diff --git a/Source/Core/Core/CMakeLists.txt b/Source/Core/Core/CMakeLists.txt index 2ac4c204c1..8631b6ab85 100644 --- a/Source/Core/Core/CMakeLists.txt +++ b/Source/Core/Core/CMakeLists.txt @@ -7,7 +7,6 @@ set(SRCS Core.cpp CoreTiming.cpp DSPEmulator.cpp - ec_wii.cpp GeckoCodeConfig.cpp GeckoCode.cpp HotkeyManager.cpp diff --git a/Source/Core/Core/Core.vcxproj b/Source/Core/Core/Core.vcxproj index 10e0e019b9..f50a2811de 100644 --- a/Source/Core/Core/Core.vcxproj +++ b/Source/Core/Core/Core.vcxproj @@ -92,7 +92,6 @@ - @@ -343,7 +342,6 @@ - diff --git a/Source/Core/Core/Core.vcxproj.filters b/Source/Core/Core/Core.vcxproj.filters index c9f2ea8deb..5af2b51d8c 100644 --- a/Source/Core/Core/Core.vcxproj.filters +++ b/Source/Core/Core/Core.vcxproj.filters @@ -169,7 +169,6 @@ - @@ -895,7 +894,6 @@ - diff --git a/Source/Core/Core/IOS/ES/ES.cpp b/Source/Core/Core/IOS/ES/ES.cpp index 42f79c9f04..d29d6a6d53 100644 --- a/Source/Core/Core/IOS/ES/ES.cpp +++ b/Source/Core/Core/IOS/ES/ES.cpp @@ -27,7 +27,6 @@ #include "Core/IOS/ES/Formats.h" #include "Core/IOS/IOSC.h" #include "Core/IOS/VersionInfo.h" -#include "Core/ec_wii.h" namespace IOS { @@ -218,9 +217,7 @@ bool ES::LaunchTitle(u64 title_id, bool skip_reload) NOTICE_LOG(IOS_ES, "Launching title %016" PRIx64 "...", title_id); - u32 device_id; - if (title_id == Titles::SHOP && - (GetDeviceId(&device_id) != IPC_SUCCESS || device_id == DEFAULT_WII_DEVICE_ID)) + if (title_id == Titles::SHOP && m_ios.GetIOSC().IsUsingDefaultId()) { ERROR_LOG(IOS_ES, "Refusing to launch the shop channel with default device credentials"); CriticalAlertT("You cannot use the Wii Shop Channel without using your own device credentials." diff --git a/Source/Core/Core/IOS/ES/Identity.cpp b/Source/Core/Core/IOS/ES/Identity.cpp index dd6c342a48..18771d86e5 100644 --- a/Source/Core/Core/IOS/ES/Identity.cpp +++ b/Source/Core/Core/IOS/ES/Identity.cpp @@ -10,7 +10,6 @@ #include "Common/Logging/Log.h" #include "Core/HW/Memmap.h" #include "Core/IOS/ES/Formats.h" -#include "Core/ec_wii.h" namespace IOS { @@ -20,8 +19,7 @@ namespace Device { ReturnCode ES::GetDeviceId(u32* device_id) const { - const EcWii& ec = EcWii::GetInstance(); - *device_id = ec.GetNGID(); + *device_id = m_ios.GetIOSC().GetDeviceId(); INFO_LOG(IOS_ES, "GetDeviceId: %08X", *device_id); return IPC_SUCCESS; } @@ -92,10 +90,9 @@ IPCCommandResult ES::GetDeviceCertificate(const IOCtlVRequest& request) return GetDefaultReply(ES_EINVAL); INFO_LOG(IOS_ES, "IOCTL_ES_GETDEVICECERT"); - u8* destination = Memory::GetPointer(request.io_vectors[0].address); - const EcWii& ec = EcWii::GetInstance(); - MakeNGCert(destination, ec.GetNGID(), ec.GetNGKeyID(), ec.GetNGPriv(), ec.GetNGSig()); + const auto cert = m_ios.GetIOSC().GetDeviceCertificate(); + Memory::CopyToEmu(request.io_vectors[0].address, cert.data(), cert.size()); return GetDefaultReply(IPC_SUCCESS); } @@ -113,10 +110,7 @@ IPCCommandResult ES::Sign(const IOCtlVRequest& request) if (!m_title_context.active) return GetDefaultReply(ES_EINVAL); - const EcWii& ec = EcWii::GetInstance(); - MakeAPSigAndCert(sig_out, ap_cert_out, m_title_context.tmd.GetTitleId(), data, data_size, - ec.GetNGPriv(), ec.GetNGID()); - + m_ios.GetIOSC().Sign(sig_out, ap_cert_out, m_title_context.tmd.GetTitleId(), data, data_size); return