A9LH support, clarity fixes

Author: execfera

agb_inject/gen_rom.py

@@ -14,7 +14,7 @@
     print("Use Python3.")
 savename = input("Type in the save's name: ")
 outname = input("Type in the output cia's name: ")
-savetype = int(input("Type in the save type: "))
+savetype = int(input("Type in the save type (0: SRAM, 1: Flash, 2: EEPROM): "))
 titleid = input("Type in the title id of the game you wish to inject: ")
 os.mkdir(ScriptPath + "tmp")
 try:

source/decryptor/nand.c

@@ -3,6 +3,7 @@
 #include "hid.h"
 #include "platform.h"
 #include "decryptor/aes.h"
+#include "decryptor/sha.h"
 #include "decryptor/decryptor.h"
 #include "decryptor/nand.h"
 #include "fatfs/sdmmc.h"
@@ -105,6 +106,86 @@ static inline int WriteNandSectors(u32 sector_no, u32 numsectors, u8 *in)
     } else return sdmmc_nand_writesectors(sector_no, numsectors, in);
 }
 
+u32 SetupNandCrypto(u8* ctr, u32 offset)
+{
+    static bool initial_setup_done = false;
+    static u8 CtrNandCtr[16];
+    //static u8 TwlNandCtr[16];
+    
+    if (!initial_setup_done) {
+        // CTRNAND
+        u8 NandCid[16];
+        u8 shasum[32];
+        
+        sdmmc_get_cid( 1, (uint32_t*) NandCid);
+        sha_init(SHA256_MODE);
+        sha_update(NandCid, 16);
+        sha_get(shasum);
+        memcpy(CtrNandCtr, shasum, 16);
+        
+        /*sha_init(SHA1_MODE);
+        sha_update(NandCid, 16);
+        sha_get(shasum);
+        for(u32 i = 0; i < 16; i++) // little endian and reversed order
+            TwlNandCtr[i] = shasum[15-i];
+        
+        Debug("NAND CID: %08X%08X%08X%08X", getbe32(NandCid), getbe32(NandCid+4), getbe32(NandCid+8), getbe32(NandCid+12));
+        
+        // part #2: TWL KEY
+        // see: https://www.3dbrew.org/wiki/Memory_layout#ARM9_ITCM
+        u32* TwlCustId = (u32*) (0x01FFB808+8);
+        u8 TwlKeyX[16];
+        u8 TwlKeyY[16];
+        
+        Debug("TWL Customer ID: %08X%08X", TwlCustId[0], TwlCustId[1]);
+        
+        // see source from https://gbatemp.net/threads/release-twltool-dsi-downgrading-save-injection-etc-multitool.393488/
+        const char* nintendo = "NINTENDO";
+        u32* TwlKeyXW = (u32*) TwlKeyX;
+        TwlKeyXW[0] = (TwlCustId[0] ^ 0xB358A6AF) | 0x80000000;
+        TwlKeyXW[3] = TwlCustId[1] ^ 0x08C267B7;
+        memcpy(TwlKeyX + 4, nintendo, 8);
+        
+        // see: https://www.3dbrew.org/wiki/Memory_layout#ARM9_ITCM
+        u32 TwlKeyYW3 = 0xE1A00005;
+        memcpy(TwlKeyY, (u8*) 0x01FFD3C8, 12);
+        memcpy(TwlKeyY + 12, &TwlKeyYW3, 4);
+        
+        setup_aeskeyX(0x03, TwlKeyX);
+        setup_aeskeyY(0x03, TwlKeyY);
+        Debug("0x03 KeyX: %08X%08X%08X%08X", getbe32(TwlKeyX), getbe32(TwlKeyX+4), getbe32(TwlKeyX+8), getbe32(TwlKeyX+12));
+        Debug("0x03 KeyY: %08X%08X%08X%08X", getbe32(TwlKeyY), getbe32(TwlKeyY+4), getbe32(TwlKeyY+8), getbe32(TwlKeyY+12));
+        
+        // part #3: CTRNAND N3DS KEY
+        while (GetUnitPlatform() == PLATFORM_N3DS) {
+            u8 CtrNandKeyY[16];
+            
+            if (!FileOpen("slot0x05KeyY.bin")) {
+                Debug("0x05 KeyY: not set, slot0x05KeyY.bin not found");
+                break;
+            }
+            if (FileRead(CtrNandKeyY, 16, 0) != 16) {
+                Debug("0x05 KeyY: not set, bad file");
+                FileClose();
+                break;
+            }
+            FileClose();
+            
+            setup_aeskeyY(0x05, CtrNandKeyY);
+            Debug("0x05 KeyY: %08X%08X%08X%08X", getbe32(CtrNandKeyY), getbe32(CtrNandKeyY+4), getbe32(CtrNandKeyY+8), getbe32(CtrNandKeyY+12));
+            break;
+        }*/
+        
+        initial_setup_done = true;
+    }
+    
+    // get the correct CTR and increment counter
+    memcpy(ctr, CtrNandCtr, 16);
+    add_ctr(ctr, offset / 0x10);
+
+    return 0;
+}
+
 u32 OutputFileNameSelector(char* filename, const char* basename, char* extension, bool emuname) {
     char bases[3][64] = { 0 };
     char* dotpos = NULL;
@@ -404,7 +485,7 @@ u32 GetNandCtr(u8* ctr, u32 offset)
 u32 DecryptNandToMem(u8* buffer, u32 offset, u32 size, PartitionInfo* partition)
 {
     CryptBufferInfo info = {.keyslot = partition->keyslot, .setKeyY = 0, .size = size, .buffer = buffer, .mode = partition->mode};
-    if(GetNandCtr(info.ctr, offset) != 0)
+    if(SetupNandCrypto(info.ctr, offset) != 0)
         return 1;
 
