From 3ec054643e50f2845fb6a1a924b83bd71a0e2234 Mon Sep 17 00:00:00 2001 From: Zach Hilman Date: Sat, 29 Sep 2018 11:48:51 -0400 Subject: [PATCH] partition_data_manager: Rename system files for hekate x --- src/core/crypto/key_manager.cpp | 292 +++++++++++---------- src/core/crypto/key_manager.h | 16 +- src/core/crypto/partition_data_manager.cpp | 89 ++++--- src/core/crypto/partition_data_manager.h | 9 +- src/yuzu/main.cpp | 29 +- src/yuzu/main.h | 7 +- 6 files changed, 247 insertions(+), 195 deletions(-) diff --git a/src/core/crypto/key_manager.cpp b/src/core/crypto/key_manager.cpp index 027643654..a59a7e1f5 100644 --- a/src/core/crypto/key_manager.cpp +++ b/src/core/crypto/key_manager.cpp @@ -5,6 +5,7 @@ #include #include #include +#include #include #include #include @@ -23,6 +24,7 @@ #include "common/logging/log.h" #include "core/crypto/aes_util.h" #include "core/crypto/key_manager.h" +#include "core/crypto/partition_data_manager.h" #include "core/file_sys/content_archive.h" #include "core/file_sys/nca_metadata.h" #include "core/file_sys/partition_filesystem.h" @@ -37,11 +39,21 @@ constexpr u64 CURRENT_CRYPTO_REVISION = 0x5; using namespace Common; -const static std::array eticket_source_hashes{ +const std::array eticket_source_hashes{ "B71DB271DC338DF380AA2C4335EF8873B1AFD408E80B3582D8719FC81C5E511C"_array32, // eticket_rsa_kek_source "E8965A187D30E57869F562D04383C996DE487BBA5761363D2D4D32391866A85C"_array32, // eticket_rsa_kekek_source }; +const std::map, std::string> KEYS_VARIABLE_LENGTH{ + {{S128KeyType::Master, 0}, "master_key_"}, + {{S128KeyType::Package1, 0}, "package1_key_"}, + {{S128KeyType::Package2, 0}, "package2_key_"}, + {{S128KeyType::Titlekek, 0}, "titlekek_"}, + {{S128KeyType::Source, static_cast(SourceKeyType::Keyblob)}, "keyblob_key_source_"}, + {{S128KeyType::Keyblob, 0}, "keyblob_key_"}, + {{S128KeyType::KeyblobMAC, 0}, "keyblob_mac_key_"}, +}; + Key128 GenerateKeyEncryptionKey(Key128 source, Key128 master, Key128 kek_seed, Key128 key_seed) { Key128 out{}; @@ -58,7 +70,7 @@ Key128 GenerateKeyEncryptionKey(Key128 source, Key128 master, Key128 kek_seed, K return out; } -Key128 DeriveKeyblobKey(Key128 sbk, Key128 tsec, Key128 source) { +Key128 DeriveKeyblobKey(const Key128& sbk, const Key128& tsec, Key128 source) { AESCipher sbk_cipher(sbk, Mode::ECB); AESCipher tsec_cipher(tsec, Mode::ECB); tsec_cipher.Transcode(source.data(), source.size(), source.data(), Op::Decrypt); @@ -66,6 +78,69 @@ Key128 DeriveKeyblobKey(Key128 sbk, Key128 tsec, Key128 source) { return source; } +Key128 DeriveMasterKey(const std::array& keyblob, const Key128& master_source) { + Key128 master_root; + std::memcpy(master_root.data(), keyblob.data(), sizeof(Key128)); + + AESCipher master_cipher(master_root, Mode::ECB); + + Key128 master{}; + master_cipher.Transcode(master_source.data(), master_source.size(), master.data(), Op::Decrypt); + return master; +} + +std::array DecryptKeyblob(const std::array& encrypted_keyblob, + const Key128& key) { + std::array keyblob; + AESCipher cipher(key, Mode::CTR); + cipher.SetIV(std::vector(encrypted_keyblob.data() + 0x10, encrypted_keyblob.data() + 0x20)); + cipher.Transcode(encrypted_keyblob.data() + 0x20, keyblob.size(), keyblob.data(), Op::Decrypt); + return keyblob; +} + +void KeyManager::DeriveGeneralPurposeKeys(u8 crypto_revision) { + const auto kek_generation_source = + GetKey(S128KeyType::Source, static_cast(SourceKeyType::AESKekGeneration)); + const auto key_generation_source = + GetKey(S128KeyType::Source, static_cast(SourceKeyType::AESKeyGeneration)); + + if (HasKey(S128KeyType::Master, crypto_revision)) { + for (auto kak_type : + {KeyAreaKeyType::Application, KeyAreaKeyType::Ocean, KeyAreaKeyType::System}) { + if (HasKey(S128KeyType::Source, static_cast(SourceKeyType::KeyAreaKey), + static_cast(kak_type))) { + const auto source = + GetKey(S128KeyType::Source, static_cast(SourceKeyType::KeyAreaKey), + static_cast(kak_type)); + const auto kek = + GenerateKeyEncryptionKey(source, GetKey(S128KeyType::Master, crypto_revision), + kek_generation_source, key_generation_source); + SetKey(S128KeyType::KeyArea, kek, crypto_revision, static_cast(kak_type)); + } + } + + AESCipher master_cipher(GetKey(S128KeyType::Master, crypto_revision), Mode::ECB); + for (auto key_type : {SourceKeyType::Titlekek, SourceKeyType::Package2}) { + if (HasKey(S128KeyType::Source, static_cast(key_type))) { + Key128 key{}; + master_cipher.Transcode( + GetKey(S128KeyType::Source, static_cast(key_type)).data(), key.size(), + key.data(), Op::Decrypt); + SetKey(key_type == SourceKeyType::Titlekek ? S128KeyType::Titlekek + : S128KeyType::Package2, + key, crypto_revision); + } + } + } +} + +Key128 DeriveKeyblobMACKey(const Key128& keyblob_key, const Key128& mac_source) { + AESCipher mac_cipher(keyblob_key, Mode::ECB); + Key128 mac_key{}; + mac_cipher.Transcode(mac_source.data(), mac_key.size(), mac_key.data(), Op::Decrypt); + return mac_key; +} + boost::optional DeriveSDSeed() { const FileUtil::IOFile save_43(FileUtil::GetUserPath(FileUtil::UserPath::NANDDir) + "/system/save/8000000000000043", @@ -166,10 +241,10 @@ std::vector GetTicketblob(const FileUtil::IOFile& ticket_save) { for (std::size_t offset = 0; offset + 0x4 < buffer.size(); ++offset) { if (buffer[offset] == 0x4 && buffer[offset + 1] == 0x0 && buffer[offset + 2] == 0x1 && buffer[offset + 3] == 0x0) { - TicketRaw next{}; + out.emplace_back(); + auto& next = out.back(); std::memcpy(&next, buffer.data() + offset, sizeof(TicketRaw)); offset += next.size(); - out.push_back(next); } } @@ -180,8 +255,7 @@ template static std::array operator^(const std::array& lhs, const std::array& rhs) { std::array out{}; - for (size_t i = 0; i < size; ++i) - out[i] = lhs[i] ^ rhs[i]; + std::transform(lhs.begin(), lhs.end(), rhs.begin(), out.begin(), std::bit_xor<>()); return out; } @@ -193,17 +267,32 @@ static std::array MGF1(const std::array& seed) { std::vector out; size_t i = 0; while (out.size() < target_size) { - out.resize(out.size() + 0x20, 0); + out.resize(out.size() + 0x20); seed_exp[in_size + 3] = i; mbedtls_sha256(seed_exp.data(), seed_exp.size(), out.data() + out.size() - 0x20, 0); ++i; } - std::array target{}; + std::array target; std::memcpy(target.data(), out.data(), target_size); return target; } +template +static boost::optional FindTicketOffset(const std::array& data) { + u64 offset = 0; + for (size_t i = 0x20; i < data.size() - 0x10; ++i) { + if (data[i] == 0x1) { + offset = i + 1; + break; + } else if (data[i] != 0x0) { + return boost::none; + } + } + + return offset; +} + boost::optional> ParseTicket(const TicketRaw& ticket, const RSAKeyPair<2048>& key) { u32 cert_authority; @@ -215,14 +304,17 @@ boost::optional> ParseTicket(const TicketRaw& ticket, "Attempting to parse ticket with non-standard certificate authority {:08X}.", cert_authority); - Key128 rights_id{}; + Key128 rights_id; std::memcpy(rights_id.data(), ticket.data() + 0x2A0, sizeof(Key128)); + if (rights_id == Key128{}) + return boost::none; + Key128 key_temp{}; if (!std::any_of(ticket.begin() + 0x190, ticket.begin() + 0x280, [](u8 b) { return b != 0; })) { std::memcpy(key_temp.data(), ticket.data() + 0x180, key_temp.size()); - return std::pair{rights_id, key_temp}; + return std::make_pair(rights_id, key_temp); } mbedtls_mpi D; // RSA Private Exponent @@ -241,13 +333,13 @@ boost::optional> ParseTicket(const TicketRaw& ticket, mbedtls_mpi_exp_mod(&M, &S, &D, &N, nullptr); - std::array rsa_step{}; + std::array rsa_step; mbedtls_mpi_write_binary(&M, rsa_step.data(), rsa_step.size()); u8 m_0 = rsa_step[0]; - std::array m_1{}; + std::array m_1; std::memcpy(m_1.data(), rsa_step.data() + 0x01, m_1.size()); - std::array m_2{}; + std::array m_2; std::memcpy(m_2.data(), rsa_step.data() + 0x21, m_2.size()); if (m_0 != 0) @@ -256,21 +348,14 @@ boost::optional> ParseTicket(const TicketRaw& ticket, m_1 = m_1 ^ MGF1<0x20>(m_2); m_2 = m_2 ^ MGF1<0xDF>(m_1); - u64 offset = 0; - for (size_t i = 0x20; i < m_2.size() - 0x10; ++i) { - if (m_2[i] == 0x1) { - offset = i + 1; - break; - } else if (m_2[i] != 0x0) { - return boost::none; - } - } + const auto offset = FindTicketOffset(m_2); + if (offset == boost::none) + return boost::none; + ASSERT(offset.get() > 0); - ASSERT(offset > 0); + std::memcpy(key_temp.data(), m_2.data() + offset.get(), key_temp.size()); - std::memcpy(key_temp.data(), m_2.data() + offset, key_temp.size()); - - return std::pair{rights_id, key_temp}; + return std::make_pair(rights_id, key_temp); } KeyManager::KeyManager() { @@ -293,10 +378,11 @@ KeyManager::KeyManager() { AttemptLoadKeyFile(yuzu_keys_dir, yuzu_keys_dir, "console.keys_autogenerated", false); } -static bool ValidCryptoRevisionString(const std::string& base, size_t begin, size_t length) { +static bool ValidCryptoRevisionString(std::string_view base, size_t begin, size_t length) { if (base.size() < begin + length) return false; - return std::all_of(base.begin() + begin, base.begin() + begin + length, ::isdigit); + return