GetDefaultReply(IPC_SUCCESS); } } // namespace Device diff --git a/Source/Core/Core/IOS/ES/TitleManagement.cpp b/Source/Core/Core/IOS/ES/TitleManagement.cpp index 4a7660fd52..f656e58ac7 100644 --- a/Source/Core/Core/IOS/ES/TitleManagement.cpp +++ b/Source/Core/Core/IOS/ES/TitleManagement.cpp @@ -21,7 +21,6 @@ #include "Core/CommonTitles.h" #include "Core/HW/Memmap.h" #include "Core/IOS/ES/Formats.h" -#include "Core/ec_wii.h" namespace IOS { @@ -63,7 +62,7 @@ ReturnCode ES::ImportTicket(const std::vector& ticket_bytes, const std::vect return ES_EINVAL; const u32 ticket_device_id = ticket.GetDeviceId(); - const u32 device_id = EcWii::GetInstance().GetNGID(); + const u32 device_id = m_ios.GetIOSC().GetDeviceId(); if (type == TicketImportType::PossiblyPersonalised && ticket_device_id != 0) { if (device_id != ticket_device_id) diff --git a/Source/Core/Core/IOS/IOSC.cpp b/Source/Core/Core/IOS/IOSC.cpp index edb6fdf734..bfe7024ddf 100644 --- a/Source/Core/Core/IOS/IOSC.cpp +++ b/Source/Core/Core/IOS/IOSC.cpp @@ -6,6 +6,7 @@ #include #include +#include #include #include #include @@ -20,15 +21,98 @@ #include "Common/ChunkFile.h" #include "Common/Crypto/AES.h" #include "Common/Crypto/ec.h" +#include "Common/File.h" +#include "Common/FileUtil.h" #include "Common/ScopeGuard.h" +#include "Common/StringUtil.h" #include "Common/Swap.h" #include "Core/IOS/Device.h" -#include "Core/ec_wii.h" + +namespace +{ +#pragma pack(push, 1) +/* + * Structs for keys.bin taken from: + * + * mini - a Free Software replacement for the Nintendo/BroadOn IOS. + * crypto hardware support + * + * Copyright (C) 2008, 2009 Haxx Enterprises + * Copyright (C) 2008, 2009 Sven Peter + * Copyright (C) 2008, 2009 Hector Martin "marcan" + * + * # This code is licensed to you under the terms of the GNU GPL, version 2; + * # see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt + */ +struct BootMiiKeyDump +{ + std::array creator; + std::array boot1_hash; // 0x100 + std::array common_key; // 0x114 + u32 ng_id; // 0x124 + union + { + struct + { + std::array ng_priv; // 0x128 + std::array pad1; + }; + struct + { + std::array pad2; + std::array nand_hmac; // 0x144 + }; + }; + std::array nand_key; // 0x158 + std::array backup_key; // 0x168 + u32 unk1; // 0x178 + u32 unk2; // 0x17C + std::array eeprom_pad; // 0x180 + + u32 ms_id; // 0x200 + u32 ca_id; // 0x204 + u32 ng_key_id; // 0x208 + IOS::ECCSignature ng_sig; // 0x20c + struct Counter + { + u8 boot2version; + u8 unknown1; + u8 unknown2; + u8 pad; + u32 update_tag; + u16 checksum; + }; + std::array counters; // 0x248 + std::array fill; // 0x25c + std::array korean_key; // 0x274 + std::array pad3; // 0x284 + std::array prng_seed; // 0x2F8 + std::array pad4; // 0x2FC + std::array crack_pad; // 0x300 +}; +static_assert(sizeof(BootMiiKeyDump) == 0x400, "Wrong size"); +#pragma pack(pop) +} // end of anonymous namespace namespace IOS { namespace HLE { +constexpr u32 DEFAULT_DEVICE_ID = 0x0403AC68; +constexpr u32 DEFAULT_KEY_ID = 0x6AAB8C59; +constexpr std::array DEFAULT_PRIVATE_KEY = {{ + 0x00, 0xAB, 0xEE, 0xC1, 0xDD, 0xB4, 0xA6, 0x16, 0x6B, 0x70, 0xFD, 0x7E, 0x56, 0x67, 0x70, + 0x57, 0x55, 0x27, 0x38, 0xA3, 0x26, 0xC5, 0x46, 0x16, 0xF7, 0x62, 0xC9, 0xED, 0x73, 0xF2, +}}; +constexpr ECCSignature DEFAULT_SIGNATURE = {{ + // R + 0x00, 0xD8, 0x81, 0x63, 0xB2, 0x00, 0x6B, 0x0B, 0x54, 0x82, 0x88, 0x63, 0x81, 0x1C, 0x00, 0x71, + 0x12, 0xED, 0xB7, 0xFD, 0x21, 0xAB, 0x0E, 0x50, 0x0E, 0x1F, 0xBF, 0x78, 0xAD, 0x37, + // S + 0x00, 0x71, 0x8D, 0x82, 0x41, 0xEE, 0x45, 0x11, 0xC7, 0x3B, 0xAC, 0x08, 0xB6, 0x83, 0xDC, 0x05, + 0xB8, 0xA8, 0x90, 0x1F, 0xA8, 0x2A, 0x0E, 0x4E, 0x76, 0xEF, 0x44, 0x72, 0x99, 0xF8, +}}; + const std::map, size_t> s_type_to_size_map = {{ {{IOSC::TYPE_SECRET_KEY, IOSC::SUBTYPE_AES128}, 16}, {{IOSC::TYPE_SECRET_KEY, IOSC::SUBTYPE_MAC}, 20}, @@ -49,6 +133,7 @@ static size_t GetSizeForType(IOSC::ObjectType type, IOSC::ObjectSubType subtype) IOSC::IOSC(ConsoleType console_type) { LoadDefaultEntries(console_type); + LoadEntries(); } IOSC::~IOSC() = default; @@ -133,7 +218,7 @@ ReturnCode IOSC::ImportPublicKey(Handle dest_handle, const u8* public_key, if (dest_entry->subtype == SUBTYPE_RSA2048 || dest_entry->subtype == SUBTYPE_RSA4096) { _assert_(public_key_exponent); - std::copy_n(public_key_exponent, 4, dest_entry->misc_data.begin()); + std::memcpy(&dest_entry->misc_data, public_key_exponent, 4); } return IPC_SUCCESS; } @@ -232,7 +317,7 @@ ReturnCode IOSC::VerifyPublicKeySign(const std::array& sha1, Handle sign Common::ScopeGuard context_guard{[&rsa] { mbedtls_rsa_free(&rsa); }}; mbedtls_mpi_read_binary(&rsa.N, entry->data.data(), entry->data.size()); - mbedtls_mpi_read_binary(&rsa.E, entry->misc_data.data(), entry->misc_data.size()); + mbedtls_mpi_read_binary(&rsa.E, reinterpret_cast(&entry->misc_data), 4); rsa.len = entry->data.size(); const int ret = mbedtls_rsa_pkcs1_verify(&rsa, nullptr, nullptr, MBEDTLS_RSA_PUBLIC, @@ -358,6 +443,68 @@ ReturnCode IOSC::SetOwnership(Handle handle, u32 new_owner, u32 pid) return IPC_SUCCESS; } +bool IOSC::IsUsingDefaultId() const +{ + return GetDeviceId() == DEFAULT_DEVICE_ID; +} + +u32 IOSC::GetDeviceId() const +{ + return m_key_entries[HANDLE_CONSOLE_ID].misc_data; +} + +// Based off of twintig http://git.infradead.org/?p=users/segher/wii.git +// Copyright 2007,2008 Segher Boessenkool +// Licensed under the terms of the GNU GPL, version 2 +// http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt +static Certificate MakeBlankSigECCert(const char* signer, const char* name, const u8* private_key, + u32 key_id) +{ + Certificate cert_out{}; + const u32 type = Common::swap32(static_cast(SignatureType::ECC)); + std::memcpy(cert_out.data(), &type, sizeof(type)); + std::strncpy(reinterpret_cast(cert_out.data()) + 0x80, signer, 0x40); + const u32 two = Common::swap32(2); + std::memcpy(cert_out.data() + 0xc0, &two, sizeof(two)); + std::strncpy(reinterpret_cast(cert_out.data()) + 0xc4, name, 0x40); + const u32 swapped_key_id = Common::swap32(key_id); + std::memcpy(cert_out.data() + 0x104, &swapped_key_id, sizeof(swapped_key_id)); + ec_priv_to_pub(private_key, cert_out.data() + 0x108); + return cert_out; +} + +Certificate IOSC::GetDeviceCertificate() const +{ + const std::string name = StringFromFormat("NG%08x", GetDeviceId()); + auto cert = MakeBlankSigECCert("Root-CA00000001-MS00000002", name.c_str(), + m_key_entries[HANDLE_CONSOLE_KEY].data.data(), m_console_key_id); + std::copy(m_console_signature.begin(), m_console_signature.end(), cert.begin() + 4); + return cert; +} + +void IOSC::Sign(u8* sig_out, u8* ap_cert_out, u64 title_id, const u8* data, u32 data_size) const +{ + std::array hash{}; + std::array ap_priv{}; + + ap_priv[0x1d] = 1; + // setup random ap_priv here if desired + // get_rand_bytes(ap_priv, 0x1e); + // ap_priv[0] &= 1; + + const std::string signer = StringFromFormat("Root-CA00000001-MS00000002-NG%08x", GetDeviceId()); + const std::string name = StringFromFormat("AP%016" PRIx64, title_id); + const auto cert = MakeBlankSigECCert(signer.c_str(), name.c_str(), ap_priv.data(), 0); + std::copy(cert.begin(), cert.end(), ap_cert_out); + + mbedtls_sha1(ap_cert_out + 0x80, 0x100, hash.data()); + generate_ecdsa(ap_cert_out + 4, ap_cert_out + 34, m_key_entries[HANDLE_CONSOLE_KEY].data.data(), + hash.data()); + + mbedtls_sha1(data, data_size, hash.data()); + generate_ecdsa(sig_out, sig_out + 30, ap_priv.data(), hash.data()); +} + constexpr std::array ROOT_PUBLIC_KEY = { {0xF8, 0x24, 0x6C, 0x58, 0xBA, 0xE7, 0x50, 0x03, 0x01, 0xFB, 0xB7, 0xC2, 0xEB, 0xE0, 0x01, 0x05, 0x71, 0xDA, 0x92, 0x23, 0x78, 0xF0, 0x51, 0x4E, 0xC0, 0x03, 0x1D, 0xD0, 0xD2, 0x1E, @@ -397,15 +544,11 @@ constexpr std::array ROOT_PUBLIC_KEY = { void IOSC::LoadDefaultEntries(ConsoleType console_type) { - // TODO: add support for loading and writing to a BootMii / SEEPROM and OTP dump. - - const EcWii& ec = EcWii::GetInstance(); - - m_key_entries[HANDLE_CONSOLE_KEY] = {TYPE_SECRET_KEY, SUBTYPE_ECC233, - std::vector(ec.GetNGPriv(), ec.GetNGPriv() + 30), 3}; - - // Unimplemented. - m_key_entries[HANDLE_CONSOLE_ID] = {TYPE_DATA, SUBTYPE_DATA, std::vector(4), 0xFFFFFFF}; + m_key_entries[HANDLE_CONSOLE_KEY] = { + TYPE_SECRET_KEY, SUBTYPE_ECC233, {DEFAULT_PRIVATE_KEY.begin(), DEFAULT_PRIVATE_KEY.end()}, 3}; + m_console_signature = DEFAULT_SIGNATURE; + m_console_key_id = DEFAULT_KEY_ID; + m_key_entries[HANDLE_CONSOLE_ID] = {TYPE_DATA, SUBTYPE_DATA, {}, DEFAULT_DEVICE_ID, 0xFFFFFFF}; m_key_entries[HANDLE_FS_KEY] = {TYPE_SECRET_KEY, SUBTYPE_AES128, std::vector(16), 5}; m_key_entries[HANDLE_FS_MAC] = {TYPE_SECRET_KEY, SUBTYPE_MAC, std::vector(20), 5}; @@ -430,9 +573,8 @@ void IOSC::LoadDefaultEntries(ConsoleType console_type) break; } - m_key_entries[HANDLE_PRNG_KEY] = { - TYPE_SECRET_KEY, SUBTYPE_AES128, - std::vector(ec.GetBackupKey(), ec.GetBackupKey() + AES128_KEY_SIZE), 3}; + m_key_entries[HANDLE_PRNG_KEY] = {TYPE_SECRET_KEY, SUBTYPE_AES128, + std::vector(AES128_KEY_SIZE), 3}; m_key_entries[HANDLE_SD_KEY] = {TYPE_SECRET_KEY, SUBTYPE_AES128, @@ -440,11 +582,10 @@ void IOSC::LoadDefaultEntries(ConsoleType console_type) 0xd8, 0x4d, 0xbf, 0xc2, 0xa5, 0x5d}}, 3}; - // Unimplemented. - m_key_entries[HANDLE_BOOT2_VERSION] = {TYPE_DATA, SUBTYPE_VERSION, std::vector(4), 3}; - m_key_entries[HANDLE_UNKNOWN_8] = {TYPE_DATA, SUBTYPE_VERSION, std::vector(4), 3}; - m_key_entries[HANDLE_UNKNOWN_9] = {TYPE_DATA, SUBTYPE_VERSION, std::vector(4), 3}; - m_key_entries[HANDLE_FS_VERSION] = {TYPE_DATA, SUBTYPE_VERSION, std::vector(4), 3}; + m_key_entries[HANDLE_BOOT2_VERSION] = {TYPE_DATA, SUBTYPE_VERSION, {}, 3}; + m_key_entries[HANDLE_UNKNOWN_8] = {TYPE_DATA, SUBTYPE_VERSION, {}, 3}; + m_key_entries[HANDLE_UNKNOWN_9] = {TYPE_DATA, SUBTYPE_VERSION, {}, 3}; + m_key_entries[HANDLE_FS_VERSION] = {TYPE_DATA, SUBTYPE_VERSION, {}, 3}; m_key_entries[HANDLE_NEW_COMMON_KEY] = {TYPE_SECRET_KEY, SUBTYPE_AES128, @@ -452,18 +593,43 @@ void IOSC::LoadDefaultEntries(ConsoleType