private static byte[] getKey(String rifIn, String actIn, String idps)
{
if (rifIn == null || actIn == null)
{
return(null);
}
byte[] result = null;
FileStream rifFile = File.Open(rifIn, FileMode.Open);
byte[] rif0x40 = new byte[0x10];
byte[] rif0x50 = new byte[0x10];
byte[] encrif0x40 = new byte[0x10];
byte[] encrif0x50 = new byte[0x10];
rifFile.Seek(0x40, SeekOrigin.Begin);
rifFile.Read(encrif0x40, 0, encrif0x40.Length);
rifFile.Read(encrif0x50, 0, encrif0x50.Length);
rifFile.Close();
ToolsImpl.aesecbDecrypt(RIFKEY, encrif0x40, 0x00, rif0x40, 0, 0x10); //Decryp firzt 0x10 bytes of RIF
//System.out.println("rif0x40= " + ConversionUtils.getHexString(rif0x40));
long index = ConversionUtils.be32(rif0x40, 0xC); //
if (index < 0x80)
{
byte[] actDat = decryptACTDAT(actIn, idps);
byte[] datKey = new byte[0x10];
result = new byte[0x10];
ConversionUtils.arraycopy(actDat, (int)index * 16, datKey, 0, 0x10);
ToolsImpl.aesecbDecrypt(datKey, encrif0x50, 0, result, 0, 0x10);
}
return(result);
}
public override void doUpdate(byte[] i, int inOffset, int len)
{
byte[] data;
if (nonProcessed != null)
{
int totalLen = len + nonProcessed.Length;
data = new byte[totalLen];
ConversionUtils.arraycopy(nonProcessed, 0, data, 0, nonProcessed.Length);
ConversionUtils.arraycopy(i, inOffset, data, nonProcessed.Length, len);
}
else
{
data = new byte[len];
ConversionUtils.arraycopy(i, inOffset, data, 0, len);
}
int count = 0;
while (count < data.Length - 0x10)
{
byte[] aux = new byte[0x10];
ConversionUtils.arraycopy(data, count, aux, 0, aux.Length);
ToolsImpl.XOR(aux, aux, previous);
ToolsImpl.aesecbEncrypt(key, aux, 0, previous, 0, aux.Length);
count += 0x10;
}
nonProcessed = new byte[data.Length - count];
ConversionUtils.arraycopy(data, count, nonProcessed, 0, nonProcessed.Length);
}
private void getHashKeys(int hashFlag, byte[] calculatedHash, byte[] hash)
{
uint mode = (uint)hashFlag & 0xF0000000;
switch (mode)
{
case 0x10000000:
ToolsImpl.aescbcDecrypt(EDATKeys.EDATKEY, EDATKeys.EDATIV, hash, 0, calculatedHash, 0, calculatedHash.Length);
Debug.WriteLine("MODE: Encrypted HASHKEY");
break;
case 0x20000000:
ConversionUtils.arraycopy(EDATKeys.EDATHASH, 0, calculatedHash, 0, calculatedHash.Length);
Debug.WriteLine("MODE: Default HASHKEY");
break;
case 0x00000000:
ConversionUtils.arraycopy(hash, 0, calculatedHash, 0, calculatedHash.Length);
Debug.WriteLine("MODE: Unencrypted HASHKEY");
break;
default:
throw new Exception("Hash mode is not valid: Undefined keys calculator");
}
}
private void getCryptoKeys(int cryptoFlag, byte[] calculatedKey, byte[] calculatedIV, byte[] key, byte[] iv)
{
uint mode = (uint)cryptoFlag & 0xF0000000;
switch (mode)
{
case 0x10000000:
ToolsImpl.aescbcDecrypt(EDATKeys.EDATKEY, EDATKeys.EDATIV, key, 0, calculatedKey, 0, calculatedKey.Length);
ConversionUtils.arraycopy(iv, 0, calculatedIV, 0, calculatedIV.Length);
Debug.WriteLine("MODE: Encrypted ERK");
break;
case 0x20000000:
ConversionUtils.arraycopy(EDATKeys.EDATKEY, 0, calculatedKey, 0, calculatedKey.Length);
ConversionUtils.arraycopy(EDATKeys.EDATIV, 0, calculatedIV, 0, calculatedIV.Length);
Debug.WriteLine("MODE: Default ERK");
break;
case 0x00000000:
ConversionUtils.arraycopy(key, 0, calculatedKey, 0, calculatedKey.Length);
ConversionUtils.arraycopy(iv, 0, calculatedIV, 0, calculatedIV.Length);
