blackteay/fbi-i18n-zh
1
0
Fork 0
mirror of https://gitlab.com/Theopse/fbi-i18n-zh.git synced 2025-04-05 19:41:43 +08:00
Code Issues Projects Releases Wiki Activity

Add validity checks to CIA/TMD/Ticket parsing code.

Browse Source
This commit is contained in:
Steveice10 2018-05-15 18:54:39 -07:00
parent 8ad4fc4be5
commit faabb9ec62
8 changed files with 187 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
source/core/data/cia.c
View File

@ -5,14 +5,25 @@
#include "tmd.h" #include "tmd.h"
#include "../error.h" #include "../error.h"
u64 cia_get_title_id(u8* cia) { Result cia_get_title_id(u64* titleId, u8* cia, size_t size) {
if(cia == NULL) {
return R_APP_INVALID_ARGUMENT;
}
if(size < 0x10) {
return R_APP_BAD_DATA;
}
u32 headerSize = ((*(u32*) &cia[0x00]) + 0x3F) & ~0x3F; u32 headerSize = ((*(u32*) &cia[0x00]) + 0x3F) & ~0x3F;
u32 certSize = ((*(u32*) &cia[0x08]) + 0x3F) & ~0x3F; u32 certSize = ((*(u32*) &cia[0x08]) + 0x3F) & ~0x3F;
u32 ticketSize = ((*(u32*) &cia[0x0C]) + 0x3F) & ~0x3F; u32 ticketSize = ((*(u32*) &cia[0x0C]) + 0x3F) & ~0x3F;
u32 offset = headerSize + certSize + ticketSize;
u8* tmd = &cia[headerSize + certSize + ticketSize]; if(offset >= size) {
return R_APP_BAD_DATA;
}
return tmd_get_title_id(tmd); return tmd_get_title_id(titleId, &cia[offset], size - offset);
} }
Result cia_file_get_smdh(SMDH* smdh, Handle handle) { Result cia_file_get_smdh(SMDH* smdh, Handle handle) {

2
source/core/data/cia.h
View File

@ -2,5 +2,5 @@
typedef struct SMDH_s SMDH; typedef struct SMDH_s SMDH;
u64 cia_get_title_id(u8* cia); Result cia_get_title_id(u64* titleId, u8* cia, size_t size);
Result cia_file_get_smdh(SMDH* smdh, Handle handle); Result cia_file_get_smdh(SMDH* smdh, Handle handle);

30
source/core/data/ticket.c
View File

@ -1,9 +1,33 @@
#include <3ds.h> #include <3ds.h>
#include "ticket.h" #include "ticket.h"
#include "../core.h"
static u32 sigSizes[6] = {0x240, 0x140, 0x80, 0x240, 0x140, 0x80}; #define NUM_SIG_TYPES 6
static u32 sigSizes[NUM_SIG_TYPES] = {0x240, 0x140, 0x80, 0x240, 0x140, 0x80};
u64 ticket_get_title_id(u8* ticket) { Result ticket_get_title_id(u64* titleId, u8* ticket, size_t size) {
return __builtin_bswap64(*(u64*) &ticket[sigSizes[ticket[0x03]] + 0x9C]); if(ticket == NULL) {
return R_APP_INVALID_ARGUMENT;
}
if(size < 4) {
return R_APP_BAD_DATA;
}
u8 sigType = ticket[0x03];
if(sigType >= NUM_SIG_TYPES) {
return R_APP_BAD_DATA;
}
u32 offset = sigSizes[sigType] + 0x9C;
if(offset + sizeof(u64) > size) {
return R_APP_BAD_DATA;
}
if(titleId != NULL) {
*titleId = __builtin_bswap64(*(u64*) &ticket[offset]);
}
return 0;
} }

2
source/core/data/ticket.h
View File

@ -1,3 +1,3 @@
#pragma once #pragma once
u64 ticket_get_title_id(u8* ticket); Result ticket_get_title_id(u64* titleId, u8* ticket, size_t size);

