├── fuse_3ds
    ├── __init__.py
    ├── seeddb.py
    ├── romfsfuse.py
    ├── 3dsxfuse.py
    ├── ticket.py
    ├── crypto.py
    ├── aeskeydb.py
    ├── exefsfuse.py
    ├── cia.py
    ├── tmd.py
    ├── ncch.py
    ├── ncchfuse.py
    ├── ciafuse.py
    └── romfs.py
├── .gitignore
├── MANIFEST
├── setup.py
├── README
└── genaeskeys.py


/fuse_3ds/__init__.py:
--------------------------------------------------------------------------------
1 | all=["aeskeydb","cia","crypto","ncch","seeddb","ticket","tmd"]
2 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | __pycache__/
2 | *.pyc
3 | aeskeydb.bin
4 | *.cia
5 | seeddb.bin
6 | venv/
7 | aeskeydb.yaml
8 | 


--------------------------------------------------------------------------------
/MANIFEST:
--------------------------------------------------------------------------------
 1 | # file GENERATED by distutils, do NOT edit
 2 | README
 3 | ciafuse.py
 4 | exefsfuse.py
 5 | ncchfuse.py
 6 | romfsfuse.py
 7 | setup.py
 8 | fuse_3ds/__init__.py
 9 | fuse_3ds/aeskeydb.py
10 | fuse_3ds/cia.py
11 | fuse_3ds/crypto.py
12 | fuse_3ds/ncch.py
13 | fuse_3ds/seeddb.py
14 | fuse_3ds/ticket.py
15 | fuse_3ds/tmd.py
16 | 


--------------------------------------------------------------------------------
/setup.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | from setuptools import setup
 3 | setup(name="3ds-fuse",
 4 |       version="0.1.1",
 5 |       description="FUSE filesystems for different 3DS file types",
 6 |       author="Morten Delenk",
 7 |       author_email="morten@dark32.cf",
 8 |       packages=["fuse_3ds"],
 9 |       scripts=["fuse_3ds/ciafuse.py","fuse_3ds/exefsfuse.py","fuse_3ds/ncchfuse.py","fuse_3ds/romfsfuse.py","fuse_3ds/3dsxfuse.py"],
10 |       install_requires=["fusepy","pycryptodome"])
11 | 
12 | 


--------------------------------------------------------------------------------
/fuse_3ds/seeddb.py:
--------------------------------------------------------------------------------
 1 | import struct
 2 | from os import path
 3 | def binfilegen(f,s):
 4 |     x=f.read(s)
 5 |     while len(x) == s:
 6 |         yield x
 7 |         x=f.read(s)
 8 | def seedwalk():
 9 |     f = open(path.join(path.expanduser("~"),"seeddb.bin"),"rb")
10 |     f.read(16)
11 |     for s in binfilegen(f,32):
12 |         tid=struct.unpack("<Q",s[:8])[0]
13 |         seed=s[8:24]
14 |         yield (tid,seed)
15 | 
16 | def getSeed(tid):
17 |     for t,s in seedwalk():
18 |         if tid==t:
19 |             return s
20 |     return None
21 | 


--------------------------------------------------------------------------------
/fuse_3ds/romfsfuse.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | import logging
 3 | from errno import ENOENT, EIO
 4 | from stat import S_IFDIR, S_IFLNK, S_IFREG
 5 | from sys import argv, exit
 6 | from time import time
 7 | import subprocess
 8 | from fuse import FUSE, FuseOSError, Operations, LoggingMixIn
 9 | from fuse_3ds.romfs import *
10 | class RomFS(RomFSBase):
11 |     def __init__(self,fname,mount):
12 |         f=open(fname,"rb")
13 |         super(RomFS, self).__init__(f, mount)
14 | 
15 | if len(argv) != 3:
16 |     print("usage: {name} <ROMFS> <mountpoint>".format(name=argv[0]))
17 |     exit(1)
18 | logging.basicConfig(level=logging.WARNING)
19 | fuse = FUSE(RomFS(argv[1], argv[2]),argv[2], foreground=False)
20 | 


--------------------------------------------------------------------------------
/fuse_3ds/3dsxfuse.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | import logging
 3 | from errno import ENOENT, EIO
 4 | from stat import S_IFDIR, S_IFLNK, S_IFREG
 5 | from sys import argv, exit
 6 | from time import time
 7 | import subprocess
 8 | from fuse import FUSE, FuseOSError, Operations, LoggingMixIn
 9 | from fuse_3ds.romfs import *
10 | import struct
11 | class RomFS(RomFSBase):
12 |     def __init__(self,fname,mount):
13 |         f=open(fname,"rb")
14 |         header=f.read(0x20)
15 |         if header[:4] != b"3DSX":
16 |             raise ValueError("This is not a 3dsx file!")
17 |         size=struct.unpack("<H",header[4:6])[0]
18 |         if size == 0x20:
19 |             raise ValueError("There is no romfs in this 3dsx.")
20 |         smdhOff,smdhSize,romfsOff=struct.unpack("<III",f.read(0xC))
21 |         f.seek(romfsOff)
22 |         super(RomFS, self).__init__(f, mount, True)
23 | if len(argv) != 3:
24 |     print("usage: {name} <3dsx> <mountpoint>".format(name=argv[0]))
25 |     exit(1)
26 | logging.basicConfig(level=logging.WARNING)
27 | fuse = FUSE(RomFS(argv[1], argv[2]),argv[2], foreground=False)
28 | 


--------------------------------------------------------------------------------
/fuse_3ds/ticket.py:
--------------------------------------------------------------------------------
 1 | import struct
 2 | from . import aeskeydb
 3 | class Ticket:
 4 |     def __init__(self, f):
 5 |         sigtype=struct.unpack(">I",f.read(4))[0]-0x10000
 6 |         skip=[0x23C,0x13C,0x7C,0x23C,0x13C,0x7C]
 7 |         f.read(skip[sigtype])
 8 |         self.issuer=f.read(0x40)
 9 |         self.pubkey=f.read(0x3C)
10 |         self.version,self.caCrlVersion,self.signerCrlVersion=struct.unpack("<BBB",f.read(3))
11 |         self.titlekey=f.read(0x10)
12 |         self.enckey=bytes(self.titlekey)
13 |         f.read(1)
14 |         self.tickid,self.cid,self.tid,self.tikTitleVersion,self.licenseType,self.keyYindex,self.eshopAID,self.audit=struct.unpack("<LILxxHxxxxxxxBBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxIxB",f.read(73))
15 |         f.read(0x42)
16 |         self.limits=f.read(0x40)
17 |         self.contentIndex=f.read(0xAC)
18 |         self.encrypted=self.titlekey != b'\xFF'*16
19 |     def decryptTitleKey(self,tid):
20 |         if self.encrypted:
21 |             #Decrypt title key
22 |             iv=tid.to_bytes(8, byteorder='big')+b'\x00'*8
23 |             self.titlekey=aeskeydb.getCipher(0x3D, iv, CBC=True).decrypt(self.titlekey)
24 |     def decrypt(self):
25 |         header=struct.pack(">I",0x10004)
26 |         header+=bytes(0x13C)
27 |         header+=self.issuer
28 |         header+=self.pubkey
29 |         header+=struct.pack("<BBB",self.version,self.caCrlVersion,self.signerCrlVersion)
30 |         header+=self.enckey
31 |         header+=b'\x00'
32 |         header+=struct.pack("<LILxxHxxxxxxxBBxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxIxB",self.tickid,self.cid,self.tid,self.tikTitleVersion,self.licenseType,self.keyYindex,self.eshopAID,self.audit)
33 |         header+=bytes(0x42)
34 |         header+=self.limits
35 |         header+=self.contentIndex
36 |         return header
37 | 


