Merge pull request #614 from michaeloliverx/iw3-xenon-signed-zone-dumping

feat: dump iw3 xbox signed fastfile data

src/Common/Game/IW3/IW3.h

@@ -11,6 +11,33 @@
 
 namespace IW3
 {
+
+    struct DB_AuthHash
+    {
+        char bytes[32];
+    };
+
+    struct DB_AuthSignature
+    {
+        char bytes[256];
+    };
+
+    struct DB_AuthSubHeader
+    {
+        char fastfileName[32];
+        unsigned int reserved;
+        DB_AuthHash masterBlockHashes[244];
+    };
+
+    struct DB_AuthHeader
+    {
+        char magic[8];
+        unsigned int reserved;
+        DB_AuthHash subheaderHash;
+        DB_AuthSignature signedSubheaderHash;
+        DB_AuthSubHeader subheader;
+    };
+
     struct ScriptStringList
     {
         int count;

src/ZoneCommon/Game/IW3/ZoneConstantsIW3.h

@@ -12,12 +12,29 @@ namespace IW3
         ZoneConstants() = default;
 
     public:
+        static constexpr const char* MAGIC_SIGNED = "IWff0100";
         static constexpr const char* MAGIC_UNSIGNED = "IWffu100";
         static constexpr int ZONE_VERSION_PC = 5;
         static constexpr int ZONE_VERSION_XENON = 1;
 
         static_assert(std::char_traits<char>::length(MAGIC_UNSIGNED) == sizeof(ZoneHeader::m_magic));
 
+        static constexpr const char* MAGIC_AUTH_HEADER = "IWffs100";
+        inline static const uint8_t RSA_PUBLIC_KEY_INFINITY_WARD[270] = {
+            0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xCD, 0x96, 0x50, 0xC8, 0xB2, 0x4E, 0x10, 0xE4, 0x79, 0x05, 0x41, 0x6E, 0x9B, 0xEF,
+            0xCE, 0x51, 0xC4, 0x2D, 0x9E, 0xC9, 0xD1, 0x84, 0x23, 0xF0, 0xAC, 0x22, 0x24, 0x18, 0xE9, 0x9D, 0x28, 0xCB, 0xAF, 0xB4, 0x7F, 0x60, 0xB3,
+            0x67, 0x32, 0x43, 0xFC, 0x0F, 0xA9, 0x70, 0x78, 0x42, 0xCC, 0xA9, 0x86, 0x40, 0xCA, 0x32, 0xCA, 0x82, 0x9B, 0x0C, 0x63, 0xB0, 0x51, 0x89,
+            0x14, 0x29, 0xEA, 0x15, 0x33, 0x3F, 0x7B, 0xEB, 0x66, 0xED, 0xF7, 0x16, 0xF7, 0x45, 0x06, 0xC6, 0x41, 0x62, 0xDE, 0x00, 0x75, 0xFA, 0x8C,
+            0x8F, 0xE5, 0xBF, 0x73, 0xCB, 0x75, 0x2C, 0x44, 0x09, 0x50, 0xD8, 0x1E, 0x51, 0xE2, 0x58, 0xB2, 0x56, 0x6F, 0xE5, 0xF5, 0xC0, 0x20, 0x4F,
+            0x5F, 0x55, 0x8F, 0x8D, 0xD1, 0x37, 0xCC, 0xE8, 0x3B, 0x09, 0x06, 0x2C, 0x5D, 0xB9, 0x7B, 0x8E, 0xE3, 0xC7, 0x83, 0xCB, 0x8F, 0x40, 0x63,
+            0x89, 0xAE, 0x6B, 0x0F, 0xDE, 0x38, 0x5E, 0xD7, 0xF4, 0x65, 0x8C, 0x30, 0x5A, 0x8B, 0x9E, 0xA2, 0x42, 0x03, 0xF7, 0x80, 0xAB, 0xDF, 0xA0,
+            0x8F, 0x95, 0xA0, 0xBB, 0xB6, 0x1D, 0xA3, 0xBD, 0x3B, 0x6F, 0x42, 0x68, 0xDD, 0x42, 0xFB, 0xE6, 0x32, 0x02, 0x3B, 0x08, 0xEE, 0x34, 0x3C,
+            0x8F, 0x1E, 0xE8, 0x59, 0x11, 0x08, 0x09, 0x29, 0xBE, 0x69, 0xB1, 0xD4, 0x55, 0x10, 0x6F, 0xF3, 0x92, 0x17, 0x09, 0x3E, 0x70, 0xA0, 0x1A,
+            0xE6, 0x7D, 0x6D, 0x31, 0xD0, 0xF8, 0x33, 0xDF, 0xF0, 0x29, 0x55, 0x62, 0x1D, 0x5F, 0x3E, 0x8D, 0x3A, 0x1D, 0x5A, 0x13, 0xB0, 0xF9, 0x89,
+            0x89, 0x91, 0x8F, 0x06, 0xBA, 0x3A, 0x37, 0x16, 0xC5, 0x7D, 0x89, 0xEF, 0xEF, 0x63, 0x4E, 0xF3, 0x89, 0x19, 0x06, 0x89, 0xF1, 0x7B, 0xDC,
+            0xF5, 0x6E, 0x36, 0x0A, 0x8B, 0xC8, 0xC4, 0x5D, 0xC2, 0x7D, 0x13, 0x9D, 0x02, 0x03, 0x01, 0x00, 0x01,
+        };
+
         static constexpr size_t AUTHED_CHUNK_SIZE = 0x2000;
         static constexpr unsigned AUTHED_CHUNK_COUNT_PER_GROUP = 256;
 

