From ee1b0db1308b3bd2ba49cfcf5e3116048a50a949 Mon Sep 17 00:00:00 2001 From: CTCaer Date: Tue, 6 Jan 2026 22:49:09 +0200 Subject: [PATCH] hekate/nyx: update aes calls based on new bdk --- bootloader/hos/hos.c | 24 ++++++++-------- bootloader/hos/pkg1.c | 4 +-- bootloader/hos/pkg2.c | 12 ++++---- nyx/nyx_gui/frontend/gui_tools.c | 5 ++-- nyx/nyx_gui/hos/hos.c | 49 ++++++++++++++------------------ nyx/nyx_gui/hos/pkg1.c | 4 +-- nyx/nyx_gui/hos/pkg2.c | 10 +++---- 7 files changed, 51 insertions(+), 57 deletions(-) diff --git a/bootloader/hos/hos.c b/bootloader/hos/hos.c index 593efb2a..c70c833e 100644 --- a/bootloader/hos/hos.c +++ b/bootloader/hos/hos.c @@ -166,7 +166,7 @@ static void _hos_eks_get() // Decrypt EKS blob. hos_eks_mbr_t *eks = (hos_eks_mbr_t *)(mbr + 0x80); - se_aes_crypt_ecb(14, DECRYPT, eks, sizeof(hos_eks_mbr_t), eks, sizeof(hos_eks_mbr_t)); + se_aes_crypt_ecb(14, DECRYPT, eks, eks, sizeof(hos_eks_mbr_t)); // Check if valid and for this unit. if (eks->magic == HOS_EKS_MAGIC && eks->lot0 == FUSE(FUSE_OPT_LOT_CODE_0)) @@ -227,7 +227,7 @@ static void _hos_eks_save() // Encrypt EKS blob. u8 *eks = malloc(sizeof(hos_eks_mbr_t)); memcpy(eks, h_cfg.eks, sizeof(hos_eks_mbr_t)); - se_aes_crypt_ecb(14, ENCRYPT, eks, sizeof(hos_eks_mbr_t), eks, sizeof(hos_eks_mbr_t)); + se_aes_crypt_ecb(14, ENCRYPT, eks, eks, sizeof(hos_eks_mbr_t)); // Write EKS blob to SD. memcpy(mbr + 0x80, eks, sizeof(hos_eks_mbr_t)); @@ -262,7 +262,7 @@ static void _hos_eks_clear(u32 mkey) // Encrypt EKS blob. u8 *eks = malloc(sizeof(hos_eks_mbr_t)); memcpy(eks, h_cfg.eks, sizeof(hos_eks_mbr_t)); - se_aes_crypt_ecb(14, ENCRYPT, eks, sizeof(hos_eks_mbr_t), eks, sizeof(hos_eks_mbr_t)); + se_aes_crypt_ecb(14, ENCRYPT, eks, eks, sizeof(hos_eks_mbr_t)); // Write EKS blob to SD. memcpy(mbr + 0x80, eks, sizeof(hos_eks_mbr_t)); @@ -406,7 +406,7 @@ static int _hos_keygen(pkg1_eks_t *eks, u32 mkey, tsec_ctxt_t *tsec_ctxt, bool s else { // Decrypt eks and set keyslots. - se_aes_crypt_block_ecb(12, DECRYPT, tsec_keys.tmp, eks_keyseeds[0]); + se_aes_crypt_ecb(12, DECRYPT, tsec_keys.tmp, eks_keyseeds[0], SE_KEY_128_SIZE); se_aes_unwrap_key(15, 14, tsec_keys.tmp); // Derive device keys. @@ -442,7 +442,7 @@ static int _hos_keygen(pkg1_eks_t *eks, u32 mkey, tsec_ctxt_t *tsec_ctxt, bool s else { // Decrypt eks and set keyslots for Exosphere 