console_type) 0xf2, 0xfe, 0xfb, 0xba, 0x4c, 0x9b, 0x7e}}, 3}; - std::array root_exponent = {{0x0, 0x1, 0x0, 0x1}}; m_root_key_entry = {TYPE_PUBLIC_KEY, SUBTYPE_RSA4096, std::vector(ROOT_PUBLIC_KEY.begin(), ROOT_PUBLIC_KEY.end()), - std::move(root_exponent), 0}; + Common::swap32(0x00010001), 0}; +} + +void IOSC::LoadEntries() +{ + File::IOFile file{File::GetUserPath(D_WIIROOT_IDX) + "/keys.bin", "rb"}; + if (!file) + { + WARN_LOG(IOS, "keys.bin could not be found. Default values will be used."); + return; + } + + BootMiiKeyDump dump; + if (!file.ReadBytes(&dump, sizeof(dump))) + { + ERROR_LOG(IOS, "Failed to read from keys.bin."); + return; + } + + m_key_entries[HANDLE_CONSOLE_KEY].data = {dump.ng_priv.begin(), dump.ng_priv.end()}; + m_console_signature = dump.ng_sig; + m_console_key_id = Common::swap32(dump.ng_key_id); + m_key_entries[HANDLE_CONSOLE_ID].misc_data = Common::swap32(dump.ng_id); + m_key_entries[HANDLE_FS_KEY].data = {dump.nand_key.begin(), dump.nand_key.end()}; + m_key_entries[HANDLE_FS_MAC].data = {dump.nand_hmac.begin(), dump.nand_hmac.end()}; + m_key_entries[HANDLE_PRNG_KEY].data = {dump.backup_key.begin(), dump.backup_key.end()}; + m_key_entries[HANDLE_BOOT2_VERSION].misc_data = dump.counters[0].boot2version; } IOSC::KeyEntry::KeyEntry() = default; IOSC::KeyEntry::KeyEntry(ObjectType type_, ObjectSubType subtype_, std::vector&& data_, - std::array&& misc_data_, u32 owner_mask_) - : in_use(true), type(type_), subtype(subtype_), data(std::move(data_)), - misc_data(std::move(misc_data_)), owner_mask(owner_mask_) + u32 misc_data_, u32 owner_mask_) + : in_use(true), type(type_), subtype(subtype_), data(std::move(data_)), misc_data(misc_data_), + owner_mask(owner_mask_) { } diff --git a/Source/Core/Core/IOS/IOSC.h b/Source/Core/Core/IOS/IOSC.h index 33ddc3ded2..ce56921937 100644 --- a/Source/Core/Core/IOS/IOSC.h +++ b/Source/Core/Core/IOS/IOSC.h @@ -8,6 +8,7 @@ #include #include +#include #include #include "Common/CommonTypes.h" @@ -21,7 +22,7 @@ enum class SignatureType : u32 { RSA4096 = 0x00010000, RSA2048 = 0x00010001, - // XXX: Add support for ECC (0x00010002). + ECC = 0x00010002, }; enum class PublicKeyType : u32 @@ -96,6 +97,9 @@ union Cert }; #pragma pack(pop) +using ECCSignature = std::array; +using Certificate = std::array; + namespace HLE { enum ReturnCode : s32; @@ -196,6 +200,11 @@ public: ReturnCode GetOwnership(Handle handle, u32* owner) const; ReturnCode SetOwnership(Handle handle, u32 owner, u32 pid); + bool IsUsingDefaultId() const; + u32 GetDeviceId() const; + Certificate GetDeviceCertificate() const; + void Sign(u8* sig_out, u8* ap_cert_out, u64 title_id, const u8* data, u32 data_size) const; + void DoState(PointerWrap& p); private: @@ -203,15 +212,15 @@ private: { KeyEntry(); KeyEntry(ObjectType type_, ObjectSubType subtype_, std::vector&& data_, u32 owner_mask_); - KeyEntry(ObjectType type_, ObjectSubType subtype_, std::vector&& data_, - std::array&& misc_data_, u32 owner_mask_); + KeyEntry(ObjectType type_, ObjectSubType subtype_, std::vector&& data_, u32 misc_data_, + u32 owner_mask_); void DoState(PointerWrap& p); bool in_use = false; ObjectType type; ObjectSubType subtype; std::vector data; - std::array misc_data{}; + u32 misc_data = 0; u32 owner_mask = 0; }; // The Wii's IOSC is limited to 32 