From 2190722ac1f0732cf35e7b63572afa698a47789d Mon Sep 17 00:00:00 2001 From: Kelly Rauchenberger Date: Thu, 13 Jul 2017 20:38:04 -0400 Subject: Organized code more Now the link-specific stuff is abstracted into its own file, and the code for negotiating the "different" multiboot protocol is in its own file. Also, removed support for compiling for GC because eventually we will be using Wii-only features. Also put the main extractor code into a thread so that we can monitor for the user pressing the start button to exit. --- Makefile.gc | 131 ------------ build.bat | 2 - build.sh | 2 - source/link.c | 157 +++++++++++++- source/link.h | 14 +- source/main.c | 596 ++++++++++++----------------------------------------- source/multiboot.c | 246 ++++++++++++++++++++++ source/multiboot.h | 8 + 8 files changed, 550 insertions(+), 606 deletions(-) delete mode 100644 Makefile.gc create mode 100644 source/multiboot.c create mode 100644 source/multiboot.h diff --git a/Makefile.gc b/Makefile.gc deleted file mode 100644 index eaaf3b9..0000000 --- a/Makefile.gc +++ /dev/null @@ -1,131 +0,0 @@ -#--------------------------------------------------------------------------------- -# Clear the implicit built in rules -#--------------------------------------------------------------------------------- -.SUFFIXES: -#--------------------------------------------------------------------------------- -ifeq ($(strip $(DEVKITPPC)),) -$(error "Please set DEVKITPPC in your environment. export DEVKITPPC=devkitPPC") -endif - -include $(DEVKITPPC)/gamecube_rules - -#--------------------------------------------------------------------------------- -# TARGET is the name of the output -# BUILD is the directory where object files & intermediate files will be placed -# SOURCES is a list of directories containing source code -# INCLUDES is a list of directories containing extra header files -#--------------------------------------------------------------------------------- -TARGET := gen3uploader_gc -BUILD := build -SOURCES := source -DATA := data -INCLUDES := source - -#--------------------------------------------------------------------------------- -# options for code generation -#--------------------------------------------------------------------------------- - -CFLAGS = -g -O3 -Wall $(MACHDEP) $(INCLUDE) -CXXFLAGS = $(CFLAGS) - -LDFLAGS = -g $(MACHDEP) -Wl,-Map,$(notdir $@).map - -#--------------------------------------------------------------------------------- -# any extra libraries we wish to link with the project -#--------------------------------------------------------------------------------- -LIBS := -logc - - -#--------------------------------------------------------------------------------- -# list of directories containing libraries, this must be the top level containing -# include and lib -#--------------------------------------------------------------------------------- -LIBDIRS := $(DEVKITPPC)/lib $(CURDIR) - -#--------------------------------------------------------------------------------- -# no real need to edit anything past this point unless you need to add additional -# rules for different file extensions -#--------------------------------------------------------------------------------- -ifneq ($(BUILD),$(notdir $(CURDIR))) -#--------------------------------------------------------------------------------- - -export OUTPUT := $(CURDIR)/$(TARGET) - -export VPATH := $(foreach dir,$(SOURCES),$(CURDIR)/$(dir)) \ - $(foreach dir,$(DATA),$(CURDIR)/$(dir)) - -export DEPSDIR := $(CURDIR)/$(BUILD) - -#--------------------------------------------------------------------------------- -# automatically build a list of object files for our project -#--------------------------------------------------------------------------------- -CFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.c))) -CPPFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.cpp))) -sFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.s))) -SFILES := $(foreach dir,$(SOURCES),$(notdir $(wildcard $(dir)/*.S))) -BINFILES := $(foreach dir,$(DATA),$(notdir $(wildcard $(dir)/*.*))) - -#--------------------------------------------------------------------------------- -# use CXX for linking C++ projects, CC for standard C -#--------------------------------------------------------------------------------- -ifeq ($(strip $(CPPFILES)),) - export LD := $(CC) -else - export LD := $(CXX) -endif - -export OFILES := $(addsuffix .o,$(BINFILES)) \ - $(CPPFILES:.cpp=.o) $(CFILES:.c=.o) \ - $(sFILES:.s=.o) $(SFILES:.S=.o) - -#--------------------------------------------------------------------------------- -# build a list of include paths -#--------------------------------------------------------------------------------- -export INCLUDE := $(foreach dir,$(INCLUDES),-I$(CURDIR)/$(dir)) \ - $(foreach dir,$(LIBDIRS),-I$(dir)/include) \ - -I$(CURDIR)/$(BUILD) \ - -I$(LIBOGC_INC) - -#--------------------------------------------------------------------------------- -# build a list of library paths -#--------------------------------------------------------------------------------- -export LIBPATHS := $(foreach dir,$(LIBDIRS),-L$(dir)/lib) \ - -L$(LIBOGC_LIB) - -export OUTPUT := $(CURDIR)/$(TARGET) -.PHONY: $(BUILD) clean - -#--------------------------------------------------------------------------------- -$(BUILD): - @[ -d $@ ] || mkdir -p $@ - @make --no-print-directory -C $(BUILD) -f $(CURDIR)/Makefile.gc - -#--------------------------------------------------------------------------------- -clean: - @echo clean ... - @rm -fr $(BUILD) $(OUTPUT).elf $(OUTPUT).dol - -#--------------------------------------------------------------------------------- -else - -DEPENDS := $(OFILES:.o=.d) - -#--------------------------------------------------------------------------------- -# main targets -#--------------------------------------------------------------------------------- -$(OUTPUT).dol: $(OUTPUT).elf -$(OUTPUT).elf: $(OFILES) - -#--------------------------------------------------------------------------------- -# This rule links in binary data with the .jpg extension -#--------------------------------------------------------------------------------- -%.gba.o : %.gba -#--------------------------------------------------------------------------------- - @echo $(notdir $<) - $(bin2o) - --include $(DEPENDS) - -#--------------------------------------------------------------------------------- -endif -#--------------------------------------------------------------------------------- diff --git a/build.bat b/build.bat index 17c2889..e2ad539 100644 --- a/build.bat +++ b/build.bat @@ -5,8 +5,6 @@ make cd .. @md data mv -f gba/gba_pkjb.gba data/gba_mb.gba -make -f Makefile.gc