diff --git a/source/core/data/cia.c b/source/core/data/cia.c index 8a1e311..0e4ede0 100644 --- a/source/core/data/cia.c +++ b/source/core/data/cia.c @@ -5,14 +5,25 @@ #include "tmd.h" #include "../error.h" -u64 cia_get_title_id(u8* cia) { +Result cia_get_title_id(u64* titleId, u8* cia, size_t size) { + if(cia == NULL) { + return R_APP_INVALID_ARGUMENT; + } + + if(size < 0x10) { + return R_APP_BAD_DATA; + } + u32 headerSize = ((*(u32*) &cia[0x00]) + 0x3F) & ~0x3F; u32 certSize = ((*(u32*) &cia[0x08]) + 0x3F) & ~0x3F; u32 ticketSize = ((*(u32*) &cia[0x0C]) + 0x3F) & ~0x3F; + u32 offset = headerSize + certSize + ticketSize; - u8* tmd = &cia[headerSize + certSize + ticketSize]; + if(offset >= size) { + return R_APP_BAD_DATA; + } - return tmd_get_title_id(tmd); + return tmd_get_title_id(titleId, &cia[offset], size - offset); } Result cia_file_get_smdh(SMDH* smdh, Handle handle) { diff --git a/source/core/data/cia.h b/source/core/data/cia.h index b1d08e4..f1831e4 100644 --- a/source/core/data/cia.h +++ b/source/core/data/cia.h @@ -2,5 +2,5 @@ typedef struct SMDH_s SMDH; -u64 cia_get_title_id(u8* cia); +Result cia_get_title_id(u64* titleId, u8* cia, size_t size); Result cia_file_get_smdh(SMDH* smdh, Handle handle); \ No newline at end of file diff --git a/source/core/data/ticket.c b/source/core/data/ticket.c index e538067..33a517e 100644 --- a/source/core/data/ticket.c +++ b/source/core/data/ticket.c @@ -1,9 +1,33 @@ #include <3ds.h> #include "ticket.h" +#include "../core.h" -static u32 sigSizes[6] = {0x240, 0x140, 0x80, 0x240, 0x140, 0x80}; +#define NUM_SIG_TYPES 6 +static u32 sigSizes[NUM_SIG_TYPES] = {0x240, 0x140, 0x80, 0x240, 0x140, 0x80}; -u64 ticket_get_title_id(u8* ticket) { - return __builtin_bswap64(*(u64*) &ticket[sigSizes[ticket[0x03]] + 0x9C]); +Result ticket_get_title_id(u64* titleId, u8* ticket, size_t size) { + if(ticket == NULL) { + return R_APP_INVALID_ARGUMENT; + } + + if(size < 4) { + return R_APP_BAD_DATA; + } + + u8 sigType = ticket[0x03]; + if(sigType >= NUM_SIG_TYPES) { + return R_APP_BAD_DATA; + } + + u32 offset = sigSizes[sigType] + 0x9C; + if(offset + sizeof(u64) > size) { + return R_APP_BAD_DATA; + } + + if(titleId != NULL) { + *titleId = __builtin_bswap64(*(u64*) &ticket[offset]); + } + + return 0; } \ No newline at end of file diff --git a/source/core/data/ticket.h b/source/core/data/ticket.h index 3bea836..898b2b4 100644 --- a/source/core/data/ticket.h +++ b/source/core/data/ticket.h @@ -1,3 +1,3 @@ #pragma once -u64 ticket_get_title_id(u8* ticket); \ No newline at end of file +Result ticket_get_title_id(u64* titleId, u8* ticket, size_t size); \ No newline at end of file diff --git a/source/core/data/tmd.c b/source/core/data/tmd.c index dd53ef5..2c25c2e 100644 --- a/source/core/data/tmd.c +++ b/source/core/data/tmd.c @@ -1,17 +1,89 @@ #include <3ds.h> #include "tmd.h" +#include "../core.h" -static u32 sigSizes[6] = {0x240, 0x140, 0x80, 0x240, 0x140, 0x80}; +#define NUM_SIG_TYPES 6 +static u32 sigSizes[NUM_SIG_TYPES] = {0x240, 