From 57f5a6c07eea0ae67a1d6bf55a5de38177cd1c6f Mon Sep 17 00:00:00 2001
From: Lillian Skinner <56081713+rvtr@users.noreply.github.com>
Date: Sun, 10 Dec 2023 21:03:31 -0500
Subject: [PATCH]

---
 decrypt_tad.py | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/decrypt_tad.py b/decrypt_tad.py
index c200c2d..3f1c14d 100644
--- a/decrypt_tad.py
+++ b/decrypt_tad.py
@@ -4,14 +4,9 @@ from binascii import hexlify, unhexlify
 from Crypto.Cipher import AES #pip install pycryptodome
 import sys
 
-def generate_key(string):
-    key_hex = int(string, 16)
-    key_add = int(b"1" * 32, 16)
-    combine = key_hex + key_add
-    return unhexlify(b"%032X" % combine)
-
-dsi_common_key = generate_key(b"9E0AE40596F6C109D934873DF3631750")
-wii_debug_key = generate_key(b"904F39596012A4189D7ADB21B705EB99")
+dsi_common_key = unhexlify(b"%032X" % 0xAF1BF516A807D21AEA45984F04742861)      # DSi common key
+debugger_common_key = unhexlify(b"%032X" % 0xA2FDDDF2E423574AE7ED8657B5AB19D3) # DSi debugger common key (used for `maketad.updater` TADs)
+wii_debug_key = unhexlify(b"%032X" % 0xA1604A6A7123B529AE8BEC32C816FCAA)       # Wii debug key
 
 def align(val): #Tads have 64-byte alignment between sections
     return val + (64 - (val % 64))
@@ -75,6 +70,8 @@ with open(sys.argv[1], "rb") as f:
 
     obj = AES.new(dsi_common_key, AES.MODE_CBC, title_id)
     dsi_dec_title_key = obj.decrypt(enc_title_key)
+    obj = AES.new(debugger_common_key, AES.MODE_CBC, title_id)
+    debugger_dec_title_key = obj.decrypt(enc_title_key)
     obj = AES.new(wii_debug_key, AES.MODE_CBC, title_id)
     wii_dec_title_key = obj.decrypt(enc_title_key)
 
@@ -95,6 +92,21 @@ with open(sys.argv[1], "rb") as f:
             o.write(decrypted_content.read())
         sys.exit(1)
 
+    obj = AES.new(debugger_dec_title_key, AES.MODE_CBC, b"\x00" * 16)
+    decrypted_content = BytesIO(obj.decrypt(content.read()))
+    content.seek(0)
+    decrypted_content.seek(0x15) #reserved bytes
+    if decrypted_content.read(7) == b"\x00" * 7: #this is an srl
+        decrypted_content.seek(0xC)
+        print("Debugger Common Key Used")
+        game_code = decrypted_content.read(6).decode("UTF-8") #for export filename
+        print("Game Code: %s" % game_code)
+        decrypted_content.seek(0)
+        print("Output file name: %s.srl" % game_code)
+        with open("%s.srl" % game_code, "wb") as o:
+            o.write(decrypted_content.read())
+        sys.exit(1)
+
     obj = AES.new(wii_dec_title_key, AES.MODE_CBC, b"\x00" * 16)
     decrypted_content = BytesIO(obj.decrypt(content.read()))
     content.seek(0)
@@ -110,4 +122,4 @@ with open(sys.argv[1], "rb") as f:
             o.write(decrypted_content.read())
         sys.exit(1)
 
-    raise BaseException("Was not able to decrypt the content, oops")
+    raise BaseException("Was not able to decrypt the content, oops")
\ No newline at end of file