--------------------------------------------------------------------------------
/README:
--------------------------------------------------------------------------------
 1 | 
 2 | Requirements:
 3 | - python3
 4 | - fuse 2.9.7 or earlier(!)
 5 | - fusepy (pip install fusepy)
 6 | - A 3DS running 3ds_cryptserver
 7 | - aeskeydb.bin (with eshop 0x3D normal key) in home directory
 8 | - seeddb.bin in CWD
 9 | 
10 | Depending on your setup, you might be only able to use these scripts as root user.
11 | 
12 | Usages:
13 | 
14 | ./ciafuse.py <file.cia> <mountpoint> <3DS IP>
15 | mountpoint:
16 | /
17 | /decrypted.cia - Decrypted CIA file
18 | /tmd           - TMD
19 | /ticket        - Ticket
20 | /0.cxi         - Content 0
21 | /1.cfa         - Content 1 - Might not exist!
22 | .
23 | .
24 | .
25 | 
26 | ./ncchfuse.py <file.cxi | file.cfa> <mountpoint> <3DS IP>
27 | mountpoint:
28 | /
29 | /decrypted.cxi/cfa - Decrypted NCCH
30 | /exefs.bin - ExeFS - only exists on CXIs
31 | /exheader.bin - Extended Header - optional
32 | /plainrgn.bin - Plain Region  - optional
33 | /logorgn.bin - Logo Region - optional
34 | /romfs.bin - RomFS - optional. Should always exist in cfa's
35 | 
36 | ./exefsfuse.py <exefs.bin> <mountpoint>
37 | ./romfsfuse.py <romfs.bin> <mountpoint>
38 | 
39 | EXAMPLES:
40 | 
41 | Mounting the romfs of the CIA of Mario Kart 7:
42 | ./ciafuse.py mk7.cia mount/ 192.168.2.104
43 | ./ncchfuse.py mount/0.cxi mount/ 192.168.2.104
44 | ./romfsfuse.py mount/romfs.bin mount/
45 | 
46 | To unmount this, you have to run "umount" three times
47 | 
48 | -----------------------------------------------------
49 | aeskeydb.bin for local decryption
50 | 
51 | Thanks to boot9strap, you can dump boot9+boot11+otp by holding start+select+x during boot. You can dump the aeskeys in those roms by running the script "genaeskeys.py". This will append all new keys to aeskeydb.bin. Then you can store it in your home directory.
52 | 
53 | Requirements:
54 | - 3DS running sighax
55 | - boot9.bin in current directory (The entire one)
56 | - otp.bin in current directory
57 | 
58 | just run ./genaeskeys.py and your aeskeydb.bin will contain most AES keys. You still have to require eshop 0x3D normal key yourself.
59 | 


--------------------------------------------------------------------------------
/fuse_3ds/crypto.py:
--------------------------------------------------------------------------------
 1 | #Code copied/ported from 3ds-crypto-client
 2 | import sys
 3 | import struct
 4 | import socket
 5 | import binascii
 6 | import os
 7 | 
 8 | def send_all(sock, data):
 9 |     r = len(data)
10 |     while len(data) > 0:
11 |         data = data[sock.send(data):]
12 | 
13 | def recv_all(sock, size):
14 |     data = b''
15 |     while len(data) < size:
16 |         data += sock.recv(size - len(data))
17 |     return data
18 | def cryptoBytestring(ip, data, keyslot,algo, iv=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00',keyY=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'):
19 |     keyslot+=0x80
20 |     meta = struct.pack('<IIII',0xCAFEBABE, len(data), keyslot, algo)+keyY+iv+(b'\x00'*0x3D0)
21 |     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
22 |     sock.connect((ip,8081))
23 |     sock.send(meta)
24 |     bufsize = struct.unpack('<I',sock.recv(4))[0]
25 |     ofs=0
26 |     outdata=b''
27 |     while ofs<len(data):
28 |         if ofs + bufsize < len(data):
29 |             send_all(sock, data[ofs:ofs+bufsize])
30 |             outdata += recv_all(sock,bufsize)
31 |         else:
32 |             send_all(sock, data[ofs:])
33 |             outdata += recv_all(sock, len(data)-ofs)
34 |         ofs += bufsize
35 | 
36 |     send_all(sock,struct.pack('<I',0xDEADCAFE))
37 |     blocked = False
38 |     return outdata
39 | def cryptofile(ip, infile, outfile, keyslot,algo, iv=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00',keyY=b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'):
40 |     keyslot+=0x80
41 |     size = os.path.getsize(infile.name)-infile.tell()
42 |     meta = struct.pack('<IIII',0xCAFEBABE, size, keyslot, algo)+keyY+iv+(b'\x00'*0x3D0)
43 |     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
44 |     sock.connect((ip,8081))
45 |     bufsize = struct.unpack('<I',sock.recv(4))[0]
46 |     ofs=0
47 |     while ofs<size:
48 |         if ofs+bufsize < size:
49 |             send_all(sock, infile.read(bufsize))
50 |             outfile.write(recv_all(sock,bufsize))
51 |         else:
52 |             send_all(sock, infile.read())
53 |             outfile.write(recv_all(sock, size-ofs))
54 |         ofs += bufsize
55 |     send_all(sock, struct.pack('<I',0xDEADCAFE))
56 | 


--------------------------------------------------------------------------------
/fuse_3ds/aeskeydb.py:
--------------------------------------------------------------------------------
 1 | import struct
 2 | from Crypto.Cipher import AES
 3 | from Crypto.Util import Counter
 4 | from os import path
 5 | def binfilegen(f,s):
 6 |     x=f.read(s)
 7 |     while len(x) == s:
 8 |         yield x
 9 |         x=f.read(s)
10 | def aeskeywalk(fname):
11 |     f=open(fname,"rb")
12 |     for k in binfilegen(f,32):
13 |         slot,xyn=struct.unpack("<BB",k[:2])
14 |         t=0
15 |         if xyn == 0x59:
16 |             t=2
17 |         elif xyn == 0x58:
18 |             t=1
19 |         yield (slot,t,k[16:])
20 | 
21 | def getKey(no):
22 |     """
23 |     Returns a tuple:
24 |     [normal, keyX, keyY]
25 |     None if unknown
26 |     """
27 |     key=[None, None, None]
28 |     for s,t,k in aeskeywalk(path.join(path.expanduser("~"),"aeskeydb.bin")):
29 |         if s == no:
30 |             if key[t] == None:
31 |                 key[t]=k
32 |     return key
33 | def scramble(keyX,keyY):
34 |     def asint128(a):
35 |         if a < 0:
36 |             raise ValueError("Must be positive")
37 |         return a & ((2**128)-1)
38 |     rotate=lambda c,v: (asint128(c<<v)|asint128(c>>128-v))
39 |     keyX=int.from_bytes(keyX,"big")
40 |     keyY=int.from_bytes(keyY,"big")
41 |     kn = rotate(asint128((rotate(keyX,2)^keyY)+0x1FF9E9AAC5FE0408024591DC5D52768A),87)
42 |     return kn.to_bytes(16,"big")
43 | class NoBugCTR:
44 |     def __init__(self, iv):
45 |         self.ctr=int.from_bytes(iv,"big")
46 |     def __call__(self, *kargs, **kwargs):
47 |         iv=self.ctr.to_bytes(16,"big")
48 |         self.ctr+=1
49 |         if self.ctr == 2**128:
50 |             self.ctr=0
51 |         return iv
52 |     def __iter__(self):
53 |         return self
54 |     def __next__(self):
55 |         return self()
56 | def getCipher(keyslot, iv, CBC=False, keyY=None):
57 |     key=getKey(keyslot)[0]
58 |     if keyY != None:
59 |         keyX=getKey(keyslot)[1]
60 |         if keyX == None:
61 |             raise ValueError("Unknown KeyX for crypto")
62 |         key=scramble(keyX, keyY)
63 |     if key == None:
64 |         raise ValueError("Unknown Key!")
65 |     if CBC:
66 |         return AES.new(key, AES.MODE_CBC, iv)
67 |     cipher=AES.new(key, AES.MODE_CTR, counter=Counter.new(128,allow_wraparound=True,initial_value=int.from_bytes(iv,"big")))
68 |     return cipher
69 | 


