/* * This file is part of pspcipher. * * Copyright (C) 2008 hrimfaxi (outm

1. /*
2. * This file is part of pspcipher.
3. *
4. * Copyright (C) 2008 hrimfaxi (outmatch@gmail.com)
5. *
6. * This program is free software; you can redistribute it and/or modify
7. * it under the terms of the GNU General Public License as published by
8. * the Free Software Foundation; either version 2 of the License, or
9. * (at your option) any later version.
10. *
11. * This program is distributed in the hope that it will be useful, but
12. * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13. * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14. * for more details.
15. *
16. * You should have received a copy of the GNU General Public License along
17. * with this program; if not, write to the Free Software Foundation, Inc.,
18. * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19. */
20.  
21. #include <pspsdk.h>
22. #include <pspkernel.h>
23. #include <pspdebug.h>
24. #include <pspctrl.h>
25. #include <pspsuspend.h>
26. #include <psppower.h>
27. #include <stdlib.h>
28. #include <string.h>
29. #include <stdio.h>
30. #include <stdarg.h>
31. #include <malloc.h>
32.  
33. #include "../pspcipher.h"
34. #include "kubridge.h"
35.  
36. PSP_MODULE_INFO("PSPCipher", 0, 1, 1);
37. PSP_MAIN_THREAD_ATTR(0);
38. PSP_HEAP_SIZE_MAX();
39.  
40. //#define printf pspDebugScreenPrintf
41. #define DEVICE "host0:"
42.  
43. typedef struct {
44. u32 tag;
45. u8 *key;
46. u8 *xor;
47. u32 code;
48. u32 type;
49. } Cipher;
50.  
51. //////////////////////////////////////////////////////////////////////////////////////////////////
52. // User keys in 6.20 mesg_led_02g.prx
53. u8 key_d91613f0[16] = {
54. 0xEB, 0xFF, 0x40, 0xD8, 0xB4, 0x1A, 0xE1, 0x66, 0x91, 0x3B, 0x8F, 0x64, 0xB6, 0xFC, 0xB7, 0x12
55. };
56.  
57. u8 key_2e5e10f0[16] = {
58. 0x9D, 0x5C, 0x5B, 0xAF, 0x8C, 0xD8, 0x69, 0x7E, 0x51, 0x9F, 0x70, 0x96, 0xE6, 0xD5, 0xC4, 0xE8
59. };
60.  
61. u8 xor_2e5e10f0[16] = {
62. 0x69, 0xBA, 0x55, 0x34, 0xF0, 0xC0, 0xD6, 0x71, 0xE3, 0x1F, 0xDB, 0x97, 0xE0, 0x7C, 0xD2, 0x2A
63. };
64.  
65. u8 key_2e5e12f0[16] = {
66. 0x8A, 0x7B, 0xC9, 0xD6, 0x52, 0x58, 0x88, 0xEA, 0x51, 0x83, 0x60, 0xCA, 0x16, 0x79, 0xE2, 0x07
67. };
68.  
69. u8 key_d91612f0[16] = {
70. 0x9e, 0x20, 0xe1, 0xcd, 0xd7, 0x88, 0xde, 0xc0, 0x31, 0x9b, 0x10, 0xaf, 0xc5, 0xb8, 0x73, 0x23
71. };
72.  
73. u8 key_380210f0[16] = {
74. 0x32, 0x2C, 0xFA, 0x75, 0xE4, 0x7E, 0x93, 0xEB, 0x9F, 0x22, 0x80, 0x85, 0x57, 0x08, 0x98, 0x48
75. };
76.  
77. u8 key_407810f0[16] = {
78. 0xAF, 0xAD, 0xCA, 0xF1, 0x95, 0x59, 0x91, 0xEC, 0x1B, 0x27, 0xD0, 0x4E, 0x8A, 0xF3, 0x3D, 0xE7
79. };
80.  
81. u8 xor_407810f0[16] = {
82. 0x84, 0x7B, 0xF5, 0xFE, 0xE8, 0x4D, 0xAD, 0x7A, 0xB5, 0x06, 0x28, 0x0E, 0x09, 0xFA, 0x81, 0xE1
83. };
84.  
85. u8 data[16] = {
86. 0x3C, 0x2C, 0x58, 0x97, 0xA4, 0x3B, 0x45, 0x28, 0xCE, 0xF4, 0x17, 0x4E, 0x8B, 0x8D, 0xCD, 0x7C
87. };
88.  
