API tools faq
paste
Guest User

Untitled

a guest
Apr 20th, 2018
76
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.59 KB | None | 0 0
raw download clone embed print report
  1. #include <sys/types.h>
  2. #include <sys/stat.h>
  3. #include <unistd.h>
  4. #include <string.h>
  5. #include <stdlib.h>
  6. #include <stdio.h>
  7.  
  8. #include "tools.h"
  9.  
  10. #define OFFSET_TMD 0xEF0
  11. #define OFFSET_TID_TMD 0xE8C
  12. #define OFFSET_NUMCONT_TMD 0xEDE
  13. #define OFFSET_TID_TIC 0xC1C
  14. #define OFFSET_KEY_TIC 0xBFF
  15.  
  16. u8 newTitleId[16]; // HAGP
  17. FILE* wadIn = 0;
  18. FILE* wadOut = 0;
  19. u8 bufOut[100000000]; // 1MB limit
  20. u8 newTitleKey[16];
  21. u8 common_key[16];
  22.  
  23. int file_length(FILE *f)
  24. {
  25. int pos;
  26. int end;
  27. pos = ftell (f);
  28. fseek (f, 0, SEEK_END);
  29. end = ftell (f);
  30. fseek (f, pos, SEEK_SET);
  31. return end;
  32. }
  33.  
  34. static u8 *get_wad(u32 len)
  35. {
  36. u32 rounded_len;
  37. u8 *p;
  38.  
  39. rounded_len = (len + 0x3f) & ~0x3f;
  40. p = malloc(rounded_len);
  41. if (p == 0)
  42. fatal("malloc");
  43. if (len)
  44. if (fread(p, rounded_len, 1, wadOut) != 1)
  45. fatal("get_wad read, len = %x", len);
  46. return p;
  47. }
  48.  
  49. int rounded(int a)
  50. {
  51. return (a+0x3f) & ~0x3f;
  52. }
  53.  
  54. void TRUCHA(u32 pos_tmd, u32 len_tmd)
  55. {
  56. memset(bufOut+pos_tmd+4, 0, 256);
  57.  
  58. u16 cont = 1;
  59. printf("searching");
  60. while(cont)
  61. {
  62. memcpy(&bufOut[pos_tmd+0x19A], &cont, 2);
  63. u8 hash [20];
  64. sha(bufOut+pos_tmd+260, len_tmd-260, hash);
  65. if(hash[0] == 0x00)
  66. {
  67. cont = 0;
  68. printf("\ntrucha patched!\n");
  69. }
  70. else
  71. {
  72. printf(".");
  73. cont++;
  74. }
  75. }
  76. }
  77.  
  78. int main(int argc, char* argv[])
  79. {
  80. if(argc == 3)
  81. {
  82.  
  83. wadIn = fopen(argv[1], "rb");
  84. wadOut = fopen(argv[2], "wb");
  85.  
  86. if(wadIn > 0 && wadOut > 0)
  87. {
  88.  
  89. if(file_length(wadIn) <= sizeof bufOut)
  90. {
  91. fread(bufOut, sizeof bufOut, 1, wadIn);
  92. memcpy(bufOut+OFFSET_TID_TMD+4, "HELP", 4);
  93. memcpy(bufOut+OFFSET_TID_TIC+4, "HELP", 4);
  94. memset(newTitleId, 0, 16);
  95. memcpy(newTitleId, bufOut+OFFSET_TID_TIC, 8);
  96.  
  97. // Calculate new titleKey
  98. get_key("common-key", common_key, 16);
  99. u8 enc_key [16];
  100. memcpy(enc_key, bufOut+OFFSET_KEY_TIC, 16);
  101. aes_cbc_dec(common_key, newTitleId, enc_key, sizeof enc_key, newTitleKey);
  102. printf("\n--------------\n");
  103. printf(" NEW TITLEKEY \n");
  104. printf("--------------\n");
  105. hexdump(newTitleKey, sizeof newTitleKey);
  106.  