     u32 n_sectors = (size + NAND_SECTOR_SIZE - 1) / NAND_SECTOR_SIZE;
@@ -668,23 +749,23 @@ u32 DumpAgbSave(u32 parm)
     memcpy(&Saveadder, Header + (sizeof(u8) * 0x50), sizeof(u32));
     char *Magic = ".SAV";
     if (Saveadder != 0x200 || memcmp(Magic, Header, 4)) {
-        Debug("The Agb_save partiton is corrupted.");
-        Debug("Did you run an Agb_firm game?");
+        Debug("The AGBSAVE partition is corrupted.");
+        Debug("Did you run a GBA VC game?");
         return 1;
     }
     u32 Savesize;
     memcpy(&Savesize, Header + (sizeof(u8) * 0x54), sizeof(u32));
     u32 Titleid;
     memcpy(&Titleid, Header + 0x38, 4);
-    Debug("Title id %08x", Titleid);
+    Debug("Title ID: %08x", Titleid);
     if (Savesize == 32768) {
-        Debug("Use save type 0");
+        Debug("Use save type 0: SRAM");
     } else if (Savesize == 65536) {
-	Debug("Use save type 1");
+	Debug("Use save type 1: Flash");
     } else if (Savesize == 0x2000) {
-	Debug("Use save type 2");
+	Debug("Use save type 2: EEPROM");
     } else {
-        Debug("Injecton support for this game is not yet ready");
+        Debug("Injection support for this game is not yet ready");
     }
     if (Savesize == 0x2000) {
         u8* buffer = BUFFER_ADDRESS;

source/draw.h

@@ -40,10 +40,10 @@
 	#define TOP_SCREEN1 TOP_SCREEN0
 	#define BOT_SCREEN1 BOT_SCREEN0
 #elif defined(EXEC_BOOTSTRAP)
-	#define TOP_SCREEN0 (u8*)(0x20000000)
-	#define TOP_SCREEN1 (u8*)(0x20046500)
-	#define BOT_SCREEN0 (u8*)(0x2008CA00)
-	#define BOT_SCREEN1 (u8*)(0x200C4E00)
+	#define TOP_SCREEN0 (u8*)(*(u32*)0x23FFFE00)
+	#define TOP_SCREEN1 (u8*)(*(u32*)0x23FFFE00)
+	#define BOT_SCREEN0 (u8*)(*(u32*)0x23FFFE08)
+	#define BOT_SCREEN1 (u8*)(*(u32*)0x23FFFE08)
 #else
 	#error "Unknown execution method"
 #endif

source/fatfs/sdmmc.c

@@ -618,3 +618,45 @@ void sdmmc_sdcard_init()
 	SD_Init();
 	DEBUGPRINT(topScreen, "sd_res ", sd_res, 10, 20 + 4*8, RGB(40, 40, 40), RGB(208, 208, 208));
 }
+
+int sdmmc_get_cid( int isNand, uint32_t *info)
+{
+	struct mmcdevice *device;
+	if(isNand)
+		device = &handelNAND;
+	else
+		device = &handelSD;
+	
+	inittarget(device);
+	// use cmd7 to put sd card in standby mode
+	// CMD7
+	{
+		sdmmc_send_command(device,0x10507,0);
+		//if((device->error & 0x4)) return -1;
+	}
+
+	// get sd card info
+	// use cmd10 to read CID
+	{
+		sdmmc_send_command(device,0x1060A,device->initarg << 0x10);
+		//if((device->error & 0x4)) return -2;
+
+		for( int i = 0; i < 4; ++i ) {
+			info[i] = device->ret[i];
+		}
+	}
+
+	// put sd card back to transfer mode
+	// CMD7
+	{
+		sdmmc_send_command(device,0x10507,device->initarg << 0x10);
+		//if((device->error & 0x4)) return -3;
+	}
+
+	if(isNand)
+	{
+		inittarget(&handelSD);
+	}
+	
+	return 0;
+}

source/fatfs/sdmmc.h

@@ -130,6 +130,8 @@ extern "C" {
 
 	int sdmmc_nand_readsectors(uint32_t sector_no, uint32_t numsectors, uint8_t *out);
 	int sdmmc_nand_writesectors(uint32_t sector_no, uint32_t numsectors, uint8_t *in);
+    
+    int sdmmc_get_cid( int isNand, uint32_t *info);
 
 	mmcdevice *getMMCDevice(int drive);