Bring CIA up to par with 3DS

This commit is contained in:
Matt Nadareski
2024-10-13 22:49:31 -04:00
parent 72afaeb010
commit ead4f52f3c
3 changed files with 483 additions and 229 deletions

View File

@@ -161,15 +161,11 @@ namespace NDecrypt.N3DS
// Get the table entry -- TODO: Fix this to get the real entry
var tableEntry = new PartitionTableEntry();
// Determine the Keys to be used
SetEncryptionKeys(ncchHeader, index, encrypt);
// Process the extended header
ProcessExtendedHeader(ncchHeader, index, tableEntry, encrypt, input, output);
// If we're encrypting, encrypt the filesystems and update the flags
if (encrypt)
{
SetEncryptionKeys(ncchHeader, index);
EncryptExtendedHeader(ncchHeader, index, tableEntry, input, output);
EncryptExeFS(ncchHeader, index, tableEntry, input, output);
EncryptRomFS(ncchHeader, index, tableEntry, input, output);
UpdateEncryptCryptoAndMasks(ncchHeader, index, tableEntry, output);
@@ -178,228 +174,86 @@ namespace NDecrypt.N3DS
// If we're decrypting, decrypt the filesystems and update the flags
else
{
SetDecryptionKeys(ncchHeader, index);
DecryptExtendedHeader(ncchHeader, index, tableEntry, input, output);
DecryptExeFS(ncchHeader, index, tableEntry, input, output);
DecryptRomFS(ncchHeader, index, tableEntry, input, output);
UpdateDecryptCryptoAndMasks(ncchHeader, tableEntry, output);
}
}
#endregion
#region Decrypt
/// <summary>
/// Determine the set of keys to be used for encryption or decryption
/// Determine the set of keys to be used for decryption
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="encrypt">Indicates if the file should be encrypted or decrypted</param>
private void SetEncryptionKeys(NCCHHeader ncchHeader, int index, bool encrypt)
private void SetDecryptionKeys(NCCHHeader ncchHeader, int index)
{
// Get partition-specific values
byte[]? rsaSignature = ncchHeader.RSA2048Signature;
// TODO: Figure out what sane defaults for these values are
// Set the header to use based on mode
BitMasks masks = BitMasks.NoCrypto;
CryptoMethod method = CryptoMethod.Original;
if (encrypt)
{
// TODO: Can we actually re-encrypt a CIA?
//masks = ciaHeader.BackupHeader.Flags.BitMasks;
//method = ciaHeader.BackupHeader.Flags.CryptoMethod;
}
else
{
masks = ncchHeader.Flags!.BitMasks;
method = ncchHeader.Flags.CryptoMethod;
}
BitMasks masks = ncchHeader.Flags!.BitMasks;
CryptoMethod method = ncchHeader.Flags.CryptoMethod;
// Get the partition keys
KeysMap[index] = new PartitionKeys(_decryptArgs, rsaSignature, masks, method, _development);
}
/// <summary>
/// Process the extended header, if it exists
/// Decrypt the extended header, if it exists
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="encrypt">Indicates if the file should be encrypted or decrypted</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private bool ProcessExtendedHeader(NCCHHeader ncchHeader,
private bool DecryptExtendedHeader(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
bool encrypt,
Stream input,
Stream output)
{
// TODO: Determine how to figure out the MediaUnitSize without an NCSD header. Is it a default value?
uint mediaUnitSize = 0x200; // mediaUnitSize;
if (ncchHeader.ExtendedHeaderSizeInBytes > 0)
// Get required offsets
uint mediaUnitSize = 0x200;
uint partitionOffset = GetPartitionOffset(tableEntry, mediaUnitSize);
if (partitionOffset == 0)
{
input.Seek((tableEntry.Offset * mediaUnitSize) + 0x200, SeekOrigin.Begin);
output.Seek((tableEntry.Offset * mediaUnitSize) + 0x200, SeekOrigin.Begin);
Console.WriteLine($"Partition {index} ExeFS: " + (encrypt ? "Encrypting" : "Decrypting") + ": ExHeader");
var cipher = CreateAESCipher(KeysMap[index].NormalKey2C, ncchHeader.PlainIV(), encrypt);
output.Write(cipher.ProcessBytes(input.ReadBytes(Constants.CXTExtendedDataHeaderLength)));
output.Flush();
return true;
}
else
{
Console.WriteLine($"Partition {index} ExeFS: No Extended Header... Skipping...");
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return false;
}
}
/// <summary>
/// Process the extended header, if it exists
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="encrypt">Indicates if the file should be encrypted or decrypted</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void ProcessExeFSFileEntries(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
bool encrypt,
Stream input,
Stream output)
{
// TODO: Determine how to figure out the MediaUnitSize without an NCSD header. Is it a default value?
