6,264
edits
Changes
Jump to navigation
Jump to search
Line 186:
Line 186: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 252:
Line 300: − + Line 260:
Line 308: − +
→Keyslots
! Keyslot
! Keyslot
! Description
! Description
! Key-data initialized by ARM9 bootrom
! Key-data initialized by Process9
|-
|-
| 0x00-0x03
| 0x00-0x03
| These are the TWL keyslots, the key-data for these can be set via the REG_AESKEY0-REG_AESKEY3 registers. These keyslots are initialized by NATIVE_FIRM. The console-unique portion of two of these keyslots are only [[CONFIG|initialized]] by NATIVE_FIRM during initial hard-boot.
| These are the TWL keyslots, the key-data for these can be set via the REG_AESKEY0-REG_AESKEY3 registers. These keyslots are initialized by NATIVE_FIRM. The console-unique portion of two of these keyslots are only [[CONFIG|initialized]] by NATIVE_FIRM during initial hard-boot.
|
| Yes
|-
|-
| 0x0D
| 0x0D
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| Yes
| No
|-
|-
| 0x11
| 0x11
| This is used for general normal-key crypto, where the normal-key is set by FIRM. This keyslot is also used by the New3DS [[FIRM]] arm9 binary loader.
| This is used for general normal-key crypto, where the normal-key is set by FIRM. This keyslot is also used by the New3DS [[FIRM]] arm9 binary loader.
| No
| Yes, when using this keyslot
|-
| 0x12
| Unused?
| No
| No
|-
|-
| 0x14
| 0x14
| Starting with [[5.0.0-11]], NATIVE_FIRM Process9 now sets the keyY for this to the same one it uses for initializing 3 of the keyslots' keyYs from [[PSPXI:EncryptDecryptAes|here]].
| Starting with [[5.0.0-11]], NATIVE_FIRM Process9 now sets the keyY for this to the same one it uses for initializing 3 of the keyslots' keyYs from [[PSPXI:EncryptDecryptAes|here]].
| Yes
| See description
|-
|-
| 0x20..0x23
| 0x20..0x23
| All of these keyslots(initialized by bootrom) are set to the same key-data. These seem to be set to a regular normal-key?
| All of these keyslots(initialized by bootrom) are set to the same key-data. These seem to be set to a regular normal-key?
| Yes
| No
|-
|-
| 0x25
| 0x25
| The keyX and keyY initialized by bootrom for this keyslot are console-unique. This keyslot is used for the [[7.0.0-13|v7.0]] [[NCCH]] encryption, the keyX is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. The keyY/CTR used for this keyslot is the same as keyslot 0x2C.
| The keyX and keyY initialized by bootrom for this keyslot are console-unique. This keyslot is used for the [[7.0.0-13|v7.0]] [[NCCH]] encryption, the keyX is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. The keyY/CTR used for this keyslot is the same as keyslot 0x2C.
|
| See description
|-
| 0x26
| Unused?
| No
| No
|-
|-
| 0x2C
| 0x2C
| Used to decrypt [[NCCH|NCCH]], the keyY is set by Process9(see [[NCCH|here]] regarding the keyY). Keyslots 0x2C..0x2F all use the same keyX, set by bootrom.
| Used to decrypt [[NCCH|NCCH]], the keyY is set by Process9(see [[NCCH|here]] regarding the keyY). Keyslots 0x2C..0x2F all use the same keyX, set by bootrom.
| Yes
| Yes
|-
|-
| 0x2D
| 0x2D
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| Yes
| No
|-
|-
| 0x2E
| 0x2E
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyY is set by NATIVE_FIRM.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyY is set by NATIVE_FIRM.
| Yes
| Yes
|-
|-
| 0x2F
| 0x2F
| Initially this keyslot has the same keyY as keyslot 0x2D, initialized by bootrom. This keyY is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. This is the keyslot used for calculating v6.0 gamecard savegames' keyYs.
| Initially this keyslot has the same keyY as keyslot 0x2D, initialized by bootrom. This keyY is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. This is the keyslot used for calculating v6.0 gamecard savegames' keyYs.
| Yes
| See description
|-
|-
| 0x31
| 0x31
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| Yes
| Yes
|-
|-
| 0x32
| 0x32
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x31.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x31.
| Yes
| No
|-
|-
| 0x34-0x37
| 0x34-0x37
| All four of these keyslots use the same keyX. Keyslots 0x35/0x36 use the same keyY, see [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]] for keyslot 0x36.
| All four of these keyslots use the same keyX. Keyslots 0x35/0x36 use the same keyY, see [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]] for keyslot 0x36.
| Yes
| Only for keyslot 0x37
|-
|-
| 0x38
| 0x38
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| Yes
| No
|-
|-
| 0x39
| 0x39
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x38. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x38. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| Yes
| Yes
|-
|-
| 0x3D
| 0x3D
| This keyslot uses keyY. Used to decrypt title keys in [[Ticket]]. Used by Gateway.
| This keyslot uses keyY. Used to decrypt title keys in [[Ticket]]. Used by Gateway.
| Yes
| Yes
|-
|-
| 0x3E
| 0x3E
| This keyslot uses an unique keyX/keyY.
| This keyslot uses an unique keyX/keyY.
|
| No
|-
|-
| 0x3F
| 0x3F
| This keyslot uses an unique keyX/keyY.
| This keyslot uses an unique keyX/keyY.
|
| No
|}
|}
=== keyX ===
=== keyX ===
The ARM9 bootrom initializes the keyX for each 3DS keyslot, the ARM9 bootrom also initializes the keyY for the keyslots where NATIVE_FIRM doesn't set the keyY. In certain cases Process9 may also set the keyX.
The ARM9 bootrom initializes the keyX for certain 3DS keyslots, the ARM9 bootrom may also initialize the keyY for certain keyslots. In certain cases Process9 may also set the keyX.
=== Hardware key generator ===
=== Hardware key generator ===
=== FIRM-launch key clearing ===
=== FIRM-launch key clearing ===
Starting with [[9.0.0-20]] the Process9 FIRM-launch code now "clears" the following AES keyslots, with certain keydata by writing the normal-key: 0x15 and 0x18-0x20. These are the keyslots used by the New3DS [[FIRM]] arm9bin loader(minus keyslot 0x11), so the New3DS Process9 presumably does this too.
Starting with [[9.0.0-20]] the Process9 FIRM-launch code now "clears" the following AES keyslots, with certain keydata by writing the normal-key: 0x15 and 0x18-0x20. These are the keyslots used by the New3DS [[FIRM]] arm9bin loader(minus keyslot 0x11), the New3DS Process9 does this too.