86
source/core/data/tmd.c
View File

@ -1,17 +1,89 @@
#include <3ds.h> #include <3ds.h>
#include "tmd.h" #include "tmd.h"
#include "../core.h"
static u32 sigSizes[6] = {0x240, 0x140, 0x80, 0x240, 0x140, 0x80}; #define NUM_SIG_TYPES 6
static u32 sigSizes[NUM_SIG_TYPES] = {0x240, 0x140, 0x80, 0x240, 0x140, 0x80};
u64 tmd_get_title_id(u8* tmd) { static Result tmd_get(u8** out, u8* tmd, size_t tmdSize, u32 pos, size_t fieldSize) {
return __builtin_bswap64(*(u64*) &tmd[sigSizes[tmd[0x03]] + 0x4C]); if(tmd == NULL) {
return R_APP_INVALID_ARGUMENT;
}
if(tmdSize < 4) {
return R_APP_BAD_DATA;
}
u8 sigType = tmd[0x03];
if(sigType >= NUM_SIG_TYPES) {
return R_APP_BAD_DATA;
}
u32 offset = sigSizes[sigType] + pos;
if(offset + fieldSize > tmdSize) {
return R_APP_BAD_DATA;
}
if(out != NULL) {
*out = &tmd[offset];
}
return 0;
} }
u16 tmd_get_content_count(u8* tmd) { Result tmd_get_title_id(u64* titleId, u8* tmd, size_t size) {
return __builtin_bswap16(*(u16*) &tmd[sigSizes[tmd[0x03]] + 0x9E]); u8* data = NULL;
Result res = tmd_get(&data, tmd, size, 0x4C, sizeof(u64));
if(R_FAILED(res)) {
return res;
}
if(titleId != NULL) {
*titleId = __builtin_bswap64(*(u64*) data);
}
return 0;
} }
u8* tmd_get_content_chunk(u8* tmd, u32 index) { Result tmd_get_content_count(u16* contentCount, u8* tmd, size_t size) {
return &tmd[sigSizes[tmd[0x03]] + 0x9C4 + (index * 0x30)]; u8* data = NULL;
Result res = tmd_get(&data, tmd, size, 0x9E, sizeof(u16));
if(R_FAILED(res)) {
return res;
}
if(contentCount != NULL) {
*contentCount = __builtin_bswap16(*(u16*) data);
}
return 0;
}
Result tmd_get_content_id(u32* id, u8* tmd, size_t size, u32 num) {
u8* data = NULL;
Result res = tmd_get(&data, tmd, size, 0x9C4 + (num * 0x30), sizeof(u32));
if(R_FAILED(res)) {
return res;
}
if(id != NULL) {
*id = __builtin_bswap32(*(u32*) data);
}
return 0;
}
Result tmd_get_content_index(u16* index, u8* tmd, size_t size, u32 num) {
u8* data = NULL;
Result res = tmd_get(&data, tmd, size, 0x9C4 + (num * 0x30) + 0x4, sizeof(u16));
if(R_FAILED(res)) {
return res;
}
if(index != NULL) {
*index = __builtin_bswap16(*(u16*) data);
}
return 0;
} }

7
source/core/data/tmd.h
View File

@ -1,5 +1,6 @@
#pragma once #pragma once
u64 tmd_get_title_id(u8* tmd); Result tmd_get_title_id(u64* titleId, u8* tmd, size_t size);
u16 tmd_get_content_count(u8* tmd); Result tmd_get_content_count(u16* contentCount, u8* tmd, size_t size);
u8* tmd_get_content_chunk(u8* tmd, u32 index); Result tmd_get_content_id(u32* id, u8* tmd, size_t size, u32 num);
Result tmd_get_content_index(u16* index, u8* tmd, size_t size, u32 num);

35
source/fbi/action/installcdn.c
View File

@ -18,7 +18,7 @@ typedef struct {
bool finishedPrompt; bool finishedPrompt;
char tmdVersion[16]; char tmdVersion[16];
u32 contentCount; u16 contentCount;
u16 contentIndices[CONTENTS_MAX]; u16 contentIndices[CONTENTS_MAX];
u32 contentIds[CONTENTS_MAX]; u32 contentIds[CONTENTS_MAX];
@ -71,21 +71,28 @@ static Result action_install_cdn_open_dst(void* data, u32 index, void* initialRe
install_cdn_data* installData = (install_cdn_data*) data; install_cdn_data* installData = (install_cdn_data*) data;
if(index == 0) { if(index == 0) {
installData->contentCount = tmd_get_content_count((u8*) initialReadBlock); Result res = 0;
if(installData->contentCount > CONTENTS_MAX) {
return R_APP_OUT_OF_RANGE; if(R_SUCCEEDED(res = tmd_get_content_count(&installData->contentCount, (u8*) initialReadBlock, installData->installInfo.bufferSize))) {
if(installData->contentCount <= CONTENTS_MAX) {
for(u32 i = 0; i < installData->contentCount; i++) {
if(R_FAILED(res = tmd_get_content_id(&installData->contentIds[i], (u8*) initialReadBlock, installData->installInfo.bufferSize, i))
|| R_FAILED(res = tmd_get_content_index(&installData->contentIndices[i], (u8*) initialReadBlock, installData->installInfo.bufferSize, i))) {
break;
}
}
if(R_SUCCEEDED(res)) {
installData->installInfo.total += installData->contentCount;
res = AM_InstallTmdBegin(handle);
}
} else {
res = R_APP_OUT_OF_RANGE;
}
} }
for(u32 i = 0; i < installData->contentCount; i++) { return res;
u8* contentChunk = tmd_get_content_chunk((u8*) initialReadBlock, i);
installData->contentIds[i] = __builtin_bswap32(*(u32*) &contentChunk[0x00]);
installData->contentIndices[i] = __builtin_bswap16(*(u16*) &contentChunk[0x04]);
}
installData->installInfo.total += installData->contentCount;
return AM_InstallTmdBegin(handle);
} else { } else {
return AM_InstallContentBegin(handle, installData->contentIndices[index - 1]); return AM_InstallContentBegin(handle, installData->contentIndices[index - 1]);
} }

