Difference between revisions of "DSiWare Exports"

From 3dbrew
Jump to navigation Jump to search
 
(26 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
The DSiWare exported from a 3DS is located at "[[SD_Filesystem|sdmc]]:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as [http://dsibrew.org/wiki/Tad DSi]: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.
 
The DSiWare exported from a 3DS is located at "[[SD_Filesystem|sdmc]]:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as [http://dsibrew.org/wiki/Tad DSi]: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.
  
DSiWare exported from 3DS use [[Nand/private/movable.sed|keyslots]] initialized by movable.sed. Each section is encrypted with AES-CBC.
+
DSiWare exported from 3DS use console-unique [[Nand/private/movable.sed|keyslots]] initialized by movable.sed. Each section is encrypted with AES-CBC.
 +
 
 +
The content sections are ordered the same way as DSi: TMD, SRL from content0, <content1-7 for format v2>, public.sav, and banner.sav when banner.sav exists. When the DSiWare export type is 7-11, the 12th content section is the private.sav, if it exists.(ContentX here is the .app data from TWL-NAND /title)
 +
 
 +
=DSiWare Export Types=
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Value
 +
!  Format version
 +
!  Description
 +
|-
 +
| 0-6
 +
|
 +
| Same as value 14.
 +
|-
 +
| 7-11
 +
| v2
 +
| 12 content sections
 +
|-
 +
| 12
 +
| v2
 +
| 4 content sections
 +
|-
 +
| 13
 +
| v1
 +
| 4 content sections
 +
|-
 +
| 14
 +
| v2
 +
| 11 content sections
 +
|}
 +
 
 +
For NATIVE_FIRM versions where this DSiWare export [[AM:ExportDSiWare|type]] field is unused, format version v1 is used with 4 content sections. Otherwise when this field is used, see the above table. [[System Settings]] uses type 1 for [[AM:ExportDSiWare|exporting]] DSiWare, regardless of the System Settings title-version.
  
 
=Block Metadata=
 
=Block Metadata=
Line 12: Line 44:
 
| 0x0
 
| 0x0
 
| 0x10
 
| 0x10
| AES MAC
+
| AES MAC over a SHA-256 hash
 
|-
 
|-
 
| 0x10
 
| 0x10
 
| 0x10
 
| 0x10
| IV, generated by the RNG.
+
| IV, generated by the [[PSPXI:GenerateRandomBytes|RNG]].
 
|}
 
|}
  
Each section begins with the actual encrypted data, followed by this block metadata.
+
Each section begins with the payload encrypted data, followed by this block metadata. The SHA-256 hash used for the MAC is calculated over the cleartext payload. This hash used for generating the MAC is also stored in the footer.
 +
 
 +
=Footer=
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Offset
 +
!  Size
 +
!  Description
 +
|-
 +
| 0x0
 +
| X
 +
| SHA-256 hashes over the banner, header, and content sections. When a content section doesn't exist, the corresponding hash here is uninitialized.
 +
|-
 +
| 0x0 + X
 +
| 0x3C
 +
| ECDSA signature using SHA-256 over the previous hashes, signed by the APCert.
 +
|-
 +
| 0x3C + X
 +
| 0x180
 +
| ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the below [[CTCert]], where X is [[PSPXI:GenerateRandomBytes|random]] lowercase ASCII hex data.
 +
|-
 +
| 0x1BC + X
 +
| 0x180
 +
| ECDSA [[CTCert]]
 +
|-
 +
| 0x33C + X
 +
| 0x4
 +
| Uninitialized padding.
 +
|}
 +
 
 +
These hashes are the same hashes used for generating each section's MAC stored in the metadata block. X = 0x40 + totalcontentsections*0x20.
 +
 
 +
The curve sect233r1 is used for all related ECDSA signing operations
  
 
=File Structure v1=
 
=File Structure v1=
Line 37: Line 101:
 
|-
 
|-
 
| 0x40E0
 
| 0x40E0
| 0x420
+
| 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer.
 
