-
Notifications
You must be signed in to change notification settings - Fork 6
/
trp_resigner.c
133 lines (105 loc) · 3.09 KB
/
trp_resigner.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
/*
* Copyright (C) harlequin
*
* This software is distributed under the terms of the GNU General Public
* License ("GPL") version 3, as published by the Free Software Foundation.
*
*/
#include <sys/types.h>
#include <stdio.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/stat.h>
#include <string.h>
#include <stdarg.h>
#include <stdlib.h>
#include <zlib.h>
#include <dirent.h>
#include <assert.h>
#include <stdint.h>
#ifdef WIN32
#include "mingw_mmap.h"
#include <windows.h>
#else
#include <sys/mman.h>
#endif
#include "types.h"
#include "tools.h"
u8 np[0x10];
u8 np2[0x10];
u8 iv[0x10] = {0};
u8 new_civ[0x10] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
u8 *ptr;
u8 key[0x10]= {0};
u8 key2[0x10]= {0};
u8 org_key[0x10];
u8 new_key[0x10];
typedef struct {
u8 entry_name[32];
u64 entry_pos;
u64 entry_len;
u32 flag; //3 on some, 0 on others, could be flags or an enum to determine if encrypted or not?
u8 padding[12];
} trp_entry;
int main(int argc, char *argv[]) {
u32 num;
u64 pos;
u64 sz;
u32 i;
if (argc != 4)
fail("usage: trp_resigner trophy.trp np_comm_id debug_trophy.trp");
ptr = mmap_file(argv[1]);
sz = be64(ptr + 0x08);
num = be32(ptr + 0x10);
if (key_get_simple("trp-key-retail", key, 0x10) < 0)
fail("failed to load the ps4 trp retail key.");
if (key_get_simple("trp-key-debug", key2, 0x10) < 0)
fail("failed to load the ps4 trp debug key.");
//org key
memset(np, 0x00, 0x10);
memcpy(np, argv[2], 12);
aes128cbc_enc(key, iv, np, 0x10, org_key);
//new key
memset(np2, 0x00, 0x10);
memcpy(np2, "AAAA00000_00", 12);
aes128cbc_enc(key2, iv, np2, 0x10, new_key);
for(i = 0; i < num; i++) {
pos = 0x60 + (i * 0x40);
trp_entry *e;
e = malloc(0x40);
e->entry_pos = be64( ptr + pos + 0x20 );
e->entry_len = be64( ptr + pos + 0x20 + 0x08 );
e->flag = be32( ptr + pos + 0x20 + 0x08 + 0x08);
if ( e->flag == 0x03 ) {
u8 civ[0x10] = {0};
memcpy(civ, ptr + e->entry_pos, 0x10);
//decrypt
aes128cbc(org_key, civ, ptr + e->entry_pos + 0x10, e->entry_len - 0x10, ptr + e->entry_pos + 0x10);
//size of signature is 0x140, set it to x's
memset(ptr + e->entry_pos + 0x2D, 'x', 0x140);
//magic is AAAA00000_00, set it
memset(ptr + e->entry_pos + 0x1B5, 'A', 0x4);
memset(ptr + e->entry_pos + 0x1B9, '0', 0x5);
//print to screen to check validity, uncomment this if necessary
//printf("%s\n", ptr + e->entry_pos + 0x10);
//encrypt with new key np
aes128cbc_enc(new_key, new_civ, ptr + e->entry_pos + 0x10, e->entry_len - 0x10, ptr + e->entry_pos + 0x10);
//copy new_civ to old civ
memcpy(ptr + e->entry_pos, new_civ , 0x10);
//set new flag
e->flag = 0x02;
wbe32( ptr + pos + 0x20 + 0x08 + 0x08, e->flag);
}
}
//set header flag to development (not needed)
//wbe32(ptr + 0x18, 0x00000001);
//calculate sha1 - set to zero, calc, store
memset(ptr + 0x1C, 0, 0x14);
//set flag to 0 (debug)
memset(ptr + 0x31, '0', 1);
sha1(ptr, sz, ptr + 0x1C);
memcpy_to_file(argv[3], ptr , sz );
return 0;
}