Bump version to v1.9.10

Merge pull request #87 from FlyingBananaTree/master
Support 16.0.0 keys
2023-02-22 16:18:38 -08:00 · 2023-02-22 16:05:22 -08:00 · 2023-02-21 23:10:17 +00:00 · 2022-11-06 17:59:36 -08:00 · 2022-11-05 16:47:21 -07:00 · 2022-11-05 16:40:15 -07:00
20 changed files with 1027 additions and 710 deletions
--- a/Versions.inc
+++ b/Versions.inc
@ -1,5 +1,5 @@
 # LP Version.
 LPVERSION_MAJOR := 1
 LPVERSION_MINOR := 9
-LPVERSION_BUGFX := 8
+LPVERSION_BUGFX := 10
 LPVERSION_RSVD := 0
--- a/bdk/sec/se.c
+++ b/bdk/sec/se.c
@ -718,76 +718,6 @@ out:;
 	return res;
 }
 // _mgf1_xor() and rsa_oaep_decode were derived from Atmosphère
 static void _mgf1_xor(void *masked, u32 masked_size, const void *seed, u32 seed_size)
 {
 	u8 cur_hash[0x20] __attribute__((aligned(4)));
 	u8 hash_buf[0xe4] __attribute__((aligned(4)));
 	u32 hash_buf_size = seed_size + 4;
 	memcpy(hash_buf, seed, seed_size);
 	u32 round_num = 0;
 	u8 *p_out = (u8 *)masked;
 	while (masked_size) {
 		u32 cur_size = MIN(masked_size, 0x20);
 		for (u32 i = 0; i < 4; i++)
 			hash_buf[seed_size + 3 - i] = (round_num >> (8 * i)) & 0xff;
 		round_num++;
 		se_calc_sha256_oneshot(cur_hash, hash_buf, hash_buf_size);
 		for (unsigned int i = 0; i < cur_size; i++) {
 			*p_out ^= cur_hash[i];
 			p_out++;
 		}
 		masked_size -= cur_size;
 	}
 }
 u32 se_rsa_oaep_decode(void *dst, u32 dst_size, const void *label_digest, u32 label_digest_size, u8 *buf, u32 buf_size)
 {
 	if (dst_size <= 0 || buf_size < 0x43 || label_digest_size != 0x20)
 		return 0;
 	bool is_valid = buf[0] == 0;
 	u32 db_len = buf_size - 0x21;
 	u8 *seed = buf + 1;
 	u8 *db = seed + 0x20;
 	_mgf1_xor(seed, 0x20, db, db_len);
 	_mgf1_xor(db, db_len, seed, 0x20);
 	is_valid &= memcmp(label_digest, db, 0x20) ? 0 : 1;
 	db += 0x20;
 	db_len -= 0x20;
 	int msg_ofs = 0;
 	int looking_for_one = 1;
 	int invalid_db_padding = 0;
 	int is_zero;
 	int is_one;
 	for (int i = 0; i < db_len; )
 	{
 		is_zero = (db[i] == 0);
 		is_one  = (db[i] == 1);
 		msg_ofs += (looking_for_one & is_one) * (++i);
 		looking_for_one &= ~is_one;
 		invalid_db_padding |= (looking_for_one & ~is_zero);
 	}
 	is_valid &= (invalid_db_padding == 0);
 	const u32 msg_size = MIN(dst_size, is_valid * (db_len - msg_ofs));
 	memcpy(dst, db + msg_ofs, msg_size);
 	return msg_size;
 }
 void se_get_aes_keys(u8 *buf, u8 *keys, u32 keysize)
 {
 	u8 *aligned_buf = (u8 *)ALIGN((u32)buf, 0x40);
--- a/bdk/sec/se.h
+++ b/bdk/sec/se.h
@ -49,6 +49,5 @@ int se_calc_sha256(void *hash, u32 *msg_left, const void *src, u32 src_size, u64
 int se_calc_sha256_oneshot(void *hash, const void *src, u32 src_size);
 int se_calc_sha256_finalize(void *hash, u32 *msg_left);
 int se_calc_hmac_sha256(void *dst, const void *src, u32 src_size, const void *key, u32 key_size);
 u32 se_rsa_oaep_decode(void *dst, u32 dst_size, const void *label_digest, u32 label_digest_size, u8 *buf, u32 buf_size);
 #endif
--- a/bdk/utils/util.c
+++ b/bdk/utils/util.c
@ -230,17 +230,3 @@ void power_set_state_ex(void *param)
 	power_state_t *state = (power_state_t *)param;
 	power_set_state(*state);
 }
 u32 read_le_u32(const void *buffer, u32 offset) {
 	return	(*(u8*)(buffer + offset + 0)        ) |
 			(*(u8*)(buffer + offset + 1) << 0x08) |
 			(*(u8*)(buffer + offset + 2) << 0x10) |
 			(*(u8*)(buffer + offset + 3) << 0x18);
 }
 u32 read_be_u32(const void *buffer, u32 offset) {
 	return	(*(u8*)(buffer + offset + 3)        ) |
 			(*(u8*)(buffer + offset + 2) << 0x08) |
 			(*(u8*)(buffer + offset + 1) << 0x10) |
 			(*(u8*)(buffer + offset + 0) << 0x18);
 }
--- a/bdk/utils/util.h
+++ b/bdk/utils/util.h
@ -96,7 +96,4 @@ void panic(u32 val);
 void power_set_state(power_state_t state);
 void power_set_state_ex(void *param);
 u32 read_le_u32(const void *buffer, u32 offset);
 u32 read_be_u32(const void *buffer, u32 offset);
 #endif
--- a/source/hos/hos.h
+++ b/source/hos/hos.h
@ -35,6 +35,7 @@
 #define KB_FIRMWARE_VERSION_1300 12
 #define KB_FIRMWARE_VERSION_1400 13
 #define KB_FIRMWARE_VERSION_1500 14
-#define KB_FIRMWARE_VERSION_MAX  KB_FIRMWARE_VERSION_1500 //!TODO: Update on mkey changes.
+#define KB_FIRMWARE_VERSION_1600 15
 #define KB_FIRMWARE_VERSION_MAX  KB_FIRMWARE_VERSION_1600 //!TODO: Update on mkey changes.
 #endif
--- a/source/keys/crypto.c
+++ b/source/keys/crypto.c
@ -1,5 +1,6 @@
 /*
 * Copyright (c) 2022 shchmue
 * Copyright (c) 2018 Atmosphère-NX
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
@ -16,10 +17,13 @@
 #include "crypto.h"
 #include "../../keygen/tsec_keygen.h"
 #include "../config.h"
 #include "../hos/hos.h"
 #include <sec/se.h>
 #include <sec/se_t210.h>
 #include <sec/tsec.h>
 #include <soc/fuse.h>
 #include <utils/util.h>
@ -27,6 +31,37 @@
 extern hekate_config h_cfg;
 int key_exists(const void *data) {
    return memcmp(data, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0;
 }
 int run_ams_keygen() {
    tsec_ctxt_t tsec_ctxt;
    tsec_ctxt.fw = tsec_keygen;
    tsec_ctxt.size = sizeof(tsec_keygen);
    tsec_ctxt.type = TSEC_FW_TYPE_NEW;
    u32 retries = 0;
    u32 temp_key[SE_KEY_128_SIZE / 4];
    while (tsec_query(temp_key, &tsec_ctxt) < 0) {
        retries++;
        if (retries > 15) {
            return -1;
        }
    }
    return 0;
 }
 bool check_keyslot_access() {
    u8 test_data[SE_KEY_128_SIZE] = {0};
    const u8 test_ciphertext[SE_KEY_128_SIZE] = {0};
    se_aes_key_set(KS_AES_ECB, "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", SE_KEY_128_SIZE);
    se_aes_crypt_block_ecb(KS_AES_ECB, DECRYPT, test_data, test_ciphertext);
    return memcmp(test_data, "\x7b\x1d\x29\xa1\x6c\xf8\xcc\xab\x84\xf0\xb8\xa5\x98\xe4\x2f\xa6", SE_KEY_128_SIZE) == 0;
 }
 bool test_rsa_keypair(const void *public_exponent, const void *private_exponent, const void *modulus) {
    u32 plaintext[SE_RSA2048_DIGEST_SIZE / 4] = {0},
        ciphertext[SE_RSA2048_DIGEST_SIZE / 4] = {0},
@ -43,14 +78,77 @@ bool test_rsa_keypair(const void *public_exponent, const void *private_exponent,
    return memcmp(plaintext, work, SE_RSA2048_DIGEST_SIZE) == 0;
 }
-bool test_eticket_rsa_keypair(const rsa_keypair_t *keypair) {
+// _mgf1_xor() and rsa_oaep_decode were derived from Atmosphère
-    // Unlike the SSL RSA key, we don't need to check the gmac - we can just verify the public exponent
+static void _mgf1_xor(void *masked, u32 masked_size, const void *seed, u32 seed_size) {
-    // and test the keypair since we have the modulus
+    u8 cur_hash[0x20] __attribute__((aligned(4)));
-    if ((read_be_u32(keypair->public_exponent, 0) != RSA_PUBLIC_EXPONENT) ||
+    u8 hash_buf[0xe4] __attribute__((aligned(4)));
-        (!test_rsa_keypair(keypair->public_exponent, keypair->private_exponent, keypair->modulus))) {
+
-        return false;
+    u32 hash_buf_size = seed_size + 4;
    memcpy(hash_buf, seed, seed_size);
    u32 round_num = 0;
    u8 *p_out = (u8 *)masked;
    while (masked_size) {
        u32 cur_size = MIN(masked_size, 0x20);
        for (u32 i = 0; i < 4; i++)
            hash_buf[seed_size + 3 - i] = (round_num >> (8 * i)) & 0xff;
        round_num++;
        se_calc_sha256_oneshot(cur_hash, hash_buf, hash_buf_size);
        for (unsigned int i = 0; i < cur_size; i++) {
            *p_out ^= cur_hash[i];
            p_out++;
        }
        masked_size -= cur_size;
    }
-    return true;
+}
 u32 rsa_oaep_decode(void *dst, u32 dst_size, const void *label_digest, u32 label_digest_size, u8 *buf, u32 buf_size) {
    if (dst_size <= 0 || buf_size < 0x43 || label_digest_size != 0x20)
        return 0;
    bool is_valid = buf[0] == 0;
    u32 db_len = buf_size - 0x21;
    u8 *seed = buf + 1;
    u8 *db = seed + 0x20;
    _mgf1_xor(seed, 0x20, db, db_len);
    _mgf1_xor(db, db_len, seed, 0x20);
    is_valid &= memcmp(label_digest, db, 0x20) ? 0 : 1;
    db += 0x20;
    db_len -= 0x20;
    int msg_ofs = 0;
    int looking_for_one = 1;
    int invalid_db_padding = 0;
    int is_zero;
    int is_one;
    for (int i = 0; i < db_len; ) {
        is_zero = (db[i] == 0);
        is_one  = (db[i] == 1);
        msg_ofs += (looking_for_one & is_one) * (++i);
        looking_for_one &= ~is_one;
        invalid_db_padding |= (looking_for_one & ~is_zero);
    }
    is_valid &= (invalid_db_padding == 0);
    const u32 msg_size = MIN(dst_size, is_valid * (db_len - msg_ofs));
    memcpy(dst, db + msg_ofs, msg_size);
    return msg_size;
 }
 void derive_rsa_kek(u32 ks, key_storage_t *keys, void *out_rsa_kek, const void *kekek_source, const void *kek_source, u32 generation, u32 option) {
    u32 access_key[SE_KEY_128_SIZE / 4] = {0};
    generate_aes_kek(ks, keys, access_key, kekek_source, generation, option);
    get_device_unique_data_key(ks, out_rsa_kek, access_key, kek_source);
 }
 // Equivalent to spl::GenerateAesKek
@ -83,7 +181,7 @@ void load_aes_key(u32 ks, void *out_key, const void *access_key, const void *key
 // Equivalent to spl::GenerateAesKey
 void generate_aes_key(u32 ks, key_storage_t *keys, void *out_key, u32 key_size, const void *access_key, const void *key_source) {
-    void *aes_key = keys->temp_key;
+    u32 aes_key[SE_KEY_128_SIZE / 4] = {0};
    load_aes_key(ks, aes_key, access_key, aes_key_generation_source);
    se_aes_key_set(ks, aes_key, SE_KEY_128_SIZE);
    se_aes_crypt_ecb(ks, DECRYPT, out_key, key_size, key_source, key_size);
@ -96,7 +194,7 @@ void get_device_unique_data_key(u32 ks, void *out_key, const void *access_key, c
 // Equivalent to spl::DecryptAesKey.
 void decrypt_aes_key(u32 ks, key_storage_t *keys, void *out_key, const void *key_source, u32 generation, u32 option) {
-    void *access_key = keys->temp_key;
+    u32 access_key[SE_KEY_128_SIZE / 4] = {0};
    generate_aes_kek(ks, keys, access_key, aes_key_decryption_source, generation, option);
    generate_aes_key(ks, keys, out_key, SE_KEY_128_SIZE, access_key, key_source);
 }
--- a/source/keys/crypto.h
+++ b/source/keys/crypto.h
@ -17,10 +17,20 @@
 #ifndef _CRYPTO_H_
 #define _CRYPTO_H_
 #include "es_types.h"
 #include "../hos/hos.h"
 #include <sec/se_t210.h>
 #include "../storage/nx_emmc.h"
 #include <utils/types.h>
 #include <string.h>
 // Sha256 hash of the null string.
 static const u8 null_hash[SE_SHA_256_SIZE] __attribute__((aligned(4))) = {
    0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
    0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C, 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55};
 static const u8 aes_kek_generation_source[0x10] __attribute__((aligned(4))) = {
    0x4D, 0x87, 0x09, 0x86, 0xC4, 0x5D, 0x20, 0x72, 0x2F, 0xBA, 0x10, 0x53, 0xDA, 0x92, 0xE8, 0xA9};
@ -43,6 +53,7 @@ static const u8 device_master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_
    {0x77, 0x52, 0x92, 0xF0, 0xAA, 0xE3, 0xFB, 0xE0, 0x60, 0x16, 0xB3, 0x78, 0x68, 0x53, 0xF7, 0xA8}, /* 13.0.0 Device Master Kek Source. */
    {0x67, 0xD5, 0xD6, 0x0C, 0x08, 0xF5, 0xA3, 0x11, 0xBD, 0x6D, 0x5A, 0xEB, 0x96, 0x24, 0xB0, 0xD2}, /* 14.0.0 Device Master Kek Source. */
    {0x7C, 0x30, 0xED, 0x8B, 0x39, 0x25, 0x2C, 0x08, 0x8F, 0x48, 0xDC, 0x28, 0xE6, 0x1A, 0x6B, 0x49}, /* 15.0.0 Device Master Kek Source. */
    {0xF0, 0xF3, 0xFF, 0x52, 0x75, 0x2F, 0xBA, 0x4D, 0x09, 0x72, 0x30, 0x89, 0xA9, 0xDF, 0xFE, 0x1F}, /* 16.0.0 Device Master Kek Source. */    
 }; //!TODO: Update on mkey changes.
 static const u8 device_master_kek_sources_dev[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][0x10] __attribute__((aligned(4))) = {
@ -58,6 +69,7 @@ static const u8 device_master_kek_sources_dev[KB_FIRMWARE_VERSION_MAX - KB_FIRMW
    {0x20, 0x20, 0xAA, 0xFB, 0x89, 0xC2, 0xF0, 0x70, 0xB5, 0xE0, 0xA3, 0x11, 0x8A, 0x29, 0x8D, 0x0F}, /* 13.0.0 Device Master Kek Source. */
    {0xCE, 0x14, 0x74, 0x66, 0x98, 0xA8, 0x6D, 0x7D, 0xBD, 0x54, 0x91, 0x68, 0x5F, 0x1D, 0x0E, 0xEA}, /* 14.0.0 Device Master Kek Source. */
    {0xAE, 0x05, 0x48, 0x65, 0xAB, 0x17, 0x9D, 0x3D, 0x51, 0xB7, 0x56, 0xBD, 0x9B, 0x0B, 0x5B, 0x6E}, /* 15.0.0 Device Master Kek Source. */
    {0xFF, 0xF6, 0x4B, 0x0F, 0xFF, 0x0D, 0xC0, 0x4F, 0x56, 0x8A, 0x40, 0x74, 0x67, 0xC5, 0xFE, 0x9F}, /* 16.0.0 Device Master Kek Source. */
 }; //!TODO: Update on mkey changes.
 static const u8 device_master_key_source_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_400 + 1][0x10] __attribute__((aligned(4))) = {
@ -73,6 +85,7 @@ static const u8 device_master_key_source_sources[KB_FIRMWARE_VERSION_MAX - KB_FI
    {0xE4, 0xF3, 0x45, 0x6F, 0x18, 0xA1, 0x89, 0xF8, 0xDA, 0x4C, 0x64, 0x75, 0x68, 0xE6, 0xBD, 0x4F}, /* 13.0.0 Device Master Key Source Source. */
    {0x5B, 0x94, 0x63, 0xF7, 0xAD, 0x96, 0x1B, 0xA6, 0x23, 0x30, 0x06, 0x4D, 0x01, 0xE4, 0xCE, 0x1D}, /* 14.0.0 Device Master Key Source Source. */ 
    {0x5E, 0xC9, 0xC5, 0x0A, 0xD0, 0x5F, 0x8B, 0x7B, 0xA7, 0x39, 0xEA, 0xBC, 0x60, 0x0F, 0x74, 0xE6}, /* 15.0.0 Device Master Key Source Source. */
    {0xEA, 0x90, 0x6E, 0xA8, 0xAE, 0x92, 0x99, 0x64, 0x36, 0xC1, 0xF3, 0x1C, 0xC6, 0x32, 0x83, 0x8C}, /* 16.0.0 Device Master Key Source Source. */
 }; //!TODO: Update on mkey changes.
 static const u8 seal_key_masks[][0x10] __attribute__((aligned(4))) = {
@ -99,6 +112,9 @@ static const u8 secure_data_tweaks[1][0x10] __attribute__((aligned(4))) = {
    {0xAC, 0xCA, 0x9A, 0xCA, 0xFF, 0x2E, 0xB9, 0x22, 0xCC, 0x1F, 0x4F, 0xAD, 0xDD, 0x77, 0x21, 0x1E}
 };
 //!TODO: Update on keygen changes.
 #define TSEC_ROOT_KEY_VERSION 2
 // Lockpick_RCM keyslots
 #define KS_BIS_00_CRYPT 0
 #define KS_BIS_00_TWEAK 1
@ -124,27 +140,20 @@ static const u8 secure_data_tweaks[1][0x10] __attribute__((aligned(4))) = {
 #define RSA_PUBLIC_EXPONENT 65537
-#define SSL_RSA_KEY_SIZE         (SE_AES_IV_SIZE + SE_RSA2048_DIGEST_SIZE)
+#define KEYBLOB_UNK_DATA_SIZE 0x70
-#define ETICKET_RSA_KEYPAIR_SIZE (SE_AES_IV_SIZE + SE_RSA2048_DIGEST_SIZE * 2 + SE_KEY_128_SIZE)
+#define KEYBLOB_UNUSED_SIZE (NX_EMMC_BLOCKSIZE - SE_AES_CMAC_DIGEST_SIZE - SE_AES_IV_SIZE - sizeof(keyblob_t))
 typedef struct {
    u8 private_exponent[SE_RSA2048_DIGEST_SIZE];
    u8 modulus[SE_RSA2048_DIGEST_SIZE];
    u8 public_exponent[4];
    u8 reserved[0xC];
 } rsa_keypair_t;
 typedef struct {
    u8 master_kek[SE_KEY_128_SIZE];
-    u8 data[0x70];
+    u8 data[KEYBLOB_UNK_DATA_SIZE];
    u8 package1_key[SE_KEY_128_SIZE];
 } keyblob_t;
 typedef struct {
-    u8 cmac[0x10];
+    u8 cmac[SE_AES_CMAC_DIGEST_SIZE];
-    u8 iv[0x10];
+    u8 iv[SE_AES_IV_SIZE];
    keyblob_t key_data;
-    u8 unused[0x150];
+    u8 unused[KEYBLOB_UNUSED_SIZE];
 } encrypted_keyblob_t;
 typedef struct {
@ -175,9 +184,9 @@ typedef struct {
        titlekek[KB_FIRMWARE_VERSION_MAX + 1][SE_KEY_128_SIZE],
        tsec_key[SE_KEY_128_SIZE],
        tsec_root_key[SE_KEY_128_SIZE];
-    u32 sbk[4];
+    u32 secure_boot_key[4];
    keyblob_t keyblob[KB_FIRMWARE_VERSION_600 + 1];
-    rsa_keypair_t eticket_rsa_keypair;
+    eticket_rsa_keypair_t eticket_rsa_keypair;
 } key_storage_t;
 typedef enum {
@ -199,8 +208,16 @@ typedef enum {
 #define GET_SEAL_KEY_INDEX(x) (((x) >> 5) & 7)
 #define GET_IS_DEVICE_UNIQUE(x) ((x) & 1)
 int key_exists(const void *data);
 int run_ams_keygen();
 bool check_keyslot_access();
 bool test_rsa_keypair(const void *public_exponent, const void *private_exponent, const void *modulus);
-bool test_eticket_rsa_keypair(const rsa_keypair_t *keypair);
+u32 rsa_oaep_decode(void *dst, u32 dst_size, const void *label_digest, u32 label_digest_size, u8 *buf, u32 buf_size);
 void derive_rsa_kek(u32 ks, key_storage_t *keys, void *out_rsa_kek, const void *kekek_source, const void *kek_source, u32 generation, u32 option);
 // Equivalent to spl::GenerateAesKek
 void generate_aes_kek(u32 ks, key_storage_t *keys, void *out_kek, const void *kek_source, u32 generation, u32 option);
--- a/source/keys/es_crypto.c
+++ b/source/keys/es_crypto.c
@ -0,0 +1,146 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "es_crypto.h"
 #include "cal0_read.h"
 #include "../config.h"
 #include <gfx_utils.h>
 #include "../gfx/tui.h"
 #include <mem/minerva.h>
 #include <sec/se.h>
 #include <sec/se_t210.h>
 #include <string.h>
 extern hekate_config h_cfg;
 bool test_eticket_rsa_keypair(const eticket_rsa_keypair_t *keypair) {
    if (byte_swap_32(keypair->public_exponent) != RSA_PUBLIC_EXPONENT)
        return false;
    return test_rsa_keypair(&keypair->public_exponent, keypair->private_exponent, keypair->modulus);
 }
 void es_derive_rsa_kek_device_unique(key_storage_t *keys, void *out_rsa_kek, u32 generation, bool is_dev) {
    if ((!h_cfg.t210b01 && !key_exists(keys->device_key)) || (h_cfg.t210b01 && (!key_exists(keys->master_key[0]) || !key_exists(keys->device_key_4x)))) {
        return;
    }
    const void *kek_source = is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source;
    const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | IS_DEVICE_UNIQUE;
    derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, eticket_rsa_kekek_source, kek_source, generation, option);
 }
 void es_derive_rsa_kek_legacy(key_storage_t *keys, void *out_rsa_kek) {
    if (!key_exists(keys->master_key[0])) {
        return;
    }
    const u32 generation = 0;
    const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | NOT_DEVICE_UNIQUE;
    derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, eticket_rsa_kekek_source, eticket_rsa_kek_source_legacy, generation, option);
 }
 void es_derive_rsa_kek_original(key_storage_t *keys, void *out_rsa_kek, bool is_dev) {
    if (!key_exists(keys->master_key[0])) {
        return;
    }
    const void *kek_source = is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source;
    const u32 generation = 0;
    const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | NOT_DEVICE_UNIQUE;
    derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, eticket_rsa_kekek_source, kek_source, generation, option);
 }
 bool decrypt_eticket_rsa_key(key_storage_t *keys, void *buffer, bool is_dev) {
    if (!cal0_read(KS_BIS_00_TWEAK, KS_BIS_00_CRYPT, buffer)) {
        return false;
    }
    nx_emmc_cal0_t *cal0 = (nx_emmc_cal0_t *)buffer;
    u32 generation = 0;
    const void *encrypted_key = NULL;
    const void *iv = NULL;
    u32 key_size = 0;
    void *ctr_key = NULL;
    if (!cal0_get_eticket_rsa_key(cal0, &encrypted_key, &key_size, &iv, &generation)) {
        return false;
    }
    // Handle legacy case
    if (key_size == ETICKET_RSA_KEYPAIR_SIZE) {
        u32 temp_key[SE_KEY_128_SIZE / 4] = {0};
        es_derive_rsa_kek_legacy(keys, temp_key);
        ctr_key = temp_key;
        se_aes_key_set(KS_AES_CTR, ctr_key, SE_KEY_128_SIZE);
        se_aes_crypt_ctr(KS_AES_CTR, &keys->eticket_rsa_keypair, sizeof(keys->eticket_rsa_keypair), encrypted_key, sizeof(keys->eticket_rsa_keypair), iv);
        if (test_eticket_rsa_keypair(&keys->eticket_rsa_keypair)) {
            memcpy(keys->eticket_rsa_kek, ctr_key, sizeof(keys->eticket_rsa_kek));
            return true;
        }
        // Fall through and try usual method if not applicable
    }
    if (generation) {
        es_derive_rsa_kek_device_unique(keys, keys->eticket_rsa_kek_personalized, generation, is_dev);
        ctr_key = keys->eticket_rsa_kek_personalized;
    } else {
        ctr_key = keys->eticket_rsa_kek;
    }
    se_aes_key_set(KS_AES_CTR, ctr_key, SE_KEY_128_SIZE);
    se_aes_crypt_ctr(KS_AES_CTR, &keys->eticket_rsa_keypair, sizeof(keys->eticket_rsa_keypair), encrypted_key, sizeof(keys->eticket_rsa_keypair), iv);
    if (!test_eticket_rsa_keypair(&keys->eticket_rsa_keypair)) {
        EPRINTF("Invalid eticket keypair.");
        memset(&keys->eticket_rsa_keypair, 0, sizeof(keys->eticket_rsa_keypair));
        return false;
    }
    return true;
 }
 void es_decode_tickets(u32 buf_size, titlekey_buffer_t *titlekey_buffer, u32 remaining, u32 total, u32 *titlekey_count, u32 x, u32 y, u32 *pct, u32 *last_pct, bool is_personalized) {
    ticket_t *curr_ticket = (ticket_t *)titlekey_buffer->read_buffer;
    for (u32 i = 0; i < MIN(buf_size / sizeof(ticket_t), remaining) * sizeof(ticket_t) && curr_ticket->signature_type != 0; i += sizeof(ticket_t), curr_ticket++) {
        minerva_periodic_training();
        *pct = (total - remaining) * 100 / total;
        if (*pct > *last_pct && *pct <= 100) {
            *last_pct = *pct;
            tui_pbar(x, y, *pct, COLOR_GREEN, 0xFF155500);
        }
        // This is in case an encrypted volatile ticket is left behind
        if (curr_ticket->signature_type != TICKET_SIG_TYPE_RSA2048_SHA256)
            continue;
        u8 *curr_titlekey = curr_ticket->titlekey_block;
        const u32 block_size = SE_RSA2048_DIGEST_SIZE;
        const u32 titlekey_size = sizeof(titlekey_buffer->titlekeys[0]);
        if (is_personalized) {
            se_rsa_exp_mod(0, curr_titlekey, block_size, curr_titlekey, block_size);
            if (rsa_oaep_decode(curr_titlekey, titlekey_size, null_hash, sizeof(null_hash), curr_titlekey, block_size) != titlekey_size)
                continue;
        }
        memcpy(titlekey_buffer->rights_ids[*titlekey_count], curr_ticket->rights_id, sizeof(titlekey_buffer->rights_ids[0]));
        memcpy(titlekey_buffer->titlekeys[*titlekey_count], curr_titlekey, titlekey_size);
        (*titlekey_count)++;
    }
 }
--- a/source/keys/es_crypto.h
+++ b/source/keys/es_crypto.h
@ -0,0 +1,49 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _ES_CRYPTO_H_
 #define _ES_CRYPTO_H_
 #include "crypto.h"
 #include "es_types.h"
 #include <sec/se_t210.h>
 #include <utils/types.h>
 #define ETICKET_RSA_KEYPAIR_SIZE (SE_AES_IV_SIZE + SE_RSA2048_DIGEST_SIZE * 2 + SE_KEY_128_SIZE)
 #define TICKET_SIG_TYPE_RSA2048_SHA256 0x10004
 static const u8 eticket_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
    0xDB, 0xA4, 0x51, 0x12, 0x4C, 0xA0, 0xA9, 0x83, 0x68, 0x14, 0xF5, 0xED, 0x95, 0xE3, 0x12, 0x5B};
 static const u8 eticket_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
    0xBE, 0xC0, 0xBC, 0x8E, 0x75, 0xA0, 0xF6, 0x0C, 0x4A, 0x56, 0x64, 0x02, 0x3E, 0xD4, 0x9C, 0xD5};
 static const u8 eticket_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
    0x88, 0x87, 0x50, 0x90, 0xA6, 0x2F, 0x75, 0x70, 0xA2, 0xD7, 0x71, 0x51, 0xAE, 0x6D, 0x39, 0x87};
 static const u8 eticket_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
    0x46, 0x6E, 0x57, 0xB7, 0x4A, 0x44, 0x7F, 0x02, 0xF3, 0x21, 0xCD, 0xE5, 0x8F, 0x2F, 0x55, 0x35};
 bool test_eticket_rsa_keypair(const eticket_rsa_keypair_t *keypair);
 void es_derive_rsa_kek_device_unique(key_storage_t *keys, void *out_rsa_kek, u32 generation, bool is_dev);
 void es_derive_rsa_kek_legacy(key_storage_t *keys, void *out_rsa_kek);
 void es_derive_rsa_kek_original(key_storage_t *keys, void *out_rsa_kek, bool is_dev);
 bool decrypt_eticket_rsa_key(key_storage_t *keys, void *buffer, bool is_dev);
 void es_decode_tickets(u32 buf_size, titlekey_buffer_t *titlekey_buffer, u32 remaining, u32 total, u32 *titlekey_count, u32 x, u32 y, u32 *pct, u32 *last_pct, bool is_personalized);
 #endif
--- a/source/keys/es_types.h
+++ b/source/keys/es_types.h
@ -0,0 +1,76 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _ES_TYPES_H_
 #define _ES_TYPES_H_
 #include <sec/se_t210.h>
 #include <utils/types.h>
 typedef struct {
    u8 private_exponent[SE_RSA2048_DIGEST_SIZE];
    u8 modulus[SE_RSA2048_DIGEST_SIZE];
    u32 public_exponent;
    u8 reserved[0xC];
 } eticket_rsa_keypair_t;
 // only tickets of type Rsa2048Sha256 are expected
 typedef struct {
    u32 signature_type; // always 0x10004
    u8 signature[SE_RSA2048_DIGEST_SIZE];
    u8 sig_padding[0x3C];
    char issuer[0x40];
    u8 titlekey_block[SE_RSA2048_DIGEST_SIZE];
    u8 format_version;
    u8 titlekey_type;
    u16 ticket_version;
    u8 license_type;
    u8 common_key_id;
    u16 property_mask;
    u64 reserved;
    u64 ticket_id;
    u64 device_id;
    u8 rights_id[0x10];
    u32 account_id;
    u32 sect_total_size;
    u32 sect_hdr_offset;
    u16 sect_hdr_count;
    u16 sect_hdr_entry_size;
    u8 padding[0x140];
 } ticket_t;
 typedef struct {
    u8 rights_id[0x10];
    u64 ticket_id;
    u32 account_id;
    u16 property_mask;
    u16 reserved;
 } ticket_record_t;
 typedef struct {
    u8 read_buffer[SZ_256K];
    u8 rights_ids[SZ_256K / 0x10][0x10];
    u8 titlekeys[SZ_256K / 0x10][0x10];
 } titlekey_buffer_t;
 typedef struct {
    char rights_id[0x20];
    char equals[3];
    char titlekey[0x20];
    char newline[1];
 } titlekey_text_buffer_t;
 #endif
--- a/source/keys/fs_crypto.c
+++ b/source/keys/fs_crypto.c
@ -0,0 +1,69 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "fs_crypto.h"
 #include "../config.h"
 #include <sec/se_t210.h>
 #include <string.h>
 extern hekate_config h_cfg;
 void fs_derive_bis_keys(key_storage_t *keys, u8 out_bis_keys[4][32], u32 generation) {
    if ((!h_cfg.t210b01 && !key_exists(keys->device_key)) || (h_cfg.t210b01 && (!key_exists(keys->master_key[0]) || !key_exists(keys->device_key_4x)))) {
        return;
    }
    generate_specific_aes_key(KS_AES_ECB, keys, out_bis_keys[0], bis_key_sources[0], generation);
    u32 access_key[SE_KEY_128_SIZE / 4] = {0};
    const u32 option = IS_DEVICE_UNIQUE;
    generate_aes_kek(KS_AES_ECB, keys, access_key, bis_kek_source, generation, option);
    generate_aes_key(KS_AES_ECB, keys, out_bis_keys[1], sizeof(bis_key_sources[1]), access_key, bis_key_sources[1]);
    generate_aes_key(KS_AES_ECB, keys, out_bis_keys[2], sizeof(bis_key_sources[2]), access_key, bis_key_sources[2]);
    memcpy(out_bis_keys[3], out_bis_keys[2], sizeof(bis_key_sources[2]));
 }
 void fs_derive_header_key(key_storage_t *keys, void *out_key) {
    if (!key_exists(keys->master_key[0])) {
        return;
    }
    u32 access_key[SE_KEY_128_SIZE / 4] = {0};
    const u32 generation = 0;
    const u32 option = NOT_DEVICE_UNIQUE;
    generate_aes_kek(KS_AES_ECB, keys, access_key, header_kek_source, generation, option);
    generate_aes_key(KS_AES_ECB, keys, out_key, sizeof(header_key_source), access_key, header_key_source);
 }
 void fs_derive_key_area_key(key_storage_t *keys, void *out_key, u32 source_type, u32 generation) {
    u32 access_key[SE_KEY_128_SIZE / 4] = {0};
    const u32 option = NOT_DEVICE_UNIQUE;
    generate_aes_kek(KS_AES_ECB, keys, access_key, key_area_key_sources[source_type], generation + 1, option);
    load_aes_key(KS_AES_ECB, out_key, access_key, aes_key_generation_source);
 }
 void fs_derive_save_mac_key(key_storage_t *keys, void *out_key) {
    if ((!h_cfg.t210b01 && !key_exists(keys->device_key)) || (h_cfg.t210b01 && (!key_exists(keys->master_key[0]) || !key_exists(keys->device_key_4x)))) {
        return;
    }
    u32 access_key[SE_KEY_128_SIZE / 4] = {0};
    const u32 generation = 0;
    const u32 option = IS_DEVICE_UNIQUE;
    generate_aes_kek(KS_AES_ECB, keys, access_key, save_mac_kek_source, generation, option);
    load_aes_key(KS_AES_ECB, out_key, access_key, save_mac_key_source);
 }
--- a/source/keys/fs_crypto.h
+++ b/source/keys/fs_crypto.h
@ -0,0 +1,74 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _FS_CRYPTO_H_
 #define _FS_CRYPTO_H_
 #include "crypto.h"
 #include <utils/types.h>
 static const u8 bis_kek_source[0x10] __attribute__((aligned(4))) = {
    0x34, 0xC1, 0xA0, 0xC4, 0x82, 0x58, 0xF8, 0xB4, 0xFA, 0x9E, 0x5E, 0x6A, 0xDA, 0xFC, 0x7E, 0x4F};
 static const u8 bis_key_sources[3][0x20] __attribute__((aligned(4))) = {
    {0xF8, 0x3F, 0x38, 0x6E, 0x2C, 0xD2, 0xCA, 0x32, 0xA8, 0x9A, 0xB9, 0xAA, 0x29, 0xBF, 0xC7, 0x48,
     0x7D, 0x92, 0xB0, 0x3A, 0xA8, 0xBF, 0xDE, 0xE1, 0xA7, 0x4C, 0x3B, 0x6E, 0x35, 0xCB, 0x71, 0x06},
    {0x41, 0x00, 0x30, 0x49, 0xDD, 0xCC, 0xC0, 0x65, 0x64, 0x7A, 0x7E, 0xB4, 0x1E, 0xED, 0x9C, 0x5F,
     0x44, 0x42, 0x4E, 0xDA, 0xB4, 0x9D, 0xFC, 0xD9, 0x87, 0x77, 0x24, 0x9A, 0xDC, 0x9F, 0x7C, 0xA4},
    {0x52, 0xC2, 0xE9, 0xEB, 0x09, 0xE3, 0xEE, 0x29, 0x32, 0xA1, 0x0C, 0x1F, 0xB6, 0xA0, 0x92, 0x6C,
     0x4D, 0x12, 0xE1, 0x4B, 0x2A, 0x47, 0x4C, 0x1C, 0x09, 0xCB, 0x03, 0x59, 0xF0, 0x15, 0xF4, 0xE4}
 };
 static const u8 header_kek_source[0x10] __attribute__((aligned(4))) = {
    0x1F, 0x12, 0x91, 0x3A, 0x4A, 0xCB, 0xF0, 0x0D, 0x4C, 0xDE, 0x3A, 0xF6, 0xD5, 0x23, 0x88, 0x2A};
 static const u8 header_key_source[0x20] __attribute__((aligned(4))) = {
    0x5A, 0x3E, 0xD8, 0x4F, 0xDE, 0xC0, 0xD8, 0x26, 0x31, 0xF7, 0xE2, 0x5D, 0x19, 0x7B, 0xF5, 0xD0,
    0x1C, 0x9B, 0x7B, 0xFA, 0xF6, 0x28, 0x18, 0x3D, 0x71, 0xF6, 0x4D, 0x73, 0xF1, 0x50, 0xB9, 0xD2};
 static const u8 key_area_key_sources[3][0x10] __attribute__((aligned(4))) = {
    {0x7F, 0x59, 0x97, 0x1E, 0x62, 0x9F, 0x36, 0xA1, 0x30, 0x98, 0x06, 0x6F, 0x21, 0x44, 0xC3, 0x0D}, // application
    {0x32, 0x7D, 0x36, 0x08, 0x5A, 0xD1, 0x75, 0x8D, 0xAB, 0x4E, 0x6F, 0xBA, 0xA5, 0x55, 0xD8, 0x82}, // ocean
    {0x87, 0x45, 0xF1, 0xBB, 0xA6, 0xBE, 0x79, 0x64, 0x7D, 0x04, 0x8B, 0xA6, 0x7B, 0x5F, 0xDA, 0x4A}, // system
 };
 static const u8 save_mac_kek_source[0x10] __attribute__((aligned(4))) = {
    0xD8, 0x9C, 0x23, 0x6E, 0xC9, 0x12, 0x4E, 0x43, 0xC8, 0x2B, 0x03, 0x87, 0x43, 0xF9, 0xCF, 0x1B};
 static const u8 save_mac_key_source[0x10] __attribute__((aligned(4))) = {
    0xE4, 0xCD, 0x3D, 0x4A, 0xD5, 0x0F, 0x74, 0x28, 0x45, 0xA4, 0x87, 0xE5, 0xA0, 0x63, 0xEA, 0x1F};
 static const u8 save_mac_sd_card_kek_source[0x10] __attribute__((aligned(4))) = {
    0x04, 0x89, 0xEF, 0x5D, 0x32, 0x6E, 0x1A, 0x59, 0xC4, 0xB7, 0xAB, 0x8C, 0x36, 0x7A, 0xAB, 0x17};
 static const u8 save_mac_sd_card_key_source[0x10] __attribute__((aligned(4))) = {
    0x6F, 0x64, 0x59, 0x47, 0xC5, 0x61, 0x46, 0xF9, 0xFF, 0xA0, 0x45, 0xD5, 0x95, 0x33, 0x29, 0x18};
 static const u8 sd_card_custom_storage_key_source[0x20] __attribute__((aligned(4))) = {
    0x37, 0x0C, 0x34, 0x5E, 0x12, 0xE4, 0xCE, 0xFE, 0x21, 0xB5, 0x8E, 0x64, 0xDB, 0x52, 0xAF, 0x35,
    0x4F, 0x2C, 0xA5, 0xA3, 0xFC, 0x99, 0x9A, 0x47, 0xC0, 0x3E, 0xE0, 0x04, 0x48, 0x5B, 0x2F, 0xD0};
 static const u8 sd_card_kek_source[0x10] __attribute__((aligned(4))) = {
    0x88, 0x35, 0x8D, 0x9C, 0x62, 0x9B, 0xA1, 0xA0, 0x01, 0x47, 0xDB, 0xE0, 0x62, 0x1B, 0x54, 0x32};
 static const u8 sd_card_nca_key_source[0x20] __attribute__((aligned(4))) = {
    0x58, 0x41, 0xA2, 0x84, 0x93, 0x5B, 0x56, 0x27, 0x8B, 0x8E, 0x1F, 0xC5, 0x18, 0xE9, 0x9F, 0x2B,
    0x67, 0xC7, 0x93, 0xF0, 0xF2, 0x4F, 0xDE, 0xD0, 0x75, 0x49, 0x5D, 0xCA, 0x00, 0x6D, 0x99, 0xC2};
 static const u8 sd_card_save_key_source[0x20] __attribute__((aligned(4))) = {
    0x24, 0x49, 0xB7, 0x22, 0x72, 0x67, 0x03, 0xA8, 0x19, 0x65, 0xE6, 0xE3, 0xEA, 0x58, 0x2F, 0xDD,
    0x9A, 0x95, 0x15, 0x17, 0xB1, 0x6E, 0x8F, 0x7F, 0x1F, 0x68, 0x26, 0x31, 0x52, 0xEA, 0x29, 0x6A};
 void fs_derive_bis_keys(key_storage_t *keys, u8 out_bis_keys[4][32], u32 generation);
 void fs_derive_header_key(key_storage_t *keys, void *out_key);
 void fs_derive_key_area_key(key_storage_t *keys, void *out_key, u32 source_type, u32 generation);
 void fs_derive_save_mac_key(key_storage_t *keys, void *out_key);
 #endif
--- a/source/keys/key_sources.inl
+++ b/source/keys/key_sources.inl
@ -14,21 +14,6 @@
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 // Sha256 hash of the null string.
 static const u8 null_hash[0x20] __attribute__((aligned(4))) = {
    0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
    0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C, 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55};
 static const u8 keyblob_key_sources[][0x10] __attribute__((aligned(4))) = {
    {0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3}, //1.0.0
    {0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC}, //3.0.0
    {0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B}, //3.0.1
    {0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE}, //4.0.0
    {0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80}, //5.0.0
    {0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0}  //6.0.0
 };
 //!TODO: Update on mkey changes.
 static const u8 master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_620 + 1][0x10] __attribute__((aligned(4))) = {
    {0x37, 0x4B, 0x77, 0x29, 0x59, 0xB4, 0x04, 0x30, 0x81, 0xF6, 0xE5, 0x8C, 0x6D, 0x36, 0x17, 0x9A}, //6.2.0
    {0x9A, 0x3E, 0xA9, 0xAB, 0xFD, 0x56, 0x46, 0x1C, 0x9B, 0xF6, 0x48, 0x7F, 0x5C, 0xFA, 0x09, 0x5C}, //7.0.0
@ -39,9 +24,9 @@ static const u8 master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION
    {0x68, 0x3B, 0xCA, 0x54, 0xB8, 0x6F, 0x92, 0x48, 0xC3, 0x05, 0x76, 0x87, 0x88, 0x70, 0x79, 0x23}, //13.0.0
    {0xF0, 0x13, 0x37, 0x9A, 0xD5, 0x63, 0x51, 0xC3, 0xB4, 0x96, 0x35, 0xBC, 0x9C, 0xE8, 0x76, 0x81}, //14.0.0
    {0x6E, 0x77, 0x86, 0xAC, 0x83, 0x0A, 0x8D, 0x3E, 0x7D, 0xB7, 0x66, 0xA0, 0x22, 0xB7, 0x6E, 0x67}, //15.0.0
-};
+    {0x99, 0x22, 0x09, 0x57, 0xA7, 0xF9, 0x5E, 0x94, 0xFE, 0x78, 0x7F, 0x41, 0xD6, 0xE7, 0x56, 0xE6}, //16.0.0
 }; //!TODO: Update on mkey changes.
 //!TODO: Update on mkey changes.
 static const u8 master_key_vectors[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribute__((aligned(4))) = {
    {0x0C, 0xF0, 0x59, 0xAC, 0x85, 0xF6, 0x26, 0x65, 0xE1, 0xE9, 0x19, 0x55, 0xE6, 0xF2, 0x67, 0x3D}, /* Zeroes encrypted with Master Key 00. */
    {0x29, 0x4C, 0x04, 0xC8, 0xEB, 0x10, 0xED, 0x9D, 0x51, 0x64, 0x97, 0xFB, 0xF3, 0x4D, 0x50, 0xDD}, /* Master key 00 encrypted with Master key 01. */
@ -58,9 +43,9 @@ static const u8 master_key_vectors[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribut
    {0xA3, 0x24, 0x65, 0x75, 0xEA, 0xCC, 0x6E, 0x8D, 0xFB, 0x5A, 0x16, 0x50, 0x74, 0xD2, 0x15, 0x06}, /* Master key 0B encrypted with Master key 0C. */
    {0x83, 0x67, 0xAF, 0x01, 0xCF, 0x93, 0xA1, 0xAB, 0x80, 0x45, 0xF7, 0x3F, 0x72, 0xFD, 0x3B, 0x38}, /* Master key 0C encrypted with Master key 0D. */
    {0xB1, 0x81, 0xA6, 0x0D, 0x72, 0xC7, 0xEE, 0x15, 0x21, 0xF3, 0xC0, 0xB5, 0x6B, 0x61, 0x6D, 0xE7}, /* Master key 0D encrypted with Master key 0E. */
-};
+    {0xAF, 0x11, 0x4C, 0x67, 0x17, 0x7A, 0x52, 0x43, 0xF7, 0x70, 0x2F, 0xC7, 0xEF, 0x81, 0x72, 0x16}, /* Master key 0E encrypted with Master key 0F. */
 }; //!TODO: Update on mkey changes.
 //!TODO: Update on mkey changes.
 static const u8 master_key_vectors_dev[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attribute__((aligned(4))) = {
    {0x46, 0x22, 0xB4, 0x51, 0x9A, 0x7E, 0xA7, 0x7F, 0x62, 0xA1, 0x1F, 0x8F, 0xC5, 0x3A, 0xDB, 0xFE}, /* Zeroes encrypted with Master Key 00. */
    {0x39, 0x33, 0xF9, 0x31, 0xBA, 0xE4, 0xA7, 0x21, 0x2C, 0xDD, 0xB7, 0xD8, 0xB4, 0x4E, 0x37, 0x23}, /* Master key 00 encrypted with Master key 01. */
@ -77,7 +62,8 @@ static const u8 master_key_vectors_dev[KB_FIRMWARE_VERSION_MAX + 1][0x10] __attr
    {0x8A, 0xCE, 0xC4, 0x7F, 0xBE, 0x08, 0x61, 0x88, 0xD3, 0x73, 0x64, 0x51, 0xE2, 0xB6, 0x53, 0x15}, /* Master key 0B encrypted with Master key 0C. */
    {0x08, 0xE0, 0xF4, 0xBE, 0xAA, 0x6E, 0x5A, 0xC3, 0xA6, 0xBC, 0xFE, 0xB9, 0xE2, 0xA3, 0x24, 0x12}, /* Master key 0C encrypted with Master key 0D. */
    {0xD6, 0x80, 0x98, 0xC0, 0xFA, 0xC7, 0x13, 0xCB, 0x93, 0xD2, 0x0B, 0x82, 0x4C, 0xA1, 0x7B, 0x8D}, /* Master key 0D encrypted with Master key 0E. */
-};
+    {0x78, 0x66, 0x19, 0xBD, 0x86, 0xE7, 0xC1, 0x09, 0x9B, 0x6F, 0x92, 0xB2, 0x58, 0x7D, 0xCF, 0x26}, /* Master key 0E encrypted with Master key 0F. */
 }; //!TODO: Update on mkey changes.
 static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = {
    {0x20, 0x9E, 0x97, 0xAE, 0xAF, 0x7E, 0x6A, 0xF6, 0x9E, 0xF5, 0xA7, 0x17, 0x2F, 0xF4, 0x49, 0xA6}, /* Zeroes encrypted with AES Class Key 00. */
@ -96,16 +82,22 @@ static const u8 mariko_key_vectors[][0x10] __attribute__((aligned(4))) = {
    {0x95, 0x48, 0xC1, 0x59, 0x0F, 0x84, 0x19, 0xC4, 0xAB, 0x69, 0x05, 0x88, 0x01, 0x31, 0x52, 0x59}, /* Zeroes encrypted with Mariko BEK. */
 };
 //======================================Keys======================================//
 // from Package1 -> Secure_Monitor
 static const u8 package2_key_source[0x10] __attribute__((aligned(4))) = {
    0xFB, 0x8B, 0x6A, 0x9C, 0x79, 0x00, 0xC8, 0x49, 0xEF, 0xD2, 0x4D, 0x85, 0x4D, 0x30, 0xA0, 0xC7};
 static const u8 titlekek_source[0x10] __attribute__((aligned(4))) = {
    0x1E, 0xDC, 0x7B, 0x3B, 0x60, 0xE6, 0xB4, 0xD8, 0x78, 0xB8, 0x17, 0x15, 0x98, 0x5E, 0x62, 0x9B};
-// from Package1ldr (or Secure_Monitor on 6.2.0+)
+static const u8 keyblob_key_sources[][0x10] __attribute__((aligned(4))) = {
    {0xDF, 0x20, 0x6F, 0x59, 0x44, 0x54, 0xEF, 0xDC, 0x70, 0x74, 0x48, 0x3B, 0x0D, 0xED, 0x9F, 0xD3}, //1.0.0
    {0x0C, 0x25, 0x61, 0x5D, 0x68, 0x4C, 0xEB, 0x42, 0x1C, 0x23, 0x79, 0xEA, 0x82, 0x25, 0x12, 0xAC}, //3.0.0
    {0x33, 0x76, 0x85, 0xEE, 0x88, 0x4A, 0xAE, 0x0A, 0xC2, 0x8A, 0xFD, 0x7D, 0x63, 0xC0, 0x43, 0x3B}, //3.0.1
    {0x2D, 0x1F, 0x48, 0x80, 0xED, 0xEC, 0xED, 0x3E, 0x3C, 0xF2, 0x48, 0xB5, 0x65, 0x7D, 0xF7, 0xBE}, //4.0.0
    {0xBB, 0x5A, 0x01, 0xF9, 0x88, 0xAF, 0xF5, 0xFC, 0x6C, 0xFF, 0x07, 0x9E, 0x13, 0x3C, 0x39, 0x80}, //5.0.0
    {0xD8, 0xCC, 0xE1, 0x26, 0x6A, 0x35, 0x3F, 0xCC, 0x20, 0xF3, 0x2D, 0x3B, 0x51, 0x7D, 0xE9, 0xC0}  //6.0.0
 };
 static const u8 keyblob_mac_key_source[0x10] __attribute__((aligned(4))) = {
    0x59, 0xC7, 0xFB, 0x6F, 0xBE, 0x9B, 0xBE, 0x87, 0x65, 0x6B, 0x15, 0xC0, 0x53, 0x73, 0x36, 0xA5};
 static const u8 master_key_source[0x10] __attribute__((aligned(4))) = {
    0xD8, 0xA2, 0x41, 0x0A, 0xC6, 0xC5, 0x90, 0x01, 0xC6, 0x1D, 0x6A, 0x26, 0x7C, 0x51, 0x3F, 0x3C};
 static const u8 per_console_key_source[0x10] __attribute__((aligned(4))) = {
@ -123,6 +115,7 @@ static const u8 mariko_master_kek_sources[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_
    {0x52, 0x71, 0x9B, 0xDF, 0xA7, 0x8B, 0x61, 0xD8, 0xD5, 0x85, 0x11, 0xE4, 0x8E, 0x4F, 0x74, 0xC6}, // 13.0.0.
    {0xD2, 0x68, 0xC6, 0x53, 0x9D, 0x94, 0xF9, 0xA8, 0xA5, 0xA8, 0xA7, 0xC8, 0x8F, 0x53, 0x4B, 0x7A}, // 14.0.0.
    {0xEC, 0x61, 0xBC, 0x82, 0x1E, 0x0F, 0x5A, 0xC3, 0x2B, 0x64, 0x3F, 0x9D, 0xD6, 0x19, 0x22, 0x2D}, // 15.0.0.
    {0xA5, 0xEC, 0x16, 0x39, 0x1A, 0x30, 0x16, 0x08, 0x2E, 0xCF, 0x09, 0x6F, 0x5E, 0x7C, 0xEE, 0xA9}, // 16.0.0.
 }; //!TODO: Update on mkey changes.
 static const u8 mariko_master_kek_sources_dev[KB_FIRMWARE_VERSION_MAX - KB_FIRMWARE_VERSION_600 + 1][0x10] __attribute__((aligned(4))) = {
    {0x32, 0xC0, 0x97, 0x6B, 0x63, 0x6D, 0x44, 0x64, 0xF2, 0x3A, 0xA5, 0xC0, 0xDE, 0x46, 0xCC, 0xE9}, // 6.0.0.
@ -135,97 +128,5 @@ static const u8 mariko_master_kek_sources_dev[KB_FIRMWARE_VERSION_MAX - KB_FIRMW
    {0x4D, 0x5A, 0xB2, 0xC9, 0xE9, 0xE4, 0x4E, 0xA4, 0xD3, 0xBF, 0x94, 0x12, 0x36, 0x30, 0xD0, 0x7F}, // 13.0.0.
    {0xEC, 0x5E, 0xB5, 0x11, 0xD5, 0x43, 0x1E, 0x6A, 0x4E, 0x54, 0x6F, 0xD4, 0xD3, 0x22, 0xCE, 0x87}, // 14.0.0.
    {0x18, 0xA5, 0x6F, 0xEF, 0x72, 0x11, 0x62, 0xC5, 0x1A, 0x14, 0xF1, 0x8C, 0x21, 0x83, 0x27, 0xB7}, // 15.0.0.
    {0x3A, 0x9C, 0xF0, 0x39, 0x70, 0x23, 0xF6, 0xAF, 0x71, 0x44, 0x60, 0xF4, 0x6D, 0xED, 0xA1, 0xD6}, // 16.0.0.
 }; //!TODO: Update on mkey changes.
 // from ES
 static const u8 eticket_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
    0XDB, 0XA4, 0X51, 0X12, 0X4C, 0XA0, 0XA9, 0X83, 0X68, 0X14, 0XF5, 0XED, 0X95, 0XE3, 0X12, 0X5B};
 static const u8 eticket_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
    0xBE, 0xC0, 0xBC, 0x8E, 0x75, 0xA0, 0xF6, 0x0C, 0x4A, 0x56, 0x64, 0x02, 0x3E, 0xD4, 0x9C, 0xD5};
 static const u8 eticket_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
    0x88, 0x87, 0x50, 0x90, 0xA6, 0x2F, 0x75, 0x70, 0xA2, 0xD7, 0x71, 0x51, 0xAE, 0x6D, 0x39, 0x87};
 static const u8 eticket_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
    0X46, 0X6E, 0X57, 0XB7, 0X4A, 0X44, 0X7F, 0X02, 0XF3, 0X21, 0XCD, 0XE5, 0X8F, 0X2F, 0X55, 0X35};
 // from SSL
 static const u8 ssl_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
    0X7F, 0X5B, 0XB0, 0X84, 0X7B, 0X25, 0XAA, 0X67, 0XFA, 0XC8, 0X4B, 0XE2, 0X3D, 0X7B, 0X69, 0X03};
 static const u8 ssl_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
    0X9A, 0X38, 0X3B, 0XF4, 0X31, 0XD0, 0XBD, 0X81, 0X32, 0X53, 0X4B, 0XA9, 0X64, 0X39, 0X7D, 0XE3};
 static const u8 ssl_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
    0xD5, 0xD2, 0xFC, 0x00, 0xFD, 0x49, 0xDD, 0xF8, 0xEE, 0x7B, 0xC4, 0x4B, 0xE1, 0x4C, 0xAA, 0x99};
 static const u8 ssl_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
    0xED, 0x36, 0xB1, 0x32, 0x27, 0x17, 0xD2, 0xB0, 0xBA, 0x1F, 0xC1, 0xBD, 0x4D, 0x38, 0x0F, 0x5E};
 static const u8 ssl_client_cert_kek_source[0x10] __attribute__((aligned(4))) = {
    0x64, 0xB8, 0x30, 0xDD, 0x0F, 0x3C, 0xB7, 0xFB, 0x4C, 0x16, 0x01, 0x97, 0xEA, 0x9D, 0x12, 0x10};
 static const u8 ssl_client_cert_key_source[0x10] __attribute__((aligned(4))) = {
    0x4D, 0x92, 0x5A, 0x69, 0x42, 0x23, 0xBB, 0x92, 0x59, 0x16, 0x3E, 0x51, 0x8C, 0x78, 0x14, 0x0F};
 // from FS
 static const u8 bis_kek_source[0x10] __attribute__((aligned(4))) = {
    0x34, 0xC1, 0xA0, 0xC4, 0x82, 0x58, 0xF8, 0xB4, 0xFA, 0x9E, 0x5E, 0x6A, 0xDA, 0xFC, 0x7E, 0x4F};
 static const u8 bis_key_sources[3][0x20] __attribute__((aligned(4))) = {
    {0xF8, 0x3F, 0x38, 0x6E, 0x2C, 0xD2, 0xCA, 0x32, 0xA8, 0x9A, 0xB9, 0xAA, 0x29, 0xBF, 0xC7, 0x48,
     0x7D, 0x92, 0xB0, 0x3A, 0xA8, 0xBF, 0xDE, 0xE1, 0xA7, 0x4C, 0x3B, 0x6E, 0x35, 0xCB, 0x71, 0x06},
    {0x41, 0x00, 0x30, 0x49, 0xDD, 0xCC, 0xC0, 0x65, 0x64, 0x7A, 0x7E, 0xB4, 0x1E, 0xED, 0x9C, 0x5F,
     0x44, 0x42, 0x4E, 0xDA, 0xB4, 0x9D, 0xFC, 0xD9, 0x87, 0x77, 0x24, 0x9A, 0xDC, 0x9F, 0x7C, 0xA4},
    {0x52, 0xC2, 0xE9, 0xEB, 0x09, 0xE3, 0xEE, 0x29, 0x32, 0xA1, 0x0C, 0x1F, 0xB6, 0xA0, 0x92, 0x6C,
     0x4D, 0x12, 0xE1, 0x4B, 0x2A, 0x47, 0x4C, 0x1C, 0x09, 0xCB, 0x03, 0x59, 0xF0, 0x15, 0xF4, 0xE4}
 };
 static const u8 header_kek_source[0x10] __attribute__((aligned(4))) = {
    0x1F, 0x12, 0x91, 0x3A, 0x4A, 0xCB, 0xF0, 0x0D, 0x4C, 0xDE, 0x3A, 0xF6, 0xD5, 0x23, 0x88, 0x2A};
 static const u8 header_key_source[0x20] __attribute__((aligned(4))) = {
    0x5A, 0x3E, 0xD8, 0x4F, 0xDE, 0xC0, 0xD8, 0x26, 0x31, 0xF7, 0xE2, 0x5D, 0x19, 0x7B, 0xF5, 0xD0,
    0x1C, 0x9B, 0x7B, 0xFA, 0xF6, 0x28, 0x18, 0x3D, 0x71, 0xF6, 0x4D, 0x73, 0xF1, 0x50, 0xB9, 0xD2};
 static const u8 key_area_key_sources[3][0x10] __attribute__((aligned(4))) = {
    {0x7F, 0x59, 0x97, 0x1E, 0x62, 0x9F, 0x36, 0xA1, 0x30, 0x98, 0x06, 0x6F, 0x21, 0x44, 0xC3, 0x0D}, // application
    {0x32, 0x7D, 0x36, 0x08, 0x5A, 0xD1, 0x75, 0x8D, 0xAB, 0x4E, 0x6F, 0xBA, 0xA5, 0x55, 0xD8, 0x82}, // ocean
    {0x87, 0x45, 0xF1, 0xBB, 0xA6, 0xBE, 0x79, 0x64, 0x7D, 0x04, 0x8B, 0xA6, 0x7B, 0x5F, 0xDA, 0x4A}, // system
 };
 static const u8 save_mac_kek_source[0x10] __attribute__((aligned(4))) = {
    0XD8, 0X9C, 0X23, 0X6E, 0XC9, 0X12, 0X4E, 0X43, 0XC8, 0X2B, 0X03, 0X87, 0X43, 0XF9, 0XCF, 0X1B};
 static const u8 save_mac_key_source[0x10] __attribute__((aligned(4))) = {
    0XE4, 0XCD, 0X3D, 0X4A, 0XD5, 0X0F, 0X74, 0X28, 0X45, 0XA4, 0X87, 0XE5, 0XA0, 0X63, 0XEA, 0X1F};
 static const u8 save_mac_sd_card_kek_source[0x10] __attribute__((aligned(4))) = {
    0X04, 0X89, 0XEF, 0X5D, 0X32, 0X6E, 0X1A, 0X59, 0XC4, 0XB7, 0XAB, 0X8C, 0X36, 0X7A, 0XAB, 0X17};
 static const u8 save_mac_sd_card_key_source[0x10] __attribute__((aligned(4))) = {
    0X6F, 0X64, 0X59, 0X47, 0XC5, 0X61, 0X46, 0XF9, 0XFF, 0XA0, 0X45, 0XD5, 0X95, 0X33, 0X29, 0X18};
 static const u8 sd_card_custom_storage_key_source[0x20] __attribute__((aligned(4))) = {
    0X37, 0X0C, 0X34, 0X5E, 0X12, 0XE4, 0XCE, 0XFE, 0X21, 0XB5, 0X8E, 0X64, 0XDB, 0X52, 0XAF, 0X35,
    0X4F, 0X2C, 0XA5, 0XA3, 0XFC, 0X99, 0X9A, 0X47, 0XC0, 0X3E, 0XE0, 0X04, 0X48, 0X5B, 0X2F, 0XD0};
 static const u8 sd_card_kek_source[0x10] __attribute__((aligned(4))) = {
    0X88, 0X35, 0X8D, 0X9C, 0X62, 0X9B, 0XA1, 0XA0, 0X01, 0X47, 0XDB, 0XE0, 0X62, 0X1B, 0X54, 0X32};
 static const u8 sd_card_nca_key_source[0x20] __attribute__((aligned(4))) = {
    0X58, 0X41, 0XA2, 0X84, 0X93, 0X5B, 0X56, 0X27, 0X8B, 0X8E, 0X1F, 0XC5, 0X18, 0XE9, 0X9F, 0X2B,
    0X67, 0XC7, 0X93, 0XF0, 0XF2, 0X4F, 0XDE, 0XD0, 0X75, 0X49, 0X5D, 0XCA, 0X00, 0X6D, 0X99, 0XC2};
 static const u8 sd_card_save_key_source[0x20] __attribute__((aligned(4))) = {
    0X24, 0X49, 0XB7, 0X22, 0X72, 0X67, 0X03, 0XA8, 0X19, 0X65, 0XE6, 0XE3, 0XEA, 0X58, 0X2F, 0XDD,
    0X9A, 0X95, 0X15, 0X17, 0XB1, 0X6E, 0X8F, 0X7F, 0X1F, 0X68, 0X26, 0X31, 0X52, 0XEA, 0X29, 0X6A};
 // from NFC
 static const u8 nfc_key_source[0x10] __attribute__((aligned(4))) = {
    0x83, 0xF6, 0xEF, 0xD8, 0x13, 0x26, 0x49, 0xAB, 0x97, 0x5F, 0xEA, 0xBA, 0x65, 0x71, 0xCA, 0xCA};
 static const u8 encrypted_nfc_keys[0x80] __attribute__((aligned(4))) = {
    0x76, 0x50, 0x87, 0x02, 0x40, 0xA6, 0x5A, 0x98, 0xCE, 0x39, 0x2F, 0xC8, 0x83, 0xAF, 0x54, 0x76,
    0x28, 0xFF, 0x50, 0xFC, 0xC1, 0xFB, 0x26, 0x14, 0xA2, 0x4A, 0xA6, 0x74, 0x90, 0xA4, 0x37, 0x06,
    0x03, 0x63, 0xC2, 0xB1, 0xAF, 0x9F, 0xF7, 0x07, 0xFC, 0x8A, 0xB9, 0xCA, 0x28, 0x68, 0x6E, 0xF7,
    0x42, 0xCD, 0x68, 0x13, 0xCD, 0x7B, 0x3A, 0x60, 0x3E, 0x8B, 0xAB, 0x3A, 0xCC, 0xED, 0xE0, 0xDD,
    0x71, 0x1F, 0xA5, 0xDE, 0xB8, 0xB1, 0xF5, 0x1D, 0x14, 0x73, 0xBE, 0x27, 0xCC, 0xA1, 0x9B, 0x23,
    0x06, 0x91, 0x89, 0x05, 0xED, 0xD6, 0x92, 0x76, 0x3F, 0x42, 0xFB, 0xD1, 0x8F, 0x2D, 0x6D, 0x72,
    0xC8, 0x9E, 0x48, 0xE8, 0x03, 0x64, 0xF0, 0x3C, 0x0E, 0x2A, 0xF1, 0x26, 0x83, 0x02, 0x4F, 0xE2,
    0x41, 0xAA, 0xC8, 0x33, 0x68, 0x84, 0x3A, 0xFB, 0x87, 0x18, 0xEA, 0xF7, 0x36, 0xA2, 0x4E, 0xA9};
 static const u8 encrypted_nfc_keys_dev[0x80] __attribute__((aligned(4))) = {
    0x13, 0xB0, 0xFB, 0xC2, 0x91, 0x6D, 0x6E, 0x5A, 0x10, 0x31, 0x40, 0xB7, 0xDF, 0xCF, 0x69, 0x69,
    0xB0, 0xFA, 0xAE, 0x7F, 0xB2, 0x4D, 0x27, 0xC9, 0xE9, 0x3F, 0x5B, 0x38, 0x39, 0x24, 0x98, 0xCE,
    0xED, 0xD2, 0xA9, 0x6C, 0x6F, 0xA7, 0x72, 0xD7, 0x11, 0x31, 0x17, 0x93, 0x12, 0x49, 0x32, 0x85,
    0x21, 0xE5, 0xE1, 0x88, 0x0F, 0x08, 0xF2, 0x30, 0x5C, 0xC3, 0xAA, 0xFF, 0xC0, 0xAB, 0x21, 0x96,
    0x74, 0x39, 0xED, 0xE0, 0x5A, 0xB6, 0x75, 0xC2, 0x3B, 0x08, 0x61, 0xE4, 0xA7, 0xD6, 0xED, 0x8C,
    0xA9, 0x02, 0x12, 0xA6, 0xCC, 0x27, 0x4C, 0x1C, 0x41, 0x9C, 0xD8, 0x4C, 0x00, 0xC7, 0x5B, 0x5D,
    0xED, 0xC2, 0x3D, 0x5E, 0x00, 0xF5, 0x49, 0xFA, 0x6C, 0x75, 0x67, 0xCF, 0x1F, 0x73, 0x1A, 0xE8,
    0x47, 0xD4, 0x3D, 0x9B, 0x83, 0x5B, 0x18, 0x2F, 0x95, 0xA9, 0x04, 0xBC, 0x2E, 0xBB, 0x64, 0x4A};
 static const u8 nfc_blob_hash[0x20] __attribute__((aligned(4))) = {
    0x7F, 0x92, 0x83, 0x65, 0x4E, 0xC1, 0x09, 0x7F, 0xBD, 0xFF, 0x31, 0xDE, 0x94, 0x66, 0x51, 0xAE,
    0x60, 0xC2, 0x85, 0x4A, 0xFB, 0x54, 0x4A, 0xBE, 0x89, 0x63, 0xD3, 0x89, 0x63, 0x9C, 0x71, 0x0E};
 static const u8 nfc_blob_hash_dev[0x20] __attribute__((aligned(4))) = {
    0x4E, 0x36, 0x59, 0x1C, 0x75, 0x80, 0x23, 0x03, 0x98, 0x2D, 0x45, 0xD9, 0x85, 0xB8, 0x60, 0x18,
    0x7C, 0x85, 0x37, 0x9B, 0xCB, 0xBA, 0xF3, 0xDC, 0x25, 0x38, 0x73, 0xDB, 0x2F, 0xFA, 0xAE, 0x26};
--- a/source/keys/keys.c
+++ b/source/keys/keys.c
@ -16,10 +16,10 @@
 #include "keys.h"
-#include "cal0_read.h"
+#include "es_crypto.h"
-#include "gmac.h"
+#include "fs_crypto.h"
-
+#include "nfc_crypto.h"
-#include "../../keygen/tsec_keygen.h"
+#include "ssl_crypto.h"
 #include "../config.h"
 #include <display/di.h>
@ -35,9 +35,7 @@
 #include <mem/sdram.h>
 #include <sec/se.h>
 #include <sec/se_t210.h>
 #include <sec/tsec.h>
 #include <soc/fuse.h>
 #include <mem/smmu.h>
 #include <soc/t210.h>
 #include "../storage/emummc.h"
 #include "../storage/nx_emmc.h"
@ -59,90 +57,91 @@ static u32 _key_count = 0, _titlekey_count = 0;
 static u32 start_time, end_time;
 u32 color_idx = 0;
-// key functions
+static void _save_key(const char *name, const void *data, u32 len, char *outbuf) {
-static int  _key_exists(const void *data) { return memcmp(data, "\x00\x00\x00\x00\x00\x00\x00\x00", 8) != 0; };
+    if (!key_exists(data))
-static void _save_key(const char *name, const void *data, u32 len, char *outbuf);
+        return;
-static void _save_key_family(const char *name, const void *data, u32 start_key, u32 num_keys, u32 len, char *outbuf);
+    u32 pos = strlen(outbuf);
    pos += s_printf(&outbuf[pos], "%s = ", name);
    for (u32 i = 0; i < len; i++)
        pos += s_printf(&outbuf[pos], "%02x", *(u8*)(data + i));
    s_printf(&outbuf[pos], "\n");
    _key_count++;
 }
-static void _derive_master_key_mariko(key_storage_t *keys, bool is_dev) {
+static void _save_key_family(const char *name, const void *data, u32 start_key, u32 num_keys, u32 len, char *outbuf) {
    char *temp_name = calloc(1, 0x40);
    for (u32 i = 0; i < num_keys; i++) {
        s_printf(temp_name, "%s_%02x", name, i + start_key);
        _save_key(temp_name, data + i * len, len, outbuf);
    }
    free(temp_name);
 }
 static void _derive_master_keys_mariko(key_storage_t *keys, bool is_dev) {
    minerva_periodic_training();
    // Relies on the SBK being properly set in slot 14
    se_aes_crypt_block_ecb(KS_SECURE_BOOT, DECRYPT, keys->device_key_4x, device_master_key_source_kek_source);
    // Derive all master keys based on Mariko KEK
    for (u32 i = KB_FIRMWARE_VERSION_600; i < ARRAY_SIZE(mariko_master_kek_sources) + KB_FIRMWARE_VERSION_600; i++) {
        // Relies on the Mariko KEK being properly set in slot 12
-        se_aes_crypt_block_ecb(KS_MARIKO_KEK, DECRYPT, keys->master_kek[i], is_dev ? &mariko_master_kek_sources_dev[i - KB_FIRMWARE_VERSION_600] : &mariko_master_kek_sources[i - KB_FIRMWARE_VERSION_600]);
+        u32 kek_source_index = i - KB_FIRMWARE_VERSION_600;
        const void *kek_source = is_dev ? &mariko_master_kek_sources_dev[kek_source_index] : &mariko_master_kek_sources[kek_source_index];
        se_aes_crypt_block_ecb(KS_MARIKO_KEK, DECRYPT, keys->master_kek[i], kek_source);
        load_aes_key(KS_AES_ECB, keys->master_key[i], keys->master_kek[i], master_key_source);
    }
 }
 static int _run_ams_keygen(key_storage_t *keys) {
    tsec_ctxt_t tsec_ctxt;
    tsec_ctxt.fw = tsec_keygen;
    tsec_ctxt.size = sizeof(tsec_keygen);
    tsec_ctxt.type = TSEC_FW_TYPE_NEW;
    u32 retries = 0;
    while (tsec_query(keys->temp_key, &tsec_ctxt) < 0) {
        retries++;
        if (retries > 15) {
            EPRINTF("Failed to run keygen.");
            return -1;
        }
    }
    return 0;
 }
 static void _derive_master_keys_from_latest_key(key_storage_t *keys, bool is_dev) {
    minerva_periodic_training();
    if (!h_cfg.t210b01) {
-        u32 tsec_root_key_slot = is_dev ? 11 : 13;
+        u32 tsec_root_key_slot = is_dev ? KS_TSEC_ROOT_DEV : KS_TSEC_ROOT;
        // Derive all master keys based on current root key
        for (u32 i = KB_FIRMWARE_VERSION_810 - KB_FIRMWARE_VERSION_620; i < ARRAY_SIZE(master_kek_sources); i++) {
-            se_aes_crypt_block_ecb(tsec_root_key_slot, DECRYPT, keys->master_kek[i + KB_FIRMWARE_VERSION_620], master_kek_sources[i]);
+            u32 key_index = i + KB_FIRMWARE_VERSION_620;
-            load_aes_key(KS_AES_ECB, keys->master_key[i + KB_FIRMWARE_VERSION_620], keys->master_kek[i + KB_FIRMWARE_VERSION_620], master_key_source);
+            se_aes_crypt_block_ecb(tsec_root_key_slot, DECRYPT, keys->master_kek[key_index], master_kek_sources[i]);
            load_aes_key(KS_AES_ECB, keys->master_key[key_index], keys->master_kek[key_index], master_key_source);
        }
    }
    minerva_periodic_training();
    // Derive all lower master keys
    for (u32 i = KB_FIRMWARE_VERSION_MAX; i > 0; i--) {
        load_aes_key(KS_AES_ECB, keys->master_key[i - 1], keys->master_key[i], is_dev ? master_key_vectors_dev[i] : master_key_vectors[i]);
    }
    load_aes_key(KS_AES_ECB, keys->temp_key, keys->master_key[0], is_dev ? master_key_vectors_dev[0] : master_key_vectors[0]);
-    if (_key_exists(keys->temp_key)) {
+    if (key_exists(keys->temp_key)) {
        EPRINTFARGS("Unable to derive master keys for %s.", is_dev ? "dev" : "prod");
        memset(keys->master_key, 0, sizeof(keys->master_key));
    }
 }
 static void _derive_keyblob_keys(key_storage_t *keys) {
-    u8 *keyblob_block = (u8 *)calloc(KB_FIRMWARE_VERSION_600 + 1, NX_EMMC_BLOCKSIZE);
+    minerva_periodic_training();
-    u32 keyblob_mac[SE_KEY_128_SIZE / 4] = {0};
+
    encrypted_keyblob_t *keyblob_buffer = (encrypted_keyblob_t *)calloc(KB_FIRMWARE_VERSION_600 + 1, sizeof(encrypted_keyblob_t));
    u32 keyblob_mac[SE_AES_CMAC_DIGEST_SIZE / 4] = {0};
    bool have_keyblobs = true;
-    if (FUSE(FUSE_PRIVATE_KEY0) == 0xFFFFFFFF) {
+    if (FUSE(FUSE_PRIVATE_KEY0) != 0xFFFFFFFF) {
-        u8 *aes_keys = (u8 *)calloc(SZ_4K, 1);
+        keys->secure_boot_key[0] = FUSE(FUSE_PRIVATE_KEY0);
-        se_get_aes_keys(aes_keys + SZ_2K, aes_keys, SE_KEY_128_SIZE);
+        keys->secure_boot_key[1] = FUSE(FUSE_PRIVATE_KEY1);
-        memcpy(keys->sbk, aes_keys + 14 * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
+        keys->secure_boot_key[2] = FUSE(FUSE_PRIVATE_KEY2);
-        free(aes_keys);
+        keys->secure_boot_key[3] = FUSE(FUSE_PRIVATE_KEY3);
    } else {
        keys->sbk[0] = FUSE(FUSE_PRIVATE_KEY0);
        keys->sbk[1] = FUSE(FUSE_PRIVATE_KEY1);
        keys->sbk[2] = FUSE(FUSE_PRIVATE_KEY2);
        keys->sbk[3] = FUSE(FUSE_PRIVATE_KEY3);
    }
    if (!emmc_storage.initialized) {
        have_keyblobs = false;
-    } else if (!emummc_storage_read(KEYBLOB_OFFSET / NX_EMMC_BLOCKSIZE, KB_FIRMWARE_VERSION_600 + 1, keyblob_block)) {
+    } else if (!emummc_storage_read(KEYBLOB_OFFSET / NX_EMMC_BLOCKSIZE, KB_FIRMWARE_VERSION_600 + 1, keyblob_buffer)) {
        EPRINTF("Unable to read keyblobs.");
        have_keyblobs = false;
    } else {
        have_keyblobs = true;
    }
-    encrypted_keyblob_t *current_keyblob = (encrypted_keyblob_t *)keyblob_block;
+    encrypted_keyblob_t *current_keyblob = keyblob_buffer;
-    for (u32 i = 0; i <= KB_FIRMWARE_VERSION_600; i++, current_keyblob++) {
+    for (u32 i = 0; i < ARRAY_SIZE(keyblob_key_sources); i++, current_keyblob++) {
        minerva_periodic_training();
        se_aes_crypt_block_ecb(KS_TSEC, DECRYPT, keys->keyblob_key[i], keyblob_key_sources[i]);
        se_aes_crypt_block_ecb(KS_SECURE_BOOT, DECRYPT, keys->keyblob_key[i], keys->keyblob_key[i]);
@ -170,89 +169,94 @@ static void _derive_keyblob_keys(key_storage_t *keys) {
        memcpy(keys->package1_key[i], keys->keyblob[i].package1_key, sizeof(keys->package1_key[i]));
        memcpy(keys->master_kek[i], keys->keyblob[i].master_kek, sizeof(keys->master_kek[i]));
-        if (!_key_exists(keys->master_key[i])) {
+        if (!key_exists(keys->master_key[i])) {
            load_aes_key(KS_AES_ECB, keys->master_key[i], keys->master_kek[i], master_key_source);
        }
    }
-    free(keyblob_block);
+    free(keyblob_buffer);
 }
 static void _derive_master_keys(key_storage_t *prod_keys, key_storage_t *dev_keys, bool is_dev) {
    key_storage_t *keys = is_dev ? dev_keys : prod_keys;
    if (h_cfg.t210b01) {
        _derive_master_keys_mariko(keys, is_dev);
        _derive_master_keys_from_latest_key(keys, is_dev);
    } else {
        if (run_ams_keygen()) {
            EPRINTF("Failed to run keygen.");
            return;
        }
        u8 *aes_keys = (u8 *)calloc(1, SZ_4K);
        se_get_aes_keys(aes_keys + SZ_2K, aes_keys, SE_KEY_128_SIZE);
        memcpy(&dev_keys->tsec_root_key,  aes_keys + KS_TSEC_ROOT_DEV * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
        memcpy(&dev_keys->tsec_key,       aes_keys + KS_TSEC          * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
        memcpy(&prod_keys->tsec_key,      aes_keys + KS_TSEC          * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
        memcpy(&prod_keys->tsec_root_key, aes_keys + KS_TSEC_ROOT     * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
        if (FUSE(FUSE_PRIVATE_KEY0) != 0xFFFFFFFF) {
            memcpy(&dev_keys->secure_boot_key,  aes_keys + KS_SECURE_BOOT * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
            memcpy(&prod_keys->secure_boot_key, aes_keys + KS_SECURE_BOOT * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
        }
        free(aes_keys);
        _derive_master_keys_from_latest_key(prod_keys, false);
        _derive_master_keys_from_latest_key(dev_keys, true);
        _derive_keyblob_keys(keys);
    }
 }
 static void _derive_bis_keys(key_storage_t *keys) {
    minerva_periodic_training();
    u32 generation = fuse_read_odm_keygen_rev();
    fs_derive_bis_keys(keys, keys->bis_key, generation);
 }
-    if (!(_key_exists(keys->device_key) || (generation && _key_exists(keys->master_key[0]) && _key_exists(keys->device_key_4x)))) {
+static void _derive_misc_keys(key_storage_t *keys) {
-        return;
+    minerva_periodic_training();
-    }
+    fs_derive_save_mac_key(keys, keys->save_mac_key);
    generate_specific_aes_key(KS_AES_ECB, keys, &keys->bis_key[0], bis_key_sources[0], generation);
    u32 access_key[SE_KEY_128_SIZE / 4] = {0};
    const u32 option = IS_DEVICE_UNIQUE;
    generate_aes_kek(KS_AES_ECB, keys, access_key, bis_kek_source, generation, option);
    generate_aes_key(KS_AES_ECB, keys, keys->bis_key[1], sizeof(keys->bis_key[1]), access_key, bis_key_sources[1]);
    generate_aes_key(KS_AES_ECB, keys, keys->bis_key[2], sizeof(keys->bis_key[2]), access_key, bis_key_sources[2]);
    memcpy(keys->bis_key[3], keys->bis_key[2], sizeof(keys->bis_key[3]));
 }
 static void _derive_non_unique_keys(key_storage_t *keys, bool is_dev) {
-    if (_key_exists(keys->master_key[0])) {
+    minerva_periodic_training();
-        const u32 generation = 0;
+    fs_derive_header_key(keys, keys->header_key);
-        const u32 option = GET_IS_DEVICE_UNIQUE(NOT_DEVICE_UNIQUE);
+    es_derive_rsa_kek_original(keys, keys->eticket_rsa_kek, is_dev);
-        generate_aes_kek(KS_AES_ECB, keys, keys->temp_key, header_kek_source, generation, option);
+    ssl_derive_rsa_kek_original(keys, keys->ssl_rsa_kek, is_dev);
        generate_aes_key(KS_AES_ECB, keys, keys->header_key, sizeof(keys->header_key), keys->temp_key, header_key_source);
    }
 }
 static void _derive_rsa_kek(u32 ks, key_storage_t *keys, void *out_rsa_kek, const void *kekek_source, const void *kek_source, u32 generation, u32 option) {
    void *access_key = keys->temp_key;
    generate_aes_kek(ks, keys, access_key, kekek_source, generation, option);
    get_device_unique_data_key(ks, out_rsa_kek, access_key, kek_source);
 }
 static void _derive_misc_keys(key_storage_t *keys, bool is_dev) {
    if (_key_exists(keys->device_key) || (_key_exists(keys->master_key[0]) && _key_exists(keys->device_key_4x))) {
        void *access_key = keys->temp_key;
        const u32 generation = 0;
        const u32 option = IS_DEVICE_UNIQUE;
        generate_aes_kek(KS_AES_ECB, keys, access_key, save_mac_kek_source, generation, option);
        load_aes_key(KS_AES_ECB, keys->save_mac_key, access_key, save_mac_key_source);
    }
    if (_key_exists(keys->master_key[0])) {
        const void *eticket_kek_source = is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source;
        const u32 generation = 0;
        u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | NOT_DEVICE_UNIQUE;
        _derive_rsa_kek(KS_AES_ECB, keys, keys->eticket_rsa_kek, eticket_rsa_kekek_source, eticket_kek_source, generation, option);
        const void *ssl_kek_source = is_dev ? ssl_rsa_kek_source_dev : ssl_rsa_kek_source;
        option = SET_SEAL_KEY_INDEX(SEAL_KEY_DECRYPT_DEVICE_UNIQUE_DATA) | NOT_DEVICE_UNIQUE;
        _derive_rsa_kek(KS_AES_ECB, keys, keys->ssl_rsa_kek, ssl_rsa_kekek_source, ssl_kek_source, generation, option);
    }
 }
 static void _derive_per_generation_keys(key_storage_t *keys) {
    for (u32 generation = 0; generation < ARRAY_SIZE(keys->master_key); generation++) {
-        if (!_key_exists(keys->master_key[generation]))
+        minerva_periodic_training();
        if (!key_exists(keys->master_key[generation]))
            continue;
        for (u32 source_type = 0; source_type < ARRAY_SIZE(key_area_key_sources); source_type++) {
-            void *access_key = keys->temp_key;
+            fs_derive_key_area_key(keys, keys->key_area_key[source_type][generation], source_type, generation);
            const u32 option = GET_IS_DEVICE_UNIQUE(NOT_DEVICE_UNIQUE);
            generate_aes_kek(KS_AES_ECB, keys, access_key, key_area_key_sources[source_type], generation + 1, option);
            load_aes_key(KS_AES_ECB, keys->key_area_key[source_type][generation], access_key, aes_key_generation_source);
        }
        load_aes_key(KS_AES_ECB, keys->package2_key[generation], keys->master_key[generation], package2_key_source);
        load_aes_key(KS_AES_ECB, keys->titlekek[generation], keys->master_key[generation], titlekek_source);
    }
 }
-static bool _get_titlekeys_from_save(u32 buf_size, const u8 *save_mac_key, titlekey_buffer_t *titlekey_buffer, rsa_keypair_t *rsa_keypair) {
+// Returns true when terminator is found
 static bool _count_ticket_records(u32 buf_size, titlekey_buffer_t *titlekey_buffer, u32 *tkey_count) {
    ticket_record_t *curr_ticket_record = (ticket_record_t *)titlekey_buffer->read_buffer;
    for (u32 i = 0; i < buf_size; i += sizeof(ticket_record_t), curr_ticket_record++) {
        if (curr_ticket_record->rights_id[0] == 0xFF)
            return true;
        (*tkey_count)++;
    }
    return false;
 }
 static bool _get_titlekeys_from_save(u32 buf_size, const u8 *save_mac_key, titlekey_buffer_t *titlekey_buffer, eticket_rsa_keypair_t *rsa_keypair) {
    FIL fp;
    u64 br = buf_size;
    u64 offset = 0;
    u32 file_tkey_count = 0;
    u32 save_x = gfx_con.x, save_y = gfx_con.y;
    bool is_personalized = rsa_keypair != NULL;
-    u32 start_titlekey_count = _titlekey_count;
+    const char ticket_bin_path[32] = "/ticket.bin";
    const char ticket_list_bin_path[32] = "/ticket_list.bin";
    char titlekey_save_path[32] = "bis:/save/80000000000000E1";
    save_data_file_ctx_t ticket_file;
    if (is_personalized) {
        titlekey_save_path[25] = '2';
@ -280,10 +284,6 @@ static bool _get_titlekeys_from_save(u32 buf_size, const u8 *save_mac_key, title
        return false;
    }
    const char ticket_bin_path[32] = "/ticket.bin";
    const char ticket_list_bin_path[32] = "/ticket_list.bin";
    save_data_file_ctx_t ticket_file;
    if (!save_open_file(save_ctx, &ticket_file, ticket_list_bin_path, OPEN_MODE_READ)) {
        EPRINTF("Unable to locate ticket_list.bin in save.");
        f_close(&fp);
@ -292,22 +292,19 @@ static bool _get_titlekeys_from_save(u32 buf_size, const u8 *save_mac_key, title
        return false;
    }
-    bool terminator_reached = false;
+    // Read ticket list to get ticket count
-    while (offset < ticket_file.size && !terminator_reached) {
+    while (offset < ticket_file.size) {
        if (!save_data_file_read(&ticket_file, &br, offset, titlekey_buffer->read_buffer, buf_size) || titlekey_buffer->read_buffer[0] == 0 || br != buf_size)
            break;
        offset += br;
        minerva_periodic_training();
-        ticket_record_t *curr_ticket_record = (ticket_record_t *)titlekey_buffer->read_buffer;
+        if (!save_data_file_read(&ticket_file, &br, offset, titlekey_buffer->read_buffer, buf_size) ||
-        for (u32 i = 0; i < buf_size; i += sizeof(ticket_record_t), curr_ticket_record++) {
+            titlekey_buffer->read_buffer[0] == 0 ||
-            if (curr_ticket_record->rights_id[0] == 0xFF) {
+            br != buf_size ||
-                terminator_reached = true;
+            _count_ticket_records(buf_size, titlekey_buffer, &file_tkey_count)
-                break;
+        ) {
-            }
+            break;
            file_tkey_count++;
        }
        offset += br;
    }
-    TPRINTF("  Count keys...");
+    TPRINTF("  Count titlekeys...");
    if (!save_open_file(save_ctx, &ticket_file, ticket_bin_path, OPEN_MODE_READ)) {
        EPRINTF("Unable to locate ticket.bin in save.");
@ -317,50 +314,17 @@ static bool _get_titlekeys_from_save(u32 buf_size, const u8 *save_mac_key, title
        return false;
    }
-    if (is_personalized) {
+    if (is_personalized)
        se_rsa_key_set(0, rsa_keypair->modulus, sizeof(rsa_keypair->modulus), rsa_keypair->private_exponent, sizeof(rsa_keypair->private_exponent));
    }
    const u32 ticket_sig_type_rsa2048_sha256 = 0x10004;
    offset = 0;
-    terminator_reached = false;
+    u32 pct = 0, last_pct = 0, remaining = file_tkey_count;
-    u32 pct = 0, last_pct = 0, i = 0;
+    while (offset < ticket_file.size && remaining) {
    while (offset < ticket_file.size && !terminator_reached) {
        if (!save_data_file_read(&ticket_file, &br, offset, titlekey_buffer->read_buffer, buf_size) || titlekey_buffer->read_buffer[0] == 0 || br != buf_size)
            break;
        offset += br;
-        ticket_t *curr_ticket = (ticket_t *)titlekey_buffer->read_buffer;
+        es_decode_tickets(buf_size, titlekey_buffer, remaining, file_tkey_count, &_titlekey_count, save_x, save_y, &pct, &last_pct, is_personalized);
-        for (u32 j = 0; j < buf_size; j += sizeof(ticket_t), curr_ticket++) {
+        remaining -= MIN(buf_size / sizeof(ticket_t), remaining);
            minerva_periodic_training();
            pct = (_titlekey_count - start_titlekey_count) * 100 / file_tkey_count;
            if (pct > last_pct && pct <= 100) {
                last_pct = pct;
                tui_pbar(save_x, save_y, pct, COLOR_GREEN, 0xFF155500);
            }
            if (i == file_tkey_count || curr_ticket->signature_type == 0) {
                terminator_reached = true;
                break;
            }
            if (curr_ticket->signature_type != ticket_sig_type_rsa2048_sha256) {
                i++;
                continue;
            }
            if (is_personalized) {
                se_rsa_exp_mod(0, curr_ticket->titlekey_block, sizeof(curr_ticket->titlekey_block), curr_ticket->titlekey_block, sizeof(curr_ticket->titlekey_block));
                if (se_rsa_oaep_decode(
                        curr_ticket->titlekey_block, sizeof(titlekey_buffer->titlekeys[0]),
                        null_hash, sizeof(null_hash),
                        curr_ticket->titlekey_block, sizeof(curr_ticket->titlekey_block)
                    ) != sizeof(titlekey_buffer->titlekeys[0])
                )
                    continue;
            }
            memcpy(titlekey_buffer->rights_ids[_titlekey_count], curr_ticket->rights_id, sizeof(titlekey_buffer->rights_ids[0]));
            memcpy(titlekey_buffer->titlekeys[_titlekey_count], curr_ticket->titlekey_block, sizeof(titlekey_buffer->titlekeys[0]));
            _titlekey_count++;
            i++;
        }
    }
    tui_pbar(save_x, save_y, 100, COLOR_GREEN, 0xFF155500);
    f_close(&fp);
@ -413,7 +377,8 @@ static bool _derive_sd_seed(key_storage_t *keys) {
    }
    u8 read_buf[0x20] __attribute__((aligned(4))) = {0};
-    // Skip the two header blocks and only check the first bytes of each block - file contents are always block-aligned
+    // Skip the two header blocks and only check the first bytes of each block
    // File contents are always block-aligned
    for (u32 i = SAVE_BLOCK_SIZE_DEFAULT * 2; i < f_size(&fp); i += SAVE_BLOCK_SIZE_DEFAULT) {
        if (f_lseek(&fp, i) || f_read(&fp, read_buf, 0x20, &read_bytes) || read_bytes != 0x20)
            break;
@ -429,133 +394,13 @@ static bool _derive_sd_seed(key_storage_t *keys) {
    return true;
 }
 static bool _decrypt_ssl_rsa_key(key_storage_t *keys, titlekey_buffer_t *titlekey_buffer) {
    if (!cal0_read(KS_BIS_00_TWEAK, KS_BIS_00_CRYPT, titlekey_buffer->read_buffer)) {
        return false;
    }
    nx_emmc_cal0_t *cal0 = (nx_emmc_cal0_t *)titlekey_buffer->read_buffer;
    u32 generation = 0;
    const void *encrypted_key = NULL;
    const void *iv = NULL;
    u32 key_size = 0;
    void *ctr_key = NULL;
    bool enforce_unique = true;
    if (!cal0_get_ssl_rsa_key(cal0, &encrypted_key, &key_size, &iv, &generation)) {
        return false;
    }
    if (key_size == SSL_RSA_KEY_SIZE) {
        bool all_zero = true;
        const u8 *key8 = (const u8 *)encrypted_key;
        for (u32 i = SE_RSA2048_DIGEST_SIZE; i < SSL_RSA_KEY_SIZE; i++) {
            if (key8[i] != 0) {
                all_zero = false;
                break;
            }
        }
        if (all_zero) {
            // Keys of this form are not encrypted
            memcpy(keys->ssl_rsa_key, encrypted_key, SE_RSA2048_DIGEST_SIZE);
            return true;
        }
        const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_DECRYPT_DEVICE_UNIQUE_DATA) | NOT_DEVICE_UNIQUE;
        ctr_key = keys->ssl_rsa_kek_legacy;
        _derive_rsa_kek(KS_AES_ECB, keys, ctr_key, ssl_rsa_kekek_source, ssl_rsa_kek_source_legacy, generation, option);
        enforce_unique = false;
    } else if (generation) {
        const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_SSL_KEY) | IS_DEVICE_UNIQUE;
        ctr_key = keys->ssl_rsa_kek_personalized;
        _derive_rsa_kek(KS_AES_ECB, keys, ctr_key, ssl_client_cert_kek_source, ssl_client_cert_key_source, generation, option);
    } else {
        ctr_key = keys->ssl_rsa_kek;
    }
    u32 ctr_size = enforce_unique ? key_size - 0x20 : key_size - 0x10;
    se_aes_key_set(KS_AES_CTR, ctr_key, SE_KEY_128_SIZE);
    se_aes_crypt_ctr(KS_AES_CTR, keys->ssl_rsa_key, ctr_size, encrypted_key, ctr_size, iv);
    if (enforce_unique) {
        u32 calc_mac[SE_KEY_128_SIZE / 4] = {0};
        calc_gmac(KS_AES_ECB, calc_mac, keys->ssl_rsa_key, ctr_size, ctr_key, iv);
        const u8 *key8 = (const u8 *)encrypted_key;
        if (memcmp(calc_mac, &key8[ctr_size], 0x10) != 0) {
            EPRINTF("SSL keypair has invalid GMac.");
            memset(keys->ssl_rsa_key, 0, sizeof(keys->ssl_rsa_key));
            return false;
        }
    }
    return true;
 }
 static bool _decrypt_eticket_rsa_key(key_storage_t *keys, titlekey_buffer_t *titlekey_buffer, bool is_dev) {
    if (!cal0_read(KS_BIS_00_TWEAK, KS_BIS_00_CRYPT, titlekey_buffer->read_buffer)) {
        return false;
    }
    nx_emmc_cal0_t *cal0 = (nx_emmc_cal0_t *)titlekey_buffer->read_buffer;
    u32 generation = 0;
    const void *encrypted_key = NULL;
    const void *iv = NULL;
    u32 key_size = 0;
    void *ctr_key = NULL;
    if (!cal0_get_eticket_rsa_key(cal0, &encrypted_key, &key_size, &iv, &generation)) {
        return false;
    }
    // Handle legacy case
    if (key_size == ETICKET_RSA_KEYPAIR_SIZE) {
        const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | NOT_DEVICE_UNIQUE;
        ctr_key = keys->temp_key;
        _derive_rsa_kek(KS_AES_ECB, keys, ctr_key, eticket_rsa_kekek_source, eticket_rsa_kek_source_legacy, generation, option);
        se_aes_key_set(KS_AES_CTR, ctr_key, SE_KEY_128_SIZE);
        se_aes_crypt_ctr(KS_AES_CTR, &keys->eticket_rsa_keypair, sizeof(keys->eticket_rsa_keypair), encrypted_key, sizeof(keys->eticket_rsa_keypair), iv);
        if (test_eticket_rsa_keypair(&keys->eticket_rsa_keypair)) {
            memcpy(keys->eticket_rsa_kek, ctr_key, sizeof(keys->eticket_rsa_kek));
            return true;
        }
        // Fall through and try usual method if not applicable
    }
    if (generation) {
        const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_ES_DEVICE_KEY) | IS_DEVICE_UNIQUE;
        ctr_key = keys->eticket_rsa_kek_personalized;
        const void *kek_source = is_dev ? eticket_rsa_kek_source_dev : eticket_rsa_kek_source;
        _derive_rsa_kek(KS_AES_ECB, keys, ctr_key, eticket_rsa_kekek_source, kek_source, generation, option);
    } else {
        ctr_key = keys->eticket_rsa_kek;
    }
    se_aes_key_set(KS_AES_CTR, ctr_key, SE_KEY_128_SIZE);
    se_aes_crypt_ctr(KS_AES_CTR, &keys->eticket_rsa_keypair, sizeof(keys->eticket_rsa_keypair), encrypted_key, sizeof(keys->eticket_rsa_keypair), iv);
    if (!test_eticket_rsa_keypair(&keys->eticket_rsa_keypair)) {
        EPRINTF("Invalid eticket keypair.");
        memset(&keys->eticket_rsa_keypair, 0, sizeof(keys->eticket_rsa_keypair));
        return false;
    }
    return true;
 }
 static bool _derive_titlekeys(key_storage_t *keys, titlekey_buffer_t *titlekey_buffer, bool is_dev) {
-    if (!_key_exists(keys->eticket_rsa_kek)) {
+    if (!key_exists(&keys->eticket_rsa_keypair)) {
        return false;
    }
    gfx_printf("%kTitlekeys...     \n", colors[(color_idx++) % 6]);
    if (!_decrypt_eticket_rsa_key(keys, titlekey_buffer, is_dev)) {
        return false;
    }
    const u32 buf_size = SAVE_BLOCK_SIZE_DEFAULT;
    _get_titlekeys_from_save(buf_size, keys->save_mac_key, titlekey_buffer, NULL);
    _get_titlekeys_from_save(buf_size, keys->save_mac_key, titlekey_buffer, &keys->eticket_rsa_keypair);
@ -565,7 +410,7 @@ static bool _derive_titlekeys(key_storage_t *keys, titlekey_buffer_t *titlekey_b
    return true;
 }
-static bool _derive_emmc_keys(key_storage_t *keys, titlekey_buffer_t *titlekey_buffer, bool is_dev) {
+static void _derive_emmc_keys(key_storage_t *keys, titlekey_buffer_t *titlekey_buffer, bool is_dev) {
    // Set BIS keys.
    // PRODINFO/PRODINFOF
    se_aes_key_set(KS_BIS_00_CRYPT, keys->bis_key[0] + 0x00, SE_KEY_128_SIZE);
@ -579,8 +424,17 @@ static bool _derive_emmc_keys(key_storage_t *keys, titlekey_buffer_t *titlekey_b
    if (!emummc_storage_set_mmc_partition(EMMC_GPP)) {
        EPRINTF("Unable to set partition.");
-        return false;
+        return;
    }
    if (!decrypt_ssl_rsa_key(keys, titlekey_buffer)) {
        EPRINTF("Unable to derive SSL key.");
    }
    if (!decrypt_eticket_rsa_key(keys, titlekey_buffer, is_dev)) {
        EPRINTF("Unable to derive ETicket key.");
    }
    // Parse eMMC GPT
    LIST_INIT(gpt);
    nx_emmc_gpt_parse(&gpt, &emmc_storage);
@ -589,7 +443,7 @@ static bool _derive_emmc_keys(key_storage_t *keys, titlekey_buffer_t *titlekey_b
    if (!system_part) {
        EPRINTF("Unable to locate System partition.");
        nx_emmc_gpt_free(&gpt);
-        return false;
+        return;
    }
    nx_emmc_bis_init(system_part);
@ -597,7 +451,7 @@ static bool _derive_emmc_keys(key_storage_t *keys, titlekey_buffer_t *titlekey_b
    if (f_mount(&emmc_fs, "bis:", 1)) {
        EPRINTF("Unable to mount system partition.");
        nx_emmc_gpt_free(&gpt);
-        return false;
+        return;
    }
    if (!sd_mount()) {
@ -606,20 +460,12 @@ static bool _derive_emmc_keys(key_storage_t *keys, titlekey_buffer_t *titlekey_b
        EPRINTF("Unable to get SD seed.");
    }
-    bool res = _decrypt_ssl_rsa_key(keys, titlekey_buffer);
+    if (!_derive_titlekeys(keys, titlekey_buffer, is_dev)) {
    if (!res) {
        EPRINTF("Unable to derive SSL key.");
    }
    res = _derive_titlekeys(keys, titlekey_buffer, is_dev);
    if (!res) {
        EPRINTF("Unable to derive titlekeys.");
    }
    f_mount(NULL, "bis:", 1);
    nx_emmc_gpt_free(&gpt);
    return res;
 }
 // The security engine supports partial key override for locked keyslots
@ -644,13 +490,13 @@ int save_mariko_partial_keys(u32 start, u32 count, bool append) {
    u32 pos = 0;
    u32 zeros[SE_KEY_128_SIZE / 4] = {0};
    u8 *data = malloc(4 * SE_KEY_128_SIZE);
-    char *text_buffer = calloc(1, 0x100 * count);
+    char *text_buffer = calloc(count, 0x100);
    for (u32 ks = start; ks < start + count; ks++) {
        // Check if key is as expected
        if (ks < ARRAY_SIZE(mariko_key_vectors)) {
            se_aes_crypt_block_ecb(ks, DECRYPT, &data[0], mariko_key_vectors[ks]);
-            if (_key_exists(data)) {
+            if (key_exists(data)) {
                EPRINTFARGS("Failed to validate keyslot %d.", ks);
                continue;
            }
@ -721,14 +567,13 @@ int save_mariko_partial_keys(u32 start, u32 count, bool append) {
 }
 static void _save_keys_to_sd(key_storage_t *keys, titlekey_buffer_t *titlekey_buffer, bool is_dev) {
    char *text_buffer = NULL;
    if (!sd_mount()) {
        EPRINTF("Unable to mount SD.");
        return;
    }
    u32 text_buffer_size = MAX(_titlekey_count * sizeof(titlekey_text_buffer_t) + 1, SZ_16K);
-    text_buffer = (char *)calloc(1, text_buffer_size);
+    char *text_buffer = (char *)calloc(1, text_buffer_size);
    SAVE_KEY(aes_kek_generation_source);
    SAVE_KEY(aes_key_generation_source);
@ -761,9 +606,9 @@ static void _save_keys_to_sd(key_storage_t *keys, titlekey_buffer_t *titlekey_bu
    SAVE_KEY_FAMILY_VAR(keyblob_mac_key, keys->keyblob_mac_key, 0);
    SAVE_KEY(keyblob_mac_key_source);
    if (is_dev) {
-        SAVE_KEY_FAMILY_VAR(mariko_master_kek_source, mariko_master_kek_sources_dev, 5);
+        SAVE_KEY_FAMILY_VAR(mariko_master_kek_source, mariko_master_kek_sources_dev, KB_FIRMWARE_VERSION_600);
    } else {
-        SAVE_KEY_FAMILY_VAR(mariko_master_kek_source, mariko_master_kek_sources, 5);
+        SAVE_KEY_FAMILY_VAR(mariko_master_kek_source, mariko_master_kek_sources, KB_FIRMWARE_VERSION_600);
    }
    SAVE_KEY_FAMILY_VAR(master_kek, keys->master_kek, 0);
    SAVE_KEY_FAMILY_VAR(master_kek_source, master_kek_sources, KB_FIRMWARE_VERSION_620);
@ -784,7 +629,7 @@ static void _save_keys_to_sd(key_storage_t *keys, titlekey_buffer_t *titlekey_bu
    SAVE_KEY(sd_card_nca_key_source);
    SAVE_KEY(sd_card_save_key_source);
    SAVE_KEY_VAR(sd_seed, keys->sd_seed);
-    SAVE_KEY_VAR(secure_boot_key, keys->sbk);
+    SAVE_KEY_VAR(secure_boot_key, keys->secure_boot_key);
    SAVE_KEY_VAR(ssl_rsa_kek, keys->ssl_rsa_kek);
    SAVE_KEY_VAR(ssl_rsa_kek_personalized, keys->ssl_rsa_kek_personalized);
    if (is_dev) {
@ -798,9 +643,8 @@ static void _save_keys_to_sd(key_storage_t *keys, titlekey_buffer_t *titlekey_bu
    SAVE_KEY(titlekek_source);
    SAVE_KEY_VAR(tsec_key, keys->tsec_key);
    const u32 root_key_ver = 2;
    char root_key_name[21] = "tsec_root_key_00";
-    s_printf(root_key_name + 14, "%02x", root_key_ver);
+    s_printf(root_key_name + 14, "%02x", TSEC_ROOT_KEY_VERSION);
    _save_key(root_key_name, keys->tsec_root_key, SE_KEY_128_SIZE, text_buffer);
    gfx_printf("\n%k  Found %d %s keys.\n\n", colors[(color_idx++) % 6], _key_count, is_dev ? "dev" : "prod");
@ -844,47 +688,10 @@ static void _save_keys_to_sd(key_storage_t *keys, titlekey_buffer_t *titlekey_bu
    free(text_buffer);
 }
 static bool _check_keyslot_access() {
    u8 test_data[SE_KEY_128_SIZE] = {0};
    const u8 test_ciphertext[SE_KEY_128_SIZE] = {0};
    se_aes_key_set(KS_AES_ECB, "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f", SE_KEY_128_SIZE);
    se_aes_crypt_block_ecb(KS_AES_ECB, DECRYPT, test_data, test_ciphertext);
    return memcmp(test_data, "\x7b\x1d\x29\xa1\x6c\xf8\xcc\xab\x84\xf0\xb8\xa5\x98\xe4\x2f\xa6", SE_KEY_128_SIZE) == 0;
 }
 static void _derive_master_keys(key_storage_t *prod_keys, key_storage_t *dev_keys, bool is_dev) {
    key_storage_t *keys = is_dev ? dev_keys : prod_keys;
    if (h_cfg.t210b01) {
        _derive_master_key_mariko(keys, is_dev);
        minerva_periodic_training();
        _derive_master_keys_from_latest_key(keys, is_dev);
    } else {
        int res = _run_ams_keygen(keys);
        if (res) {
            return;
        }
        u8 *aes_keys = (u8 *)calloc(SZ_4K, 1);
        se_get_aes_keys(aes_keys + SZ_2K, aes_keys, SE_KEY_128_SIZE);
        memcpy(&dev_keys->tsec_root_key,  aes_keys + KS_TSEC_ROOT_DEV * SE_KEY_128_SIZE, SE_KEY_128_SIZE);
        memcpy(keys->tsec_key,            aes_keys + KS_TSEC * SE_KEY_128_SIZE,          SE_KEY_128_SIZE);
        memcpy(&prod_keys->tsec_root_key, aes_keys + KS_TSEC_ROOT * SE_KEY_128_SIZE,     SE_KEY_128_SIZE);
        free(aes_keys);
        _derive_master_keys_from_latest_key(prod_keys, false);
        minerva_periodic_training();
        _derive_master_keys_from_latest_key(dev_keys, true);
        minerva_periodic_training();
        _derive_keyblob_keys(keys);
    }
 }
 static void _derive_keys() {
    minerva_periodic_training();
-    if (!_check_keyslot_access()) {
+    if (!check_keyslot_access()) {
        EPRINTF("Unable to set crypto keyslots!\nTry launching payload differently\n or flash Spacecraft-NX if using a modchip.");
        return;
    }
@ -917,27 +724,16 @@ static void _derive_keys() {
    TPRINTFARGS("%kBIS keys...     ", colors[(color_idx++) % 6]);
-    minerva_periodic_training();
+    _derive_misc_keys(keys);
    _derive_misc_keys(keys, is_dev);
    minerva_periodic_training();
    _derive_non_unique_keys(&prod_keys, is_dev);
    minerva_periodic_training();
    _derive_non_unique_keys(&dev_keys, is_dev);
    minerva_periodic_training();
    _derive_per_generation_keys(&prod_keys);
    minerva_periodic_training();
    _derive_per_generation_keys(&dev_keys);
    titlekey_buffer_t *titlekey_buffer = (titlekey_buffer_t *)TITLEKEY_BUF_ADR;
    // Requires BIS key for SYSTEM partition
    if (!emmc_storage.initialized) {
        EPRINTF("eMMC not initialized.\nSkipping SD seed and titlekeys.");
-    } else if (_key_exists(keys->bis_key[2])) {
+    } else if (key_exists(keys->bis_key[2])) {
        _derive_emmc_keys(keys, titlekey_buffer, is_dev);
    } else {
        EPRINTF("Missing needed BIS keys.\nSkipping SD seed and titlekeys.");
@ -964,7 +760,6 @@ void derive_amiibo_keys() {
    key_storage_t __attribute__((aligned(4))) prod_keys = {0}, dev_keys = {0};
    key_storage_t *keys = is_dev ? &dev_keys : &prod_keys;
    const u8 *encrypted_keys = is_dev ? encrypted_nfc_keys_dev : encrypted_nfc_keys;
    _derive_master_keys(&prod_keys, &dev_keys, is_dev);
@ -978,60 +773,32 @@ void derive_amiibo_keys() {
    minerva_periodic_training();
-    if (!_key_exists(keys->master_key[0])) {
+    if (!key_exists(keys->master_key[0])) {
        EPRINTF("Unable to derive master keys for NFC.");
        minerva_change_freq(FREQ_800);
        btn_wait();
        return;
    }
    decrypt_aes_key(KS_AES_ECB, keys, keys->temp_key, nfc_key_source, 0, 0);
    nfc_keyblob_t __attribute__((aligned(4))) nfc_keyblob;
    static const u8 nfc_iv[SE_KEY_128_SIZE] = {
        0xB9, 0x1D, 0xC1, 0xCF, 0x33, 0x5F, 0xA6, 0x13, 0x2A, 0xEF, 0x90, 0x99, 0xAA, 0xCA, 0x93, 0xC8};
    se_aes_key_set(KS_AES_CTR, keys->temp_key, SE_KEY_128_SIZE);
    se_aes_crypt_ctr(KS_AES_CTR, &nfc_keyblob, sizeof(nfc_keyblob), encrypted_keys, sizeof(nfc_keyblob), &nfc_iv);
    minerva_periodic_training();
    u8 xor_pad[0x20] __attribute__((aligned(4))) = {0};
    se_aes_key_set(KS_AES_CTR, nfc_keyblob.ctr_key, SE_KEY_128_SIZE);
    se_aes_crypt_ctr(KS_AES_CTR, xor_pad, sizeof(xor_pad), xor_pad, sizeof(xor_pad), nfc_keyblob.ctr_iv);
    minerva_periodic_training();
    nfc_save_key_t __attribute__((aligned(4))) nfc_save_keys[2] = {0};
    memcpy(nfc_save_keys[0].hmac_key, nfc_keyblob.hmac_key, sizeof(nfc_keyblob.hmac_key));
    memcpy(nfc_save_keys[0].phrase, nfc_keyblob.phrase, sizeof(nfc_keyblob.phrase));
    nfc_save_keys[0].seed_size = sizeof(nfc_keyblob.seed);
    memcpy(nfc_save_keys[0].seed, nfc_keyblob.seed, sizeof(nfc_keyblob.seed));
    memcpy(nfc_save_keys[0].xor_pad, xor_pad, sizeof(xor_pad));
-    memcpy(nfc_save_keys[1].hmac_key, nfc_keyblob.hmac_key_for_verif, sizeof(nfc_keyblob.hmac_key_for_verif));
+    nfc_decrypt_amiibo_keys(keys, nfc_save_keys, is_dev);
    memcpy(nfc_save_keys[1].phrase, nfc_keyblob.phrase_for_verif, sizeof(nfc_keyblob.phrase_for_verif));
    nfc_save_keys[1].seed_size = sizeof(nfc_keyblob.seed_for_verif);
    memcpy(nfc_save_keys[1].seed, nfc_keyblob.seed_for_verif, sizeof(nfc_keyblob.seed_for_verif));
    memcpy(nfc_save_keys[1].xor_pad, xor_pad, sizeof(xor_pad));
    minerva_periodic_training();
-    u8 hash[0x20] = {0};
+    u32 hash[SE_SHA_256_SIZE / 4] = {0};
    se_calc_sha256_oneshot(hash, &nfc_save_keys[0], sizeof(nfc_save_keys));
    if (memcmp(hash, is_dev ? nfc_blob_hash_dev : nfc_blob_hash, sizeof(hash)) != 0) {
        EPRINTF("Amiibo hash mismatch. Skipping save.");
        minerva_change_freq(FREQ_800);
        btn_wait();
        return;
    }
    const char *keyfile_path = is_dev ? "sd:/switch/key_dev.bin" : "sd:/switch/key_retail.bin";
    if (!sd_save_to_file(&nfc_save_keys[0], sizeof(nfc_save_keys), keyfile_path)) {
        gfx_printf("%kWrote Amiibo keys to\n %s\n", colors[(color_idx++) % 6], keyfile_path);
    } else {
-        EPRINTF("Unable to save Amiibo keys to SD.");
+        const char *keyfile_path = is_dev ? "sd:/switch/key_dev.bin" : "sd:/switch/key_retail.bin";
        if (!sd_save_to_file(&nfc_save_keys[0], sizeof(nfc_save_keys), keyfile_path)) {
            gfx_printf("%kWrote Amiibo keys to\n %s\n", colors[(color_idx++) % 6], keyfile_path);
        } else {
            EPRINTF("Unable to save Amiibo keys to SD.");
        }
    }
    gfx_printf("\n%kPress a button to return to the menu.", colors[(color_idx++) % 6]);
@ -1081,23 +848,3 @@ void dump_keys() {
    }
    gfx_clear_grey(0x1B);
 }
 static void _save_key(const char *name, const void *data, u32 len, char *outbuf) {
    if (!_key_exists(data))
        return;
    u32 pos = strlen(outbuf);
    pos += s_printf(&outbuf[pos], "%s = ", name);
    for (u32 i = 0; i < len; i++)
        pos += s_printf(&outbuf[pos], "%02x", *(u8*)(data + i));
    s_printf(&outbuf[pos], "\n");
    _key_count++;
 }
 static void _save_key_family(const char *name, const void *data, u32 start_key, u32 num_keys, u32 len, char *outbuf) {
    char *temp_name = calloc(1, 0x40);
    for (u32 i = 0; i < num_keys; i++) {
        s_printf(temp_name, "%s_%02x", name, i + start_key);
        _save_key(temp_name, data + i * len, len, outbuf);
    }
    free(temp_name);
 }
--- a/source/keys/keys.h
+++ b/source/keys/keys.h
@ -23,73 +23,6 @@
 #include <sec/se_t210.h>
 #include <utils/types.h>
 // only tickets of type Rsa2048Sha256 are expected
 typedef struct {
    u32 signature_type;   // always 0x10004
    u8 signature[SE_RSA2048_DIGEST_SIZE];
    u8 sig_padding[0x3C];
    char issuer[0x40];
    u8 titlekey_block[SE_RSA2048_DIGEST_SIZE];
    u8 format_version;
    u8 titlekey_type;
    u16 ticket_version;
    u8 license_type;
    u8 common_key_id;
