Fix nand mounting on dev 3ds (#254)

* Fix nand mounting on dev 3ds

* Fix bad Slot 3 Key Y for 3DS Dev TWL partition

Author: Lorenzooone

arm7/source/main.c

@@ -146,10 +146,17 @@ int main() {
 		my_i2cWriteRegister(0x4A, 0x71, byteBak);
 	}
 
-	if (isDSiMode() || ((REG_SCFG_EXT & BIT(17)) && (REG_SCFG_EXT & BIT(18)))) {
-		u8 *out=(u8*)0x02F00000;
-		memset(out, 0, 16);
+	u8 *out=(u8*)0x02F00000;
+
+	if (isDSiMode()) {
+		memset(out, 0, 17);
 
+		// Save whether this is a dev unit or not. For 3DS NAND reading...
+		// This does not imply 32 MBs of RAM!
+		out[16] = (*((uint16_t*)0x04004024)) & 0x13; // Is this a dev unit?
+	}
+
+	if (isDSiMode() || ((REG_SCFG_EXT & BIT(17)) && (REG_SCFG_EXT & BIT(18)))) {
 		// first check whether we can read the console ID directly and it was not hidden by SCFG
 		if (((*(vu16*)0x04004000) & (1u << 10)) == 0 && ((*(vu8*)0x04004D08) & 0x1) == 0)
 		{

arm9/source/crypto.c

@@ -3,6 +3,7 @@
 #include "sha1.h"
 #include "crypto.h"
 //#include "ticket0.h"
+#include "tonccpy.h"
 #include "utils.h"
 
 // more info:
@@ -13,6 +14,9 @@
 static const uint32_t DSi_NAND_KEY_Y[4] =
 	{0x0ab9dc76u, 0xbd4dc4d3u, 0x202ddd1du, 0xe1a00005u};
 
+static const uint32_t DSi_DEV_3DS_NAND_KEY_Y[4] =
+	{0xf176bfaau, 0x66e8b87au, 0x266a6497u, 0xe1a00005u};
+
 static const uint32_t DSi_ES_KEY_Y[4] =
 	{0x8b5acce5u, 0x72c9d056u, 0xdce8179cu, 0xa9361239u};
 
@@ -78,33 +82,56 @@ static inline void rol42_128(uint32_t *a){
 	a[0] = (t3 << 10) | (t2 >> 22);
 }
 
+void populate_dsi_nand_key_y(uint8_t *out, bool is_dev_3DS) {
+	if(out == NULL)
+		return;
+
+	const uint32_t* nand_key_y = DSi_NAND_KEY_Y;
+	if(is_dev_3DS)
+		nand_key_y = DSi_DEV_3DS_NAND_KEY_Y;
+
+	// This would not work in a Big Endian platform...
+	tonccpy(out, nand_key_y, 16);
+}
+
 static void dsi_aes_set_key(uint32_t *rk, const uint32_t *console_id, key_mode_t mode) {
 	uint32_t key[4];
+	const uint32_t* dsi_key_y = NULL;
 	switch (mode) {
 	case NAND:
 		key[0] = console_id[0];
 		key[1] = console_id[0] ^ 0x24ee6906;
 		key[2] = console_id[1] ^ 0xe65b601d;
 		key[3] = console_id[1];
+		dsi_key_y = DSi_NAND_KEY_Y;
 		break;
 	case NAND_3DS:
 		key[0] = console_id[0];
 		key[1] = 0x544e494e;
 		key[2] = 0x4f444e45;
 		key[3] = console_id[1];
+		dsi_key_y = DSi_NAND_KEY_Y;
+		break;
+	case NAND_DEV_3DS:
+		key[0] = console_id[0];
+		key[1] = 0xee7a4b1e;
+		key[2] = 0xaf42c08b;
+		key[3] = console_id[1];
+		dsi_key_y = DSi_DEV_3DS_NAND_KEY_Y;
 		break;
 	case ES:
 		key[0] = 0x4e00004a;
 		key[1] = 0x4a00004e;
 		key[2] = console_id[1] ^ 0xc80c4b72;
 		key[3] = console_id[0];
+		dsi_key_y = DSi_ES_KEY_Y;
 		break;
 	default:
 		break;
 	}
 	// Key = ((Key_X XOR Key_Y) + FFFEFB4E295902582A680F5F1A4F3E79h) ROL 42
 	// equivalent to F_XY in twltool/f_xy.c
-	xor_128(key, key, mode == ES ? DSi_ES_KEY_Y : DSi_NAND_KEY_Y);
+	xor_128(key, key, dsi_key_y);
 	// iprintf("AES KEY: XOR KEY_Y:\n");
 	// print_bytes(key, 16);
 	add_128(key, DSi_KEY_MAGIC);
@@ -138,7 +165,7 @@ static uint32_t boot2_rk[RK_LEN];
 
 static int tables_generated = 0;
 