2. - se_aes_crypt_block_ecb(12, DECRYPT, tsec_keys.tmp, eks_keyseeds[0]); + se_aes_crypt_ecb(12, DECRYPT, tsec_keys.tmp, eks_keyseeds[0], SE_KEY_128_SIZE); se_aes_unwrap_key(15, 14, tsec_keys.tmp); // Derive device keys. @@ -469,9 +469,9 @@ static int _hos_keygen(pkg1_eks_t *eks, u32 mkey, tsec_ctxt_t *tsec_ctxt, bool s se_aes_key_set(13, tsec_keys.tsec, SE_KEY_128_SIZE); // Derive eks keys from TSEC+SBK. - se_aes_crypt_block_ecb(13, DECRYPT, tsec_keys.tsec, eks_keyseeds[0]); + se_aes_crypt_ecb(13, DECRYPT, tsec_keys.tsec, eks_keyseeds[0], SE_KEY_128_SIZE); se_aes_unwrap_key(15, 14, tsec_keys.tsec); - se_aes_crypt_block_ecb(13, DECRYPT, tsec_keys.tsec, eks_keyseeds[mkey]); + se_aes_crypt_ecb(13, DECRYPT, tsec_keys.tsec, eks_keyseeds[mkey], SE_KEY_128_SIZE); se_aes_unwrap_key(13, 14, tsec_keys.tsec); // Clear SBK. @@ -481,21 +481,21 @@ static int _hos_keygen(pkg1_eks_t *eks, u32 mkey, tsec_ctxt_t *tsec_ctxt, bool s // Verify eks CMAC. u8 cmac[SE_KEY_128_SIZE]; se_aes_unwrap_key(11, 13, cmac_keyseed); - se_aes_cmac(cmac, SE_KEY_128_SIZE, 11, (void *)eks->ctr, sizeof(eks->ctr) + sizeof(eks->keys)); + se_aes_hash_cmac(cmac, SE_KEY_128_SIZE, 11, (void *)eks->ctr, sizeof(eks->ctr) + sizeof(eks->keys)); if (!memcmp(eks->cmac, cmac, SE_KEY_128_SIZE)) return 0; */ - se_aes_crypt_block_ecb(13, DECRYPT, tsec_keys.tsec, cmac_keyseed); + se_aes_crypt_ecb(13, DECRYPT, tsec_keys.tsec, cmac_keyseed, SE_KEY_128_SIZE); se_aes_unwrap_key(11, 13, cmac_keyseed); // Decrypt eks and set keyslots. - se_aes_crypt_ctr(13, &eks->keys, sizeof(eks_keys_t), &eks->keys, sizeof(eks_keys_t), eks->ctr); + se_aes_crypt_ctr(13, &eks->keys, &eks->keys, sizeof(eks_keys_t), eks->ctr); se_aes_key_set(11, eks->keys.package1_key, SE_KEY_128_SIZE); se_aes_key_set(12, eks->keys.master_kekseed, SE_KEY_128_SIZE); se_aes_key_set(13, eks->keys.master_kekseed, SE_KEY_128_SIZE); - se_aes_crypt_block_ecb(12, DECRYPT, tsec_keys.tsec, master_keyseed_retail); + se_aes_crypt_ecb(12, DECRYPT, tsec_keys.tsec, master_keyseed_retail, SE_KEY_128_SIZE); if (!is_exo) { @@ -839,7 +839,7 @@ void hos_launch(ini_sec_t *cfg) if (h_cfg.t210b01) { u32 bek_vector[4] = {0}; - se_aes_crypt_ecb(13, ENCRYPT, bek_vector, SE_KEY_128_SIZE, bek_vector, SE_KEY_128_SIZE); + se_aes_crypt_ecb(13, ENCRYPT, bek_vector, bek_vector, SE_KEY_128_SIZE); if (bek_vector[0] == 0x59C14895) // Encrypted zeroes first 32bits. EPRINTF("Pkg1 corrupt?"); else diff --git a/bootloader/hos/pkg1.c b/bootloader/hos/pkg1.c index 4471fcf3..b4e471c3 