std::all_of(base.begin() + begin, base.begin() + begin + length, + [](u8 c) { return std::isdigit(c); }); } void KeyManager::LoadFromFile(const std::string& filename, bool is_title_keys) { @@ -351,16 +437,7 @@ void KeyManager::LoadFromFile(const std::string& filename, bool is_title_keys) { const auto index = std::stoul(out[0].substr(18, 2), nullptr, 16); encrypted_keyblobs[index] = Common::HexStringToArray<0xB0>(out[1]); } else { - for (const auto& kv : std::map, std::string>{ - {{S128KeyType::Master, 0}, "master_key_"}, - {{S128KeyType::Package1, 0}, "package1_key_"}, - {{S128KeyType::Package2, 0}, "package2_key_"}, - {{S128KeyType::Titlekek, 0}, "titlekek_"}, - {{S128KeyType::Source, static_cast(SourceKeyType::Keyblob)}, - "keyblob_key_source_"}, - {{S128KeyType::Keyblob, 0}, "keyblob_key_"}, - {{S128KeyType::KeyblobMAC, 0}, "keyblob_mac_key_"}, - }) { + for (const auto& kv : KEYS_VARIABLE_LENGTH) { if (!ValidCryptoRevisionString(out[0], kv.second.size(), 2)) continue; if (out[0].compare(0, kv.second.size(), kv.second) == 0) { @@ -379,9 +456,9 @@ void KeyManager::LoadFromFile(const std::string& filename, bool is_title_keys) { } } - const static std::array kak_names = { + static constexpr std::array kak_names = { "key_area_key_application_", "key_area_key_ocean_", "key_area_key_system_"}; - for (size_t j = 0; j < 3; ++j) { + for (size_t j = 0; j < kak_names.size(); ++j) { const auto& match = kak_names[j]; if (out[0].compare(0, std::strlen(match), match) == 0) { const auto index = @@ -403,7 +480,7 @@ void KeyManager::AttemptLoadKeyFile(const std::string& dir1, const std::string& LoadFromFile(dir2 + DIR_SEP + filename, title); } -bool KeyManager::BaseDeriveNecessary() { +bool KeyManager::BaseDeriveNecessary() const { const auto check_key_existence = [this](auto key_type, u64 index1 = 0, u64 index2 = 0) { return !HasKey(key_type, index1, index2); }; @@ -512,9 +589,9 @@ void KeyManager::SetKey(S128KeyType id, Key128 key, u64 field1, u64 field2) { // Variable cases if (id == S128KeyType::KeyArea) { - const static std::array kak_names = {"key_area_key_application_{:02X}", - "key_area_key_ocean_{:02X}", - "key_area_key_system_{:02X}"}; + static constexpr std::array kak_names = {"key_area_key_application_{:02X}", + "key_area_key_ocean_{:02X}", + "key_area_key_system_{:02X}"}; WriteKeyToFile(category, fmt::format(kak_names.at(field2), field1), key); } else if (id == S128KeyType::Master) { WriteKeyToFile(category, fmt::format("master_key_{:02X}", field1), key); @@ -575,11 +652,11 @@ void KeyManager::DeriveSDSeedLazy() { SetKey(S128KeyType::SDSeed, res.get()); } -static Key128 CalculateCMAC(const u8* source, size_t size, Key128 key) { +static Key128 CalculateCMAC(const u8* source, size_t size, const Key128& key) { Key128 out{}; - mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB), key.data(), 0x80, - source, size, out.data()); + mbedtls_cipher_cmac(mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB), key.data(), + key.size() * 8, source, size, out.data()); return out; } @@ -610,12 +687,12 @@ void KeyManager::DeriveBase() { else if (has_bis(3) && !has_bis(2)) copy_bis(3, 2); - std::bitset<32> revisions{}; - revisions.set(); - for (size_t i = 0; i < 32; ++i) { + std::bitset<32> revisions(0xFFFFFFFF); + for (size_t i = 0; i < revisions.size(); ++i) { if (!HasKey(S128KeyType::Source, static_cast(SourceKeyType::Keyblob), i) || - encrypted_keyblobs[i] == std::array{}) + encrypted_keyblobs[i] == std::array{}) { revisions.reset(i); + } } if (!revisions.any()) @@ -624,12 +701,8 @@ void KeyManager::DeriveBase() { const auto sbk = GetKey(S128KeyType::SecureBoot); const auto tsec = GetKey(S128KeyType::TSEC); const auto master_source = GetKey(S128KeyType::Source, static_cast(SourceKeyType::Master)); - const auto kek_generation_source = - GetKey(S128KeyType::Source, static_cast(SourceKeyType::AESKekGeneration)); - const auto key_generation_source = - GetKey(S128KeyType::Source, static_cast(SourceKeyType::AESKeyGeneration)); - for (size_t i = 0; i < 32; ++i) { + for (size_t i = 0; i < revisions.size(); ++i) { if (!revisions[i]) continue; @@ -643,13 +716,8 @@ void KeyManager::DeriveBase() { if (!HasKey(S128KeyType::Source, static_cast(SourceKeyType::KeyblobMAC))) continue; - const auto mac_source = - GetKey(S128KeyType::Source, static_cast(SourceKeyType::KeyblobMAC)); - - AESCipher mac_cipher(key, Mode::ECB); - Key128 mac_key{}; - mac_cipher.Transcode(mac_source.data(), mac_key.size(), mac_key.data(), Op::Decrypt); - + const