    u16 property_mask;
    u64 reserved;
    u64 ticket_id;
    u64 device_id;
    u8 rights_id[0x10];
    u32 account_id;
    u32 sect_total_size;
    u32 sect_hdr_offset;
    u16 sect_hdr_count;
    u16 sect_hdr_entry_size;
    u8 padding[0x140];
 } ticket_t;
 typedef struct {
    u8 rights_id[0x10];
    u64 ticket_id;
    u32 account_id;
    u16 property_mask;
    u16 reserved;
 } ticket_record_t;
 typedef struct {
    u8 read_buffer[SZ_256K];
    u8 rights_ids[SZ_256K / 0x10][0x10];
    u8 titlekeys[SZ_256K / 0x10][0x10];
 } titlekey_buffer_t;
 typedef struct {
    char phrase[0xE];
    u8 seed[0xE];
    u8 hmac_key[0x10];
    char phrase_for_verif[0xE];
    u8 seed_for_verif[0x10];
    u8 hmac_key_for_verif[0x10];
    u8 ctr_key[0x10];
    u8 ctr_iv[0x10];
    u8 pad[6];
 } nfc_keyblob_t;
 typedef struct {
    u8 hmac_key[0x10];
    char phrase[0xE];
    u8 rsvd;
    u8 seed_size;
    u8 seed[0x10];
    u8 xor_pad[0x20];
 } nfc_save_key_t;
 typedef struct {
    char rights_id[0x20];
    char equals[3];
    char titlekey[0x20];
    char newline[1];
 } titlekey_text_buffer_t;
 #define TPRINTF(text) \
    end_time = get_tmr_us(); \
    gfx_printf(text" done in %d us\n", end_time - start_time); \
--- a/source/keys/nfc_crypto.c
+++ b/source/keys/nfc_crypto.c
@ -0,0 +1,54 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "nfc_crypto.h"
 #include <mem/minerva.h>
 #include <sec/se.h>
 #include <string.h>
 void nfc_decrypt_amiibo_keys(key_storage_t *keys, nfc_save_key_t out_nfc_save_keys[2], bool is_dev) {
    const u8 *encrypted_keys = is_dev ? encrypted_nfc_keys_dev : encrypted_nfc_keys;
    u32 kek[SE_KEY_128_SIZE / 4] = {0};
    decrypt_aes_key(KS_AES_ECB, keys, kek, nfc_key_source, 0, 0);
    nfc_keyblob_t __attribute__((aligned(4))) nfc_keyblob;
    static const u8 nfc_iv[SE_AES_IV_SIZE] = {
        0xB9, 0x1D, 0xC1, 0xCF, 0x33, 0x5F, 0xA6, 0x13, 0x2A, 0xEF, 0x90, 0x99, 0xAA, 0xCA, 0x93, 0xC8};
    se_aes_key_set(KS_AES_CTR, kek, SE_KEY_128_SIZE);
    se_aes_crypt_ctr(KS_AES_CTR, &nfc_keyblob, sizeof(nfc_keyblob), encrypted_keys, sizeof(nfc_keyblob), &nfc_iv);
    minerva_periodic_training();
    u32 xor_pad[0x20 / 4] = {0};
    se_aes_key_set(KS_AES_CTR, nfc_keyblob.ctr_key, SE_KEY_128_SIZE);
    se_aes_crypt_ctr(KS_AES_CTR, xor_pad, sizeof(xor_pad), xor_pad, sizeof(xor_pad), nfc_keyblob.ctr_iv);
    minerva_periodic_training();
    memcpy(out_nfc_save_keys[0].hmac_key, nfc_keyblob.hmac_key, sizeof(nfc_keyblob.hmac_key));
    memcpy(out_nfc_save_keys[0].phrase, nfc_keyblob.phrase, sizeof(nfc_keyblob.phrase));
    out_nfc_save_keys[0].seed_size = sizeof(nfc_keyblob.seed);
    memcpy(out_nfc_save_keys[0].seed, nfc_keyblob.seed, sizeof(nfc_keyblob.seed));
    memcpy(out_nfc_save_keys[0].xor_pad, xor_pad, sizeof(xor_pad));
    memcpy(out_nfc_save_keys[1].hmac_key, nfc_keyblob.hmac_key_for_verif, sizeof(nfc_keyblob.hmac_key_for_verif));
    memcpy(out_nfc_save_keys[1].phrase, nfc_keyblob.phrase_for_verif, sizeof(nfc_keyblob.phrase_for_verif));
    out_nfc_save_keys[1].seed_size = sizeof(nfc_keyblob.seed_for_verif);
    memcpy(out_nfc_save_keys[1].seed, nfc_keyblob.seed_for_verif, sizeof(nfc_keyblob.seed_for_verif));
    memcpy(out_nfc_save_keys[1].xor_pad, xor_pad, sizeof(xor_pad));
 }
--- a/source/keys/nfc_crypto.h
+++ b/source/keys/nfc_crypto.h
@ -0,0 +1,75 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _NFC_CRYPTO_H_
 #define _NFC_CRYPTO_H_
 #include "crypto.h"
 #include <sec/se_t210.h>
 #include <utils/types.h>
 static const u8 nfc_key_source[0x10] __attribute__((aligned(4))) = {
    0x83, 0xF6, 0xEF, 0xD8, 0x13, 0x26, 0x49, 0xAB, 0x97, 0x5F, 0xEA, 0xBA, 0x65, 0x71, 0xCA, 0xCA};
 static const u8 encrypted_nfc_keys[0x80] __attribute__((aligned(4))) = {
    0x76, 0x50, 0x87, 0x02, 0x40, 0xA6, 0x5A, 0x98, 0xCE, 0x39, 0x2F, 0xC8, 0x83, 0xAF, 0x54, 0x76,
    0x28, 0xFF, 0x50, 0xFC, 0xC1, 0xFB, 0x26, 0x14, 0xA2, 0x4A, 0xA6, 0x74, 0x90, 0xA4, 0x37, 0x06,
    0x03, 0x63, 0xC2, 0xB1, 0xAF, 0x9F, 0xF7, 0x07, 0xFC, 0x8A, 0xB9, 0xCA, 0x28, 0x68, 0x6E, 0xF7,
    0x42, 0xCD, 0x68, 0x13, 0xCD, 0x7B, 0x3A, 0x60, 0x3E, 0x8B, 0xAB, 0x3A, 0xCC, 0xED, 0xE0, 0xDD,
    0x71, 0x1F, 0xA5, 0xDE, 0xB8, 0xB1, 0xF5, 0x1D, 0x14, 0x73, 0xBE, 0x27, 0xCC, 0xA1, 0x9B, 0x23,
    0x06, 0x91, 0x89, 0x05, 0xED, 0xD6, 0x92, 0x76, 0x3F, 0x42, 0xFB, 0xD1, 0x8F, 0x2D, 0x6D, 0x72,
    0xC8, 0x9E, 0x48, 0xE8, 0x03, 0x64, 0xF0, 0x3C, 0x0E, 0x2A, 0xF1, 0x26, 0x83, 0x02, 0x4F, 0xE2,
    0x41, 0xAA, 0xC8, 0x33, 0x68, 0x84, 0x3A, 0xFB, 0x87, 0x18, 0xEA, 0xF7, 0x36, 0xA2, 0x4E, 0xA9};
 static const u8 encrypted_nfc_keys_dev[0x80] __attribute__((aligned(4))) = {
    0x13, 0xB0, 0xFB, 0xC2, 0x91, 0x6D, 0x6E, 0x5A, 0x10, 0x31, 0x40, 0xB7, 0xDF, 0xCF, 0x69, 0x69,
    0xB0, 0xFA, 0xAE, 0x7F, 0xB2, 0x4D, 0x27, 0xC9, 0xE9, 0x3F, 0x5B, 0x38, 0x39, 0x24, 0x98, 0xCE,
    0xED, 0xD2, 0xA9, 0x6C, 0x6F, 0xA7, 0x72, 0xD7, 0x11, 0x31, 0x17, 0x93, 0x12, 0x49, 0x32, 0x85,
    0x21, 0xE5, 0xE1, 0x88, 0x0F, 0x08, 0xF2, 0x30, 0x5C, 0xC3, 0xAA, 0xFF, 0xC0, 0xAB, 0x21, 0x96,
    0x74, 0x39, 0xED, 0xE0, 0x5A, 0xB6, 0x75, 0xC2, 0x3B, 0x08, 0x61, 0xE4, 0xA7, 0xD6, 0xED, 0x8C,
    0xA9, 0x02, 0x12, 0xA6, 0xCC, 0x27, 0x4C, 0x1C, 0x41, 0x9C, 0xD8, 0x4C, 0x00, 0xC7, 0x5B, 0x5D,
    0xED, 0xC2, 0x3D, 0x5E, 0x00, 0xF5, 0x49, 0xFA, 0x6C, 0x75, 0x67, 0xCF, 0x1F, 0x73, 0x1A, 0xE8,
    0x47, 0xD4, 0x3D, 0x9B, 0x83, 0x5B, 0x18, 0x2F, 0x95, 0xA9, 0x04, 0xBC, 0x2E, 0xBB, 0x64, 0x4A};
 static const u8 nfc_blob_hash[SE_SHA_256_SIZE] __attribute__((aligned(4))) = {
    0x7F, 0x92, 0x83, 0x65, 0x4E, 0xC1, 0x09, 0x7F, 0xBD, 0xFF, 0x31, 0xDE, 0x94, 0x66, 0x51, 0xAE,
    0x60, 0xC2, 0x85, 0x4A, 0xFB, 0x54, 0x4A, 0xBE, 0x89, 0x63, 0xD3, 0x89, 0x63, 0x9C, 0x71, 0x0E};
 static const u8 nfc_blob_hash_dev[SE_SHA_256_SIZE] __attribute__((aligned(4))) = {
    0x4E, 0x36, 0x59, 0x1C, 0x75, 0x80, 0x23, 0x03, 0x98, 0x2D, 0x45, 0xD9, 0x85, 0xB8, 0x60, 0x18,
    0x7C, 0x85, 0x37, 0x9B, 0xCB, 0xBA, 0xF3, 0xDC, 0x25, 0x38, 0x73, 0xDB, 0x2F, 0xFA, 0xAE, 0x26};
 typedef struct {
    char phrase[0xE];
    u8 seed[0xE];
    u8 hmac_key[0x10];
    char phrase_for_verif[0xE];
    u8 seed_for_verif[0x10];
    u8 hmac_key_for_verif[0x10];
    u8 ctr_key[0x10];
    u8 ctr_iv[0x10];
    u8 pad[6];
 } nfc_keyblob_t;
 typedef struct {
    u8 hmac_key[0x10];
    char phrase[0xE];
    u8 rsvd;
    u8 seed_size;
    u8 seed[0x10];
    u8 xor_pad[0x20];
 } nfc_save_key_t;
 void nfc_decrypt_amiibo_keys(key_storage_t *keys, nfc_save_key_t out_nfc_save_keys[2], bool is_dev);
 #endif
--- a/source/keys/ssl_crypto.c
+++ b/source/keys/ssl_crypto.c
@ -0,0 +1,120 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #include "ssl_crypto.h"
 #include "cal0_read.h"
 #include "gmac.h"
 #include "../config.h"
 #include <gfx_utils.h>
 #include <sec/se.h>
 #include <sec/se_t210.h>
 #include <string.h>
 extern hekate_config h_cfg;
 void ssl_derive_rsa_kek_device_unique(key_storage_t *keys, void *out_rsa_kek, u32 generation) {
    if ((!h_cfg.t210b01 && !key_exists(keys->device_key)) || (h_cfg.t210b01 && (!key_exists(keys->master_key[0]) || !key_exists(keys->device_key_4x)))) {
        return;
    }
    const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_IMPORT_SSL_KEY) | IS_DEVICE_UNIQUE;
    derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, ssl_client_cert_kek_source, ssl_client_cert_key_source, generation, option);
 }
 void ssl_derive_rsa_kek_legacy(key_storage_t *keys, void *out_rsa_kek) {
    if (!key_exists(keys->master_key[0])) {
        return;
    }
    const u32 generation = 0;
    const u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_DECRYPT_DEVICE_UNIQUE_DATA) | NOT_DEVICE_UNIQUE;
    derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, ssl_rsa_kekek_source, ssl_rsa_kek_source_legacy, generation, option);
 }
 void ssl_derive_rsa_kek_original(key_storage_t *keys, void *out_rsa_kek, bool is_dev) {
    if (!key_exists(keys->master_key[0])) {
        return;
    }
    const void *ssl_kek_source = is_dev ? ssl_rsa_kek_source_dev : ssl_rsa_kek_source;
    const u32 generation = 0;
    u32 option = SET_SEAL_KEY_INDEX(SEAL_KEY_DECRYPT_DEVICE_UNIQUE_DATA) | NOT_DEVICE_UNIQUE;
    derive_rsa_kek(KS_AES_ECB, keys, out_rsa_kek, ssl_rsa_kekek_source, ssl_kek_source, generation, option);
 }
 bool decrypt_ssl_rsa_key(key_storage_t *keys, void *buffer) {
    if (!cal0_read(KS_BIS_00_TWEAK, KS_BIS_00_CRYPT, buffer)) {
        return false;
    }
    nx_emmc_cal0_t *cal0 = (nx_emmc_cal0_t *)buffer;
    u32 generation = 0;
    const void *encrypted_key = NULL;
    const void *iv = NULL;
    u32 key_size = 0;
    void *ctr_key = NULL;
    bool enforce_unique = true;
    if (!cal0_get_ssl_rsa_key(cal0, &encrypted_key, &key_size, &iv, &generation)) {
        return false;
    }
    if (key_size == SSL_RSA_KEY_SIZE) {
        bool all_zero = true;
        const u8 *key8 = (const u8 *)encrypted_key;
        for (u32 i = SE_RSA2048_DIGEST_SIZE; i < SSL_RSA_KEY_SIZE; i++) {
            if (key8[i] != 0) {
                all_zero = false;
                break;
            }
        }
        if (all_zero) {
            // Keys of this form are not encrypted
            memcpy(keys->ssl_rsa_key, encrypted_key, SE_RSA2048_DIGEST_SIZE);
            return true;
        }
        ssl_derive_rsa_kek_legacy(keys, keys->ssl_rsa_kek_legacy);
        ctr_key = keys->ssl_rsa_kek_legacy;
        enforce_unique = false;
    } else if (generation) {
        ssl_derive_rsa_kek_device_unique(keys, keys->ssl_rsa_kek_personalized, generation);
        ctr_key = keys->ssl_rsa_kek_personalized;
    } else {
        ctr_key = keys->ssl_rsa_kek;
    }
    u32 ctr_size = enforce_unique ? key_size - 0x20 : key_size - 0x10;
    se_aes_key_set(KS_AES_CTR, ctr_key, SE_KEY_128_SIZE);
    se_aes_crypt_ctr(KS_AES_CTR, keys->ssl_rsa_key, ctr_size, encrypted_key, ctr_size, iv);
    if (enforce_unique) {
        u32 calc_mac[SE_KEY_128_SIZE / 4] = {0};
        calc_gmac(KS_AES_ECB, calc_mac, keys->ssl_rsa_key, ctr_size, ctr_key, iv);
        const u8 *key8 = (const u8 *)encrypted_key;
        if (memcmp(calc_mac, &key8[ctr_size], 0x10) != 0) {
            EPRINTF("SSL keypair has invalid GMac.");
            memset(keys->ssl_rsa_key, 0, sizeof(keys->ssl_rsa_key));
            return false;
        }
    }
    return true;
 }
--- a/source/keys/ssl_crypto.h
+++ b/source/keys/ssl_crypto.h
@ -0,0 +1,45 @@
 /*
 * Copyright (c) 2022 shchmue
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 #ifndef _SSL_CRYPTO_H_
 #define _SSL_CRYPTO_H_
 #include "crypto.h"
 #include <utils/types.h>
 #define SSL_RSA_KEY_SIZE (SE_AES_IV_SIZE + SE_RSA2048_DIGEST_SIZE)
 static const u8 ssl_rsa_kekek_source[0x10] __attribute__((aligned(4))) = {
    0x7F, 0x5B, 0xB0, 0x84, 0x7B, 0x25, 0xAA, 0x67, 0xFA, 0xC8, 0x4B, 0xE2, 0x3D, 0x7B, 0x69, 0x03};
 static const u8 ssl_rsa_kek_source[0x10] __attribute__((aligned(4))) = {
    0x9A, 0x38, 0x3B, 0xF4, 0x31, 0xD0, 0xBD, 0x81, 0x32, 0x53, 0x4B, 0xA9, 0x64, 0x39, 0x7D, 0xE3};
 static const u8 ssl_rsa_kek_source_dev[0x10] __attribute__((aligned(4))) = {
    0xD5, 0xD2, 0xFC, 0x00, 0xFD, 0x49, 0xDD, 0xF8, 0xEE, 0x7B, 0xC4, 0x4B, 0xE1, 0x4C, 0xAA, 0x99};
 static const u8 ssl_rsa_kek_source_legacy[0x10] __attribute__((aligned(4))) = {
    0xED, 0x36, 0xB1, 0x32, 0x27, 0x17, 0xD2, 0xB0, 0xBA, 0x1F, 0xC1, 0xBD, 0x4D, 0x38, 0x0F, 0x5E};
 static const u8 ssl_client_cert_kek_source[0x10] __attribute__((aligned(4))) = {
    0x64, 0xB8, 0x30, 0xDD, 0x0F, 0x3C, 0xB7, 0xFB, 0x4C, 0x16, 0x01, 0x97, 0xEA, 0x9D, 0x12, 0x10};
 static const u8 ssl_client_cert_key_source[0x10] __attribute__((aligned(4))) = {
    0x4D, 0x92, 0x5A, 0x69, 0x42, 0x23, 0xBB, 0x92, 0x59, 0x16, 0x3E, 0x51, 0x8C, 0x78, 0x14, 0x0F};
 void ssl_derive_rsa_kek_device_unique(key_storage_t *keys, void *out_rsa_kek, u32 generation);
 void ssl_derive_rsa_kek_legacy(key_storage_t *keys, void *out_rsa_kek);
 void ssl_derive_rsa_kek_original(key_storage_t *keys, void *out_rsa_kek, bool is_dev);
 bool decrypt_ssl_rsa_key(key_storage_t *keys, void *buffer);
 #endif
Author	SHA1	Message	Date
shchmue	d625847124	Bump version to v1.9.10	2023-02-22 16:18:38 -08:00
shchmue	fe7480fdd1	Merge pull request #87 from FlyingBananaTree/master Support 16.0.0 keys	2023-02-22 16:05:22 -08:00
FlyingBananaTree	b5be83652c	Support 16.0.0 keys	2023-02-21 23:10:17 +00:00
shchmue	fb6b966bd6	Bump version to v1.9.9	2022-11-06 17:59:36 -08:00
shchmue	ffea336ecc	keys: Use SE size definitions	2022-11-05 16:47:21 -07:00
shchmue	43be4ef19f	keys: Make more readability tweaks	2022-11-05 16:40:15 -07:00
shchmue	dcf4bca30c	keys: Move RSA functions out of keys.c	2022-11-05 15:41:16 -07:00
shchmue	1b2c829ca0	keys: Fix hex prefix capitalization	2022-11-05 14:40:33 -07:00
shchmue	dd41e3fee8	keys: Split crypto functions by sysmodule	2022-11-05 14:39:02 -07:00
shchmue	c7d90ec8ca	Further improve readability	2022-11-02 18:36:39 -07:00