ashquarky · April 6, 2021 04:38
diff --git a/FSODM_PowerOnAuth.c b/FSODM_PowerOnAuth.c
 byte a[0x20]; //aka +40050
 byte b[0x10]; //aka +40090

 byte c[0x20]; //aka +40070
 byte d[0x10]; //aka +400b0

 byte final_key[unknown]; //aka +409cc

 /* FSODM_CmdAuthATA always assumes 0x20 byte buffers, though the drive could be ignoring some bytes */

 int FSODM_PowerOnAuth() {
    int ret;
    byte key[0x10];
    memcpy(key, FSODM_Key, 0x10); //assumed this is a key anyway
    
 /*  for stage 0, arg is *only written to* by the drive */
    ret = FSODM_CmdAuthATA(0, a);
    if (ret) { printf("ODM: (sc0) failed\n"); return ret; }
    
 /*  Dedicated IOS_CRYPTO API just for this, which is interesting
 *  Note how b is smaller than a, could be misinterpreting the call */
    ret = IOSC_ODMEncrypt(0xC, key, sizeof(key), a, sizeof(a), b, sizeof(b));
    if (ret) { printf("ODM: (sc0) failed to Encrypt\n"); return ret; }

 /*  for stage 1, arg is *read and (possibly) written* by the drive. */
    ret = FSODM_CmdAuthATA(1, b);
    if (ret) { printf("ODM: (sc1) failed\n"); return ret; }
    
 /*  for stage 2, arg is *only written to* by the drive. */
    ret = FSODM_CmdAuthATA(2, c);
    if (ret) { printf("ODM: CBC-MAC Authentication probably failed.\nODM: (sc2) failed\n"); return ret; }
    
    for (;;) {
        ret = IOSC_GenerateRand(d, 0x10); //fills d with random
        if (ret < 0) return ret;
        
        ret = FSODM_UnknownMathFunction(d, c, 0x10);
        if (ret != 0) break;
    }

 /*  for stage 3, arg is *read and (possibly) written* by the drive. */
    ret = FSODM_CmdAuthATA(3, d); //note this is *d*
    if (ret) { printf("ODM: (sc3) failed\n"); return ret; }
    
    IOSC_ODMGenerateSessionKey(0, d, 0x10, c, 0x10, final_key);
    if (ret) { printf("ODM: failed to generate session key\n"); return ret; }

    return 0;
 }
	byte a[0x20]; //aka +40050
	byte b[0x10]; //aka +40090

	byte c[0x20]; //aka +40070
	byte d[0x10]; //aka +400b0

	byte final_key[unknown]; //aka +409cc

	/* FSODM_CmdAuthATA always assumes 0x20 byte buffers, though the drive could be ignoring some bytes */

	int FSODM_PowerOnAuth() {
	int ret;
	byte key[0x10];
	memcpy(key, FSODM_Key, 0x10); //assumed this is a key anyway

	/* for stage 0, arg is only written to by the drive */
	ret = FSODM_CmdAuthATA(0, a);
	if (ret) { printf("ODM: (sc0) failed\n"); return ret; }

	/* Dedicated IOS_CRYPTO API just for this, which is interesting
	* Note how b is smaller than a, could be misinterpreting the call */
	ret = IOSC_ODMEncrypt(0xC, key, sizeof(key), a, sizeof(a), b, sizeof(b));
	if (ret) { printf("ODM: (sc0) failed to Encrypt\n"); return ret; }

	/* for stage 1, arg is read and (possibly) written by the drive. */
	ret = FSODM_CmdAuthATA(1, b);
	if (ret) { printf("ODM: (sc1) failed\n"); return ret; }

	/* for stage 2, arg is only written to by the drive. */
	ret = FSODM_CmdAuthATA(2, c);
	if (ret) { printf("ODM: CBC-MAC Authentication probably failed.\nODM: (sc2) failed\n"); return ret; }

	for (;;) {
	ret = IOSC_GenerateRand(d, 0x10); //fills d with random
	if (ret < 0) return ret;

	ret = FSODM_UnknownMathFunction(d, c, 0x10);
	if (ret != 0) break;
	}

	/* for stage 3, arg is read and (possibly) written by the drive. */
	ret = FSODM_CmdAuthATA(3, d); //note this is d
	if (ret) { printf("ODM: (sc3) failed\n"); return ret; }

	IOSC_ODMGenerateSessionKey(0, d, 0x10, c, 0x10, final_key);
	if (ret) { printf("ODM: failed to generate session key\n"); return ret; }

	return 0;
	}