src/ZoneLoading/Game/IW3/ZoneLoaderFactoryIW3.cpp

@@ -6,12 +6,22 @@
 #include "Game/IW3/GameIW3.h"
 #include "Game/IW3/IW3.h"
 #include "Game/IW3/ZoneConstantsIW3.h"
+#include "Loading/Processor/ProcessorAuthedBlocks.h"
+#include "Loading/Processor/ProcessorCaptureData.h"
 #include "Loading/Processor/ProcessorInflate.h"
 #include "Loading/Steps/StepAddProcessor.h"
 #include "Loading/Steps/StepAllocXBlocks.h"
 #include "Loading/Steps/StepDumpData.h"
+#include "Loading/Steps/StepLoadHash.h"
+#include "Loading/Steps/StepLoadSignature.h"
 #include "Loading/Steps/StepLoadZoneContent.h"
 #include "Loading/Steps/StepLoadZoneSizes.h"
+#include "Loading/Steps/StepRemoveProcessor.h"
+#include "Loading/Steps/StepSkipBytes.h"
+#include "Loading/Steps/StepVerifyFileName.h"
+#include "Loading/Steps/StepVerifyHash.h"
+#include "Loading/Steps/StepVerifyMagic.h"
+#include "Loading/Steps/StepVerifySignature.h"
 #include "Utils/ClassUtils.h"
 #include "Utils/Endianness.h"
 #include "Utils/Logging/Log.h"
@@ -42,6 +52,77 @@ namespace
 
