(sNcaHeader));
sNcaHeader* hdr = (sNcaHeader*)mBinaryBlob.getBytes();
strncpy(hdr->signature, kNcaSig.c_str(), 4);
switch(mFormatVersion)
{
case (NCA2_FORMAT):
strncpy(hdr->signature, kNca2Sig.c_str(), 4);
break;
case (NCA3_FORMAT):
strncpy(hdr->signature, kNca3Sig.c_str(), 4);
break;
default:
throw fnd::Exception(kModuleName, "Unsupported format version");
}
hdr->distribution_type = mDistributionType;
hdr->content_type = mContentType;
hdr->key_generation = mEncryptionType;
hdr->key_area_encryption_key_index = mKeyIndex;
hdr->crypto_type = mCryptoType;
hdr->key_area_encryption_key_index = mKaekIndex;
hdr->nca_size = mNcaSize;
hdr->program_id = mProgramId;
hdr->content_index = mContentIndex;
hdr->sdk_addon_version = mSdkAddonVersion;
hdr->crypto_type_2 = 0;
// TODO: properly reconstruct NCA layout? atm in hands of user
@ -51,15 +63,23 @@ void NcaHeader::importBinary(const u8 * bytes, size_t len)
sNcaHeader* hdr = (sNcaHeader*)mBinaryBlob.getBytes();
if (memcmp(hdr->signature, kNcaSig.c_str(), 4) != 0)
if (memcmp(hdr->signature, kNca2Sig.c_str(), 4) == 0)
{
mFormatVersion = NCA2_FORMAT;
}
else if (memcmp(hdr->signature, kNca3Sig.c_str(), 4) == 0)
{
mFormatVersion = NCA3_FORMAT;
}
else
{
throw fnd::Exception(kModuleName, "NCA header corrupt");
}
mDistributionType = (DistributionType)hdr->distribution_type;
mContentType = (ContentType)hdr->content_type;
mEncryptionType = (EncryptionType)hdr->key_generation;
mKeyIndex = (EncryptionKeyIndex)hdr->key_area_encryption_key_index;
mCryptoType = MAX(hdr->crypto_type, hdr->crypto_type_2);
mKaekIndex = hdr->key_area_encryption_key_index;
mNcaSize = *hdr->nca_size;
mProgramId = *hdr->program_id;
mContentIndex = *hdr->content_index;
@ -73,21 +93,8 @@ void NcaHeader::importBinary(const u8 * bytes, size_t len)
// skip sections that don't exist
if (*hdr->section[section].start == 0 && *hdr->section[section].end == 0) continue;
EncryptionType encType = mEncryptionType;
if (encType == CRYPT_AUTO)
{
if (mContentType == TYPE_PROGRAM && section == SECTION_LOGO)
{
encType = CRYPT_NONE;
}
else
{
encType = CRYPT_AESCTR;
}
}
// add high level struct
mSections.addElement({ blockNumToSize(*hdr->section[section].start), blockNumToSize(hdr->section[section].end.get() - hdr->section[section].start.get()), encType, hdr->section_hash[section] });
mSections.addElement({ blockNumToSize(*hdr->section[section].start), blockNumToSize(hdr->section[section].end.get() - hdr->section[section].start.get()), hdr->section_hash[section] });
}
for (size_t i = 0; i < kAesKeyNum; i++)
@ -98,10 +105,11 @@ void NcaHeader::importBinary(const u8 * bytes, size_t len)
void nx::NcaHeader::clear()
{
mFormatVersion = NCA3_FORMAT;
mDistributionType = DIST_DOWNLOAD;
mContentType = TYPE_PROGRAM;
mEncryptionType = CRYPT_AUTO;
mKeyIndex = KEY_DEFAULT;
