-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
zoogie
authored and
zoogie
committed
Jun 23, 2019
1 parent
94de247
commit 5871c63
Showing
13 changed files
with
2,553 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#--------------------------------------------------------------------------------- | ||
.SUFFIXES: | ||
#--------------------------------------------------------------------------------- | ||
ifeq ($(strip $(DEVKITARM)),) | ||
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM") | ||
endif | ||
|
||
export TARGET := $(shell basename $(CURDIR)) | ||
export TOPDIR := $(CURDIR) | ||
|
||
# specify a directory which contains the nitro filesystem | ||
# this is relative to the Makefile | ||
NITRO_FILES := | ||
|
||
# These set the information text in the nds file | ||
GAME_TITLE := dumpTool | ||
GAME_SUBTITLE1 := zoogie | ||
GAME_SUBTITLE2 := Dump DSi NAND w/ nocash footer | ||
|
||
include $(DEVKITARM)/ds_rules | ||
|
||
.PHONY: checkarm7 checkarm9 clean | ||
|
||
#--------------------------------------------------------------------------------- | ||
# main targets | ||
#--------------------------------------------------------------------------------- | ||
all: checkarm7 checkarm9 $(TARGET).nds | ||
|
||
#--------------------------------------------------------------------------------- | ||
checkarm7: | ||
$(MAKE) -C arm7 | ||
|
||
#--------------------------------------------------------------------------------- | ||
checkarm9: | ||
$(MAKE) -C arm9 | ||
|
||
#--------------------------------------------------------------------------------- | ||
$(TARGET).nds : $(NITRO_FILES) arm7/$(TARGET).elf arm9/$(TARGET).elf | ||
ndstool -c $(TARGET).nds -7 arm7/$(TARGET).elf -9 arm9/$(TARGET).elf \ | ||
-b $(GAME_ICON) "$(GAME_TITLE);$(GAME_SUBTITLE1);$(GAME_SUBTITLE2)" \ | ||
$(_ADDFILES) | ||
|
||
#--------------------------------------------------------------------------------- | ||
arm7/$(TARGET).elf: | ||
$(MAKE) -C arm7 | ||
|
||
#--------------------------------------------------------------------------------- | ||
arm9/$(TARGET).elf: | ||
$(MAKE) -C arm9 | ||
|
||
#--------------------------------------------------------------------------------- | ||
clean: | ||
$(MAKE) -C arm9 clean | ||
$(MAKE) -C arm7 clean | ||
rm -f $(TARGET).nds $(TARGET).arm7 $(TARGET).arm9 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
Directions: | ||
Just boot the dumpTool.nds app and press A. | ||
It will dump a nand.bin with nocash footer to your dsi at | ||
DT010203040A0B0C0D/nand.bin | ||
The folder will be next to wherever you put dumpTool.nds. And obviously, your foldername will have different characters. It's console-unique. | ||
|
||
General Info: | ||
This tool should create a nand.bin identical to fwTool.nds 2.0. The same holds true for its nand.bin.sha1 file as well. | ||
If this isn't the case in your neck of the woods, please make an issue :) | ||
(note that identical nands can only occur if both app's output are compared in the same hbmenu session; booting to dsi home menu in between will undoubtably change NAND contents) | ||
|
||
Features: | ||
- Completely open source. | ||
- Lots of checks, including verifying the nocash footer will decrypt the outputed NAND. Low battery and insufficient SD space are also checked. | ||
- Project has a permissive license, and more importantly, its dev is permissive. I don't care what's done with this post-release as long as credit is given. | ||
- Simple operation. Just press A and watch it go. | ||
- You can cancel the dump in progress. The incomplete nand will be cleaned up. | ||
- A little bit faster than fwTool. Should complete in about 7 minutes. | ||
|
||
Thanks: | ||
Martin Korth (nocash) - Documenting the consoleID dumping method on GBAtek. | ||
