search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Zeventig: decrypt/dump wad files
[svpe-tools.git] / tools.c
blob2d13cb0ff52f2100b9c76e037103fa0735798da4
1 // Copyright 2007,2008 Segher Boessenkool <segher@kernel.crashing.org>
2 // Licensed under the terms of the GNU GPL, version 2
3 // http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
4
5 #include "tools.h"
6
7 #include <openssl/md5.h>
8 #include <openssl/aes.h>
9 #include <openssl/sha.h>
10 #include <stdarg.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <stdio.h>
14
15 //
16 // basic data types
17 //
18
19 u16 be16(u8 *p)
20 {
21 return (p[0] << 8) | p[1];
22 }
23
24 u32 be32(u8 *p)
25 {
26 return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
27 }
28
29 u64 be64(u8 *p)
30 {
31 return ((u64)be32(p) << 32) | be32(p + 4);
32 }
33
34 u64 be34(u8 *p)
35 {
36 return 4 * (u64)be32(p);
37 }
38
39 //
40 // crypto
41 //
42
43 void md5(u8 *data, u32 len, u8 *hash)
44 {
45 MD5(data, len, hash);
46 }
47
48 void sha(u8 *data, u32 len, u8 *hash)
49 {
50 SHA1(data, len, hash);
51 }
52
53 void get_key(const char *name, u8 *key, u32 len)
54 {
55 char path[256];
56 char *home;
57 FILE *fp;
58
59 home = getenv("HOME");
60 if (home == 0)
61 fatal("cannot find HOME");
62 snprintf(path, sizeof path, "%s/.wii/%s", home, name);
63
64 fp = fopen(path, "rb");
65 if (fp == 0)
66 fatal("cannot open %s", name);
67 if (fread(key, len, 1, fp) != 1)
68 fatal("error reading %s", name);
69 fclose(fp);
70 }
71
72 void aes_cbc_dec(u8 *key, u8 *iv, u8 *in, u32 len, u8 *out)
73 {
74 AES_KEY aes_key;
75
76 AES_set_decrypt_key(key, 128, &aes_key);
77 AES_cbc_encrypt(in, out, len, &aes_key, iv, AES_DECRYPT);
78 }
79
80 void decrypt_title_key(u8 *tik, u8 *title_key)
81 {
82 u8 common_key[16];
83 u8 iv[16];
84
85 get_key("common-key", common_key, 16);
86
87 memset(iv, 0, sizeof iv);
88 memcpy(iv, tik + 0x01dc, 8);
89 aes_cbc_dec(common_key, iv, tik + 0x01bf, 16, title_key);
90 }
91
92 static u8 root_key[0x204];
93 static u8 *get_root_key(void)
94 {
95 get_key("root-key", root_key, sizeof root_key);
96 return root_key;
97 }
98
99 static u32 get_sig_len(u8 *sig)
100 {
101 u32 type;
102
103 type = be32(sig);
104 switch (type - 0x10000) {
105 case 0:
106 return 0x240;
107
108 case 1:
109 return 0x140;
110
111 case 2:
112 return 0x80;
113 }
114
115 fprintf(stderr, "get_sig_len(): unhandled sig type %08x\n", type);
116 return 0;
117 }
118
119 static u32 get_sub_len(u8 *sub)
120 {
121 u32 type;
122
123 type = be32(sub + 0x40);
124 switch (type) {
125 case 0:
126 return 0x2c0;
127
128 case 1:
129 return 0x1c0;
130
131 case 2:
132 return 0x100;
133 }
134
135 fprintf(stderr, "get_sub_len(): unhandled sub type %08x\n", type);
136 return 0;
137 }
138
139 int check_ec(u8 *ng, u8 *ap, u8 *sig, u8 *sig_hash)
140 {
141 u8 ap_hash[20];
142 u8 *ng_Q, *ap_R, *ap_S;
143 u8 *ap_Q, *sig_R, *sig_S;
144
145 ng_Q = ng + 0x0108;
146 ap_R = ap + 0x04;
147 ap_S = ap + 0x22;
148
149 SHA1(ap + 0x80, 0x100, ap_hash);
150
151 ap_Q = ap + 0x0108;
152 sig_R = sig;
153 sig_S = sig + 30;
154
155 return check_ecdsa(ng_Q, ap_R, ap_S, ap_hash)
156 && check_ecdsa(ap_Q, sig_R, sig_S, sig_hash);
157 }
158
159 static int check_rsa(u8 *h, u8 *sig, u8 *key, u32 n)
160 {
161 u8 correct[0x200];
162 u8 x[0x200];
163 static const u8 ber[16] = "\x00\x30\x21\x30\x09\x06\x05\x2b"
164 "\x0e\x03\x02\x1a\x05\x00\x04\x14";
165
166 //fprintf(stderr, "n = %x\n", n);
167 //fprintf(stderr, "key:\n");
168 //hexdump(key, n);
169 //fprintf(stderr, "sig:\n");
170 //hexdump(sig, n);
171
172 correct[0] = 0;
173 correct[1] = 1;
174 memset(correct + 2, 0xff, n - 38);
175 memcpy(correct + n - 36, ber, 16);
176 memcpy(correct + n - 20, h, 20);
177 //fprintf(stderr, "correct is:\n");
178 //hexdump(correct, n);
179
180 bn_exp(x, sig, key, n, key + n, 4);
181 //fprintf(stderr, "x is:\n");
182 //hexdump(x, n);
183
184 if (memcmp(correct, x, n) == 0)
185 return 0;
186
187 return -5;
188 }
189
190 static int check_hash(u8 *h, u8 *sig, u8 *key)
191 {
192 u32 type;
193
194 type = be32(sig) - 0x10000;
195 if (type != be32(key + 0x40))
