private int validateNPD(String filename, byte[] devKLic, NPD[] npdPtr, FileStream i) { i.Seek(0, SeekOrigin.Begin); byte[] npd = new byte[0x80]; i.Read(npd, 0, npd.Length); byte[] extraData = new byte[0x04]; i.Read(extraData, 0, extraData.Length); long flag = ConversionUtils.be32(extraData, 0); if ((flag & FLAG_SDAT) != 0) { Console.WriteLine("INFO: SDAT detected. NPD header is not validated"); } else if (!checkNPDHash1(filename, npd)) { Console.WriteLine("ERROR: Hashing Title ID Name"); return(STATUS_ERROR_HASHTITLEIDNAME); } else if (devKLic == null) { Console.WriteLine("WARNING: Can not validate devklic header"); } else if (!checkNPDHash2(devKLic, npd)) { Console.WriteLine("ERROR: Hashing devklic"); return(STATUS_ERROR_HASHDEVKLIC); } npdPtr[0] = NPD.createNPD(npd); return(STATUS_OK); }
private byte[] calculateBlockKey(int blk, NPD npd) { byte[] baseKey = (npd.getVersion() <= 1) ? (new byte[0x10]) : npd.getDevHash(); byte[] result = new byte[0x10]; ConversionUtils.arraycopy(baseKey, 0, result, 0, 0xC); result[0xC] = (byte)(blk >> 24 & 0xFF); result[0xD] = (byte)(blk >> 16 & 0xFF); result[0xE] = (byte)(blk >> 8 & 0xFF); result[0xF] = (byte)(blk & 0xFF); return(result); }
/* KDSBEST END */ public int decryptFile(String inFile, String outFile, byte[] devKLic, byte[] keyFromRif) { FileStream fin = File.Open(inFile, FileMode.Open); string[] fn = fin.Name.Split('\\'); //string[] fn = fin.Name.Split('/'); Console.WriteLine(fn[fn.Length - 1]); NPD[] ptr = new NPD[1]; //Ptr to Ptr int result = validateNPD(fn[fn.Length - 1], devKLic, ptr, fin); //Validate NPD hashes if (result < 0) { fin.Close(); return(result); } NPD npd = ptr[0]; EDATData data = getEDATData(fin); //Get flags, blocksize and file len byte[] rifkey = getKey(npd, data, devKLic, keyFromRif); //Obtain the key for decryption (result of sc471 or sdatkey) if (rifkey == null) { Console.WriteLine("ERROR: Key for decryption is missing"); fin.Close(); return(STATUS_ERROR_MISSINGKEY); } else { Console.WriteLine("DECRYPTION KEY: " + ConversionUtils.getHexString(rifkey)); } result = checkHeader(rifkey, data, npd, fin); if (result < 0) { fin.Close(); return(result); } FileStream o = File.Open(outFile, FileMode.Create); result = decryptData(fin, o, npd, data, rifkey); if (result < 0) { fin.Close(); return(result); } fin.Close(); o.Close(); Console.WriteLine("COMPLETE: File Written to disk"); return(STATUS_OK); }
public static NPD createNPD(byte[] npd) { NPD result = new NPD(); ConversionUtils.arraycopy(npd, 0, result.magic, 0, 4); result.version = ConversionUtils.be32(npd, 4); result.license = ConversionUtils.be32(npd, 8); result.type = ConversionUtils.be32(npd, 0xC); ConversionUtils.arraycopy(npd, 0x10, result.content_id, 0, 0x30); ConversionUtils.arraycopy(npd, 0x40, result.digest, 0, 0x10); ConversionUtils.arraycopy(npd, 0x50, result.titleHash, 0, 0x10); ConversionUtils.arraycopy(npd, 0x60, result.devHash, 0, 0x10); result.unknown3 = ConversionUtils.be64(npd, 0x70); result.unknown4 = ConversionUtils.be64(npd, 0x78); if (!result.validate()) { result = null; } return(result); }
private byte[] getKey(NPD npd, EDATData data, byte[] devKLic, byte[] keyFromRif) { byte[] result = null; if ((data.getFlags() & FLAG_SDAT) != 0) { //Case SDAT result = new byte[0x10]; ToolsImpl.XOR(result, npd.getDevHash(), EDATKeys.SDATKEY); } else { //Case EDAT if (npd.getLicense() == 0x03) { result = devKLic; } else if (npd.getLicense() == 0x02) { result = keyFromRif; } } return(result); }