--------------------------------------------------------------------------------
/fuse_3ds/exefsfuse.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | import logging
 3 | from errno import ENOENT, EIO
 4 | from stat import S_IFDIR, S_IFLNK, S_IFREG
 5 | from sys import argv, exit
 6 | from time import time
 7 | import subprocess
 8 | from fuse import FUSE, FuseOSError, Operations, LoggingMixIn
 9 | import struct
10 | 
11 | class ExeFS(LoggingMixIn, Operations):
12 |     def __init__(self,fname,mount):
13 |         self.f=open(fname,"rb")
14 |         self.files={}
15 |         self.header=self.f.read(0x200)
16 |         self.filelocs={}
17 |         self.fd=1
18 |         now=time()
19 |         self.files["/"]=dict(st_mode=(S_IFDIR |0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2)
20 |         for i in range(10):
21 |             fname,off,size=struct.unpack("<8sII",self.header[i*0x10:(i+1)*0x10])
22 |             if not size:
23 |                 continue
24 |             x=""
25 |             for c in fname[:]:
26 |                 if c :
27 |                     x+=chr(c)
28 |             fname=x
29 |             self.files["/"+fname]=dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=size, st_blocks=(size+511)//512)
30 |             self.filelocs["/"+fname]=off+512
31 |     def chmod(self, path, mode):
32 |         raise FuseOSError(EIO)
33 |     def chown(self, path, uid, gid):
34 |         raise FuseOSError(EIO)
35 |     def create(self, path, mode):
36 |         raise FuseOSError(EIO)
37 |     def getattr(self,path,fh=None):
38 |         if path not in self.files:
39 |             raise FuseOSError(ENOENT)
40 |         return self.files[path]
41 |     def getxattr(self,path,name,position=0):
42 |         return ''
43 |     def listxattr(self,path):
44 |         return []
45 |     def mkdir(self,path,mode):
46 |         raise FuseOSError(EIO)
47 |     def open(self,path,flags):
48 |         self.fd+=1
49 |         return self.fd
50 |     def read(self,path,size,offset,fh):
51 |         self.f.seek(self.filelocs[path]+offset)
52 |         return self.f.read(size)
53 |     def readdir(self, path, fh):
54 |         return ['.','..'] + [x[1:] for x in self.files if x != '/']
55 |     def readlink(self, path):
56 |         return self.data[path]
57 |     def removexattr(self, path, name):
58 |         raise FuseOSError(EIO)
59 |     def rename(self, old, new):
60 |         raise FuseOSError(EIO)
61 |     def rmdir(self, path):
62 |         raise FuseOSError(EIO)
63 |     def setxattr(self, path, name, value, options, position=0):
64 |         raise FuseOSError(EIO)
65 |     def statfs(self,path):
66 |         return dict(f_bsize=512, f_blocks=4096, f_bavail=0)
67 |     def symlink(self, target, source):
68 |         raise FuseOSError(EIO)
69 |     def truncate(self,path,length,fh=None):
70 |         raise FuseOSError(EIO)
71 |     def unlink(self,path):
72 |         raise FuseOSError(EIO)
73 |     def utimens(self,path,times=None):
74 |         raise FuseOSError(EIO)
75 |     def write(self,path,data,offset,fh):
76 |         raise FuseOSError(EIO)
77 |     def flush(self,path,fh):
78 |         pass
79 |     def release(self,path,fh):
80 |         pass
81 | 
82 | if len(argv) != 3:
83 |     print("usage: {name} <EXEFS> <mountpoint>".format(name=argv[0]))
84 |     exit(1)
85 | logging.basicConfig(level=logging.WARNING)
86 | fuse = FUSE(ExeFS(argv[1], argv[2]),argv[2], foreground=False)
87 | 


--------------------------------------------------------------------------------
/fuse_3ds/cia.py:
--------------------------------------------------------------------------------
 1 | import struct
 2 | from . import ticket
 3 | from . import tmd
 4 | import hashlib
 5 | import sys
 6 | from Crypto.Cipher import AES
 7 | def align(x,y):
 8 |     mask = ~(y-1)
 9 |     return (x+(y-1))&mask
10 | class CIA:
11 |     def __init__(self, f):
12 |         self.f=f
13 |         self.headerSize,self.type,self.version,self.cachainSize,self.tikSize,self.tmdSize,self.metaSize,self.contentSize=struct.unpack("<IHHIIIIQ",self.f.read(0x20))
14 |         self.cachainOff=align(self.headerSize,64)
15 |         self.tikOff=align(self.cachainOff+self.cachainSize,64)
16 |         self.tmdOff=align(self.tikOff+self.tikSize,64)
17 |         self.contentOff=align(self.tmdOff+self.tmdSize,64)
18 |         self.metaOff=align(self.contentOff+self.contentSize,64)
19 |         self.contentIndex=self.f.read(0x2000)
20 |         for e,f,g in [("Header:",0,self.headerSize),("CA chain",self.cachainOff,self.cachainSize),("Ticket:",self.tikOff,self.tikSize),("TMD:",self.tmdOff,self.tmdSize),("Content:",self.contentOff,self.contentSize),("Metadata:",self.metaOff,self.metaSize)]:
21 |             print(e,hex(f),hex(g))
22 |         self.f.seek(self.cachainOff)
23 |         self.cachain=self.f.read(self.cachainSize)
24 |         self.f.seek(self.tikOff)
25 |         self.ticket=ticket.Ticket(self.f)
26 |         self.f.seek(self.tmdOff)
27 |         self.tmd=tmd.TMD(self.f)
28 |         self.ticket.decryptTitleKey(self.tmd.tid)
29 |         self.f.seek(self.contentOff)
30 |         self.size=self.metaOff+self.metaSize
31 |         off=0
32 |     def hashCheck(self):
33 |         print("Doing hash checks. This may take a while")
34 |         self.f.seek(self.contentOff)
35 |         secno=0
36 |         for no,content in enumerate(self.tmd.contents):
37 |             sha=hashlib.sha256()
38 |             for cno in range(content["size"]//512):
39 |                 sha.update(self.read(secno))
40 |                 if not cno % 2048:
41 |                     print(".",end="")
42 |                     sys.stdout.flush()
43 |                 secno+=1
44 |             print()
45 |             sha=sha.digest()
46 |             if sha != self.tmd.contentHashes[no]:
47 |                 print("WARNING: Section",no,"hash mismatch!")
48 |     def startSec(self,cid):
49 |         byte=0
50 |         for f in self.tmd.contents:
51 |             if cid==f["index"]:
52 |                 return byte//512
53 |             byte+=f["size"]
54 |     def getContentNo(self,sector):
55 |         byte=sector*512
56 |         for f in self.tmd.contents:
57 |             if byte < f["size"]:
58 |                 return f["index"]
59 |             byte-=f["size"]
60 |     def contentSector(self,sector):
61 |         byte=sector*512
62 |         for f in self.tmd.contents:
63 |             if byte < f["size"]:
64 |                 return byte//512
65 |             byte-=f["size"]
66 |     def getDecHeader(self):
67 |         header=struct.pack("<IHHIIIIQ",self.headerSize,self.type,self.version,self.cachainSize,self.tikSize,self.tmdSize,self.metaSize,self.contentSize)
68 |         header+=self.contentIndex
69 |         #Decrypting ticket and tmd
70 |         header+=bytes(self.cachainOff-len(header))
71 |         header+=self.cachain
72 |         header+=bytes(self.tikOff-len(header))
73 |         header+=self.ticket.decrypt()
74 |         header+=bytes(self.tmdOff-len(header))
75 |         header+=self.tmd.decrypt()
76 |         header+=bytes(self.contentOff-len(header))
77 |         return header
78 |     def read(self,sectorno,sectors=1):
79 |         """
80 |         NOTE: Only reads whole sectors!
81 |         """
82 |         self.f.seek(self.contentOff+sectorno*512)
83 |         if not self.tmd.contents[self.getContentNo(sectorno)]["type"]&1:
84 |             #Just read the unencrypted data
85 |             return self.f.read(sectors*512)
86 |         iv=b''
87 |         if not self.contentSector(sectorno):
88 |             iv=self.tmd.contents[self.getContentNo(sectorno)]["index"].to_bytes(2,byteorder="big")+b'\x00'*14
89 |         else:
90 |             self.f.seek((self.contentOff+sectorno*512)-16)
91 |             iv=self.f.read(16)
92 |         cipher=AES.new(self.ticket.titlekey, AES.MODE_CBC, iv)
93 |         return cipher.decrypt(self.f.read(sectors*512))
94 | 


--------------------------------------------------------------------------------
/fuse_3ds/tmd.py:
--------------------------------------------------------------------------------
 1 | import struct
 2 | import hashlib
 3 | class TMD:
 4 |     def __init__(self, f):
 5 |         sigtype=struct.unpack(">I",f.read(4))[0]-0x10000
 6 |         skip=[0x23C,0x13C,0x7C,0x23C,0x13C,0x7C]
 7 |         f.read(skip[sigtype])
 8 |         loc=f.tell()+0xC4
 9 |         #Reading the TMD header
10 |         self.issuer=f.read(0x40)
11 |         self.version,self.caCrlVersion,self.signerCrlVersion,self.sysVersion=struct.unpack(">BBBxQ",f.read(12))
12 |         self.tid=struct.unpack(">Q",f.read(8))[0]
13 |         self.type,self.gid,self.savesize,self.privatesavesize,self.SRLFlag=struct.unpack(">IHIIxxxxB",f.read(19))
14 |         f.read(0x31)
15 |         self.accessRights,self.tversion,self.contentCount=struct.unpack(">IHH",f.read(8))
16 |         self.contents=[]
17 |         self.bootContent=struct.unpack(">I",f.read(4))[0]
18 |         sha=f.read(0x20) #SHA256 of content info record
19 |         contentInfoRecord=f.read(64*0x24)
20 |         self.contentInfoRecord=list(contentInfoRecord)
21 |         contentChunkRecord=[f.read(0x30) for x in range(self.contentCount)]
22 |         self.contentChunkRecord=list(contentChunkRecord)
23 |         checksha=hashlib.sha256(contentInfoRecord).digest()
24 |         if sha != checksha:
25 |             print("WARNING: TMD content info record hash mismatch!")
26 |         for c in range(64):
27 |             record=contentInfoRecord[:0x24]
28 |             contentInfoRecord=contentInfoRecord[0x24:]
29 |             content={}
30 |             content["indexOffset"],content["commandCount"]=struct.unpack(">HH",record[:4])
31 |             sha=record[4:]
32 |             if c >= self.contentCount:
33 |                 continue
34 |             checkstr=b""
35 |             for s in contentChunkRecord[c:c+content["commandCount"]]:
36 |                 checkstr+=s
37 |             checksha=hashlib.sha256(checkstr).digest()
38 |             if content["commandCount"] and checksha != sha:
39 |                 print("WARNING: TMD content chunk record hash mismatch!")
40 |             self.contents.append(content)
41 |         self.contentHashes=[]
42 |         for no,c in enumerate(contentChunkRecord):
43 |             self.contents[no]["cid"],self.contents[no]["index"],self.contents[no]["type"],self.contents[no]["size"]=struct.unpack(">IHHQ",c[:0x10])
44 |             self.contentHashes.append(c[0x10:])
45 |     def decrypt(self):
46 |         contents=list(self.contents)
47 |         contentChunkRecord=[]
48 |         #modify content chunk records and rebuild them
49 |         for no,c in enumerate(contents[:]):
50 |             contents[no]=dict(c)
51 |         for no,c in enumerate(contents):
52 | 
53 |             if c["type"] & 1:
54 |                 c["type"]&=~1 #unset encryption bit
55 |             record=struct.pack(">IHHQ",c["cid"],c["index"],c["type"],c["size"])
56 |             record+=self.contentHashes[no]
57 |             contentChunkRecord.append(record)
58 |         contentInfoRecord=b''
59 |         #fix content info record hashes and rebuild them
60 |         for no in range(64):
61 |             sha=bytes(32)
62 |             try:
63 |                 h=struct.pack(">HH",contents[no]["indexOffset"],contents[no]["commandCount"])
64 |                 #Recalculate sha
65 |                 if contents[no]["commandCount"]:
66 |                     checkstr=b""
67 |                     for s in contentChunkRecord[no:no+contents[no]["commandCount"]]:
68 |                         checkstr+=s
69 |                     sha=hashlib.sha256(checkstr).digest()
70 |             except:
71 |                 h=struct.pack(">HH",0,0)
72 |             contentInfoRecord+=h+sha
73 | 
74 |         header=struct.pack(">I",0x010004)
75 |         header+=bytes(0x13C)
76 |         header+=self.issuer
77 |         header+=struct.pack(">BBBxQQIHIIxxxxB",self.version,self.caCrlVersion,self.signerCrlVersion,self.sysVersion,self.tid,self.type,self.gid,self.savesize,self.privatesavesize,self.SRLFlag)
78 |         header+=bytes(0x31)
79 |         header+=struct.pack(">IHHI",self.accessRights,self.tversion,self.contentCount,self.bootContent)
80 |         header+=hashlib.sha256(contentInfoRecord).digest() #Fix this hash
81 |         header+=contentInfoRecord
82 |         for c in contentChunkRecord:
83 |             header+=c
84 |         return header
85 | 


