diff --git a/hw/xbox/Makefile.objs b/hw/xbox/Makefile.objs
index 8519da60f3..b1581e6378 100644
--- a/hw/xbox/Makefile.objs
+++ b/hw/xbox/Makefile.objs
@@ -1,7 +1,7 @@
obj-y += xbox.o
obj-y += chihiro.o
obj-y += xbox_pci.o acpi_xbox.o
-obj-y += amd_smbus.o smbus_xbox_smc.o smbus_cx25871.o smbus_adm1032.o smbus_storage.o
+obj-y += amd_smbus.o smbus_xbox_smc.o smbus_cx25871.o smbus_adm1032.o smbus_storage.o eeprom_generation.o
obj-y += nvnet.o
obj-y += mcpx_apu.o mcpx_aci.o
obj-y += lpc47m157.o
diff --git a/hw/xbox/eeprom_generation.c b/hw/xbox/eeprom_generation.c
new file mode 100644
index 0000000000..caa1fe8103
--- /dev/null
+++ b/hw/xbox/eeprom_generation.c
@@ -0,0 +1,246 @@
+/*
+ * QEMU Xbox EEPROM Generation (MCPX Version 1.0)
+ *
+ * Copyright (c) 2020 Mike Davis
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#include "eeprom_generation.h"
+
+static uint32_t xbox_eeprom_crc(uint8_t *data, size_t len) {
+ uint32_t high = 0;
+ uint32_t low = 0;
+ for (int i = 0; i < len / 4; i++) {
+ uint32_t val = le32_to_cpu(((uint32_t*)data)[i]);
+ uint64_t sum = ((uint64_t)high << 32) | low;
+
+ high = (sum + val) >> 32;
+ low += val;
+ }
+ return ~(high + low);
+}
+
+static void xbox_rc4_swap(RC4Context *ctx, int first, int second) {
+ uint8_t temp = ctx->s[first];
+ ctx->s[first] = ctx->s[second];
+ ctx->s[second] = temp;
+}
+
+static void xbox_rc4_init(RC4Context *ctx, uint8_t *data, size_t len) {
+ for (int i = 0; i < 256; i++) {
+ ctx->s[i] = i;
+ }
+ for (int i = 0, j = 0; i < 256; i++) {
+ j = (j + ctx->s[i] + data[i % len]) % 256;
+ xbox_rc4_swap(ctx, i, j);
+ }
+}
+
+static void xbox_rc4_crypt(RC4Context *ctx, uint8_t *data, size_t len) {
+ for (int i = 0, j = 0, k = 0; k < len; k++) {
+ i = (i + 1) % 256;
+ j = (j + ctx->s[i]) % 256;
+ xbox_rc4_swap(ctx, i, j);
+ data[k] ^= ctx->s[(ctx->s[i] + ctx->s[j]) % 256];
+ }
+}
+
+static uint32_t xbox_sha1_rotate(uint32_t bits, uint32_t val) {
+ return (val << bits) | (val >> (32 - bits));
+}
+
+static void xbox_sha1_fill(SHA1Context *ctx,
+ uint32_t a, uint32_t b, uint32_t c, uint32_t d, uint32_t e) {
+ ctx->intermediate[0] = a;
+ ctx->intermediate[1] = b;
+ ctx->intermediate[2] = c;
+ ctx->intermediate[3] = d;
+ ctx->intermediate[4] = e;
+}
+
+static void xbox_sha1_reset(SHA1Context *ctx, XboxEEPROMVersion ver, bool first) {
+ ctx->msg_blk_index = 0;
+ ctx->computed = false;
+ ctx->length = 512;
+
+ // https://web.archive.org/web/20040618164907/http://www.xbox-linux.org/down/The%20Middle%20Message-1a.pdf
+ switch (ver) {
+ case XBOX_EEPROM_VERSION_D:
+ if (first) {