mCryptoType = 0;
mKaekIndex = 0;
mNcaSize = 0;
mProgramId = 0;
mContentIndex = 0;
@ -110,6 +118,16 @@ void nx::NcaHeader::clear()
mEncAesKeys.clear();
}
nx::NcaHeader::FormatVersion nx::NcaHeader::getFormatVersion() const
{
return mFormatVersion;
}
void nx::NcaHeader::setFormatVersion(FormatVersion version)
{
mFormatVersion = version;
}
nx::NcaHeader::DistributionType nx::NcaHeader::getDistributionType() const
{
return mDistributionType;
@ -130,24 +148,24 @@ void nx::NcaHeader::setContentType(ContentType type)
mContentType = type;
}
nx::NcaHeader::EncryptionType nx::NcaHeader::getEncryptionType() const
byte_t nx::NcaHeader::getCryptoType() const
{
return mEncryptionType;
return mCryptoType;
}
void nx::NcaHeader::setEncryptionType(EncryptionType type)
void nx::NcaHeader::setCryptoType(byte_t type)
{
mEncryptionType = type;
mCryptoType = type;
}
nx::NcaHeader::EncryptionKeyIndex nx::NcaHeader::getKeyIndex() const
byte_t nx::NcaHeader::getKaekIndex() const
{
return mKeyIndex;
return mKaekIndex;
}
void nx::NcaHeader::setKeyIndex(EncryptionKeyIndex index)
void nx::NcaHeader::setKaekIndex(byte_t index)
{
mKeyIndex = index;
mKaekIndex = index;
}
u64 NcaHeader::getNcaSize() const
@ -233,8 +251,8 @@ bool NcaHeader::isEqual(const NcaHeader & other) const
{
return (mDistributionType == other.mDistributionType) \
&& (mContentType == other.mContentType) \
&& (mEncryptionType == other.mEncryptionType) \
&& (mKeyIndex == other.mKeyIndex) \
&& (mCryptoType == other.mCryptoType) \
&& (mKaekIndex == other.mKaekIndex) \
&& (mNcaSize == other.mNcaSize) \
&& (mProgramId == other.mProgramId) \
&& (mContentIndex == other.mContentIndex) \
@ -254,8 +272,8 @@ void NcaHeader::copyFrom(const NcaHeader & other)
mBinaryBlob.clear();
mDistributionType = other.mDistributionType;
mContentType = other.mContentType;
mEncryptionType = other.mEncryptionType;
mKeyIndex = other.mKeyIndex;
mCryptoType = other.mCryptoType;
mKaekIndex = other.mKaekIndex;
mNcaSize = other.mNcaSize;
mProgramId = other.mProgramId;
mContentIndex = other.mContentIndex;

145
programs/ncatool/source/main.cpp
View file

@ -13,6 +13,7 @@
const size_t kNcaSectorSize = nx::NcaHeader::kBlockSize;
inline size_t sectorToOffset(size_t sector_index) { return sector_index * kNcaSectorSize; }
void initNcaCtr(u8 ctr[crypto::aes::kAesBlockSize], u32 generation)
{
@ -39,6 +40,25 @@ void xorData(const u8* a, const u8* b, u8* out, size_t len)
}
}
void decryptNcaHeader(byte_t header[0xc00], const u8* key1, const u8* key2)
{
byte_t tweak[crypto::aes::kAesBlockSize];
// decrypt main header
byte_t raw_hdr[kNcaSectorSize];
nx::NcaHeader hdr;
crypto::aes::AesXtsMakeTweak(tweak, 1);
crypto::aes::AesXtsDecryptSector(header + sectorToOffset(1), kNcaSectorSize, key1, key2, tweak, raw_hdr);
hdr.importBinary(raw_hdr, kNcaSectorSize);