private int decryptData(FileStream ii, FileStream o, NPD npd, EDATData data, byte[] rifkey) { int numBlocks = (int)((data.getFileLen() + data.getBlockSize() - 1) / data.getBlockSize()); int metadataSectionSize = ((data.getFlags() & FLAG_COMPRESSED) != 0 || (data.getFlags() & FLAG_0x20) != 0) ? 0x20 : 0x10; int baseOffset = 0x100; //+ offset (unknown) for (int i = 0; i < numBlocks; i++) { ii.Seek(baseOffset + i * metadataSectionSize, SeekOrigin.Begin); byte[] expectedHash = new byte[0x10]; long offset; int len; int compressionEndBlock = 0; if ((data.getFlags() & FLAG_COMPRESSED) != 0) { byte[] metadata = new byte[0x20]; ii.Read(metadata, 0, metadata.Length); byte[] result = decryptMetadataSection(metadata); offset = (int)(ConversionUtils.be64(result, 0)); // + offset (unknown) len = (int)(ConversionUtils.be32(result, 8)); compressionEndBlock = (int)(ConversionUtils.be32(result, 0xC)); ConversionUtils.arraycopy(metadata, 0, expectedHash, 0, 0x10); } else if ((data.getFlags() & FLAG_0x20) != 0) { //NOT TESTED: CASE WHERE METADATASECTION IS 0x20 BYTES LONG byte[] metadata = new byte[0x20]; ii.Read(metadata, 0, metadata.Length); for (int j = 0; j < 0x10; j++) { expectedHash[j] = (byte)(metadata[j] ^ metadata[j + 0x10]); } offset = baseOffset + i * data.getBlockSize() + numBlocks * metadataSectionSize; len = (int)(data.getBlockSize()); if (i == numBlocks - 1) { len = (int)(data.getFileLen() % (new BigInteger(data.getBlockSize()))); } } else { ii.Read(expectedHash, 0, expectedHash.Length); offset = baseOffset + i * data.getBlockSize() + numBlocks * metadataSectionSize; len = (int)(data.getBlockSize()); if (i == numBlocks - 1) { len = (int)(data.getFileLen() % (new BigInteger(data.getBlockSize()))); } } int realLen = len; len = (int)((uint)(len + 0xF) & 0xFFFFFFF0); Debug.Print("Offset: %016X, len: %08X, realLen: %08X, endCompress: %d\r\n", offset, len, realLen, compressionEndBlock); ii.Seek(offset, SeekOrigin.Begin); byte[] encryptedData = new byte[len]; byte[] decryptedData = new byte[len]; ii.Read(encryptedData, 0, encryptedData.Length); byte[] key = new byte[0x10]; byte[] hash = new byte[0x10]; byte[] blockKey = calculateBlockKey(i, npd); ToolsImpl.aesecbEncrypt(rifkey, blockKey, 0, key, 0, blockKey.Length); if ((data.getFlags() & FLAG_0x10) != 0) { ToolsImpl.aesecbEncrypt(rifkey, key, 0, hash, 0, key.Length); } else { ConversionUtils.arraycopy(key, 0, hash, 0, key.Length); } int cryptoFlag = ((data.getFlags() & FLAG_0x02) == 0) ? 0x2 : 0x1; int hashFlag; if ((data.getFlags() & FLAG_0x10) == 0) { hashFlag = 0x02; } else if ((data.getFlags() & FLAG_0x20) == 0) { hashFlag = 0x04; } else { hashFlag = 0x01; } if ((data.getFlags() & FLAG_KEYENCRYPTED) != 0) { cryptoFlag |= 0x10000000; hashFlag |= 0x10000000; } if ((data.getFlags() & FLAG_DEBUG) != 0) { cryptoFlag |= 0x01000000; hashFlag |= 0x01000000; } AppLoader a = new AppLoader(); byte[] iv = (npd.getVersion() <= 1) ? (new byte[0x10]) : npd.getDigest(); bool rresult = a.doAll(hashFlag, cryptoFlag, encryptedData, 0, decryptedData, 0, encryptedData.Length, key, npd.getDigest(), hash, expectedHash, 0); if (!rresult) { Debug.WriteLine("Error decrypting block " + i); // KDSBest find out why block 30 errors //return STATUS_ERROR_DECRYPTING; } if ((data.getFlags() & FLAG_COMPRESSED) != 0) { //byte[] decompress = new byte[Long.valueOf(data.getBlockSize()).intValue()]; //DECOMPRESS: MISSING ALGORITHM //out.write(decompress, 0, data.getBlockSize()); } else { o.Write(decryptedData, 0, realLen); } } return(STATUS_OK); }