+ xbox_sha1_fill(ctx, 0x85F9E51A, 0xE04613D2,
+ 0x6D86A50C, 0x77C32E3C, 0x4BD717A4);
+ } else {
+ xbox_sha1_fill(ctx, 0x5D7A9C6B, 0xE1922BEB,
+ 0xB82CCDBC, 0x3137AB34, 0x486B52B3);
+ }
+ break;
+ case XBOX_EEPROM_VERSION_R2:
+ if (first) {
+ xbox_sha1_fill(ctx, 0x39B06E79, 0xC9BD25E8,
+ 0xDBC6B498, 0x40B4389D, 0x86BBD7ED);
+ } else {
+ xbox_sha1_fill(ctx, 0x9B49BED3, 0x84B430FC,
+ 0x6B8749CD, 0xEBFE5FE5, 0xD96E7393);
+ }
+ break;
+ case XBOX_EEPROM_VERSION_R3:
+ if (first) {
+ xbox_sha1_fill(ctx, 0x8058763A, 0xF97D4E0E,
+ 0x865A9762, 0x8A3D920D, 0x08995B2C);
+ } else {
+ xbox_sha1_fill(ctx, 0x01075307, 0xA2f1E037,
+ 0x1186EEEA, 0x88DA9992, 0x168A5609);
+ }
+ break;
+ default: // default to 1.0 version
+ if (first) {
+ xbox_sha1_fill(ctx, 0x72127625, 0x336472B9,
+ 0xBE609BEA, 0xF55E226B, 0x99958DAC);
+ } else {
+ xbox_sha1_fill(ctx, 0x76441D41, 0x4DE82659,
+ 0x2E8EF85E, 0xB256FACA, 0xC4FE2DE8);
+ }
+ }
+}
+
+static void xbox_sha1_process(SHA1Context *ctx) {
+ const uint32_t k[] = { 0x5A827999, 0x6ED9EBA1, 0x8F1BBCDC, 0xCA62C1D6 };
+ uint32_t w[80];
+ uint32_t a = ctx->intermediate[0];
+ uint32_t b = ctx->intermediate[1];
+ uint32_t c = ctx->intermediate[2];
+ uint32_t d = ctx->intermediate[3];
+ uint32_t e = ctx->intermediate[4];
+
+ for (int i = 0; i < 16; i++) {
+ *(uint32_t*)&w[i] = cpu_to_be32(((uint32_t*)ctx->msg_blk)[i]);
+ }
+
+ for (int i = 16; i < 80; i++) {
+ w[i] = xbox_sha1_rotate(1, w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]);
+ }
+
+ for (int i = 0; i < 80; i++) {
+ uint32_t temp = xbox_sha1_rotate(5, a) + w[i] + e;
+ switch (i / 20) {
+ case 0: temp += k[0] + ((b & c) | ((~b) & d)); break;
+ case 1: temp += k[1] + (b ^ c ^ d); break;
+ case 2: temp += k[2] + ((b & c) | (b & d) | (c & d)); break;
+ case 3: temp += k[3] + (b ^ c ^ d); break;
+ }
+ e = d;
+ d = c;
+ c = xbox_sha1_rotate(30, b);
+ b = a;
+ a = temp;
+ }
+
+ ctx->intermediate[0] += a;
+ ctx->intermediate[1] += b;
+ ctx->intermediate[2] += c;
+ ctx->intermediate[3] += d;
+ ctx->intermediate[4] += e;
+ ctx->msg_blk_index = 0;
+}
+
+static void xbox_sha1_input(SHA1Context *ctx, uint8_t *data, size_t len) {
+ ctx->length += len << 3;
+ for (int i = 0; i < len; i++) {
+ ctx->msg_blk[ctx->msg_blk_index++] = data[i];
+ if (ctx->msg_blk_index == 64) {
+ xbox_sha1_process(ctx);
+ }
+ }
+}
+
+static void xbox_sha1_pad(SHA1Context *ctx) {
+ ctx->msg_blk[ctx->msg_blk_index++] = 0x80;
+ if (ctx->msg_blk_index > 56) {
+ while (ctx->msg_blk_index < 64) {
+ ctx->msg_blk[ctx->msg_blk_index++] = 0;
+ }
+ xbox_sha1_process(ctx);
+ }
+ while (ctx->msg_blk_index < 56) {
+ ctx->msg_blk[ctx->msg_blk_index++] = 0;
+ }
+ *(uint32_t*)&ctx->msg_blk[56] = 0;
+ *(uint32_t*)&ctx->msg_blk[60] = cpu_to_be32(ctx->length);
+ xbox_sha1_process(ctx);
+}
+
+static void xbox_sha1_result(SHA1Context *ctx, uint8_t *data) {
+ if (!ctx->computed) {
+ xbox_sha1_pad(ctx);
+ ctx->length = 0;
+ ctx->computed = true;
+ }
+ for (int i = 0; i < 20; ++i) {
+ data[i] = ctx->intermediate[i >> 2] >> 8 * (3 - (i & 3));
+ }
+}
+
+static void xbox_sha1_compute(SHA1Context *ctx, XboxEEPROMVersion ver,
+ uint8_t *data, size_t len, uint8_t *hash) {
+ xbox_sha1_reset(ctx, ver, true);
+ xbox_sha1_input(ctx, data, len);
+ xbox_sha1_result(ctx, ctx->msg_blk);
+ xbox_sha1_reset(ctx, ver, false);
+ xbox_sha1_input(ctx, ctx->msg_blk, 20);
+ xbox_sha1_result(ctx, hash);
+}
+
+bool xbox_eeprom_generate(const char *file, XboxEEPROMVersion ver) {
+ XboxEEPROM e;
+ memset(&e, 0, sizeof(e));
+
+ // set default North American and NTSC-M region settings
+ e.region = cpu_to_le32(1);
+ e.video_standard = cpu_to_le32(0x00400100);
+
+ // randomize hardware information
+ qcrypto_random_bytes(e.confounder, sizeof(e.confounder), &error_fatal);
+ qcrypto_random_bytes(e.hdd_key, sizeof(e.hdd_key), &error_fatal);
+ qcrypto_random_bytes(e.online_key, sizeof(e.online_key), &error_fatal);
+ memcpy(e.mac, "\x00\x50\xF2", 3);
+ qcrypto_random_bytes(e.mac + 3, sizeof(e.mac) - 3, &error_fatal);
+ qcrypto_random_bytes(e.serial, sizeof(e.serial), &error_fatal);
+ for (int i = 0; i < sizeof(e.serial); i++) {
+ e.serial[i] = '0' + (e.serial[i] % 10);
+ }
+
+ // update checksums
+ e.checksum = cpu_to_le32(xbox_eeprom_crc(e.serial, 0x2C));
+ e.user_checksum = cpu_to_le32(xbox_eeprom_crc(e.user_section, 0x5C));
+
+ // encrypt security section
+ RC4Context rctx;
+ SHA1Context sctx;
+ uint8_t seed[20];
+ xbox_sha1_compute(&sctx, ver, e.confounder, 0x1C, e.hash);
+ xbox_sha1_compute(&sctx, ver, e.hash, sizeof(e.hash), seed);
+ xbox_rc4_init(&rctx, seed, sizeof(seed));
+ xbox_rc4_crypt(&rctx, e.confounder, 0x1C);
+
+ // save to file
+ FILE *fd = fopen(file, "wb");
+ if (fd == NULL) {
+ return false;
+ }
+
+ bool success = fwrite(&e, sizeof(e), 1, fd) == 1;
+ fclose(fd);
+ return success;
+}
diff --git a/hw/xbox/eeprom_generation.h b/hw/xbox/eeprom_generation.h
new file mode 100644
index 0000000000..44e13165ac
--- /dev/null
+++ b/hw/xbox/eeprom_generation.h
@@ -0,0 +1,72 @@
+/*
+ * QEMU Xbox EEPROM Generation (MCPX Version 1.0)
+ *
+ * Copyright (c) 2020 Mike Davis
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see .