89. u8 key_2fd312f0[16] = {
90. 0xC5, 0xFB, 0x69, 0x03, 0x20, 0x7A, 0xCF, 0xBA, 0x2C, 0x90, 0xF8, 0xB8, 0x4D, 0xD2, 0xF1, 0xDE
91. };
92.  
93. u8 key_2fd30bf0[16] = {
94. 0xD8, 0x58, 0x79, 0xF9, 0xA4, 0x22, 0xAF, 0x86, 0x90, 0xAC, 0xDA, 0x45, 0xCE, 0x60, 0x40, 0x3F
95. };
96.  
97. u8 key_2fd311f0[16] = {
98. 0x3A, 0x6B, 0x48, 0x96, 0x86, 0xA5, 0xC8, 0x80, 0x69, 0x6C, 0xE6, 0x4B, 0xF6, 0x04, 0x17, 0x44
99. };
100.  
101. u8 xor_2fd30bf0[16] = {
102. 0xA9, 0x1E, 0xDD, 0x7B, 0x09, 0xBB, 0x22, 0xB5, 0x9D, 0xA3, 0x30, 0x69, 0x13, 0x6E, 0x0E, 0xD8
103. };
104.  
105. u8 xor_2fd311f0[16] = {
106. 0xA9, 0x1E, 0xDD, 0x7B, 0x09, 0xBB, 0x22, 0xB5, 0x9D, 0xA3, 0x30, 0x69, 0x13, 0x6E, 0x0E, 0xD8
107. };
108.  
109. u8 xor_2fd312f0[16] = {
110. 0xA9, 0x1E, 0xDD, 0x7B, 0x09, 0xBB, 0x22, 0xB5, 0x9D, 0xA3, 0x30, 0x69, 0x13, 0x6E, 0x0E, 0xD8
111. };
112.  
113. u8 key_0b000000[16] = {
114. 0x0b, 0x01, 0x1c, 0xe7, 0x31, 0x15, 0x6b, 0x83, 0x3e, 0x26, 0x0d, 0xcc, 0x69, 0x36, 0x12, 0xcb
115. };
116.  
117. u8 key_4c941df0[16] = {
118. 0x1D, 0x13, 0xE9, 0x50, 0x04, 0x73, 0x3D, 0xD2, 0xE1, 0xDA, 0xB9, 0xC1, 0xE6, 0x7B, 0x25, 0xA7
119. };
120.  
121. Cipher g_cipher[] = {
122. { 0x4c941df0, key_4c941df0, NULL, 0x43, 2},
123. { 0x0b000000, key_0b000000, NULL, 0x4e, 0},
124. { 0x2fd30bf0, key_2fd30bf0, xor_2fd30bf0, 0x47, 5},
125. { 0x2fd312f0, key_2fd312f0, xor_2fd312f0, 0x47, 5},
126. { 0x2fd311f0, key_2fd311f0, xor_2fd311f0, 0x47, 5},
127. { 0x407810f0, key_407810f0, xor_407810f0, 0x6a, 5},
128. { 0x2e5e10f0, key_2e5e10f0, xor_2e5e10f0, 0x48, 5},
129. { 0x2e5e12f0, key_2e5e12f0, xor_2e5e10f0, 0x48, 5},
130. { 0xd91612f0, key_d91612f0, NULL, 0x5d, 2},
131. { 0xd91613f0, key_d91613f0, NULL, 0x5d, 2},
132. { 0x380210f0, key_380210f0, NULL, 0x5a, 2},
133. };
134. //////////////////////////////////////////////////////////////////////////////////////////////////
135.  
136. extern int pspDecompress(const u8 *inbuf, u8 *outbuf, u32 outcapacity);
137.  
138. Cipher *GetCipherByTag(u32 tag)
139. {
140. int i;
141.  
142. for(i=0; i<sizeof(g_cipher) / sizeof(g_cipher[0]); ++i) {
143. if (g_cipher[i].tag == tag)
144. return &g_cipher[i];
145. }
146.  
147. return NULL;
148. }
149.  
150. int WriteFile(const char *file, void *buf, int size)
151. {
152. SceUID fd = sceIoOpen(file, PSP_O_WRONLY | PSP_O_CREAT | PSP_O_TRUNC, 0777);
153.  
154. if (fd < 0)
155. {
156. return fd;
157. }
158.  
159. int written = sceIoWrite(fd, buf, size);
160.  
