Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <unistd.h>
- #include <string.h>
- #include <stdlib.h>
- #include <stdio.h>
- #include "tools.h"
- #define OFFSET_TMD 0xEF0
- #define OFFSET_TID_TMD 0xE8C
- #define OFFSET_NUMCONT_TMD 0xEDE
- #define OFFSET_TID_TIC 0xC1C
- #define OFFSET_KEY_TIC 0xBFF
- u8 newTitleId[16]; // HAGP
- FILE* wadIn = 0;
- FILE* wadOut = 0;
- u8 bufOut[100000000]; // 1MB limit
- u8 newTitleKey[16];
- u8 common_key[16];
- int file_length(FILE *f)
- {
- int pos;
- int end;
- pos = ftell (f);
- fseek (f, 0, SEEK_END);
- end = ftell (f);
- fseek (f, pos, SEEK_SET);
- return end;
- }
- static u8 *get_wad(u32 len)
- {
- u32 rounded_len;
- u8 *p;
- rounded_len = (len + 0x3f) & ~0x3f;
- p = malloc(rounded_len);
- if (p == 0)
- fatal("malloc");
- if (len)
- if (fread(p, rounded_len, 1, wadOut) != 1)
- fatal("get_wad read, len = %x", len);
- return p;
- }
- int rounded(int a)
- {
- return (a+0x3f) & ~0x3f;
- }
- void TRUCHA(u32 pos_tmd, u32 len_tmd)
- {
- memset(bufOut+pos_tmd+4, 0, 256);
- u16 cont = 1;
- printf("searching");
- while(cont)
- {
- memcpy(&bufOut[pos_tmd+0x19A], &cont, 2);
- u8 hash [20];
- sha(bufOut+pos_tmd+260, len_tmd-260, hash);
- if(hash[0] == 0x00)
- {
- cont = 0;
- printf("\ntrucha patched!\n");
- }
- else
- {
- printf(".");
- cont++;
- }
- }
- }
- int main(int argc, char* argv[])
- {
- if(argc == 3)
- {
- wadIn = fopen(argv[1], "rb");
- wadOut = fopen(argv[2], "wb");
- if(wadIn > 0 && wadOut > 0)
- {
- if(file_length(wadIn) <= sizeof bufOut)
- {
- fread(bufOut, sizeof bufOut, 1, wadIn);
- memcpy(bufOut+OFFSET_TID_TMD+4, "HELP", 4);
- memcpy(bufOut+OFFSET_TID_TIC+4, "HELP", 4);
- memset(newTitleId, 0, 16);
- memcpy(newTitleId, bufOut+OFFSET_TID_TIC, 8);
- // Calculate new titleKey
- get_key("common-key", common_key, 16);
- u8 enc_key [16];
- memcpy(enc_key, bufOut+OFFSET_KEY_TIC, 16);
- aes_cbc_dec(common_key, newTitleId, enc_key, sizeof enc_key, newTitleKey);
- printf("\n--------------\n");
- printf(" NEW TITLEKEY \n");
- printf("--------------\n");
- hexdump(newTitleKey, sizeof newTitleKey);
- /*u32 appData;
- u32 rounded_appData = (len + 0x3f) & ~0x3f;
- memcpy(&appData, bufOut+0x18, 4);*/
- //memcpy(appData, , sizeof appData);
- u32 header_len = be32(bufOut);
- if (header_len != 0x20)
- fatal("bad install header length (%x)", header_len);
- u32 len_cert = be32(bufOut+0x8);
- u32 len_tik = be32(bufOut+0x10);
- u32 len_tmd = be32(bufOut+0x14);
- u32 len_app = be32(bufOut+0x18);
- u32 len_trailer = be32(bufOut+0x1c);
- u32 pos_cert = rounded(header_len);
- u32 pos_tik = pos_cert+rounded(len_cert);
- u32 pos_tmd = pos_tik+rounded(len_tik);
- u32 pos_app = pos_tmd+rounded(len_tmd);
- u32 pos_trailer = pos_app+rounded(len_app);
- u32 appData = pos_app;
- TRUCHA(pos_tmd, len_tmd);
- char nextFile[1400];
- int i = 0;
- sprintf(nextFile, "%08x.app", i);
- FILE* fp = 0;
- while((fp = fopen(nextFile, "rb")) > 0)
- {
- // TMD Entry.
- u8 temp [4];
- wbe32(temp, i); // Index and CID is the same.
- memcpy(bufOut+pos_tmd+0x01e4+(0x24*i), temp, 4); // CID
- wbe16(temp, i);
- memcpy(bufOut+pos_tmd+0x01e8+(0x24*i), temp, 2); // Index
- wbe16(temp, 1);
- memcpy(bufOut+pos_tmd+0x01ea+(0x24*i), temp, 2); // Type, Todo: always 1
- u32 len = file_length(fp);
- u8 temp2[8];
- wbe64(temp2, len);
- memcpy(bufOut+pos_tmd+0x01ec+(0x24*i), temp2, 8); // Length
- // Read file
- u8 *data = malloc(len); // 1MB limit
- memset(data, 0, sizeof data);
- fread(data, len, 1, fp);
- // SHA-1
- u8 hash [20];
- sha(data, sizeof data, hash);
- memcpy(bufOut+pos_tmd+0x01ec+8+(0x24*i), hash, sizeof hash);
- u32 rounded_len = (len + 0x3f) & ~0x3f;
- u8 iv[16];
- memset(iv, 0, 16);
- memcpy(iv, bufOut+pos_tmd+0x01e8+0x24*i, 2);
- memset(bufOut+appData, 0, rounded_len);
- aes_cbc_enc(newTitleKey, iv, data, rounded_len, bufOut+appData);
- free(data);
- //memcpy(bufOut+appData, data, rounded_len);
- appData += rounded_len;
- printf("file done: %s\n", nextFile);
- i++;
- sprintf(nextFile, "%08x.app", i);
- fclose(fp);
- fp = 0;
- }
- u8 temp [2];
- wbe16(temp, i);
- memcpy(bufOut+OFFSET_NUMCONT_TMD, temp, 2);
- printf("writing \n");
- fwrite(bufOut, file_length(wadIn), 1, wadOut);
- printf("finished! \n");
- }
- else
- {
- printf("error: file too big\n");
- }
- }
- else
- {
- printf("error: file error\n");
- }
- fclose(wadIn);
- fclose(wadOut);
- }
- else
- {
- printf("usage: sjuttio <wad_in> <wad_out>\n");
- }
- }
Add Comment
Please, Sign In to add comment