+ */
+
+#ifndef HW_EEPROM_GENERATION_H
+#define HW_EEPROM_GENERATION_H
+
+#include "qemu/osdep.h"
+#include "qapi/error.h"
+#include "crypto/random.h"
+#include "include/qemu/bswap.h"
+
+typedef struct RC4Context {
+ uint8_t s[256];
+} RC4Context;
+
+typedef struct SHA1Context {
+ uint32_t intermediate[5];
+ uint8_t msg_blk[64];
+ uint32_t msg_blk_index;
+ uint32_t length;
+ bool computed;
+} SHA1Context;
+
+#pragma pack(push,1)
+typedef struct XboxEEPROM {
+ uint8_t hash[20];
+ uint8_t confounder[8];
+ uint8_t hdd_key[16];
+ uint32_t region;
+ uint32_t checksum;
+ uint8_t serial[12];
+ uint8_t mac[6];
+ uint16_t padding;
+ uint8_t online_key[16];
+ uint32_t video_standard;
+ uint32_t padding2;
+ uint32_t user_checksum;
+ uint8_t user_section[156];
+} XboxEEPROM;
+#pragma pack(pop)
+
+typedef enum {
+ // debug kernels
+ XBOX_EEPROM_VERSION_D,
+ // retail v1.0 kernels
+ XBOX_EEPROM_VERSION_R1,
+ // retail v1.1-1.4 kernels
+ XBOX_EEPROM_VERSION_R2,
+ // retail v1.6 kernels
+ XBOX_EEPROM_VERSION_R3
+} XboxEEPROMVersion;
+
+bool xbox_eeprom_generate(const char *file, XboxEEPROMVersion ver);
+
+#endif
+
diff --git a/hw/xbox/smbus_storage.c b/hw/xbox/smbus_storage.c
index f82352e0e8..4611450e01 100644
--- a/hw/xbox/smbus_storage.c
+++ b/hw/xbox/smbus_storage.c
@@ -53,42 +53,6 @@ typedef struct SMBusStorageDevice {
bool persist;
} SMBusStorageDevice;
-// FIXME: remove, file should be generated upstream if unspecified
-const uint8_t default_eeprom[] = {
- 0xe3, 0x1c, 0x5c, 0x23, 0x6a, 0x58, 0x68, 0x37,
- 0xb7, 0x12, 0x26, 0x6c, 0x99, 0x11, 0x30, 0xd1,
- 0xe2, 0x3e, 0x4d, 0x56, 0xf7, 0x73, 0x2b, 0x73,
- 0x85, 0xfe, 0x7f, 0x0a, 0x08, 0xef, 0x15, 0x3c,
- 0x77, 0xee, 0x6d, 0x4e, 0x93, 0x2f, 0x28, 0xee,
- 0xf8, 0x61, 0xf7, 0x94, 0x17, 0x1f, 0xfc, 0x11,
- 0x0b, 0x84, 0x44, 0xed, 0x31, 0x30, 0x35, 0x35,
- 0x38, 0x31, 0x31, 0x31, 0x34, 0x30, 0x30, 0x33,
- 0x00, 0x50, 0xf2, 0x4f, 0x65, 0x52, 0x00, 0x00,
- 0x0a, 0x1e, 0x35, 0x33, 0x71, 0x85, 0x31, 0x4d,
- 0x59, 0x12, 0x38, 0x48, 0x1c, 0x91, 0x53, 0x60,
- 0x00, 0x01, 0x40, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x75, 0x61, 0x57, 0xfb, 0x2c, 0x01, 0x00, 0x00,
- 0x45, 0x53, 0x54, 0x00, 0x45, 0x44, 0x54, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x0a, 0x05, 0x00, 0x02, 0x04, 0x01, 0x00, 0x02,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0xc4, 0xff, 0xff, 0xff,
- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
static void smbus_storage_realize(DeviceState *dev, Error **errp)
{
SMBusStorageDevice *s = SMBUS_STORAGE(dev);
@@ -119,8 +83,7 @@ static void smbus_storage_realize(DeviceState *dev, Error **errp)
}
close(fd);
} else {
- // FIXME: remove, file should be generated upstream if unspecified
- memcpy(s->data, default_eeprom, MIN(s->size, sizeof(default_eeprom)));
+ error_setg(errp, "%s: file unspecified\n", __func__);
}
}
diff --git a/softmmu/vl.c b/softmmu/vl.c
index ad91027a50..d479e3b26f 100644
--- a/softmmu/vl.c
+++ b/softmmu/vl.c
@@ -118,6 +118,7 @@
#include "ui/xemu-notifications.h"
#include "ui/xemu-net.h"
#include "ui/xemu-input.h"
+#include "hw/xbox/eeprom_generation.h"
#define MAX_VIRTIO_CONSOLES 1
@@ -2890,6 +2891,12 @@ void qemu_init(int argc, char **argv, char **envp)
error_init(argv[0]);
module_call_init(MODULE_INIT_TRACE);
+ // init earlier because it's needed for eeprom generation
+ if (qcrypto_init(&err) < 0) {
+ error_reportf_err(err, "cannot initialize crypto: ");
+ exit(1);
+ }
+
//
// FIXME: This is a hack to get QEMU to load correct machine and properties
// very early, and handle some basic error cases without hooking QEMU error
@@ -2933,27 +2940,40 @@ void qemu_init(int argc, char **argv, char **envp)
if (strlen(eeprom_path) > 0) {
