2,939
edits
Changes
Jump to navigation
Jump to search
Line 435:
Line 435: − + − *(u32 *)cx = 0x80; + − *(u32 *)cauth &= 0x7FFFF; + + − + Line 452:
Line 453: − + − *(u32 *)cx = 0x02; + + − + − + Line 462:
Line 464: − + Line 496:
Line 498: − + + + + + Line 506:
Line 512: − +
→Crypto setup
// fuc5 crypt cxset instruction
// fuc5 crypt cxset instruction
// Set crypto transfer mode
// Clear overrides?
cxset(0x80);
// fuc5 crypt cauth instruction
// fuc5 crypt cauth instruction
// Clear auth_addr
cauth(old_cauth & 0x7FFFF);
// Set the target port for memory transfers
// Set the target port for memory transfers
// Target will now be 0 (crypto)
// Target will now be 0 (crypto?)
xtargets(0);
xtargets(0);
// fuc5 crypt cxset instruction
// fuc5 crypt cxset instruction
// Set crypto transfer mode
// The next 2 xfer instructions will be overridden
// and target changes from DMA to crypto
cxset(0x02);
// Transfer data from/to Falcon
// Transfer data to crypto register c0
// This should clear all previous hashes
// This should clear any leftover data
xdst(0, 0);
xdst(0, 0);
xdwait();
xdwait();
// Clear crypto registers
// Clear all crypto registers, except c6 which is used for auth
*(u32 *)c0 ^= *(u32 *)c0;
*(u32 *)c0 ^= *(u32 *)c0;
*(u32 *)c1 = *(u32 *)c0;
*(u32 *)c1 = *(u32 *)c0;
load_stage2(key_buf, key_version, is_blob_dec);
load_stage2(key_buf, key_version, is_blob_dec);
// Clear crypto registers
// Partially unknown fuc5 instruction
// Likely forces propagation of permissions, hiding all cX registers
acl_chmod(c0, c0);
// Clear all crypto registers and propagate permissions
*(u32 *)c0 ^= *(u32 *)c0;
*(u32 *)c0 ^= *(u32 *)c0;
*(u32 *)c1 ^= *(u32 *)c1;
*(u32 *)c1 ^= *(u32 *)c1;
*(u32 *)c7 ^= *(u32 *)c7;
*(u32 *)c7 ^= *(u32 *)c7;
// Signal unknown engine
// Exit Authenticated Mode
*(u32 *)0x00010300 = 0;
*(u32 *)0x00010300 = 0;