  107. /*u32 appData;
  108. u32 rounded_appData = (len + 0x3f) & ~0x3f;
  109. memcpy(&appData, bufOut+0x18, 4);*/
  110. //memcpy(appData, , sizeof appData);
  111. u32 header_len = be32(bufOut);
  112. if (header_len != 0x20)
  113. fatal("bad install header length (%x)", header_len);
  114. u32 len_cert = be32(bufOut+0x8);
  115. u32 len_tik = be32(bufOut+0x10);
  116. u32 len_tmd = be32(bufOut+0x14);
  117. u32 len_app = be32(bufOut+0x18);
  118. u32 len_trailer = be32(bufOut+0x1c);
  119. u32 pos_cert = rounded(header_len);
  120. u32 pos_tik = pos_cert+rounded(len_cert);
  121. u32 pos_tmd = pos_tik+rounded(len_tik);
  122. u32 pos_app = pos_tmd+rounded(len_tmd);
  123. u32 pos_trailer = pos_app+rounded(len_app);
  124. u32 appData = pos_app;
  125.  
  126. TRUCHA(pos_tmd, len_tmd);
  127.  
  128. char nextFile[1400];
  129. int i = 0;
  130. sprintf(nextFile, "%08x.app", i);
  131. FILE* fp = 0;
  132. while((fp = fopen(nextFile, "rb")) > 0)
  133. {
  134. // TMD Entry.
  135. u8 temp [4];
  136. wbe32(temp, i); // Index and CID is the same.
  137. memcpy(bufOut+pos_tmd+0x01e4+(0x24*i), temp, 4); // CID
  138. wbe16(temp, i);
  139. memcpy(bufOut+pos_tmd+0x01e8+(0x24*i), temp, 2); // Index
  140. wbe16(temp, 1);
  141. memcpy(bufOut+pos_tmd+0x01ea+(0x24*i), temp, 2); // Type, Todo: always 1
  142. u32 len = file_length(fp);
  143. u8 temp2[8];
  144. wbe64(temp2, len);
  145. memcpy(bufOut+pos_tmd+0x01ec+(0x24*i), temp2, 8); // Length
  146.  
  147. // Read file
  148. u8 *data = malloc(len); // 1MB limit
  149. memset(data, 0, sizeof data);
  150. fread(data, len, 1, fp);
  151.  
  152. // SHA-1
  153. u8 hash [20];
  154. sha(data, sizeof data, hash);
  155. memcpy(bufOut+pos_tmd+0x01ec+8+(0x24*i), hash, sizeof hash);
  156.  
  157. u32 rounded_len = (len + 0x3f) & ~0x3f;
  158. u8 iv[16];
  159. memset(iv, 0, 16);
  160. memcpy(iv, bufOut+pos_tmd+0x01e8+0x24*i, 2);
  161.  
  162. memset(bufOut+appData, 0, rounded_len);
  163. aes_cbc_enc(newTitleKey, iv, data, rounded_len, bufOut+appData);
  164. free(data);
  165. //memcpy(bufOut+appData, data, rounded_len);
  166. appData += rounded_len;
  167. printf("file done: %s\n", nextFile);
  168.  
  169. i++;
  170. sprintf(nextFile, "%08x.app", i);
  171. fclose(fp);
  172. fp = 0;
  173. }
  174. u8 temp [2];
  175. wbe16(temp, i);
  176. memcpy(bufOut+OFFSET_NUMCONT_TMD, temp, 2);
  177.  
  178. printf("writing \n");
  179. fwrite(bufOut, file_length(wadIn), 1, wadOut);
  180. printf("finished! \n");
  181. }
  182. else
  183. {
  184. printf("error: file too big\n");
  185. }
  186. }
  187. else
  188. {
  189. printf("error: file error\n");
  190. }
  191. fclose(wadIn);
  192. fclose(wadOut);
  193. }
  194. else
  195. {
  196. printf("usage: sjuttio <wad_in> <wad_out>\n");
  197. }
  198. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!