clean -make -f Makefile.gc make -f Makefile.wii clean make -f Makefile.wii pause diff --git a/build.sh b/build.sh index b521d27..cae6808 100755 --- a/build.sh +++ b/build.sh @@ -5,7 +5,5 @@ make cd .. mkdir data mv -f gba/gba_pkjb.gba data/gba_mb.gba -make -f Makefile.gc clean -make -f Makefile.gc make -f Makefile.wii clean make -f Makefile.wii diff --git a/source/link.c b/source/link.c index 4178293..1091576 100644 --- a/source/link.c +++ b/source/link.c @@ -5,18 +5,159 @@ * of the MIT license. See the LICENSE file for details. */ #include "link.h" +#include +#include +#include +#include -u32 waitForButtons(u32 mask) +//from my tests 50us seems to be the lowest +//safe si transfer delay in between calls +#define SI_TRANS_DELAY 50 + +static u8* resbuf; +static u8* cmdbuf; + +void initLink() +{ + cmdbuf = memalign(32,32); + resbuf = memalign(32,32); +} + +static volatile u32 transval = 0; +void transcb(s32 chan, u32 ret) +{ + transval = 1; +} + +static volatile u32 resval = 0; +void acb(s32 res, u32 val) +{ + resval = val; +} + +void doreset() +{ + cmdbuf[0] = 0xFF; //reset + transval = 0; + SI_Transfer(1, cmdbuf, 1, resbuf, 3, transcb, SI_TRANS_DELAY); + + while (transval == 0); +} + +void getstatus() { - for (;;) + cmdbuf[0] = 0; //status + transval = 0; + SI_Transfer(1, cmdbuf, 1, resbuf, 3, transcb, SI_TRANS_DELAY); + + while (transval == 0); +} + +u32 recv() +{ + memset(resbuf,0,32); + cmdbuf[0]=0x14; //read + transval = 0; + SI_Transfer(1, cmdbuf, 1, resbuf, 5, transcb, SI_TRANS_DELAY); + + while (transval == 0); + printf("%08lx\n", *(vu32*)resbuf); + return *(vu32*)resbuf; +} + +void send(u32 msg) +{ + cmdbuf[0] = 0x15; + cmdbuf[1] = (msg >> 0) & 0xFF; + cmdbuf[2] = (msg >> 8) & 0xFF; + cmdbuf[3] = (msg >> 16) & 0xFF; + cmdbuf[4] = (msg >> 24) & 0xFF; + + transval = 0; + resbuf[0] = 0; + SI_Transfer(1, cmdbuf, 5, resbuf, 1, transcb, SI_TRANS_DELAY); + + while (transval == 0); +} + +u32 getMsg() +{ + u32 val = 0; + while (val == 0) { - PAD_ScanPads(); - VIDEO_WaitVSync(); + val = __builtin_bswap32(recv()); + sleep(1); + } - u32 btns = PAD_ButtonsDown(0); - if (btns & mask) + send(0); + while (recv()!=0) {sleep(1);} + send(0); + + return val; +} + +void getMsgArr(u32* arr, int len) +{ + for (int i=0; i 4)); +} + +void waitForGame() +{ + do + { + doreset(); + } while ((resbuf[0] != 0) || !(resbuf[2] & 0x10)); +} + +void waitForAck() +{ + while (recv() != 0) {sleep(1);}; + send(0); } diff --git a/source/link.h b/source/link.h index 24a60b5..15eff62 100644 --- a/source/link.h +++ b/source/link.h @@ -9,6 +9,18 @@ #include -u32 waitForButtons(u32 mask); +void initLink(); + +u32 recv(); +void send(u32 msg); + +u32 getMsg(); +void getMsgArr(u32* arr, int len); +void sendMsg(u32 msg); + +void waitForGBA(); +void waitForBIOS(); +void waitForGame(); +void waitForAck(); #endif diff --git a/source/main.c b/source/main.c index dd252b5..a3b7525 100644 --- a/source/main.c +++ b/source/main.c @@ -10,17 +10,9 @@ #include #include #include -#include -#include #include "link.h" #include "encoding.h" - -//from my tests 50us seems to be the lowest -//safe si transfer delay in between calls -#define SI_TRANS_DELAY 50 - -extern u8 gba_mb_gba[]; -extern u32 gba_mb_gba_size; +#include "multiboot.h" void printmain() { @@ -31,91 +23,27 @@ void printmain() printf("Based on GBA Link Cable Dumper v1.6 by FIX94\n"); } -u8 *resbuf,*cmdbuf; - -volatile u32 transval = 0; -void transcb(s32 chan, u32 ret) -{ - transval = 1; -} - -volatile u32 resval = 0; -void acb(s32 res, u32 val) -{ - resval = val; -} - -unsigned int docrc(u32 crc,u32 val) -{ - u32 result; - - result = val ^ crc; - for (int i = 0; i < 0x20; i++) - { - if (result & 1) - { - result >>= 1; - result ^= 0xA1C1; - } else { - result >>= 1; - } - } - - return result; -} - -void doreset() -{ - cmdbuf[0] = 0xFF; //reset - transval = 0; - SI_Transfer(1, cmdbuf, 1, resbuf, 3, transcb, SI_TRANS_DELAY); - - while (transval == 0); -} - -void getstatus() -{ - cmdbuf[0] = 0; //status - transval = 0; - SI_Transfer(1, cmdbuf, 1, resbuf, 3, transcb, SI_TRANS_DELAY); - - while (transval == 0); -} - void endproc() { - doreset(); printf("Start pressed, exit\n"); VIDEO_WaitVSync(); VIDEO_WaitVSync(); exit(0); } -u32 recv() -{ - memset(resbuf,0,32); - cmdbuf[0]=0x14; //read - transval = 0; - SI_Transfer(1, cmdbuf, 1, resbuf, 5, transcb, SI_TRANS_DELAY); - - while (transval == 0); - printf("%08lx\n", *(vu32*)resbuf); - return *(vu32*)resbuf; -} - -void send(u32 msg) +u32 waitForButtons(u32 mask) { - cmdbuf[0] = 0x15; - cmdbuf[1] = (msg >> 0) & 0xFF; - cmdbuf[2] = (msg >> 8) & 0xFF; - cmdbuf[3] = (msg >> 16) & 0xFF; - cmdbuf[4] = (msg >> 24) & 0xFF; - - transval = 0; - resbuf[0] = 0; - SI_Transfer(1, cmdbuf, 5, resbuf, 1, transcb, SI_TRANS_DELAY); + for (;;) + { + PAD_ScanPads(); + VIDEO_WaitVSync(); - while (transval == 0); + u32 btns = PAD_ButtonsDown(0); + if (btns & mask) + { + return btns; + } + } } void warnError(char *msg) @@ -135,132 +63,148 @@ void fatalError(char *msg) exit(0); } -u32 genKeyA() +void* extractor(void* userdata) { - u32 retries = 0; - for (;;) { - u32 key = 0; + printmain(); - if (retries > 32) - { - key = 0xDD654321; - } else { - key = (rand() & 0x00ffffff) | 0xDD000000; - } + printf("Press A when GBA is plugged in and turned off.\n"); + waitForButtons(PAD_BUTTON_A); + + printf("Turn on your GBA.\n"); + printf("Waiting for a GBA in port 2...\n"); + waitForGBA(); - u32 unk = (key % 2 != 0); - u32 v12 = key; - for (u32 v13 = 1; v13 < 32; v13++) + printf("GBA Found! Sending multiboot image...\n"); + if (!sendMultibootImage()) { - v12 >>= 1; - unk += (v12 % 2 != 0); + warnError("Failed sending multiboot image.\n"); + + continue; } - if ((unk >= 10 && unk <= 24)) + printf("Waiting for GBA...\n"); + waitForAck(); + + VIDEO_WaitVSync(); + + // Get game + // -1 - unsupported game + // 1 - Ruby + // 2 - Sapphire + // 3 - FireRed + // 4 - LeafGreen + // 5 - Emerald + u32 gameId = getMsg(); + if (gameId == -1) { - if (retries > 4) - { - printf("KeyA retries = %ld", retries); - } + warnError("ERROR: Unsupported GBA game inserted!\n"); - printf("KeyA = 0x%08lx\n", key); + continue; + } - return key; + printf("\nPokemon "); + switch (gameId) + { + case 1: printf("Ruby"); break; + case 2: printf("Sapphire"); break; + case 3: printf("FireRed"); break; + case 4: printf("LeafGreen"); break; + case 5: printf("Emerald"); break; } - retries++; - } -} + printf("\n"); + VIDEO_WaitVSync(); -u32 checkKeyB(u32 KeyBRaw) -{ - if ((KeyBRaw & 0xFF) != 0xEE) - { - printf("Invalid KeyB - lowest 8 bits should be 0xEE, actually 0x%02x\n", - ((u8)(KeyBRaw))); + u32 isValid = getMsg(); + if (isValid == -1) + { + warnError("ERROR: Unsupported game version inserted!