The .h3 file has one SHA-1 hash for every 256 MB of data.
The final H4 hash is stored in the TMD content entry and is equal to
the SHA-1 hash of the .h3 file.
Copied over the main getopt_long() parser from wadresign.
Moved the actual resigning code to resign-nus.cpp.
Allow resigning from debug to retail. This won't use fakesigning; instead,
the signature will be overwritten with 0xD15EA5ED, and the ECDH data will
be overwritten with 0xFEEDFACE.
Syntax: `nusresign title.tik title.tmd`
The title.cert file must be replaced manually at the moment.
Tickets and TMDs downloaded directly from the Nintendo CDN have a
partial certificate chain (CA and CP/XS) appended to them. These
certificates are replaced with the correct ones if they're found.
This uses the existing libwiicrypto library, which has been extended
to support Wii U:
- Added the Wii U debug and retail common keys.
- Added the vWii debug common key, though it isn't used by anything
right now. (Some infrastructure has been added to detect it, but I
can't really test it because vWii isn't officially supported on
Wii U devkits.)
- cert_realsign_ticket() and cert_realsign_ticketOrTMD() have been
combined into a single function, cert_realsign_ticketOrTMD(), since
they're basically the same (except for the data size).
- cert_realsign_ticketOrTMD() now checks the signature type field to
determine what type of hash to use in the signature.
- cert_fakesign_*(): Verify that the signature is RSA2048 with SHA-1.
Wii U doesn't have the fakesign bug, so fake signing is useless there.
For re-signing to retail when using CFW, we should just zero out the
signature without doing any sort of fakesigning brute-forcing.
- Renamed rsaw_sha1_sign() to rsaw_rsa2048_sign() and added a parameter
to indicate use of SHA-256 instead of SHA-1.
- sig_recrypt_ticket(): Added Wii U issuers and keys.
- sig_recrypt_ticket_WUP(): Wrapper that casts WUP_Ticket* to
RVL_Ticket*. The tickets aren't exactly the same, but the title key
and issuer fields are in the same place in both of them.
- wii_structs.h:
- Removed unnecessary struct packing.
- Changed `uint8_t ticket_id[0x08]` to `uint64_t`.
- Changed `uint8_t console_id[4]` to `uint32_t console_id`.
The Wii U tools have p and q, but not a, b, and c. These can be calculated
at runtime, so we don't need to have them here.
Tested by converting a retail WAD to debug and verifying the signature.
TODO: Handle this flag when implementing Wii U support at some point.
Flipping this flag is needed in order to convert a disc title to an
installable title and vice-versa.
This reduces the clutter in cert_store.c.
bin2h.c: Based on bin2h from Nintendont, but with some changes to make
it work better for libwiicrypto.
The .cert files are converted from binary format to .h format during
the build.
NOTE: All certificates aside from the root certificate are used in the
original format found on their respective Nintendo systems. The root
certificates use a dummy format that's similar, but different. (The
original systems had the moduluses and exponents stored directly without
using a certificate format.)
The constants for Wii U certificates use WUP_ prefixes, though they're
still part of the same RVL_ enums.
Wii U uses new certificate types with SHA-256 hashes. The corresponding
functions have been updated to support SHA-256.
cert_store.c: Reordered certificates such that RVL Debug is first,
followed by RVL Retail, then WUP Debug.
CertVerifyTest: Added tests for the ticket, TMD, and SP certs.
TODO:
- Add the Root Wii U DPKI certificate.
- Add the Wii U DPKI keys.
- Add the PPKI certificates.
- Add 3DS certificates? (Same CAs as Wii U.)
- What is the SP certificate used for?
dpki and ppki have unique root certificates, so in order to properly
verify certificates, we have to store each of them. They both have
the name "Root", so we use other methods to distinguish them.
Renamed "Retail" issuers to "ppki" and "Debug" issuers to "dpki"
internally, which matches how Nintendo refers to them.
(devel pki, prod pki)
Renamed the "dev" certificate to "MS" (Mastering Server).
cert_verify(): Split the actual verification code into a separate
function. This makes it easier to verify Root certificates, since we
can't get the PKI specification here. Both Root certificates will
be tested, and if one of them succeeds, it'll verify.
- TODO: Maybe add a PKI specification to prevent cases where it's
signed by the wrong Root certificate? This isn't likely, since
the Root keys for both PKIs aren't public.
Added a placeholder for the DPKI Root certificate.
CertVerifyTest: Added a test for DPKI Root CA. Note that it currently
fails because we don't have the DPKI Root certificate.
Otherwise, if the output format is specified, then recrypt key is ignored.
This fixes e.g. converting Devkit Menu 1.00 from BWF Debug to WAD Retail
in a single step.
- It ends up using MinGW-w64's getopt_long() instead of our version,
which doesn't support TCHAR.
- Linking is failing due to multiple definitions of various inline
functions in the Windows headers.
Otherwise, it might end up writing gigabytes nearly "instantaneously",
but the actual writes only occur when the program exits (rvthtool) or
the RVT-H Reader is closed (qrvthtool).
TODO: Windows equivalent; check other systems.
In file included from C:/projects/rvthtool/extlib/googletest/googletest/include/gtest/internal/gtest-internal.h:40:0,
from C:/projects/rvthtool/extlib/googletest/googletest/include/gtest/gtest.h:58,
from C:\projects\rvthtool\extlib\googletest\googletest\src\gtest-all.cc:39:
C:/projects/rvthtool/extlib/googletest/googletest/include/gtest/internal/gtest-port.h:1782:3: error: 'AutoHandle' does not name a type
AutoHandle thread_;
^~~~~~~~~~
It's technically supported in both wadresign and rvthtool, but rvthtool
doesn't allow using the vWii common key for encryption because it doesn't
make sense to recrypt a disc image to vWii.
FIXME: Is there a debug vWii common key?
TODO: A lot of vWii WADs are incorrectly encrypted using the retail
common key, even though the ticket's key index is set correctly.
Add an option to fix the encryption.
- Changed several macros to functions, e.g. C/C++ language version checks.
- Improved CPU architecture detection.
- Improved LFS detection on some *BSD platforms.
- Preliminary support for Windows on ARM.
- Added toolchain files for i686 and x86_64 MinGW-w64.
If no parameters are specified, the encryption key is changed, but
the format is kept the same. This also applies if the encrpytion key
is specified but the format is not.
If the format is specified but the key is not specified, then only
the format is changed.
Stupid logic errors for wad->wad, wad->bwf, etc. due to hard-to-understand
comparisons instead of using boolean logic.
All of my local tests work now.
TODO: Handle the meta and crl sections better.
