start.c

1. #include "cfw.c"
2. #include "readwrite.c"
3. #include "sectionrw.c"
4. #include "lib1.c"
5. #include "lib2.c"
6. #include "lib3.c"
7.  
8. accessCFW();
9. {
10.     openFS(o);
11.     write(for(func12), keyGet.Value(CE, 16), slot((re)1)); //write function keys from slot 1
12.    
13.     aarc.Do(if_then_section(asm(movs r4, r5, [d4, 0x420AFE0])
14.     {   nIf
15.         if (func12 == co.Read)
16.         {
17.             rwNand.Read(registerCall(callProperty.Mac), REG_AESMAC(ctr, ccm);
18.         }
19.         nEnd
20.     } gwRopEDITOR(function, 0x023A); //use gw function
21.    
22.     ret 0x2400EE00[byte] //return byte value
23.     asm(push lr);
24.    
25.     nID0 //ID0 stored keyDat
26.     {
27.         encrypt.ccm(symPad);
28.         nameSVC(d:crypto);
29.     }
30.    
31.     read(for(func12), keyGet.Value(CE, 16), slot((re)2); //read function keys for slot 2
32.     {
33.         nID1 //ID1 stored keyDat
34.         {
35.             decrypt.ccm(symPad);
36.             nameSVC(d:crypto);
37.         }
38.         asm(movs 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF);
39.         setkey(0x00);
40.     }
41.    
42.     ctr(0xB = 9_R1);
43.    
44.     start(read_nameProc(execute, "sdmc:\execute.bin");
45.     {
46.         finalPayloadKeyX(0x01 0x39 0x72 0xAE 0x6D 0xDD 0x49 0x31 0x32 0x95 0xEE 0xF5 0xCE 0x21 0xDE 0xB6); //keyX layer 3
47.         finalPayloadKeyY(0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00); //keyY layer 3
48.         finalPayloadCTR(0x00); //get ctr from file at 0x00 for layer 3
49.         ctr(0x17AA0F, 0x10, _boot); //ctr decrypt layer 2
50.         cbc(0, 0x10, 0x12 0x12 0x12 0x12 0x13 0x13 0x13 0x13 0x14 0x14 0x14 0x14 0xAE 0xAE 0xAE 0xAE); //cbc decrypt layer 1
51.         ctrpad(0xFF);
52.     }
53.     closeFS(o);
54. }
55.  
56. runCode(procname.Call(execute, suspendAO);