\n"); - return 0; - } + continue; + } - u32 KeyB = KeyBRaw & 0xffffff00; - u32 val = KeyB; - u32 unk = (val < 0); - for (u32 i = 1; i < 24; i++) - { - val <<= 1; - unk += (val < 0); - } + // Get trainer name + u8 trainerName[8]; - if (unk > 14) - { - printf("Invalid KeyB - high 24 bits bad: 0x%08lx\n", KeyB); + u32 tnd = getMsg(); + trainerName[0] = (tnd & 0xFF000000) >> 24; + trainerName[1] = (tnd & 0x00FF0000) >> 16; + trainerName[2] = (tnd & 0x0000FF00) >> 8; + trainerName[3] = (tnd & 0x000000FF); - return 0; - } + tnd = getMsg(); + trainerName[4] = (tnd & 0xFF000000) >> 24; + trainerName[5] = (tnd & 0x00FF0000) >> 16; + trainerName[6] = (tnd & 0x0000FF00) >> 8; + trainerName[7] = (tnd & 0x000000FF); - printf("Valid KeyB: 0x%08lx\n", KeyB); + // Get trainer ID + u32 trainerId = getMsg(); - return KeyB; -} + printf("Trainer: "); -u32 deriveKeyC(u32 keyCderive, u32 kcrc) -{ - u32 keyc = 0; - u32 keyCi = 0; + for (int i = 0; i < 8; i++) + { + if (trainerName[i] == 0xFF) + { + break; + } else { + printf("%c", debugGen3Decode(trainerName[i])); + } + } - do - { - u32 v5 = 0x1000000 * keyCi - 1; - u32 keyCattempt = docrc(kcrc,v5); + printf(" (%ld)\n", trainerId); + + // Wait for confirmation. + printf("Press A to import the data from this game.\n"); + printf("Press B to cancel.\n"); + VIDEO_WaitVSync(); - if (keyCderive == keyCattempt) + if (waitForButtons(PAD_BUTTON_A | PAD_BUTTON_B) & PAD_BUTTON_B) { - keyc = v5; + printf("Cancelling...\n"); + VIDEO_WaitVSync(); - printf("Found keyC: %08lx\n",keyc); + sendMsg(0); - return keyc; + continue; } - keyCi++; - } while (keyCi < 256); + printf("Importing...\n"); + VIDEO_WaitVSync(); - return keyc; -} + sendMsg(1); -u32 getMsg() -{ - u32 val = 0; - while (val == 0) - { - val = __builtin_bswap32(recv()); - sleep(1); - } + // Get Pokédex data + u32 pokedexSeen[13]; + u32 pokedexCaught[13]; - send(0); - while (recv()!=0) {sleep(1);} - send(0); + getMsgArr(pokedexSeen, 13); + getMsgArr(pokedexCaught, 13); + int numCaught = 0; + int numSeen = 0; + for (int i=0; i<(13*32); i++) + { + if (pokedexCaught[i >> 5] >> (i & 31) & 1) + { + //printf("Caught #%d\n", i); + numCaught++; + numSeen++; + } else if (pokedexSeen[i >> 5] >> (i & 31) & 1) + { + //printf("Saw #%d\n", i); + numSeen++; + } + } - return val; -} + printf("Caught: %d\nSeen: %d\n", numCaught, numSeen); -void getMsgArr(u32* arr, int len) -{ - for (int i=0; i 4)); - - printf("BIOS handed over to game, waiting on game\n"); - - do - { - doreset(); - } while ((resbuf[0] != 0) || !(resbuf[2] & 0x10)); - - // receive the game-code from GBA side. - u32 gamecode = recv(); - - printf("Ready, sending multiboot ROM\n"); - - unsigned int sendsize = ((gba_mb_gba_size+7)&~7); - - // generate KeyA - unsigned int ourkey = genKeyA(); - - //printf("Our Key: %08x\n", ourkey); - printf("Sending game code that we got: 0x%08lx\n", - __builtin_bswap32(gamecode)); - - // send the game code back, then KeyA. - send(__builtin_bswap32(gamecode)); - send(ourkey); - - // get KeyB from GBA, check it to make sure its valid, then xor with KeyA - // to derive the initial CRC value and the sessionkey. - u32 sessionkeyraw = 0; - do - { - sessionkeyraw = recv(); - } while (sessionkeyraw == gamecode); - - sessionkeyraw = checkKeyB(__builtin_bswap32(sessionkeyraw)); - if (sessionkeyraw == 0) - { - warnError("Cannot continue.\n"); - - continue; - } - - u32 sessionkey = sessionkeyraw ^ ourkey; - u32 kcrc = sessionkey; - printf("start kCRC=%08lx\n",kcrc); - - sessionkey = (sessionkey*0x6177614b)+1; - - // send hacked up send-size in uint32s - u32 hackedupsize = (sendsize >> 3) - 1; - - printf("Sending hacked up size 0x%08lx\n",hackedupsize); - send(hackedupsize); - - //unsigned int fcrc = 0x00bb; - // send over multiboot binary header, in the clear until the end of the - // nintendo logo. GBA checks this, if nintendo logo does not match the - // one in currently inserted cart's ROM, it will not accept any more data. - for (int i = 0; i < 0xA0; i+=4) - { - vu32 rom_dword = *(vu32*)(gba_mb_gba+i); - send(__builtin_bswap32(rom_dword)); - } - - printf("\n"); - printf("Header done! Sending ROM...\n"); - - // Add each uint32 of the multiboot image to the checksum, encrypt the - // uint32 with the session key, increment the session key, send the - // encrypted uint32. - for (int i = 0xA0; i < sendsize; i+=4) - { - u32 dec = ( - (((gba_mb_gba[i+3]) << 24) & 0xff000000) | - (((gba_mb_gba[i+2]) << 16) & 0x00ff0000) | - (((gba_mb_gba[i+1]) << 8) & 0x0000ff00) | - (((gba_mb_gba[i]) << 0) & 0x000000ff) - ); - - u32 enc = (dec - kcrc) ^ sessionkey; - kcrc = docrc(kcrc,dec); - sessionkey = (sessionkey * 0x6177614B) + 1; - //enc^=((~(i+(0x20<<20)))+1); - //enc^=0x6f646573;//0x20796220; - - send(enc); - } - - //fcrc |= (sendsize<<16); - printf("ROM done! CRC: %08lx\n", kcrc); - //get crc back (unused) - - // Get KeyC derivation material from GBA (eventually) - u32 keyCderive = 0; - do - { - keyCderive = recv(); - } while (keyCderive <= 0xfeffffff); - - keyCderive = __builtin_bswap32(keyCderive); - keyCderive >>= 8; - - printf("KeyC derivation material: %08lx\n",keyCderive); - - // (try to) find the KeyC, using the checksum of the multiboot image, and - // the derivation material that GBA sent to us - u32 keyc = deriveKeyC(keyCderive,kcrc); - if (keyc == 0) - { - printf("Could not find keyC - kcrc=0x%08lx\n",kcrc); - warnError("Cannot continue.\n"); - - continue; - } - - // derive the boot key from the found KeyC, and send to GBA. if this is - // not correct, GBA will not jump to the multiboot image it was sent. - u32 bootkey = docrc(0xBB,keyc) | 0xbb000000; - printf("BootKey = 0x%08lx\n",bootkey); - - send(bootkey); - sleep(2); - - printf("Waiting for GBA...\n"); - while (recv() != 0) {sleep(1);}; - send(0); - - VIDEO_WaitVSync(); - - // Get game - // -1 - unsupported game - // 1 - Ruby - // 2 - Sapphire - // 3 - FireRed - // 4 - LeafGreen - // 5 - Emerald - u32 gameId = getMsg(); - if (gameId == -1) - { - warnError("ERROR: Unsupported GBA game inserted!\n"); - - continue; - } - - printf("\nPokemon "); - switch (gameId) - { - case 1: printf("Ruby"); break; - case 2: printf("Sapphire"); break; - case 3: printf("FireRed"); break; - case 4: printf("LeafGreen"); break; - case 5: printf("Emerald"); break; - } - - printf("\n"); - VIDEO_WaitVSync(); - - u32 isValid = getMsg(); - if (isValid == -1) - { - warnError("ERROR: Unsupported game version inserted!