78
source/fbi/action/installurl.c
View File

@ -147,56 +147,58 @@ static Result action_install_url_open_dst(void* data, u32 index, void* initialRe
if(*(u16*) initialReadBlock == 0x2020) { if(*(u16*) initialReadBlock == 0x2020) {
installData->contentType = CONTENT_CIA; installData->contentType = CONTENT_CIA;
u64 titleId = cia_get_title_id((u8*) initialReadBlock); u64 titleId = 0;
if(R_SUCCEEDED(res = cia_get_title_id(&titleId, (u8*) initialReadBlock, installData->installInfo.bufferSize))) {
FS_MediaType dest = fs_get_title_destination(titleId);
FS_MediaType dest = fs_get_title_destination(titleId); bool n3ds = false;
if(R_SUCCEEDED(APT_CheckNew3DS(&n3ds)) && !n3ds && ((titleId >> 28) & 0xF) == 2) {
ui_view* view = prompt_display_yes_no("Confirmation", "Title is intended for New 3DS systems.\nContinue?", COLOR_TEXT, data, action_install_url_draw_top, action_install_url_n3ds_onresponse);
if(view != NULL) {
svcWaitSynchronization(view->active, U64_MAX);
}
bool n3ds = false; if(!installData->n3dsContinue) {
if(R_SUCCEEDED(APT_CheckNew3DS(&n3ds)) && !n3ds && ((titleId >> 28) & 0xF) == 2) { return R_APP_SKIPPED;
ui_view* view = prompt_display_yes_no("Confirmation", "Title is intended for New 3DS systems.\nContinue?", COLOR_TEXT, data, action_install_url_draw_top, action_install_url_n3ds_onresponse); }
if(view != NULL) {
svcWaitSynchronization(view->active, U64_MAX);
} }
if(!installData->n3dsContinue) { // Deleting FBI before it reinstalls itself causes issues.
return R_APP_SKIPPED; u64 currTitleId = 0;
FS_MediaType currMediaType = MEDIATYPE_NAND;
if(envIsHomebrew() || R_FAILED(APT_GetAppletInfo((NS_APPID) envGetAptAppId(), &currTitleId, (u8*) &currMediaType, NULL, NULL, NULL)) || titleId != currTitleId || dest != currMediaType) {
AM_DeleteTitle(dest, titleId);
AM_DeleteTicket(titleId);
if(dest == MEDIATYPE_SD) {
AM_QueryAvailableExternalTitleDatabase(NULL);
}
} }
}
// Deleting FBI before it reinstalls itself causes issues. if(R_SUCCEEDED(res = AM_StartCiaInstall(dest, handle))) {
u64 currTitleId = 0; installData->currTitleId = titleId;
FS_MediaType currMediaType = MEDIATYPE_NAND;
if(envIsHomebrew() || R_FAILED(APT_GetAppletInfo((NS_APPID) envGetAptAppId(), &currTitleId, (u8*) &currMediaType, NULL, NULL, NULL)) || titleId != currTitleId || dest != currMediaType) {
AM_DeleteTitle(dest, titleId);
AM_DeleteTicket(titleId);
if(dest == MEDIATYPE_SD) {
AM_QueryAvailableExternalTitleDatabase(NULL);
} }
} }
if(R_SUCCEEDED(res = AM_StartCiaInstall(dest, handle))) {
installData->currTitleId = titleId;
}
} else if(*(u16*) initialReadBlock == 0x0100) { } else if(*(u16*) initialReadBlock == 0x0100) {
installData->contentType = CONTENT_TICKET; if(R_SUCCEEDED(res = ticket_get_title_id(&installData->ticketInfo.titleId, (u8*) initialReadBlock, installData->installInfo.bufferSize))) {
installData->contentType = CONTENT_TICKET;
if(!installData->cdnDecided) { if(!installData->cdnDecided) {
static const char* options[3] = {"Default\nVersion", "Select\nVersion", "No"}; static const char* options[3] = {"Default\nVersion", "Select\nVersion", "No"};
static u32 optionButtons[3] = {KEY_A, KEY_X, KEY_B}; static u32 optionButtons[3] = {KEY_A, KEY_X, KEY_B};
ui_view* view = prompt_display_multi_choice("Optional", "Install ticket titles from CDN?", COLOR_TEXT, options, optionButtons, 3, data, action_install_url_draw_top, action_install_url_cdn_check_onresponse); ui_view* view = prompt_display_multi_choice("Optional", "Install ticket titles from CDN?", COLOR_TEXT, options, optionButtons, 3, data, action_install_url_draw_top, action_install_url_cdn_check_onresponse);
if(view != NULL) { if(view != NULL) {
svcWaitSynchronization(view->active, U64_MAX); svcWaitSynchronization(view->active, U64_MAX);
}
} }
installData->ticketInfo.inUse = false;
installData->ticketInfo.loaded = true;
AM_DeleteTicket(installData->ticketInfo.titleId);
res = AM_InstallTicketBegin(handle);
} }
installData->ticketInfo.titleId = ticket_get_title_id((u8*) initialReadBlock);
installData->ticketInfo.inUse = false;
installData->ticketInfo.loaded = true;
AM_DeleteTicket(installData->ticketInfo.titleId);
res = AM_InstallTicketBegin(handle);
} else if(*(u32*) initialReadBlock == 0x58534433 /* 3DSX */ || *(u32*) initialReadBlock == 0x48444D53 /* SMDH */) { } else if(*(u32*) initialReadBlock == 0x58534433 /* 3DSX */ || *(u32*) initialReadBlock == 0x48444D53 /* SMDH */) {
installData->contentType = CONTENT_3DSX_SMDH; installData->contentType = CONTENT_3DSX_SMDH;