hactool/npdm.c

#include <stdlib.h>
#include <string.h>
#include "npdm.h"
#include "utils.h"
#include "settings.h"
#include "rsa.h"
#include "cJSON.h"

static const char * const svc_names[0x80] = {
    "svcUnknown",
    "svcSetHeapSize",
    "svcSetMemoryPermission",
    "svcSetMemoryAttribute",
    "svcMapMemory",
    "svcUnmapMemory",
    "svcQueryMemory",
    "svcExitProcess",
    "svcCreateThread",
    "svcStartThread",
    "svcExitThread",
    "svcSleepThread",
    "svcGetThreadPriority",
    "svcSetThreadPriority",
    "svcGetThreadCoreMask",
    "svcSetThreadCoreMask",
    "svcGetCurrentProcessorNumber",
    "svcSignalEvent",
    "svcClearEvent",
    "svcMapSharedMemory",
    "svcUnmapSharedMemory",
    "svcCreateTransferMemory",
    "svcCloseHandle",
    "svcResetSignal",
    "svcWaitSynchronization",
    "svcCancelSynchronization",
    "svcArbitrateLock",
    "svcArbitrateUnlock",
    "svcWaitProcessWideKeyAtomic",
    "svcSignalProcessWideKey",
    "svcGetSystemTick",
    "svcConnectToNamedPort",
    "svcSendSyncRequestLight",
    "svcSendSyncRequest",
    "svcSendSyncRequestWithUserBuffer",
    "svcSendAsyncRequestWithUserBuffer",
    "svcGetProcessId",
    "svcGetThreadId",
    "svcBreak",
    "svcOutputDebugString",
    "svcReturnFromException",
    "svcGetInfo",
    "svcFlushEntireDataCache",
    "svcFlushDataCache",
    "svcMapPhysicalMemory",
    "svcUnmapPhysicalMemory",
    "svcGetFutureThreadInfo",
    "svcGetLastThreadInfo",
    "svcGetResourceLimitLimitValue",
    "svcGetResourceLimitCurrentValue",
    "svcSetThreadActivity",
    "svcGetThreadContext3",
    "svcWaitForAddress",
    "svcSignalToAddress",
    "svcUnknown",
    "svcUnknown",
    "svcUnknown",
    "svcUnknown",
    "svcUnknown",
    "svcUnknown",
    "svcDumpInfo",
    "svcDumpInfoNew",
    "svcUnknown",
    "svcUnknown",
    "svcCreateSession",
    "svcAcceptSession",
    "svcReplyAndReceiveLight",
    "svcReplyAndReceive",
    "svcReplyAndReceiveWithUserBuffer",
    "svcCreateEvent",
    "svcUnknown",
    "svcUnknown",
    "svcMapPhysicalMemoryUnsafe",
    "svcUnmapPhysicalMemoryUnsafe",
    "svcSetUnsafeLimit",
    "svcCreateCodeMemory",
    "svcControlCodeMemory",
    "svcSleepSystem",
    "svcReadWriteRegister",
    "svcSetProcessActivity",
    "svcCreateSharedMemory",
    "svcMapTransferMemory",
    "svcUnmapTransferMemory",
    "svcCreateInterruptEvent",
    "svcQueryPhysicalAddress",
    "svcQueryIoMapping",
    "svcCreateDeviceAddressSpace",
    "svcAttachDeviceAddressSpace",
    "svcDetachDeviceAddressSpace",
    "svcMapDeviceAddressSpaceByForce",
    "svcMapDeviceAddressSpaceAligned",
    "svcMapDeviceAddressSpace",
    "svcUnmapDeviceAddressSpace",
    "svcInvalidateProcessDataCache",
    "svcStoreProcessDataCache",
    "svcFlushProcessDataCache",
    "svcDebugActiveProcess",
    "svcBreakDebugProcess",
    "svcTerminateDebugProcess",
    "svcGetDebugEvent",
    "svcContinueDebugEvent",
    "svcGetProcessList",
    "svcGetThreadList",
    "svcGetDebugThreadContext",
    "svcSetDebugThreadContext",
    "svcQueryDebugProcessMemory",
    "svcReadDebugProcessMemory",
    "svcWriteDebugProcessMemory",
    "svcSetHardwareBreakPoint",
    "svcGetDebugThreadParam",
    "svcUnknown",
    "svcGetSystemInfo",
    "svcCreatePort",
    "svcManageNamedPort",
    "svcConnectToPort",
    "svcSetProcessMemoryPermission",
    "svcMapProcessMemory",
    "svcUnmapProcessMemory",
    "svcQueryProcessMemory",
    "svcMapProcessCodeMemory",
    "svcUnmapProcessCodeMemory",
    "svcCreateProcess",
    "svcStartProcess",
    "svcTerminateProcess",
    "svcGetProcessInfo",
    "svcCreateResourceLimit",
    "svcSetResourceLimitLimitValue",
    "svcCallSecureMonitor"
};