100644 --- a/bootloader/hos/pkg1.c +++ b/bootloader/hos/pkg1.c @@ -205,7 +205,7 @@ int pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1) u8 *pkg11 = pkg1 + id->pkg11_off; u32 pkg11_size = *(u32 *)pkg11; hdr = (pk11_hdr_t *)(pkg11 + 0x20); - se_aes_crypt_ctr(11, hdr, pkg11_size, hdr, pkg11_size, pkg11 + 0x10); + se_aes_crypt_ctr(11, hdr, hdr, pkg11_size, pkg11 + 0x10); } else { @@ -216,7 +216,7 @@ int pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1) // Use BEK for T210B01. // Additionally, skip 0x20 bytes from decryption to maintain the header. se_aes_iv_clear(13); - se_aes_crypt_cbc(13, DECRYPT, pkg1 + 0x20, oem_hdr->size - 0x20, pkg1 + 0x20, oem_hdr->size - 0x20); + se_aes_crypt_cbc(13, DECRYPT, pkg1 + 0x20, pkg1 + 0x20, oem_hdr->size - 0x20); } // Return if header is valid. diff --git a/bootloader/hos/pkg2.c b/bootloader/hos/pkg2.c index b13b3b4e..8b77a93e 100644 --- a/bootloader/hos/pkg2.c +++ b/bootloader/hos/pkg2.c @@ -708,7 +708,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 mkey, bool is_exo) u8 tmp_mkey[SE_KEY_128_SIZE]; // Decrypt 7.0.0 encrypted mkey. - se_aes_crypt_ecb(!is_exo ? 7 : 13, DECRYPT, tmp_mkey, SE_KEY_128_SIZE, mkey_vector_7xx, SE_KEY_128_SIZE); + se_aes_crypt_ecb(!is_exo ? 7 : 13, DECRYPT, tmp_mkey, mkey_vector_7xx, SE_KEY_128_SIZE); // Set and unwrap pkg2 key. se_aes_key_set(9, tmp_mkey, SE_KEY_128_SIZE); @@ -718,7 +718,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 mkey, bool is_exo) } // Decrypt header. - se_aes_crypt_ctr(pkg2_keyslot, hdr, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr); + se_aes_crypt_ctr(pkg2_keyslot, hdr, hdr, sizeof(pkg2_hdr_t), hdr); if (hdr->magic != PKG2_MAGIC) return NULL; @@ -730,7 +730,7 @@ DPRINTF("sec %d has size %08X\n", i, hdr->sec_size[i]); if (!hdr->sec_size[i]) continue; - se_aes_crypt_ctr(pkg2_keyslot, pdata, hdr->sec_size[i], pdata, hdr->sec_size[i], &hdr->sec_ctr[i * SE_AES_IV_SIZE]); + se_aes_crypt_ctr(pkg2_keyslot, pdata, pdata, hdr->sec_size[i], &hdr->sec_ctr[i * SE_AES_IV_SIZE]); pdata += hdr->sec_size[i]; } @@ -776,7 +776,7 @@ DPRINTF("adding kip1 '%s' @ %08X (%08X)\n", (char *)ki->kip1->name, (u32)ki->kip { hdr->sec_size[PKG2_SEC_INI1] = ini1_size; hdr->sec_off[PKG2_SEC_INI1] = 0x14080000; - se_aes_crypt_ctr(8, ini1, ini1_size, ini1, ini1_size, &hdr->sec_ctr[PKG2_SEC_INI1 * SE_AES_IV_SIZE]); + se_aes_crypt_ctr(8, ini1, ini1, ini1_size, &hdr->sec_ctr[PKG2_SEC_INI1 * SE_AES_IV_SIZE]); } else { @@ -854,7 +854,7 @@ DPRINTF("%s @ %08X (%08X)\n", is_meso ? "Mesosphere": "kernel",(u32)ctxt->kernel kernel_size += ini1_size; } hdr->sec_size[PKG2_SEC_KERNEL] = kernel_size; - se_aes_crypt_ctr(pkg2_keyslot, pdst, kernel_size, pdst, kernel_size, &hdr->sec_ctr[PKG2_SEC_KERNEL * SE_AES_IV_SIZE]); + se_aes_crypt_ctr(pkg2_keyslot, pdst, pdst, kernel_size, &hdr->sec_ctr[PKG2_SEC_KERNEL * SE_AES_IV_SIZE]); pdst += kernel_size; DPRINTF("kernel encrypted\n"); @@ -878,7 +878,7 @@ DPRINTF("INI1 encrypted\n"); // Encrypt header. *(u32 *)hdr->ctr = 0x100 + sizeof(pkg2_hdr_t) + kernel_size + ini1_size; hdr->ctr[4] = key_ver; - se_aes_crypt_ctr(pkg2_keyslot, hdr, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr); + se_aes_crypt_ctr(pkg2_keyslot, hdr, hdr, sizeof(pkg2_hdr_t), hdr); memset(hdr->ctr, 0 , SE_AES_IV_SIZE); *(u32 *)hdr->ctr = 0x100 + sizeof(pkg2_hdr_t) + kernel_size + ini1_size; hdr->ctr[4] = key_ver; diff --git a/nyx/nyx_gui/frontend/gui_tools.c b/nyx/nyx_gui/frontend/gui_tools.c index 4f445d3e..4e011605 100644 --- a/nyx/nyx_gui/frontend/gui_tools.c +++ b/nyx/nyx_gui/frontend/gui_tools.c @@ -1286,7 +1286,7 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn) if (h_cfg.t210b01) { se_aes_iv_clear(13); - se_aes_crypt_cbc(13, DECRYPT, bct + 0x480, BCT_SIZE - 0x480, bct + 0x480, BCT_SIZE - 0x480); + se_aes_crypt_cbc(13, DECRYPT, bct + 0x480, bct + 0x480, BCT_SIZE - 0x480); emmcsn_path_impl(path, bct_paths[idx], "bct_decr.bin", &emmc_storage); if (sd_save_to_file(bct, 0x2800, path)) goto out; @@ -1341,8 +1341,7 @@ static lv_res_t _create_window_dump_pk12_tool(lv_obj_t *btn) { se_aes_iv_clear(13); - se_aes_crypt_cbc(13, DECRYPT, warmboot + 0x330, hdr_pk11->wb_size - 0x330, - warmboot + 0x330, hdr_pk11->wb_size - 0x330); + se_aes_crypt_cbc(13, DECRYPT, warmboot + 0x330, warmboot + 0x330, hdr_pk11->wb_size - 0x330); emmcsn_path_impl(path, pkg1_paths[idx], "warmboot_dec.bin", &emmc_storage); if (sd_save_to_file(warmboot, hdr_pk11->wb_size, path)) goto out; diff --git a/nyx/nyx_gui/hos/hos.c b/nyx/nyx_gui/hos/hos.c index 2f46f26d..18741643 100644 --- a/nyx/nyx_gui/hos/hos.c +++ b/nyx/nyx_gui/hos/hos.c @@ -208,7 +208,7 @@ static void _hos_eks_get() // Decrypt EKS blob. hos_eks_mbr_t *eks = (hos_eks_mbr_t *)(mbr + 0x80); - se_aes_crypt_ecb(14, DECRYPT, eks, sizeof(hos_eks_mbr_t), eks, sizeof(hos_eks_mbr_t)); + se_aes_crypt_ecb(14, DECRYPT, eks, eks, sizeof(hos_eks_mbr_t)); // Check if valid and for this unit. if (eks->magic == HOS_EKS_MAGIC && eks->lot0 == FUSE(FUSE_OPT_LOT_CODE_0)) @@ -269,7 +269,7 @@ static void _hos_eks_save() // Encrypt EKS blob. u8 *eks = malloc(sizeof(hos_eks_mbr_t)); memcpy(eks, h_cfg.eks, sizeof(hos_eks_mbr_t)); - se_aes_crypt_ecb(14, ENCRYPT, eks, sizeof(hos_eks_mbr_t), eks, sizeof(hos_eks_mbr_t)); + se_aes_crypt_ecb(14, ENCRYPT, eks, eks, sizeof(hos_eks_mbr_t)); // Write EKS blob to SD. memcpy(mbr + 0x80, eks, sizeof(hos_eks_mbr_t)); @@ -304,7 +304,7 @@ void hos_eks_clear(u32 mkey) // Encrypt EKS blob. u8 *eks = malloc(sizeof(hos_eks_mbr_t)); memcpy(eks, h_cfg.eks, sizeof(hos_eks_mbr_t)); - se_aes_crypt_ecb(14, ENCRYPT, eks, sizeof(hos_eks_mbr_t), eks, sizeof(hos_eks_mbr_t)); + se_aes_crypt_ecb(14, ENCRYPT, eks, eks, sizeof(hos_eks_mbr_t)); // Write EKS blob to SD. memcpy(mbr + 0x80, eks, sizeof(hos_eks_mbr_t)); @@ -423,7 +423,7 @@ int hos_keygen(pkg1_eks_t *eks, u32 mkey, tsec_ctxt_t *tsec_ctxt) } // Decrypt eks and set keyslots. - se_aes_crypt_block_ecb(12, DECRYPT, tsec_keys.tmp, eks_keyseeds[0]); + se_aes_crypt_ecb(12, DECRYPT, tsec_keys.tmp, eks_keyseeds[0], SE_KEY_128_SIZE); se_aes_unwrap_key(15, 14, tsec_keys.tmp); // Derive device keys. @@ -447,7 +447,7 @@ int hos_keygen(pkg1_eks_t *eks, u32 mkey, tsec_ctxt_t *tsec_ctxt) se_aes_key_set(13, tsec_keys.tsec_root, SE_KEY_128_SIZE); // Decrypt eks and set keyslots. - se_aes_crypt_block_ecb(12, DECRYPT, tsec_keys.tmp, eks_keyseeds[0]); + se_aes_crypt_ecb(12, DECRYPT, tsec_keys.tmp, eks_keyseeds[0], SE_KEY_128_SIZE); se_aes_unwrap_key(15, 14, tsec_keys.tmp); // Derive device keys. @@ -469,30 +469,30 @@ int hos_keygen(pkg1_eks_t *eks, u32 mkey, tsec_ctxt_t *tsec_ctxt) se_aes_key_set(13, tsec_keys.tsec, SE_KEY_128_SIZE); // Derive eks keys from TSEC+SBK. - se_aes_crypt_block_ecb(13, DECRYPT, tsec_keys.tsec, eks_keyseeds[0]); + se_aes_crypt_ecb(13, DECRYPT, tsec_keys.tsec, eks_keyseeds[0], SE_KEY_128_SIZE); se_aes_unwrap_key(15, 14, tsec_keys.tsec); - se_aes_crypt_block_ecb(13, DECRYPT, tsec_keys.tsec, eks_keyseeds[mkey]); + se_aes_crypt_ecb(13, DECRYPT, tsec_keys.tsec, eks_keyseeds[mkey], SE_KEY_128_SIZE); se_aes_unwrap_key(13, 14, tsec_keys.tsec); /* // Verify eks CMAC. u8 cmac[SE_KEY_128_SIZE]; se_aes_unwrap_key(11, 13, cmac_keyseed); - se_aes_cmac(cmac, SE_KEY_128_SIZE, 11, (void *)eks->ctr, sizeof(eks->ctr) + sizeof(eks->keys)); + se_aes_hash_cmac(cmac, SE_KEY_128_SIZE, 11, (void *)eks->ctr, sizeof(eks->ctr) + sizeof(eks->keys)); if (!memcmp(eks->cmac, cmac, SE_KEY_128_SIZE)) return 0; */ - se_aes_crypt_block_ecb(13, DECRYPT, tsec_keys.tsec, cmac_keyseed); + se_aes_crypt_ecb(13, DECRYPT, tsec_keys.tsec, cmac_keyseed, SE_KEY_128_SIZE); se_aes_unwrap_key(11, 13, cmac_keyseed); // Decrypt eks and set keyslots. - se_aes_crypt_ctr(13, &eks->keys, sizeof(eks_keys_t), &eks->keys, sizeof(eks_keys_t), eks->ctr); + se_aes_crypt_ctr(13, &eks->keys, &eks->keys, sizeof(eks_keys_t), eks->ctr); se_aes_key_set(11, eks->keys.package1_key, SE_KEY_128_SIZE); se_aes_key_set(12, eks->keys.master_kekseed, SE_KEY_128_SIZE); se_aes_key_set(13, eks->keys.master_kekseed, SE_KEY_128_SIZE); - se_aes_crypt_block_ecb(12, DECRYPT, tsec_keys.tsec, master_keyseed_retail); + se_aes_crypt_ecb(12, DECRYPT, tsec_keys.tsec, master_keyseed_retail, SE_KEY_128_SIZE); switch (mkey) { @@ -531,12 +531,11 @@ static void _hos_validate_mkey() do { mkey_idx--; - se_aes_crypt_ecb(7, DECRYPT, tmp_mkey, SE_KEY_128_SIZE, mkey_vectors[mkey_idx], SE_KEY_128_SIZE); + se_aes_crypt_ecb(7, DECRYPT, tmp_mkey, mkey_vectors[mkey_idx], SE_KEY_128_SIZE); for (u32 idx = 0; idx < mkey_idx; idx++) { - se_aes_key_clear(2); se_aes_key_set(2, tmp_mkey, SE_KEY_128_SIZE); - se_aes_crypt_ecb(2, DECRYPT, tmp_mkey, SE_KEY_128_SIZE, mkey_vectors[mkey_idx - 1 - idx], SE_KEY_128_SIZE); + se_aes_crypt_ecb(2, DECRYPT, tmp_mkey, mkey_vectors[mkey_idx - 1 - idx], SE_KEY_128_SIZE); } if (!memcmp(tmp_mkey, "\x00\x00\x00\x00\x00\x00\x00\x00", 8)) @@ -593,19 +592,17 @@ int hos_bis_keygen() do { mkey_idx--; - se_aes_crypt_ecb(7, DECRYPT, tmp_mkey, SE_KEY_128_SIZE, mkey_vectors[mkey_idx], SE_KEY_128_SIZE); + se_aes_crypt_ecb(7, DECRYPT, tmp_mkey, mkey_vectors[mkey_idx], SE_KEY_128_SIZE); for (u32 idx = 0; idx < mkey_idx; idx++) { - se_aes_key_clear(2); se_aes_key_set(2, tmp_mkey, SE_KEY_128_SIZE); - se_aes_crypt_ecb(2, DECRYPT, tmp_mkey, SE_KEY_128_SIZE, mkey_vectors[mkey_idx - 1 - idx], SE_KEY_128_SIZE); + se_aes_crypt_ecb(2, DECRYPT, tmp_mkey, mkey_vectors[mkey_idx - 1 - idx], SE_KEY_128_SIZE); } } while (memcmp(tmp_mkey, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0 && (mkey_idx - 1)); // Derive new device key. - se_aes_key_clear(1); se_aes_unwrap_key(1, 10, new_console_keyseed[keygen_rev]); // Uses Device key 