161. sceIoClose(fd);
162. return written;
163. }
164.  
165. int LoadStartModule(char *module, int partition)
166. {
167. SceUID mod = kuKernelLoadModule(module, 0, NULL);
168.  
169. if (mod < 0)
170. return mod;
171.  
172. return sceKernelStartModule(mod, 0, NULL, NULL, NULL);
173. }
174.  
175. void ErrorExit(int milisecs, char *fmt, ...)
176. {
177. va_list list;
178. char msg[256];
179.  
180. va_start(list, fmt);
181. vsprintf(msg, fmt, list);
182. va_end(list);
183.  
184. printf(msg);
185.  
186. printf("\n\nPress X to exit\n");
187.  
188. while (1)
189. {
190. SceCtrlData pad;
191. sceCtrlReadBufferPositive(&pad, 1);
192. if (pad.Buttons & PSP_CTRL_CROSS)
193. break;
194. sceKernelDelayThread(10000);
195. }
196.  
197. sceKernelExitGame();
198. }
199.  
200.  
201. void disp_info(char *fn, u8 *prx)
202. {
203. char *modname = (char*)(prx + 0x0a);
204. u32 dec_size = *(u32*)(prx+0xb0);
205. u32 tag = *(u32*)(prx+0xd0);
206.  
207. if (strrchr(fn, '/') != NULL) {
208. fn = strrchr(fn, '/') + 1;
209. }
210.  
211. printf("%s modname(%s) dec_size(%d) tag(0x%08X)\n", fn, modname, dec_size, tag);
212. }
213.  
214. int dec(u32 tag, u8 *prx, u32 cbFile, char *szDataPath, u32 is_user)
215. {
216. int ret;
217. u32 cbDecrypted = 0;
218. u8 *dec_buf = NULL;
219.  
220. if(is_user) {
221. user_decryptor myb = { 0 };
222. Cipher *cipher = GetCipherByTag(tag);
223.  
224. if (cipher == NULL) {
225. printf("Unknown key tag: 0x%08x\n", tag);
226. goto exit;
227. }
228.  
229. myb.tag = &tag;
230. myb.key = cipher->key;
231. myb.code = cipher->code;
232. myb.prx = prx;
233. myb.size = cbFile;
234. myb.newsize = &cbDecrypted;
235. myb.use_polling = 0;
236. myb.blacklist = NULL;
237. myb.blacklistsize = 0;
238. myb.type = cipher->type;
239. myb.xor_key1 = cipher->xor;
240. myb.xor_key2 = NULL;
241. ret = uprx_decrypt(&myb);
242.  
243. if (ret != 0) {
244. printf("uprx_decrypt failed@0x%08x\r\n", ret);
245. goto exit;
246. }
247. }
248. else {
249. kernel_decryptor myb2 = { 0 };
250.  
251. myb2.prx = prx;
252. myb2.size = cbFile;
253. myb2.newsize = &cbDecrypted;
254. myb2.use_polling = 0;
255. ret = kprx_decrypt(&myb2);
256.  
257. if (ret != 0) {
258. printf("kprx_decrypt failed@0x%08x\r\n", ret);
259. goto exit;
260. } else {
261. printf("kprx_decrypt OK!\n");
262. }
263. }
264.  
265. // ret = CipherBridgeDecrypt(&myb);
266. // ret = CipherBridge_0A443BB4(prx, cbFile, &cbDecrypted, data);
267.  
268. if ((prx[0] == 0x1F && prx[1] == 0x8B) || memcmp(prx, "2RLZ", 4) == 0 || memcmp(prx, "KL4E", 4) == 0) {
269. u32 moresize = 2 * 1024 * 1024L;
270. int cbExp;
271.  
272. dec_buf = memalign(64, cbDecrypted + moresize);
273.  
274. if (dec_buf == NULL) {
275. printf("Cannot allocate dec_buf\n");
276. goto exit;
277. }
278.  
279. cbExp = pspDecompress(prx, dec_buf, cbDecrypted + moresize);
280.  
281. while (cbExp < 0) {
282. free(dec_buf);
283. printf("too small memory, increase 1MB...\n");
284. moresize += 1024 * 1024L;
285. dec_buf = memalign(64, cbDecrypted + moresize);
286.  
287. if (dec_buf == NULL) {
288. printf("Cannot allocate dec_buf\n");
289. goto exit;
290. }
291.  
292. cbExp = pspDecompress(prx, dec_buf, cbDecrypted + moresize);
293. }
294.  
295. if (cbExp > 0) {
296. prx = dec_buf;
297. cbDecrypted = cbExp;
298. }
299. else
300. {
301. printf("Decompress error 0x%08X\n", cbExp);
302. goto exit;
303. }
304. }
305.  
306. if (cbDecrypted > 0)
307. {
308. printf("Writing %d bytes\r\n", cbDecrypted);
309.  
310. sceIoMkdir(DEVICE "/dec", 0777);
311.  
312. if (WriteFile(szDataPath, prx, cbDecrypted) != cbDecrypted)
313. {
314. ErrorExit(5000, "Error writing %s.\n", szDataPath);
315. }
316.  
317. printf("Decryption saved to %s!\r\n", szDataPath);
318. } else {
319. printf("Decryption failed\r\n");
320. }
321.  
322. exit:
323. if (dec_buf)
324. free(dec_buf);
325.  
326. return 0;
327. }
328.  
329. int main(int argc, char *argv[])
330. {
331. SceUID fd;
332. u8 *prx_file = NULL, *prx = NULL;
333. int mod;
334. char fn[128];
335. char szDataPath[128];
336.  
337. pspDebugScreenInit();
338.  
339. printf("PSPCipher by liquidzigong@a9vg.com\n");
340.  
341. mod = LoadStartModule("kbridge/CipherBridge.prx", PSP_MEMORY_PARTITION_KERNEL);
342.  
343. if (mod < 0 && mod != (SceUID)0x80020139)
344. {
345. ErrorExit(5000, "Error 0x%08X loading/starting CipherBridge.prx.\n", mod);
346. }
347.  
348. #if 0
349. u8 tmp[32];
350.  
351. test_memlmd_8450109F(tmp);
352.  
353. int i;
354. printf("phat: ");
355. for(i=0; i<16; ++i) {
356. printf("%02X ", tmp[i]);
357. }
358. printf("\n");
359.  
360. printf("slim: ");
361. for(i=0; i<16; ++i) {
362. printf("%02X ", tmp[i+16]);
363. }
364. printf("\n");
365. #endif
366.  
367. if (argc >= 2) {
368. sprintf(fn, "%s", argv[1]);
369.  
370. if (strrchr(argv[1], '/')) {
371. sprintf(szDataPath, DEVICE "/dec/%s", strrchr(argv[1], '/') + 1);
372. } else {
373. sprintf(szDataPath, DEVICE "/dec/%s", argv[1]);
374. }
375. } else {
376. sprintf(fn, DEVICE "/enc/%s", "EBOOT.BIN");
377. sprintf(szDataPath, DEVICE "/dec/%s", "EBOOT.BIN");
378. }
379.  
380. fd = sceIoOpen(fn, PSP_O_RDONLY, 0);
381.  
382. int cbFile = sceIoLseek32(fd, 0, PSP_SEEK_END);
383. sceIoLseek32(fd, 0, PSP_SEEK_SET);
384.  
385. prx_file = memalign(64, cbFile * 2);
386.  
387. if (prx_file == NULL) {
388. ErrorExit(5000, "Not enough memory\n");
389. }
390.  
391. if (sceIoRead(fd, prx_file, cbFile) <= 0)
392. {
393. ErrorExit(5000, "Error Reading EBOOT.BIN.\n");
394. }
395.  
396. sceIoClose(fd);
397.  
398. if (!memcmp(prx_file, "~SCE", 4)) {
399. prx = prx_file + 0x40;
400. } else if (!memcmp(prx_file, "\x00PSPEDATA", 8)) {
401. prx = prx_file;
402. memmove(prx, prx + 0x90, cbFile - 0x90);
403. } else {
404. prx = prx_file;
405. }
406.  
407. disp_info(fn, prx);
408. dec(*(u32*)(prx+0xd0), prx, cbFile, szDataPath, 0);
409.  
410. //exit:
411. if (prx_file)
412. free(prx_file);
413.  
414. #if 0
415. printf("\n\nPress X to exit\n");
416.  
417. while (1)
418. {
419. SceCtrlData pad;
420. sceCtrlReadBufferPositive(&pad, 1);
421. if (pad.Buttons & PSP_CTRL_CROSS)
422. break;
423. sceKernelDelayThread(10000);
424. }
425. #endif
426.  
427. sceKernelExitGame();
428.  
429. return 0;
430. }