Debug.WriteLine("MODE: Unencrypted ERK");
break;
default:
throw new Exception("Crypto mode is not valid: Undefined keys calculator");
}
}
private static byte[] getPerConsoleKey(String IDPSFile)
{
FileStream raf = File.Open(IDPSFile, FileMode.Open);
byte[] idps = new byte[0x10];
raf.Read(idps, 0, idps.Length);
raf.Close();
byte[] result = new byte[0x10];
ToolsImpl.aesecbEncrypt(idps, ACTDAT_KEY, 0, result, 0, ACTDAT_KEY.Length);
return(result);
}
private bool checkNPDHash2(byte[] klicensee, byte[] npd)
{
byte[] xoredKey = new byte[0x10];
ToolsImpl.XOR(xoredKey, klicensee, EDATKeys.npdrm_omac_key2);
byte[] calculated = ToolsImpl.CMAC128(xoredKey, npd, 0, 0x60);
bool result2 = compareBytes(calculated, 0, npd, 0x60, 0x10);
if (result2)
{
Debug.WriteLine("NPD hash 2 is valid (" + ConversionUtils.getHexString(calculated) + ")");
}
return(result2);
}
private static byte[] decryptACTDAT(String actIn, String IDPSFile)
{
FileStream actFile = File.Open(actIn, FileMode.Open);
byte[] actdat = new byte[0x800];
byte[] result = new byte[actdat.Length];
actFile.Seek(0x10, SeekOrigin.Begin);
actFile.Read(actdat, 0, actdat.Length);
actFile.Close();
byte[] key = getPerConsoleKey(IDPSFile);
ToolsImpl.aesecbDecrypt(key, actdat, 0, result, 0, actdat.Length);
return(result);
}
private bool checkNPDHash1(String filename, byte[] npd)
{
byte[] fileBytes = ConversionUtils.charsToByte(filename.ToCharArray());
byte[] data1 = new byte[0x30 + fileBytes.Length];
ConversionUtils.arraycopy(npd, 0x10, data1, 0, 0x30);
ConversionUtils.arraycopy(fileBytes, 0x00, data1, 0x30, fileBytes.Length);
byte[] hash1 = ToolsImpl.CMAC128(EDATKeys.npdrm_omac_key3, data1, 0, data1.Length);
bool result1 = compareBytes(hash1, 0, npd, 0x50, 0x10);
if (result1)
{
Debug.WriteLine("NPD hash 1 is valid (" + ConversionUtils.getHexString(hash1) + ")");
}
return(result1);
}
private void calculateSubkey(byte[] key, byte[] K1, byte[] K2)
{
byte[] zero = new byte[0x10];
byte[] L = new byte[0x10];
ToolsImpl.aesecbEncrypt(key, zero, 0, L, 0, zero.Length);
BigInteger aux = new BigInteger(ConversionUtils.reverseByteWithSizeFIX(L));
if ((L[0] & 0x80) != 0)
{
//Case MSB is set
aux = (aux << 1) ^ (new BigInteger(0x87));
}
else
{
aux = aux << 1;
}
byte[] aux1 = ConversionUtils.reverseByteWithSizeFIX(aux.ToByteArray());
if (aux1.Length >= 0x10)
{
ConversionUtils.arraycopy(aux1, aux1.Length - 0x10, K1, 0, 0x10);
}
else
{
ConversionUtils.arraycopy(zero, 0, K1, 0, zero.Length);
ConversionUtils.arraycopy(aux1, 0, K1, 0x10 - aux1.Length, aux1.Length);
}
aux = new BigInteger(ConversionUtils.reverseByteWithSizeFIX(K1));
if ((K1[0] & 0x80) != 0)
{
aux = (aux << 1) ^ (new BigInteger(0x87));
}
else
{
aux = aux << 1;
}
aux1 = ConversionUtils.reverseByteWithSizeFIX(aux.ToByteArray());
if (aux1.Length >= 0x10)
{
ConversionUtils.arraycopy(aux1, aux1.Length - 0x10, K2, 0, 0x10);
}
else
{
ConversionUtils.arraycopy(zero, 0, K2, 0, zero.Length);
ConversionUtils.arraycopy(aux1, 0, K2, 0x10 - aux1.Length, aux1.Length);
}
}
public override bool doFinal(byte[] expectedhash, int hashOffset, bool hashDebug)
{
byte[] aux = new byte[0x10];
ConversionUtils.arraycopy(nonProcessed, 0, aux, 0, nonProcessed.Length);
if (nonProcessed.Length == 0x10)
{
ToolsImpl.XOR(aux, aux, K1);
}
else