auto mac_key = DeriveKeyblobMACKey( + key, GetKey(S128KeyType::Source, static_cast(SourceKeyType::KeyblobMAC))); SetKey(S128KeyType::KeyblobMAC, mac_key, i); Key128 cmac = CalculateCMAC(encrypted_keyblobs[i].data() + 0x10, 0xA0, mac_key); @@ -657,39 +725,27 @@ void KeyManager::DeriveBase() { continue; // Decrypt keyblob - bool has_keyblob = keyblobs[i] != std::array{}; - - AESCipher cipher(key, Mode::CTR); - cipher.SetIV(std::vector(encrypted_keyblobs[i].data() + 0x10, - encrypted_keyblobs[i].data() + 0x20)); - cipher.Transcode(encrypted_keyblobs[i].data() + 0x20, keyblobs[i].size(), - keyblobs[i].data(), Op::Decrypt); - - if (!has_keyblob) { + if (keyblobs[i] == std::array{}) { + keyblobs[i] = DecryptKeyblob(encrypted_keyblobs[i], key); WriteKeyToFile<0x90>(KeyCategory::Console, fmt::format("keyblob_{:02X}", i), keyblobs[i]); } - Key128 package1{}; + Key128 package1; std::memcpy(package1.data(), keyblobs[i].data() + 0x80, sizeof(Key128)); SetKey(S128KeyType::Package1, package1, i); // Derive master key if (HasKey(S128KeyType::Source, static_cast(SourceKeyType::Master))) { - Key128 master_root{}; - std::memcpy(master_root.data(), keyblobs[i].data(), sizeof(Key128)); - - AESCipher master_cipher(master_root, Mode::ECB); - - Key128 master{}; - master_cipher.Transcode(master_source.data(), master_source.size(), master.data(), - Op::Decrypt); - SetKey(S128KeyType::Master, master, i); + SetKey(S128KeyType::Master, + DeriveMasterKey(keyblobs[i], GetKey(S128KeyType::Source, + static_cast(SourceKeyType::Master))), + i); } } revisions.set(); - for (size_t i = 0; i < 32; ++i) { + for (size_t i = 0; i < revisions.size(); ++i) { if (!HasKey(S128KeyType::Master, i)) revisions.reset(i); } @@ -697,39 +753,12 @@ void KeyManager::DeriveBase() { if (!revisions.any()) return; - for (size_t i = 0; i < 32; ++i) { + for (size_t i = 0; i < revisions.size(); ++i) { if (!revisions[i]) continue; // Derive general purpose keys - if (HasKey(S128KeyType::Master, i)) { - for (auto kak_type : - {KeyAreaKeyType::Application, KeyAreaKeyType::Ocean, KeyAreaKeyType::System}) { - if (HasKey(S128KeyType::Source, static_cast(SourceKeyType::KeyAreaKey), - static_cast(kak_type))) { - const auto source = - GetKey(S128KeyType::Source, static_cast(SourceKeyType::KeyAreaKey), - static_cast(kak_type)); - const auto kek = - GenerateKeyEncryptionKey(source, GetKey(S128KeyType::Master, i), - kek_generation_source, key_generation_source); - SetKey(S128KeyType::KeyArea, kek, i, static_cast(kak_type)); - } - } - - AESCipher master_cipher(GetKey(S128KeyType::Master, i), Mode::ECB); - for (auto key_type : {SourceKeyType::Titlekek, SourceKeyType::Package2}) { - if (HasKey(S128KeyType::Source, static_cast(key_type))) { - Key128 key{}; - master_cipher.Transcode( - GetKey(S128KeyType::Source, static_cast(key_type)).data(), key.size(), - key.data(), Op::Decrypt); - SetKey(key_type == SourceKeyType::Titlekek ? S128KeyType::Titlekek - : S128KeyType::Package2, - key, i); - } - } - } + DeriveGeneralPurposeKeys(i); } if (HasKey(S128KeyType::Master, 0) && @@ -751,7 +780,7 @@ void KeyManager::DeriveBase() { } } -void KeyManager::DeriveETicket(PartitionDataManager data) { +void KeyManager::DeriveETicket(PartitionDataManager& data) { // ETicket keys const auto es = Service::FileSystem::GetUnionContents()->GetEntry( 0x0100000000000033, FileSys::ContentRecordType::Program); @@ -769,30 +798,30 @@ void KeyManager::DeriveETicket(PartitionDataManager data) { const auto bytes = main->ReadAllBytes(); - using namespace Common; - const auto eticket_kek = FindKeyFromHex(bytes, eticket_source_hashes[0]); - const auto eticket_kekek = FindKeyFromHex(bytes, eticket_source_hashes[1]); + const auto eticket_kek = FindKeyFromHex16(bytes, eticket_source_hashes[0]); + const auto eticket_kekek = FindKeyFromHex16(bytes, eticket_source_hashes[1]); const auto seed3 = data.GetRSAKekSeed3(); const auto mask0 = data.GetRSAKekMask0(); if (eticket_kek != Key128{}) SetKey(S128KeyType::Source, eticket_kek, static_cast(SourceKeyType::ETicketKek)); - if (eticket_kekek != Key128{}) + if (eticket_kekek != Key128{}) { SetKey(S128KeyType::Source, eticket_kekek, static_cast(SourceKeyType::ETicketKekek)); + } if (seed3 != Key128{}) SetKey(S128KeyType::RSAKek, seed3, static_cast(RSAKekType::Seed3)); if (mask0 != Key128{}) SetKey(S128KeyType::RSAKek, mask0, static_cast(RSAKekType::Mask0)); - if (eticket_kek == Key128{} || eticket_kekek == Key128{} || seed3 == Key128{} || - mask0 == Key128{}) + mask0 == Key128{}) { return; + } Key128 rsa_oaep_kek{}; - for (size_t i = 0; i < rsa_oaep_kek.size(); ++i) - rsa_oaep_kek[i] = seed3[i] ^ mask0[i]; + std::transform(seed3.begin(), seed3.end(), mask0.begin(), rsa_oaep_kek.begin(), + std::bit_xor<>()); if (rsa_oaep_kek == Key128{}) return; @@ -818,8 +847,7 @@ void KeyManager::DeriveETicket(PartitionDataManager data) { SetKey(S128KeyType::ETicketRSAKek, eticket_final); // Titlekeys - data.DecryptProdInfo(GetKey(S128KeyType::BIS), - GetKey(S128KeyType::BIS, 0, static_cast(BISKeyType::Tweak))); + data.DecryptProdInfo(GetBISKey(0)); const auto eticket_extended_kek = data.GetETicketExtendedKek(); @@ -851,8 +879,8 @@ void KeyManager::DeriveETicket(PartitionDataManager data) { const auto pair = ParseTicket(raw, rsa_key); if (pair == boost::none) continue; - auto [rid, key] = pair.value(); - u128 rights_id{}; + const auto& [rid, key] = pair.value(); + u128 rights_id; std::memcpy(rights_id.data(), rid.data(), rid.size()); SetKey(S128KeyType::Titlekey, key, rights_id[1], rights_id[0]); } @@ -870,14 +898,14 @@ void KeyManager::SetKeyWrapped(S256KeyType id, Key256 key, u64 field1, u64 field SetKey(id, key, field1, field2); } -void KeyManager::PopulateFromPartitionData(PartitionDataManager data) { +void KeyManager::PopulateFromPartitionData(PartitionDataManager& data) { if (!BaseDeriveNecessary()) return; if (!data.HasBoot0()) return; - for (size_t i = 0; i < 0x20; ++i) { + for (size_t i = 0; i < encrypted_keyblobs.size(); ++i) { if (encrypted_keyblobs[i] != std::array{}) continue; encrypted_keyblobs[i] = data.GetEncryptedKeyblob(i); @@ -907,15 +935,15 @@ void KeyManager::PopulateFromPartitionData(PartitionDataManager data) { DeriveBase(); Key128 latest_master{}; - for (s8 i = 0x1F; i > 0; --i) { - if (GetKey(S128KeyType::Master, i) != Key128{}) { - latest_master = GetKey(S128KeyType::Master, i); + for (s8 i = 0x1F; i >= 0; --i) { + if (GetKey(S128KeyType::Master, static_cast(i)) != Key128{}) { + latest_master = GetKey(S128KeyType::Master, static_cast(i)); break; } } const auto masters = data.GetTZMasterKeys(latest_master); - for (size_t i = 0; i < 0x20; ++i) { + for (size_t i = 0; i < masters.size(); ++i) { if (masters[i] != Key128{} && !HasKey(S128KeyType::Master, i)) SetKey(S128KeyType::Master, masters[i], i); } @@ -926,7 +954,7 @@ void KeyManager::PopulateFromPartitionData(PartitionDataManager data) { return; std::array package2_keys{}; - for (size_t i = 0; i < 0x20; ++i) { + for (size_t i = 0; i < package2_keys.size(); ++i) { if (HasKey(S128KeyType::Package2, i)) package2_keys[i] = GetKey(S128KeyType::Package2, i); } diff --git a/src/core/crypto/key_manager.h b/src/core/crypto/key_manager.h index d26aa59b6..a41abbdfc 100644 --- a/src/core/crypto/key_manager.h +++ b/src/core/crypto/key_manager.h @@ -11,8 +11,8 @@ #include #include #include "common/common_types.h" +#include "core/crypto/partition_data_manager.h" #include "core/file_sys/vfs_types.h" -#include "partition_data_manager.h" namespace FileUtil { class IOFile; @@ -154,11 +154,11 @@ public: // 8*43 and the private file to exist. void DeriveSDSeedLazy(); - bool BaseDeriveNecessary(); + bool BaseDeriveNecessary() const; void DeriveBase(); - void DeriveETicket(PartitionDataManager data); + void DeriveETicket(PartitionDataManager& data); - void PopulateFromPartitionData(PartitionDataManager data); + void PopulateFromPartitionData(PartitionDataManager& data); private: std::map, Key128> s128_keys; @@ -175,6 +175,8 @@ private: void WriteKeyToFile(KeyCategory category, std::string_view keyname, const std::array& key); + void DeriveGeneralPurposeKeys(u8 crypto_revision); + void SetKeyWrapped(S128KeyType id, Key128 key, u64 field1 = 0, u64 field2 = 0); void SetKeyWrapped(S256KeyType id, Key256 key, u64 field1 = 0, u64 field2 = 0); @@ -183,7 +185,11 @@ private: }; Key128 GenerateKeyEncryptionKey(Key128 source, Key128 master, Key128 kek_seed, Key128 key_seed); -Key128 DeriveKeyblobKey(Key128 sbk, Key128 tsec, Key128 source); +Key128 DeriveKeyblobKey(const Key128& sbk, const Key128& tsec, Key128 source); +Key128 DeriveKeyblobMACKey(const Key128& keyblob_key, const Key128& mac_source); +Key128 DeriveMasterKey(const std::array& keyblob, const Key128& master_source); +std::array DecryptKeyblob(const std::array& encrypted_keyblob, + const Key128& key); boost::optional DeriveSDSeed(); Loader::ResultStatus DeriveSDKeys(std::array& sd_keys, KeyManager& keys); diff --git a/src/core/crypto/partition_data_manager.cpp