Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include "cfw.c"
- #include "readwrite.c"
- #include "sectionrw.c"
- #include "lib1.c"
- #include "lib2.c"
- #include "lib3.c"
- accessCFW();
- {
- openFS(o);
- write(for(func12), keyGet.Value(CE, 16), slot((re)1)); //write function keys from slot 1
- aarc.Do(if_then_section(asm(movs r4, r5, [d4, 0x420AFE0])
- { nIf
- if (func12 == co.Read)
- {
- rwNand.Read(registerCall(callProperty.Mac), REG_AESMAC(ctr, ccm);
- }
- nEnd
- } gwRopEDITOR(function, 0x023A); //use gw function
- ret 0x2400EE00[byte] //return byte value
- asm(push lr);
- nID0 //ID0 stored keyDat
- {
- encrypt.ccm(symPad);
- nameSVC(d:crypto);
- }
- read(for(func12), keyGet.Value(CE, 16), slot((re)2); //read function keys for slot 2
- {
- nID1 //ID1 stored keyDat
- {
- decrypt.ccm(symPad);
- nameSVC(d:crypto);
- }
- asm(movs 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF);
- setkey(0x00);
- }
- ctr(0xB = 9_R1);
- start(read_nameProc(execute, "sdmc:\execute.bin");
- {
- finalPayloadKeyX(0x01 0x39 0x72 0xAE 0x6D 0xDD 0x49 0x31 0x32 0x95 0xEE 0xF5 0xCE 0x21 0xDE 0xB6); //keyX layer 3
- finalPayloadKeyY(0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00); //keyY layer 3
- finalPayloadCTR(0x00); //get ctr from file at 0x00 for layer 3
- ctr(0x17AA0F, 0x10, _boot); //ctr decrypt layer 2
- cbc(0, 0x10, 0x12 0x12 0x12 0x12 0x13 0x13 0x13 0x13 0x14 0x14 0x14 0x14 0xAE 0xAE 0xAE 0xAE); //cbc decrypt layer 1
- ctrpad(0xFF);
- }
- closeFS(o);
- }
- runCode(procname.Call(execute, suspendAO);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement