diff --git a/source/keys/key_sources.inl b/source/keys/key_sources.inl index effd947..f464db9 100644 --- a/source/keys/key_sources.inl +++ b/source/keys/key_sources.inl @@ -94,9 +94,9 @@ static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = { // from Package1 -> Secure_Monitor static const u8 aes_kek_generation_source[0x10] __attribute__((aligned(4))) = { 0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9}; -static const u8 aes_kek_seed_01[0x10] __attribute__((aligned(4))) = { +static const u8 aes_seal_key_mask_decrypt_device_unique_data[0x10] __attribute__((aligned(4))) = { 0xA2, 0xAB, 0xBF, 0x9C, 0x92, 0x2F, 0xBB, 0xE3, 0x78, 0x79, 0x9B, 0xC0, 0xCC, 0xEA, 0xA5, 0x74}; -static const u8 aes_kek_seed_03[0x10] __attribute__((aligned(4))) = { +static const u8 aes_seal_key_mask_import_es_device_key[0x10] __attribute__((aligned(4))) = { 0xE5, 0x4D, 0x9A, 0x02, 0xF0, 0x4F, 0x5F, 0xA8, 0xAD, 0x76, 0x0A, 0xF6, 0x32, 0x95, 0x59, 0xBB}; static const u8 package2_key_source[0x10] __attribute__((aligned(4))) = { 0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7}; @@ -161,6 +161,8 @@ static const u8 eticket_rsa_kek_source[0x10] __attribute__((aligned(4))) = { 0XDB, 0XA4, 0X51, 0X12, 0X4C, 0XA0, 0XA9, 0X83, 0X68, 0X14, 0XF5, 0XED, 0X95, 0XE3, 0X12, 0X5B}; static const u8 eticket_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = { 0xBE, 0xC0, 0xBC, 0x8E, 0x75, 0xA0, 0xF6, 0x0C, 0x4A, 0x56, 0x64, 0x02, 0x3E, 0xD4, 0x9C, 0xD5}; +static const u8 eticket_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = { + 0x88, 0x87, 0x50, 0x90, 0xA6, 0x2F, 0x75, 0x70, 0xA2, 0xD7, 0x71, 0x51, 0xAE, 0x6D, 0x39, 0x87}; static const u8 eticket_rsa_kekek_source[0x10] __attribute__((aligned(4))) = { 0X46, 0X6E, 0X57, 0XB7, 0X4A, 0X44, 0X7F, 0X02, 0XF3, 0X21, 0XCD, 0XE5, 0X8F, 0X2F, 0X55, 0X35}; diff --git a/source/keys/keys.c b/source/keys/keys.c index 88520c4..399b992 100644 --- a/source/keys/keys.c +++ b/source/keys/keys.c @@ -235,12 +235,12 @@ static void _derive_misc_keys(key_derivation_ctx_t *keys, bool is_dev) { if (_key_exists(keys->master_key[0])) { for (u32 i = 0; i < AES_128_KEY_SIZE; i++) - keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i]; + keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i]; _generate_kek(8, eticket_rsa_kekek_source, keys->master_key[0], keys->temp_key, NULL); se_aes_crypt_block_ecb(8, DECRYPT, keys->eticket_rsa_kek, is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source); for (u32 i = 0; i < AES_128_KEY_SIZE; i++) - keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_01[i]; + keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_decrypt_device_unique_data[i]; _generate_kek(8, ssl_rsa_kek_source_x, keys->master_key[0], keys->temp_key, NULL); se_aes_crypt_block_ecb(8, DECRYPT, keys->ssl_rsa_kek, ssl_rsa_kek_source_y); } @@ -483,7 +483,7 @@ static bool _derive_titlekeys(key_derivation_ctx_t *keys, titlekey_buffer_t *tit if (keypair_generation) { keypair_generation--; for (u32 i = 0; i < AES_128_KEY_SIZE; i++) - keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i]; + keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i]; u32 temp_device_key[AES_128_KEY_SIZE / 4] = {0}; _get_device_key(7, keys, temp_device_key, keypair_generation); _generate_kek(7, eticket_rsa_kekek_source, temp_device_key, keys->temp_key, NULL); @@ -498,8 +498,20 @@ static bool _derive_titlekeys(key_derivation_ctx_t *keys, titlekey_buffer_t *tit // Check public exponent is 65537 big endian if (_read_be_u32(rsa_keypair.public_exponent, 0) != 65537) { - EPRINTF("Invalid public exponent."); - return false; + for (u32 i = 0; i < AES_128_KEY_SIZE; i++) + keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i]; + _generate_kek(8, eticket_rsa_kekek_source, keys->master_key[0], keys->temp_key, NULL); + se_aes_crypt_block_ecb(8, DECRYPT, keys->temp_key, eticket_rsa_kek_source_legacy); + + se_aes_key_set(6, keys->temp_key, sizeof(keys->temp_key)); + se_aes_crypt_ctr(6, &rsa_keypair, sizeof(rsa_keypair), eticket_device_key, sizeof(rsa_keypair), eticket_iv); + + if (_read_be_u32(rsa_keypair.public_exponent, 0) != 65537) { + EPRINTF("Invalid public exponent."); + return false; + } else { + memcpy(keys->eticket_rsa_kek, keys->temp_key, sizeof(keys->eticket_rsa_kek)); + } } if (!_test_key_pair(rsa_keypair.public_exponent, rsa_keypair.private_exponent, rsa_keypair.modulus)) { @@ -702,10 +714,10 @@ static void _save_keys_to_sd(key_derivation_ctx_t *keys, titlekey_buffer_t *titl SAVE_KEY(per_console_key_source); SAVE_KEY(retail_specific_aes_key_source); for (u32 i = 0; i < AES_128_KEY_SIZE; i++) - keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_03[i]; + keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_import_es_device_key[i]; SAVE_KEY_VAR(rsa_oaep_kek_generation_source, keys->temp_key); for (u32 i = 0; i < AES_128_KEY_SIZE; i++) - keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_kek_seed_01[i]; + keys->temp_key[i] = aes_kek_generation_source[i] ^ aes_seal_key_mask_decrypt_device_unique_data[i]; SAVE_KEY_VAR(rsa_private_kek_generation_source, keys->temp_key); SAVE_KEY(save_mac_kek_source); SAVE_KEY_VAR(save_mac_key, keys->save_mac_key);