#define MAX_FS_PERM_RW 0x27
#define MAX_FS_PERM_BOOL 0x1B
#define FS_PERM_MASK_NODEBUG 0xBFFFFFFFFFFFFFFFULL

static const fs_perm_t fs_permissions_rw[MAX_FS_PERM_RW] = {
    {"MountContentType2", 0x8000000000000801},
    {"MountContentType5", 0x8000000000000801},
    {"MountContentType3", 0x8000000000000801},
    {"MountContentType4", 0x8000000000000801},
    {"MountContentType6", 0x8000000000000801},
    {"MountContentType7", 0x8000000000000801},
    {"Unknown (0x6)", 0x8000000000000000},
    {"ContentStorageAccess", 0x8000000000000800},
    {"ImageDirectoryAccess", 0x8000000000001000},
    {"MountBisType28", 0x8000000000000084},
    {"MountBisType29", 0x8000000000000080},
    {"MountBisType30", 0x8000000000008080},
    {"MountBisType31", 0x8000000000008080},
    {"Unknown (0xD)", 0x8000000000000080},
    {"SdCardAccess", 0xC000000000200000},
    {"GameCardUser", 0x8000000000000010},
    {"SaveDataAccess0", 0x8000000000040020},
    {"SystemSaveDataAccess0", 0x8000000000000028},
    {"SaveDataAccess1", 0x8000000000000020},
    {"SystemSaveDataAccess1", 0x8000000000000020},
    {"BisPartition0", 0x8000000000010082},
    {"BisPartition10", 0x8000000000010080},
    {"BisPartition20", 0x8000000000010080},
    {"BisPartition21", 0x8000000000010080},
    {"BisPartition22", 0x8000000000010080},
    {"BisPartition23", 0x8000000000010080},
    {"BisPartition24", 0x8000000000010080},
    {"BisPartition25", 0x8000000000010080},
    {"BisPartition26", 0x8000000000000080},
    {"BisPartition27", 0x8000000000000084},
    {"BisPartition28", 0x8000000000000084},
    {"BisPartition29", 0x8000000000000080},
    {"BisPartition30", 0x8000000000000080},
    {"BisPartition31", 0x8000000000000080},
    {"BisPartition32", 0x8000000000000080},
    {"Unknown (0x23)", 0xC000000000200000},
    {"GameCard_System", 0x8000000000000100},
    {"MountContent_System", 0x8000000000100008},
    {"HostAccess", 0xC000000000400000}
};

static const fs_perm_t fs_permissions_bool[MAX_FS_PERM_BOOL] = {
    {"BisCache", 0x8000000000000080},
    {"EraseMmc", 0x8000000000000080},
    {"GameCardCertificate", 0x8000000000000010},
    {"GameCardIdSet", 0x8000000000000010},
    {"GameCardDriver", 0x8000000000000200},
    {"GameCardAsic", 0x8000000000000200},
    {"SaveDataCreate", 0x8000000000002020},
    {"SaveDataDelete0", 0x8000000000000060},
    {"SystemSaveDataCreate0", 0x8000000000000028},
    {"SystemSaveDataCreate1", 0x8000000000000020},
    {"SaveDataDelete1", 0x8000000000004028},
    {"SaveDataIterators0", 0x8000000000000060},
    {"SaveDataIterators1", 0x8000000000004020},
    {"SaveThumbnails", 0x8000000000020000},
    {"PosixTime", 0x8000000000000400},
    {"SaveDataExtraData", 0x8000000000004060},
    {"GlobalMode", 0x8000000000080000},
    {"SpeedEmulation", 0x8000000000080000},
    {"(NULL)", 0},
    {"PaddingFiles", 0xC000000000800000},
    {"SaveData_Debug", 0xC000000001000000},
    {"SaveData_SystemManagement", 0xC000000002000000},
    {"Unknown (0x16)", 0x8000000004000000},
    {"Unknown (0x17)", 0x8000000008000000},
    {"Unknown (0x18)", 0x8000000010000000},
    {"Unknown (0x19)", 0x8000000000000800},
    {"Unknown (0x1A)", 0x8000000000004020}
};

const char *npdm_get_proc_category(int process_category) {
    switch (process_category) {
        case 0:
            return "Regular Title";
        case 1:
            return "Kernel Built-In";
        default:
            return "Unknown";
    }
}

static const char *kac_get_app_type(uint32_t app_type) {
    switch (app_type) {
        case 0:
            return "System Module";
        case 1:
            return "Application";
        case 2:
            return "Applet";
        default:
            return "Unknown";
    }
}