--------------------------------------------------------------------------------
/genaeskeys.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | import struct
  3 | def scramble(keyX,keyY):
  4 |     def asint128(a):
  5 |         if a < 0:
  6 |             raise ValueError("Must be positive")
  7 |         return a & ((2**128)-1)
  8 |     rotate=lambda c,v: (asint128(c<<v)|asint128(c>>128-v))
  9 |     keyX=int.from_bytes(keyX,"big")
 10 |     keyY=int.from_bytes(keyY,"big")
 11 |     kn = rotate(asint128((rotate(keyX,2)^keyY)+0x1FF9E9AAC5FE0408024591DC5D52768A),87)
 12 |     return kn.to_bytes(16,"big")
 13 | boot9=open("boot9.bin","rb")
 14 | f=boot9
 15 | if True:
 16 |     def getKey(no,dic):
 17 |         dic[no]=f.read(16)
 18 |         f.seek(-16,1)
 19 |     def getKeyloop(no,dic):
 20 |         for i in range(4):
 21 |             getKey(no+i,dic)
 22 |         f.read(16)
 23 |     def getKeyloop_increase(no,dic):
 24 |         for i in range(4):
 25 |             getKey(no+i,dic)
 26 |             f.read(16)
 27 |     f.seek(0xd860) #Beginning of keyarea
 28 |     _3fgendata=f.read(36)
 29 |     keyX={}
 30 |     keyY={}
 31 |     normals={}
 32 |     f.seek(0xd9d0)
 33 |     getKeyloop(0x2C,keyX)
 34 |     getKeyloop(0x30,keyX)
 35 |     getKeyloop(0x34,keyX)
 36 |     getKeyloop(0x38,keyX)
 37 |     getKeyloop_increase(0x3C,keyX)
 38 |     getKeyloop_increase(0x4,keyY)
 39 |     getKeyloop_increase(0x8,keyY)
 40 |     getKeyloop(0xC,normals)
 41 |     getKeyloop(0x10,normals)
 42 |     getKeyloop_increase(0x14,normals)
 43 |     getKeyloop(0x18,normals)
 44 |     getKeyloop(0x1C,normals)
 45 |     getKeyloop(0x20,normals)
 46 |     getKeyloop(0x24,normals)
 47 |     f.seek(-16,1)
 48 |     getKeyloop_increase(0x28,normals)
 49 |     getKeyloop(0x2C,normals)
 50 |     getKeyloop(0x30,normals)
 51 |     getKeyloop(0x34,normals)
 52 |     getKeyloop(0x38,normals)
 53 |     f.seek(-16,1)
 54 |     getKeyloop_increase(0x3C,normals)
 55 |     f.seek(0xD6E0)
 56 |     otpkey=f.read(16)
 57 |     otpiv=f.read(16)
 58 |     f.seek(0xD860)
 59 | from Crypto.Cipher import AES
 60 | with open("otp.bin","rb") as f:
 61 |     cipher=AES.new(otpkey, AES.MODE_CBC, otpiv)
 62 |     otp=cipher.decrypt(f.read())
 63 | import hashlib
 64 | conunique=otp[:28]+_3fgendata
 65 | conunique_hash=hashlib.sha256(conunique).digest()
 66 | del normals[0x3F]
 67 | keyX[0x3F]=conunique_hash[:16]
 68 | keyY[0x3F]=conunique_hash[16:]
 69 | def genkeys(size=0x40):
 70 |     boot9.read(36)
 71 |     aesiv=boot9.read(16)
 72 |     conunique_input=boot9.read(64)
 73 |     boot9.seek(-64,1)
 74 |     boot9.read(size)
 75 |     cipher=AES.new(scramble(keyX[0x3F],keyY[0x3F]),AES.MODE_CBC,aesiv)
 76 |     return cipher.encrypt(conunique_input)
 77 | def getKey(dic,no,conunique,off):
 78 |     dic[no]=conunique[off:off+16]
 79 | def getKeyloop(dic,no,conunique,off):
 80 |     for i in range(4):
 81 |         getKey(dic,no+i,conunique,off)
 82 | def getKeyloop_increase(dic,no,conunique,off):
 83 |     for i in range(4):
 84 |         getKey(dic,no+i,conunique,off+16*i)
 85 | conunique=genkeys()
 86 | getKeyloop(keyX,4,conunique,0)
 87 | getKeyloop(keyX,8,conunique,16)
 88 | getKeyloop(keyX,0xC,conunique,32)
 89 | getKey(keyX,0x10,conunique,48)
 90 | 
 91 | conunique=genkeys(16)
 92 | getKeyloop_increase(keyX,0x14,conunique,0)
 93 | 
 94 | conunique=genkeys()
 95 | 
 96 | getKeyloop(keyX,0x18,conunique,0)
 97 | getKeyloop(keyX,0x1C,conunique,16)
 98 | getKeyloop(keyX,0x20,conunique,32)
 99 | getKey(keyX,0x24,conunique,48)
100 | 
101 | conunique=genkeys(16)
102 | getKeyloop_increase(keyX,0x28,conunique,0)
103 | 
104 | #Generate normal keys
105 | for kx in keyX.keys():
106 |     if kx in keyY:
107 |         normals[kx]=scramble(keyX[kx],keyY[kx])
108 | n=normals
109 | normals={}
110 | for kn in n.keys():
111 |     if ((kn in keyX) and (kn in keyY)) or ((kn not in keyX) and (kn not in keyY)):
112 |         normals[kn]=n[kn] #only keep normal keys that are in keyX,keyY pairs, or are just normal keys.
113 | with open("aeskeydb.bin","ab") as f:
114 |     for kx in keyX.keys():
115 |         f.write(struct.pack("<B",kx))
116 |         f.write(b'X')
117 |         f.write(bytes(14))
118 |         f.write(keyX[kx])
119 |     for ky in keyY.keys():
120 |         f.write(struct.pack("<B",ky))
121 |         f.write(b'Y')
122 |         f.write(bytes(14))
123 |         f.write(keyY[ky])
124 |     for kn in normals.keys():
125 |         f.write(struct.pack("<B",kn))
126 |         f.write(b'N')
127 |         f.write(bytes(14))
128 |         f.write(normals[kn])
129 | 


--------------------------------------------------------------------------------
/fuse_3ds/ncch.py:
--------------------------------------------------------------------------------
  1 | 
  2 | import struct
  3 | from . import aeskeydb
  4 | import hashlib
  5 | class NCCH:
  6 |     def __init__(self, f):
  7 |         self.f=f
  8 |         header=self.f.read(512)
  9 |         self.header=header
 10 |         if b'NCCH' != header[0x100:0x104]:
 11 |             raise ValueError("This is not a valid NCCH file!")
 12 |         self.contentSize,self.partID,self.makerCode,self.version,self.programID=struct.unpack("<IQHHxxxxQ",header[0x104:0x120])
 13 |         self.productCode=header[0x150:0x160]
 14 |         print("Product code:",self.productCode.decode("UTF-8"))
 15 |         self.exheaderhash=header[0x160:0x180]
 16 |         self.exheadersize=struct.unpack("<I",header[0x180:0x184])[0]
 17 |         self.flags=struct.unpack("<BBBBBBBB",header[0x188:0x190])
 18 |         self.plainregionOff,self.plainregionSize,self.logoregionOff,self.logoregionSize,self.exefsOff,self.exefsSize,self.exefsHash,self.romfsOff,self.romfsSize,self.romfsHash=struct.unpack("<IIIIIIIxxxxIIIxxxx",header[0x190:0x1C0])
 19 |         self.crypto7x=self.flags[3]
 20 |         self.cryptoSeed=self.flags[7] & 0x20
 21 |         self.cryptoSec3=self.flags[3]==0x0A
 22 |         self.cryptoSec4=self.flags[3]==0x0B
 23 |         self.cryptoFixkey=self.flags[7]&1
 24 |         self.nocrypto=self.flags[7]&0x4
 25 |         self.keyY=header[:16]
 26 |         print(hex(self.flags[7]))
 27 |         self.doExHeader()
 28 |     def addCtr(self,ctr,val):
 29 |         c=int.from_bytes(ctr,byteorder="big")
 30 |         c+=val
 31 |         return c.to_bytes(16,byteorder="big")
 32 |     def getCtr(self):
 33 |         ctr=bytearray(16)
 34 |         if self.version == 1:
 35 |             for c,b in enumerate(self.partID.to_bytes(8,byteorder="little")):
 36 |                 ctr[c]=b
 37 | 
 38 |         else:
 39 |             for c,b in enumerate(self.partID.to_bytes(8,byteorder="big")):
 40 |                 ctr[c]=b
 41 |         return bytes(ctr)
 42 | 
 43 | 
 44 |     def read(self,sectorno,sectors=1):
 45 |         f=self.f
 46 |         f.seek(sectorno*512)
 47 |         decdata=b''
 48 |         if self.nocrypto:
 49 |             return f.read(sectors*512)
 50 |         if sectorno == 0:
 51 |             #Sector is unencrypted
 52 |             data=f.read(512)
 53 | 
 54 |             decdata+=data[:0x18F]+bytes([data[0x18F]|0x04])+data[0x190:]
 55 |             if sectors == 1:
 56 |                 return decdata
 57 |             sectorno+=1
 58 |             sectors-=1
 59 |         if sectorno >= 1 and sectorno < 5:
 60 |             ctr=self.getCtr()
 61 |             if self.version == 1:
 62 |                 ctr=self.addCtr(ctr,sectorno*32+512-32)
 63 |             else:
 64 |                 ctr = ctr[:8] + b'\x01' + ctr[9:]
 65 |                 ctr=self.addCtr(ctr,sectorno*32-32)
 66 | 
 67 |             #Sector is encrypted using keyslot 0x2C
 68 |             csectors=min(sectors,4)
 69 |             sectors-=csectors
 70 |             data = f.read(csectors*512)
 71 |             if self.flags[7]&0x04: #Except when it's decrypted
 72 |                 decdata += data
 73 |             else:
 74 |                 decdata += aeskeydb.getCipher(0x2C,ctr, keyY=self.keyY).decrypt(data)
 75 |             if not sectors:
 76 |                 return decdata
 77 |             sectorno+=csectors
 78 |         ctr=self.getCtr()
 79 |         print(sectorno)
 80 |         if sectorno < self.exefsOff + self.exefsSize:
 81 |             print("EXE")
 82 |             #exefs
 83 |             if self.version == 1:
 84 |                 ctr = self.addCtr(ctr,(sectorno-self.exefsOff)*32+self.exefsOff*512)
 85 |             else:
 86 |                 ctr = ctr[:8] + b'\x02' + ctr[9:]
 87 |                 ctr=self.addCtr(ctr,(sectorno-self.exefsOff)*32)
 88 |             overhang=sectors-self.exefsSize
 89 |             if overhang>0:
 90 |                 return decdata + self.read(sectorno,self.exefsSize) + self.read(self.exefsOff+self.exefsSize,overhang)
 91 |         else:
 92 |             print("ROM")
 93 |             #romfs
 94 |             if self.version == 1:
 95 |                 ctr = self.addCtr(ctr,(sectorno-self.romfsOff)*32+self.romfsOff*512)
 96 |             else:
 97 |                 ctr = ctr[:8] + b'\x03' + ctr[9:]
 98 |                 ctr=self.addCtr(ctr,(sectorno-self.romfsOff)*32)
 99 | 
100 |         print(ctr)
101 |         #Sectors are encrypted via multiple methods
102 |         data=f.read(sectors*512)
103 |         keyslot = 0x2C
104 |         if self.flags[3] == 0x01:
105 |             keyslot = 0x25
106 |         elif self.flags[3] == 0x0A:
107 |             keyslot = 0x18
108 |         elif self.flags[3] == 0x0B:
109 |             keyslot = 0x1B
110 |         print(keyslot)
111 |         decdata += aeskeydb.getCipher(keyslot,ctr,keyY=self.keyY).decrypt(data)
112 |         return decdata
113 | 
114 |     def doExHeader(self):
115 |         self.exheader=self.read(1,(2048//512))
116 |         if not self.exheadersize:
117 |             return
118 |         #Hash checking...
119 |         if self.exheaderhash != hashlib.sha256(self.exheader[:self.exheadersize]).digest():
120 |             print("WARNING: ExHeader hash mismatch!")
121 |             print(self.exheaderhash,hashlib.sha256(self.exheader[:self.exheadersize]).digest())
122 | 


--------------------------------------------------------------------------------
/fuse_3ds/ncchfuse.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | from fuse_3ds import ncch
  3 | 
  4 | import logging
  5 | from errno import ENOENT, EIO
  6 | from stat import S_IFDIR, S_IFLNK, S_IFREG
  7 | from sys import argv, exit
  8 | from time import time
  9 | import subprocess
 10 | from fuse import FUSE, FuseOSError, Operations, LoggingMixIn
 11 | 
 12 | class NCCH(LoggingMixIn, Operations):
 13 |     'Read only filesystem for NCCH files.'
 14 |     def __init__(self,fname,mount):
 15 |         self.files={}
 16 |         self.f = open(fname,"rb")
 17 |         self.ncch = ncch.NCCH(self.f)
 18 |         self.type="cxi" if self.ncch.exefsSize else "cfa"
 19 |         self.fd = 0
 20 |         now = time()
 21 |         self.files["/"] = dict(st_mode=(S_IFDIR | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2)
 22 |         self.files["/dec."+self.type] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=512*(self.ncch.romfsOff+self.ncch.romfsSize), st_blocks=self.ncch.romfsOff+self.ncch.romfsSize)
 23 |         if self.type == "cxi":
 24 |             self.files["/exefs.bin"] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.ncch.exefsSize*512, st_blocks=self.ncch.exefsSize)
 25 |         if self.ncch.exheadersize:
 26 |             self.files["/exheader.bin"] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.ncch.exheadersize, st_blocks=(self.ncch.exheadersize+511)//512)
 27 |         if self.ncch.plainregionSize:
 28 |             self.files["/plainrgn.bin"] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.ncch.plainregionSize*512, st_blocks=self.ncch.plainregionSize)
 29 |         if self.ncch.logoregionSize:
 30 |             self.files["/logorgn.bin"] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.ncch.logoregionSize*512, st_blocks=self.ncch.logoregionSize)
 31 |         if self.ncch.romfsSize:
 32 |             self.files["/romfs.bin"] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.ncch.romfsSize*512, st_blocks=self.ncch.romfsSize)
 33 | 
 34 | 
 35 |     def chmod(self,path,mode):
 36 |         raise FuseOSError(EIO) #IT'S RO
 37 | 
 38 |     def chown(self, path, uid, gid):
 39 |         raise FuseOSError(EIO)
 40 | 
 41 |     def create(self,path,mode):
 42 |         raise FuseOSError(EIO)
 43 | 
 44 |     def getattr(self,path,fh=None):
 45 |         if path not in self.files:
 46 |             raise FuseOSError(ENOENT)
 47 | 
 48 |         return self.files[path]
 49 | 
 50 |     def getxattr(self,path,name,position=0):
 51 |         return ''
 52 | 
 53 |     def listxattr(self, path):
 54 |         return []
 55 | 
 56 |     def mkdir(self,path,mode):
 57 |         raise FuseOSError(EIO)
 58 | 
 59 |     def open(self,path,flags):
 60 |         self.fd += 1
 61 |         return self.fd
 62 |     def readDecNCCH(self,path,size,offset):
 63 |         header=self.ncch.header
 64 |         header=header[:0x188+7]+b'\x04'+header[0x189+7:]
 65 |         if offset == 0:
 66 |             endSize = size-512
 67 |             if endSize <= 0:
 68 |                 return header[:size]
 69 |             return header+self.readDecNCCH(path, offset+512,endSize)
 70 |         data=self.ncch.read((offset//512),(size//512)+2)
 71 |         return data[:size]
 72 |     def read(self,path,size,offset,fh):
 73 |         if path[:5] == "/dec.":
 74 |             return self.readDecNCCH(path,size,offset)
 75 |         if path == "/exefs.bin":
 76 |             return self.readDecNCCH(path,size,offset+self.ncch.exefsOff*512)
 77 |         if path == "/exheader.bin":
 78 |             return self.readDecNCCH(path,size,offset+512)
 79 |         if path == "/plainrgn.bin":
 80 |             return self.readDecNCCH(path,size,offset+self.ncch.plainregionOff*512)
 81 |         if path == "/logorgn.bin":
 82 |             return self.readDecNCCH(path,size,offset+self.ncch.logoregionOff*512)
 83 |         if path == "/romfs.bin":
 84 |             return self.readDecNCCH(path,size,offset+self.ncch.romfsOff*512)
 85 | 
 86 |         raise FuseOSError(EIO)
 87 | 
 88 | 
 89 |     def readdir(self, path, fh):
 90 |         return ['.', '..'] + [x[1:] for x in self.files if x != '/']
 91 | 
 92 |     def readlink(self, path):
 93 |         return self.data[path]
 94 | 
 95 |     def removexattr(self, path, name):
 96 |         raise FuseOSError(EIO)
 97 | 
 98 |     def rename(self, old, new):
 99 |         raise FuseOSError(EIO)
100 | 
101 |     def rmdir(self, path):
102 |         raise FuseOSError(EIO)
103 | 
104 |     def setxattr(self,path,name,value,options,position=0):
105 |         raise FuseOSError(EIO)
106 | 
107 |     def statfs(self,path):
108 |         return dict(f_bsize=512, f_blocks=4096, f_bavail=0)
109 | 
110 |     def symlink(self,target,source):
111 |         raise FuseOSError(EIO)
112 | 
113 |     def truncate(self,path,length,fh=None):
114 |         raise FuseOSError(EIO)
115 | 
116 |     def unlink(self,path):
117 |         raise FuseOSError(EIO)
118 | 
119 |     def utimens(self,path,times=None):
120 |         raise FuseOSError(EIO)
121 | 
122 |     def write(self,path,data,offset,fh):
123 |         raise FuseOSError(EIO)
124 | 
125 |     def flush(self,path,fh):
126 |         pass
127 |     def release(self,path,fh):
128 |         pass
129 | 
130 | if len(argv) != 3:
131 |     print('usage: {name} <NCCH> <mountpoint>'.format(name=argv[0]))
132 |     exit(1)
133 | logging.basicConfig(level=logging.DEBUG)
134 | fuse = FUSE(NCCH(argv[1], argv[2]),argv[2],foreground=True)
135 | 


--------------------------------------------------------------------------------
/fuse_3ds/ciafuse.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | from fuse_3ds import cia
  3 | 
  4 | import logging
  5 | from errno import ENOENT, EIO
  6 | from stat import S_IFDIR, S_IFLNK, S_IFREG
  7 | from sys import argv, exit
  8 | from time import time
  9 | import subprocess
 10 | from fuse import FUSE, FuseOSError, Operations, LoggingMixIn
 11 | 
 12 | class CIA(LoggingMixIn, Operations):
 13 |     'Read only filesystem for CIA files.'
 14 |     def __init__(self,fname,mount):
 15 |         self.files={}
 16 |         self.f = open(fname,"rb")
 17 |         self.cia = cia.CIA(self.f)
 18 |         self.fd = 0
 19 |         now = time()
 20 |         self.files["/"] = dict(st_mode=(S_IFDIR | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2)
 21 |         self.files["/dec.cia"] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.cia.size, st_blocks=(self.cia.size+511)//512)
 22 |         self.files["/ticket"] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.cia.tikSize, st_blocks=(self.cia.tikSize+511)//512)
 23 |         self.files["/tmd"] = dict(st_mode=(S_IFREG | 0o555), st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.cia.tmdSize, st_blocks=(self.cia.tmdSize+511)//512)
 24 |         for no in range(self.cia.tmd.contentCount):
 25 |             ending=".cfa"
 26 |             if no == 0:
 27 |                 ending=".cxi"
 28 |             self.files["/"+str(no)+ending]=dict(st_mode=(S_IFREG | 0o555),st_ctime=now, st_mtime=now, st_atime=now, st_nlink=2, st_size=self.cia.tmd.contents[no]["size"], st_blocks=(self.cia.tmd.contents[no]["size"]+511)//512)
 29 | 
 30 | 
 31 |     def chmod(self,path,mode):
 32 |         raise FuseOSError(EIO) #IT'S RO
 33 | 
 34 |     def chown(self, path, uid, gid):
 35 |         raise FuseOSError(EIO)
 36 | 
 37 |     def create(self,path,mode):
 38 |         raise FuseOSError(EIO)
 39 | 
 40 |     def getattr(self,path,fh=None):
 41 |         if path not in self.files:
 42 |             raise FuseOSError(ENOENT)
 43 | 
 44 |         return self.files[path]
 45 | 
 46 |     def getxattr(self,path,name,position=0):
 47 |         return ''
 48 | 
 49 |     def listxattr(self, path):
 50 |         return []
 51 | 
 52 |     def mkdir(self,path,mode):
 53 |         raise FuseOSError(EIO)
 54 | 
 55 |     def open(self,path,flags):
 56 |         self.fd += 1
 57 |         return self.fd
 58 |     def readDecCIA(self,path,size,offset):
 59 |         #Ok, read the decrypted CIA
 60 |         #If offset is before the actual contents, read that instead
 61 |         data=b''
 62 |         s=False
 63 |         if offset < self.cia.contentOff:
 64 |             s=True
 65 |             data=self.cia.getDecHeader()
 66 |             data=data[offset:offset+size]
 67 |             if len(data) == size:
 68 |                 return data
 69 |         offset-=self.cia.contentOff
 70 |         if offset < 0:
 71 |             offset = 0
 72 |         #If not, or if not enough data is read, start in the correct sector, and read more than asked
 73 |         data+=self.cia.read(offset//512,((size-len(data))//512)+2)
 74 |         #Remove data at the beginning
 75 |         if s:
 76 |             data=data[offset%512:]
 77 |         #remove trailing data
 78 |         data=data[:size]
 79 |         return data
 80 |     def readContent(self,path,size,offset,content):
 81 |         start=self.cia.startSec(content)
 82 |         data=self.cia.read((offset//512)+start,(size//512)+2)
 83 |         data=data[offset%512:]
 84 |         data=data[:size]
 85 |         return data
 86 |     def read(self,path,size,offset,fh):
 87 |         if path == "/dec.cia":
 88 |             return self.readDecCIA(path,size,offset)
 89 |         if path == "/ticket":
 90 |             data=self.cia.ticket.decrypt()
 91 |             return data[offset:offset+size]
 92 |         if path == "/tmd":
 93 |             data=self.cia.tmd.decrypt()
 94 |             return data[offset:offset+size]
 95 |         for no in range(self.cia.tmd.contentCount):
 96 |             ending=".cfa"
 97 |             if no == 0:
 98 |                 ending=".cxi"
 99 |             if path == "/"+str(no)+ending:
100 |                 #Found it!
101 |                 return self.readContent(path,size,offset,no)
102 | 
103 |         raise FuseOSError(EIO)
104 | 
105 | 
106 |     def readdir(self, path, fh):
107 |         return ['.', '..'] + [x[1:] for x in self.files if x != '/']
108 | 
109 |     def readlink(self, path):
110 |         return self.data[path]
111 | 
112 |     def removexattr(self, path, name):
113 |         raise FuseOSError(EIO)
114 | 
115 |     def rename(self, old, new):
116 |         raise FuseOSError(EIO)
117 | 
118 |     def rmdir(self, path):
119 |         raise FuseOSError(EIO)
120 | 
121 |     def setxattr(self,path,name,value,options,position=0):
122 |         raise FuseOSError(EIO)
123 | 
124 |     def statfs(self,path):
125 |         return dict(f_bsize=512, f_blocks=4096, f_bavail=0)
126 | 
127 |     def symlink(self,target,source):
128 |         raise FuseOSError(EIO)
129 | 
130 |     def truncate(self,path,length,fh=None):
131 |         raise FuseOSError(EIO)
132 | 
133 |     def unlink(self,path):
134 |         raise FuseOSError(EIO)
135 | 
136 |     def utimens(self,path,times=None):
137 |         raise FuseOSError(EIO)
138 | 
139 |     def write(self,path,data,offset,fh):
140 |         raise FuseOSError(EIO)
141 | 
142 |     def flush(self,path,fh):
143 |         pass
144 |     def release(self,path,fh):
145 |         pass
146 | 
147 | if len(argv) != 3:
148 |     print('usage: {name} <CIA> <mountpoint>'.format(name=argv[0]))
149 |     exit(1)
150 | logging.basicConfig(level=logging.WARNING)
151 | fuse = FUSE(CIA(argv[1], argv[2]),argv[2],foreground=False)
152 | 


--------------------------------------------------------------------------------
/fuse_3ds/romfs.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | import struct
  3 | from errno import ENOENT, EIO
  4 | from stat import S_IFDIR, S_IFLNK, S_IFREG
  5 | from time import time
  6 | from fuse import Operations, LoggingMixIn
  7 | class romfsFile:
  8 |     def __repr__(self):
  9 |         if self.isdir:
 10 |             s = "Directory '{}' with subdirs [".format(self.name)
 11 |             for subdir in self.children:
 12 |                 s+=subdir.name+", "
 13 |             s+="] and files ["
 14 |             for fil in self.files:
 15 |                 s+=fil.name+", "
 16 |             s+="]."
 17 |             return s
 18 |         return "File '{}' of size {} at {}".format(self.name,hex(self.length),hex(self.off))
 19 | class RomFSBase(LoggingMixIn, Operations):
 20 |     def traverse(self):
 21 |         parent,sibling,child,ffile,namelen=struct.unpack("<IIIIxxxxI",self.f.read(0x18))
 22 |         fi = romfsFile()
 23 |         fi.isdir=True
 24 |         fi.name=self.f.read(namelen)
 25 |         fi.name=fi.name.decode("UTF-16")
 26 |         if len(fi.name) != 0:
 27 |             if fi.name[-1] == '\x00':
 28 |                 fi.name=fi.name[:-1]
 29 |         fi.siblings=[]
 30 |         if sibling != 0xFFFFFFFF:
 31 |             self.f.seek(self.dirmetaOff+sibling)
 32 |             siblin = self.traverse()
 33 |             fi.siblings=[siblin]+siblin.siblings
 34 |         fi.children=[]
 35 |         if child != 0xFFFFFFFF:
 36 |             self.f.seek(self.dirmetaOff+child)
 37 |             chld = self.traverse()
 38 |             fi.children=[chld]+chld.siblings
 39 |         fi.files=[]
 40 |         if ffile != 0xFFFFFFFF:
 41 |             self.f.seek(self.filemetaOff+ffile)
 42 |             fil = self.traverse_file()
 43 |             fi.files=[fil]+fil.siblings
 44 |         return fi
 45 |     def traverse_file(self):
 46 |         parent,sibling,dataoff,datalen,namelen=struct.unpack("<IIQQxxxxI",self.f.read(0x20))
 47 |         fi = romfsFile()
 48 |         fi.isdir=False
 49 |         fi.name=self.f.read(namelen).decode("UTF-16")
 50 |         if len(fi.name) != 0:
 51 |             if fi.name[-1] == '\x00':
 52 |                 fi.name=fi.name[:-1]
 53 |         fi.siblings=[]
 54 |         if sibling != 0xFFFFFFFF:
 55 |             self.f.seek(self.filemetaOff+sibling)
 56 |             siblin = self.traverse_file()
 57 |             fi.siblings=[siblin]+siblin.siblings
 58 |         fi.off=dataoff
 59 |         fi.length=datalen
 60 |         return fi
 61 |     def gentree(self,fi,path=""):
 62 |         name=path+fi.name
 63 |         root=False
 64 |         if name=="":
 65 |             root=True
 66 |             name="/"
 67 |         if fi.isdir:
 68 |             name+="/"
 69 |             self.files[name[:-1]]=dict(st_mode=(S_IFDIR | 0o555), st_ctime=self.now, st_mtime=self.now, st_atime=self.now, st_nlink=2)
 70 |             if root:
 71 |                 name=name[:-1]
 72 |             for subdir in fi.children:
 73 |                 self.gentree(subdir, name)
 74 |             for fil in fi.files:
 75 |                 self.gentree(fil, name)
 76 |             return
 77 |         self.filelocs[name] = fi.off
 78 |         self.files[name]=dict(st_mode=(S_IFREG | 0o555), st_ctime=self.now, st_mtime=self.now, st_atime=self.now, st_nlink=2, st_size=fi.length, st_blocks=(fi.length+511)//512)
 79 |     def __init__(self,f,mount, noivfc=False):
 80 |         def align(a,b):
 81 |             if a%b:
 82 |                 return a-(a%b)+b
 83 |             return a
 84 |         self.f=f
 85 |         self.off=f.tell()
 86 |         if not noivfc:
 87 |             print("Reading header")
 88 |             self.header=self.f.read(0x5C)
 89 |             if self.header[:4] == b"IVFC":
 90 |                 raise ValueError("This is not a ROMfs!")
 91 |             masterhashsize=struct.unpack("<I",self.header[0x08:0x0C])[0]
 92 |             hashblocksize=1<<struct.unpack("<I",self.header[0x4C:0x50])[0]
 93 |             v=align(0x5C+masterhashsize,hashblocksize)
 94 |             v+=self.off
 95 |             self.f.seek(v)
 96 |         else:
 97 |             v=self.off
 98 |         print("Reading l3 header")
 99 |         self.level3h=self.f.read(0x28)
100 |         self.dirmetaOff,self.dirmetaSize,self.filemetaOff,self.filemetaSize,self.fileDataOff=struct.unpack("<IIxxxxxxxxIII",self.level3h[0xC:0x28])
101 |         self.dirmetaOff+=v
102 |         self.filemetaOff+=v
103 |         self.fileDataOff+=v
104 |         self.f.seek(self.dirmetaOff)
105 |         print("Reading the directory tree. This can take a while…")
106 |         self.root=self.traverse()
107 |         self.filelocs={}
108 |         self.fd=1
109 |         self.now=time()
110 |         self.files={}
111 |         self.gentree(self.root)
112 |     def chmod(self, path, mode):
113 |         raise FuseOSError(EIO)
114 |     def chown(self, path, uid, gid):
115 |         raise FuseOSError(EIO)
116 |     def create(self, path, mode):
117 |         raise FuseOSError(EIO)
118 |     def getattr(self,path,fh=None):
119 |         if path not in self.files:
120 |             raise FuseOSError(ENOENT)
121 |         return self.files[path]
122 |     def getxattr(self,path,name,position=0):
123 |         return ''
124 |     def listxattr(self,path):
125 |         return []
126 |     def mkdir(self,path,mode):
127 |         raise FuseOSError(EIO)
128 |     def open(self,path,flags):
129 |         self.fd+=1
130 |         return self.fd
131 |     def read(self,path,size,offset,fh):
132 |         self.f.seek(self.filelocs[path]+offset+self.fileDataOff)
133 |         return self.f.read(size)
134 |     def readdir(self, path, fh):
135 |         print(path)
136 |         files=['.','..']
137 |         for fi in self.files.keys():
138 |             sp=fi.split("/")
139 |             if len(sp) != 2 or path != "/":
140 |                 if '/'.join(sp[:-1]) != path:
141 |                     continue
142 |             if fi=="/":
143 |                 continue
144 |             files.append(sp[-1])
145 |         return files
146 |     def readlink(self, path):
147 |         return self.data[path]
148 |     def removexattr(self, path, name):
149 |         raise FuseOSError(EIO)
150 |     def rename(self, old, new):
151 |         raise FuseOSError(EIO)
152 |     def rmdir(self, path):
153 |         raise FuseOSError(EIO)
154 |     def setxattr(self, path, name, value, options, position=0):
155 |         raise FuseOSError(EIO)
156 |     def statfs(self,path):
157 |         return dict(f_bsize=512, f_blocks=4096, f_bavail=0)
158 |     def symlink(self, target, source):
159 |         raise FuseOSError(EIO)
160 |     def truncate(self,path,length,fh=None):
161 |         raise FuseOSError(EIO)
162 |     def unlink(self,path):
163 |         raise FuseOSError(EIO)
164 |     def utimens(self,path,times=None):
165 |         raise FuseOSError(EIO)
166 |     def write(self,path,data,offset,fh):
167 |         raise FuseOSError(EIO)
168 |     def flush(self,path,fh):
169 |         pass
170 |     def release(self,path,fh):
171 |         pass
172 | 
173 | 


--------------------------------------------------------------------------------