4x. - se_aes_crypt_ecb(10, DECRYPT, tmp_mkey, SE_KEY_128_SIZE, new_console_keyseed[keygen_rev], SE_KEY_128_SIZE); // Uses Device key 4x. + se_aes_crypt_ecb(10, DECRYPT, tmp_mkey, new_console_keyseed[keygen_rev], SE_KEY_128_SIZE); // Uses Device key 4x. se_aes_unwrap_key(1, 2, new_console_kekseed[keygen_rev]); // Uses Master Key 0. se_aes_unwrap_key(1, 1, tmp_mkey); @@ -613,29 +610,27 @@ int hos_bis_keygen() } // Generate generic key. - se_aes_key_clear(2); se_aes_unwrap_key(2, console_key_slot, gen_keyseed_retail); // Clear bis keys storage. memset(bis_keys, 0, SE_KEY_128_SIZE * 6); // Generate BIS 0 Keys. - se_aes_crypt_block_ecb(2, DECRYPT, bis_keys + (0 * SE_KEY_128_SIZE), bis_keyseed[0]); - se_aes_crypt_block_ecb(2, DECRYPT, bis_keys + (1 * SE_KEY_128_SIZE), bis_keyseed[1]); + se_aes_crypt_ecb(2, DECRYPT, bis_keys + (0 * SE_KEY_128_SIZE), bis_keyseed[0], SE_KEY_128_SIZE); + se_aes_crypt_ecb(2, DECRYPT, bis_keys + (1 * SE_KEY_128_SIZE), bis_keyseed[1], SE_KEY_128_SIZE); // Generate generic kek. - se_aes_key_clear(2); se_aes_unwrap_key(2, console_key_slot, gen_kekseed); se_aes_unwrap_key(2, 2, bis_kekseed); se_aes_unwrap_key(2, 2, gen_keyseed); // Generate BIS 1 Keys. - se_aes_crypt_block_ecb(2, DECRYPT, bis_keys + (2 * SE_KEY_128_SIZE), bis_keyseed[2]); - se_aes_crypt_block_ecb(2, DECRYPT, bis_keys + (3 * SE_KEY_128_SIZE), bis_keyseed[3]); + se_aes_crypt_ecb(2, DECRYPT, bis_keys + (2 * SE_KEY_128_SIZE), bis_keyseed[2], SE_KEY_128_SIZE); + se_aes_crypt_ecb(2, DECRYPT, bis_keys + (3 * SE_KEY_128_SIZE), bis_keyseed[3], SE_KEY_128_SIZE); // Generate BIS 2/3 Keys. - se_aes_crypt_block_ecb(2, DECRYPT, bis_keys + (4 * SE_KEY_128_SIZE), bis_keyseed[4]); - se_aes_crypt_block_ecb(2, DECRYPT, bis_keys + (5 * SE_KEY_128_SIZE), bis_keyseed[5]); + se_aes_crypt_ecb(2, DECRYPT, bis_keys + (4 * SE_KEY_128_SIZE), bis_keyseed[4], SE_KEY_128_SIZE); + se_aes_crypt_ecb(2, DECRYPT, bis_keys + (5 * SE_KEY_128_SIZE), bis_keyseed[5], SE_KEY_128_SIZE); // Validate key because HOS_MKEY_VER_MAX. if (!h_cfg.t210b01) diff --git a/nyx/nyx_gui/hos/pkg1.c b/nyx/nyx_gui/hos/pkg1.c index 4617f63e..5d52300e 100644 --- a/nyx/nyx_gui/hos/pkg1.c +++ b/nyx/nyx_gui/hos/pkg1.c @@ -96,7 +96,7 @@ int pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1) u8 *pkg11 = pkg1 + id->pkg11_off; u32 pkg11_size = *(u32 *)pkg11; hdr = (pk11_hdr_t *)(pkg11 + 0x20); - se_aes_crypt_ctr(11, hdr, pkg11_size, hdr, pkg11_size, pkg11 + 0x10); + se_aes_crypt_ctr(11, hdr, hdr, pkg11_size, pkg11 + 0x10); } else { @@ -107,7 +107,7 @@ int pkg1_decrypt(const pkg1_id_t *id, u8 *pkg1) // Use BEK for T210B01. // Additionally, skip 0x20 bytes from decryption to maintain the header. se_aes_iv_clear(13); - se_aes_crypt_cbc(13, DECRYPT, pkg1 + 0x20, oem_hdr->size - 0x20, pkg1 + 0x20, oem_hdr->size - 0x20); + se_aes_crypt_cbc(13, DECRYPT, pkg1 + 0x20, pkg1 + 0x20, oem_hdr->size - 0x20); } // Return if header is valid. diff --git a/nyx/nyx_gui/hos/pkg2.c b/nyx/nyx_gui/hos/pkg2.c index 48ecf0a8..bc851c8c 100644 --- a/nyx/nyx_gui/hos/pkg2.c +++ b/nyx/nyx_gui/hos/pkg2.c @@ -123,13 +123,13 @@ static const u8 mkey_vector_7xx[HOS_MKEY_VER_MAX - HOS_MKEY_VER_810 + 1][SE_KEY_ static bool _pkg2_key_unwrap_validate(pkg2_hdr_t *tmp_test, pkg2_hdr_t *hdr, u8 src_slot, u8 *mkey, const u8 *key_seed) { // Decrypt older encrypted mkey. - se_aes_crypt_ecb(src_slot, DECRYPT, mkey, SE_KEY_128_SIZE, key_seed, SE_KEY_128_SIZE); + se_aes_crypt_ecb(src_slot, DECRYPT, mkey, key_seed, SE_KEY_128_SIZE); // Set and unwrap pkg2 key. se_aes_key_set(9, mkey, SE_KEY_128_SIZE); se_aes_unwrap_key(9, 9, package2_keyseed); // Decrypt header. - se_aes_crypt_ctr(9, tmp_test, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr); + se_aes_crypt_ctr(9, tmp_test, hdr, sizeof(pkg2_hdr_t), hdr); // Return if header is valid. return (tmp_test->magic == PKG2_MAGIC); @@ -150,7 +150,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 mkey) pdata += sizeof(pkg2_hdr_t); // Check if we need to decrypt with newer mkeys. Valid for THK for 7.0.0 and up. - se_aes_crypt_ctr(8, &mkey_test, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr); + se_aes_crypt_ctr(8, &mkey_test, hdr, sizeof(pkg2_hdr_t), hdr); if (mkey_test.magic == PKG2_MAGIC) goto key_found; @@ -197,7 +197,7 @@ pkg2_hdr_t *pkg2_decrypt(void *data, u8 mkey) key_found: // Decrypt header. - se_aes_crypt_ctr(pkg2_keyslot, hdr, sizeof(pkg2_hdr_t), hdr, sizeof(pkg2_hdr_t), hdr); + se_aes_crypt_ctr(pkg2_keyslot, hdr, hdr, sizeof(pkg2_hdr_t), hdr); if (hdr->magic != PKG2_MAGIC) return NULL; @@ -209,7 +209,7 @@ DPRINTF("sec %d has size %08X\n", i, hdr->sec_size[i]); if (!hdr->sec_size[i]) continue; - se_aes_crypt_ctr(pkg2_keyslot, pdata, hdr->sec_size[i], pdata, hdr->sec_size[i], &hdr->sec_ctr[i * SE_AES_IV_SIZE]); + se_aes_crypt_ctr(pkg2_keyslot, pdata, pdata, hdr->sec_size[i], &hdr->sec_ctr[i * SE_AES_IV_SIZE]); pdata += hdr->sec_size[i]; }