static void kac_add_mmio(kac_t *kac, kac_mmio_t *mmio) {
    /* Perform an ordered insertion. */
    if (kac->mmio == NULL || mmio->address < kac->mmio->address) {
        mmio->next = kac->mmio;
        kac->mmio = mmio;
    } else {
        kac_mmio_t *ins_mmio = kac->mmio;
        while (ins_mmio != NULL) {
            if (ins_mmio->address < mmio->address) {
                if (ins_mmio->next != NULL) {
                    if (ins_mmio->next->address > mmio->address) {
                        mmio->next = ins_mmio->next;
                        ins_mmio->next = mmio;
                        break;
                    }
                } else {
                    ins_mmio->next = mmio;
                    break;
                }
            }
            if (ins_mmio->next == NULL) {
                ins_mmio->next = mmio;
                break;
            }
            ins_mmio = ins_mmio->next;
        }
    }
}

void kac_print(const uint32_t *descriptors, uint32_t num_descriptors) {
    kac_t kac;
    kac_mmio_t *cur_mmio = NULL;
    kac_mmio_t *page_mmio = NULL;
    kac_irq_t *cur_irq = NULL;
    unsigned int syscall_base;
    memset(&kac, 0, sizeof(kac));
    for (uint32_t i = 0; i < num_descriptors; i++) {
        uint32_t desc = descriptors[i];
        if (desc == 0xFFFFFFFF) {
            continue;
        }
        unsigned int low_bits = 0;
        while (desc & 1) {
            desc >>= 1;
            low_bits++;
        }
        desc >>= 1;
        switch (low_bits) {
            case 3: /* Kernel flags. */
                kac.has_kern_flags = 1;
                kac.highest_thread_prio = desc & 0x3F;
                desc >>= 6;
                kac.lowest_thread_prio = desc & 0x3F;
                desc >>= 6;
                kac.lowest_cpu_id = desc & 0xFF;
                desc >>= 8;
                kac.highest_cpu_id = desc & 0xFF;
                break;
            case 4: /* Syscall mask. */
                syscall_base = (desc >> 24) * 0x18;
                for (unsigned int sc = 0; sc < 0x18 && syscall_base + sc < 0x80; sc++) {
                    kac.svcs_allowed[syscall_base+sc] = desc & 1;
                    desc >>= 1;
                }
                break;
            case 6: /* Map IO/Normal. */
                cur_mmio = calloc(1, sizeof(kac_mmio_t));
                cur_mmio->address = (desc & 0xFFFFFF) << 12;
                cur_mmio->is_ro = desc >> 24;
                if (i == num_descriptors - 1) {
                    fprintf(stderr, "Error: Invalid Kernel Access Control Descriptors!\n");
                    exit(EXIT_FAILURE);
                }
                desc = descriptors[++i];
                if ((desc & 0x7F) != 0x3F) {
                    fprintf(stderr, "Error: Invalid Kernel Access Control Descriptors!\n");
                    exit(EXIT_FAILURE);
                }
                desc >>= 7;
                cur_mmio->size = (desc & 0xFFFFFF) << 12;
                cur_mmio->is_norm = desc >> 24;
                kac_add_mmio(&kac, cur_mmio);
                break;
            case 7: /* Map Normal Page. */
                page_mmio = calloc(1, sizeof(kac_mmio_t));
                if (page_mmio == NULL) {
                    fprintf(stderr, "Failed to allocate MMIO descriptor!\n");
                    exit(EXIT_FAILURE);
                }
                page_mmio->address = desc << 12;
                page_mmio->size = 0x1000;
                page_mmio->is_ro = 0;
                page_mmio->is_norm = 0;
                page_mmio->next = NULL;
                kac_add_mmio(&kac, page_mmio);
                page_mmio = NULL;
                break;
            case 11: /* IRQ Pair. */
                cur_irq = calloc(1, sizeof(kac_irq_t));
                if (cur_irq == NULL) {
                    fprintf(stderr, "Failed to allocate IRQ descriptor!\n");
                    exit(EXIT_FAILURE);
                }
                cur_irq->irq0 = desc & 0x3FF;
                cur_irq->irq1 = (desc >> 10) & 0x3FF;
                if (kac.irqs == NULL) {
                    kac.irqs = cur_irq;
                } else {
                    kac_irq_t *tail_irq = kac.irqs;
                    while (tail_irq->next != NULL) {
                        tail_irq = tail_irq->next;
                    }
                    tail_irq->next = cur_irq;
                }
                cur_irq = NULL;
                break;
            case 13: /* App Type. */
                kac.has_app_type = 1;
                kac.application_type = desc & 7;
                break;
            case 14: /* Kernel Release Version. */
                kac.has_kern_ver = 1;
                kac.kernel_release_version = desc;
                break;
            case 15: /* Handle Table Size. */
                kac.has_handle_table_size = 1;
                kac.handle_table_size = desc;
                break;
            case 16: /* Debug Flags. */
                kac.has_debug_flags = 1;
                kac.allow_debug = desc & 1;
                kac.force_debug = (desc >> 1) & 1;
                break;
        }
    }

    if (kac.has_kern_flags) {
        printf("        Lowest Allowed Priority:    %"PRId32"\n", kac.lowest_thread_prio);
        printf("        Highest Allowed Priority:   %"PRId32"\n", kac.highest_thread_prio);
        printf("        Lowest Allowed CPU ID:      %"PRId32"\n", kac.lowest_cpu_id);
        printf("        Highest Allowed CPU ID:     %"PRId32"\n", kac.highest_cpu_id);

