Upgrade BDK

source/keys/key_sources.inl

@@ -14,7 +14,20 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-// Sha256 hash of the null string.
+
+#define KB_FIRMWARE_VERSION_100_200 0
+#define KB_FIRMWARE_VERSION_300 1
+#define KB_FIRMWARE_VERSION_301 2
+#define KB_FIRMWARE_VERSION_400 3
+#define KB_FIRMWARE_VERSION_500 4
+#define KB_FIRMWARE_VERSION_600 5
+#define KB_FIRMWARE_VERSION_620 6
+#define KB_FIRMWARE_VERSION_700 7
+#define KB_FIRMWARE_VERSION_810 8
+#define KB_FIRMWARE_VERSION_900 9
+#define KB_FIRMWARE_VERSION_910 10
+#define KB_FIRMWARE_VERSION_MAX KB_FIRMWARE_VERSION_910
+
 static const u8 null_hash[0x20] __attribute__((aligned(4))) = {
     0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
     0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C, 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55};

source/keys/keys.c

@@ -1,11 +1,12 @@
 #include "keys.h"
 
-#include "../config.h"
-#include <display/di.h>
-#include <gfx_utils.h>
-#include "../hos/pkg1.h"
-#include "../hos/pkg2.h"
-#include "../hos/sept.h"
+#include <libs/fatfs/ff.h>
+#include <storage/nx_sd.h>
+#include <storage/sdmmc.h>
+#include <utils/btn.h>
+#include <utils/list.h>
+#include <utils/sprintf.h>
+#include <utils/util.h>
 #include <libs/fatfs/ff.h>
 #include <mem/heap.h>
 #include <mem/mc.h>
@@ -17,18 +18,14 @@
 #include <soc/fuse.h>
 #include <mem/smmu.h>
 #include <soc/t210.h>
+#include <display/di.h>
+#include <gfx_utils.h>
+#include "../config.h"
 #include "../storage/emummc.h"
-#include "../storage/nx_emmc.h"
-#include "../storage/nx_emmc_bis.h"
-#include <storage/nx_sd.h>
-#include <storage/sdmmc.h>
-#include <utils/btn.h>
-#include <utils/list.h>
-#include <utils/sprintf.h>
-#include <utils/util.h>
 #include "../gfx/gfx.h"
 #include "../tegraexplorer/tconf.h"
 #include "../storage/mountmanager.h"
+#include "../storage/nx_emmc.h"
 
 #include "key_sources.inl"
 
@@ -37,6 +34,24 @@
 extern hekate_config h_cfg;
 
 #define DPRINTF(x)
+#define TSEC_KEY_DATA_OFFSET 0x300
+#define PKG1_MAX_SIZE  0x40000
+#define PKG1_OFFSET    0x100000
+#define KEYBLOB_OFFSET 0x180000
+
+typedef struct _bl_hdr_t210b01_t
+{
+	u8  aes_mac[0x10];
+	u8  rsa_sig[0x100];
+	u8  salt[0x20];
+	u8  sha256[0x20];
+	u32 version;
+	u32 size;
+	u32 load_addr;
+	u32 entrypoint;
+	u8  rsvd[0x10];
+} bl_hdr_t210b01_t;
+
 
 static int  _key_exists(const void *data) { return memcmp(data, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0; };
 
@@ -175,7 +190,7 @@ static int _derive_master_keys_from_keyblobs(key_derivation_ctx_t *keys) {
     return false;
 }
 
-static bool _derive_tsec_keys(tsec_ctxt_t *tsec_ctxt, u32 kb, key_derivation_ctx_t *keys) {
+static bool _derive_tsec_keys(tsec_ctxt_t *tsec_ctxt, key_derivation_ctx_t *keys) {
     tsec_ctxt->fw = _find_tsec_fw(tsec_ctxt->pkg1);
     if (!tsec_ctxt->fw) {
         DPRINTF("Unable to locate TSEC firmware.");
@@ -195,7 +210,7 @@ static bool _derive_tsec_keys(tsec_ctxt_t *tsec_ctxt, u32 kb, key_derivation_ctx
 
     mc_disable_ahb_redirect();
 
-    while (tsec_query(keys->tsec_keys, kb, tsec_ctxt) < 0) {
+    while (tsec_query(keys->tsec_keys, tsec_ctxt) < 0) {
         memset(keys->tsec_keys, 0, sizeof(keys->tsec_keys));
         retries++;
         if (retries > 15) {
@@ -204,7 +219,7 @@ static bool _derive_tsec_keys(tsec_ctxt_t *tsec_ctxt, u32 kb, key_derivation_ctx
         }
     }
 
-    mc_enable_ahb_redirect();
+    mc_enable_ahb_redirect(false);
 
     if (res < 0) {
         //EPRINTFARGS("ERROR %x dumping TSEC.\n", res);
@@ -214,7 +229,7 @@ static bool _derive_tsec_keys(tsec_ctxt_t *tsec_ctxt, u32 kb, key_derivation_ctx
     return true;
 }
 
-static ALWAYS_INLINE u8 *_read_pkg1(const pkg1_id_t **pkg1_id) {
+static ALWAYS_INLINE u8 *_read_pkg1() {
 
     /*
     if (emummc_storage_init_mmc(&emmc_storage, &emmc_sdmmc)) {
@@ -237,15 +252,9 @@ static ALWAYS_INLINE u8 *_read_pkg1(const pkg1_id_t **pkg1_id) {
     }
 
     u32 pk1_offset = h_cfg.t210b01 ? sizeof(bl_hdr_t210b01_t) : 0; // Skip T210B01 OEM header.
-    *pkg1_id = pkg1_identify(pkg1 + pk1_offset);
-    if (!*pkg1_id) {
-        DPRINTF("Unknown pkg1 version.\n Make sure you have the latest Lockpick_RCM.\n If a new firmware version just came out,\n Lockpick_RCM must be updated.\n Check Github for new release.");
-        //gfx_hexdump(0, pkg1 + pk1_offset, 0x20);
-        char pkg1txt[16] = {0};
-        memcpy(pkg1txt, pkg1 + pk1_offset + 0x10, 14);
-        gfx_printf("Unknown pkg1 version\nMake sure you have the latest version of TegraExplorer\n\nPKG1: '%s'\n", pkg1txt);
-        return NULL;
-    }
+    char *pkg1txt = calloc(16, 1);
+    memcpy(pkg1txt, pkg1 + pk1_offset + 0x10, 14);
+    TConf.pkg1ID = pkg1txt;
 
     return pkg1;
 }
@@ -256,20 +265,16 @@ int DumpKeys(){
     if (h_cfg.t210b01) // i'm not even attempting to dump on mariko
         return 2;
 
-    const pkg1_id_t *pkg1_id;
-    u8 *pkg1 = _read_pkg1(&pkg1_id);
+    u8 *pkg1 = _read_pkg1();
     if (!pkg1) {
         return 1;
     }
 
-    TConf.pkg1ID = pkg1_id->id;
-    TConf.pkg1ver = (u8)pkg1_id->kb;
-
     bool res = true;
 
     tsec_ctxt_t tsec_ctxt;
     tsec_ctxt.pkg1 = pkg1;
-    res =_derive_tsec_keys(&tsec_ctxt, pkg1_id->kb, &dumpedKeys);
+    res =_derive_tsec_keys(&tsec_ctxt, &dumpedKeys);
     
     free(pkg1);
     if (res == false) {

source/keys/keys.h

@@ -1,6 +1,8 @@
 #pragma once
 #include <utils/types.h>
-#include "../hos/hos.h"
+
+#define HOS_PKG11_MAGIC 0x31314B50
+#define HOS_EKS_MAGIC   0x30534B45
 
 #define AES_128_KEY_SIZE 16
 #define RSA_2048_KEY_SIZE 256
@@ -86,6 +88,23 @@ typedef struct {
     keyblob_t keyblob;
 } key_derivation_ctx_t;
 
+typedef struct _tsec_key_data_t
+{
+	u8 debug_key[0x10];
+	u8 blob0_auth_hash[0x10];
+	u8 blob1_auth_hash[0x10];
+	u8 blob2_auth_hash[0x10];
+	u8 blob2_aes_iv[0x10];
+	u8 hovi_eks_seed[0x10];
+	u8 hovi_common_seed[0x10];
+	u32 blob0_size;
+	u32 blob1_size;
+	u32 blob2_size;
+	u32 blob3_size;
+	u32 blob4_size;
+	u8 reserved[0x7C];
+} tsec_key_data_t;
+
 int DumpKeys();
 void PrintKey(u8 *key, u32 len);