196 return -6;
197
198 switch (type) {
199 case 1:
200 return check_rsa(h, sig + 4, key + 0x88, 0x100);
201 }
202
203 return -7;
204 }
205
206 static u8 *find_cert_in_chain(u8 *sub, u8 *cert, u32 cert_len)
207 {
208 char parent[64];
209 char *child;
210 u32 sig_len, sub_len;
211 u8 *p;
212 u8 *issuer;
213
214 strncpy(parent, sub, sizeof parent);
215 parent[sizeof parent - 1] = 0;
216 child = strrchr(parent, '-');
217 if (child)
218 *child++ = 0;
219 else {
220 *parent = 0;
221 child = sub;
222 }
223
224 for (p = cert; p < cert + cert_len; p += sig_len + sub_len) {
225 sig_len = get_sig_len(p);
226 if (sig_len == 0)
227 return 0;
228 issuer = p + sig_len;
229 sub_len = get_sub_len(issuer);
230 if (sub_len == 0)
231 return 0;
232
233 if (strcmp(parent, issuer) == 0
234 && strcmp(child, issuer + 0x44) == 0)
235 return p;
236 }
237
238 return 0;
239 }
240
241 int check_cert_chain(u8 *data, u32 data_len, u8 *cert, u32 cert_len)
242 {
243 u8 *sig;
244 u8 *sub;
245 u32 sig_len;
246 u32 sub_len;
247 u8 h[20];
248 u8 *key_cert;
249 u8 *key;
250 int ret;
251
252 sig = data;
253 sig_len = get_sig_len(sig);
254 if (sig_len == 0)
255 return -1;
256 sub = data + sig_len;
257 sub_len = data_len - sig_len;
258 if (sub_len == 0)
259 return -2;
260
261 for (;;) {
262 fprintf(stderr, ">>>>>> checking sig by %s...\n", sub);
263 if (strcmp(sub, "Root") == 0) {
264 key = get_root_key();
265 sha(sub, sub_len, h);
266 if (be32(sig) != 0x10000)
267 return -8;
268 return check_rsa(h, sig + 4, key, 0x200);
269 }
270
271 key_cert = find_cert_in_chain(sub, cert, cert_len);
272 if (key_cert == 0)
273 return -3;
274
275 key = key_cert + get_sig_len(key_cert);
276
277 sha(sub, sub_len, h);
278 ret = check_hash(h, sig, key);
279 if (ret)
280 return ret;
281
282 sig = key_cert;
283 sig_len = get_sig_len(sig);
284 if (sig_len == 0)
285 return -4;
286 sub = sig + sig_len;
287 sub_len = get_sub_len(sub);
288 if (sub_len == 0)
289 return -5;
290 }
291 }
292
293 //
294 // compression
295 //
296
297 void do_yaz0(u8 *in, u32 in_size, u8 *out, u32 out_size)
298 {
299 u32 nout;
300 u8 bits;
301 u32 nbits;
302 u32 n, d, i;
303
304 nbits = 0;
305 in += 0x10;
306 for (nout = 0; nout < out_size; ) {
307 if (nbits == 0) {
308 bits = *in++;
309 nbits = 8;
310 }
311
312 if ((bits & 0x80) != 0) {
313 *out++ = *in++;
314 nout++;
315 } else {
316 n = *in++;
317 d = *in++;
318 d |= (n << 8) & 0xf00;
319 n >>= 4;
320 if (n == 0)
321 n = 0x10 + *in++;
322 n += 2;
323 d++;
324
325 for (i = 0; i < n; i++) {
326 *out = *(out - d);
327 out++;
328 }
329 nout += n;
330 }
331
332 nbits--;
333 bits <<= 1;
334 };
335 }
336
337 //
338 // error handling
339 //
340
341 void fatal(const char *s, ...)
342 {
343 char message[256];
344 va_list ap;
345
346 va_start(ap, s);
347 vsnprintf(message, sizeof message, s, ap);
348
349 perror(message);
350
351 exit(1);
352 }
353
354 //
355 // output formatting
356 //
357
358 void print_bytes(u8 *x, u32 n)
359 {
360 u32 i;
361
362 for (i = 0; i < n; i++)
363 fprintf(stderr, "%02x", x[i]);
364 }
365
366 void hexdump(u8 *x, u32 n)
367 {
368 u32 i, j;
369
370 for (i = 0; i < n; i += 16) {
371 fprintf(stderr, "%04x:", i);
372 for (j = 0; j < 16 && i + j < n; j++) {
373 if ((j & 3) == 0)
374 fprintf(stderr, " ");
375 fprintf(stderr, "%02x", *x++);
376 }
377 fprintf(stderr, "\n");
378 }
379 }
380
381 void dump_tmd(u8 *tmd)
382 {
383 u32 i, n;
384 u8 *p;
385
386 printf(" issuer: %s\n", tmd + 0x140);
387 printf(" sys_version: %016llx\n", be64(tmd + 0x0184));
388 printf(" title_id: %016llx\n", be64(tmd + 0x018c));
389 printf(" title_type: %08x\n", be32(tmd + 0x0194));
390 printf(" group_id: %04x\n", be16(tmd + 0x0198));
391 printf("title_version: %04x\n", be16(tmd + 0x01dc));
392 printf(" num_contents: %04x\n", be16(tmd + 0x01de));
393 printf(" boot_index: %04x\n", be16(tmd + 0x01e0));
394
395 n = be16(tmd + 0x01de);
396 p = tmd + 0x01e4;
397 for (i = 0; i < n; i++) {
398 printf("cid %08x index %04x type %04x size %08llx\n",
399 be32(p), be16(p + 4), be16(p + 6), be64(p + 8));
400 p += 0x24;
401 }
402 }
Fork of segher's (public) wii tools.