    }

    int first_svc = 1;
    for (unsigned int i = 0; i < 0x80; i++) {
        if (kac.svcs_allowed[i]) {
            printf(first_svc ? "        Allowed SVCs:               %-35s (0x%02"PRIx32")\n" : "                                    %-35s (0x%02"PRIx32")\n", svc_names[i], i);
            first_svc = 0;
        }
    }

    int first_mmio = 1;
    if (kac.mmio != NULL) {
        kac_mmio_t *cur_mmio;
        while (kac.mmio != NULL) {
            cur_mmio = kac.mmio;
            printf(first_mmio ? "        Mapped IO:                  " : "                                    ");
            first_mmio = 0;
            printf("(%09"PRIx64"-%09"PRIx64", %s, %s)\n", cur_mmio->address, cur_mmio->address + cur_mmio->size, cur_mmio->is_ro ? "RO" : "RW", cur_mmio->is_norm ? "Normal" : "IO");
            kac.mmio = kac.mmio->next;
            free(cur_mmio);
        }
    }

    if (kac.irqs != NULL) {
        printf("        Mapped Interrupts:          ");
        int num_irqs = 0;
        while (kac.irqs != NULL) {   
            cur_irq = kac.irqs;
            if (cur_irq->irq0 != 0x3FF) {
                if (num_irqs % 8 == 0) {
                    if (num_irqs) printf("\n                                    ");
                } else {
                    printf(", ");
                }
                printf("0x%03"PRIx32, cur_irq->irq0);
                num_irqs++;
            }
            if (cur_irq->irq1 != 0x3FF) {
                if (num_irqs % 8 == 0) {
                    if (num_irqs) printf("\n                                    ");
                } else {
                    printf(", ");
                }
                printf("0x%03"PRIx32, cur_irq->irq1);
                num_irqs++;
            }
            kac.irqs = kac.irqs->next;
            free(cur_irq);
        }
        printf("\n");
    }

    if (kac.has_app_type) {
        printf("        Application Type:           %s\n", kac_get_app_type(kac.application_type));
    }

    if (kac.has_handle_table_size) {
        printf("        Handle Table Size:          %"PRId32"\n", kac.handle_table_size);
    }
    
    if (kac.has_kern_ver) {
        printf("        Minimum Kernel Version:     %"PRIu32"\n", kac.kernel_release_version);
    }

    if (kac.has_debug_flags) {
        printf("        Allow Debug:                %s\n", kac.allow_debug ? "YES" : "NO");
        printf("        Force Debug:                %s\n", kac.force_debug ? "YES" : "NO");
    }
}

/* Modified from https://stackoverflow.com/questions/23457305/compare-strings-with-wildcard */
static int match(const char *pattern, const char *candidate, int p, int c) {
    if (pattern[p] == '\0') {
        return candidate[c] == '\0';
    } else if (pattern[p] == '*') {
        for (; candidate[c] != '\0'; c++) {
            if (match(pattern, candidate, p+1, c))
            return 1;
        }
        return match(pattern, candidate, p+1, c);
    } else {
        return match(pattern, candidate, p+1, c+1);
    }
}

static int sac_matches(sac_entry_t *lst, char *service) {
    sac_entry_t *cur = lst;
    while (cur != NULL) {
        if (match(cur->service, service, 0, 0)) return 1;
        cur = cur->next;
    }
    return 0;
}

static void sac_parse(char *sac, uint32_t sac_size, sac_entry_t *r_host, sac_entry_t *r_accesses, sac_entry_t **out_hosts, sac_entry_t **out_accesses) {
    sac_entry_t *accesses = NULL;
    sac_entry_t *hosts = NULL;
    sac_entry_t *cur_entry = NULL;
    sac_entry_t *temp = NULL;
    uint32_t ofs = 0;
    uint32_t service_len;
    char ctrl;
    while (ofs < sac_size) {
        ctrl = sac[ofs++];
        service_len = (ctrl & 0xF) + 1;
        cur_entry = calloc(1, sizeof(sac_entry_t));
        if (ctrl & 0x80) {
            cur_entry->valid = r_host != NULL ? sac_matches(r_host, cur_entry->service) : 1;
        } else {
            cur_entry->valid = r_host != NULL ? sac_matches(r_accesses, cur_entry->service) : 1;
        }
        strncpy(cur_entry->service, &sac[ofs], service_len);
        if (ctrl & 0x80 && hosts == NULL) {
            hosts = cur_entry;
        } else if (!(ctrl & 0x80) && accesses == NULL) {
            accesses = cur_entry;
        } else {
            if (ctrl & 0x80) {
                temp = hosts;
            } else {
                temp = accesses;
            }
            while (temp->next != NULL) {
                temp = temp->next;
            }
            temp->next = cur_entry;
        }
        cur_entry = NULL;
        ofs += service_len;
    }
    *out_hosts = hosts;
    *out_accesses = accesses;
}

