-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtmd.go
187 lines (154 loc) · 5.65 KB
/
tmd.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
package ctrsigcheck
import (
"bytes"
"crypto"
"crypto/rsa"
"encoding/binary"
"fmt"
"io"
"github.com/connesc/ctrsigcheck/ctrutil"
)
// TMD describes a TMD structure.
type TMD struct {
Legit bool
Original bool
TitleID Hex64
TitleVersion uint16
Contents []TMDContent
CertsTrailer bool
}
// TMDContent describes a content record in a TMD.
type TMDContent struct {
ID Hex32
Index Hex16
Type Hex16
Size uint64
Hash Hex
Encrypted bool
Optional bool
}
// CheckTMD reads the given TMD file and verifies its content.
//
// It may be followed by a certificate chain. This notably happens for files downloaded from
// Nintendo's CDN. If a certificate chain is found, it is checked against expected content.
//
// A TMD is considered "legit" if its digital signature is properly verified. Unlike other
// checks, signature checks don't produce errors, but instead expose a Legit boolean to the caller.
func CheckTMD(input io.Reader) (*TMD, error) {
reader := ctrutil.NewReader(input)
tmdHigh := make([]byte, 0xb04)
_, err := io.ReadFull(reader, tmdHigh)
if err != nil {
return nil, fmt.Errorf("tmd: failed to read first part of TMD: %w", err)
}
signatureType := binary.BigEndian.Uint32(tmdHigh)
if signatureType != 0x10004 {
return nil, fmt.Errorf("tmd: signature type must be 0x%08x, got 0x%08x", 0x10004, signatureType)
}
signature := tmdHigh[0x4:0x104]
header := tmdHigh[0x140:0x204]
contentInfoRecords := tmdHigh[0x204:]
issuer := string(bytes.TrimRight(header[:0x40], "\x00"))
if issuer != fmt.Sprintf("Root-%s-%s", Certs.Retail.CA.Name, Certs.Retail.TMD.Name) {
return nil, fmt.Errorf("tmd: unexpected issuer: %s", issuer)
}
legit := rsa.VerifyPKCS1v15(&Certs.Retail.TMD.PublicKey, crypto.SHA256, sha256Hash(header), signature) == nil
titleID := binary.BigEndian.Uint64(header[0x4c:])
titleVersion := binary.BigEndian.Uint16(header[0x9c:])
contentCount := int(binary.BigEndian.Uint16(header[0x9e:]))
if !bytes.Equal(sha256Hash(contentInfoRecords), header[0xa4:0xc4]) {
return nil, fmt.Errorf("tmd: invalid hash for content info records")
}
contentChunkRecords := make([]byte, 0x30*contentCount)
_, err = io.ReadFull(reader, contentChunkRecords)
if err != nil {
return nil, fmt.Errorf("tmd: failed to read content chunk records: %w", err)
}
contents := make([]TMDContent, 0, contentCount)
contentsModified := false
for infoIndex := 0; infoIndex < 64; infoIndex++ {
infoRecord := contentInfoRecords[infoIndex*0x24 : (infoIndex+1)*0x24]
firstChunk := len(contents)
count := int(binary.BigEndian.Uint16(infoRecord[0x2:]))
if count == 0 {
continue
}
if len(contents)+count > contentCount {
return nil, fmt.Errorf("tmd: content count exceeded at content info record %d: %d > %d", infoIndex, len(contents)+count, contentCount)
}
chunkRecords := contentChunkRecords[0x30*firstChunk : 0x30*(firstChunk+count)]
chunkRecordsModified := false
if !bytes.Equal(sha256Hash(chunkRecords), infoRecord[0x04:0x24]) {
return nil, fmt.Errorf("tmd: invalid hash for content chunk records %d to %d", firstChunk, firstChunk+count-1)
}
for chunkIndex := 0; chunkIndex < count; chunkIndex++ {
chunkRecord := chunkRecords[chunkIndex*0x30 : (chunkIndex+1)*0x30]
contentID := binary.BigEndian.Uint32(chunkRecord)
contentIndex := binary.BigEndian.Uint16(chunkRecord[0x4:])
contentType := binary.BigEndian.Uint16(chunkRecord[0x6:])
contentSize := binary.BigEndian.Uint64(chunkRecord[0x8:])
contentHash := chunkRecord[0x10:0x30]
if contentIndex >= 0x2000 {
return nil, fmt.Errorf("tmd: content index must be less than 0x%04x, got 0x%04x", 0x2000, contentIndex)
}
encrypted := contentType&0x0001 != 0
optional := contentType&0x4000 != 0
contents = append(contents, TMDContent{
ID: Hex32(contentID),
Index: Hex16(contentIndex),
Type: Hex16(contentType),
Size: contentSize,
Hash: contentHash,
Encrypted: encrypted,
Optional: optional,
})
if !legit && !encrypted {
binary.BigEndian.PutUint16(chunkRecord[0x6:], contentType^0x0001)
chunkRecordsModified = true
}
}
if chunkRecordsModified {
copy(infoRecord[0x04:0x24], sha256Hash(chunkRecords))
contentsModified = true
}
}
if len(contents) < contentCount {
return nil, fmt.Errorf("tmd: content chunk records are fewer than expected: %d < %d", len(contents), contentCount)
}
if contentsModified {
copy(header[0xa4:0xc4], sha256Hash(contentInfoRecords))
legit = rsa.VerifyPKCS1v15(&Certs.Retail.TMD.PublicKey, crypto.SHA256, sha256Hash(header), signature) == nil
}
certsTrailer := true
certs := make([]byte, len(Certs.Retail.CA.Raw)+len(Certs.Retail.TMD.Raw))
_, err = io.ReadFull(reader, certs)
if err == io.EOF {
certsTrailer = false
} else if err != nil {
return nil, fmt.Errorf("tmd: failed to read certs trailer: %w", err)
}
if certsTrailer {
tmdCertLen := len(Certs.Retail.TMD.Raw)
if !bytes.Equal(certs[:tmdCertLen], Certs.Retail.TMD.Raw) {
return nil, fmt.Errorf("tmd: invalid TMD certificate in trailer")
}
caCertLen := len(Certs.Retail.CA.Raw)
if !bytes.Equal(certs[tmdCertLen:tmdCertLen+caCertLen], Certs.Retail.CA.Raw) {
return nil, fmt.Errorf("tmd: invalid CA certificate in trailer")
}
err = reader.Discard(1)
if err == nil {
return nil, fmt.Errorf("tmd: extraneous data after %d bytes", reader.Offset()-1)
} else if err != io.EOF {
return nil, fmt.Errorf("tmd: failed to check extraneous data: %w", err)
}
}
return &TMD{
Legit: legit,
Original: legit && !contentsModified,
TitleID: Hex64(titleID),
TitleVersion: titleVersion,
Contents: contents,
CertsTrailer: certsTrailer,
}, nil
}