modified on 4 January 2014 at 19:09 ••• 7,075 views

Title metadata

From 3dbrew

Jump to: navigation, search

Title metadata is a format used to store information about a title (installed title, DLC, etc.) and all its installed contents, including which contents they consist of and their SHA256 hashes.

Code is available by trap15 to parse the available information from the 3DS format of TMDs.

Contents

[edit] Structure

All the data in the file represented in Big Endian.

Offset Size Description
0x0YSignature Data
Y 0xC4Header
0xC4 + Y0x24*64Content Info Records.
0x9C4 + Y0x30*ContentCountContent Chunk Records.

[edit] Signature Data

The total size of this section is referred to as "Y" in the overall TMD structure. The signature is of the header of the TMD.

Offset Size Description
0x00x4Signature Type
0x4 XSignature
0x4 + X Padding Aligning the signature data to 0x40 bytes

[edit] Signature Type

Value Signature Method Signature Size Padding Size
0x010000 RSA_4096 SHA1 (Unused for 3DS) 0x200 0x3C
0x010001 RSA_2048 SHA1 (Unused for 3DS) 0x100 0x3C
0x010002 Elliptic Curve with SHA1 (Unused for 3DS) 0x3C 0x40
0x010003 RSA_4096 SHA256 0x200 0x3C
0x010004 RSA_2048 SHA256 0x100 0x3C
0x010005 ECDSA with SHA256 0x3C 0x40

The hash for the signature, is calculated over the header of the TMD

[edit] Header

Offset Size Description
0x00x40Signature Issuer
0x400x1Version
0x410x1ca_crl_version
0x420x1signer_crl_version
0x430x1Reserved
0x440x8System Version
0x4C0x8Title ID
0x540x4Title Type
0x580x2Group ID
0x5A0x4Save Data Size (Bytes) (Also SRL Public Save Data Size)
0x5E0x4SRL Private Save Data Size (Bytes)
0x620x4Reserved
0x660x1SRL Flag
0x670x31Reserved
0x980x4Access Rights
0x9C0x2Title Version
0x9E0x02Content Count
0xA00x2Boot Content
0xA20x2Padding
0xA40x20SHA-256 Hash of the Content Info Records

[edit] Content Info Records

There are 64 of these records, usually only the first is used.

Offset Size Description
0x00 2 Content index offset
0x02 2 Content command count [k]
0x04 0x20 SHA-256 hash of the next k content records that have not been hashed yet

[edit] Content chunk records

There is one of these for each content contained in this title. (Determined by "Content Count" in the TMD Header).

Offset Size Description
0x00 4 Content id
0x04 2 Content index
0x06 2 Content type
0x08 8 Content size
0x10 0x20 SHA-256 hash

[edit] Content Index

This indicates the content type:

Index Content Type
0000 Main Content (.CXI for 3DS executable content/.CFA for 3DS Data Archives/.SRL for TWL content)
0001 Home Menu Manual (.CFA)
0002 DLP Child Container (.CFA)

This does not apply to DLC.

[edit] Content Type flags

Flags Description
1 Encrypted
2 Disc
4 CFM (abbreviation for?)
0x4000 Optional
0x8000 Shared

[edit] Certificate Chain

If the TMD file is obtained from Nintendo's CDN, then it will have two certificates appended at the end of the file:

CERTIFICATE SIGNATURE TYPE RETAIL CERT NAME DEBUG CERT NAME DESCRIPTION
TMD RSA-2048 CP0000000b CP0000000a Used to verify the TMD signature
CA RSA-4096 CA00000003 CA00000004 Used to verify the TMD Certificate

The CA certificate is issued by 'Root', the public key for which is stored in NATIVE_FIRM.

[edit] Example code application

 enum sig_type {
         RSA_2048_SHA256 = 0x00010004,
         RSA_4096_SHA256 = 0x00010003,
         RSA_2048_SHA1   = 0x00010001,
         RSA_4096_SHA1   = 0x00010000
 };
 
// Sorry I removed the example struct because it is wrong.