static void sac_print(char *acid_sac, uint32_t acid_size, char *aci0_sac, uint32_t aci0_size) {
    /* Parse the ACID sac. */
    sac_entry_t *acid_accesses = NULL;
    sac_entry_t *acid_hosts = NULL;
    sac_entry_t *temp = NULL;
    sac_parse(acid_sac, acid_size, NULL, NULL, &acid_hosts, &acid_accesses);

    /* The ACID sac restricts the ACI0 sac... */
    sac_entry_t *aci0_accesses = NULL;
    sac_entry_t *aci0_hosts = NULL;
    sac_parse(aci0_sac, aci0_size, acid_hosts, acid_accesses, &aci0_hosts, &aci0_accesses);

    int first = 1;
    while (aci0_hosts != NULL) {
        printf(first ? "        Hosts:                      %-16s%s\n" : "                                    %-16s%s\n", aci0_hosts->service, aci0_hosts->valid ? "" : "(Invalid)");
        temp = aci0_hosts;
        aci0_hosts = aci0_hosts->next;
        free(temp);
        first = 0;
    }

    first = 1;
    while (aci0_accesses != NULL) {
        printf(first ? "        Accesses:                   %-16s%s\n" : "                                    %-16s%s\n", aci0_accesses->service, aci0_accesses->valid ? "" : "(Invalid)");
        temp = aci0_accesses;
        aci0_accesses = aci0_accesses->next;
        free(temp);
        first = 0;
    }

    while (acid_hosts != NULL) {
        temp = acid_hosts;
        acid_hosts = acid_hosts->next;
        free(temp);
    }

    while (acid_accesses != NULL) {
        temp = acid_accesses;
        acid_accesses = acid_accesses->next;
        free(temp);
    }
}



static void fac_print(fac_t *fac, fah_t *fah) {
    if (fac->version == fah->version) {
        printf("        Version:                    %"PRId32"\n", fac->version);
    } else {
        printf("        Control Version:            %"PRId32"\n", fac->version);
        printf("        Header Version:             %"PRId32"\n", fah->version);
    }
    uint64_t perms = fac->perms & fah->perms;
    printf("        Raw Permissions:            0x%016"PRIx64"\n", perms);
    printf("        RW Permissions:             ");
    for (unsigned int i = 0; i < MAX_FS_PERM_RW; i++) {
        if (fs_permissions_rw[i].mask & perms) {
            if (fs_permissions_rw[i].mask & (perms & FS_PERM_MASK_NODEBUG)) {
                printf("%s\n                                    ", fs_permissions_rw[i].name);
            } else {
                printf("%-32s [DEBUG ONLY]\n                                    ", fs_permissions_rw[i].name);
            }
        }
    }
    printf("\n");
    printf("        Boolean Permissions:        ");
    for (unsigned int i = 0; i < MAX_FS_PERM_BOOL; i++) {
        if (fs_permissions_bool[i].mask & perms) {
            if (fs_permissions_bool[i].mask & (perms & FS_PERM_MASK_NODEBUG)) {
                printf("%s\n                                    ", fs_permissions_bool[i].name);
            } else {
                printf("%-32s [DEBUG ONLY]\n                                    ", fs_permissions_bool[i].name);
            }        
        }
    }
    printf("\n");
}

void npdm_process(npdm_t *npdm, hactool_ctx_t *tool_ctx) {
    if (tool_ctx->action & ACTION_INFO) {
        npdm_print(npdm, tool_ctx);
    }
    
    if (tool_ctx->action & ACTION_EXTRACT) {
        npdm_save(npdm, tool_ctx);
    }
}

