diff options
-rw-r--r-- | src/core/hle/service/nfp/amiibo_crypto.cpp | 10 | ||||
-rw-r--r-- | src/core/hle/service/nfp/nfp_device.cpp | 99 | ||||
-rw-r--r-- | src/core/hle/service/nfp/nfp_device.h | 8 | ||||
-rw-r--r-- | src/core/hle/service/nfp/nfp_types.h | 24 | ||||
-rw-r--r-- | src/core/hle/service/nfp/nfp_user.cpp | 2 |
5 files changed, 124 insertions, 19 deletions
diff --git a/src/core/hle/service/nfp/amiibo_crypto.cpp b/src/core/hle/service/nfp/amiibo_crypto.cpp index 9e06970a4..ce0bc3f75 100644 --- a/src/core/hle/service/nfp/amiibo_crypto.cpp +++ b/src/core/hle/service/nfp/amiibo_crypto.cpp @@ -58,8 +58,9 @@ bool IsAmiiboValid(const EncryptedNTAG215File& ntag_file) { if (amiibo_data.model_info.constant_value != 0x02) { return false; } - // dynamic_lock value apparently is not constant - // ntag_file.dynamic_lock == 0x0F0001 + if ((ntag_file.dynamic_lock & 0xFFFFFF) != 0x0F0001U) { + return false; + } if (ntag_file.CFG0 != 0x04000000U) { return false; } @@ -85,7 +86,7 @@ NTAG215File NfcDataToEncodedData(const EncryptedNTAG215File& nfc_data) { encoded_data.applicaton_write_counter = nfc_data.user_memory.applicaton_write_counter; encoded_data.application_area_id = nfc_data.user_memory.application_area_id; encoded_data.unknown = nfc_data.user_memory.unknown; - encoded_data.hash = nfc_data.user_memory.hash; + encoded_data.unknown2 = nfc_data.user_memory.unknown2; encoded_data.application_area = nfc_data.user_memory.application_area; encoded_data.hmac_tag = nfc_data.user_memory.hmac_tag; encoded_data.lock_bytes = nfc_data.uuid.lock_bytes; @@ -116,7 +117,7 @@ EncryptedNTAG215File EncodedDataToNfcData(const NTAG215File& encoded_data) { nfc_data.user_memory.applicaton_write_counter = encoded_data.applicaton_write_counter; nfc_data.user_memory.application_area_id = encoded_data.application_area_id; nfc_data.user_memory.unknown = encoded_data.unknown; - nfc_data.user_memory.hash = encoded_data.hash; + nfc_data.user_memory.unknown2 = encoded_data.unknown2; nfc_data.user_memory.application_area = encoded_data.application_area; nfc_data.user_memory.hmac_tag = encoded_data.hmac_tag; nfc_data.user_memory.model_info = encoded_data.model_info; @@ -181,7 +182,6 @@ std::vector<u8> GenerateInternalKey(const InternalKey& key, const HashSeed& seed void CryptoInit(CryptoCtx& ctx, mbedtls_md_context_t& hmac_ctx, const HmacKey& hmac_key, const std::vector<u8>& seed) { - // Initialize context ctx.used = false; ctx.counter = 0; diff --git a/src/core/hle/service/nfp/nfp_device.cpp b/src/core/hle/service/nfp/nfp_device.cpp index f0eaa7df2..0d4ffd3a5 100644 --- a/src/core/hle/service/nfp/nfp_device.cpp +++ b/src/core/hle/service/nfp/nfp_device.cpp @@ -85,7 +85,7 @@ void NfpDevice::NpadUpdate(Core::HID::ControllerTriggerType type) { } } -bool NfpDevice::LoadAmiibo(const std::vector<u8>& data) { +bool NfpDevice::LoadAmiibo(std::span<const u8> data) { if (device_state != DeviceState::SearchingForTag) { LOG_ERROR(Service_NFP, "Game is not looking for amiibos, current state {}", device_state); return false; @@ -176,6 +176,19 @@ Result NfpDevice::StopDetection() { } Result NfpDevice::Flush() { + if (device_state != DeviceState::TagMounted) { + LOG_ERROR(Service_NFP, "Wrong device state {}", device_state); + if (device_state == DeviceState::TagRemoved) { + return TagRemoved; + } + return WrongDeviceState; + } + + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + auto& settings = tag_data.settings; const auto& current_date = GetAmiiboDate(current_posix_time); @@ -206,7 +219,7 @@ Result NfpDevice::Flush() { return ResultSuccess; } -Result NfpDevice::Mount() { +Result NfpDevice::Mount(MountTarget mount_target_) { if (device_state != DeviceState::TagFound) { LOG_ERROR(Service_NFP, "Wrong device state {}", device_state); return WrongDeviceState; @@ -218,6 +231,7 @@ Result NfpDevice::Mount() { } device_state = DeviceState::TagMounted; + mount_target = mount_target_; return ResultSuccess; } @@ -233,6 +247,9 @@ Result NfpDevice::Unmount() { } device_state = DeviceState::TagFound; + mount_target = MountTarget::None; + is_app_area_open = false; + return ResultSuccess; } @@ -245,8 +262,8 @@ Result NfpDevice::GetTagInfo(TagInfo& tag_info) const { tag_info = { .uuid = encrypted_tag_data.uuid.uid, .uuid_length = static_cast<u8>(encrypted_tag_data.uuid.uid.size()), - .protocol = 1, - .tag_type = 2, + .protocol = TagProtocol::TypeA, + .tag_type = TagType::Type2, }; return ResultSuccess; @@ -255,6 +272,14 @@ Result NfpDevice::GetTagInfo(TagInfo& tag_info) const { Result NfpDevice::GetCommonInfo(CommonInfo& common_info) const { if (device_state != DeviceState::TagMounted) { LOG_ERROR(Service_NFP, "Wrong device state {}", device_state); + if (device_state == DeviceState::TagRemoved) { + return TagRemoved; + } + return WrongDeviceState; + } + + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); return WrongDeviceState; } @@ -301,6 +326,11 @@ Result NfpDevice::GetRegisterInfo(RegisterInfo& register_info) const { return WrongDeviceState; } + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + if (tag_data.settings.settings.amiibo_initialized == 0) { return RegistrationIsNotInitialized; } @@ -333,6 +363,11 @@ Result NfpDevice::SetNicknameAndOwner(const AmiiboName& amiibo_name) { return WrongDeviceState; } + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + Service::Mii::MiiManager manager; auto& settings = tag_data.settings; @@ -350,6 +385,19 @@ Result NfpDevice::SetNicknameAndOwner(const AmiiboName& amiibo_name) { } Result NfpDevice::RestoreAmiibo() { + if (device_state != DeviceState::TagMounted) { + LOG_ERROR(Service_NFP, "Wrong device state {}", device_state); + if (device_state == DeviceState::TagRemoved) { + return TagRemoved; + } + return WrongDeviceState; + } + + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + // TODO: Load amiibo from backup on system LOG_ERROR(Service_NFP, "Not Implemented"); return ResultSuccess; @@ -385,6 +433,11 @@ Result NfpDevice::OpenApplicationArea(u32 access_id) { return WrongDeviceState; } + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + if (tag_data.settings.settings.appdata_initialized.Value() == 0) { LOG_WARNING(Service_NFP, "Application area is not initialized"); return ApplicationAreaIsNotInitialized; @@ -395,6 +448,8 @@ Result NfpDevice::OpenApplicationArea(u32 access_id) { return WrongApplicationAreaId; } + is_app_area_open = true; + return ResultSuccess; } @@ -407,6 +462,16 @@ Result NfpDevice::GetApplicationArea(std::vector<u8>& data) const { return WrongDeviceState; } + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + + if (!is_app_area_open) { + LOG_ERROR(Service_NFP, "Application area is not open"); + return WrongDeviceState; + } + if (tag_data.settings.settings.appdata_initialized.Value() == 0) { LOG_ERROR(Service_NFP, "Application area is not initialized"); return ApplicationAreaIsNotInitialized; @@ -422,7 +487,7 @@ Result NfpDevice::GetApplicationArea(std::vector<u8>& data) const { return ResultSuccess; } -Result NfpDevice::SetApplicationArea(const std::vector<u8>& data) { +Result NfpDevice::SetApplicationArea(std::span<const u8> data) { if (device_state != DeviceState::TagMounted) { LOG_ERROR(Service_NFP, "Wrong device state {}", device_state); if (device_state == DeviceState::TagRemoved) { @@ -431,6 +496,16 @@ Result NfpDevice::SetApplicationArea(const std::vector<u8>& data) { return WrongDeviceState; } + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + + if (!is_app_area_open) { + LOG_ERROR(Service_NFP, "Application area is not open"); + return WrongDeviceState; + } + if (tag_data.settings.settings.appdata_initialized.Value() == 0) { LOG_ERROR(Service_NFP, "Application area is not initialized"); return ApplicationAreaIsNotInitialized; @@ -442,8 +517,10 @@ Result NfpDevice::SetApplicationArea(const std::vector<u8>& data) { } Common::TinyMT rng{}; - rng.GenerateRandomBytes(tag_data.application_area.data(), sizeof(ApplicationArea)); std::memcpy(tag_data.application_area.data(), data.data(), data.size()); + // HW seems to fill excess data with garbage + rng.GenerateRandomBytes(tag_data.application_area.data() + data.size(), + sizeof(ApplicationArea) - data.size()); tag_data.applicaton_write_counter++; is_data_moddified = true; @@ -477,6 +554,11 @@ Result NfpDevice::RecreateApplicationArea(u32 access_id, std::span<const u8> dat return WrongDeviceState; } + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + if (data.size() > sizeof(ApplicationArea)) { LOG_ERROR(Service_NFP, "Wrong data size {}", data.size()); return ResultUnknown; @@ -508,6 +590,11 @@ Result NfpDevice::DeleteApplicationArea() { return WrongDeviceState; } + if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) { + LOG_ERROR(Service_NFP, "Amiibo is read only", device_state); + return WrongDeviceState; + } + Common::TinyMT rng{}; rng.GenerateRandomBytes(tag_data.application_area.data(), sizeof(ApplicationArea)); rng.GenerateRandomBytes(&tag_data.title_id, sizeof(u64)); diff --git a/src/core/hle/service/nfp/nfp_device.h b/src/core/hle/service/nfp/nfp_device.h index c020506a6..a5b72cf19 100644 --- a/src/core/hle/service/nfp/nfp_device.h +++ b/src/core/hle/service/nfp/nfp_device.h @@ -40,7 +40,7 @@ public: Result StartDetection(s32 protocol_); Result StopDetection(); - Result Mount(); + Result Mount(MountTarget mount_target); Result Unmount(); Result Flush(); @@ -55,7 +55,7 @@ public: Result OpenApplicationArea(u32 access_id); Result GetApplicationArea(std::vector<u8>& data) const; - Result SetApplicationArea(const std::vector<u8>& data); + Result SetApplicationArea(std::span<const u8> data); Result CreateApplicationArea(u32 access_id, std::span<const u8> data); Result RecreateApplicationArea(u32 access_id, std::span<const u8> data); Result DeleteApplicationArea(); @@ -70,7 +70,7 @@ public: private: void NpadUpdate(Core::HID::ControllerTriggerType type); - bool LoadAmiibo(const std::vector<u8>& data); + bool LoadAmiibo(std::span<const u8> data); void CloseAmiibo(); AmiiboName GetAmiiboName(const AmiiboSettings& settings) const; @@ -88,8 +88,10 @@ private: Kernel::KEvent* availability_change_event = nullptr; bool is_data_moddified{}; + bool is_app_area_open{}; s32 protocol{}; s64 current_posix_time{}; + MountTarget mount_target{MountTarget::None}; DeviceState device_state{DeviceState::Unavailable}; NTAG215File tag_data{}; diff --git a/src/core/hle/service/nfp/nfp_types.h b/src/core/hle/service/nfp/nfp_types.h index 448791846..dd4525b61 100644 --- a/src/core/hle/service/nfp/nfp_types.h +++ b/src/core/hle/service/nfp/nfp_types.h @@ -75,6 +75,22 @@ enum class AmiiboSeries : u8 { Diablo, }; +enum class TagType : u32 { + None, + Type1, // ISO14443A RW 96-2k bytes 106kbit/s + Type2, // ISO14443A RW/RO 540 bytes 106kbit/s + Type3, // Sony Felica RW/RO 2k bytes 212kbit/s + Type4, // ISO14443A RW/RO 4k-32k bytes 424kbit/s + Type5, // ISO15693 RW/RO 540 bytes 106kbit/s +}; + +enum class TagProtocol : u32 { + None, + TypeA, // ISO14443A + TypeB, // ISO14443B + TypeF, // Sony Felica +}; + using UniqueSerialNumber = std::array<u8, 7>; using LockBytes = std::array<u8, 2>; using HashData = std::array<u8, 0x20>; @@ -174,7 +190,7 @@ struct EncryptedAmiiboFile { u16_be applicaton_write_counter; // Encrypted Counter u32_be application_area_id; // Encrypted Game id std::array<u8, 0x2> unknown; - HashData hash; // Probably a SHA256-HMAC hash? + std::array<u32, 0x8> unknown2; ApplicationArea application_area; // Encrypted Game data }; static_assert(sizeof(EncryptedAmiiboFile) == 0x1F8, "AmiiboFile is an invalid size"); @@ -193,7 +209,7 @@ struct NTAG215File { u16_be applicaton_write_counter; // Encrypted Counter u32_be application_area_id; std::array<u8, 0x2> unknown; - HashData hash; // Probably a SHA256-HMAC hash? + std::array<u32, 0x8> unknown2; ApplicationArea application_area; // Encrypted Game data HashData hmac_tag; // Hash UniqueSerialNumber uid; // Unique serial number @@ -228,8 +244,8 @@ struct TagInfo { INSERT_PADDING_BYTES(0x3); u8 uuid_length; INSERT_PADDING_BYTES(0x15); - s32 protocol; - u32 tag_type; + TagProtocol protocol; + TagType tag_type; INSERT_PADDING_BYTES(0x30); }; static_assert(sizeof(TagInfo) == 0x58, "TagInfo is an invalid size"); diff --git a/src/core/hle/service/nfp/nfp_user.cpp b/src/core/hle/service/nfp/nfp_user.cpp index f8f1975db..c61df9401 100644 --- a/src/core/hle/service/nfp/nfp_user.cpp +++ b/src/core/hle/service/nfp/nfp_user.cpp @@ -189,7 +189,7 @@ void IUser::Mount(Kernel::HLERequestContext& ctx) { return; } - const auto result = device.value()->Mount(); + const auto result = device.value()->Mount(mount_target); IPC::ResponseBuilder rb{ctx, 2}; rb.Push(result); } |