private int encryptData(FileStream ii, FileStream o, NPD npd, EDATData data, byte[] rifkey) { int numBlocks = (int)((data.getFileLen() + data.getBlockSize() - 1) / data.getBlockSize()); byte[] expectedHashForFile = new byte[numBlocks * 0x10]; byte[] encryptedDataForFile = new byte[ii.Length + 0xF]; // File Format: // ALL HASHES // Encrypted Data for (int i = 0; i < numBlocks; i++) { long offset; int len; offset = i * data.getBlockSize(); ii.Seek(offset, SeekOrigin.Begin); len = (int)(data.getBlockSize()); if (i == numBlocks - 1) { len = (int)(data.getFileLen() % (new BigInteger(data.getBlockSize()))); } int realLen = len; len = (int)((uint)(len + 0x0F) & 0xFFFFFFF0); byte[] encryptedData = new byte[len]; byte[] decryptedData = new byte[len]; int toRead = realLen; while (toRead > 0) { toRead -= ii.Read(decryptedData, realLen - toRead, toRead); } for (int ai = realLen; ai < len; ai++) { decryptedData[ai] = 0x00; } byte[] key = new byte[0x10]; byte[] hash = new byte[0x10]; byte[] blockKey = calculateBlockKey(i, npd); ToolsImpl.aesecbEncrypt(rifkey, blockKey, 0, key, 0, blockKey.Length); ConversionUtils.arraycopy(key, 0, hash, 0, key.Length); int cryptoFlag = 0x2; int hashFlag = 0x02; AppLoaderReverse a = new AppLoaderReverse(); byte[] iv = npd.getDigest(); byte[] generatedHash = new byte[0x10]; a.doAll(hashFlag, cryptoFlag, decryptedData, 0, encryptedData, 0, decryptedData.Length, key, iv, hash, generatedHash, 0); ConversionUtils.arraycopy(encryptedData, 0, encryptedDataForFile, offset, len); ConversionUtils.arraycopy(generatedHash, 0, expectedHashForFile, i * 0x10, 0x10); } byte[] EDATAVersion = ConversionUtils.getByteArray("4D6164652062792052325220546F6F6C"); o.Write(expectedHashForFile, 0, expectedHashForFile.Length); o.Write(encryptedDataForFile, 0, encryptedDataForFile.Length - 0xf); o.Write(EDATAVersion, 0, EDATAVersion.Length); return(STATUS_OK); }
/* KDSBEST START */ public int encryptFile(String inFile, String outFile, byte[] devKLic, byte[] keyFromRif, byte[] contentID, byte[] flags, byte[] type, byte[] version) { FileStream fin = File.Open(inFile, FileMode.Open); // MemoryMappedFile fin1 = MemoryMappedFile.CreateFromFile(inFile, FileMode.Open); NPD[] ptr = new NPD[1]; //Ptr to Ptr FileStream o = File.Open(outFile, FileMode.Create); string[] fn = o.Name.Split('\\'); byte[] npd = writeValidNPD(fn[fn.Length - 1], devKLic, ptr, fin, contentID, flags, version, type); o.Write(npd, 0, npd.Length); byte[] buffer = new byte[4]; // FLAGS buffer[0] = 0x00; buffer[1] = 0x00; buffer[2] = 0x00; buffer[3] = 0x00; o.Write(buffer, 0, 4); // blocksize 0x00004000 buffer[2] = 0x40; o.Write(buffer, 0, 4); long len = fin.Length; byte[] lenBuf = BitConverter.GetBytes(len); byte[] rLenBuf = new byte[8]; for (int i = 0; i < 8; i++) { rLenBuf[i] = 0x00; } for (int i = 0; i < lenBuf.Length; i++) { rLenBuf[7 - i] = lenBuf[i]; } o.Write(rLenBuf, 0, 8); // Fill the rest 0x10 bytes with dummy we generate the metasection hash later! // the bytes till 0x100 are unknown buffer[0] = 0x00; while (o.Length < 0x100) { o.Write(buffer, 0, 1); } EDATData data = new EDATData(); data.flags = 0x00000000; data.blockSize = 0x00004000; data.fileLen = new BigInteger(len); byte[] rifkey = getKey(ptr[0], data, devKLic, keyFromRif); //Obtain the key for decryption (result of sc471 or sdatkey) int hashFlag = 0x00000002; encryptData(fin, o, ptr[0], data, rifkey); o.Seek(0x90, SeekOrigin.Begin); AppLoader aa = new AppLoader(); aa.doInit(hashFlag, 0x00000001, new byte[0x10], new byte[0x10], rifkey); int sectionSize = ((data.getFlags() & FLAG_COMPRESSED) != 0) ? 0x20 : 0x010; //BUG??? What about FLAG0x20?? //Determine the metadatasection total len int numBlocks = (int)((data.getFileLen() + data.getBlockSize() - 11) / data.getBlockSize()); int readed = 0; int baseOffset = 0x100; //baseOffset += modifier; //There is an unknown offset to add to the metadatasection... value seen 0 long remaining = sectionSize * numBlocks; while (remaining > 0) { int lenToRead = (HEADER_MAX_BLOCKSIZE > remaining) ? (int)remaining : HEADER_MAX_BLOCKSIZE; o.Seek(baseOffset + readed, SeekOrigin.Begin); byte[] content = new byte[lenToRead]; byte[] ooo = new byte[lenToRead]; o.Read(content, 0, content.Length); aa.doUpdate(content, 0, ooo, 0, lenToRead); readed += lenToRead; remaining -= lenToRead; } byte[] headerHash = new byte[0x10]; aa.doFinalButGetHash(headerHash); o.Seek(0x90, SeekOrigin.Begin); o.Write(headerHash, 0, headerHash.Length); // Header Complete // Generate Header Hash o.Seek(0, SeekOrigin.Begin); byte[] header = new byte[0xA0]; byte[] headerODummy = new byte[0xA0]; o.Read(header, 0, header.Length); AppLoaderReverse a = new AppLoaderReverse(); byte[] generatedHash = new byte[0x10]; bool result = a.doAll(hashFlag, 0x00000001, header, 0, headerODummy, 0, header.Length, new byte[0x10], new byte[0x10], rifkey, generatedHash, 0); o.Seek(0xA0, SeekOrigin.Begin); o.Write(generatedHash, 0, generatedHash.Length); //KDSBest We don't know the DATA 0xB0 to 0x100!!! while (o.Length < 0x100) { o.Write(buffer, 0, 1); } o.Close(); fin.Close(); return(STATUS_OK); }
private int checkHeader(byte[] rifKey, EDATData data, NPD npd, FileStream i) { i.Seek(0, SeekOrigin.Begin); byte[] header = new byte[0xA0]; byte[] o = new byte[0xA0]; byte[] expectedHash = new byte[0x10]; //Version check Console.WriteLine("Checking NPD Version:" + npd.getVersion()); if ((npd.getVersion() == 0) || (npd.getVersion() == 1)) { if ((data.getFlags() & 0x7FFFFFFE) != 0) { Console.WriteLine("ERROR: Incorrect Header Flags"); return(STATUS_ERROR_INCORRECT_FLAGS); } } else if (npd.getVersion() == 2) { if ((data.getFlags() & 0x7EFFFFE0) != 0) { Console.WriteLine("ERROR: Incorrect Header Flags"); return(STATUS_ERROR_INCORRECT_FLAGS); } } else if (npd.getVersion() == 3 || (npd.getVersion() == 4)) { if ((data.getFlags() & 0x7EFFFFC0) != 0) { Console.WriteLine("ERROR: Incorrect Header Flags"); return(STATUS_ERROR_INCORRECT_FLAGS); } } else { Console.WriteLine("ERROR: Unsupported EDAT version (need keys)"); return(STATUS_ERROR_INCORRECT_VERSION); } { int keyIndex = 0; if (npd.getVersion() == 4) { keyIndex = 1; } i.Read(header, 0, header.Length); i.Read(expectedHash, 0, expectedHash.Length); Console.WriteLine("Checking header hash:"); AppLoader a = new AppLoader(); int hashFlag = ((data.getFlags() & FLAG_KEYENCRYPTED) == 0) ? 