void npdm_print(npdm_t *npdm, hactool_ctx_t *tool_ctx) {
    printf("NPDM:\n");
    print_magic("    Magic:                          ", npdm->magic);
    printf("    MMU Flags:                      %"PRIx8"\n", npdm->mmu_flags);
    printf("    Main Thread Priority:           %"PRId8"\n", npdm->main_thread_prio);
    printf("    Default CPU ID:                 %"PRIx8"\n", npdm->default_cpuid);
    printf("    Process Category:               %s\n", npdm_get_proc_category(npdm->process_category));
    printf("    Main Thread Stack Size:         0x%"PRIx32"\n", npdm->main_stack_size);
    printf("    Title Name:                     %s\n", npdm->title_name);
    npdm_acid_t *acid = npdm_get_acid(npdm);
    npdm_aci0_t *aci0 = npdm_get_aci0(npdm);
    printf("    ACID:\n");
    print_magic("        Magic:                      ", acid->magic);
    if (tool_ctx->action & ACTION_VERIFY) {
        if (rsa2048_pss_verify(acid->modulus, acid->size, acid->signature, tool_ctx->settings.keyset.acid_fixed_key_modulus)) {
            memdump(stdout, "        Signature (GOOD):           ", &acid->signature, 0x100);
        } else {
            memdump(stdout, "        Signature (FAIL):           ", &acid->signature, 0x100);
        }
    } else {
        memdump(stdout, "        Signature:                  ", &acid->signature, 0x100);
    }
    memdump(stdout, "        Header Modulus:             ", &acid->modulus, 0x100);
    printf("        Is Retail:                  %"PRId32"\n", acid->flags & 1);
    printf("        Pool Partition:             %"PRId32"\n", (acid->flags >> 2) & 3);
    printf("        Title ID Range:             %016"PRIx64"-%016"PRIx64"\n", acid->title_id_range_min, acid->title_id_range_max);
    printf("    ACI0:\n");
    print_magic("        Magic:                      ", aci0->magic);
    printf("        Title ID:                   %016"PRIx64"\n", aci0->title_id);

    /* Kernel access control. */
    uint32_t *acid_kac = (uint32_t *)((char *)acid + acid->kac_offset);
    uint32_t *aci0_kac = (uint32_t *)((char *)aci0 + aci0->kac_offset);
    if (acid->kac_size == aci0->kac_size && memcmp(acid_kac, aci0_kac, acid->kac_size) == 0) {
        /* Shared KAC. */
        printf("    Kernel Access Control:\n");
        kac_print(acid_kac, acid->kac_size/sizeof(uint32_t));
    } else {
        /* Different KAC. */
        printf("    ACID Kernel Access Control:\n");
        kac_print(acid_kac, acid->kac_size/sizeof(uint32_t));
        printf("    ACI0 Kernel Access Control:\n");
        kac_print(aci0_kac, aci0->kac_size/sizeof(uint32_t));
    }

    /* Service access control. */
    char *acid_sac = ((char *)acid + acid->sac_offset);
    char *aci0_sac = ((char *)aci0 + aci0->sac_offset);
    printf("    Service Access Control:\n");
    sac_print(acid_sac, acid->sac_size, aci0_sac, aci0->sac_size);

    /* FS access control. */
    fac_t *fac = (fac_t *)((char *)acid + acid->fac_offset);
    fah_t *fah = (fah_t *)((char *)aci0 + aci0->fah_offset);
    printf("    Filesystem Access Control:\n");
    fac_print(fac, fah);
}


void npdm_save(npdm_t *npdm, hactool_ctx_t *tool_ctx) {
    filepath_t *json_path = &tool_ctx->settings.npdm_json_path;
    if (json_path->valid != VALIDITY_VALID) {
        return;
    }

    FILE *f_json = os_fopen(json_path->os_path, OS_MODE_WRITE);
    if (f_json == NULL) {
        fprintf(stderr, "Failed to open %s!\n", json_path->char_path);
        return;
    }

    char *json = npdm_get_json(npdm);
    if (fwrite(json, 1, strlen(json), f_json) != strlen(json)) {
        fprintf(stderr, "Failed to write JSON file!\n");
        exit(EXIT_FAILURE);
    }
    cJSON_free(json);
    fclose(f_json);
}

static cJSON *kac_create_obj(const char *type, cJSON *val) {
  cJSON *tempobj = NULL;

  tempobj = cJSON_CreateObject();
  cJSON_AddStringToObject(tempobj, "type", type);
  cJSON_AddItemToObject(tempobj, "value", val);
  return tempobj;
}

void cJSON_AddU16ToKacArray(cJSON *obj, const char *name, uint16_t val) {
  char buf[0x20] = {0};
  snprintf(buf, sizeof(buf), "0x%04"PRIx16, val);
  cJSON_AddItemToArray(obj, kac_create_obj(name, cJSON_CreateString(buf)));
}

void cJSON_AddU32ToKacArray(cJSON *obj, const char *name, uint32_t val) {
    char buf[0x20] = {0};
    snprintf(buf, sizeof(buf), "0x%08"PRIx32, val);
    cJSON_AddItemToArray(obj, kac_create_obj(name, cJSON_CreateString(buf)));
}

void cJSON_AddU8ToObject(cJSON *obj, const char *name, uint8_t val) {
    char buf[0x20] = {0};
    snprintf(buf, sizeof(buf), "0x%02"PRIx8, val);
    cJSON_AddStringToObject(obj, name, buf);
}

void cJSON_AddU16ToObject(cJSON *obj, const char *name, uint16_t val) {
    char buf[0x20] = {0};
    snprintf(buf, sizeof(buf), "0x%04"PRIx16, val);
    cJSON_AddStringToObject(obj, name, buf);
}