{
aux[nonProcessed.Length] = (byte)0x80;
ToolsImpl.XOR(aux, aux, K2);
}
ToolsImpl.XOR(aux, aux, previous);
byte[] calculatedhash = new byte[0x10];
ToolsImpl.aesecbEncrypt(key, aux, 0, calculatedhash, 0, aux.Length);
return(hashDebug || compareBytes(expectedhash, hashOffset, calculatedhash, 0, hashLen));
}
public byte[] getKey(String rapFile)
{
BinaryReader raf = new BinaryReader(File.OpenRead(rapFile));
byte[] read = raf.ReadBytes(0x10);
// RandomAccessFile raf = new RandomAccessFile(rapFile, "r");
// byte[] read = new byte[0x10];
// raf.readFully(read);
// raf.close();
raf.Close();
byte[] intermediate = new byte[read.Length];
ToolsImpl.aesecbDecrypt(rapKey, read, 0, intermediate, 0, read.Length);
for (int loop = 0; loop < 5; loop++)
{
for (int loop2 = 0; loop2 < 0x10; loop2++)
{
int index = indexTable[loop2];
intermediate[index] = (byte)(intermediate[index] ^ key1[index]);
}
for (int loop2 = 0xF; loop2 > 0; loop2--)
{
int index1 = indexTable[loop2];
int index2 = indexTable[loop2 - 1];
intermediate[index1] = (byte)(intermediate[index1] ^ intermediate[index2]);
}
int acum = 0;
for (int loop2 = 0; loop2 < 0x10; loop2++)
{
int index = indexTable[loop2];
byte current = (byte)(intermediate[index] - acum);
intermediate[index] = current;
if (acum != 1 || current != 0xFF)
{
int aux1 = current & 0xFF;
int aux2 = key2[index] & 0xFF;
acum = (aux1 < aux2) ? 1 : 0;
}
current = (byte)(current - key2[index]);
intermediate[index] = current;
}
}
return(intermediate);
}
public static byte[] CMAC128(byte[] key, byte[] i, int inOffset, int len)
{
byte[] K1 = new byte[0x10];
byte[] K2 = new byte[0x10];
calculateSubkey(key, K1, K2);
byte[] input = new byte[0x10];
byte[] previous = new byte[0x10];
int currentOffset = inOffset;
int remaining = len;
//System.out.println(ConversionUtils.getHexString(key));
while (remaining > 0x10)
{
ConversionUtils.arraycopy(i, currentOffset, input, 0, 0x10);
//System.out.println(ConversionUtils.getHexString(previous) + " - " + ConversionUtils.getHexString(input));
XOR(input, input, previous);
ToolsImpl.aesecbEncrypt(key, input, 0, previous, 0, input.Length);
currentOffset += 0x10;
remaining -= 0x10;
}
//System.out.println(ConversionUtils.getHexString(previous));
input = new byte[0x10]; //Memset 0
ConversionUtils.arraycopy(i, currentOffset, input, 0, remaining);
if (remaining == 0x10)
{
XOR(input, input, previous);
XOR(input, input, K1);
}
else
{
input[remaining] = (byte)0x80;
XOR(input, input, previous);
XOR(input, input, K2);
}
//System.out.println(" - " + ConversionUtils.getHexString(input));
ToolsImpl.aesecbEncrypt(key, input, 0, previous, 0, input.Length);
return(previous);
}
private byte[] getKey(NPD npd, EDATData data, byte[] devKLic, byte[] keyFromRif)
{
byte[] result = null;
if ((data.getFlags() & FLAG_SDAT) != 0)
{
//Case SDAT
result = new byte[0x10];
ToolsImpl.XOR(result, npd.getDevHash(), EDATKeys.SDATKEY);
}
else
{
//Case EDAT
if (npd.getLicense() == 0x03)
{
result = devKLic;
}
else if (npd.getLicense() == 0x02)
{
result = keyFromRif;
}
}
return(result);
}
private int decryptData(FileStream ii, FileStream o, NPD npd, EDATData data, byte[] rifkey)
{
int numBlocks = (int)((data.getFileLen() + data.getBlockSize() - 1) / data.getBlockSize());