0x00000002 : 0x10000002; if ((data.getFlags() & FLAG_DEBUG) != 0) { hashFlag |= 0x01000000; } //Veryfing header bool result = a.doAll(hashFlag, 0x00000001, header, 0, o, 0, header.Length, new byte[0x10], new byte[0x10], rifKey, expectedHash, 0); if (!result) { Console.WriteLine("Error verifying header. Is rifKey valid?."); return(STATUS_ERROR_HEADERCHECK); } Console.WriteLine("Checking metadata hash:"); a = new AppLoader(); a.doInit(hashFlag, 0x00000001, new byte[0x10], new byte[0x10], rifKey); int sectionSize = ((data.getFlags() & FLAG_COMPRESSED) != 0) ? 0x20 : 0x010; //BUG??? What about FLAG0x20?? //Determine the metadatasection total len int numBlocks = (int)((data.getFileLen() + data.getBlockSize() - 11) / data.getBlockSize()); int readed = 0; int baseOffset = 0x100; //baseOffset += modifier; //There is an unknown offset to add to the metadatasection... value seen 0 long remaining = sectionSize * numBlocks; while (remaining > 0) { int lenToRead = (HEADER_MAX_BLOCKSIZE > remaining) ? (int)remaining : HEADER_MAX_BLOCKSIZE; i.Seek(baseOffset + readed, SeekOrigin.Begin); byte[] content = new byte[lenToRead]; o = new byte[lenToRead]; i.Read(content, 0, content.Length); a.doUpdate(content, 0, o, 0, lenToRead); readed += lenToRead; remaining -= lenToRead; } result = a.doFinal(header, 0x90); if (!result) { Console.WriteLine("Error verifying metadatasection. Data tampered"); return(STATUS_ERROR_HEADERCHECK); } return(STATUS_OK); } }
private byte[] writeValidNPD(String filename, byte[] devKLic, NPD[] npdPtr, FileStream fin, byte[] contentID, byte[] flags, byte[] version, byte[] type) { byte[] npd = new byte[0x80]; //NPD Magic //ConversionUtils.arraycopy(npd, 0, result.magic, 0, 4); npd[0] = 0x4E; npd[1] = 0x50; npd[2] = 0x44; npd[3] = 0x00; //Version 3 //result.version = ConversionUtils.be32(npd, 4); npd[4] = 0x00; npd[5] = 0x00; npd[6] = 0x00; npd[7] = version[0]; //License 2 ref 3 klic /* 1 network, 2 local, 3 free */ //result.license = ConversionUtils.be32(npd, 8); npd[8] = 0x00; npd[9] = 0x00; npd[10] = 0x00; npd[11] = 0x03; //Type /* 1 exec, 21 update */ //result.type = ConversionUtils.be32(npd, 0xC); npd[12] = 0x00; npd[13] = 0x00; npd[14] = 0x00; npd[15] = type[0]; //No Idea where I get the content_id //ConversionUtils.arraycopy(npd, 0x10, result.content_id, 0, 0x30 for (int i = 0; i < 0x30; i++) { npd[0x10 + i] = contentID[i]; } //Used to create IV //ConversionUtils.arraycopy(npd, 0x40, result.digest, 0, 0x10); byte[] iv = ConversionUtils.charsToByte(("FixedLicenseEDAT").ToCharArray()); ConversionUtils.arraycopy(iv, 0, npd, 0x40, 0x10); //I guess it's a full file hash //ConversionUtils.arraycopy(npd, 0x50, result.titleHash, 0, 0x10); byte[] hash = createNPDHash1(filename, npd); ConversionUtils.arraycopy(hash, 0x00, npd, 0x50, 0x10); //Used to create Blockkey //ConversionUtils.arraycopy(npd, 0x60, result.devHash, 0, 0x10); byte[] devHash = createNPDHash2(devKLic, npd); ConversionUtils.arraycopy(devHash, 0, npd, 0x60, 0x10); //NPD EOF?!?!?! //result.unknown3 = ConversionUtils.be64(npd, 0x70); //result.unknown4 = ConversionUtils.be64(npd, 0x78); for (int i = 0; i < 16; i++) { npd[0x70 + i] = 0x00; } npdPtr[0] = NPD.createNPD(npd); return(npd); }