void cJSON_AddU32ToObject(cJSON *obj, const char *name, uint32_t val) {
    char buf[0x20] = {0};
    snprintf(buf, sizeof(buf), "0x%08"PRIx32, val);
    cJSON_AddStringToObject(obj, name, buf);
}

void cJSON_AddU64ToObject(cJSON *obj, const char *name, uint64_t val) {
    char buf[0x20] = {0};
    snprintf(buf, sizeof(buf), "0x%016"PRIx64, val);
    cJSON_AddStringToObject(obj, name, buf);
}

static cJSON *sac_access_get_json(char *sac, uint32_t sac_size) {
  cJSON *sac_json = cJSON_CreateArray();
  char service[9] = {0};
  uint32_t ofs = 0;
  uint32_t service_len;
  char ctrl;
  while (ofs < sac_size) {
    ctrl = sac[ofs++];
    service_len = (ctrl & 0x7) + 1;
    if (!(ctrl & 0x80)) {
      memset(service, 0, sizeof(service));
      memcpy(service, &sac[ofs], service_len);
      cJSON_AddItemToArray(sac_json, cJSON_CreateString(service));
    }
    ofs += service_len;
  }

  return sac_json;
}

static cJSON *sac_host_get_json(char *sac, uint32_t sac_size) {
    cJSON *sac_json = cJSON_CreateArray();
    char service[9] = {0};
    uint32_t ofs = 0;
    uint32_t service_len;
    char ctrl;
    while (ofs < sac_size) {
        ctrl = sac[ofs++];
        service_len = (ctrl & 0x7) + 1;
        if (ctrl & 0x80) {
          memset(service, 0, sizeof(service));
          memcpy(service, &sac[ofs], service_len);
          cJSON_AddItemToArray(sac_json, cJSON_CreateString(service));
        }
        ofs += service_len;
    }

    return sac_json;
}

cJSON *kac_get_json(const uint32_t *descriptors, uint32_t num_descriptors) {
    cJSON *kac_json = cJSON_CreateArray();
    cJSON *syscall_memory = NULL;
    cJSON *temp = NULL;
    unsigned int syscall_base;
    for (uint32_t i = 0; i < num_descriptors; i++) {
        uint32_t desc = descriptors[i];
        if (desc == 0xFFFFFFFF) {
            continue;
        }
        unsigned int low_bits = 0;
        while (desc & 1) {
            desc >>= 1;
            low_bits++;
        }
        desc >>= 1;
        switch (low_bits) {
            case 3: /* Kernel flags. */
                temp = cJSON_CreateObject();
                cJSON_AddNumberToObject(temp, "highest_thread_priority", desc & 0x3F);
                desc >>= 6;
                cJSON_AddNumberToObject(temp, "lowest_thread_priority", desc & 0x3F);
                desc >>= 6;
                cJSON_AddNumberToObject(temp, "lowest_cpu_id", desc & 0xFF);
                desc >>= 8;
                cJSON_AddNumberToObject(temp, "highest_cpu_id", desc & 0xFF);
                cJSON_AddItemToArray(kac_json, kac_create_obj("kernel_flags", temp));
                break;
            case 4: /* Syscall mask. */
                if (syscall_memory == NULL) {
                    temp = cJSON_CreateObject();
                    cJSON_AddItemToArray(kac_json, kac_create_obj("syscalls", temp));
                    syscall_memory = temp;
                } else {
                    temp = syscall_memory;
                }
                syscall_base = (desc >> 24) * 0x18;
                for (unsigned int sc = 0; sc < 0x18 && syscall_base + sc < 0x80; sc++) {
                    if (desc & 1) {
                        cJSON_AddU8ToObject(temp, strdup(svc_names[sc + syscall_base]), sc + syscall_base);
                    }
                    desc >>= 1;
                }
                break;
            case 6: /* Map IO/Normal. */
                temp = cJSON_CreateObject();
                cJSON_AddU32ToObject(temp, "address", (desc & 0xFFFFFF) << 12);
                cJSON_AddBoolToObject(temp, "is_ro", (desc >> 24) & 1);
                if (i == num_descriptors - 1) {
                    fprintf(stderr, "Error: Invalid Kernel Access Control Descriptors!\n");
                    exit(EXIT_FAILURE);
                }
                desc = descriptors[++i];
                if ((desc & 0x7F) != 0x3F) {
                    fprintf(stderr, "Error: Invalid Kernel Access Control Descriptors!\n");
                    exit(EXIT_FAILURE);
                }
                desc >>= 7;
                cJSON_AddU32ToObject(temp, "size", (desc & 0xFFFFFF) << 12);
                cJSON_AddBoolToObject(temp, "is_io", ((desc >> 24) & 1) == 0);
                cJSON_AddItemToArray(kac_json, kac_create_obj("map", temp));
                break;
            case 7: /* Map Normal Page. */
                cJSON_AddU32ToKacArray(kac_json, "map_page", desc << 12);
                break;
            case 11: /* IRQ Pair. */
                temp = cJSON_CreateArray();
                if ((desc & 0x3FF) == 0x3FF) {
                    cJSON_AddItemToArray(temp, cJSON_CreateNull());
                } else {
                    cJSON_AddItemToArray(temp, cJSON_CreateNumber(desc & 0x3FF));
                }
                desc >>= 10;
                if ((desc & 0x3FF) == 0x3FF) {
                    cJSON_AddItemToArray(temp, cJSON_CreateNull());
                } else {
                    cJSON_AddItemToArray(temp, cJSON_CreateNumber(desc & 0x3FF));
                }
                cJSON_AddItemToArray(kac_json, kac_create_obj("irq_pair", temp));
                break;
            case 13: /* App Type. */
                cJSON_AddItemToArray(kac_json, kac_create_obj("application_type", cJSON_CreateNumber(desc & 7)));
                break;
            case 14: /* Kernel Release Version. */
                cJSON_AddU16ToKacArray(kac_json, "min_kernel_version", desc & 0xFFFF);
                break;
            case 15: /* Handle Table Size. */
                cJSON_AddItemToArray(kac_json, kac_create_obj("handle_table_size", cJSON_CreateNumber(desc)));
                break;
            case 16: /* Debug Flags. */
                temp = cJSON_CreateObject();
                cJSON_AddBoolToObject(temp, "allow_debug", (desc >> 0) & 1);
                cJSON_AddBoolToObject(temp, "force_debug", (desc >> 1) & 1);
                cJSON_AddItemToArray(kac_json, kac_create_obj("debug_flags", temp));

