diff --git a/Source/Core/Core/Config/MainSettings.cpp b/Source/Core/Core/Config/MainSettings.cpp index 55739e0c38..9ab3342283 100644 --- a/Source/Core/Core/Config/MainSettings.cpp +++ b/Source/Core/Core/Config/MainSettings.cpp @@ -102,8 +102,6 @@ const ConfigInfo MAIN_PERF_MAP_DIR{{System::Main, "Core", "PerfMapD const ConfigInfo MAIN_CUSTOM_RTC_ENABLE{{System::Main, "Core", "EnableCustomRTC"}, false}; // Default to seconds between 1.1.1970 and 1.1.2000 const ConfigInfo MAIN_CUSTOM_RTC_VALUE{{System::Main, "Core", "CustomRTCValue"}, 946684800}; -const ConfigInfo MAIN_ENABLE_SIGNATURE_CHECKS{{System::Main, "Core", "EnableSignatureChecks"}, - true}; const ConfigInfo MAIN_REDUCE_POLLING_RATE{{System::Main, "Core", "ReducePollingRate"}, false}; const ConfigInfo MAIN_AUTO_DISC_CHANGE{{System::Main, "Core", "AutoDiscChange"}, false}; diff --git a/Source/Core/Core/Config/MainSettings.h b/Source/Core/Core/Config/MainSettings.h index 88d10d101d..6629ec434e 100644 --- a/Source/Core/Core/Config/MainSettings.h +++ b/Source/Core/Core/Config/MainSettings.h @@ -76,7 +76,6 @@ extern const ConfigInfo MAIN_GPU_DETERMINISM_MODE; extern const ConfigInfo MAIN_PERF_MAP_DIR; extern const ConfigInfo MAIN_CUSTOM_RTC_ENABLE; extern const ConfigInfo MAIN_CUSTOM_RTC_VALUE; -extern const ConfigInfo MAIN_ENABLE_SIGNATURE_CHECKS; extern const ConfigInfo MAIN_REDUCE_POLLING_RATE; extern const ConfigInfo MAIN_AUTO_DISC_CHANGE; diff --git a/Source/Core/Core/ConfigManager.cpp b/Source/Core/Core/ConfigManager.cpp index 3ef072a955..1aa1b3f0a6 100644 --- a/Source/Core/Core/ConfigManager.cpp +++ b/Source/Core/Core/ConfigManager.cpp @@ -242,7 +242,6 @@ void SConfig::SaveCoreSettings(IniFile& ini) core->Set("PerfMapDir", m_perfDir); core->Set("EnableCustomRTC", bEnableCustomRTC); core->Set("CustomRTCValue", m_customRTCValue); - core->Set("EnableSignatureChecks", m_enable_signature_checks); } void SConfig::SaveMovieSettings(IniFile& ini) @@ -529,7 +528,6 @@ void SConfig::LoadCoreSettings(IniFile& ini) core->Get("EnableCustomRTC", &bEnableCustomRTC, false); // Default to seconds between 1.1.1970 and 1.1.2000 core->Get("CustomRTCValue", &m_customRTCValue, 946684800); - core->Get("EnableSignatureChecks", &m_enable_signature_checks, true); } void SConfig::LoadMovieSettings(IniFile& ini) diff --git a/Source/Core/Core/ConfigManager.h b/Source/Core/Core/ConfigManager.h index e9e9d43bef..1364001af9 100644 --- a/Source/Core/Core/ConfigManager.h +++ b/Source/Core/Core/ConfigManager.h @@ -167,8 +167,6 @@ struct SConfig std::set> m_usb_passthrough_devices; bool IsUSBDeviceWhitelisted(std::pair vid_pid) const; - bool m_enable_signature_checks = true; - // Fifo Player related settings bool bLoopFifoReplay = true; diff --git a/Source/Core/Core/IOS/ES/ES.cpp b/Source/Core/Core/IOS/ES/ES.cpp index c28ffd29df..40d10f87c4 100644 --- a/Source/Core/Core/IOS/ES/ES.cpp +++ b/Source/Core/Core/IOS/ES/ES.cpp @@ -842,9 +842,6 @@ static const std::string CERT_STORE_PATH = "/sys/cert.sys"; ReturnCode ES::ReadCertStore(std::vector* buffer) const { - if (!SConfig::GetInstance().m_enable_signature_checks) - return IPC_SUCCESS; - const auto store_file = m_ios.GetFS()->OpenFile(PID_KERNEL, PID_KERNEL, CERT_STORE_PATH, FS::Mode::Read); if (!store_file) @@ -885,9 +882,6 @@ ReturnCode ES::VerifyContainer(VerifyContainerType type, VerifyMode mode, const IOS::ES::SignedBlobReader& signed_blob, const std::vector& cert_chain, u32* issuer_handle_out) { - if (!SConfig::GetInstance().m_enable_signature_checks) - return IPC_SUCCESS; - if (!signed_blob.IsSignatureValid()) return ES_EINVAL; diff --git a/Source/Core/Core/IOS/ES/ES.h b/Source/Core/Core/IOS/ES/ES.h index 184fed3fa4..b2a0e0e802 100644 --- a/Source/Core/Core/IOS/ES/ES.h +++ b/Source/Core/Core/IOS/ES/ES.h @@ -110,11 +110,18 @@ public: // Ticket is unpersonalised, so ignore any console specific decryption data. Unpersonalised, }; + enum class VerifySignature + { + No, + Yes, + }; ReturnCode ImportTicket(const std::vector& ticket_bytes, const std::vector& cert_chain, - TicketImportType type = TicketImportType::PossiblyPersonalised); + TicketImportType type = TicketImportType::PossiblyPersonalised, + VerifySignature verify_signature = VerifySignature::Yes); ReturnCode ImportTmd(Context& context, const std::vector& tmd_bytes); ReturnCode ImportTitleInit(Context& context, const std::vector& tmd_bytes, - const std::vector& cert_chain); + const std::vector& cert_chain, + VerifySignature verify_signature = VerifySignature::Yes); ReturnCode ImportContentBegin(Context& context, u64 title_id, u32 content_id); ReturnCode ImportContentData(Context& context, u32 content_fd, const u8* data, u32 data_size); ReturnCode ImportContentEnd(Context& context, u32 content_fd); diff --git a/Source/Core/Core/IOS/ES/Identity.cpp b/Source/Core/Core/IOS/ES/Identity.cpp index fd2ea1b9f5..1635202876 100644 --- a/Source/Core/Core/IOS/ES/Identity.cpp +++ b/Source/Core/Core/IOS/ES/Identity.cpp @@ -120,12 +120,6 @@ IPCCommandResult ES::Sign(const IOCtlVRequest& request) ReturnCode ES::VerifySign(const std::vector& hash, const std::vector& ecc_signature, const std::vector& certs_bytes) { - if (!SConfig::GetInstance().m_enable_signature_checks) - { - WARN_LOG(IOS_ES, "VerifySign: signature checks are disabled. Skipping."); - return IPC_SUCCESS; - } - const std::map certs = IOS::ES::ParseCertChain(certs_bytes); if (certs.empty()) return ES_EINVAL; diff --git a/Source/Core/Core/IOS/ES/TitleManagement.cpp b/Source/Core/Core/IOS/ES/TitleManagement.cpp index 612f04d9ab..21d4b6cdbd 100644 --- a/Source/Core/Core/IOS/ES/TitleManagement.cpp +++ b/Source/Core/Core/IOS/ES/TitleManagement.cpp @@ -51,7 +51,7 @@ void ES::TitleImportExportContext::DoState(PointerWrap& p) } ReturnCode ES::ImportTicket(const std::vector& ticket_bytes, const std::vector& cert_chain, - TicketImportType type) + TicketImportType type, VerifySignature verify_signature) { IOS::ES::TicketReader ticket{ticket_bytes}; if (!ticket.IsValid()) @@ -75,10 +75,13 @@ ReturnCode ES::ImportTicket(const std::vector& ticket_bytes, const std::vect } } - const ReturnCode verify_ret = - VerifyContainer(VerifyContainerType::Ticket, VerifyMode::UpdateCertStore, ticket, cert_chain); - if (verify_ret != IPC_SUCCESS) - return verify_ret; + if (verify_signature != VerifySignature::No) + { + const ReturnCode verify_ret = VerifyContainer(VerifyContainerType::Ticket, + VerifyMode::UpdateCertStore, ticket, cert_chain); + if (verify_ret != IPC_SUCCESS) + return verify_ret; + } const ReturnCode write_ret = WriteTicket(m_ios.GetFS().get(), ticket); if (write_ret != IPC_SUCCESS) @@ -206,7 +209,7 @@ static ReturnCode InitTitleImportKey(const std::vector& ticket_bytes, IOSC& } ReturnCode ES::ImportTitleInit(Context& context, const std::vector& tmd_bytes, - const std::vector& cert_chain) + const std::vector& cert_chain, VerifySignature verify_signature) { INFO_LOG(IOS_ES, "ImportTitleInit"); ResetTitleImportContext(&context, m_ios.GetIOSC()); @@ -220,24 +223,32 @@ ReturnCode ES::ImportTitleInit(Context& context, const std::vector& tmd_byte // Finish a previous import (if it exists). FinishStaleImport(context.title_import_export.tmd.GetTitleId()); - ReturnCode ret = VerifyContainer(VerifyContainerType::TMD, VerifyMode::UpdateCertStore, - context.title_import_export.tmd, cert_chain); - if (ret != IPC_SUCCESS) - return ret; + ReturnCode ret = IPC_SUCCESS; + + if (verify_signature != VerifySignature::No) + { + ret = VerifyContainer(VerifyContainerType::TMD, VerifyMode::UpdateCertStore, + context.title_import_export.tmd, cert_chain); + if (ret != IPC_SUCCESS) + return ret; + } const auto ticket = FindSignedTicket(context.title_import_export.tmd.GetTitleId()); if (!ticket.IsValid()) return ES_NO_TICKET; - std::vector cert_store; - ret = ReadCertStore(&cert_store); - if (ret != IPC_SUCCESS) - return ret; + if (verify_signature != VerifySignature::No) + { + std::vector cert_store; + ret = ReadCertStore(&cert_store); + if (ret != IPC_SUCCESS) + return ret; - ret = VerifyContainer(VerifyContainerType::Ticket, VerifyMode::DoNotUpdateCertStore, ticket, - cert_store); - if (ret != IPC_SUCCESS) - return ret; + ret = VerifyContainer(VerifyContainerType::Ticket, VerifyMode::DoNotUpdateCertStore, ticket, + cert_store); + if (ret != IPC_SUCCESS) + return ret; + } ret = InitTitleImportKey(ticket.GetBytes(), m_ios.GetIOSC(), &context.title_import_export.key_handle); diff --git a/Source/Core/Core/WiiUtils.cpp b/Source/Core/Core/WiiUtils.cpp index 007d6ee202..f22decaf19 100644 --- a/Source/Core/Core/WiiUtils.cpp +++ b/Source/Core/Core/WiiUtils.cpp @@ -46,7 +46,8 @@ namespace WiiUtils { -static bool ImportWAD(IOS::HLE::Kernel& ios, const DiscIO::VolumeWAD& wad) +static bool ImportWAD(IOS::HLE::Kernel& ios, const DiscIO::VolumeWAD& wad, + IOS::HLE::Device::ES::VerifySignature verify_signature) { if (!wad.GetTicket().IsValid() || !wad.GetTMD().IsValid()) { @@ -59,28 +60,20 @@ static bool ImportWAD(IOS::HLE::Kernel& ios, const DiscIO::VolumeWAD& wad) IOS::HLE::Device::ES::Context context; IOS::HLE::ReturnCode ret; - const bool checks_enabled = SConfig::GetInstance().m_enable_signature_checks; // Ensure the common key index is correct, as it's checked by IOS. IOS::ES::TicketReader ticket = wad.GetTicketWithFixedCommonKey(); while ((ret = es->ImportTicket(ticket.GetBytes(), wad.GetCertificateChain(), - IOS::HLE::Device::ES::TicketImportType::Unpersonalised)) < 0 || - (ret = es->ImportTitleInit(context, tmd.GetBytes(), wad.GetCertificateChain())) < 0) + IOS::HLE::Device::ES::TicketImportType::Unpersonalised, + verify_signature)) < 0 || + (ret = es->ImportTitleInit(context, tmd.GetBytes(), wad.GetCertificateChain(), + verify_signature)) < 0) { - if (checks_enabled && ret == IOS::HLE::IOSC_FAIL_CHECKVALUE && - AskYesNoT("This WAD has not been signed by Nintendo. Continue to import?")) - { - SConfig::GetInstance().m_enable_signature_checks = false; - continue; - } - if (ret != IOS::HLE::IOSC_FAIL_CHECKVALUE) PanicAlertT("WAD installation failed: Could not initialise title import (error %d).", ret); - SConfig::GetInstance().m_enable_signature_checks = checks_enabled; return false; } - SConfig::GetInstance().m_enable_signature_checks = checks_enabled; const bool contents_imported = [&]() { const u64 title_id = tmd.GetTitleId(); @@ -148,7 +141,8 @@ bool InstallWAD(IOS::HLE::Kernel& ios, const DiscIO::VolumeWAD& wad, InstallType if (previous_temporary_title_id) ios.GetES()->DeleteTitleContent(previous_temporary_title_id); - if (!ImportWAD(ios, wad)) + // A lot of people use fakesigned WADs, so disable signature checking when installing a WAD. + if (!ImportWAD(ios, wad, IOS::HLE::Device::ES::VerifySignature::No)) return false; // Keep track of the title ID so this title can be removed to make room for any future install. @@ -738,7 +732,8 @@ UpdateResult DiscSystemUpdater::ProcessEntry(u32 type, std::bitset<32> attrs, return UpdateResult::DiscReadFailed; } const DiscIO::VolumeWAD wad{std::move(blob)}; - return ImportWAD(m_ios, wad) ? UpdateResult::Succeeded : UpdateResult::ImportFailed; + const bool success = ImportWAD(m_ios, wad, IOS::HLE::Device::ES::VerifySignature::Yes); + return success ? UpdateResult::Succeeded : UpdateResult::ImportFailed; } UpdateResult DoOnlineUpdate(UpdateCallback update_callback, const std::string& region)