int eeprom_size = get_image_size(eeprom_path);
if (eeprom_size < 0) {
- char *msg = g_strdup_printf("Failed to open EEPROM file '%s'. "
- "Please check machine settings.", eeprom_path);
+ char *msg = g_strdup_printf("Failed to open EEPROM file '%s'.\n\n"
+ "Automatically generating a new one instead. "
+ "Please check machine settings for the new path and move if desired.", eeprom_path);
xemu_queue_error_message(msg);
g_free(msg);
eeprom_path = "";
} else if (eeprom_size != 256) {
char *msg = g_strdup_printf(
- "Invalid EEPROM file '%s' size of %d; should be 256 bytes. "
- "Please check machine settings.", eeprom_path, eeprom_size);
+ "Invalid EEPROM file '%s' size of %d; should be 256 bytes.\n\n"
+ "Automatically generating a new one instead. "
+ "Please check machine settings for the new path and move if desired.", eeprom_path, eeprom_size);
xemu_queue_error_message(msg);
g_free(msg);
eeprom_path = "";
+ } else {
+ fake_argv[fake_argc++] = strdup("-device");
+ fake_argv[fake_argc++] = g_strdup_printf("smbus-storage,file=%s", eeprom_path);
}
}
- fake_argv[fake_argc++] = strdup("-device");
- if (strlen(eeprom_path) > 0) {
- fake_argv[fake_argc++] = g_strdup_printf("smbus-storage,file=%s",
- eeprom_path);
- } else {
- fake_argv[fake_argc++] = strdup("smbus-storage");
+ // Generate a new EEPROM file if one isn't specified or contents are invalid
+ if (strlen(eeprom_path) == 0) {
+ eeprom_path = xemu_settings_get_default_eeprom_path();
+ if (xbox_eeprom_generate(eeprom_path, XBOX_EEPROM_VERSION_R1)) {
+ xemu_settings_set_string(XEMU_SETTINGS_SYSTEM_EEPROM_PATH, eeprom_path);
+ xemu_settings_save();
+ fake_argv[fake_argc++] = strdup("-device");
+ fake_argv[fake_argc++] = g_strdup_printf("smbus-storage,file=%s", eeprom_path);
+ free((char*)eeprom_path);
+ } else {
+ char *msg = g_strdup_printf("Failed to generate eeprom file '%s'. Please check machine settings.", eeprom_path);
+ xemu_queue_error_message(msg);
+ g_free(msg);
+ }
}
const char *flash_path;
@@ -3087,11 +3107,6 @@ void qemu_init(int argc, char **argv, char **envp)
postcopy_infrastructure_init();
monitor_init_globals();
- if (qcrypto_init(&err) < 0) {
- error_reportf_err(err, "cannot initialize crypto: ");
- exit(1);
- }
-
QTAILQ_INIT(&vm_change_state_head);
os_setup_early_signal_handling();
diff --git a/ui/xemu-settings.c b/ui/xemu-settings.c
index 8f1ef8a079..90b82bf52c 100644
--- a/ui/xemu-settings.c
+++ b/ui/xemu-settings.c
@@ -216,6 +216,31 @@ const char *xemu_settings_get_path(void)
return settings_path;
}
+const char *xemu_settings_get_default_eeprom_path(void)
+{
+ char *base = SDL_GetPrefPath("xemu", "xemu");
+ assert(base != NULL);
+ size_t base_len = strlen(base);
+
+ const char *name = "eeprom.bin";
+ size_t name_len = strlen(name);
+ size_t final_len = base_len + name_len;
+ final_len += 1; // Terminating null byte
+
+ char *path = malloc(final_len);
+ assert(path != NULL);
+
+ // Copy base part
+ memcpy(path, base, base_len);
+ free(base);
+
+ // Copy name part
+ memcpy(path+base_len, name, name_len);
+ path[final_len-1] = '\0';
+
+ return path;
+}
+
static int xemu_enum_str_to_int(const struct enum_str_map *map, const char *str, int *value)
{
for (int i = 0; map[i].str != NULL; i++) {
diff --git a/ui/xemu-settings.h b/ui/xemu-settings.h
index 11504e352a..352224e0b0 100644
--- a/ui/xemu-settings.h
+++ b/ui/xemu-settings.h
@@ -73,6 +73,9 @@ int xemu_settings_did_fail_to_load(void);
// Get path of the config file on disk
const char *xemu_settings_get_path(void);
+// Get path of the default generated eeprom file on disk
+const char *xemu_settings_get_default_eeprom_path(void);
+
// Load config file from disk, or load defaults
void xemu_settings_load(void);