uint mediaUnitSize = 0x200; // mediaUnitSize;
input.Seek((tableEntry.Offset + ncchHeader.ExeFSOffsetInMediaUnits) * mediaUnitSize, SeekOrigin.Begin);
var exefsHeader = N3DSDeserializer.ParseExeFSHeader(input);
// If the header failed to read, log and return
if (exefsHeader?.FileHeaders == null)
uint extHeaderSize = GetExtendedHeaderSize(ncchHeader);
if (extHeaderSize == 0)
{
Console.WriteLine($"Partition {index} ExeFS header could not be read. Skipping...");
return;
Console.WriteLine($"Partition {index} RomFS: No Extended Header... Skipping...");
return false;
}
foreach (var fileHeader in exefsHeader.FileHeaders)
{
// Only decrypt a file if it's a code binary
if (fileHeader == null || !fileHeader.IsCodeBinary())
continue;
// Seek to the extended header
input.Seek(partitionOffset + 0x200, SeekOrigin.Begin);
output.Seek(partitionOffset + 0x200, SeekOrigin.Begin);
uint datalenM = ((fileHeader.FileSize) / (1024 * 1024));
uint datalenB = ((fileHeader.FileSize) % (1024 * 1024));
uint ctroffset = ((fileHeader.FileOffset + mediaUnitSize) / 0x10);
Console.WriteLine($"Partition {index} ExeFS: Decrypting: ExHeader");
byte[] exefsIVWithOffsetForHeader = AddToByteArray(ncchHeader.ExeFSIV(), (int)ctroffset);
// Create the Plain AES cipher for this partition
var cipher = CreateAESDecryptionCipher(KeysMap[index].NormalKey2C, ncchHeader.PlainIV());
var firstCipher = CreateAESCipher(KeysMap[index].NormalKey, exefsIVWithOffsetForHeader, encrypt);
var secondCipher = CreateAESCipher(KeysMap[index].NormalKey2C, exefsIVWithOffsetForHeader, !encrypt);
// Process the extended header
PerformAESOperation(Constants.CXTExtendedDataHeaderLength, cipher, input, output, null);
input.Seek((((tableEntry.Offset + ncchHeader.ExeFSOffsetInMediaUnits) + 1) * mediaUnitSize) + fileHeader.FileOffset, SeekOrigin.Begin);
output.Seek((((tableEntry.Offset + ncchHeader.ExeFSOffsetInMediaUnits) + 1) * mediaUnitSize) + fileHeader.FileOffset, SeekOrigin.Begin);
if (datalenM > 0)
{
for (int i = 0; i < datalenM; i++)
{
output.Write(secondCipher.ProcessBytes(firstCipher.ProcessBytes(input.ReadBytes(1024 * 1024))));
output.Flush();
Console.Write($"\rPartition {index} ExeFS: " + (encrypt ? "Encrypting" : "Decrypting") + $": {fileHeader.FileName}... {i} / {datalenM + 1} mb...");
}
}
if (datalenB > 0)
{
output.Write(secondCipher.DoFinal(firstCipher.DoFinal(input.ReadBytes((int)datalenB))));
output.Flush();
}
Console.Write($"\rPartition {index} ExeFS: " + (encrypt ? "Encrypting" : "Decrypting") + $": {fileHeader.FileName}... {datalenM + 1} / {datalenM + 1} mb... Done!\r\n");
}
}
/// <summary>
/// Process the ExeFS Filename Table
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="encrypt">Indicates if the file should be encrypted or decrypted</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void ProcessExeFSFilenameTable(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
bool encrypt,
Stream input,
Stream output)
{
// TODO: Determine how to figure out the MediaUnitSize without an NCSD header. Is it a default value?
