Mirrors/hactool
2
0
Fork 0
mirror of https://github.com/SciresM/hactool synced 2024-11-10 06:34:14 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add save MAC key derivation

Browse source
This commit is contained in:
shchmue 2019-06-03 18:16:14 -04:00
parent 0219abfd83
commit b8062ab149
3 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
extkeys.c
View file

@ -251,6 +251,9 @@ void extkeys_initialize_settings(hactool_settings_t *settings, FILE *f) {
} else if (strcmp(key, "package2_key_source") == 0) {
parse_hex_key(keyset->package2_key_source, value, sizeof(keyset->package2_key_source));
matched_key = 1;
} else if (strcmp(key, "per_console_key_source") == 0) {
parse_hex_key(keyset->per_console_key_source, value, sizeof(keyset->per_console_key_source));
matched_key = 1;
} else if (strcmp(key, "sd_card_kek_source") == 0) {
parse_hex_key(keyset->sd_card_kek_source, value, sizeof(keyset->sd_card_kek_source));
matched_key = 1;

12
pki.c
View file

@ -229,6 +229,10 @@ void pki_derive_keys(nca_keyset_t *keyset) {
}
aes_ctx_t *mac_gen_ctx = new_aes_ctx(&keyset->keyblob_keys[i], 0x10, AES_MODE_ECB);
aes_decrypt(mac_gen_ctx, &keyset->keyblob_mac_keys[i], keyset->keyblob_mac_key_source, 0x10);
/* Derive Device key */
if (i == 0 && memcmp(keyset->per_console_key_source, zeroes, 0x10) != 0) {
aes_decrypt(mac_gen_ctx, keyset->device_key, keyset->per_console_key_source, 0x10);
}
free_aes_ctx(mac_gen_ctx);
}
for (unsigned int i = 0; i < 0x6; i++) {
@ -368,6 +372,11 @@ void pki_derive_keys(nca_keyset_t *keyset) {
free_aes_ctx(sd_ctx);
}
/* Derive Save MAC Key */
if (i == 0 && memcmp(keyset->save_mac_kek_source, zeroes, 0x10) != 0 && memcmp(keyset->save_mac_key_source, zeroes, 0x10) != 0 && memcmp(keyset->device_key, zeroes, 0x10) != 0) {
generate_kek(keyset->save_mac_key, keyset->save_mac_kek_source, keyset->device_key, keyset->aes_kek_generation_source, keyset->save_mac_key_source);
}
free_aes_ctx(master_ctx);
}
@ -381,6 +390,7 @@ void pki_print_keys(nca_keyset_t *keyset) {
PRINT_KEY_WITH_NAME(keyset->secure_boot_key, secure_boot_key);
PRINT_KEY_WITH_NAME(keyset->tsec_key, tsec_key);
PRINT_KEY_WITH_NAME(keyset->device_key, device_key);
PRINT_KEY_WITH_NAME(keyset->tsec_root_kek, tsec_root_kek);
PRINT_KEY_WITH_NAME(keyset->package1_mac_kek, package1_mac_kek);
PRINT_KEY_WITH_NAME(keyset->package1_kek, package1_kek);
@ -442,6 +452,7 @@ void pki_print_keys(nca_keyset_t *keyset) {
PRINT_KEY_WITH_NAME_IDX(keyset->package2_keys[i], package2_key, i);
}
printf("\n");
PRINT_KEY_WITH_NAME(keyset->per_console_key_source, per_console_key_source);
PRINT_KEY_WITH_NAME(keyset->aes_kek_generation_source, aes_kek_generation_source);
PRINT_KEY_WITH_NAME(keyset->aes_key_generation_source, aes_key_generation_source);
PRINT_KEY_WITH_NAME(keyset->titlekek_source, titlekek_source);
@ -458,6 +469,7 @@ void pki_print_keys(nca_keyset_t *keyset) {
PRINT_KEY_WITH_NAME(keyset->sd_card_key_sources[1], sd_card_nca_key_source);
PRINT_KEY_WITH_NAME(keyset->save_mac_kek_source, save_mac_kek_source);
PRINT_KEY_WITH_NAME(keyset->save_mac_key_source, save_mac_key_source);
PRINT_KEY_WITH_NAME(keyset->save_mac_key, save_mac_key);
printf("\n");
PRINT_KEY_WITH_NAME(keyset->header_key_source, header_key_source);
PRINT_KEY_WITH_NAME(keyset->header_key, header_key);

3
settings.h
View file

@ -18,6 +18,7 @@ typedef enum {
typedef struct {
unsigned char secure_boot_key[0x10]; /* Secure boot key for use in key derivation. NOTE: CONSOLE UNIQUE. */
unsigned char tsec_key[0x10]; /* TSEC key for use in key derivation. NOTE: CONSOLE UNIQUE. */
unsigned char device_key[0x10]; /* Device key used to derive some FS keys. NOTE: CONSOLE UNIQUE. */
unsigned char keyblob_keys[0x20][0x10]; /* Actual keys used to decrypt keyblobs. NOTE: CONSOLE UNIQUE.*/
unsigned char keyblob_mac_keys[0x20][0x10]; /* Keys used to validate keyblobs. NOTE: CONSOLE UNIQUE. */
unsigned char encrypted_keyblobs[0x20][0xB0]; /* Actual encrypted keyblobs (EKS). NOTE: CONSOLE UNIQUE. */
@ -37,6 +38,7 @@ typedef struct {
unsigned char package1_keys[0x20][0x10]; /* Package1 keys. */
unsigned char package2_keys[0x20][0x10]; /* Package2 keys. */
unsigned char package2_key_source[0x10]; /* Seed for Package2 key. */
unsigned char per_console_key_source[0x10]; /* Seed for Device key. */
unsigned char aes_kek_generation_source[0x10]; /* Seed for GenerateAesKek, usecase + generation 0. */
unsigned char aes_key_generation_source[0x10]; /* Seed for GenerateAesKey. */
unsigned char key_area_key_application_source[0x10]; /* Seed for kaek 0. */
@ -52,6 +54,7 @@ typedef struct {
unsigned char header_key[0x20]; /* NCA header key. */
unsigned char titlekeks[0x20][0x10]; /* Title key encryption keys. */
unsigned char key_area_keys[0x20][3][0x10]; /* Key area encryption keys. */
unsigned char save_mac_key[0x10]; /* Key used to sign savedata. */
unsigned char sd_card_keys[2][0x20];
unsigned char nca_hdr_fixed_key_modulus[0x100]; /* NCA header fixed key RSA pubk. */
unsigned char acid_fixed_key_modulus[0x100]; /* ACID fixed key RSA pubk. */