Validate mariko keyslot contents; dump class keys
This commit is contained in:
shchmue
parent
fe17b12ea7
commit
d84ab5796a
3 changed files with 104 additions and 10 deletions
|
|
@ -52,6 +52,23 @@ static const u8 master_key_vectors[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribut
|
|||
{0xC1, 0x8D, 0x16, 0xBB, 0x2A, 0xE4, 0x1D, 0xD4, 0xC2, 0xC1, 0xB6, 0x40, 0x94, 0x35, 0x63, 0x98}, /* Master key 0A encrypted with Master key 0B. */
|
||||
};
|
||||
|
||||
static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = {
|
||||
{0x20, 0x9E, 0x97, 0xAE, 0xAF, 0x7E, 0x6A, 0xF6, 0x9E, 0xF5, 0xA7, 0x17, 0x2F, 0xF4, 0x49, 0xA6}, /* Zeroes encrypted with AES Class Key 00. */
|
||||
{0x83, 0x1C, 0xC7, 0x7F, 0xB8, 0xB2, 0x66, 0x16, 0xFC, 0x6B, 0x81, 0xBB, 0xF6, 0x05, 0x07, 0x49}, /* Zeroes encrypted with AES Class Key 01. */
|
||||
{0x61, 0x19, 0xBA, 0x39, 0x6D, 0xFA, 0xF4, 0x63, 0x27, 0x8E, 0x9E, 0xB1, 0xEA, 0xD4, 0x65, 0xCC}, /* Zeroes encrypted with AES Class Key 02. */
|
||||
{0x6C, 0xDB, 0x10, 0xD4, 0x14, 0x3A, 0xBD, 0x22, 0xC9, 0xCC, 0xEF, 0xE4, 0xA0, 0x94, 0x85, 0x87}, /* Zeroes encrypted with AES Class Key 03. */
|
||||
{0xD3, 0x40, 0xC7, 0x86, 0xDC, 0x77, 0x50, 0x7C, 0x01, 0x56, 0x11, 0xDE, 0x18, 0xDF, 0x30, 0xCA}, /* Zeroes encrypted with AES Class Key 04. */
|
||||
{0xC4, 0x8B, 0xD7, 0x5A, 0x22, 0x6C, 0xF7, 0x85, 0xE4, 0xC0, 0x68, 0xFC, 0xB4, 0xD8, 0x76, 0x6C}, /* Zeroes encrypted with AES Class Key 05. */
|
||||
{0x83, 0x86, 0xEF, 0xE6, 0x6B, 0x38, 0x24, 0xD3, 0xC9, 0xB0, 0xE7, 0x03, 0x59, 0xC8, 0x54, 0xB9}, /* Zeroes encrypted with AES Class Key 06. */
|
||||
{0xDA, 0xC0, 0xD3, 0x27, 0x1D, 0x35, 0xAB, 0x4B, 0x01, 0x63, 0x90, 0xED, 0x1B, 0x5D, 0xA7, 0x6C}, /* Zeroes encrypted with AES Class Key 07. */
|
||||
{0x96, 0x75, 0x0E, 0x4F, 0xF5, 0x1A, 0xAF, 0xD4, 0x30, 0x73, 0x8C, 0x61, 0x03, 0xE5, 0xF7, 0x80}, /* Zeroes encrypted with AES Class Key 08. */
|
||||
{0x74, 0xF2, 0x1D, 0xA1, 0x4C, 0x48, 0x91, 0xE6, 0xE0, 0xD5, 0x19, 0x42, 0x2A, 0x2B, 0x5D, 0xF8}, /* Zeroes encrypted with AES Class Key 09. */
|
||||
{0x7D, 0xA6, 0xFE, 0xDA, 0xF9, 0xEF, 0x83, 0xD8, 0x29, 0x40, 0x24, 0x6D, 0x70, 0x8D, 0x99, 0x93}, /* Zeroes encrypted with AES Class Key 0A. */
|
||||
{0xF6, 0x71, 0xAD, 0xC3, 0xCD, 0xD4, 0x2F, 0x37, 0xAB, 0x50, 0x1C, 0x9B, 0xAF, 0x3B, 0xE6, 0xC3}, /* Zeroes encrypted with AES Class Key 0B. */
|
||||
{0x01, 0x96, 0x59, 0x07, 0x62, 0xF4, 0xF4, 0x2D, 0x13, 0x60, 0xD8, 0x03, 0xFB, 0xF0, 0xAE, 0xC8}, /* Zeroes encrypted with Mariko KEK. */
|
||||
{0x95, 0x48, 0xC1, 0x59, 0x0F, 0x84, 0x19, 0xC4, 0xAB, 0x69, 0x05, 0x88, 0x01, 0x31, 0x52, 0x59}, /* Zeroes encrypted with Mariko BEK. */
|
||||
};
|
||||
|
||||
//======================================Keys======================================//
|
||||
// from Package1 -> Secure_Monitor
|
||||
static const u8 aes_kek_generation_source[0x10] __attribute__((aligned(4))) = {
|
||||
|
|
|
|||
|
|
@ -682,15 +682,28 @@ static bool _derive_emmc_keys(key_derivation_ctx_t *keys, titlekey_buffer_t *tit
|
|||
|
||||
// The security engine supports partial key override for locked keyslots
|
||||
// This allows for a manageable brute force on a PC
|
||||
// Then we can recover the Mariko KEK, BEK, unique SBK and SSK
|
||||
static void _save_mariko_partial_keys(char *text_buffer) {
|
||||
// Then the Mariko AES class keys, KEK, BEK, unique SBK and SSK can be recovered
|
||||
static void _save_mariko_partial_keys(u32 start, u32 count, bool append) {
|
||||
if (start + count > SE_AES_KEYSLOT_COUNT) {
|
||||
return;
|
||||
}
|
||||
|
||||
u32 pos = 0;
|
||||
u32 zeros[4] = {0};
|
||||
u8 *data = malloc(4 * AES_128_KEY_SIZE);
|
||||
