author: Narr the Reg <juangerman-13@hotmail.com> 2022-09-28 07:47:51 +0200
committer: german77 <juangerman-13@hotmail.com> 2022-10-02 19:34:14 +0200
commit: d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946 (patch)
tree: 17d2e29dbbd05495e3907acfa8d580605b74b1fb
parent: nfp: Multiple fixes against HW (diff)
download: yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar
yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.gz
yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.bz2
yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.lz
yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.xz
yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.zst
yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.zip
5 files changed, 124 insertions, 19 deletions
diff --git a/src/core/hle/service/nfp/amiibo_crypto.cpp b/src/core/hle/service/nfp/amiibo_crypto.cpp
index 9e06970a4..ce0bc3f75 100644
--- a/src/core/hle/service/nfp/amiibo_crypto.cpp
+++ b/src/core/hle/service/nfp/amiibo_crypto.cpp
@@ -58,8 +58,9 @@ bool IsAmiiboValid(const EncryptedNTAG215File& ntag_file) {
     if (amiibo_data.model_info.constant_value != 0x02) {
         return false;
     }
-    // dynamic_lock value apparently is not constant
-    // ntag_file.dynamic_lock == 0x0F0001
+    if ((ntag_file.dynamic_lock & 0xFFFFFF) != 0x0F0001U) {
+        return false;
+    }
     if (ntag_file.CFG0 != 0x04000000U) {
         return false;
     }
@@ -85,7 +86,7 @@ NTAG215File NfcDataToEncodedData(const EncryptedNTAG215File& nfc_data) {
     encoded_data.applicaton_write_counter = nfc_data.user_memory.applicaton_write_counter;
     encoded_data.application_area_id = nfc_data.user_memory.application_area_id;
     encoded_data.unknown = nfc_data.user_memory.unknown;
-    encoded_data.hash = nfc_data.user_memory.hash;
+    encoded_data.unknown2 = nfc_data.user_memory.unknown2;
     encoded_data.application_area = nfc_data.user_memory.application_area;
     encoded_data.hmac_tag = nfc_data.user_memory.hmac_tag;
     encoded_data.lock_bytes = nfc_data.uuid.lock_bytes;
@@ -116,7 +117,7 @@ EncryptedNTAG215File EncodedDataToNfcData(const NTAG215File& encoded_data) {
     nfc_data.user_memory.applicaton_write_counter = encoded_data.applicaton_write_counter;
     nfc_data.user_memory.application_area_id = encoded_data.application_area_id;
     nfc_data.user_memory.unknown = encoded_data.unknown;
-    nfc_data.user_memory.hash = encoded_data.hash;
+    nfc_data.user_memory.unknown2 = encoded_data.unknown2;
     nfc_data.user_memory.application_area = encoded_data.application_area;
     nfc_data.user_memory.hmac_tag = encoded_data.hmac_tag;
     nfc_data.user_memory.model_info = encoded_data.model_info;
@@ -181,7 +182,6 @@ std::vector<u8> GenerateInternalKey(const InternalKey& key, const HashSeed& seed
 
 void CryptoInit(CryptoCtx& ctx, mbedtls_md_context_t& hmac_ctx, const HmacKey& hmac_key,
                 const std::vector<u8>& seed) {
-
     // Initialize context
     ctx.used = false;
     ctx.counter = 0;
diff --git a/src/core/hle/service/nfp/nfp_device.cpp b/src/core/hle/service/nfp/nfp_device.cpp
index f0eaa7df2..0d4ffd3a5 100644
--- a/src/core/hle/service/nfp/nfp_device.cpp
+++ b/src/core/hle/service/nfp/nfp_device.cpp
@@ -85,7 +85,7 @@ void NfpDevice::NpadUpdate(Core::HID::ControllerTriggerType type) {
     }
 }
 
-bool NfpDevice::LoadAmiibo(const std::vector<u8>& data) {
+bool NfpDevice::LoadAmiibo(std::span<const u8> data) {
     if (device_state != DeviceState::SearchingForTag) {
         LOG_ERROR(Service_NFP, "Game is not looking for amiibos, current state {}", device_state);
         return false;
@@ -176,6 +176,19 @@ Result NfpDevice::StopDetection() {
 }
 
 Result NfpDevice::Flush() {
+    if (device_state != DeviceState::TagMounted) {
+        LOG_ERROR(Service_NFP, "Wrong device state {}", device_state);
+        if (device_state == DeviceState::TagRemoved) {
+            return TagRemoved;
+        }
+        return WrongDeviceState;
+    }
+
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
     auto& settings = tag_data.settings;
 
     const auto& current_date = GetAmiiboDate(current_posix_time);
@@ -206,7 +219,7 @@ Result NfpDevice::Flush() {
     return ResultSuccess;
 }
 
-Result NfpDevice::Mount() {
+Result NfpDevice::Mount(MountTarget mount_target_) {
     if (device_state != DeviceState::TagFound) {
         LOG_ERROR(Service_NFP, "Wrong device state {}", device_state);
         return WrongDeviceState;
@@ -218,6 +231,7 @@ Result NfpDevice::Mount() {
     }
 
     device_state = DeviceState::TagMounted;
+    mount_target = mount_target_;
     return ResultSuccess;
 }
 
@@ -233,6 +247,9 @@ Result NfpDevice::Unmount() {
     }
 
     device_state = DeviceState::TagFound;
+    mount_target = MountTarget::None;
+    is_app_area_open = false;
+
     return ResultSuccess;
 }
 
@@ -245,8 +262,8 @@ Result NfpDevice::GetTagInfo(TagInfo& tag_info) const {
     tag_info = {
         .uuid = encrypted_tag_data.uuid.uid,
         .uuid_length = static_cast<u8>(encrypted_tag_data.uuid.uid.size()),
-        .protocol = 1,
-        .tag_type = 2,
+        .protocol = TagProtocol::TypeA,
+        .tag_type = TagType::Type2,
     };
 
     return ResultSuccess;
@@ -255,6 +272,14 @@ Result NfpDevice::GetTagInfo(TagInfo& tag_info) const {
 Result NfpDevice::GetCommonInfo(CommonInfo& common_info) const {
     if (device_state != DeviceState::TagMounted) {
         LOG_ERROR(Service_NFP, "Wrong device state {}", device_state);
+        if (device_state == DeviceState::TagRemoved) {
+            return TagRemoved;
+        }
+        return WrongDeviceState;
+    }
+
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
         return WrongDeviceState;
     }
 
@@ -301,6 +326,11 @@ Result NfpDevice::GetRegisterInfo(RegisterInfo& register_info) const {
         return WrongDeviceState;
     }
 
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
     if (tag_data.settings.settings.amiibo_initialized == 0) {
         return RegistrationIsNotInitialized;
     }
@@ -333,6 +363,11 @@ Result NfpDevice::SetNicknameAndOwner(const AmiiboName& amiibo_name) {
         return WrongDeviceState;
     }
 
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
     Service::Mii::MiiManager manager;
     auto& settings = tag_data.settings;
 
@@ -350,6 +385,19 @@ Result NfpDevice::SetNicknameAndOwner(const AmiiboName& amiibo_name) {
 }
 
 Result NfpDevice::RestoreAmiibo() {
+    if (device_state != DeviceState::TagMounted) {
+        LOG_ERROR(Service_NFP, "Wrong device state {}", device_state);
+        if (device_state == DeviceState::TagRemoved) {
+            return TagRemoved;
+        }
+        return WrongDeviceState;
+    }
+
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
     // TODO: Load amiibo from backup on system
     LOG_ERROR(Service_NFP, "Not Implemented");
     return ResultSuccess;
@@ -385,6 +433,11 @@ Result NfpDevice::OpenApplicationArea(u32 access_id) {
         return WrongDeviceState;
     }
 
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
     if (tag_data.settings.settings.appdata_initialized.Value() == 0) {
         LOG_WARNING(Service_NFP, "Application area is not initialized");
         return ApplicationAreaIsNotInitialized;
@@ -395,6 +448,8 @@ Result NfpDevice::OpenApplicationArea(u32 access_id) {
         return WrongApplicationAreaId;
     }
 
+    is_app_area_open = true;
+
     return ResultSuccess;
 }
 
@@ -407,6 +462,16 @@ Result NfpDevice::GetApplicationArea(std::vector<u8>& data) const {
         return WrongDeviceState;
     }
 