\n"); - - continue; - } - - // Get trainer name - u8 trainerName[8]; - - u32 tnd = getMsg(); - trainerName[0] = (tnd & 0xFF000000) >> 24; - trainerName[1] = (tnd & 0x00FF0000) >> 16; - trainerName[2] = (tnd & 0x0000FF00) >> 8; - trainerName[3] = (tnd & 0x000000FF); - - tnd = getMsg(); - trainerName[4] = (tnd & 0xFF000000) >> 24; - trainerName[5] = (tnd & 0x00FF0000) >> 16; - trainerName[6] = (tnd & 0x0000FF00) >> 8; - trainerName[7] = (tnd & 0x000000FF); - - // Get trainer ID - u32 trainerId = getMsg(); - - printf("Trainer: "); - - for (int i = 0; i < 8; i++) - { - if (trainerName[i] == 0xFF) - { - break; - } else { - printf("%c", debugGen3Decode(trainerName[i])); - } - } - - printf(" (%ld)\n", trainerId); - - // Wait for confirmation. - printf("Press A to import the data from this game.\n"); - printf("Press B to cancel.\n"); - VIDEO_WaitVSync(); - - if (waitForButtons(PAD_BUTTON_A | PAD_BUTTON_B) & PAD_BUTTON_B) - { - printf("Cancelling...\n"); - VIDEO_WaitVSync(); - - sendMsg(0); - - continue; - } - - printf("Importing...\n"); - VIDEO_WaitVSync(); - - sendMsg(1); - - // Get Pokédex data - u32 pokedexSeen[13]; - u32 pokedexCaught[13]; - - getMsgArr(pokedexSeen, 13); - getMsgArr(pokedexCaught, 13); - int numCaught = 0; - int numSeen = 0; - for (int i=0; i<(13*32); i++) - { - if (pokedexCaught[i >> 5] >> (i & 31) & 1) - { - //printf("Caught #%d\n", i); - numCaught++; - numSeen++; - } else if (pokedexSeen[i >> 5] >> (i & 31) & 1) - { - //printf("Saw #%d\n", i); - numSeen++; - } - } - - printf("Caught: %d\nSeen: %d\n", numCaught, numSeen); - - waitForButtons(PAD_BUTTON_START); + endproc(); } } diff --git a/source/multiboot.c b/source/multiboot.c new file mode 100644 index 0000000..06cbd6f --- /dev/null +++ b/source/multiboot.c @@ -0,0 +1,246 @@ +#include "multiboot.h" +#include +#include +#include +#include +#include "link.h" + +extern u8 gba_mb_gba[]; +extern u32 gba_mb_gba_size; + +unsigned int docrc(u32 crc,u32 val) +{ + u32 result; + + result = val ^ crc; + for (int i = 0; i < 0x20; i++) + { + if (result & 1) + { + result >>= 1; + result ^= 0xA1C1; + } else { + result >>= 1; + } + } + + return result; +} + +u32 genKeyA() +{ + u32 retries = 0; + + for (;;) + { + u32 key = 0; + + if (retries > 32) + { + key = 0xDD654321; + } else { + key = (rand() & 0x00ffffff) | 0xDD000000; + } + + u32 unk = (key % 2 != 0); + u32 v12 = key; + for (u32 v13 = 1; v13 < 32; v13++) + { + v12 >>= 1; + unk += (v12 % 2 != 0); + } + + if ((unk >= 10 && unk <= 24)) + { + if (retries > 4) + { + printf("KeyA retries = %ld", retries); + } + + printf("KeyA = 0x%08lx\n", key); + + return key; + } + + retries++; + } +} + +u32 checkKeyB(u32 KeyBRaw) +{ + if ((KeyBRaw & 0xFF) != 0xEE) + { + printf("Invalid KeyB - lowest 8 bits should be 0xEE, actually 0x%02x\n", + ((u8)(KeyBRaw))); + + return 0; + } + + u32 KeyB = KeyBRaw & 0xffffff00; + u32 val = KeyB; + u32 unk = (val < 0); + for (u32 i = 1; i < 24; i++) + { + val <<= 1; + unk += (val < 0); + } + + if (unk > 14) + { + printf("Invalid KeyB - high 24 bits bad: 0x%08lx\n", KeyB); + + return 0; + } + + printf("Valid KeyB: 0x%08lx\n", KeyB); + + return KeyB; +} + +u32 deriveKeyC(u32 keyCderive, u32 kcrc) +{ + u32 keyc = 0; + u32 keyCi = 0; + + do + { + u32 v5 = 0x1000000 * keyCi - 1; + u32 keyCattempt = docrc(kcrc,v5); + + if (keyCderive == keyCattempt) + { + keyc = v5; + + printf("Found keyC: %08lx\n",keyc); + + return keyc; + } + + keyCi++; + } while (keyCi < 256); + + return keyc; +} + +bool sendMultibootImage() +{ + printf("Waiting on BIOS\n"); + waitForBIOS(); + + printf("BIOS handed over to game, waiting on game\n"); + waitForGame(); + + // receive the game-code from GBA side. + u32 gamecode = recv(); + + printf("Ready, sending multiboot ROM\n"); + + unsigned int sendsize = ((gba_mb_gba_size+7)&~7); + + // generate KeyA + unsigned int ourkey = genKeyA(); + + //printf("Our Key: %08x\n", ourkey); + printf("Sending game code that we got: 0x%08lx\n", + __builtin_bswap32(gamecode)); + + // send the game code back, then KeyA. + send(__builtin_bswap32(gamecode)); + send(ourkey); + + // get KeyB from GBA, check it to make sure its valid, then xor with KeyA + // to derive the initial CRC value and the sessionkey. + u32 sessionkeyraw = 0; + do + { + sessionkeyraw = recv(); + } while (sessionkeyraw == gamecode); + + sessionkeyraw = checkKeyB(__builtin_bswap32(sessionkeyraw)); + if (sessionkeyraw == 0) + { + return false; + } + + u32 sessionkey = sessionkeyraw ^ ourkey; + u32 kcrc = sessionkey; + printf("start kCRC=%08lx\n",kcrc); + + sessionkey = (sessionkey*0x6177614b)+1; + + // send hacked up send-size in uint32s + u32 hackedupsize = (sendsize >> 3) - 1; + + printf("Sending hacked up size 0x%08lx\n",hackedupsize); + send(hackedupsize); + + //unsigned int fcrc = 0x00bb; + // send over multiboot binary header, in the clear until the end of the + // nintendo logo. GBA checks this, if nintendo logo does not match the + // one in currently inserted cart's ROM, it will not accept any more data. + for (int i = 0; i < 0xA0; i+=4) + { + vu32 rom_dword = *(vu32*)(gba_mb_gba+i); + send(__builtin_bswap32(rom_dword)); + } + + printf("\n"); + printf("Header done! Sending ROM...\n"); + + // Add each uint32 of the multiboot image to the checksum, encrypt the + // uint32 with the session key, increment the session key, send the + // encrypted uint32. + for (int i = 0xA0; i < sendsize; i+=4) + { + u32 dec = ( + (((gba_mb_gba[i+3]) << 24) & 0xff000000) | + (((gba_mb_gba[i+2]) << 16) & 0x00ff0000) | + (((gba_mb_gba[i+1]) << 8) & 0x0000ff00) | + (((gba_mb_gba[i]) << 0) & 0x000000ff) + ); + + u32 enc = (dec - kcrc) ^ sessionkey; + kcrc = docrc(kcrc,dec); + sessionkey = (sessionkey * 0x6177614B) + 1; + //enc^=((~(i+(0x20<<20)))+1); + //enc^=0x6f646573;//0x20796220; + + send(enc); + } + + //fcrc |= (sendsize<<16); + printf("ROM done! CRC: %08lx\n", kcrc); + //get crc back (unused) + + // Get KeyC derivation material from GBA (eventually) + u32 keyCderive = 0; + do + { + keyCderive = recv(); + } while (keyCderive <= 0xfeffffff); + + keyCderive = __builtin_bswap32(keyCderive); + keyCderive >>= 8; + + printf("KeyC derivation material: %08lx\n",keyCderive); + + // (try to) find the KeyC, using the checksum of the multiboot image, and + // the derivation material that GBA sent to us + u32 keyc = deriveKeyC(keyCderive,kcrc); + if (keyc == 0) + { + printf("Could not find keyC - kcrc=0x%08lx\n",kcrc); + + return false; + } + + // derive the boot key from the found KeyC, and send to GBA. if this is + // not correct, GBA will not jump to the multiboot image it was sent. + u32 bootkey = docrc(0xBB,keyc) | 0xbb000000; + printf("BootKey = 0x%08lx\n",bootkey); + + send(bootkey); + sleep(2); + + return true; +} diff --git a/source/multiboot.h b/source/multiboot.h new file mode 100644 index 0000000..a8f5d0d --- /dev/null +++ b/source/multiboot.h @@ -0,0 +1,8 @@ +#ifndef MULTIBOOT_H_5C3CB904 +#define MULTIBOOT_H_5C3CB904 + +#include + +bool sendMultibootImage(); + +#endif /* end of include guard: MULTIBOOT_H_5C3CB904 */ -- cgit 1.4.1