for (u32 ks = 12; ks < 16; ks++) {
|
||||
// First, encrypt zeros with complete key
|
||||
char *text_buffer = calloc(1, 0x100 * count);
|
||||
|
||||
for (u32 ks = start; ks < start + count; ks++) {
|
||||
// Check if key is as expected
|
||||
if (ks < ARRAY_SIZE(mariko_key_vectors)) {
|
||||
se_aes_crypt_block_ecb(ks, 0, &data[0], mariko_key_vectors[ks]);
|
||||
if (_key_exists(data)) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
// Encrypt zeros with complete key
|
||||
se_aes_crypt_block_ecb(ks, 1, &data[3 * AES_128_KEY_SIZE], zeros);
|
||||
pos += s_printf(&text_buffer[pos], "%d\n", ks);
|
||||
|
||||
// We only need to overwrite 3 of the dwords of the key
|
||||
for (u32 i = 0; i < 3; i++) {
|
||||
|
|
@ -699,15 +712,49 @@ static void _save_mariko_partial_keys(char *text_buffer) {
|
|||
// Encrypt zeros with more of the key zeroed out
|
||||
se_aes_crypt_block_ecb(ks, 1, &data[(2 - i) * AES_128_KEY_SIZE], zeros);
|
||||
}
|
||||
|
||||
// Skip saving key if two results are the same indicating unsuccessful overwrite or empty slot
|
||||
if (memcmp(&data[0], &data[SE_KEY_128_SIZE], AES_128_KEY_SIZE) == 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
pos += s_printf(&text_buffer[pos], "%d\n", ks);
|
||||
for (u32 i = 0; i < 4; i++) {
|
||||
for (u32 j = 0; j < AES_128_KEY_SIZE; j++)
|
||||
pos += s_printf(&text_buffer[pos], "%02x", data[i * AES_128_KEY_SIZE + j]);
|
||||
pos += s_printf(&text_buffer[pos], "\n");
|
||||
pos += s_printf(&text_buffer[pos], " ");
|
||||
}
|
||||
pos += s_printf(&text_buffer[pos], "\n");
|
||||
}
|
||||
free(data);
|
||||
sd_save_to_file(text_buffer, strlen(text_buffer), "sd:/switch/partialaes.keys");
|
||||
|
||||
if (strlen(text_buffer) == 0) {
|
||||
EPRINTF("Failed to dump partial keys.");
|
||||
return;
|
||||
}
|
||||
|
||||
FIL fp;
|
||||
u32 res = 0;
|
||||
BYTE mode = FA_WRITE;
|
||||
|
||||
if (append) {
|
||||
mode |= FA_OPEN_APPEND;
|
||||
} else {
|
||||
mode |= FA_CREATE_ALWAYS;
|
||||
}
|
||||
|
||||
res = f_open(&fp, "sd:/switch/partialaes.keys", mode);
|
||||
if (res) {
|
||||
EPRINTF("Unable to write partial keys to SD.");
|
||||
return;
|
||||
}
|
||||
|
||||
f_write(&fp, text_buffer, strlen(text_buffer), NULL);
|
||||
f_close(&fp);
|
||||
|
||||
gfx_printf("%kWrote partials to sd:/switch/partialaes.keys\n", colors[(color_idx++) % 6]);
|
||||
|
||||
free(text_buffer);
|
||||
}
|
||||
|
||||
static void _save_keys_to_sd(key_derivation_ctx_t *keys, titlekey_buffer_t *titlekey_buffer, const pkg1_id_t *pkg1_id, u32 start_whole_operation_time, u32 derivable_key_count) {
|
||||
|
|
@ -797,8 +844,7 @@ static void _save_keys_to_sd(key_derivation_ctx_t *keys, titlekey_buffer_t *titl
|
|||
EPRINTF("Unable to save keys to SD.");
|
||||
|
||||
if (h_cfg.t210b01) {
|
||||
memset(text_buffer, 0, text_buffer_size);
|
||||
_save_mariko_partial_keys(text_buffer);
|
||||
_save_mariko_partial_keys(12, 4, true);
|
||||
}
|
||||
|
||||
if (_titlekey_count == 0) {
|
||||
|
|
@ -836,8 +882,16 @@ static bool _check_keyslot_access() {
|
|||
}
|
||||
|
||||
static void _derive_keys() {
|
||||
if (!f_stat("sd:/switch/partialaes.keys", NULL)) {
|
||||
f_unlink("sd:/switch/partialaes.keys");
|
||||
}
|
||||
|
||||
if (h_cfg.t210b01) {
|
||||
_save_mariko_partial_keys(0, 12, false);
|
||||
}
|
||||
|
||||
if (!_check_keyslot_access()) {
|
||||
EPRINTF("Unable to set crypto keyslots!\nTry launching payload differently\n or flash Spacecraft-NX if using a modchip!");
|
||||
EPRINTF("Unable to set crypto keyslots!\nTry launching payload differently\n or flash Spacecraft-NX if using a modchip.");
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue