Skip to content
Permalink
Browse files

PRX Decryption: add support for type 0/1/2/5/6 decryption

  • Loading branch information
DaveeFTW committed Jan 11, 2020
1 parent 78e36ec commit 1d7bbdd006d6c44cae8752b2b91df821389c2fcc

Large diffs are not rendered by default.

@@ -20,8 +20,6 @@
#include "Common/Common.h"
#include "Common/CommonTypes.h"

#define MISSING_KEY -10

#ifdef _MSC_VER
#pragma pack(push, 1)
#endif
@@ -66,5 +64,4 @@ typedef struct
#pragma pack(pop)
#endif

int pspDecryptPRX(const u8 *inbuf, u8 *outbuf, u32 size);

int pspDecryptPRX(const u8 *inbuf, u8 *outbuf, u32 size, const u8 *seed = nullptr);
@@ -1109,7 +1109,7 @@ static Module *__KernelLoadELFFromPtr(const u8 *ptr, size_t elfSize, u32 loadAdd
ptr = newptr;
magicPtr = (u32_le *)ptr;
int ret = pspDecryptPRX(in, (u8*)ptr, head->psp_size);
if (ret == MISSING_KEY) {
if (reportedModule) {
// This should happen for all "kernel" modules.
*error_string = "Missing key";
delete [] newptr;
@@ -1304,7 +1304,7 @@ void xor_128(const unsigned char *a, const unsigned char *b, unsigned char *out)
}

//No IV support!
void AES_cbc_encrypt(AES_ctx *ctx, u8 *src, u8 *dst, int size)
void AES_cbc_encrypt(AES_ctx *ctx, const u8 *src, u8 *dst, int size)
{
u8 block_buff[16];

@@ -1325,7 +1325,7 @@ void AES_cbc_encrypt(AES_ctx *ctx, u8 *src, u8 *dst, int size)
}
}

void AES_cbc_decrypt(AES_ctx *ctx, u8 *src, u8 *dst, int size)
void AES_cbc_decrypt(AES_ctx *ctx, const u8 *src, u8 *dst, int size)
{
u8 block_buff[16];
u8 block_buff_previous[16];
@@ -40,8 +40,8 @@ void rijndael_encrypt(rijndael_ctx *, const u8 *, u8 *);
int AES_set_key(AES_ctx *ctx, const u8 *key, int bits);
void AES_encrypt(AES_ctx *ctx, const u8 *src, u8 *dst);
void AES_decrypt(AES_ctx *ctx, const u8 *src, u8 *dst);
void AES_cbc_encrypt(AES_ctx *ctx, u8 *src, u8 *dst, int size);
void AES_cbc_decrypt(AES_ctx *ctx, u8 *src, u8 *dst, int size);
void AES_cbc_encrypt(AES_ctx *ctx, const u8 *src, u8 *dst, int size);
void AES_cbc_decrypt(AES_ctx *ctx, const u8 *src, u8 *dst, int size);
void AES_CMAC(AES_ctx *ctx, unsigned char *input, int length, unsigned char *mac);

int rijndaelKeySetupEnc(unsigned int [], const unsigned char [], int);
@@ -30,7 +30,7 @@ static u8 kirk_buf[0x0814]; // 1DC0 1DD4

/*************************************************************/

static int kirk4(u8 *buf, int size, int type)
static int do_kirk4(u8 *buf, int size, int type)
{
int retv;
u32 *header = (u32*)buf;
@@ -49,7 +49,7 @@ static int kirk4(u8 *buf, int size, int type)
return 0;
}

static int kirk7(u8 *buf, int size, int type)
static int do_kirk7(u8 *buf, int size, int type)
{
int retv;
u32 *header = (u32*)buf;
@@ -126,7 +126,7 @@ static int sub_158(u8 *buf, int size, u8 *key, int key_type)
buf[0x14+i] ^= key[i];
}

retv = kirk4(buf, size, key_type);
retv = do_kirk4(buf, size, key_type);
if(retv)
return retv;

@@ -213,7 +213,7 @@ int sceDrmBBMacFinal(MAC_KEY *mkey, u8 *buf, u8 *vkey)
kbuf = kirk_buf+0x14;

memset(kbuf, 0, 16);
retv = kirk4(kirk_buf, 16, code);
retv = do_kirk4(kirk_buf, 16, code);
if(retv)
goto _exit;
memcpy(tmp, kbuf, 16);
@@ -277,7 +277,7 @@ int sceDrmBBMacFinal(MAC_KEY *mkey, u8 *buf, u8 *vkey)
if(retv)
goto _exit;

retv = kirk4(kirk_buf, 0x10, code);
retv = do_kirk4(kirk_buf, 0x10, code);
if(retv)
goto _exit;

@@ -290,7 +290,7 @@ int sceDrmBBMacFinal(MAC_KEY *mkey, u8 *buf, u8 *vkey)
}
memcpy(kbuf, tmp1, 16);

retv = kirk4(kirk_buf, 0x10, code);
retv = do_kirk4(kirk_buf, 0x10, code);
if(retv)
goto _exit;

@@ -325,7 +325,7 @@ int sceDrmBBMacFinal2(MAC_KEY *mkey, u8 *out, u8 *vkey)
// decrypt bbmac
if(type==3){
memcpy(kbuf, out, 0x10);
kirk7(kirk_buf, 0x10, 0x63);
do_kirk7(kirk_buf, 0x10, 0x63);
}else{
memcpy(kirk_buf, out, 0x10);
}
@@ -357,7 +357,7 @@ int bbmac_getkey(MAC_KEY *mkey, u8 *bbmac, u8 *vkey)
// decrypt bbmac
if(type==3){
memcpy(kbuf, bbmac, 0x10);
kirk7(kirk_buf, 0x10, 0x63);
do_kirk7(kirk_buf, 0x10, 0x63);
}else{
memcpy(kirk_buf, bbmac, 0x10);
}
@@ -366,7 +366,7 @@ int bbmac_getkey(MAC_KEY *mkey, u8 *bbmac, u8 *vkey)
memcpy(kbuf, tmp1, 16);

code = (type==2)? 0x3A : 0x38;
kirk7(kirk_buf, 0x10, code);
do_kirk7(kirk_buf, 0x10, code);

for(i=0; i<0x10; i++){
vkey[i] = tmp[i] ^ kirk_buf[i];
@@ -385,7 +385,7 @@ static int sub_1F8(u8 *buf, int size, u8 *key, int key_type)
// copy last 16 bytes to tmp
memcpy(tmp, buf+size+0x14-16, 16);

retv = kirk7(buf, size, key_type);
retv = do_kirk7(buf, size, key_type);
if(retv)
return retv;

@@ -414,7 +414,7 @@ static int sub_428(u8 *kbuf, u8 *dbuf, int size, CIPHER_KEY *ckey)
if(ckey->type==2)
retv = kirk8(kbuf, 16);
else
retv = kirk7(kbuf, 16, 0x39);
retv = do_kirk7(kbuf, 16, 0x39);
if(retv)
return retv;

@@ -491,7 +491,7 @@ int sceDrmBBCipherInit(CIPHER_KEY *ckey, int type, int mode, u8 *header_key, u8
for(i=0; i<16; i++){
kbuf[i] ^= loc_1CE4[i];
}
retv = kirk4(kirk_buf, 0x10, 0x39);
retv = do_kirk4(kirk_buf, 0x10, 0x39);
for(i=0; i<16; i++){
kbuf[i] ^= loc_1CF4[i];
}
@@ -221,6 +221,20 @@ int kirk_CMD4(u8* outbuff, u8* inbuff, int size)
return KIRK_OPERATION_SUCCESS;
}

void kirk4(u8* outbuff, const u8* inbuff, size_t size, int keyId)
{
AES_ctx aesKey;
u8* key = kirk_4_7_get_key(keyId);

if (key == (u8*)KIRK_INVALID_SIZE)
{
return;
}

AES_set_key(&aesKey, key, 128);
AES_cbc_encrypt(&aesKey, inbuff, outbuff, size);
}

int kirk_CMD7(u8* outbuff, u8* inbuff, int size)
{
KIRK_AES128CBC_HEADER *header = (KIRK_AES128CBC_HEADER*)inbuff;
@@ -241,6 +255,20 @@ int kirk_CMD7(u8* outbuff, u8* inbuff, int size)
return KIRK_OPERATION_SUCCESS;
}

void kirk7(u8* outbuff, const u8* inbuff, size_t size, int keyId)
{
AES_ctx aesKey;
u8* key = kirk_4_7_get_key(keyId);

if (key == (u8*)KIRK_INVALID_SIZE)
{
return;
}

AES_set_key(&aesKey, key, 128);
AES_cbc_decrypt(&aesKey, inbuff, outbuff, size);
}

int kirk_CMD10(u8* inbuff, int insize)
{
KIRK_CMD1_HEADER* header = (KIRK_CMD1_HEADER*)inbuff;
@@ -208,6 +208,10 @@ int kirk_CMD17(u8* inbuff, int insize);
int kirk_init(); //CMD 0xF?
int kirk_init2(u8 *, u32, u32, u32);

// overhead free functions
void kirk4(u8* outbuff, const u8* inbuff, size_t size, int keyId);
void kirk7(u8* outbuff, const u8* inbuff, size_t size, int keyId);

//helper funcs
u8* kirk_4_7_get_key(int key_type);

0 comments on commit 1d7bbdd

Please sign in to comment.
You can’t perform that action at this time.