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
+    if (!is_app_area_open) {
+        LOG_ERROR(Service_NFP, "Application area is not open");
+        return WrongDeviceState;
+    }
+
     if (tag_data.settings.settings.appdata_initialized.Value() == 0) {
         LOG_ERROR(Service_NFP, "Application area is not initialized");
         return ApplicationAreaIsNotInitialized;
@@ -422,7 +487,7 @@ Result NfpDevice::GetApplicationArea(std::vector<u8>& data) const {
     return ResultSuccess;
 }
 
-Result NfpDevice::SetApplicationArea(const std::vector<u8>& data) {
+Result NfpDevice::SetApplicationArea(std::span<const u8> data) {
     if (device_state != DeviceState::TagMounted) {
         LOG_ERROR(Service_NFP, "Wrong device state {}", device_state);
         if (device_state == DeviceState::TagRemoved) {
@@ -431,6 +496,16 @@ Result NfpDevice::SetApplicationArea(const std::vector<u8>& data) {
         return WrongDeviceState;
     }
 
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
+    if (!is_app_area_open) {
+        LOG_ERROR(Service_NFP, "Application area is not open");
+        return WrongDeviceState;
+    }
+
     if (tag_data.settings.settings.appdata_initialized.Value() == 0) {
         LOG_ERROR(Service_NFP, "Application area is not initialized");
         return ApplicationAreaIsNotInitialized;
@@ -442,8 +517,10 @@ Result NfpDevice::SetApplicationArea(const std::vector<u8>& data) {
     }
 
     Common::TinyMT rng{};
-    rng.GenerateRandomBytes(tag_data.application_area.data(), sizeof(ApplicationArea));
     std::memcpy(tag_data.application_area.data(), data.data(), data.size());
+    // HW seems to fill excess data with garbage
+    rng.GenerateRandomBytes(tag_data.application_area.data() + data.size(),
+                            sizeof(ApplicationArea) - data.size());
 
     tag_data.applicaton_write_counter++;
     is_data_moddified = true;
@@ -477,6 +554,11 @@ Result NfpDevice::RecreateApplicationArea(u32 access_id, std::span<const u8> dat
         return WrongDeviceState;
     }
 
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
     if (data.size() > sizeof(ApplicationArea)) {
         LOG_ERROR(Service_NFP, "Wrong data size {}", data.size());
         return ResultUnknown;
@@ -508,6 +590,11 @@ Result NfpDevice::DeleteApplicationArea() {
         return WrongDeviceState;
     }
 
+    if (mount_target == MountTarget::None || mount_target == MountTarget::Rom) {
+        LOG_ERROR(Service_NFP, "Amiibo is read only", device_state);
+        return WrongDeviceState;
+    }
+
     Common::TinyMT rng{};
     rng.GenerateRandomBytes(tag_data.application_area.data(), sizeof(ApplicationArea));
     rng.GenerateRandomBytes(&tag_data.title_id, sizeof(u64));
diff --git a/src/core/hle/service/nfp/nfp_device.h b/src/core/hle/service/nfp/nfp_device.h
index c020506a6..a5b72cf19 100644
--- a/src/core/hle/service/nfp/nfp_device.h
+++ b/src/core/hle/service/nfp/nfp_device.h
@@ -40,7 +40,7 @@ public:
 
     Result StartDetection(s32 protocol_);
     Result StopDetection();
-    Result Mount();
+    Result Mount(MountTarget mount_target);
     Result Unmount();
     Result Flush();
 
@@ -55,7 +55,7 @@ public:
 
     Result OpenApplicationArea(u32 access_id);
     Result GetApplicationArea(std::vector<u8>& data) const;
-    Result SetApplicationArea(const std::vector<u8>& data);
+    Result SetApplicationArea(std::span<const u8> data);
     Result CreateApplicationArea(u32 access_id, std::span<const u8> data);
     Result RecreateApplicationArea(u32 access_id, std::span<const u8> data);
     Result DeleteApplicationArea();
@@ -70,7 +70,7 @@ public:
 
 private:
     void NpadUpdate(Core::HID::ControllerTriggerType type);
-    bool LoadAmiibo(const std::vector<u8>& data);
+    bool LoadAmiibo(std::span<const u8> data);
     void CloseAmiibo();
 
     AmiiboName GetAmiiboName(const AmiiboSettings& settings) const;
@@ -88,8 +88,10 @@ private:
     Kernel::KEvent* availability_change_event = nullptr;
 
     bool is_data_moddified{};
+    bool is_app_area_open{};
     s32 protocol{};
     s64 current_posix_time{};
+    MountTarget mount_target{MountTarget::None};
     DeviceState device_state{DeviceState::Unavailable};
 
     NTAG215File tag_data{};
diff --git a/src/core/hle/service/nfp/nfp_types.h b/src/core/hle/service/nfp/nfp_types.h
index 448791846..dd4525b61 100644
--- a/src/core/hle/service/nfp/nfp_types.h
+++ b/src/core/hle/service/nfp/nfp_types.h
@@ -75,6 +75,22 @@ enum class AmiiboSeries : u8 {
     Diablo,
 };
 
+enum class TagType : u32 {
+    None,
+    Type1, // ISO14443A RW 96-2k bytes 106kbit/s
+    Type2, // ISO14443A RW/RO 540 bytes 106kbit/s
+    Type3, // Sony Felica RW/RO 2k bytes 212kbit/s
+    Type4, // ISO14443A RW/RO 4k-32k bytes 424kbit/s
+    Type5, // ISO15693 RW/RO 540 bytes 106kbit/s
+};
+
+enum class TagProtocol : u32 {
+    None,
+    TypeA, // ISO14443A
+    TypeB, // ISO14443B
+    TypeF, // Sony Felica
+};
+
 using UniqueSerialNumber = std::array<u8, 7>;
 using LockBytes = std::array<u8, 2>;
 using HashData = std::array<u8, 0x20>;
@@ -174,7 +190,7 @@ struct EncryptedAmiiboFile {
     u16_be applicaton_write_counter;       // Encrypted Counter
     u32_be application_area_id;            // Encrypted Game id
     std::array<u8, 0x2> unknown;
-    HashData hash;                    // Probably a SHA256-HMAC hash?
+    std::array<u32, 0x8> unknown2;
     ApplicationArea application_area; // Encrypted Game data
 };
 static_assert(sizeof(EncryptedAmiiboFile) == 0x1F8, "AmiiboFile is an invalid size");
@@ -193,7 +209,7 @@ struct NTAG215File {
     u16_be applicaton_write_counter; // Encrypted Counter
     u32_be application_area_id;
     std::array<u8, 0x2> unknown;
-    HashData hash;                    // Probably a SHA256-HMAC hash?
+    std::array<u32, 0x8> unknown2;
     ApplicationArea application_area; // Encrypted Game data
     HashData hmac_tag;                // Hash
     UniqueSerialNumber uid;           // Unique serial number
@@ -228,8 +244,8 @@ struct TagInfo {
     INSERT_PADDING_BYTES(0x3);
     u8 uuid_length;
     INSERT_PADDING_BYTES(0x15);
-    s32 protocol;
-    u32 tag_type;
+    TagProtocol protocol;
+    TagType tag_type;
     INSERT_PADDING_BYTES(0x30);
 };
 static_assert(sizeof(TagInfo) == 0x58, "TagInfo is an invalid size");
diff --git a/src/core/hle/service/nfp/nfp_user.cpp b/src/core/hle/service/nfp/nfp_user.cpp
index f8f1975db..c61df9401 100644
--- a/src/core/hle/service/nfp/nfp_user.cpp
+++ b/src/core/hle/service/nfp/nfp_user.cpp
@@ -189,7 +189,7 @@ void IUser::Mount(Kernel::HLERequestContext& ctx) {
         return;
     }
 
-    const auto result = device.value()->Mount();
+    const auto result = device.value()->Mount(mount_target);
     IPC::ResponseBuilder rb{ctx, 2};
     rb.Push(result);
 }
author	Narr the Reg <juangerman-13@hotmail.com>	2022-09-28 07:47:51 +0200
committer	german77 <juangerman-13@hotmail.com>	2022-10-02 19:34:14 +0200
commit	d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946 (patch)
tree	17d2e29dbbd05495e3907acfa8d580605b74b1fb
parent	nfp: Multiple fixes against HW (diff)
download	yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.gz yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.bz2 yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.lz yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.xz yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.tar.zst yuzu-d9d566bd3f6cb8fd4f8d3d2d17851e0568ddf946.zip