from .common import * from .keys import * from .ctr_tik import tikReader from .ctr_tmd import TMDReader class CDNReader: def __init__(self, content_files, tmd, tik='', dev=0): content_files.sort(key=lambda h: int(h.split('.')[0], 16)) self.content_files = content_files self.tmd = tmd self.tik = tik self.dev = dev self.tmd_read = TMDReader(tmd, dev) if tik != '': # If ticket is present, parse ticket to get titlekey self.tik_read = tikReader(tik, dev) self.titlekey = self.tik_read.titlekey else: # Use titlekey generation algorithm if self.tmd_read.titleID[3:5] == '48': if self.tmd_read.titleID in [ '000480044b424145', '000480044b474e4a', '000480044b4f514a', '000480044b524e45', '000480044b54394a', '000480044b594945', ]: pw = '5037' elif self.tmd_read.titleID in [ '00048005484e4443', '00048005484e444b', ]: pw = 'redsst' else: pw = 'mypass' self.titlekey = hextobytes(CTR.titlekey_gen(self.tmd_read.titleID, pw)) else: for i in self.content_files: for name, info in self.tmd_read.files.items(): if name.split('.')[1] == i: file = (i, info['iv']) break self.titlekey = b'' for i in ['mypass', 'password', 'nintendo', 'redsst']: titlekey = hextobytes(CTR.titlekey_gen(self.tmd_read.titleID, i)) cipher = AES.new(titlekey, AES.MODE_CBC, iv=file[1]) with open(file[0], 'rb') as f: magic = cipher.decrypt(f.read(0x110))[0x100:0x104] try: if magic.decode('utf-8') == 'NCCH': self.titlekey = titlekey break except UnicodeDecodeError: continue if self.titlekey == b'': raise Exception('Could not generate valid titlekey') def decrypt(self): for i in self.content_files: for name, info in self.tmd_read.files.items(): if name.split('.')[1] == i: # CDN files are named as contentID f = open(i, 'rb') g = open(name, 'wb') cipher = AES.new(self.titlekey, AES.MODE_CBC, iv=info['iv']) for data in read_chunks(f, info['size']): g.write(cipher.decrypt(data)) f.close() g.close() print(f'Decrypted {i} to {name}') break def verify(self): tmd = self.tmd_read.verify(no_print=1) hash_check = tmd[0] for i in self.content_files: for name, info in self.tmd_read.files.items(): if name.split('.')[1] == i: f = open(i, 'rb') name2 = '.'.join(name.split('.')[:-1]) # Remove extension so printout is short enough to be aligned h = hashlib.sha256() cipher = AES.new(self.titlekey, AES.MODE_CBC, iv=info['iv']) for data in read_chunks(f, info['size']): h.update(cipher.decrypt(data)) f.close() hash_check.append((name2, h.digest() == info['hash'])) break sig_check = [] if self.tik != '': sig_check += self.tik_read.verify(no_print=1) sig_check += tmd[1] print('Hashes:') for i in hash_check: print(' > {0:15} {1:4}'.format(i[0] + ':', 'GOOD' if i[1] else 'FAIL')) print('Signatures:') for i in sig_check: print(' > {0:15} {1:4}'.format(i[0] + ':', 'GOOD' if i[1] else 'FAIL')) def __str__(self): if self.tik != '': tik = 'Ticket:\n' + ''.join([' ' + i + '\n' for i in self.tik_read.__str__().split('\n')]) else: tik = '' tmd = ''.join([' ' + i + '\n' for i in self.tmd_read.__str__().split('\n')]) return ( f'{tik}' f'TMD:\n' f'{tmd[:-1]}' # Remove last '\n' ) class CDNBuilder: def __init__(self, content_files=[], tik='', tmd='', dev=0, out_tik='tik_new'): ''' content_files: list containing filenames of content files, which must each be named '[content index in hex, 4 chars].[contentID in hex, 8 chars].[ncch/nds]' Certificate chain will be appended at the end of the following files: - tik: path to ticket (optional) - tmd: path to tmd dev: 0 or 1 (if 1, use dev-crypto for ticket titlekey) out_tik: path to output ticket with cert chain appended ''' content_files.sort(key=lambda h: int(h.split('.')[0], 16)) self.content_files = content_files self.tmd = tmd self.tik = tik self.dev = dev self.tmd_read = TMDReader(tmd, dev) if tik != '': # If ticket is present, parse ticket to get titlekey self.tik_read = tikReader(tik, dev) self.titlekey = self.tik_read.titlekey else: # Use titlekey generation algorithm self.titlekey = hextobytes(CTR.titlekey_gen(self.tmd_read.titleID, 'mypass')) # Encrypt content files for i in self.content_files: info = self.tmd_read.files[i] name = i.split('.')[1] # CDN files are named as contentID f = open(i, 'rb') g = open(name, 'wb') cipher = AES.new(self.titlekey, AES.MODE_CBC, iv=info['iv']) for data in read_chunks(f, info['size']): g.write(cipher.encrypt(data)) f.close() g.close() print(f'Wrote to {name}') # Append certificate chain to end of tmd (and tik) name = f'tmd.{self.tmd_read.hdr.title_ver}' with open(name, 'wb') as f: with open(tmd, 'rb') as g: f.write(g.read()) if dev == 0: with open(os.path.join(resources_dir, 'CP0000000b.cert'), 'rb') as g: f.write(g.read()) with open(os.path.join(resources_dir, 'CA00000003.cert'), 'rb') as g: f.write(g.read()) elif dev == 1: with open(os.path.join(resources_dir, 'CP0000000a.cert'), 'rb') as g: f.write(g.read()) with open(os.path.join(resources_dir, 'CA00000004.cert'), 'rb') as g: f.write(g.read()) print(f'Wrote to {name}') if self.tik != '': with open(f'{out_tik}', 'wb') as f: with open(tik, 'rb') as g: f.write(g.read()) if dev == 0: with open(os.path.join(resources_dir, 'XS0000000c.cert'), 'rb') as g: f.write(g.read()) with open(os.path.join(resources_dir, 'CA00000003.cert'), 'rb') as g: f.write(g.read()) elif dev == 1: with open(os.path.join(resources_dir, 'XS00000009.cert'), 'rb') as g: f.write(g.read()) with open(os.path.join(resources_dir, 'CA00000004.cert'), 'rb') as g: f.write(g.read()) print(f'Wrote to {out_tik}')