using System;
using System.Security.Cryptography;
using static System.Buffers.Binary.BinaryPrimitives;
namespace PKHeX.Core
{
///
/// MemeCrypto V1 - The Original Series
///
///
/// A variant of encryption and obfuscation used in .
///
The save file stores a dedicated block to contain a hash of the savedata, computed when the block is zeroed.
///
This signing logic is reused for other authentication; refer to .
///
The save file first computes a SHA256 Hash over the block checksum region.
/// The logic then applies a SHA1 hash over the SHA256 hash result, encrypts it with a , and signs it with an RSA private key in a non-straightforward manner.
///
public static class MemeCrypto
{
private const uint POKE = 0x454B4F50;
public static bool VerifyMemePOKE(ReadOnlySpan input, out byte[] output)
{
if (input.Length < 0x60)
throw new ArgumentException("Invalid POKE buffer!");
var memeLen = input.Length - 8;
var memeIndex = MemeKeyIndex.PokedexAndSaveFile;
for (var i = input.Length - 8; i >= 0; i--)
{
if (ReadUInt32LittleEndian(input[i..]) != POKE)
continue;
var keyIndex = ReadInt32LittleEndian(input[(i+4)..]);
if (!MemeKey.IsValidPokeKeyIndex(keyIndex))
continue;
memeLen = i;
memeIndex = (MemeKeyIndex)keyIndex;
break;
}
foreach (var len in new[] { memeLen, memeLen - 2 }) // Account for Pokédex QR Edge case
{
if (VerifyMemeData(input, out output, 0, len, memeIndex))
return true;
if (VerifyMemeData(input, out output, 0, len, MemeKeyIndex.PokedexAndSaveFile))
return true;
}
output = Array.Empty();
return false;
}
public static bool VerifyMemeData(ReadOnlySpan input, out byte[] output)
{
foreach (MemeKeyIndex keyIndex in Enum.GetValues(typeof(MemeKeyIndex)))
{
if (VerifyMemeData(input, out output, keyIndex))
return true;
}
output = Array.Empty();
return false;
}
public static bool VerifyMemeData(ReadOnlySpan input, out byte[] output, MemeKeyIndex keyIndex)
{
if (input.Length < 0x60)
{
output = Array.Empty();
return false;
}
var key = new MemeKey(keyIndex);
output = input.ToArray();
var sigBuffer = key.RsaPublic(input[^0x60..]);
using var sha1 = SHA1.Create();
if (DecryptCompare(output, sigBuffer, key, sha1))
return true;
sigBuffer[0x0] |= 0x80;
if (DecryptCompare(output, sigBuffer, key, sha1))
return true;
output = Array.Empty();
return false;
}
private static bool DecryptCompare(byte[] output, ReadOnlySpan sigBuffer, MemeKey key, SHA1 sha1)
{
sigBuffer.CopyTo(output.AsSpan(output.Length - 0x60));
key.AesDecrypt(output).CopyTo(output);
// Check for 8-byte equality.
var hash = sha1.ComputeHash(output, 0, output.Length - 0x8);
var computed = ReadUInt64LittleEndian(hash.AsSpan());
var existing = ReadUInt64LittleEndian(output.AsSpan(output.Length - 0x8));
return computed == existing;
}
public static bool VerifyMemeData(ReadOnlySpan input, out byte[] output, int offset, int length)
{
var data = input.Slice(offset, length).ToArray();
if (VerifyMemeData(data, out output))
{
var newOutput = input.ToArray();
output.CopyTo(newOutput, offset);
output = newOutput;
return true;
}
output = Array.Empty();
return false;
}
public static bool VerifyMemeData(ReadOnlySpan input, out byte[] output, int offset, int length, MemeKeyIndex keyIndex)
{
var data = input.Slice(offset, length);
if (VerifyMemeData(data, out output, keyIndex))
{
var newOutput = input.ToArray();
output.CopyTo(newOutput, offset);
output = newOutput;
return true;
}
output = Array.Empty();
return false;
}
public static byte[] SignMemeData(ReadOnlySpan input, MemeKeyIndex keyIndex = MemeKeyIndex.PokedexAndSaveFile)
{
// Validate Input
if (input.Length < 0x60)
throw new ArgumentException("Cannot memesign a buffer less than 0x60 bytes in size!");
var key = new MemeKey(keyIndex);
if (!key.CanResign)
throw new ArgumentException("Cannot sign with the specified memekey!");
var output = input.ToArray();
// Copy in the SHA1 signature
using (var sha1 = SHA1.Create())
{
var hash = sha1.ComputeHash(output, 0, output.Length - 8);
hash.AsSpan(0, 8).CopyTo(output.AsSpan(output.Length - 8, 8));
}
// Perform AES operations
output = key.AesEncrypt(output);
var sigBuffer = output.AsSpan(output.Length - 0x60, 0x60);
sigBuffer[0] &= 0x7F;
var signed = key.RsaPrivate(sigBuffer);
signed.CopyTo(sigBuffer);
return output;
}
///
/// Resigns save data.
///
/// Save file data to resign
/// The resigned save data. Invalid input returns null.
public static byte[] Resign7(ReadOnlySpan sav7)
{
if (sav7.Length is not (SaveUtil.SIZE_G7SM or SaveUtil.SIZE_G7USUM))
throw new ArgumentException("Should not be using this for unsupported saves.");
// Save Chunks are 0x200 bytes each; Memecrypto signature is 0x100 bytes into the 2nd to last chunk.
var isUSUM = sav7.Length == SaveUtil.SIZE_G7USUM;
var ChecksumTableOffset = sav7.Length - 0x200;
var MemeCryptoOffset = isUSUM ? 0x6C100 : 0x6BB00;
var ChecksumSignatureLength = isUSUM ? 0x150 : 0x140;
const int MemeCryptoSignatureLength = 0x80;
var result = sav7.ToArray();
// Store current signature
var oldSig = sav7.Slice(MemeCryptoOffset, MemeCryptoSignatureLength).ToArray();
using var sha256 = SHA256.Create();
var newSig = sha256.ComputeHash(result, ChecksumTableOffset, ChecksumSignatureLength);
Span sigSpan = stackalloc byte[MemeCryptoSignatureLength];
newSig.CopyTo(sigSpan);
if (VerifyMemeData(oldSig, out var memeSig, MemeKeyIndex.PokedexAndSaveFile))
memeSig.AsSpan()[0x20..0x80].CopyTo(sigSpan[0x20..]);
SignMemeData(sigSpan).CopyTo(result, MemeCryptoOffset);
return result;
}
}
}