// decrypt whole header
for (size_t i = 0; i < 6; i++)
{
crypto::aes::AesXtsMakeTweak(tweak, (i > 1 && hdr.getFormatVersion() == nx::NcaHeader::NCA2_FORMAT)? 0 : i);
crypto::aes::AesXtsDecryptSector(header + sectorToOffset(i), kNcaSectorSize, key1, key2, tweak, header + sectorToOffset(i));
}
}
void decryptNcaSectorXts(const fnd::MemoryBlob& nca, u8 out[kNcaSectorSize], size_t sector, const u8* key1, const u8* key2)
{
u8 tweak[crypto::aes::kAesBlockSize];
@ -97,6 +117,12 @@ void dumpHxdStyleSector(u8* out, size_t len)
*/
}
std::string kFormatVersionStr[]
{
"NCA2",
"NCA3"
};
std::string kDistributionTypeStr[]
{
"Download",
@ -116,10 +142,54 @@ std::string kEncryptionTypeStr[]
{
"Auto",
"None",
"UNKNOWN_2",
"AesCtr"
"AesXts",
"AesCtr",
"BKTR"
};
std::string kHashTypeStr[]
{
"Auto",
"UNKNOWN_1",
"HierarchicalSha256",
"HierarchicalIntegrity"
};
std::string kFormatTypeStr[]
{
"RomFs",
"PartitionFs"
};
std::string kKaekIndexStr[]
{
"Application",
"Ocean",
"System"
};
enum EncryptionType
{
CRYPT_AUTO,
CRYPT_NONE,
CRYPT_AESXTS,
CRYPT_AESCTR,
CRYPT_BKTR
};
#pragma pack(push,1)
struct sNcaFsHeader
{
le_uint16_t version; // usually 0x0002
byte_t format_type; // RomFs(0x00), PartitionFs(0x01)
byte_t hash_type; // HashTypeAuto(0x00), HashTypeHierarchicalSha256(0x02), HashTypeHierarchicalIntegrity(0x03).RomFs uses (0x03) this is forced, PartitionFs uses (0x02).
byte_t encryption_type; // EncryptionTypeAuto(0x00), EncryptionTypeNone(0x01), EncryptionTypeAesCtr(0x03)
byte_t reserved[3];
};
#pragma pack(pop)
int main(int argc, char** argv)
{
if (argc < 2)
@ -133,25 +203,45 @@ int main(int argc, char** argv)
fnd::MemoryBlob nca;
fnd::io::readFile(argv[1], nca);
u8 sector[kNcaSectorSize];
decryptNcaHeader(nca.getBytes(), crypto::aes::nx::dev::nca_header_key[0], crypto::aes::nx::dev::nca_header_key[1]);
//dumpHxdStyleSector(nca.getBytes(), 0xc00);
//u8 sector[kNcaSectorSize];
// nca test
if (argc == 2 || argc == 3)
{
decryptNcaSectorXts(nca, sector, 1, crypto::aes::nx::dev::nca_header_key[0], crypto::aes::nx::dev::nca_header_key[1]);
//decryptNcaSectorXts(nca, sector, 1, crypto::aes::nx::dev::nca_header_key[0], crypto::aes::nx::dev::nca_header_key[1]);
nx::NcaHeader hdr;
hdr.importBinary(sector, kNcaSectorSize);
hdr.importBinary(nca.getBytes() + sectorToOffset(1), kNcaSectorSize);
printf("[NCA Header]\n");
printf(" Format Type: %s\n", kFormatVersionStr[hdr.getFormatVersion()].c_str());
printf(" Dist. Type: %s\n", kDistributionTypeStr[hdr.getDistributionType()].c_str());
printf(" Type: %s\n", kContentTypeStr[hdr.getContentType()].c_str());
printf(" Enc. Type: %s\n", kEncryptionTypeStr[hdr.getEncryptionType()].c_str());
printf(" KeyIndex: %d\n", hdr.getKeyIndex());
printf(" Crypto Type: %d\n", hdr.getCryptoType());