 #undef XBLOCK_DEF
     }
+
+    std::unique_ptr<cryptography::IPublicKeyAlgorithm> SetupRsa(const bool isOfficial)
+    {
+        if (isOfficial)
+        {
+            auto rsa = cryptography::CreateRsa(cryptography::HashingAlgorithm::RSA_HASH_SHA256, cryptography::RsaPaddingMode::RSA_PADDING_PSS);
+
+            if (!rsa->SetKey(ZoneConstants::RSA_PUBLIC_KEY_INFINITY_WARD, sizeof(ZoneConstants::RSA_PUBLIC_KEY_INFINITY_WARD)))
+            {
+                con::error("Invalid public key for signature checking");
+                return nullptr;
+            }
+
+            return rsa;
+        }
+        else
+        {
+            assert(false);
+
+            // TODO: Load custom RSA key here
+            return nullptr;
+        }
+    }
+
+    void AddAuthHeaderSteps(const ZoneLoaderInspectionResult& inspectResult, ZoneLoader& zoneLoader, const std::string& fileName)
+    {
+        // Unsigned zones do not have an auth header
+        if (!inspectResult.m_is_signed)
+            return;
+
+        // If file is signed setup a RSA instance.
+        auto rsa = SetupRsa(inspectResult.m_is_official);
+
+        zoneLoader.AddLoadingStep(step::CreateStepVerifyMagic(ZoneConstants::MAGIC_AUTH_HEADER));
+        zoneLoader.AddLoadingStep(step::CreateStepSkipBytes(4)); // Skip reserved
+
+        auto subHeaderHash = step::CreateStepLoadHash(sizeof(DB_AuthHash::bytes), 1);
+        auto* subHeaderHashPtr = subHeaderHash.get();
+        zoneLoader.AddLoadingStep(std::move(subHeaderHash));
+
+        auto subHeaderHashSignature = step::CreateStepLoadSignature(sizeof(DB_AuthSignature::bytes));
+        auto* subHeaderHashSignaturePtr = subHeaderHashSignature.get();
+        zoneLoader.AddLoadingStep(std::move(subHeaderHashSignature));
+
+        zoneLoader.AddLoadingStep(step::CreateStepVerifySignature(std::move(rsa), subHeaderHashSignaturePtr, subHeaderHashPtr));
+
+        auto subHeaderCapture = processor::CreateProcessorCaptureData(sizeof(DB_AuthSubHeader));
+        auto* subHeaderCapturePtr = subHeaderCapture.get();
+        zoneLoader.AddLoadingStep(step::CreateStepAddProcessor(std::move(subHeaderCapture)));
+
+        zoneLoader.AddLoadingStep(step::CreateStepVerifyFileName(fileName, sizeof(DB_AuthSubHeader::fastfileName)));
+        zoneLoader.AddLoadingStep(step::CreateStepSkipBytes(4)); // Skip reserved
+
+        auto masterBlockHashes =
+            step::CreateStepLoadHash(sizeof(DB_AuthHash::bytes), static_cast<unsigned>(std::extent_v<decltype(DB_AuthSubHeader::masterBlockHashes)>));
+        auto* masterBlockHashesPtr = masterBlockHashes.get();
+        zoneLoader.AddLoadingStep(std::move(masterBlockHashes));
+
+        zoneLoader.AddLoadingStep(step::CreateStepVerifyHash(cryptography::CreateSha256(), 0, subHeaderHashPtr, subHeaderCapturePtr));
+        zoneLoader.AddLoadingStep(step::CreateStepRemoveProcessor(subHeaderCapturePtr));
+
+        // Skip the rest of the first chunk
+        zoneLoader.AddLoadingStep(step::CreateStepSkipBytes(ZoneConstants::AUTHED_CHUNK_SIZE - sizeof(DB_AuthHeader)));
+
+        zoneLoader.AddLoadingStep(step::CreateStepAddProcessor(
+            processor::CreateProcessorAuthedBlocks(ZoneConstants::AUTHED_CHUNK_COUNT_PER_GROUP,
+                                                   ZoneConstants::AUTHED_CHUNK_SIZE,
+                                                   static_cast<unsigned>(std::extent_v<decltype(DB_AuthSubHeader::masterBlockHashes)>),
+                                                   cryptography::CreateSha256(),
+                                                   masterBlockHashesPtr)));
+    }
 } // namespace
 
 std::optional<ZoneLoaderInspectionResult> ZoneLoaderFactory::InspectZoneHeader(const ZoneHeader& header) const
@@ -70,11 +151,23 @@ std::optional<ZoneLoaderInspectionResult> ZoneLoaderFactory::InspectZoneHeader(c
                 .m_endianness = GameEndianness::BE,
                 .m_word_size = GameWordSize::ARCH_32,
                 .m_platform = GamePlatform::XBOX,
-                .m_is_official = false,
+                .m_is_official = true,
                 .m_is_signed = false,
                 .m_is_encrypted = false,
             };
         }
+        if (!memcmp(header.m_magic, ZoneConstants::MAGIC_SIGNED, std::char_traits<char>::length(ZoneConstants::MAGIC_SIGNED)))
+        {
+            return ZoneLoaderInspectionResult{
+                .m_game_id = GameId::IW3,
+                .m_endianness = GameEndianness::BE,
+                .m_word_size = GameWordSize::ARCH_32,
+                .m_platform = GamePlatform::XBOX,
+                .m_is_official = true,
+                .m_is_signed = true,
+                .m_is_encrypted = false,
+            };
+        }
     }
 
     return std::nullopt;
@@ -99,6 +192,9 @@ std::unique_ptr<ZoneLoader> ZoneLoaderFactory::CreateLoaderForHeader(const ZoneH
 
     SetupBlock(*zoneLoader);
 
+    // Add steps for loading the auth header which also contain the signature of the zone if it is signed.
+    AddAuthHeaderSteps(*inspectResult, *zoneLoader, fileName);
+
     zoneLoader->AddLoadingStep(step::CreateStepAddProcessor(processor::CreateProcessorInflate(ZoneConstants::AUTHED_CHUNK_SIZE)));
 
     if (inspectResult->m_endianness == GameEndianness::LE)

src/ZoneLoading/Loading/Processor/ProcessorInflate.cpp

@@ -61,6 +61,8 @@ namespace
 
                 if (ret < 0)
                     throw InvalidCompressionException();
+                if (ret == Z_STREAM_END)
+                    break;
             }
 
             return length - m_stream.avail_out;