0x140, 0x80, 0x240, 0x140, 0x80}; -u64 tmd_get_title_id(u8* tmd) { - return __builtin_bswap64(*(u64*) &tmd[sigSizes[tmd[0x03]] + 0x4C]); +static Result tmd_get(u8** out, u8* tmd, size_t tmdSize, u32 pos, size_t fieldSize) { + if(tmd == NULL) { + return R_APP_INVALID_ARGUMENT; + } + + if(tmdSize < 4) { + return R_APP_BAD_DATA; + } + + u8 sigType = tmd[0x03]; + if(sigType >= NUM_SIG_TYPES) { + return R_APP_BAD_DATA; + } + + u32 offset = sigSizes[sigType] + pos; + if(offset + fieldSize > tmdSize) { + return R_APP_BAD_DATA; + } + + if(out != NULL) { + *out = &tmd[offset]; + } + + return 0; } -u16 tmd_get_content_count(u8* tmd) { - return __builtin_bswap16(*(u16*) &tmd[sigSizes[tmd[0x03]] + 0x9E]); +Result tmd_get_title_id(u64* titleId, u8* tmd, size_t size) { + u8* data = NULL; + Result res = tmd_get(&data, tmd, size, 0x4C, sizeof(u64)); + if(R_FAILED(res)) { + return res; + } + + if(titleId != NULL) { + *titleId = __builtin_bswap64(*(u64*) data); + } + + return 0; } -u8* tmd_get_content_chunk(u8* tmd, u32 index) { - return &tmd[sigSizes[tmd[0x03]] + 0x9C4 + (index * 0x30)]; +Result tmd_get_content_count(u16* contentCount, u8* tmd, size_t size) { + u8* data = NULL; + Result res = tmd_get(&data, tmd, size, 0x9E, sizeof(u16)); + if(R_FAILED(res)) { + return res; + } + + if(contentCount != NULL) { + *contentCount = __builtin_bswap16(*(u16*) data); + } + + return 0; +} + +Result tmd_get_content_id(u32* id, u8* tmd, size_t size, u32 num) { + u8* data = NULL; + Result res = tmd_get(&data, tmd, size, 0x9C4 + (num * 0x30), sizeof(u32)); + if(R_FAILED(res)) { + return res; + } + + if(id != NULL) { + *id = __builtin_bswap32(*(u32*) data); + } + + return 0; +} + +Result tmd_get_content_index(u16* index, u8* tmd, size_t size, u32 num) { + u8* data = NULL; + Result res = tmd_get(&data, tmd, size, 0x9C4 + (num * 0x30) + 0x4, sizeof(u16)); + if(R_FAILED(res)) { + return res; + } + + if(index != NULL) { + *index = __builtin_bswap16(*(u16*) data); + } + + return 0; } \ No newline at end of file diff --git a/source/core/data/tmd.h b/source/core/data/tmd.h index 43c143f..020e753 100644 --- a/source/core/data/tmd.h +++ b/source/core/data/tmd.h @@ -1,5 +1,6 @@ #pragma once -u64 tmd_get_title_id(u8* tmd); -u16 tmd_get_content_count(u8* tmd); -u8* tmd_get_content_chunk(u8* tmd, u32 index); \ No newline at end of file +Result tmd_get_title_id(u64* titleId, u8* tmd, size_t size); +Result tmd_get_content_count(u16* contentCount, u8* tmd, size_t size); +Result tmd_get_content_id(u32* id, u8* tmd, size_t size, u32 num); +Result tmd_get_content_index(u16* index, u8* tmd, size_t size, u32 num); \ No newline at end of file diff --git a/source/fbi/action/installcdn.c b/source/fbi/action/installcdn.c index 5c640a1..bb3f0d6 100644 --- a/source/fbi/action/installcdn.c +++ b/source/fbi/action/installcdn.c @@ -18,7 +18,7 @@ typedef struct { bool finishedPrompt; char tmdVersion[16]; - u32 contentCount; + u16 contentCount; u16 contentIndices[CONTENTS_MAX]; u32 contentIds[CONTENTS_MAX]; @@ -71,21 +71,28 @@ static Result action_install_cdn_open_dst(void* data, u32 index, void* initialRe install_cdn_data* installData = (install_cdn_data*) data; if(index == 0) { - installData->contentCount = tmd_get_content_count((u8*) initialReadBlock); - if(installData->contentCount > CONTENTS_MAX) { - return R_APP_OUT_OF_RANGE; + Result res = 0; + + if(R_SUCCEEDED(res = tmd_get_content_count(&installData->contentCount, (u8*) initialReadBlock, installData->installInfo.bufferSize))) { + if(installData->contentCount <= CONTENTS_MAX) { + for(u32 i = 0; i < installData->contentCount; i++) { + if(R_FAILED(res = tmd_get_content_id(&installData->contentIds[i], (u8*) initialReadBlock, installData->installInfo.bufferSize, i)) + || R_FAILED(res = tmd_get_content_index(&installData->contentIndices[i], (u8*) initialReadBlock, installData->installInfo.bufferSize, i))) { + break; + } + } + + if(R_SUCCEEDED(res)) { + installData->installInfo.total += installData->contentCount; + + res = AM_InstallTmdBegin(handle); + } + } else { + res = R_APP_OUT_OF_RANGE; + } } - for(u32 i = 0; i < installData->contentCount; i++) { - u8* contentChunk = tmd_get_content_chunk((u8*) initialReadBlock, i); - - installData->contentIds[i] = __builtin_bswap32(*(u32*) &contentChunk[0x00]); - installData->contentIndices[i] = __builtin_bswap16(*(u16*) &contentChunk[0x04]); - } - - installData->installInfo.total += installData->contentCount; - - return AM_InstallTmdBegin(handle); + return res; } else { return AM_InstallContentBegin(handle, installData->contentIndices[index - 1]); } diff --git a/source/fbi/action/installurl.c b/source/fbi/action/installurl.c index b365407..91eb9ef 100644 --- a/source/fbi/action/installurl.c +++ b/source/fbi/action/installurl.c @@ -147,56 +147,58 @@ static Result action_install_url_open_dst(void* data, u32 index, void* initialRe if(*(u16*) initialReadBlock == 0x2020) { installData->contentType = CONTENT_CIA; - u64 titleId = cia_get_title_id((u8*) initialReadBlock); + u64 titleId = 0; + if(R_SUCCEEDED(res = cia_get_title_id(&titleId, (u8*) initialReadBlock, installData->installInfo.bufferSize))) { + FS_MediaType dest = fs_get_title_destination(titleId); - FS_MediaType dest = fs_get_title_destination(titleId); + bool n3ds = false; + if(R_SUCCEEDED(APT_CheckNew3DS(&n3ds)) && !n3ds && ((titleId >> 28) & 0xF) == 2) { + ui_view* view = prompt_display_yes_no("Confirmation", "Title is intended for New 3DS systems.\nContinue?", COLOR_TEXT, data, action_install_url_draw_top, action_install_url_n3ds_onresponse); + if(view != NULL) { + svcWaitSynchronization(view->active, U64_MAX); + } - bool n3ds = false; - if(R_SUCCEEDED(APT_CheckNew3DS(&n3ds)) && !n3ds && ((titleId >> 28) & 0xF) == 2) { - ui_view* view = prompt_display_yes_no("Confirmation", "Title is intended for New 3DS systems.\nContinue?", COLOR_TEXT, data, action_install_url_draw_top, action_install_url_n3ds_onresponse); - if(view != NULL) { - svcWaitSynchronization(view->active, U64_MAX); + if(!installData->n3dsContinue) { + return R_APP_SKIPPED; + } } - if(!installData->n3dsContinue) { - return R_APP_SKIPPED; + // Deleting FBI before it reinstalls itself causes issues. + u64 currTitleId = 0; + FS_MediaType currMediaType = MEDIATYPE_NAND; + + if(envIsHomebrew() || R_FAILED(APT_GetAppletInfo((NS_APPID) envGetAptAppId(), &currTitleId, (u8*) &currMediaType, NULL, NULL, NULL)) || titleId != currTitleId || dest != currMediaType) { + AM_DeleteTitle(dest, titleId); + AM_DeleteTicket(titleId); + + if(dest == MEDIATYPE_SD) { + AM_QueryAvailableExternalTitleDatabase(NULL); + } } - } - // Deleting FBI before it reinstalls itself causes issues. - u64 currTitleId = 0; - FS_MediaType currMediaType = MEDIATYPE_NAND; - - if(envIsHomebrew() || R_FAILED(APT_GetAppletInfo((NS_APPID) envGetAptAppId(), &currTitleId, (u8*) &currMediaType, NULL, NULL, NULL)) || titleId != currTitleId || dest != currMediaType) { - AM_DeleteTitle(dest, titleId); - AM_DeleteTicket(titleId); - - if(dest == MEDIATYPE_SD) { - AM_QueryAvailableExternalTitleDatabase(NULL); + if(R_SUCCEEDED(res = AM_StartCiaInstall(dest, handle))) { + installData->currTitleId = titleId; } } - - if(R_SUCCEEDED(res = AM_StartCiaInstall(dest, handle))) { - installData->currTitleId = titleId; - } } else if(*(u16*) initialReadBlock == 0x0100) { - installData->contentType = CONTENT_TICKET; + if(R_SUCCEEDED(res = ticket_get_title_id(&installData->ticketInfo.titleId, (u8*) initialReadBlock, installData->installInfo.bufferSize))) { + installData->contentType = CONTENT_TICKET; - if(!installData->cdnDecided) { - static const char* options[3] = {"Default\nVersion", "Select\nVersion", "No"}; - static u32 optionButtons[3] = {KEY_A, KEY_X, KEY_B}; - ui_view* view = prompt_display_multi_choice("Optional", "Install ticket titles from CDN?", COLOR_TEXT, options, optionButtons, 3, data, action_install_url_draw_top, action_install_url_cdn_check_onresponse); - if(view != NULL) { - svcWaitSynchronization(view->active, U64_MAX); + if(!installData->cdnDecided) { + static const char* options[3] = {"Default\nVersion", "Select\nVersion", "No"}; + static u32 optionButtons[3] = {KEY_A, KEY_X, KEY_B}; + ui_view* view = prompt_display_multi_choice("Optional", "Install ticket titles from CDN?", COLOR_TEXT, options, optionButtons, 3, data, action_install_url_draw_top, action_install_url_cdn_check_onresponse); + if(view != NULL) { + svcWaitSynchronization(view->active, U64_MAX); + } } + + installData->ticketInfo.inUse = false; + installData->ticketInfo.loaded = true; + + AM_DeleteTicket(installData->ticketInfo.titleId); + res = AM_InstallTicketBegin(handle); } - - installData->ticketInfo.titleId = ticket_get_title_id((u8*) initialReadBlock); - installData->ticketInfo.inUse = false; - installData->ticketInfo.loaded = true; - - AM_DeleteTicket(installData->ticketInfo.titleId); - res = AM_InstallTicketBegin(handle); } else if(*(u32*) initialReadBlock == 0x58534433 /* 3DSX */ || *(u32*) initialReadBlock == 0x48444D53 /* SMDH */) { installData->contentType = CONTENT_3DSX_SMDH;