diff --git a/client/deps/amiitool/amiibo.c b/client/deps/amiitool/amiibo.c index 7ef471f48..6aa4aeeed 100644 --- a/client/deps/amiitool/amiibo.c +++ b/client/deps/amiitool/amiibo.c @@ -13,6 +13,7 @@ #define HMAC_POS_DATA 0x008 #define HMAC_POS_TAG 0x1B4 +#define AMIBOO_KEY_FN "key_retail.bin" static void nfc3d_amiibo_calc_seed(const uint8_t *dump, uint8_t *key) { memcpy(key + 0x00, dump + 0x029, 0x02); @@ -22,14 +23,13 @@ static void nfc3d_amiibo_calc_seed(const uint8_t *dump, uint8_t *key) { memcpy(key + 0x20, dump + 0x1E8, 0x20); } -static void nfc3d_amiibo_keygen(const nfc3d_keygen_masterkeys *masterKeys, const uint8_t *dump, nfc3d_keygen_derivedkeys *derivedKeys) { - uint8_t seed[NFC3D_KEYGEN_SEED_SIZE]; - +static void nfc3d_amiibo_keygen(const nfc3d_keygen_masterkeys_t *masterKeys, const uint8_t *dump, nfc3d_keygen_derivedkeys_t *derivedKeys) { + uint8_t seed[NFC3D_KEYGEN_SEED_SIZE] = {0}; nfc3d_amiibo_calc_seed(dump, seed); nfc3d_keygen(masterKeys, seed, derivedKeys); } -static void nfc3d_amiibo_cipher(const nfc3d_keygen_derivedkeys *keys, const uint8_t *in, uint8_t *out) { +static void nfc3d_amiibo_cipher(const nfc3d_keygen_derivedkeys_t *keys, const uint8_t *in, uint8_t *out) { mbedtls_aes_context aes; size_t nc_off = 0; unsigned char nonce_counter[16]; @@ -68,10 +68,12 @@ static void nfc3d_amiibo_internal_to_tag(const uint8_t *intl, uint8_t *tag) { memcpy(tag + 0x054, intl + 0x1DC, 0x02C); } -bool nfc3d_amiibo_unpack(const nfc3d_amiibo_keys *amiiboKeys, const uint8_t *tag, uint8_t *plain) { - uint8_t internal[NFC3D_AMIIBO_SIZE]; - nfc3d_keygen_derivedkeys dataKeys; - nfc3d_keygen_derivedkeys tagKeys; +bool nfc3d_amiibo_unpack(const nfc3d_amiibo_keys_t *amiiboKeys, const uint8_t *tag, uint8_t *plain) { + + uint8_t internal[NFC3D_AMIIBO_SIZE] = {0}; + + nfc3d_keygen_derivedkeys_t dataKeys; + nfc3d_keygen_derivedkeys_t tagKeys; // Convert format nfc3d_amiibo_tag_to_internal(tag, internal); @@ -84,30 +86,44 @@ bool nfc3d_amiibo_unpack(const nfc3d_amiibo_keys *amiiboKeys, const uint8_t *tag nfc3d_amiibo_cipher(&dataKeys, internal, plain); // Regenerate tag HMAC. Note: order matters, data HMAC depends on tag HMAC! - mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), tagKeys.hmacKey, sizeof(tagKeys.hmacKey), - plain + 0x1D4, 0x34, plain + HMAC_POS_TAG); + mbedtls_md_hmac( mbedtls_md_info_from_type(MBEDTLS_MD_SHA256) + , tagKeys.hmacKey + , sizeof(tagKeys.hmacKey) + , plain + 0x1D4 + , 0x34 + , plain + HMAC_POS_TAG + ); // Regenerate data HMAC - mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), dataKeys.hmacKey, sizeof(dataKeys.hmacKey), - plain + 0x029, 0x1DF, plain + HMAC_POS_DATA); + mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256) + , dataKeys.hmacKey + , sizeof(dataKeys.hmacKey) + , plain + 0x029 + , 0x1DF + , plain + HMAC_POS_DATA + ); - return - memcmp(plain + HMAC_POS_DATA, internal + HMAC_POS_DATA, 32) == 0 && - memcmp(plain + HMAC_POS_TAG, internal + HMAC_POS_TAG, 32) == 0; + return ((memcmp(plain + HMAC_POS_DATA, internal + HMAC_POS_DATA, 32) == 0) && + (memcmp(plain + HMAC_POS_TAG, internal + HMAC_POS_TAG, 32) == 0)); } -void