From f45d1a21b596e1802b349cbae0cece0d3486b710 Mon Sep 17 00:00:00 2001 From: Pablo Curiel Date: Sun, 11 Oct 2020 13:23:58 -0400 Subject: [PATCH] Verify decompressed .rodata segment hash. --- source/nso.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/source/nso.c b/source/nso.c index 0b002f8..9fb67f3 100644 --- a/source/nso.c +++ b/source/nso.c @@ -197,7 +197,8 @@ static bool nsoGetModuleName(NsoContext *nso_ctx) static u8 *nsoGetRodataSegment(NsoContext *nso_ctx) { - bool compressed = (nso_ctx->nso_header.flags & NsoFlags_RoCompress); + int lz4_res = 0; + bool compressed = (nso_ctx->nso_header.flags & NsoFlags_RoCompress), verify = (nso_ctx->nso_header.flags & NsoFlags_RoHash); u8 *rodata_buf = NULL; u64 rodata_buf_size = (compressed ? LZ4_DECOMPRESS_INPLACE_BUFFER_SIZE(nso_ctx->nso_header.rodata_segment_header.size) : nso_ctx->nso_header.rodata_segment_header.size); @@ -205,7 +206,8 @@ static u8 *nsoGetRodataSegment(NsoContext *nso_ctx) u8 *rodata_read_ptr = (compressed ? (rodata_buf + (rodata_buf_size - nso_ctx->nso_header.rodata_file_size)) : rodata_buf); u64 rodata_read_size = (compressed ? nso_ctx->nso_header.rodata_file_size : nso_ctx->nso_header.rodata_segment_header.size); - int lz4_res = 0; + u8 rodata_hash[SHA256_HASH_SIZE] = {0}; + bool success = false; /* Allocate memory for the .rodata buffer. */ @@ -233,6 +235,17 @@ static u8 *nsoGetRodataSegment(NsoContext *nso_ctx) } } + if (verify) + { + /* Verify .rodata segment hash. */ + sha256CalculateHash(rodata_hash, rodata_buf, nso_ctx->nso_header.rodata_segment_header.size); + if (memcmp(rodata_hash, nso_ctx->nso_header.rodata_segment_hash, SHA256_HASH_SIZE) != 0) + { + LOGFILE(".rodata segment checksum mismatch for NRO \"%s\"!", nso_ctx->nso_filename); + goto end; + } + } + success = true; end: