Add support for unknown IPL3 variants

Currently, CIC autodetection features works by calculating a CRC32 of
the IPL3 boot code (header bytes 0x40..0x1000) and checking it against
a known database to know which CIC is expected. This approach cannot
detect unknown IPL3s and is going to be insufficient in the short
future when libdragon releases its own open source IPL3.

A more robust approach is to use the same custom checksum function
used by IPL2, trying to simulate boot with different CICs: that is,
try with different seeds and see if the respective checksum matches.
This basically means that we now have a DB of CIC secrets rather than
IPL3 CRCs: it seems a better compromise if several new IPL3 spawn
from libdragon's.

Author: rasky

drive64/const.go

@@ -3,7 +3,6 @@ package drive64
 import (
 	"errors"
 	"fmt"
-	"hash/crc32"
 )
 
 //go:generate stringer -type=Cmd,Bank,CIC,SaveType,UpgradeStatus -output=const_string.go
@@ -86,6 +85,10 @@ const (
 	CICX105 CIC = 5
 	CICX106 CIC = 6
 	CIC5101 CIC = 7
+	CIC8303 CIC = 8
+	CIC8401 CIC = 9
+	CIC5167 CIC = 10
+	CICDDUS CIC = 11
 )
 
 // Save emulation types supported by 64drive
@@ -122,28 +125,59 @@ func NewCICFromString(name string) (CIC, error) {
 		return CICX106, nil
 	case "5101":
 		return CIC5101, nil
+	case "8303":
+		return CIC8303, nil
+	case "8401":
+		return CIC8401, nil
+	case "5167":
+		return CIC5167, nil
+	case "DDUE":
+		return CICDDUS, nil
 	default:
 		return 0, errors.New("invalid CIC variant")
 	}
 }
 
 // NewCICFromHeader detects a CIC variant from a ROM header
 func NewCICFromHeader(header []uint8) (CIC, error) {
-	crc := crc32.ChecksumIEEE(header[0x40:0x1000])
-	switch crc {
-	case 0x6170A4A1:
+	header = header[0x40:0x1000]
+
+	switch IPL2Checksum(header, 0x3F) {
+	case 0x45cc73ee317a:
 		return CIC6101, nil
-	case 0x90BB6CB5:
+	case 0xa536c0f1d859:
 		return CIC6102, nil
-	case 0x0B050EE0:
+	case 0x44160ec5d9af:
+		return CIC7102, nil
+	}
+
+	switch IPL2Checksum(header, 0x78) {
+	case 0x586fd4709867:
 		return CICX103, nil
-	case 0x98BC2C86:
+	}
+
+	switch IPL2Checksum(header, 0x91) {
+	case 0x8618a45bc2d3:
 		return CICX105, nil
-	case 0xACC8580A:
+	}
+
+	switch IPL2Checksum(header, 0x85) {
+	case 0x2bbad4e6eb74:
 		return CICX106, nil
-	default:
-		return 0, fmt.Errorf("cannot detect CIC from ROM header (%08x)", crc)
 	}
+
+	switch IPL2Checksum(header, 0xDD) {
+	case 0x32b294e2ab90:
+		return CIC8303, nil
+	case 0x6ee8d9e84970:
+		return CIC8401, nil
+	case 0x083c6c77e0b1:
+		return CIC5167, nil
+	case 0x05ba2ef0a5f1:
+		return CICDDUS, nil
+	}
+
+	return 0, errors.New("cannot detect CIC from ROM header")
 }
 
 func NewSaveTypeFromString(name string) (SaveType, error) {

drive64/const_string.go

@@ -0,0 +1,230 @@
+package drive64
+
+import (
+	"encoding/binary"
+)
+
+const MAGIC_NUMBER = 0x6c078965
+
+type ReadCallback func(uint32) uint32
+
+type CheckSumInfo struct {
+	Input        []byte
+	Buffer       [16]uint32
+	ChecksumLow  uint32
+	ChecksumHigh uint32
+}
+
+func checksumFunction(a0, a1, a2 uint32) uint32 {
+	var prod uint64
+	var hi, lo, diff, res uint32
+
+	if a1 == 0 {
+		a1 = a2
+	}
+
+	prod = uint64(a0) * uint64(a1)
+	hi = uint32(prod >> 32)
+	lo = uint32(prod)
+	diff = hi - lo
+	if diff == 0 {
+		res = a0
+	} else {
+		res = diff
+	}
+	return res
+}
+
+func initializeChecksum(seed uint8, input []byte) *CheckSumInfo {
+	var init, data uint32
+	var info CheckSumInfo
+
+	info.Input = input
+
+	init = MAGIC_NUMBER*uint32(seed) + 1
+	data = binary.BigEndian.Uint32(input[0:4])
+	init ^= data
+
+	for loop := 0; loop < 16; loop++ {
+		info.Buffer[loop] = init
+	}
+
+	return &info
+}
+
+func calculateChecksum(info *CheckSumInfo) {
+	var sum, dataIndex, loop, shift, dataShiftedRight, dataShiftedLeft, s2Tmp, s5Tmp, a3Tmp uint32
+	var data, dataNext, dataLast uint32
+
+	if info == nil {
+		return
+	}
+
+	dataIndex = 0
+	loop = 0
+	data = binary.BigEndian.Uint32(info.Input[0:4])
+	for {
+		loop++
+		dataLast = data
+		data = binary.BigEndian.Uint32(info.Input[dataIndex : dataIndex+4])
+
+		sum = checksumFunction(1007-loop, data, loop)
+		info.Buffer[0] += sum
+
+		sum = checksumFunction(info.Buffer[1], data, loop)
+		info.Buffer[1] = sum
+		info.Buffer[2] ^= data
+
+		sum = checksumFunction(data+5, MAGIC_NUMBER, loop)
+		info.Buffer[3] += sum
+
+		if dataLast < data {
+			sum = checksumFunction(info.Buffer[9], data, loop)
+			info.Buffer[9] = sum
+		} else {
+			info.Buffer[9] += data
+		}
+
+		shift = dataLast & 0x1f
+		dataShiftedRight = data >> shift
+		dataShiftedLeft = data << (32 - shift)
+		s5Tmp = dataShiftedRight | dataShiftedLeft
+		info.Buffer[4] += s5Tmp
+
+		dataShiftedLeft = data << shift
+		dataShiftedRight = data >> (32 - shift)
+
+		sum = checksumFunction(info.Buffer[7], dataShiftedLeft|dataShiftedRight, loop)
+		info.Buffer[7] = sum
+
+		if data < info.Buffer[6] {
+			info.Buffer[6] = (info.Buffer[3] + info.Buffer[6]) ^ (data + loop)
+		} else {
+			info.Buffer[6] = (info.Buffer[4] + data) ^ info.Buffer[6]
+		}
+
+		shift = dataLast >> 27
+		dataShiftedRight = data >> (32 - shift)
+		dataShiftedLeft = data << shift
+		s2Tmp = dataShiftedLeft | dataShiftedRight
+		info.Buffer[5] += s2Tmp
+
+		dataShiftedLeft = data << (32 - shift)
+		dataShiftedRight = data >> shift
+
+		sum = checksumFunction(info.Buffer[8], dataShiftedRight|dataShiftedLeft, loop)
+		info.Buffer[8] = sum
+
+		if loop == 1008 {
+			break
+		}
+
+		dataIndex += 4
+		dataNext = binary.BigEndian.Uint32(info.Input[dataIndex : dataIndex+4])
+
+		sum = checksumFunction(info.Buffer[15], s2Tmp, loop)
+
+		shift = data >> 27
+		dataShiftedLeft = dataNext << shift
+		dataShiftedRight = dataNext >> (32 - shift)
+
+		sum = checksumFunction(sum, dataShiftedLeft|dataShiftedRight, loop)
+		info.Buffer[15] = sum
+
+		sum = checksumFunction(info.Buffer[14], s5Tmp, loop)
+
+		shift = data & 0x1f
+		s2Tmp = shift
+		dataShiftedLeft = dataNext << (32 - shift)
+		dataShiftedRight = dataNext >> shift
+
+		sum = checksumFunction(sum, dataShiftedRight|dataShiftedLeft, loop)
+		info.Buffer[14] = sum
+
+		dataShiftedRight = data >> s2Tmp
+		dataShiftedLeft = data << (32 - s2Tmp)
+		a3Tmp = dataShiftedRight | dataShiftedLeft
+
+		shift = dataNext & 0x1f
+		dataShiftedRight = dataNext >> shift
+		dataShiftedLeft = dataNext << (32 - shift)
+
+		info.Buffer[13] += a3Tmp + (dataShiftedRight | dataShiftedLeft)
+
+		sum = checksumFunction(info.Buffer[10]+data, dataNext, loop)
+		info.Buffer[10] = sum
+
+		sum = checksumFunction(info.Buffer[11]^data, dataNext, loop)
+		info.Buffer[11] = sum
+
+		info.Buffer[12] += info.Buffer[8] ^ data
+	}
+}
+
+func finalizeChecksum(info *CheckSumInfo) {
+	var buf [4]uint32
+	var checksum uint64
+	var sum, loop, tmp, s2Tmp, shift, dataShiftedRight, dataShiftedLeft uint32
+
+	if info == nil {
+		return
+	}
+
+	data := info.Buffer[0]
+	buf[0] = data
+	buf[1] = data
+	buf[2] = data
+	buf[3] = data
+
+	for loop = 0; loop < 16; loop++ {
+		data = info.Buffer[loop]
+
+		shift = data & 0x1f
+		dataShiftedLeft = data << (32 - shift)
+		dataShiftedRight = data >> shift
+		tmp = buf[0] + (dataShiftedRight | dataShiftedLeft)
+		buf[0] = tmp
+
+		if data < tmp {
+			buf[1] += data
+		} else {
+			sum = checksumFunction(buf[1], data, loop)
+			buf[1] = sum
+		}
+
+		tmp = (data & 0x02) >> 1
+		s2Tmp = data & 0x01
+
+		if tmp == s2Tmp {
+			buf[2] += data
+		} else {
+			sum = checksumFunction(buf[2], data, loop)
+			buf[2] = sum
+		}
+
+		if s2Tmp == 1 {
+			buf[3] ^= data
+		} else {
+			sum = checksumFunction(buf[3], data, loop)
+			buf[3] = sum
+		}
+	}
+
+	// 0xa4001510
+	sum = checksumFunction(buf[0], buf[1], 16)
+	tmp = buf[3] ^ buf[2]
+
+	checksum = uint64(sum) << 32
+	checksum |= uint64(tmp)
+	checksum &= 0xffffffffffff
+
+	info.ChecksumLow = uint32(checksum)
+	info.ChecksumHigh = uint32(checksum >> 32)
+}
+
+func IPL2Checksum(input []byte, seed uint8) uint64 {
+	info := initializeChecksum(seed, input)
+	calculateChecksum(info)
+	finalizeChecksum(info)
+	return uint64(info.ChecksumHigh)<<32 | uint64(info.ChecksumLow)
+}