entries, including 12 built-in entries. @@ -224,6 +233,7 @@ private: }; void LoadDefaultEntries(ConsoleType console_type); + void LoadEntries(); KeyEntries::iterator FindFreeEntry(); KeyEntry* FindEntry(Handle handle); @@ -237,6 +247,8 @@ private: KeyEntries m_key_entries; KeyEntry m_root_key_entry; + ECCSignature m_console_signature{}; + u32 m_console_key_id = 0; }; } // namespace HLE } // namespace IOS diff --git a/Source/Core/Core/IOS/Network/KD/NetKDRequest.cpp b/Source/Core/Core/IOS/Network/KD/NetKDRequest.cpp index 9e68caba5d..3d4b45a6d2 100644 --- a/Source/Core/Core/IOS/Network/KD/NetKDRequest.cpp +++ b/Source/Core/Core/IOS/Network/KD/NetKDRequest.cpp @@ -17,7 +17,6 @@ #include "Core/CommonTitles.h" #include "Core/HW/Memmap.h" #include "Core/IOS/Network/Socket.h" -#include "Core/ec_wii.h" namespace IOS { @@ -101,8 +100,7 @@ IPCCommandResult NetKDRequest::IOCtl(const IOCtlRequest& request) u8 id_ctr = config.IdGen(); u8 hardware_model = GetHardwareModel(model); - const EcWii& ec = EcWii::GetInstance(); - u32 HollywoodID = ec.GetNGID(); + u32 HollywoodID = m_ios.GetIOSC().GetDeviceId(); u64 UserID = 0; s32 ret = NWC24MakeUserID(&UserID, HollywoodID, id_ctr, hardware_model, area_code); diff --git a/Source/Core/Core/ec_wii.cpp b/Source/Core/Core/ec_wii.cpp deleted file mode 100644 index 6411852403..0000000000 --- a/Source/Core/Core/ec_wii.cpp +++ /dev/null @@ -1,204 +0,0 @@ -// Copyright 2013 Dolphin Emulator Project -// Licensed under GPLv2+ -// Refer to the license.txt file included. - -// Based off of twintig http://git.infradead.org/?p=users/segher/wii.git -// Copyright 2007,2008 Segher Boessenkool -// Licensed under the terms of the GNU GPL, version 2 -// http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt - -#include "Core/ec_wii.h" - -#include -#include -#include -#include - -#include - -#include "Common/CommonTypes.h" -#include "Common/Crypto/ec.h" -#include "Common/File.h" -#include "Common/FileUtil.h" -#include "Common/Logging/Log.h" -#include "Common/Swap.h" - -constexpr u32 default_NG_key_id = 0x6AAB8C59; - -constexpr u8 default_NG_priv[] = { - 0x00, 0xAB, 0xEE, 0xC1, 0xDD, 0xB4, 0xA6, 0x16, 0x6B, 0x70, 0xFD, 0x7E, 0x56, 0x67, 0x70, - 0x57, 0x55, 0x27, 0x38, 0xA3, 0x26, 0xC5, 0x46, 0x16, 0xF7, 0x62, 0xC9, 0xED, 0x73, 0xF2, -}; - -constexpr u8 default_NG_sig[] = { - // R - 0x00, 0xD8, 0x81, 0x63, 0xB2, 0x00, 0x6B, 0x0B, 0x54, 0x82, 0x88, 0x63, 0x81, 0x1C, 0x00, 0x71, - 0x12, 0xED, 0xB7, 0xFD, 0x21, 0xAB, 0x0E, 0x50, 0x0E, 0x1F, 0xBF, 0x78, 0xAD, 0x37, - // S - 0x00, 0x71, 0x8D, 0x82, 0x41, 0xEE, 0x45, 0x11, 0xC7, 0x3B, 0xAC, 0x08, 0xB6, 0x83, 0xDC, 0x05, - 0xB8, 0xA8, 0x90, 0x1F, 0xA8, 0x2A, 0x0E, 0x4E, 0x76, 0xEF, 0x44, 0x72, 0x99, 0xF8, -}; - -static void MakeBlankSigECCert(u8* cert_out, const char* signer, const char* name, - const u8* private_key, u32 key_id) -{ - memset(cert_out, 0, 0x180); - *(u32*)cert_out = Common::swap32(0x10002); - - strncpy((char*)cert_out + 0x80, signer, 0x40); - *(u32*)(cert_out + 0xc0) = Common::swap32(2); - strncpy((char*)cert_out + 0xc4, name, 0x40); - *(u32*)(cert_out + 0x104) = Common::swap32(key_id); - ec_priv_to_pub(private_key, cert_out + 0x108); -} - -// ng_cert_out is a pointer to a 0x180 byte buffer that will contain the device-unique certificate -// NG_id is the device-unique id to use -// NG_key_id is the device-unique key_id to use -// NG_priv is the device-unique private key to use -// NG_sig is the device-unique signature blob (from issuer) to use -// if NG_priv iis nullptr or NG_sig is nullptr or NG_id is 0 or NG_key_id is 0, default values -// will be used for all of them -void MakeNGCert(u8* ng_cert_out, u32 NG_id, u32 NG_key_id, const u8* NG_priv, const u8* NG_sig) -{ - char name[64]; - if ((NG_id == 0) || (NG_key_id == 0) || (NG_priv == nullptr) || (NG_sig == nullptr)) - { - NG_id = DEFAULT_WII_DEVICE_ID; - NG_key_id = default_NG_key_id; - NG_priv = default_NG_priv; - NG_sig = default_NG_sig; - } - - sprintf(name, "NG%08x", NG_id); - MakeBlankSigECCert(ng_cert_out, "Root-CA00000001-MS00000002", name, NG_priv, NG_key_id); - memcpy(ng_cert_out + 4, NG_sig, 60); -} - -// get_ap_sig_and_cert - -// sig_out is a pointer to a 0x3c byte buffer which will be filled with the data payload's signature -// ap_cert_out is a pointer to a 0x180 byte buffer which will be filled with the temporal AP -// certificate -// title_id is the title responsible for the signing -// data is a pointer to the buffer of data to sign -// data_size is the length of the buffer -// NG_priv is the device-unique private key to use -// NG_id is the device-unique id to use -// if NG_priv is nullptr or NG_id is 0, it will use builtin defaults -void MakeAPSigAndCert(u8* sig_out, u8* ap_cert_out, u64 title_id, u8* data, u32 data_size, - const u8* NG_priv, u32 NG_id) -{ - u8 hash[20]; - u8 ap_priv[30]; - char signer[64]; - char name[64]; - - if ((NG_id == 0) || (NG_priv == nullptr)) - { - NG_priv = default_NG_priv; - NG_id = DEFAULT_WII_DEVICE_ID; - } - - memset(ap_priv, 0, 0x1e); - ap_priv[0x1d] = 1; - // setup random ap_priv here if desired - // get_rand_bytes(ap_priv, 0x1e); - // ap_priv[0] &= 1; - - memset(ap_cert_out + 4, 0, 60); - - sprintf(signer, "Root-CA00000001-MS00000002-NG%08x", NG_id); - sprintf(name, "AP%016" PRIx64, title_id); - MakeBlankSigECCert(ap_cert_out, signer, name, ap_priv, 0); - - mbedtls_sha1(ap_cert_out + 0x80, 0x100, hash); - generate_ecdsa(ap_cert_out + 4, ap_cert_out + 34, NG_priv, hash); - - mbedtls_sha1(data, data_size, hash); - generate_ecdsa(sig_out, sig_out + 30, ap_priv, hash); -} - -EcWii::EcWii() -{ - bool init = true; - std::string keys_path = File::GetUserPath(D_WIIROOT_IDX) + "/keys.bin"; - if (File::Exists(keys_path)) - { - File::IOFile keys_f(keys_path, "rb"); - if (keys_f.IsOpen()) - { - if (keys_f.ReadBytes(&BootMiiKeysBin, sizeof(BootMiiKeysBin))) - { - init = false; - - INFO_LOG(IOS_ES, "Successfully loaded keys.bin created by: %s", BootMiiKeysBin.creator); - } - else - { - ERROR_LOG(IOS_ES, "Failed to read keys.bin, check it is the correct size of %08zX bytes.", - sizeof(BootMiiKeysBin)); - } - } - else - { - ERROR_LOG(IOS_ES, "Failed to open keys.bin, maybe a permissions error or it is in use?"); - } - } - else - { - ERROR_LOG( - IOS_ES, - "%s could not be found. Using default values. We recommend you grab keys.bin from BootMii.", - keys_path.c_str()); - } - - if (init) - InitDefaults(); -} - -EcWii::~EcWii() -{ -} - -u32 EcWii::GetNGID() const -{ - return Common::swap32(BootMiiKeysBin.ng_id); -} - -u32 EcWii::GetNGKeyID() const -{ - return Common::swap32(BootMiiKeysBin.ng_key_id); -} - -const u8* EcWii::GetNGPriv() const -{ - return BootMiiKeysBin.ng_priv; -} - -const u8* EcWii::GetNGSig() const -{ - return BootMiiKeysBin.ng_sig; -} - -const u8* EcWii::GetBackupKey() const -{ - return BootMiiKeysBin.backup_key; -} - -void EcWii::InitDefaults() -{ - memset(&BootMiiKeysBin, 0, sizeof(BootMiiKeysBin)); - - BootMiiKeysBin.ng_id = Common::swap32(DEFAULT_WII_DEVICE_ID); - BootMiiKeysBin.ng_key_id = Common::swap32(default_NG_key_id); - - memcpy(BootMiiKeysBin.ng_priv, default_NG_priv, sizeof(BootMiiKeysBin.ng_priv)); - memcpy(BootMiiKeysBin.ng_sig, default_NG_sig, sizeof(BootMiiKeysBin.ng_sig)); -} - -EcWii& EcWii::GetInstance() -{ - static EcWii m_Instance; - return (m_Instance); -} diff --git a/Source/Core/Core/ec_wii.h b/Source/Core/Core/ec_wii.h deleted file mode 100644 index 2a9ec003a8..0000000000 --- a/Source/Core/Core/ec_wii.h +++ /dev/null @@ -1,113 +0,0 @@ -// Copyright 2013 Dolphin Emulator Project -// Licensed under GPLv2+ -// Refer to the license.txt file included. - -// Based off of twintig http://git.infradead.org/?p=users/segher/wii.git -// Copyright 2007,2008 Segher Boessenkool -// Licensed under the terms of the GNU GPL, version 2 -// http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt - -/* - * - * Structs for keys.bin taken from: - * - * mini - a Free Software replacement for the Nintendo/BroadOn IOS. - * crypto hardware support - * - * Copyright (C) 2008, 2009 Haxx Enterprises - * Copyright (C) 2008, 2009 Sven Peter - * Copyright (C) 2008, 2009 Hector Martin "marcan" - * - * # This code is licensed to you under the terms of the GNU GPL, version 2; - * # see file COPYING or http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt - */ - -#pragma once - -#include "Common/CommonTypes.h" - -constexpr u32 DEFAULT_WII_DEVICE_ID = 0x0403AC68; - -void MakeNGCert(u8* ng_cert_out, u32 NG_id, u32 NG_key_id, const u8* NG_priv, const u8* NG_sig); -void MakeAPSigAndCert(u8* sig_out, u8* ap_cert_out, u64 title_id, u8* data, u32 data_size, - const u8* NG_priv, u32 NG_id); - -class EcWii -{ -public: - EcWii(); - ~EcWii(); - static EcWii& GetInstance(); - u32 GetNGID() const; - u32 GetNGKeyID() const; - const u8* GetNGPriv() const; - const u8* GetNGSig() const; - const u8* GetBackupKey() const; - -private: - void InitDefaults(); - -#pragma pack(push, 1) - typedef struct - { - u8 boot2version; - u8 unknown1; - u8 unknown2; - u8 pad; - u32 update_tag; - u16 checksum; - } -#ifndef _WIN32 - __attribute__((packed)) -#endif - eep_ctr_t; - - struct - { - u8 creator[0x100]; // 0x000 - u8 boot1_hash[0x14]; // 0x100 - u8 common_key[0x10]; // 0x114 - u32 ng_id; // 0x124 - union - { - struct - { - u8 ng_priv[0x1e]; // 0x128 - u8 pad1[0x12]; - }; - - struct - { - u8 pad2[0x1c]; - u8 nand_hmac[0x14]; // 0x144 - }; - }; - u8 nand_key[0x10]; // 0x158 - u8 backup_key[0x10]; // 0x168 - u32 unk1; // 0x178 - u32 unk2; // 0x17C - u8 eeprom_pad[0x80]; // 0x180 - - u32 ms_id; // 0x200 - u32 ca_id; // 0x204 - u32 ng_key_id; // 0x208 - u8 ng_sig[0x3c]; // 0x20c - eep_ctr_t counters[0x02]; // 0x248 - u8 fill[0x18]; // 0x25c - u8 korean_key[0x10]; // 0x274 - u8 pad3[0x74]; // 0x284 - u16 prng_seed[0x02]; // 0x2F8 - u8 pad4[0x04]; // 0x2FC - - u8 crack_pad[0x100]; // 0x300 - - } - -#ifndef _WIN32 - __attribute__((packed)) -#endif - - BootMiiKeysBin; - -#pragma pack(pop) -};