From 3cb1e1d0fd6da4cc540f68694dca6691ce746ac2 Mon Sep 17 00:00:00 2001 From: SilicaAndPina Date: Sun, 2 Aug 2020 00:52:12 +1200 Subject: [PATCH] Add trf support. --- CpUpES2-Decrypt/Program.cs | 81 +++++++++++++++++++++++++++----------- README.md | 14 +++---- 2 files changed, 64 insertions(+), 31 deletions(-) diff --git a/CpUpES2-Decrypt/Program.cs b/CpUpES2-Decrypt/Program.cs index 4b32253..e6f3c0b 100644 --- a/CpUpES2-Decrypt/Program.cs +++ b/CpUpES2-Decrypt/Program.cs @@ -33,41 +33,74 @@ namespace CpUpES2_Decrypt static int Main(string[] args) { RsaKeyParameters Rsa_Public_Key = new RsaKeyParameters(false, new BigInteger("A7CCAE0F501188527BF3DACCA3E231C8D8701E7B91927390701DE5E7A96327DAD87167A8F01368ADDFE490E325A290533697058FBA775766698010AFD8FD7A3FFD265E0A52FE04928BCE8B4302F4C70FFAC3C9397FD24B106271E57BDA20D2D702298F6F990ECF9B0FE04FF6CCEE170B555304232012D78E6019DAB29763829E6AF5ADA802204FA551631179CBFE6164732662E8576741949BB136456C11DE355F487211D230267DC05E699A2652AD5C6D74B0568326F4F2F5B86AD956E94404D3A65928F4EA2189567CE9989911B04808517F4C76A8B25DF1D6ABBE8595C469BFD7E870C4F00A89610C2C9B79F625A42CA2B4C6B8D37E62CE9EC61A856FD32F", 16), new BigInteger("10001", 16)); - + RsaKeyParameters FsImage_Public_Key = new RsaKeyParameters(false, new BigInteger("A9697F9D9343CADE68E04F9E356E6AB6BBC7DE36A4D81B98A83BC12BE3F6DF96ED7A64389456ACA933BEBFBA4FFEF05CF45F2F886F434FBBC3A01348533070C0B7D5E9C21EFE53E95A6019DB51C12C6BAFEB94E992287963448E59606384B99F3FF3E5EB6AA08BF32A4DBA7A312520CEC2B69BB20A6D0640B117170AA2DDA1FB590AEE7ADFC4E80DFCF27FA55DDEC92C07922FDD05AB1618DCB727AA6FF70027A9410BC845E50EAFD46C0FD92FF500672DE56489C669B0AA481FFD75E99E21A8DC2F9F9E87957B46BBF63FB7DDBE8B8CA861BA349A62458E855EE78C3DD6791F92E76422144E51295B1337E15C126DF6FA0C29321BC1D7C00E3C19EEF3A3E7A5", 16), new BigInteger("10001", 16)); if(args.Length < 1) { - Console.WriteLine("Usage: CpUpES2Decrypt.exe "); + Console.WriteLine("Usage: CpUpES2-Decrypt.exe "); return 2; } else if(File.Exists(args[0])) { + // Parse Header FileStream fs = File.OpenRead(args[0]); BinaryReader bfs = new BinaryReader(fs); UInt32 Magic = bfs.ReadUInt32(); UInt32 Version = bfs.ReadUInt32(); - UInt64 Reserved = bfs.ReadUInt64(); - UInt32 Type = bfs.ReadUInt32(); + UInt32 TrfSize = bfs.ReadUInt32(); + UInt32 TrfStartAddress = bfs.ReadUInt32(); + UInt32 TrfExtractedSize = bfs.ReadUInt32(); UInt32 FullSize = bfs.ReadUInt32(); UInt32 StartAddress = bfs.ReadUInt32(); UInt32 ExtractedSize = bfs.ReadUInt32(); - if (Magic == 0x43705570) //CpUp + + if (Magic == 0x43705570 || Magic == 0x23642745) { - Console.WriteLine("CpUp Magic: 0x" + Magic.ToString("X")); - Console.WriteLine("CpUp Version: 0x" + Version.ToString("X")); - Console.WriteLine("CpUp Reserved Space: 0x" + Reserved.ToString("X")); - Console.WriteLine("CpUp Type: 0x" + Type.ToString("X")); - Console.WriteLine("CpUp Size: 0x" + FullSize.ToString("X")); - Console.WriteLine("CpUp Start Address: 0x" + StartAddress.ToString("X")); - Console.WriteLine("CpUp Extracted Size: 0x" + ExtractedSize.ToString("X")); + String FileType = "CpUp"; + if (Magic == 0x23642745) + FileType = "Trf"; + + UInt32 UsedStartAddress = StartAddress; + UInt32 UsedSize = FullSize; + UInt32 UsedExtractedSize = ExtractedSize; + Boolean IsEncrypted = true; + String FileName = Path.ChangeExtension(args[0], "tar.gz"); + if (FileType == "Trf") + { + UsedStartAddress = TrfStartAddress; + UsedSize = TrfSize; + UsedExtractedSize = TrfExtractedSize; + FileName = Path.ChangeExtension(args[0], "img"); + + fs.Seek(UsedStartAddress, SeekOrigin.Begin); // Hacky but it works. + UInt32 EncMagic = bfs.ReadUInt32(); + if (EncMagic == 0xCDE4A048) + IsEncrypted = false; + + } + + Console.WriteLine(FileType+" Magic: 0x" + Magic.ToString("X")); + Console.WriteLine(FileType + " Version: 0x" + Version.ToString("X")); + Console.WriteLine(FileType + " TSize: 0x" + TrfSize.ToString("X")); + Console.WriteLine(FileType + " TStart Address: 0x" + TrfStartAddress.ToString("X")); + Console.WriteLine(FileType + " TExtracted Size: 0x" + TrfExtractedSize.ToString("X")); + + Console.WriteLine(FileType + " CSize: 0x" + FullSize.ToString("X")); + Console.WriteLine(FileType + " CStart Address: 0x" + StartAddress.ToString("X")); + Console.WriteLine(FileType + " CExtracted Size: 0x" + ExtractedSize.ToString("X")); Console.WriteLine("\n\nRSA Decrypting Key Information..."); + // Dervie AES Key Pkcs1Encoding pkcs1Encoding = new Pkcs1Encoding(new RsaEngine()); - pkcs1Encoding.Init(false, Rsa_Public_Key); + if(FileType == "Trf") + pkcs1Encoding.Init(false, FsImage_Public_Key); + else if (FileType == "CpUp") + pkcs1Encoding.Init(false, Rsa_Public_Key); + pkcs1Encoding.GetInputBlockSize(); fs.Seek(-0x100, SeekOrigin.End); @@ -84,21 +117,23 @@ namespace CpUpES2_Decrypt Array.ConstrainedCopy(HeaderDecrypted, 0x10, Key, 0x0, 0x10); Array.ConstrainedCopy(HeaderDecrypted, 0x20, Sha1Hash, 0x0, 0x14); - Console.WriteLine("CpUp Key: " + BitConverter.ToString(Key)); - Console.WriteLine("CpUp Iv: " + BitConverter.ToString(Iv)); - Console.WriteLine("CpUp Sha1: " + BitConverter.ToString(Sha1Hash)); + Console.WriteLine(FileType + " Key: " + BitConverter.ToString(Key)); + Console.WriteLine(FileType + " Iv: " + BitConverter.ToString(Iv)); + Console.WriteLine(FileType + " Sha1: " + BitConverter.ToString(Sha1Hash)); - Console.WriteLine("\n\nAES Decrytping CpUp File..."); + Console.WriteLine("\n\nAES Decrypting "+FileType+" File..."); // Decrypt Update - fs.Seek(StartAddress, SeekOrigin.Begin); - Byte[] UpdateData = new Byte[(FullSize - StartAddress) - 0x100]; + + fs.Seek(UsedStartAddress, SeekOrigin.Begin); + Byte[] UpdateData = new Byte[(UsedSize - UsedStartAddress) - 0x100]; fs.Read(UpdateData, 0x00, UpdateData.Length); - Byte[] UpdateDecrypted = Aes_128_Decrypt(UpdateData, Key, Iv); + if(IsEncrypted) + UpdateData = Aes_128_Decrypt(UpdateData, Key, Iv); fs.Close(); - String FileName = Path.ChangeExtension(args[0], "tar.gz"); + fs = File.OpenWrite(FileName); - fs.Write(UpdateDecrypted, 0x00, (Int32)ExtractedSize); + fs.Write(UpdateData, 0x00, (Int32)UsedExtractedSize); fs.Close(); Console.WriteLine("Decrypted file saved to: " + FileName); @@ -111,7 +146,7 @@ namespace CpUpES2_Decrypt } else { - Console.WriteLine("Invalid CPUP! (Magic = 0x" + Magic.ToString("X")+")"); + Console.WriteLine("Unknown Filetype! (Magic = 0x" + Magic.ToString("X")+")"); return 1; } } diff --git a/README.md b/README.md index d3b6574..c86b30c 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,7 @@ # CpUpES2-Decrypt -A tool to decrypt "UpdaterES2.CpUp" from PSVita DevKit Update Files - -Made possible by Zecoaxco and VVildCard777 for dumping the CP EMMC. -And Mathieulh for helping me with stuffs, and answering all my stupid questions. - -Output is a tar.gz file, where fsimage1.trf is encrypted, and fsimage0.trf is signed (but unencrypted) AXFS file-system image. - -fsimage decryption : +A tool to decrypt "UpdaterES2.CpUp" from PSVita DevKit Update Files as well as the "fsimage1.trf" Encrypted AXFS Filesystem image inside it. + +Made possible by Zecoaxco and VVildCard777 for dumping the CP EMMC. +And Mathieulh for helping me with stuffs, and answering all my stupid questions. + +Output is a tar.gz file, where fsimage1.trf is encrypted, and fsimage0.trf is signed (but unencrypted) AXFS file-system image.