nfc3d_amiibo_pack(const nfc3d_amiibo_keys *amiiboKeys, const uint8_t *plain, uint8_t *tag) { - uint8_t cipher[NFC3D_AMIIBO_SIZE]; - nfc3d_keygen_derivedkeys tagKeys; - nfc3d_keygen_derivedkeys dataKeys; +void nfc3d_amiibo_pack(const nfc3d_amiibo_keys_t *amiiboKeys, const uint8_t *plain, uint8_t *tag) { + uint8_t cipher[NFC3D_AMIIBO_SIZE] = {0}; + nfc3d_keygen_derivedkeys_t tagKeys; + nfc3d_keygen_derivedkeys_t dataKeys; // Generate keys nfc3d_amiibo_keygen(&amiiboKeys->tag, plain, &tagKeys); nfc3d_amiibo_keygen(&amiiboKeys->data, plain, &dataKeys); // Generate tag HMAC - mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), tagKeys.hmacKey, sizeof(tagKeys.hmacKey), - plain + 0x1D4, 0x34, cipher + HMAC_POS_TAG); + mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256) + , tagKeys.hmacKey + , sizeof(tagKeys.hmacKey) + , plain + 0x1D4 + , 0x34 + , cipher + HMAC_POS_TAG + ); // Init mbedtls HMAC context mbedtls_md_context_t ctx; @@ -132,14 +148,11 @@ void nfc3d_amiibo_pack(const nfc3d_amiibo_keys *amiiboKeys, const uint8_t *plain nfc3d_amiibo_internal_to_tag(cipher, tag); } -bool nfc3d_amiibo_load_keys(nfc3d_amiibo_keys *amiiboKeys) { - -#define amiboo_key_fn "key_retail.bin" +bool nfc3d_amiibo_load_keys(nfc3d_amiibo_keys_t *amiiboKeys) { uint8_t *dump = NULL; size_t bytes_read = 0; - if (loadFile_safe(amiboo_key_fn, "", (void **)&dump, &bytes_read) != PM3_SUCCESS) { - PrintAndLogEx(FAILED, "File: " _YELLOW_("%s") ": not found or locked.", amiboo_key_fn); + if (loadFile_safe(AMIBOO_KEY_FN, "", (void **)&dump, &bytes_read) != PM3_SUCCESS) { return false; } @@ -148,13 +161,13 @@ bool nfc3d_amiibo_load_keys(nfc3d_amiibo_keys *amiiboKeys) { return false; } + memcpy(amiiboKeys, dump, bytes_read); + free(dump); + if ((amiiboKeys->data.magicBytesSize > 16) || (amiiboKeys->tag.magicBytesSize > 16)) { - free(dump); return false; } - memcpy(amiiboKeys, dump, bytes_read); - free(dump); return true; } diff --git a/client/deps/amiitool/amiibo.h b/client/deps/amiitool/amiibo.h index 4ba0db7cd..a4987a761 100644 --- a/client/deps/amiitool/amiibo.h +++ b/client/deps/amiitool/amiibo.h @@ -18,14 +18,14 @@ #pragma pack(1) typedef struct { - nfc3d_keygen_masterkeys data; - nfc3d_keygen_masterkeys tag; -} nfc3d_amiibo_keys; + nfc3d_keygen_masterkeys_t data; + nfc3d_keygen_masterkeys_t tag; +} nfc3d_amiibo_keys_t; #pragma pack() -bool nfc3d_amiibo_unpack(const nfc3d_amiibo_keys *amiiboKeys, const uint8_t *tag, uint8_t *plain); -void nfc3d_amiibo_pack(const nfc3d_amiibo_keys *amiiboKeys, const uint8_t *plain, uint8_t *tag); -bool nfc3d_amiibo_load_keys(nfc3d_amiibo_keys *amiiboKeys); +bool nfc3d_amiibo_unpack(const nfc3d_amiibo_keys_t *amiiboKeys, const uint8_t *tag, uint8_t *plain); +void nfc3d_amiibo_pack(const nfc3d_amiibo_keys_t *amiiboKeys, const uint8_t *plain, uint8_t *tag); +bool nfc3d_amiibo_load_keys(nfc3d_amiibo_keys_t *amiiboKeys); void nfc3d_amiibo_copy_app_data(const uint8_t *src, uint8_t *dst); #endif diff --git a/client/deps/amiitool/amiitool.c b/client/deps/amiitool/amiitool.c index aa51b44d5..adb8e4f02 100644 --- a/client/deps/amiitool/amiitool.c +++ b/client/deps/amiitool/amiitool.c @@ -77,7 +77,7 @@ int main(int argc, char **argv) { return 1; } - nfc3d_amiibo_keys amiiboKeys = {0}; + nfc3d_amiibo_keys_t amiiboKeys = {0}; if (! LoadAmiikey(amiiboKeys, keyfile)) return 5; diff --git a/client/deps/amiitool/drbg.c b/client/deps/amiitool/drbg.c index 1aaba0a7f..4673a0619 100644 --- a/client/deps/amiitool/drbg.c +++ b/client/deps/amiitool/drbg.c @@ -57,7 +57,7 @@ void nfc3d_drbg_cleanup(nfc3d_drbg_ctx *ctx) { } void nfc3d_drbg_generate_bytes(const uint8_t *hmacKey, size_t hmacKeySize, const uint8_t *seed, size_t seedSize, uint8_t *output, size_t outputSize) { - uint8_t temp[NFC3D_DRBG_OUTPUT_SIZE]; + uint8_t temp[NFC3D_DRBG_OUTPUT_SIZE] = {0}; nfc3d_drbg_ctx rngCtx; nfc3d_drbg_init(&rngCtx, hmacKey, hmacKeySize, seed, seedSize); diff --git a/client/deps/amiitool/keygen.c b/client/deps/amiitool/keygen.c index 6322a0fe9..236edd210 100644 --- a/client/deps/amiitool/keygen.c +++ b/client/deps/amiitool/keygen.c @@ -10,7 +10,7 @@ #include #include -static void nfc3d_keygen_prepare_seed(const nfc3d_keygen_masterkeys *baseKeys, const uint8_t *baseSeed, uint8_t *output, size_t *outputSize) { +static void nfc3d_keygen_prepare_seed(const nfc3d_keygen_masterkeys_t *baseKeys, const uint8_t *baseSeed, uint8_t *output, size_t *outputSize) { assert(baseKeys != NULL); assert(baseSeed != NULL); assert(output != NULL); @@ -19,7 +19,8 @@ static void nfc3d_keygen_prepare_seed(const nfc3d_keygen_masterkeys *baseKeys, c uint8_t *start = output; // 1: Copy whole type string - output = (uint8_t *)strcpy((char *)output, baseKeys->typeString); + // output = (uint8_t *)strcpy((char *)output, baseKeys->typeString); + output = memccpy(output, baseKeys->typeString, '\0', sizeof(baseKeys->typeString)); // 2: Append (16 - magicBytesSize) from the input seed size_t leadingSeedBytes = 16 - baseKeys->magicBytesSize; @@ -44,7 +45,7 @@ static void nfc3d_keygen_prepare_seed(const nfc3d_keygen_masterkeys *baseKeys, c *outputSize = output - start; } -void nfc3d_keygen(const nfc3d_keygen_masterkeys *baseKeys, const uint8_t *baseSeed, nfc3d_keygen_derivedkeys *derivedKeys) { +void nfc3d_keygen(const nfc3d_keygen_masterkeys_t *baseKeys, const uint8_t *baseSeed, nfc3d_keygen_derivedkeys_t *derivedKeys) { uint8_t preparedSeed[NFC3D_DRBG_MAX_SEED_SIZE]; size_t preparedSeedSize; diff --git a/client/deps/amiitool/keygen.h b/client/deps/amiitool/keygen.h index 4d1c21cea..1c9399817 100644 --- a/client/deps/amiitool/keygen.h +++ b/client/deps/amiitool/keygen.h @@ -20,15 +20,15 @@ typedef struct { uint8_t magicBytesSize; uint8_t magicBytes[16]; uint8_t xorPad[32]; -} nfc3d_keygen_masterkeys; +} nfc3d_keygen_masterkeys_t; typedef struct { const uint8_t aesKey[16]; const uint8_t aesIV[16]; const uint8_t hmacKey[16]; -} nfc3d_keygen_derivedkeys; -#pragma pack() +} nfc3d_keygen_derivedkeys_t; +#pragma pack(0) -void nfc3d_keygen(const nfc3d_keygen_masterkeys *baseKeys, const uint8_t *baseSeed, nfc3d_keygen_derivedkeys *derivedKeys); +void nfc3d_keygen(const nfc3d_keygen_masterkeys_t *baseKeys, const uint8_t *baseSeed, nfc3d_keygen_derivedkeys_t *derivedKeys); #endif