Skip to content

Instantly share code, notes, and snippets.

@SciresM
Created Aug 31, 2018
Embed
What would you like to do?
diff --git a/bootloader/hos/hos.c b/bootloader/hos/hos.c
index 346b988..393d433 100644
--- a/bootloader/hos/hos.c
+++ b/bootloader/hos/hos.c
@@ -84,7 +84,8 @@ typedef struct _merge_kip_t
#define KB_FIRMWARE_VERSION_301 2
#define KB_FIRMWARE_VERSION_400 3
#define KB_FIRMWARE_VERSION_500 4
-#define KB_FIRMWARE_VERSION_MAX KB_FIRMWARE_VERSION_500
+#define KB_FIRMWARE_VERSION_600 5
+#define KB_FIRMWARE_VERSION_MAX KB_FIRMWARE_VERSION_600
// Exosphère magic "XBC0".
#define MAGIC_EXOSPHERE 0x30434258
@@ -94,7 +95,8 @@ static const u8 keyblob_keyseeds[][0x10] = {
{ 0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC }, //3.0.0
{ 0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B }, //3.0.1
{ 0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE }, //4.0.0
- { 0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80 } //5.0.0
+ { 0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80 }, //5.0.0
+ { 0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0 } //6.0.0
};
static const u8 cmac_keyseed[0x10] =
@@ -200,6 +202,7 @@ int keygen(u8 *keyblob, u32 kb, void *tsec_fw)
se_aes_unwrap_key(12, 12, master_keyseed_retail);
break;
case KB_FIRMWARE_VERSION_500:
+ case KB_FIRMWARE_VERSION_600:
se_aes_unwrap_key(10, 15, console_keyseed_4xx_5xx);
se_aes_unwrap_key(15, 15, console_keyseed);
se_aes_unwrap_key(14, 12, master_keyseed_4xx_5xx);
@@ -623,13 +626,16 @@ int hos_launch(ini_sec_t *cfg)
if (!exoFwNumber)
exoFwNumber = 4;
case KB_FIRMWARE_VERSION_500:
+ if (!exoFwNumber)
+ exoFwNumber = 5;
+ case KB_FIRMWARE_VERSION_600:
default:
se_key_acc_ctrl(12, 0xFF);
se_key_acc_ctrl(15, 0xFF);
bootStateDramPkg2 = 2;
bootStatePkg2Continue = 4;
if (!exoFwNumber)
- exoFwNumber = 5;
+ exoFwNumber = 6;
break;
}
@@ -638,7 +644,7 @@ int hos_launch(ini_sec_t *cfg)
_free_launch_components(&ctxt);
// Copy BCT if debug mode is enabled.
- memset((void *)0x4003D000, 0, 0x3000);
+ // memset((void *)0x4003D000, 0, 0x3000);
if (ctxt.debugmode)
_copy_bootconfig(&ctxt);
diff --git a/bootloader/hos/pkg1.c b/bootloader/hos/pkg1.c
index 9cd4e6f..358045d 100644
--- a/bootloader/hos/pkg1.c
+++ b/bootloader/hos/pkg1.c
@@ -63,6 +63,15 @@ PATCHSET_DEF(_secmon_5_patchset,
{ 0xDA8 + 0x1038 , _NOP() } //Sections SHA2.
);
+PATCHSET_DEF(_secmon_6_patchset,
+ // Patch package2 decryption and signature/hash checks.
+ { 0xDC8 + 0x820 , _NOP() }, //package2 structure.
+ { 0xDC8 + 0x82C , _NOP() }, //Version.
+ { 0xDC8 + 0xE90 , _NOP() }, //Header signature.
+ { 0xDC8 + 0x112C , _NOP() } //Sections SHA2.
+);
+
+
/*
* package1.1 header: <wb, ldr, sm>
* package1.1 layout:
@@ -72,6 +81,7 @@ PATCHSET_DEF(_secmon_5_patchset,
* 3.1: {wb, ldr, sm} { 0, 1, 2 }
* 4.0: {ldr, sm, wb} { 1, 2, 0 }
* 5.0: {ldr, sm, wb} { 1, 2, 0 }
+ * 6.0: {ldr, sm, wb} { 1, 2, 0 }
*/
static const pkg1_id_t _pkg1_ids[] = {
@@ -81,6 +91,7 @@ static const pkg1_id_t _pkg1_ids[] = {
{ "20170710161758", 2, 0x1A00, 0x3FE0, { 0, 1, 2 }, 0x4002D000, 0x8000D000, true, _secmon_3_patchset }, //3.0.1 - 3.0.2
{ "20170921172629", 3, 0x1800, 0x3FE0, { 1, 2, 0 }, 0x4002B000, 0x4003B000, false, _secmon_4_patchset }, //4.0.0 - 4.1.0
{ "20180220163747", 4, 0x1900, 0x3FE0, { 1, 2, 0 }, 0x4002B000, 0x4003B000, false, _secmon_5_patchset }, //5.0.0 - 5.1.0
+ { "20180802162753", 5, 0x1900, 0x3FE0, { 1, 2, 0 }, 0x4002B000, 0x4003D800, false, _secmon_6_patchset }, //6.0.0 - 6.0.0
{ NULL } //End.
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment