1
/*
2
 * Copyright (c) 2018 naehrwert
3
 * Copyright (c) 2018 st4rk
4
 * Copyright (c) 2018-2025 CTCaer
5
 * Copyright (c) 2018 balika011
6
 *
7
 * This program is free software; you can redistribute it and/or modify it
8
 * under the terms and conditions of the GNU General Public License,
9
 * version 2, as published by the Free Software Foundation.
10
 *
11
 * This program is distributed in the hope it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
14
 * more details.
15
 *
16
 * You should have received a copy of the GNU General Public License
17
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18
 */
19

20
#include <string.h>
21

22
#include <bdk.h>
23

24
#include "hos.h"
25
#include "pkg1.h"
26
#include "../config.h"
27

28
extern hekate_config h_cfg;
29

30
/*
31
 * package1.1 header: <wb, ldr, sm>
32
 * package1.1 layout:
33
 * 1.0:  {sm, ldr, wb} { 2, 1, 0 }
34
 * 2.0+: {wb, ldr, sm} { 0, 1, 2 }
35
 * 4.0+: {ldr, sm, wb} { 1, 2, 0 }
36
 */
37

38
static const u8 sec_map_100[3] = { PK11_SECTION_SM, PK11_SECTION_LD, PK11_SECTION_WB };
39
static const u8 sec_map_2xx[3] = { PK11_SECTION_WB, PK11_SECTION_LD, PK11_SECTION_SM };
40
static const u8 sec_map_4xx[3] = { PK11_SECTION_LD, PK11_SECTION_SM, PK11_SECTION_WB };
41

42
	// Timestamp  KB   TSEC    PK11     SECMON     Warmboot
43
static const pkg1_id_t _pkg1_ids[] = {
44
	{ "20161121",  0, 0x1900, 0x3FE0, 0x40014020, 0x8000D000 }, //  1.0.0.
45
	{ "20170210",  0, 0x1900, 0x3FE0, 0x4002D000, 0x8000D000 }, //  2.0.0 - 2.3.0.
46
	{ "20170519",  1, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000 }, //  3.0.0.
47
	{ "20170710",  2, 0x1A00, 0x3FE0, 0x4002D000, 0x8000D000 }, //  3.0.1 - 3.0.2.
48
	{ "20170921",  3, 0x1800, 0x3FE0, 0x4002B000, 0x4003B000 }, //  4.0.0 - 4.1.0.
49
	{ "20180220",  4, 0x1900, 0x3FE0, 0x4002B000, 0x4003B000 }, //  5.0.0 - 5.1.0.
50
	{ "20180802",  5, 0x1900, 0x3FE0, 0x4002B000, 0x4003D800 }, //  6.0.0 - 6.1.0.
51
	{ "20181107",  6, 0x0E00, 0x6FE0, 0x4002B000, 0x4003D800 }, //  6.2.0.
52
	{ "20181218",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000 }, //  7.0.0.
53
	{ "20190208",  7, 0x0F00, 0x6FE0, 0x40030000, 0x4003E000 }, //  7.0.1.
54
	{ "20190314",  7, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //  8.0.0 - 8.0.1.
55
	{ "20190531",  8, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //  8.1.0 - 8.1.1.
56
	{ "20190809",  9, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //  9.0.0 - 9.0.1.
57
	{ "20191021", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, //  9.1.0 - 9.2.0.
58
	{ "20200303", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 10.0.0 - 10.2.0.
59
	{ "20201030", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 11.0.0 - 11.0.1.
60
	{ "20210129", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 12.0.0 - 12.0.1.
61
	{ "20210422", 10, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 12.0.2 - 12.0.3.
62
	{ "20210607", 11, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 12.1.0.
63
	{ "20210805", 12, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 13.0.0 - 13.2.0
64
	{ "20220105", 12, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 13.2.1.
65
	{ "20220209", 13, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 14.0.0 - 14.1.2.
66
	{ "20220801", 14, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 15.0.0 - 15.0.1.
67
	{ "20230111", 15, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 16.0.0 - 16.1.0.
68
	{ "20230906", 16, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 17.0.0 - 17.0.1.
69
	{ "20240207", 17, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 18.0.0 - 18.1.0.
70
	{ "20240808", 18, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 19.0.0 - 19.0.1.
71
	{ "20250206", 19, 0x0E00, 0x6FE0, 0x40030000, 0x4003E000 }, // 20.0.0+
72
};
73

74
const pkg1_id_t *pkg1_identify(u8 *pkg1, char *build_date)
75
{
76
	pk1_hdr_t *hdr = (pk1_hdr_t *)pkg1;
77
	if (build_date)
78
	{
79
		memcpy(build_date, hdr->timestamp, 14);
80
		build_date[14] = 0;
81
	}
82

83
	for (u32 i = 0; i < ARRAY_SIZE(_pkg1_ids); i++)
84
		if (!memcmp(hdr->timestamp, _pkg1_ids[i].id, 8))
85
			return &_pkg1_ids[i];
86

87
	return NULL;
88
}
89

90
int pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1)
91
{
92
	pk11_hdr_t *hdr;
93

94
	// Decrypt package1.
95
	if (!h_cfg.t210b01)
96
	{
97
		u8 *pkg11 = pkg1 + id->pkg11_off;
98
		u32 pkg11_size = *(u32 *)pkg11;
99
		hdr = (pk11_hdr_t *)(pkg11 + 0x20);
100
		se_aes_crypt_ctr(11, hdr, pkg11_size, hdr, pkg11_size, pkg11 + 0x10);
101
	}
102
	else
103
	{
104
		bl_hdr_t210b01_t *oem_hdr = (bl_hdr_t210b01_t *)pkg1;
105
		pkg1 += sizeof(bl_hdr_t210b01_t);
106
		hdr = (pk11_hdr_t *)(pkg1 + id->pkg11_off + 0x20);
107

108
		// Use BEK for T210B01.
109
		// Additionally, skip 0x20 bytes from decryption to maintain the header.
110
		se_aes_iv_clear(13);
111
		se_aes_crypt_cbc(13, DECRYPT, pkg1 + 0x20, oem_hdr->size - 0x20, pkg1 + 0x20, oem_hdr->size - 0x20);
112
	}
113

114
	// Return if header is valid.
115
	return (hdr->magic == PKG1_MAGIC);
116
}
117

118
const u8 *pkg1_unpack(void *wm_dst, void *sm_dst, void *ldr_dst, const pkg1_id_t *id, u8 *pkg1)
119
{
120
	const u8 *sec_map;
121
	const pk11_hdr_t *hdr = (pk11_hdr_t *)(pkg1 + id->pkg11_off + 0x20);
122

123
	u32 sec_size[3] = { hdr->wb_size, hdr->ldr_size, hdr->sm_size };
124

125
	// Get correct header mapping.
126
	if (id->kb == HOS_KB_VERSION_100 && !memcmp(id->id, "20161121", 8))
127
		sec_map = sec_map_100;
128
	else if (id->kb <= HOS_KB_VERSION_301)
129
		sec_map = sec_map_2xx;
130
	else
131
		sec_map = sec_map_4xx;
132

133
	// Copy secmon, warmboot and nx bootloader payloads.
134
	u8 *pdata = (u8 *)hdr + sizeof(pk11_hdr_t);
135
	for (u32 i = 0; i < 3; i++)
136
	{
137
		u32 ssize = sec_size[sec_map[i]];
138
		switch (sec_map[i])
139
		{
140
		case PK11_SECTION_WB:
141
			if (wm_dst)
142
				memcpy(wm_dst,  pdata, ssize);
143
			break;
144
		case PK11_SECTION_LD:
145
			if (ldr_dst)
146
				memcpy(ldr_dst, pdata, ssize);
147
			break;
148
		case PK11_SECTION_SM:
149
			if (sm_dst)
150
				memcpy(sm_dst,  pdata, ssize);
151
			break;
152
		}
153
		pdata += ssize;
154
	}
155

156
	return sec_map;
157
}
158

159