uint mediaUnitSize = 0x200; // mediaUnitSize;
input.Seek((tableEntry.Offset + ncchHeader.ExeFSOffsetInMediaUnits) * mediaUnitSize, SeekOrigin.Begin);
output.Seek((tableEntry.Offset + ncchHeader.ExeFSOffsetInMediaUnits) * mediaUnitSize, SeekOrigin.Begin);
Console.WriteLine($"Partition {index} ExeFS: " + (encrypt ? "Encrypting" : "Decrypting") + $": ExeFS Filename Table");
var exeFSFilenameTable = CreateAESCipher(KeysMap[index].NormalKey2C, ncchHeader.ExeFSIV(), encrypt);
output.Write(exeFSFilenameTable.ProcessBytes(input.ReadBytes((int)mediaUnitSize)));
#if NET6_0_OR_GREATER
// In .NET 6.0, this operation is not picked up by the reader, so we have to force it to reload its buffer
input.Seek(0, SeekOrigin.Begin);
#endif
output.Flush();
return true;
}
/// <summary>
/// Process the ExeFS, if it exists
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="encrypt">Indicates if the file should be encrypted or decrypted</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void ProcessExeFS(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
bool encrypt,
Stream input,
Stream output)
{
// TODO: Determine how to figure out the MediaUnitSize without an NCSD header. Is it a default value?
uint mediaUnitSize = 0x200; // mediaUnitSize;
int exefsSizeM = (int)((long)((ncchHeader.ExeFSSizeInMediaUnits - 1) * mediaUnitSize) / (1024 * 1024));
int exefsSizeB = (int)((long)((ncchHeader.ExeFSSizeInMediaUnits - 1) * mediaUnitSize) % (1024 * 1024));
int ctroffsetE = (int)(mediaUnitSize / 0x10);
byte[] exefsIVWithOffset = AddToByteArray(ncchHeader.ExeFSIV(), ctroffsetE);
var exeFS = CreateAESCipher(KeysMap[index].NormalKey2C, exefsIVWithOffset, encrypt);
input.Seek((tableEntry.Offset + ncchHeader.ExeFSOffsetInMediaUnits + 1) * mediaUnitSize, SeekOrigin.Begin);
output.Seek((tableEntry.Offset + ncchHeader.ExeFSOffsetInMediaUnits + 1) * mediaUnitSize, SeekOrigin.Begin);
if (exefsSizeM > 0)
{
for (int i = 0; i < exefsSizeM; i++)
{
output.Write(exeFS.ProcessBytes(input.ReadBytes(1024 * 1024)));
output.Flush();
Console.Write($"\rPartition {index} ExeFS: " + (encrypt ? "Encrypting" : "Decrypting") + $": {i} / {exefsSizeM + 1} mb");
}
}
if (exefsSizeB > 0)
{
output.Write(exeFS.DoFinal(input.ReadBytes(exefsSizeB)));
output.Flush();
}
Console.Write($"\rPartition {index} ExeFS: " + (encrypt ? "Encrypting" : "Decrypting") + $": {exefsSizeM + 1} / {exefsSizeM + 1} mb... Done!\r\n");
}
#endregion
#region Decrypt
/// <summary>
/// Decrypt the ExeFS, if it exists
/// </summary>
@@ -408,28 +262,156 @@ namespace NDecrypt.N3DS
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void DecryptExeFS(NCCHHeader ncchHeader,
private bool DecryptExeFS(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
Stream input,
Stream output)
{
// If the ExeFS size is 0, we log and return
if (ncchHeader.ExeFSSizeInMediaUnits == 0)
// Validate the ExeFS
uint mediaUnitSize = 0x200;
uint exeFsOffset = GetExeFSOffset(ncchHeader, tableEntry, mediaUnitSize) - mediaUnitSize;
if (exeFsOffset == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return false;
}
uint exeFsSize = GetExeFSSize(ncchHeader, mediaUnitSize);
if (exeFsSize == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return false;
}
// Decrypt the filename table
DecryptExeFSFilenameTable(ncchHeader, index, tableEntry, input, output);
// For all but the original crypto method, process each of the files in the table
if (ncchHeader.Flags!.CryptoMethod != CryptoMethod.Original)
DecryptExeFSFileEntries(ncchHeader, index, tableEntry, input, output);
// Seek to the ExeFS
input.Seek(exeFsOffset, SeekOrigin.Begin);
output.Seek(exeFsOffset, SeekOrigin.Begin);
// Create the ExeFS AES cipher for this partition
int ctroffsetE = (int)(mediaUnitSize / 0x10);
byte[] exefsIVWithOffset = AddToByteArray(ncchHeader.ExeFSIV(), ctroffsetE);
var cipher = CreateAESDecryptionCipher(KeysMap[index].NormalKey2C, exefsIVWithOffset);
// Setup and perform the decryption
PerformAESOperation(exeFsSize - mediaUnitSize,
cipher,
input,
output,
(string s) => Console.WriteLine($"\rPartition {index} ExeFS: Decrypting: {s}"));
return true;
}
/// <summary>
/// Decrypt the ExeFS Filename Table
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void DecryptExeFSFilenameTable(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
Stream input,
Stream output)
{
// Get ExeFS offset
uint mediaUnitSize = 0x200;
uint exeFsOffset = GetExeFSOffset(ncchHeader, tableEntry, mediaUnitSize);
if (exeFsOffset == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return;
}
// Decrypt the filename table
ProcessExeFSFilenameTable(ncchHeader, index, tableEntry, encrypt: false, input, output);
// Seek to the ExeFS header
input.Seek(exeFsOffset, SeekOrigin.Begin);
output.Seek(exeFsOffset, SeekOrigin.Begin);
// For all but the original crypto method, process each of the files in the table
if (ncchHeader.Flags!.CryptoMethod != CryptoMethod.Original)
ProcessExeFSFileEntries(ncchHeader, index, tableEntry, encrypt: false, input, output);
Console.WriteLine($"Partition {index} ExeFS: Decrypting: ExeFS Filename Table");
// Decrypt the rest of the ExeFS
ProcessExeFS(ncchHeader, index, tableEntry, encrypt: false, input, output);
// Create the ExeFS AES cipher for this partition
var cipher = CreateAESDecryptionCipher(KeysMap[index].NormalKey2C, ncchHeader.ExeFSIV());
// Process the filename table
PerformAESOperation(mediaUnitSize, cipher, input, output, null);
#if NET6_0_OR_GREATER
// In .NET 6.0, this operation is not picked up by the reader, so we have to force it to reload its buffer
input.Seek(0, SeekOrigin.Begin);
#endif
output.Flush();
}
/// <summary>
/// Decrypt the ExeFS file entries
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void DecryptExeFSFileEntries(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
Stream input,
Stream output)
{
// Get ExeFS offset
uint mediaUnitSize = 0x200;
uint exeFsHeaderOffset = GetExeFSOffset(ncchHeader, tableEntry, mediaUnitSize);
if (exeFsHeaderOffset == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return;
}
// Get to the start of the files
uint exeFsFilesOffset = exeFsHeaderOffset + mediaUnitSize;
input.Seek(exeFsHeaderOffset, SeekOrigin.Begin);
var exefsHeader = N3DSDeserializer.ParseExeFSHeader(input);
// If the header failed to read, log and return
if (exefsHeader == null)
{
Console.WriteLine($"Partition {index} ExeFS header could not be read. Skipping...");
return;
}
foreach (var fileHeader in exefsHeader.FileHeaders!)
{
// Only decrypt a file if it's a code binary
if (fileHeader == null || !fileHeader.IsCodeBinary())
continue;
// Create the ExeFS AES ciphers for this partition
uint ctroffset = (fileHeader.FileOffset + mediaUnitSize) / 0x10;
byte[] exefsIVWithOffsetForHeader = AddToByteArray(ncchHeader.ExeFSIV(), (int)ctroffset);
var firstCipher = CreateAESDecryptionCipher(KeysMap[index].NormalKey, exefsIVWithOffsetForHeader);
var secondCipher = CreateAESEncryptionCipher(KeysMap[index].NormalKey2C, exefsIVWithOffsetForHeader);
// Seek to the file entry
input.Seek(exeFsFilesOffset + fileHeader.FileOffset, SeekOrigin.Begin);
output.Seek(exeFsFilesOffset + fileHeader.FileOffset, SeekOrigin.Begin);
// Setup and perform the encryption
uint exeFsSize = GetExeFSSize(ncchHeader, mediaUnitSize);
PerformAESOperation(exeFsSize,
firstCipher,
secondCipher,
input,
output,
(string s) => Console.WriteLine($"\rPartition {index} ExeFS: Decrypting: {fileHeader.FileName}...{s}"));
}
}
/// <summary>
@@ -440,7 +422,6 @@ namespace NDecrypt.N3DS
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
/// TODO: See how much can be extracted into a common method with Encrypt
private void DecryptRomFS(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
@@ -513,6 +494,77 @@ namespace NDecrypt.N3DS
#region Encrypt
/// <summary>
/// Determine the set of keys to be used for encryption
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
private void SetEncryptionKeys(NCCHHeader ncchHeader, int index)
{
// Get partition-specific values
byte[]? rsaSignature = ncchHeader.RSA2048Signature;
// TODO: Figure out what sane defaults for these values are
// TODO: Can we actually re-encrypt a CIA?
// Set the header to use based on mode
BitMasks masks = BitMasks.NoCrypto; // ciaHeader.BackupHeader.Flags.BitMasks;
CryptoMethod method = CryptoMethod.Original; // ciaHeader.BackupHeader.Flags.CryptoMethod;
// Get the partition keys
KeysMap[index] = new PartitionKeys(_decryptArgs, rsaSignature, masks, method, _development);
}
/// <summary>
/// Encrypt the extended header, if it exists
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private bool EncryptExtendedHeader(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
Stream input,
Stream output)
{
// Get required offsets
uint mediaUnitSize = 0x200;
uint partitionOffset = GetPartitionOffset(tableEntry, mediaUnitSize);
if (partitionOffset == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return false;
}
uint extHeaderSize = GetExtendedHeaderSize(ncchHeader);
if (extHeaderSize == 0)
{
Console.WriteLine($"Partition {index} RomFS: No Extended Header... Skipping...");
return false;
}
// Seek to the extended header
input.Seek(partitionOffset + 0x200, SeekOrigin.Begin);
output.Seek(partitionOffset + 0x200, SeekOrigin.Begin);
Console.WriteLine($"Partition {index} ExeFS: Encrypting: ExHeader");
// Create the Plain AES cipher for this partition
var cipher = CreateAESEncryptionCipher(KeysMap[index].NormalKey2C, ncchHeader.PlainIV());
// Process the extended header
PerformAESOperation(Constants.CXTExtendedDataHeaderLength, cipher, input, output, null);
#if NET6_0_OR_GREATER
// In .NET 6.0, this operation is not picked up by the reader, so we have to force it to reload its buffer
input.Seek(0, SeekOrigin.Begin);
#endif
output.Flush();
return true;
}
/// <summary>
/// Encrypt the ExeFS, if it exists
/// </summary>
@@ -521,29 +573,157 @@ namespace NDecrypt.N3DS
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void EncryptExeFS(NCCHHeader ncchHeader,
private bool EncryptExeFS(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
Stream input,
Stream output)
{
// If the ExeFS size is 0, we log and return
if (ncchHeader.ExeFSSizeInMediaUnits == 0)
// Validate the ExeFS
uint mediaUnitSize = 0x200;
uint exeFsOffset = GetExeFSOffset(ncchHeader, tableEntry, mediaUnitSize) - mediaUnitSize;
if (exeFsOffset == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return;
return false;
}
uint exeFsSize = GetExeFSSize(ncchHeader, mediaUnitSize);
if (exeFsSize == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return false;
}
// TODO: Determine how to figure out the original crypto method, if possible
// For all but the original crypto method, process each of the files in the table
//if (ciaHeader.BackupHeader.Flags.CryptoMethod != CryptoMethod.Original)
// ProcessExeFSFileEntries(ncchHeader, reader, writer);
// EncryptExeFSFileEntries(ncchHeader, index, tableEntry, reader, writer);
// Encrypt the filename table
ProcessExeFSFilenameTable(ncchHeader, index, tableEntry, encrypt: true, input, output);
EncryptExeFSFilenameTable(ncchHeader, index, tableEntry, input, output);
// Encrypt the rest of the ExeFS
ProcessExeFS(ncchHeader, index, tableEntry, encrypt: true, input, output);
// Seek to the ExeFS
input.Seek(exeFsOffset, SeekOrigin.Begin);
output.Seek(exeFsOffset, SeekOrigin.Begin);
// Create the ExeFS AES cipher for this partition
int ctroffsetE = (int)(mediaUnitSize / 0x10);
byte[] exefsIVWithOffset = AddToByteArray(ncchHeader.ExeFSIV(), ctroffsetE);
var cipher = CreateAESEncryptionCipher(KeysMap[index].NormalKey2C, exefsIVWithOffset);
// Setup and perform the decryption
PerformAESOperation(exeFsSize - mediaUnitSize,
cipher,
input,
output,
(string s) => Console.WriteLine($"\rPartition {index} ExeFS: Encrypting: {s}"));
return true;
}
/// <summary>
/// Encrypt the ExeFS Filename Table
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void EncryptExeFSFilenameTable(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
Stream input,
Stream output)
{
// Get ExeFS offset
uint mediaUnitSize = 0x200;
uint exeFsOffset = GetExeFSOffset(ncchHeader, tableEntry, mediaUnitSize);
if (exeFsOffset == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return;
}
// Seek to the ExeFS header
input.Seek(exeFsOffset, SeekOrigin.Begin);
output.Seek(exeFsOffset, SeekOrigin.Begin);
Console.WriteLine($"Partition {index} ExeFS: Encrypting: ExeFS Filename Table");
// Create the ExeFS AES cipher for this partition
var cipher = CreateAESEncryptionCipher(KeysMap[index].NormalKey2C, ncchHeader.ExeFSIV());
// Process the filename table
PerformAESOperation(mediaUnitSize, cipher, input, output, null);
#if NET6_0_OR_GREATER
// In .NET 6.0, this operation is not picked up by the reader, so we have to force it to reload its buffer
input.Seek(0, SeekOrigin.Begin);
#endif
output.Flush();
}
/// <summary>
/// Encrypt the ExeFS file entries
/// </summary>
/// <param name="ncchHeader">NCCH header representing the partition</param>
/// <param name="index">Index of the partition</param>
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
private void EncryptExeFSFileEntries(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,
Stream input,
Stream output)
{
// Get ExeFS offset
uint mediaUnitSize = 0x200;
uint exeFsHeaderOffset = GetExeFSOffset(ncchHeader, tableEntry, mediaUnitSize);
if (exeFsHeaderOffset == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return;
}
// Get to the start of the files
uint exeFsFilesOffset = exeFsHeaderOffset + mediaUnitSize;
input.Seek(exeFsHeaderOffset, SeekOrigin.Begin);
var exefsHeader = N3DSDeserializer.ParseExeFSHeader(input);
// If the header failed to read, log and return
if (exefsHeader == null)
{
Console.WriteLine($"Partition {index} ExeFS header could not be read. Skipping...");
return;
}
foreach (var fileHeader in exefsHeader.FileHeaders!)
{
// Only decrypt a file if it's a code binary
if (fileHeader == null || !fileHeader.IsCodeBinary())
continue;
// Create the ExeFS AES ciphers for this partition
uint ctroffset = (fileHeader.FileOffset + mediaUnitSize) / 0x10;
byte[] exefsIVWithOffsetForHeader = AddToByteArray(ncchHeader.ExeFSIV(), (int)ctroffset);
var firstCipher = CreateAESEncryptionCipher(KeysMap[index].NormalKey, exefsIVWithOffsetForHeader);
var secondCipher = CreateAESDecryptionCipher(KeysMap[index].NormalKey2C, exefsIVWithOffsetForHeader);
// Seek to the file entry
input.Seek(exeFsFilesOffset + fileHeader.FileOffset, SeekOrigin.Begin);
output.Seek(exeFsFilesOffset + fileHeader.FileOffset, SeekOrigin.Begin);
// Setup and perform the encryption
uint exeFsSize = GetExeFSSize(ncchHeader, mediaUnitSize);
PerformAESOperation(exeFsSize,
firstCipher,
secondCipher,
input,
output,
(string s) => Console.WriteLine($"\rPartition {index} ExeFS: Encrypting: {fileHeader.FileName}...{s}"));
}
}
/// <summary>
@@ -554,7 +734,6 @@ namespace NDecrypt.N3DS
/// <param name="tableEntry">PartitionTableEntry header representing the partition</param>
/// <param name="input">Stream representing the input</param>
/// <param name="output">Stream representing the output</param>
/// TODO: See how much can be extracted into a common method with Decrypt
private void EncryptRomFS(NCCHHeader ncchHeader,
int index,
PartitionTableEntry tableEntry,

View File

@@ -237,6 +237,24 @@ namespace NDecrypt.N3DS
return (partitionOffsetMU + exeFsOffsetMU) * cart.MediaUnitSize();
}
/// <summary>
/// Get the offset of a partition ExeFS
/// </summary>
/// <returns>Offset to the ExeFS of the partition, 0 on error</returns>
public static uint GetExeFSOffset(NCCHHeader header,
PartitionTableEntry entry,
uint mediaUnitSize)
{
// If the offset is 0, return 0
uint exeFsOffsetMU = header.ExeFSOffsetInMediaUnits;
if (exeFsOffsetMU == 0)
return 0;
// Return the adjusted offset
uint partitionOffsetMU = entry.Offset;
return (partitionOffsetMU + exeFsOffsetMU) * mediaUnitSize;
}
/// <summary>
/// Get the offset of a partition
/// </summary>
@@ -258,6 +276,22 @@ namespace NDecrypt.N3DS
return partitionOffsetMU * cart.MediaUnitSize();
}
/// <summary>
/// Get the offset of a partition
/// </summary>
/// <returns>Offset to the partition, 0 on error</returns>
public static uint GetPartitionOffset(PartitionTableEntry entry,
uint mediaUnitSize)
{
// Invalid partition table entry means no size is available
if (entry.Offset == 0)
return 0;
// Return the adjusted offset
uint partitionOffsetMU = entry.Offset;
return partitionOffsetMU * mediaUnitSize;
}
/// <summary>
/// Get the offset of a partition RomFS
/// </summary>
@@ -294,6 +328,24 @@ namespace NDecrypt.N3DS
return (partitionOffsetMU + romFsOffsetMU) * cart.MediaUnitSize();
}
/// <summary>
/// Get the offset of a partition RomFS
/// </summary>
/// <returns>Offset to the RomFS of the partition, 0 on error</returns>
public static uint GetRomFSOffset(NCCHHeader header,
PartitionTableEntry entry,
uint mediaUnitSize)
{
// If the offset is 0, return 0
uint romFsOffsetMU = header.RomFSOffsetInMediaUnits;
if (romFsOffsetMU == 0)
return 0;
// Return the adjusted offset
uint partitionOffsetMU = entry.Offset;
return (partitionOffsetMU + romFsOffsetMU - 1) * mediaUnitSize;
}
#endregion
#region Sizes

View File

@@ -147,12 +147,10 @@ namespace NDecrypt.N3DS
/// <param name="output">Stream representing the output</param>
private void ProcessPartition(Cart cart, int index, bool encrypt, Stream input, Stream output)
{
// Determine the Keys to be used
SetEncryptionKeys(cart, index, encrypt);
// If we're encrypting, encrypt the filesystems and update the flags
if (encrypt)
{
SetEncryptionKeys(cart, index);
EncryptExtendedHeader(cart, index, input, output);
EncryptExeFS(cart, index, input, output);
EncryptRomFS(cart, index, input, output);
@@ -162,6 +160,7 @@ namespace NDecrypt.N3DS
// If we're decrypting, decrypt the filesystems and update the flags
else
{
SetDecryptionKeys(cart, index);
DecryptExtendedHeader(cart, index, input, output);
DecryptExeFS(cart, index, input, output);
DecryptRomFS(cart, index, input, output);
@@ -169,13 +168,16 @@ namespace NDecrypt.N3DS
}
}
#endregion
#region Decrypt
/// <summary>
/// Determine the set of keys to be used for encryption or decryption
/// Determine the set of keys to be used for decryption
/// </summary>
/// <param name="cart">Cart representing the 3DS file</param>
/// <param name="index">Index of the partition</param>
/// <param name="encrypt">Indicates if the file should be encrypted or decrypted</param>
private void SetEncryptionKeys(Cart cart, int index, bool encrypt)
private void SetDecryptionKeys(Cart cart, int index)
{
// Get the partition
var partition = cart.Partitions?[index];
@@ -186,28 +188,13 @@ namespace NDecrypt.N3DS
byte[]? rsaSignature = partition.RSA2048Signature;
// Set the header to use based on mode
BitMasks masks;
CryptoMethod method;
if (encrypt)
{
var backupHeader = cart.CardInfoHeader!.InitialData!.BackupHeader;
masks = backupHeader!.Flags!.BitMasks;
method = backupHeader.Flags.CryptoMethod;
}
else
{
masks = partition.Flags!.BitMasks;
method = partition.Flags!.CryptoMethod;
}
BitMasks masks = partition.Flags!.BitMasks;
CryptoMethod method = partition.Flags!.CryptoMethod;
// Get the partition keys
KeysMap[index] = new PartitionKeys(_decryptArgs, rsaSignature, masks, method, _development);
}
#endregion
#region Decrypt
/// <summary>
/// Decrypt the extended header, if it exists
/// </summary>
@@ -261,7 +248,7 @@ namespace NDecrypt.N3DS
/// <param name="output">Stream representing the output</param>
private bool DecryptExeFS(Cart cart, int index, Stream input, Stream output)
{
// Get ExeFS offset
// Validate the ExeFS
uint exeFsOffset = GetExeFSOffset(cart, index);
if (exeFsOffset == 0)
{
@@ -269,6 +256,13 @@ namespace NDecrypt.N3DS
return false;
}
uint exeFsSize = GetExeFSSize(cart, index);
if (exeFsSize == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return false;
}
// Decrypt the filename table
DecryptExeFSFilenameTable(cart, index, input, output);
@@ -286,7 +280,6 @@ namespace NDecrypt.N3DS
var cipher = CreateAESDecryptionCipher(KeysMap[index].NormalKey2C, exefsIVWithOffset);
// Setup and perform the decryption
uint exeFsSize = GetExeFSSize(cart, index);
PerformAESOperation(exeFsSize,
cipher,
input,
@@ -462,6 +455,30 @@ namespace NDecrypt.N3DS
#region Encrypt
/// <summary>
/// Determine the set of keys to be used for encryption
/// </summary>
/// <param name="cart">Cart representing the 3DS file</param>
/// <param name="index">Index of the partition</param>
private void SetEncryptionKeys(Cart cart, int index)
{
// Get the partition
var partition = cart.Partitions?[index];
if (partition == null)
return;
// Get partition-specific values
byte[]? rsaSignature = partition.RSA2048Signature;
// Set the header to use based on mode
var backupHeader = cart.CardInfoHeader!.InitialData!.BackupHeader;
BitMasks masks = backupHeader!.Flags!.BitMasks;
CryptoMethod method = backupHeader.Flags.CryptoMethod;
// Get the partition keys
KeysMap[index] = new PartitionKeys(_decryptArgs, rsaSignature, masks, method, _development);
}
/// <summary>
/// Encrypt the extended header, if it exists
/// </summary>
@@ -515,7 +532,7 @@ namespace NDecrypt.N3DS
/// <param name="output">Stream representing the output</param>
private bool EncryptExeFS(Cart cart, int index, Stream input, Stream output)
{
// Get ExeFS offset
// Validate the ExeFS
uint exeFsOffset = GetExeFSOffset(cart, index);
if (exeFsOffset == 0)
{
@@ -523,6 +540,13 @@ namespace NDecrypt.N3DS
return false;
}
uint exeFsSize = GetExeFSSize(cart, index);
if (exeFsSize == 0)
{
Console.WriteLine($"Partition {index} ExeFS: No Data... Skipping...");
return false;
}
// For all but the original crypto method, process each of the files in the table
var backupHeader = cart.CardInfoHeader!.InitialData!.BackupHeader;
if (backupHeader!.Flags!.CryptoMethod != CryptoMethod.Original)
@@ -541,7 +565,6 @@ namespace NDecrypt.N3DS
var cipher = CreateAESEncryptionCipher(KeysMap[index].NormalKey2C, exefsIVWithOffset);
// Setup and perform the encryption
uint exeFsSize = GetExeFSSize(cart, index);
PerformAESOperation(exeFsSize,
cipher,
input,