-void dsi_crypt_init(const uint8_t *console_id_be, const uint8_t *emmc_cid, int is3DS) {
+void dsi_crypt_init(const uint8_t *console_id_be, const uint8_t *emmc_cid, int is3DS, bool is_dev_3DS) {
 	if (tables_generated == 0) {
 		aes_gen_tables();
 		tables_generated = 1;
@@ -148,7 +175,7 @@ void dsi_crypt_init(const uint8_t *console_id_be, const uint8_t *emmc_cid, int i
 	GET_UINT32_BE(console_id[0], console_id_be, 4);
 	GET_UINT32_BE(console_id[1], console_id_be, 0);
 
-	dsi_aes_set_key(nand_rk, console_id, is3DS ? NAND_3DS : NAND);
+	dsi_aes_set_key(nand_rk, console_id, is_dev_3DS ? NAND_DEV_3DS : (is3DS ? NAND_3DS : NAND));
 	dsi_aes_set_key(es_rk, console_id, ES);
 
 	aes_set_key_enc_128_be(boot2_rk, (uint8_t*)DSi_BOOT2_KEY);

arm9/source/crypto.h

@@ -14,12 +14,15 @@ typedef enum {
 typedef enum {
 	NAND,
 	NAND_3DS,
+	NAND_DEV_3DS,
 	ES
 } key_mode_t;
 
+void populate_dsi_nand_key_y(uint8_t *out, bool is_dev_3DS);
+
 int dsi_sha1_verify(const void *digest_verify, const void *data, unsigned len);
 
-void dsi_crypt_init(const uint8_t *console_id_be, const uint8_t *emmc_cid, int is3DS);
+void dsi_crypt_init(const uint8_t *console_id_be, const uint8_t *emmc_cid, int is3DS, bool is_dev_3DS);
 
 void dsi_nand_crypt_1(uint8_t *out, const uint8_t* in, u32 offset);
 

arm9/source/nandio.c

@@ -24,12 +24,12 @@ static inline void nandio_set_fat_sig_fix(u32 offset) {
 	fat_sig_fix_offset = offset;
 }
 
-void getConsoleID(u8 *consoleID){
+void getConsoleID(u8 *consoleID, bool is_dev_3DS){
 	u8 *fifo=(u8*)0x02F00000; //shared mem address that has our computed key3 stuff
 	u8 key[16]; //key3 normalkey - keyslot 3 is used for DSi/twln NAND crypto
 	u8 key_xy[16]; //key3_y ^ key3_x
 	u8 key_x[16];////key3_x - contains a DSi console id (which just happens to be the LFCS on 3ds)
-	u8 key_y[16] = {0x76, 0xDC, 0xB9, 0x0A, 0xD3, 0xC4, 0x4D, 0xBD, 0x1D, 0xDD, 0x2D, 0x20, 0x05, 0x00, 0xA0, 0xE1}; //key3_y NAND constant
+	u8 key_y[16]; //key3_y NAND constant
 
 	u8 empty_buff[8] = {0};
 
@@ -44,6 +44,8 @@ void getConsoleID(u8 *consoleID){
 
 	F_XY_reverse((uint32_t*)key, (uint32_t*)key_xy); //work backwards from the normalkey to get key_x that has the consoleID
 
+	populate_dsi_nand_key_y(key_y, is_dev_3DS);
+
 	for(int i=0;i<16;i++){
 		key_x[i] = key_xy[i] ^ key_y[i];             //''
 	}
@@ -114,21 +116,23 @@ bool nandio_startup() {
 	if (!my_nand_Startup()) return false;
 
 	my_nand_ReadSectors(0, 1, sector_buf);
+	uint8_t* fifo_is_dev = (uint8_t*)(0x02F00000 + 16);
 	bool isDSi = parse_ncsd(sector_buf, 0) != 0;
+	bool is_dev_3DS = (!isDSi) && *fifo_is_dev;
 
 	loadCid(isDSi);
 
 	u8 consoleID[8];
 	u8 consoleIDfixed[8];
 
 	// Get ConsoleID
-	getConsoleID(consoleID);
+	getConsoleID(consoleID, is_dev_3DS);
 	for (int i = 0; i < 8; i++) {
 		consoleIDfixed[i] = consoleID[7-i];
 	}
 
 	// iprintf("sector 0 is %s\n", is3DS ? "3DS" : "DSi");
-	dsi_crypt_init((const u8*)consoleIDfixed, (const u8*)0x2FFD7BC, !isDSi);
+	dsi_crypt_init((const u8*)consoleIDfixed, (const u8*)0x2FFD7BC, !isDSi, is_dev_3DS);
 	dsi_nand_crypt(sector_buf, sector_buf, 0, SECTOR_SIZE / AES_BLOCK_SIZE);
 	parse_mbr(sector_buf, !isDSi, 0);