Tinivi - Borrowed his 3ds mode (arm9) aes function from https://github.com/TiniVi/AHPCFW/ | ||
WulfyStylez - Loosely followed his method for nocash footer verification in twlTool: | ||
https://gbatemp.net/threads/release-twltool-dsi-downgrading-save-injection-etc-multitool.393488/ (attachment has source code) | ||
neimod - Taddy dsi aes functions (dsi.c/h) https://github.com/neimod/dsi/tree/master/taddy (this inlcludes some polarssl files (aes.c/h) and that is GPL v2, info in aes.h) | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
#--------------------------------------------------------------------------------- | ||
.SUFFIXES: | ||
#--------------------------------------------------------------------------------- | ||
ifeq ($(strip $(DEVKITARM)),) | ||
$(error "Please set DEVKITARM in your environment. export DEVKITARM=<path to>devkitARM") | ||
endif | ||
|
||
include $(DEVKITARM)/ds_rules | ||
|
||
#--------------------------------------------------------------------------------- | ||
# BUILD is the directory where object files & intermediate files will be placed | ||
# SOURCES is a list of directories containing source code | ||
# INCLUDES is a list of directories containing extra header files | ||
# DATA is a list of directories containing binary files | ||
# all directories are relative to this makefile | ||
#--------------------------------------------------------------------------------- | ||
BUILD := build | ||
SOURCES := source | ||
INCLUDES := include build | ||
DATA := | ||
|
||
#--------------------------------------------------------------------------------- | ||
# options for code generation | ||
#--------------------------------------------------------------------------------- | ||
ARCH := -mthumb-interwork | ||
|
||
CFLAGS := -g -Wall -O0\ | ||
-mcpu=arm7tdmi -mtune=arm7tdmi -fomit-frame-pointer\ | ||
-ffast-math \ | ||
$(ARCH) | ||
|
||
CFLAGS += $(INCLUDE) -DARM7 | ||
CXXFLAGS := $(CFLAGS) -fno-rtti -fno-exceptions -fno-rtti | ||
|
||
|
||
ASFLAGS := -g $(ARCH) | ||
LDFLAGS = -specs=ds_arm7.specs -g $(ARCH) -Wl,-Map,$(notdir $*).map | ||
|
||
LIBS := -ldswifi7 -lmm7 -lnds7 | ||
|
||
#--------------------------------------------------------------------------------- | ||
# list of directories containing libraries, this must be the top level containing | ||
# include and lib | ||
#--------------------------------------------------------------------------------- | ||
LIBDIRS := $(LIBNDS) | ||
|
||
|
||
#--------------------------------------------------------------------------------- | ||
# no real need to edit anything past this point unless you need to add additional | ||
# rules for different file extensions | ||
#--------------------------------------------------------------------------------- | ||
ifneq ($(BUILD),$(notdir $(CURDIR))) | ||
#--------------------------------------------------------------------------------- | ||
|
||
export ARM7ELF := $(CURDIR)/$(TARGET).elf | ||
export DEPSDIR := $(CURDIR)/$(BUILD) | ||
|
||
export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) | ||
|
||
CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c))) | ||
CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp))) | ||
SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s))) | ||
BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*))) | ||
|
||
export OFILES := $(addsuffix .o,$(BINFILES)) \ | ||
$(CPPFILES:.cpp=.o) $(CFILES:.c=.o) $(SFILES:.s=.o) | ||
|
||
export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \ | ||
$(foreach dir,$(LIBDIRS),-I$(dir)/include) \ | ||
-I$(CURDIR)/$(BUILD) | ||
|
||
export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib) | ||
|
||
#--------------------------------------------------------------------------------- | ||
# use CXX for linking C++ projects, CC for standard C | ||
#--------------------------------------------------------------------------------- | ||
ifeq ($(strip $(CPPFILES)),) | ||
#--------------------------------------------------------------------------------- | ||
export LD := $(CC) | ||
#--------------------------------------------------------------------------------- | ||
else | ||
#--------------------------------------------------------------------------------- | ||
export LD := $(CXX) | ||
#--------------------------------------------------------------------------------- | ||
endif | ||
#--------------------------------------------------------------------------------- | ||
|
||
.PHONY: $(BUILD) clean | ||
|
||
#--------------------------------------------------------------------------------- | ||
$(BUILD): | ||
@[ -d $@ ] || mkdir -p $@ | ||
@$(MAKE) --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile | ||
|
||
#--------------------------------------------------------------------------------- | ||
clean: | ||
@echo clean ... | ||
@rm -fr $(BUILD) *.elf | ||
|
||
|
||
#--------------------------------------------------------------------------------- | ||
else | ||
|
||
DEPENDS := $(OFILES:.o=.d) | ||
|
||
#--------------------------------------------------------------------------------- | ||
# main targets | ||
#--------------------------------------------------------------------------------- | ||
$(ARM7ELF) : $(OFILES) | ||
@echo linking $(notdir $@) | ||
@$(LD) $(LDFLAGS) $(OFILES) $(LIBPATHS) $(LIBS) -o $@ | ||
|
||
|
||
#--------------------------------------------------------------------------------- | ||
# you need a rule like this for each extension you use as binary data | ||
#--------------------------------------------------------------------------------- | ||
%.bin.o : %.bin | ||
#--------------------------------------------------------------------------------- | ||
@echo $(notdir $<) | ||
@$(bin2o) | ||
|
||
-include $(DEPENDS) | ||
|
||
#--------------------------------------------------------------------------------------- | ||
endif | ||
#--------------------------------------------------------------------------------------- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,157 @@ | ||
/*--------------------------------------------------------------------------------- | ||
derived from the default ARM7 core | ||
Copyright (C) 2005 - 2010 | ||
Michael Noland (joat) | ||
Jason Rogers (dovoto) | ||
Dave Murphy (WinterMute) | ||
This software is provided 'as-is', without any express or implied | ||
warranty. In no event will the authors be held liable for any | ||
damages arising from the use of this software. | ||
Permission is granted to anyone to use this software for any | ||
purpose, including commercial applications, and to alter it and | ||
redistribute it freely, subject to the following restrictions: | ||
1. The origin of this software must not be misrepresented; you | ||
must not claim that you wrote the original software. If you use | ||
this software in a product, an acknowledgment in the product | ||
documentation would be appreciated but is not required. | ||
2. Altered source versions must be plainly marked as such, and | ||
must not be misrepresented as being the original software. | ||
3. This notice may not be removed or altered from any source | ||
distribution. | ||
---------------------------------------------------------------------------------*/ | ||
#include <nds.h> | ||
#include <stdio.h> | ||
#include <string.h> | ||
#include <dswifi7.h> | ||
#include <maxmod7.h> | ||
#include <nds/bios.h> | ||
#include <nds/arm7/aes.h> | ||
|
||
//--------------------------------------------------------------------------------- | ||
void VblankHandler(void) { | ||
//--------------------------------------------------------------------------------- | ||
Wifi_Update(); | ||
} | ||
|
||
|
||