printf(" Kaek Index: %s (%d)\n", kKaekIndexStr[hdr.getKaekIndex()].c_str(), hdr.getKaekIndex());
printf(" Size: 0x%" PRIx64 "\n", hdr.getNcaSize());
printf(" ProgID: 0x%016" PRIx64 "\n", hdr.getProgramId());
printf(" Content. Idx: %" PRIu32 "\n", hdr.getContentIndex());
printf(" SdkAddon Ver.: v%" PRIu32 "\n", hdr.getSdkAddonVersion());
uint32_t ver = hdr.getSdkAddonVersion();
printf(" SdkAddon Ver.: v%d.%d.%d.%d (v%" PRIu32 ")\n", (ver>>24 & 0xff),(ver>>16 & 0xff),(ver>>8 & 0xff),(ver>>0 & 0xff), ver);
printf(" Encrypted Key Area:\n");
for (size_t i = 0; i < hdr.getEncAesKeys().getSize(); i++)
{
printf(" %lu: ", i);
hexDump(hdr.getEncAesKeys()[i].key, crypto::aes::kAes128KeySize);
printf("\n");
/*
byte_t key[crypto::aes::kAes128KeySize];
crypto::aes::AesEcbDecrypt(hdr.getEncAesKeys()[i].key, crypto::aes::kAes128KeySize, crypto::aes::nx::dev::key_area_encryption_key_0, key);
printf(" dec: ", i);
hexDump(key, crypto::aes::kAes128KeySize);
printf("\n");
*/
}
printf(" Sections:\n");
for (size_t i = 0; i < hdr.getSections().getSize(); i++)
{
@ -161,19 +251,41 @@ int main(int argc, char** argv)
//printf(" End Blk: %" PRId32 "\n", section.end_blk);
printf(" Offset: 0x%" PRIx64 "\n", section.offset);
printf(" Size: 0x%" PRIx64 "\n", section.size);
printf(" Enc. Type: %s\n", kEncryptionTypeStr[section.enc_type].c_str());
size_t sector_index = 1 + (hdr.getSections().getSize() - i);
byte_t hash[crypto::sha::kSha256HashLen];
crypto::sha::Sha256(nca.getBytes() + sectorToOffset(sector_index), kNcaSectorSize, hash);
if (section.hash.compare(hash) == false)
{
//throw fnd::Exception("ncatool", "NcaFsHeader has bad sha256 hash");
}
const sNcaFsHeader* fsHdr = (const sNcaFsHeader*)(nca.getBytes() + sectorToOffset(sector_index));
printf(" FsHeader:\n");
printf(" Version: 0x%d\n", fsHdr->version.get());
printf(" Format Type: %s\n", kFormatTypeStr[fsHdr->format_type].c_str());
printf(" Hash Type: %s\n", kHashTypeStr[fsHdr->hash_type].c_str());
printf(" Enc. Type: %s\n", kEncryptionTypeStr[fsHdr->encryption_type].c_str());
/*
printf(" Hash: ");
hexDump(section.hash.bytes, crypto::sha::kSha256HashLen);
printf("\n");
}
printf(" Encrypted Body Keys:\n");
for (size_t i = 0; i < hdr.getEncAesKeys().getSize(); i++)
{
printf(" %lu: ", i);
hexDump(hdr.getEncAesKeys()[i].key, crypto::aes::kAes128KeySize);
byte_t hash[crypto::sha::kSha256HashLen];
crypto::sha::Sha256(nca.getBytes() + sectorToOffset(sector_index), kNcaSectorSize, hash);
printf(" Hash: ");
hexDump(hash, crypto::sha::kSha256HashLen);
printf("\n");
*/
//dumpHxdStyleSector(nca.getBytes() + sectorToOffset(sector_index), 0x10);
}
#ifdef USE_OLD_CODE
if (argc == 3)
{
#ifdef _WIN32
@ -203,7 +315,8 @@ int main(int argc, char** argv)
dumpNcaSector(sect);
}
}
#endif
}
} catch (const fnd::Exception& e)
{
printf("%s\n",e.what());