From 25fe999a792fbe2b36009ca24b2a23d9708d63a2 Mon Sep 17 00:00:00 2001
From: David Korth <gerbilsoft@gerbilsoft.com>
Date: Wed, 30 Nov 2016 01:01:12 -0500
Subject: [PATCH] Added support for Wii RVT-R disc images.

These disc images are encrypted and signed using a different set of keys.
We only care about the master key, so we check the signature issuer. If
it matches the debug issuer, then we'll use the RVT-R key. Otherwise,
the previous set of common and Korean keys are used.
---
 Source/Core/DiscIO/VolumeCreator.cpp | 39 ++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 11 deletions(-)

diff --git a/Source/Core/DiscIO/VolumeCreator.cpp b/Source/Core/DiscIO/VolumeCreator.cpp
index f338ca1d5d..21988d8b91 100644
--- a/Source/Core/DiscIO/VolumeCreator.cpp
+++ b/Source/Core/DiscIO/VolumeCreator.cpp
@@ -39,6 +39,11 @@ static const unsigned char s_master_key[16] = {0xeb, 0xe4, 0x2a, 0x22, 0x5e, 0x8
 static const unsigned char s_master_key_korean[16] = {
     0x63, 0xb8, 0x2b, 0xb4, 0xf4, 0x61, 0x4e, 0x2e, 0x13, 0xf2, 0xfe, 0xfb, 0xba, 0x4c, 0x9b, 0x7e};
 
+static const unsigned char s_master_key_rvt[16] = {0xa1, 0x60, 0x4a, 0x6a, 0x71, 0x23, 0xb5, 0x29,
+                                                   0xae, 0x8b, 0xec, 0x32, 0xc8, 0x16, 0xfc, 0xaa};
+
+static const char s_issuer_rvt[] = "Root-CA00000002-XS00000006";
+
 static std::unique_ptr<IVolume> CreateVolumeFromCryptedWiiImage(std::unique_ptr<IBlobReader> reader,
                                                                 u32 partition_group,
                                                                 u32 volume_type, u32 volume_number);
@@ -89,18 +94,30 @@ void VolumeKeyForPartition(IBlobReader& _rReader, u64 offset, u8* VolumeKey)
   memset(IV, 0, 16);
   _rReader.Read(offset + 0x44c, 8, IV);
 
-  // Issue: 6813
-  // Magic value is at partition's offset + 0x1f1 (1byte)
-  // If encrypted with the Korean key, the magic value would be 1
-  // Otherwise it is zero
-  u8 using_korean_key = 0;
-  _rReader.Read(offset + 0x1f1, sizeof(u8), &using_korean_key);
-  u8 region = 0;
-  _rReader.Read(0x3, sizeof(u8), &region);
-
   mbedtls_aes_context AES_ctx;
-  mbedtls_aes_setkey_dec(
-      &AES_ctx, (using_korean_key == 1 && region == 'K' ? s_master_key_korean : s_master_key), 128);
+
+  u8 issuer[sizeof(s_issuer_rvt)];
+  _rReader.Read(offset + 0x140, sizeof(issuer), issuer);
+  if (!memcmp(issuer, s_issuer_rvt, sizeof(s_issuer_rvt)))
+  {
+    // RVT issuer. Use the RVT (debug) master key.
+    mbedtls_aes_setkey_dec(&AES_ctx, s_master_key_rvt, 128);
+  }
+  else
+  {
+    // Issue: 6813
+    // Magic value is at partition's offset + 0x1f1 (1byte)
+    // If encrypted with the Korean key, the magic value would be 1
+    // Otherwise it is zero
+    u8 using_korean_key = 0;
+    _rReader.Read(offset + 0x1f1, sizeof(u8), &using_korean_key);
+    u8 region = 0;
+    _rReader.Read(0x3, sizeof(u8), &region);
+
+    mbedtls_aes_setkey_dec(
+        &AES_ctx, (using_korean_key == 1 && region == 'K' ? s_master_key_korean : s_master_key),
+        128);
+  }
 
   mbedtls_aes_crypt_cbc(&AES_ctx, MBEDTLS_AES_DECRYPT, 16, IV, SubKey, VolumeKey);
 }