//--------------------------------------------------------------------------------- | ||
void VcountHandler() { | ||
//--------------------------------------------------------------------------------- | ||
inputGetAndSend(); | ||
} | ||
|
||
volatile bool exitflag = false; | ||
|
||
//--------------------------------------------------------------------------------- | ||
void powerButtonCB() { | ||
//--------------------------------------------------------------------------------- | ||
exitflag = true; | ||
} | ||
|
||
/* | ||
REG_AESCNT 0x04004400 4 | ||
REG_AESBLKCNT 0x04004404 4 | ||
REG_AESWRFIFO 0x04004408 4 | ||
REG_AESRDFIFO 0x0400440C 4 | ||
REG_AESCTR 0x04004420 16 | ||
REG_AESMAC 0x04004430 16 | ||
REG_AESKEY0 0x04004440 48 | ||
REG_AESKEY1 0x04004470 48 | ||
REG_AESKEY2 0x040044A0 48 | ||
REG_AESKEY3 0x040044D0 48 | ||
*/ | ||
|
||
#define AES_CTR_DECRYPT (2 << 27) | ||
|
||
void set_ctr(u32* ctr){ | ||
for (int i = 0; i < 4; i++) REG_AES_IV[i] = ctr[3-i]; | ||
} | ||
|
||
void wait(int ticks){ | ||
|
||
while(ticks--)swiWaitForVBlank(); | ||
} | ||
|
||
// 10 11 22 23 24 25 | ||
void aes(void* in, void* out, void* iv, u32 method){ //this is sort of a bodged together dsi aes function adapted from this 3ds function | ||
REG_AES_CNT = ( AES_CNT_MODE(method) | //https://github.com/TiniVi/AHPCFW/blob/master/source/aes.c#L42 | ||
AES_WRFIFO_FLUSH | //as long as the output changes when keyslot values change, it's good enough. | ||
AES_RDFIFO_FLUSH | | ||
AES_CNT_KEY_APPLY | | ||
AES_CNT_KEYSLOT(3) | | ||
AES_CNT_DMA_WRITE_SIZE(2) | | ||
AES_CNT_DMA_READ_SIZE(1) | ||
); | ||
|
||
if (iv != NULL) set_ctr((u32*)iv); | ||
REG_AES_BLKCNT = (1 << 16); | ||
REG_AES_CNT |= 0x80000000; | ||
|
||
for (int j = 0; j < 0x10; j+=4) REG_AES_WRFIFO = *((u32*)(in+j)); | ||
while(((REG_AES_CNT >> 0x5) & 0x1F) < 0x4); //wait for every word to get processed | ||
for (int j = 0; j < 0x10; j+=4) *((u32*)(out+j)) = REG_AES_RDFIFO; | ||
//REG_AES_CNT &= ~0x80000000; | ||
//if (method & (AES_CTR_DECRYPT | AES_CTR_ENCRYPT)) add_ctr((u8*)iv); | ||
} | ||
|
||
//--------------------------------------------------------------------------------- | ||
int main() { | ||
//--------------------------------------------------------------------------------- | ||
|
||
//readUserSettings(); | ||
irqInit(); | ||
fifoInit(); | ||
//mmInstall(FIFO_MAXMOD); | ||
//initClockIRQ(); // Start the RTC tracking IRQ | ||
//SetYtrigger(80); | ||
//installWifiFIFO(); | ||
//installSoundFIFO(); | ||
installSystemFIFO(); | ||
irqSet(IRQ_VCOUNT, VcountHandler); | ||
irqSet(IRQ_VBLANK, VblankHandler); | ||
irqEnable( IRQ_VBLANK | IRQ_VCOUNT | IRQ_NETWORK); | ||
//setPowerButtonCB(powerButtonCB); | ||
|
||
u8 base[16]={0}; | ||
u8 in[16]={0}; | ||
u8 iv[16]={0}; | ||
u8 *scratch=(u8*)0x02300200; | ||
u8 *out=(u8*)0x02300000; | ||
u8 *key3=(u8*)0x40044D0; | ||
|
||
aes(in, base, iv, 2); | ||
|
||
//write consecutive 0-255 values to any byte in key3 until we get the same aes output as "base" above - this reveals the hidden byte. this way we can uncover all 16 bytes of the key3 normalkey pretty easily. | ||
//greets to Martin Korth for this trick https://problemkaputt.de/gbatek.htm#dsiaesioports (Reading Write-Only Values) | ||
for(int i=0;i<16;i++){ | ||
for(int j=0;j<256;j++){ | ||
*(key3+i)=j & 0xFF; | ||
aes(in, scratch, iv, 2); | ||
if(!memcmp(scratch, base, 16)){ | ||
out[i]=j; | ||
//hit++; | ||
break; | ||
} | ||
} | ||
} | ||
|
||
fifoSendValue32(FIFO_USER_01, 42);//just signal to the arm9 that everything's ready. the value doesn't matter | ||
|
||
// Keep the ARM7 mostly eric idle | ||
while (!exitflag) { | ||
if ( 0 == (REG_KEYINPUT & (KEY_SELECT | KEY_START | KEY_X | KEY_Y))) { | ||
exitflag = true; | ||
} | ||
swiWaitForVBlank(); | ||
} | ||
|
||
return 0; | ||
} |
Oops, something went wrong.