int metadataSectionSize = ((data.getFlags() & FLAG_COMPRESSED) != 0 || (data.getFlags() & FLAG_0x20) != 0) ? 0x20 : 0x10;
int baseOffset = 0x100; //+ offset (unknown)
for (int i = 0; i < numBlocks; i++)
{
ii.Seek(baseOffset + i * metadataSectionSize, SeekOrigin.Begin);
byte[] expectedHash = new byte[0x10];
long offset;
int len;
int compressionEndBlock = 0;
if ((data.getFlags() & FLAG_COMPRESSED) != 0)
{
byte[] metadata = new byte[0x20];
ii.Read(metadata, 0, metadata.Length);
byte[] result = decryptMetadataSection(metadata);
offset = (int)(ConversionUtils.be64(result, 0)); // + offset (unknown)
len = (int)(ConversionUtils.be32(result, 8));
compressionEndBlock = (int)(ConversionUtils.be32(result, 0xC));
ConversionUtils.arraycopy(metadata, 0, expectedHash, 0, 0x10);
}
else if ((data.getFlags() & FLAG_0x20) != 0)
{
//NOT TESTED: CASE WHERE METADATASECTION IS 0x20 BYTES LONG
byte[] metadata = new byte[0x20];
ii.Read(metadata, 0, metadata.Length);
for (int j = 0; j < 0x10; j++)
{
expectedHash[j] = (byte)(metadata[j] ^ metadata[j + 0x10]);
}
offset = baseOffset + i * data.getBlockSize() + numBlocks * metadataSectionSize;
len = (int)(data.getBlockSize());
if (i == numBlocks - 1)
{
len = (int)(data.getFileLen() % (new BigInteger(data.getBlockSize())));
}
}
else
{
ii.Read(expectedHash, 0, expectedHash.Length);
offset = baseOffset + i * data.getBlockSize() + numBlocks * metadataSectionSize;
len = (int)(data.getBlockSize());
if (i == numBlocks - 1)
{
len = (int)(data.getFileLen() % (new BigInteger(data.getBlockSize())));
}
}
int realLen = len;
len = (int)((uint)(len + 0xF) & 0xFFFFFFF0);
Debug.Print("Offset: %016X, len: %08X, realLen: %08X, endCompress: %d\r\n", offset, len, realLen, compressionEndBlock);
ii.Seek(offset, SeekOrigin.Begin);
byte[] encryptedData = new byte[len];
byte[] decryptedData = new byte[len];
ii.Read(encryptedData, 0, encryptedData.Length);
byte[] key = new byte[0x10];
byte[] hash = new byte[0x10];
byte[] blockKey = calculateBlockKey(i, npd);
ToolsImpl.aesecbEncrypt(rifkey, blockKey, 0, key, 0, blockKey.Length);
if ((data.getFlags() & FLAG_0x10) != 0)
{
ToolsImpl.aesecbEncrypt(rifkey, key, 0, hash, 0, key.Length);
}
else
{
ConversionUtils.arraycopy(key, 0, hash, 0, key.Length);
}
int cryptoFlag = ((data.getFlags() & FLAG_0x02) == 0) ? 0x2 : 0x1;
int hashFlag;
if ((data.getFlags() & FLAG_0x10) == 0)
{
hashFlag = 0x02;
}
else if ((data.getFlags() & FLAG_0x20) == 0)
{
hashFlag = 0x04;
}
else
{
hashFlag = 0x01;
}
if ((data.getFlags() & FLAG_KEYENCRYPTED) != 0)
{
cryptoFlag |= 0x10000000;
hashFlag |= 0x10000000;
}
if ((data.getFlags() & FLAG_DEBUG) != 0)
{
cryptoFlag |= 0x01000000;
hashFlag |= 0x01000000;
}
AppLoader a = new AppLoader();
byte[] iv = (npd.getVersion() <= 1)?(new byte[0x10]):npd.getDigest();
bool rresult = a.doAll(hashFlag, cryptoFlag, encryptedData, 0, decryptedData, 0, encryptedData.Length, key, npd.getDigest(), hash, expectedHash, 0);
if (!rresult)
{
Debug.WriteLine("Error decrypting block " + i);
// KDSBest find out why block 30 errors
//return STATUS_ERROR_DECRYPTING;
}
if ((data.getFlags() & FLAG_COMPRESSED) != 0)
{
//byte[] decompress = new byte[Long.valueOf(data.getBlockSize()).intValue()];
//DECOMPRESS: MISSING ALGORITHM
//out.write(decompress, 0, data.getBlockSize());
}
else
{
o.Write(decryptedData, 0, realLen);
}
}
return(STATUS_OK);
}