b/src/core/crypto/partition_data_manager.cpp index 60128b0e1..d1c04e98d 100644 --- a/src/core/crypto/partition_data_manager.cpp +++ b/src/core/crypto/partition_data_manager.cpp @@ -7,20 +7,24 @@ // hash the new keyblob source and master key and add the hashes to // the arrays below. +#include #include +#include +#include #include #include #include "common/assert.h" +#include "common/common_funcs.h" #include "common/common_types.h" #include "common/hex_util.h" #include "common/logging/log.h" #include "common/string_util.h" +#include "core/crypto/ctr_encryption_layer.h" #include "core/crypto/key_manager.h" #include "core/crypto/partition_data_manager.h" +#include "core/crypto/xts_encryption_layer.h" #include "core/file_sys/vfs.h" #include "core/file_sys/vfs_offset.h" -#include "ctr_encryption_layer.h" -#include "xts_encryption_layer.h" using namespace Common; @@ -72,7 +76,7 @@ struct KIPHeader { }; static_assert(sizeof(KIPHeader) == 0x100, "KIPHeader has incorrect size."); -const static std::array source_hashes{ +const std::array source_hashes{ "B24BD293259DBC7AC5D63F88E60C59792498E6FC5443402C7FFE87EE8B61A3F0"_array32, // keyblob_mac_key_source "7944862A3A5C31C6720595EFD302245ABD1B54CCDCF33000557681E65C5664A4"_array32, // master_key_source "21E2DF100FC9E094DB51B47B9B1D6E94ED379DB8B547955BEF8FE08D8DD35603"_array32, // package2_key_source @@ -91,7 +95,7 @@ const static std::array source_hashes{ "FC02B9D37B42D7A1452E71444F1F700311D1132E301A83B16062E72A78175085"_array32, // rsa_kek_mask0 }; -const static std::array keyblob_source_hashes{ +const std::array keyblob_source_hashes{ "8A06FE274AC491436791FDB388BCDD3AB9943BD4DEF8094418CDAC150FD73786"_array32, // keyblob_key_source_00 "2D5CAEB2521FEF70B47E17D6D0F11F8CE2C1E442A979AD8035832C4E9FBCCC4B"_array32, // keyblob_key_source_01 "61C5005E713BAE780641683AF43E5F5C0E03671117F702F401282847D2FC6064"_array32, // keyblob_key_source_02 @@ -129,7 +133,7 @@ const static std::array keyblob_source_hashes{ "0000000000000000000000000000000000000000000000000000000000000000"_array32, // keyblob_key_source_1F }; -const static std::array master_key_hashes{ +const std::array master_key_hashes{ "0EE359BE3C864BB0782E1D70A718A0342C551EED28C369754F9C4F691BECF7CA"_array32, // master_key_00 "4FE707B7E4ABDAF727C894AAF13B1351BFE2AC90D875F73B2E20FA94B9CC661E"_array32, // master_key_01 "79277C0237A2252EC3DFAC1F7C359C2B3D121E9DB15BB9AB4C2B4408D2F3AE09"_array32, // master_key_02 @@ -167,7 +171,7 @@ const static std::array master_key_hashes{ "0000000000000000000000000000000000000000000000000000000000000000"_array32, // master_key_1F }; -std::vector DecompressBLZ(const std::vector& in) { +static std::vector DecompressBLZ(const std::vector& in) { const auto data_size = in.size() - 0xC; u32 compressed_size{}; @@ -226,10 +230,10 @@ std::vector DecompressBLZ(const std::vector& in) { return out; } -u8 CalculateMaxKeyblobSourceHash() { +static u8 CalculateMaxKeyblobSourceHash() { for (s8 i = 0x1F; i >= 0; --i) { if (keyblob_source_hashes[i] != SHA256Hash{}) - return i + 1; + return static_cast(i + 1); } return 0; @@ -238,10 +242,12 @@ u8 CalculateMaxKeyblobSourceHash() { const u8 PartitionDataManager::MAX_KEYBLOB_SOURCE_HASH = CalculateMaxKeyblobSourceHash(); template -std::array FindKeyFromHex(const std::vector& binary, std::array hash) { - std::array temp{}; +std::array FindKeyFromHex(const std::vector& binary, + const std::array& hash) { if (binary.size() < key_size) return {}; + + std::array temp{}; for (size_t i = 0; i < binary.size() - key_size; ++i) { mbedtls_sha256(binary.data() + i, key_size, temp.data(), 0); @@ -256,19 +262,24 @@ std::array FindKeyFromHex(const std::vector& binary, std::arra return {}; } -std::array FindEncryptedMasterKeyFromHex(const std::vector& binary, Key128 key) { - SHA256Hash temp{}; - Key128 dec_temp{}; +std::array FindKeyFromHex16(const std::vector& binary, std::array hash) { + return FindKeyFromHex<0x10>(binary, hash); +} + +static std::array FindEncryptedMasterKeyFromHex(const std::vector& binary, + const Key128& key) { if (binary.size() < 0x10) return {}; + SHA256Hash temp{}; + Key128 dec_temp{}; std::array out{}; AESCipher cipher(key, Mode::ECB); for (size_t i = 0; i < binary.size() - 0x10; ++i) { cipher.Transcode(binary.data() + i, dec_temp.size(), dec_temp.data(), Op::Decrypt); mbedtls_sha256(dec_temp.data(), dec_temp.size(), temp.data(), 0); - for (size_t k = 0; k < 0x20; ++k) { + for (size_t k = 0; k < out.size(); ++k) { if (temp == master_key_hashes[k]) { out[k] = dec_temp; break; @@ -282,7 +293,7 @@ std::array FindEncryptedMasterKeyFromHex(const std::vector& bi FileSys::VirtualFile FindFileInDirWithNames(const FileSys::VirtualDir& dir, const std::string& name) { auto upper = name; - std::transform(upper.begin(), upper.end(), upper.begin(), ::toupper); + std::transform(upper.begin(), upper.end(), upper.begin(), [](u8 c) { return std::toupper(c); }); for (const auto& fname : {name, name + ".bin", upper, upper + ".BIN"}) { if (dir->GetFile(fname) != nullptr) return dir->GetFile(fname); @@ -303,14 +314,16 @@ PartitionDataManager::PartitionDataManager(FileSys::VirtualDir sysdata_dir) FindFileInDirWithNames(sysdata_dir, "BCPKG2-5-Repair-Main"), FindFileInDirWithNames(sysdata_dir, "BCPKG2-6-Repair-Sub"), }), - secure_monitor(FindFileInDirWithNames(sysdata_dir, "sm")), - package1_decrypted(FindFileInDirWithNames(sysdata_dir, "pkg_decr")), + secure_monitor(FindFileInDirWithNames(sysdata_dir, "secmon")), + package1_decrypted(FindFileInDirWithNames(sysdata_dir, "pkg1_decr")), secure_monitor_bytes(secure_monitor == nullptr ? std::vector{} : secure_monitor->ReadAllBytes()), package1_decrypted_bytes(package1_decrypted == nullptr ? std::vector{} : package1_decrypted->ReadAllBytes()), prodinfo(FindFileInDirWithNames(sysdata_dir, "PRODINFO")) {} +PartitionDataManager::~PartitionDataManager() = default; + bool PartitionDataManager::HasBoot0() const { return boot0 != nullptr; } @@ -417,6 +430,22 @@ FileSys::VirtualFile PartitionDataManager::GetPackage2Raw(Package2Type type) con return package2.at(static_cast(type)); } +bool AttemptDecrypt(const std::array& key, Package2Header& header) { + + const std::vector iv(header.header_ctr.begin(), header.header_ctr.end()); + Package2Header temp = header; + AESCipher cipher(key, Mode::CTR); + cipher.SetIV(iv); + cipher.Transcode(&temp.header_ctr, sizeof(Package2Header) - 0x100, &temp.header_ctr, + Op::Decrypt); + if (temp.magic == Common::MakeMagic('P', 'K', '2', '1')) { + header = temp; + return true; + } + + return false; +} + void PartitionDataManager::DecryptPackage2(std::array, 0x20> package2_keys, Package2Type type) { FileSys::VirtualFile file = std::make_shared( @@ -429,18 +458,9 @@ void PartitionDataManager::DecryptPackage2(std::array, 0x20> u8 revision = 0xFF; if (header.magic != Common::MakeMagic('P', 'K', '2', '1')) { - for (size_t i = 0; i < 0x20; ++i) { - const std::vector iv(header.header_ctr.begin(), header.header_ctr.end()); - Package2Header temp = header; - AESCipher cipher(package2_keys[i], Mode::CTR); - cipher.SetIV(iv); - cipher.Transcode(&temp.header_ctr, sizeof(Package2Header) - 0x100, &temp.header_ctr, - Op::Decrypt); - if (temp.magic == Common::MakeMagic('P', 'K', '2', '1')) { - header = temp; + for (size_t i = 0; i < package2_keys.size(); ++i) { + if (AttemptDecrypt(package2_keys[i], header)) revision = i; - break; - } } } @@ -460,7 +480,7 @@ void PartitionDataManager::DecryptPackage2(std::array, 0x20> // package2_decrypted[static_cast(type)] = s1; - INIHeader ini{}; + INIHeader ini; std::memcpy(&ini, c.data(), sizeof(INIHeader)); if (ini.magic != Common::MakeMagic('I', 'N', 'I', '1')) return; @@ -468,7 +488,7 @@ void PartitionDataManager::DecryptPackage2(std::array, 0x20> std::map kips{}; u64 offset = sizeof(INIHeader); for (size_t i = 0; i < ini.process_count; ++i) { - KIPHeader kip{}; + KIPHeader kip; std::memcpy(&kip, c.data() + offset, sizeof(KIPHeader)); if (kip.magic != Common::MakeMagic('K', 'I', 'P', '1')) return; @@ -565,16 +585,11 @@ FileSys::VirtualFile PartitionDataManager::GetProdInfoRaw() const { return prodinfo; } -void PartitionDataManager::DecryptProdInfo(std::array bis_crypt, - std::array bis_tweak) { +void PartitionDataManager::DecryptProdInfo(std::array bis_key) { if (prodinfo == nullptr) return; - Key256 final_key{}; - std::memcpy(final_key.data(), bis_crypt.data(), bis_crypt.size()); - std::memcpy(final_key.data() + sizeof(Key128), bis_tweak.data(), bis_tweak.size()); - - prodinfo_decrypted = std::make_shared(prodinfo, final_key); + prodinfo_decrypted = std::make_shared(prodinfo, bis_key); } std::array PartitionDataManager::GetETicketExtendedKek() const { diff --git a/src/core/crypto/partition_data_manager.h b/src/core/crypto/partition_data_manager.h index 85bb2a110..45c7fecfa 100644 --- a/src/core/crypto/partition_data_manager.h +++ b/src/core/crypto/partition_data_manager.h @@ -3,6 +3,7 @@ // Refer to the license.txt file included. #pragma once + #include #include "common/common_funcs.h" #include "common/common_types.h" @@ -22,9 +23,10 @@ enum class Package2Type { class PartitionDataManager { public: - const static u8 MAX_KEYBLOB_SOURCE_HASH; + static const u8 MAX_KEYBLOB_SOURCE_HASH; explicit PartitionDataManager(FileSys::VirtualDir sysdata_dir); + ~PartitionDataManager(); // BOOT0 bool HasBoot0() const; @@ -77,7 +79,7 @@ public: // PRODINFO bool HasProdInfo() const; FileSys::VirtualFile GetProdInfoRaw() const; - void DecryptProdInfo(std::array bis_crypt, std::array bis_tweak); + void DecryptProdInfo(std::array bis_key); std::array GetETicketExtendedKek() const; private: @@ -98,7 +100,6 @@ private: std::array, 6> package2_spl; }; -template -std::array FindKeyFromHex(const std::vector& binary, std::array hash); +std::array FindKeyFromHex16(const std::vector& binary, std::array hash); } // namespace Core::Crypto diff --git a/src/yuzu/main.cpp b/src/yuzu/main.cpp index 076fcff18..fc186dc2d 100644 --- a/src/yuzu/main.cpp +++ b/src/yuzu/main.cpp @@ -173,7 +173,7 @@ GMainWindow::GMainWindow() show(); // Gen keys if necessary - OnReinitializeKeys(false); + OnReinitializeKeys(ReinitializeKeyBehavior::NoWarning); // Necessary to load titles from nand in gamelist. Service::FileSystem::CreateFactories(vfs); @@ -448,7 +448,7 @@ void GMainWindow::ConnectMenuEvents() { // Help connect(ui.action_Rederive, &QAction::triggered, this, - std::bind(&GMainWindow::OnReinitializeKeys, this, true)); + std::bind(&GMainWindow::OnReinitializeKeys, this, ReinitializeKeyBehavior::Warning)); connect(ui.action_About, &QAction::triggered, this, &GMainWindow::OnAbout); } @@ -1381,8 +1381,8 @@ void GMainWindow::OnCoreError(Core::System::ResultStatus result, std::string det } } -void GMainWindow::OnReinitializeKeys(bool callouts) { - if (callouts) { +void GMainWindow::OnReinitializeKeys(ReinitializeKeyBehavior behavior) { + if (behavior == ReinitializeKeyBehavior::Warning) { const auto res = QMessageBox::information( this, tr("Confirm Key Rederivation"), tr("You are about to force rederive all of your keys. \nIf you do not know what this " @@ -1408,33 +1408,30 @@ void GMainWindow::OnReinitializeKeys(bool callouts) { Core::Crypto::PartitionDataManager pdm{vfs->OpenDirectory( FileUtil::GetUserPath(FileUtil::UserPath::SysDataDir), FileSys::Mode::Read)}; - const auto function = [this, &keys, &pdm]() { + const auto function = [this, &keys, &pdm] { keys.PopulateFromPartitionData(pdm); Service::FileSystem::CreateFactories(vfs); keys.DeriveETicket(pdm); }; - std::vector errors; + QString errors; if (!pdm.HasFuses()) - errors.push_back("Missing fuses - Cannot derive SBK"); + errors += tr("- Missing fuses - Cannot derive SBK\n"); if (!pdm.HasBoot0()) - errors.push_back("Missing BOOT0 - Cannot derive master keys"); + errors += tr("- Missing BOOT0 - Cannot derive master keys\n"); if (!pdm.HasPackage2()) - errors.push_back("Missing BCPKG2-1-Normal-Main - Cannot derive general keys"); + errors += tr("- Missing BCPKG2-1-Normal-Main - Cannot derive general keys\n"); if (!pdm.HasProdInfo()) - errors.push_back("Missing PRODINFO - Cannot derive title keys"); + errors += tr("- Missing PRODINFO - Cannot derive title keys\n"); - if (!errors.empty()) { - std::string error_str; - for (const auto& error : errors) - error_str += " - " + error + "\n"; + if (!errors.isEmpty()) { QMessageBox::warning( this, tr("Warning Missing Derivation Components"), tr("The following are missing from your configuration that may hinder key " "derivation. It will be attempted but may not complete.\n\n") + - QString::fromStdString(error_str)); + errors); } QProgressDialog prog; @@ -1455,7 +1452,7 @@ void GMainWindow::OnReinitializeKeys(bool callouts) { Service::FileSystem::CreateFactories(vfs); - if (callouts) { + if (behavior == ReinitializeKeyBehavior::Warning) { game_list->PopulateAsync(UISettings::values.gamedir, UISettings::values.gamedir_deepscan); } } diff --git a/src/yuzu/main.h b/src/yuzu/main.h index fd2c110ee..3663d6aed 100644 --- a/src/yuzu/main.h +++ b/src/yuzu/main.h @@ -41,6 +41,11 @@ enum class EmulatedDirectoryTarget { SDMC, }; +enum class ReinitializeKeyBehavior { + NoWarning, + Warning, +}; + namespace DiscordRPC { class DiscordInterface; } @@ -167,7 +172,7 @@ private slots: void HideFullscreen(); void ToggleWindowMode(); void OnCoreError(Core::System::ResultStatus, std::string); - void OnReinitializeKeys(bool callouts); + void OnReinitializeKeys(ReinitializeKeyBehavior behavior); private: void UpdateStatusBar();