               // kac.has_debug_flags = 1;
               // kac.allow_debug = desc & 1;
               // kac.force_debug = (desc >> 1) & 1;
                break;
        }
        temp = NULL;
    }
    return kac_json;
}

char *npdm_get_json(npdm_t *npdm) {
    npdm_acid_t *acid = npdm_get_acid(npdm);
    npdm_aci0_t *aci0 = npdm_get_aci0(npdm);
    cJSON *npdm_json = cJSON_CreateObject();
    char *output_str = NULL;
    char work_buffer[0x300] = {0};
    
    /* Add NPDM header fields. */
    strcpy(work_buffer, npdm->title_name);
    cJSON_AddStringToObject(npdm_json, "name", work_buffer);
    cJSON_AddU64ToObject(npdm_json, "title_id", aci0->title_id);
    cJSON_AddU64ToObject(npdm_json, "title_id_range_min", acid->title_id_range_min);
    cJSON_AddU64ToObject(npdm_json, "title_id_range_max", acid->title_id_range_max);
    cJSON_AddU32ToObject(npdm_json, "main_thread_stack_size", npdm->main_stack_size);
    cJSON_AddNumberToObject(npdm_json, "main_thread_priority", npdm->main_thread_prio);
    cJSON_AddNumberToObject(npdm_json, "default_cpu_id", npdm->default_cpuid);
    cJSON_AddNumberToObject(npdm_json, "process_category", npdm->process_category);
    cJSON_AddBoolToObject(npdm_json, "is_retail", acid->flags & 1);
    cJSON_AddNumberToObject(npdm_json, "pool_partition", (acid->flags >> 2) & 3);
    cJSON_AddBoolToObject(npdm_json, "is_64_bit", npdm->mmu_flags & 1);
    cJSON_AddNumberToObject(npdm_json, "address_space_type", (npdm->mmu_flags >> 1) & 7);
    
    /* Add FAC. */
    fac_t *fac = (fac_t *)((char *)acid + acid->fac_offset);
    fah_t *fah = (fah_t *)((char *)aci0 + aci0->fah_offset);
    cJSON *fac_json = cJSON_CreateObject();
    cJSON_AddU64ToObject(fac_json, "permissions", fac->perms & fah->perms);
    cJSON_AddItemToObject(npdm_json, "filesystem_access", fac_json);
    
    /* Add SAC. */
    cJSON *sac_access_json = sac_access_get_json((char *)aci0 + aci0->sac_offset, aci0->sac_size);
    cJSON *sac_host_json = sac_host_get_json((char *)aci0 + aci0->sac_offset, aci0->sac_size);
    cJSON_AddItemToObject(npdm_json, "service_access", sac_access_json);
    cJSON_AddItemToObject(npdm_json, "service_host", sac_host_json);
    
    /* Add KAC. */
    cJSON *kac_json = kac_get_json((uint32_t *)((char *)aci0 + aci0->kac_offset), aci0->kac_size / sizeof(uint32_t));
    cJSON_AddItemToObject(npdm_json, "kernel_capabilities", kac_json);
    
    output_str = cJSON_Print(npdm_json);
    
    cJSON_Delete(npdm_json);
    return output_str;
}