| Footer section
 
| Footer section
 
|-
 
|-
| 0x4500
+
| 0x40E0 + footer_size
 
|  
 
|  
| Data for the 4 content sections are stored here.
+
| Content sections
 
|}
 
|}
  
Line 57: Line 121:
 
|-
 
|-
 
| 0x4
 
| 0x4
| 0x4
+
| 0x2
| Normally zero?
+
| Byte-swapped groupID from the TWL [[TMD]].
 +
|-
 +
| 0x6
 +
| 0x2
 +
| Byte-swapped title version from the TWL [[TMD]].
 
|-
 
|-
 
| 0x8
 
| 0x8
| 0x30
+
| 0x20
| Unknown
+
| SHA-256 hash [[AMPXI:ValidateDSiWareMovableSedHash|calculated]] over the encrypted movable.sed.
 +
|-
 +
| 0x28
 +
| 0x10
 +
| Encrypted AES block from [[AES|encrypting]] an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
 
|-
 
|-
 
| 0x38
 
| 0x38
 
| 0x8
 
| 0x8
| TWL TitleID for the exported title.
+
| Byte-swapped titleID from the TWL [[TMD]].
 
|-
 
|-
 
| 0x40
 
| 0x40
| 0x60
+
| 0x8
 
| ?
 
| ?
|}
 
 
==Footer==
 
{| class="wikitable" border="1"
 
 
|-
 
|-
!  Offset
+
| 0x48
!  Size
+
| 0x10
!  Description
+
| u32 payload sizes for the 4 content sections.
 
|-
 
|-
| 0x0
+
| 0x58
| 0xC0
+
| 0x4
 
| ?
 
| ?
 
|-
 
|-
| 0xC0
+
| 0x5C
| 0x3C
+
| 0x3E
| ECDSA signature over the previous data, signed by the AP cert?
+
| Data from the TWL [[TMD]] reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
|-
 
| 0xFC
 
| 0x180
 
| ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the [[CTCert]], where X is random lowercase ASCII hex data.
 
|-
 
| 0x27C
 
| 0x180
 
| ECDSA [[CTCert]]
 
 
|-
 
|-
| 0x3FC
+
| 0x9A
| 0x4
+
| 0x6
| Uninitialized padding.
+
| Padding?
 
|}
 
|}
  
Line 113: Line 173:
 
|-
 
|-
 
| 0x4020
 
| 0x4020
| 0xC0
+
| 0x110
 
| Header section
 
| Header section
 
|-
 
|-
| 0x40E0
+
| 0x4130
| ?
+
| 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer.
 
| Footer section
 
| Footer section
 
|-
 
|-
 +
| 0x4130 + footer_size
 
|  
 
|  
|  
+
| Content sections
| Data for the 4 content sections are stored here.
 
 
|}
 
|}
  
Line 134: Line 194:
 
| 0x0
 
| 0x0
 
| 0x4
 
| 0x4
| Magic number possibly?
+
| Magic number 0x54444633, "3FDT".
 
|-
 
|-
 
| 0x4
 
| 0x4
| 0x4
+
| 0x2
| ?
+
| Byte-swapped groupID from the TWL [[TMD]].
 +
|-
 +
| 0x6
 +
| 0x2
 +
| Byte-swapped title version from the TWL [[TMD]].
 
|-
 
|-
 
| 0x8
 
| 0x8
| 0x38
+
| 0x20
| Unknown
+
| SHA-256 hash [[AMPXI:ValidateDSiWareMovableSedHash|calculated]] over the encrypted movable.sed.
 +
|-
 +
| 0x28
 +
| 0x10
 +
| Encrypted AES block from [[AES|encrypting]] an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
 
|-
 
|-
 
| 0x38
 
| 0x38
 
| 0x8
 
| 0x8
| TWL TitleID for the exported title.
+
| Byte-swapped titleID from the TWL [[TMD]].
 
|-
 
|-
 
| 0x40
 
| 0x40
| 0x60
+
| 0x8
 
| ?
 
| ?
|}
 
 
==Footer==
 
{| class="wikitable" border="1"
 
 
|-
 
|-
!  Offset
+
| 0x48
!  Size
+
| 0x2C
!  Description
+
| u32 payload sizes for the 11 content sections.
 
|-
 
|-
| 0x0
+
| 0x74
| 0xD0
+
| 0x30
 
| ?
 
| ?
 
|-
 
|-
| 0xD0
+
| 0xA4
| 0xE0
+
| 0x3E
| Normally all-zero?
+
| Data from the TWL [[TMD]] reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
|-
 
| 0x1B0
 
| 0x20
 
| SHA256 hash?
 
|-
 
| 0x1D0
 
| 0x20
 
| Normally all-zero?
 
|-
 
| 0x1F0
 
| 0x3C
 
| ECDSA signature over the previous data, signed by the AP cert?
 
|-
 
| 0x22C
 
| 0x180
 
| ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the [[CTCert]], where X is random lowercase ASCII hex data.
 
 
|-
 
|-
| 0x3AC
+
| 0xE2
| 0x54
+
| 0x0E
| ECDSA certificate, the last 0x14-bytes here are all-zero.
+
| Padding?
 
|}
 
|}

Latest revision as of 19:56, 8 September 2018

The DSiWare exported from a 3DS is located at "sdmc:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as DSi: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.

DSiWare exported from 3DS use console-unique keyslots initialized by movable.sed. Each section is encrypted with AES-CBC.

The content sections are ordered the same way as DSi: TMD, SRL from content0, <content1-7 for format v2>, public.sav, and banner.sav when banner.sav exists. When the DSiWare export type is 7-11, the 12th content section is the private.sav, if it exists.(ContentX here is the .app data from TWL-NAND /title)

DSiWare Export Types[edit]

Value Format version Description
0-6 Same as value 14.
7-11 v2 12 content sections
12 v2 4 content sections
13 v1 4 content sections
14 v2 11 content sections

For NATIVE_FIRM versions where this DSiWare export type field is unused, format version v1 is used with 4 content sections. Otherwise when this field is used, see the above table. System Settings uses type 1 for exporting DSiWare, regardless of the System Settings title-version.

Block Metadata[edit]

Offset Size Description
0x0 0x10 AES MAC over a SHA-256 hash
0x10 0x10 IV, generated by the RNG.

Each section begins with the payload encrypted data, followed by this block metadata. The SHA-256 hash used for the MAC is calculated over the cleartext payload. This hash used for generating the MAC is also stored in the footer.

Footer[edit]

Offset Size Description
0x0 X SHA-256 hashes over the banner, header, and content sections. When a content section doesn't exist, the corresponding hash here is uninitialized.
0x0 + X 0x3C ECDSA signature using SHA-256 over the previous hashes, signed by the APCert.
0x3C + X 0x180 ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the below CTCert, where X is random lowercase ASCII hex data.
0x1BC + X 0x180 ECDSA CTCert
0x33C + X 0x4 Uninitialized padding.

These hashes are the same hashes used for generating each section's MAC stored in the metadata block. X = 0x40 + totalcontentsections*0x20.

The curve sect233r1 is used for all related ECDSA signing operations

File Structure v1[edit]

Offset Size Description
0x0 0x4020 Banner section
0x4020 0xC0 Header section
0x40E0 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer. Footer section
0x40E0 + footer_size Content sections

Header[edit]

Offset Size Description
0x0 0x4 Magic number 0x54444633, "3FDT".
0x4 0x2 Byte-swapped groupID from the TWL TMD.
0x6 0x2 Byte-swapped title version from the TWL TMD.
0x8 0x20 SHA-256 hash calculated over the encrypted movable.sed.
0x28 0x10 Encrypted AES block from encrypting an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
0x38 0x8 Byte-swapped titleID from the TWL TMD.
0x40 0x8 ?
0x48 0x10 u32 payload sizes for the 4 content sections.
0x58 0x4 ?
0x5C 0x3E Data from the TWL TMD reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
0x9A 0x6 Padding?

File Structure v2[edit]

Offset Size Description
0x0 0x4020 Banner section
0x4020 0x110 Header section
0x4130 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer. Footer section
0x4130 + footer_size Content sections

Header[edit]

Offset Size Description
0x0 0x4 Magic number 0x54444633, "3FDT".
0x4 0x2 Byte-swapped groupID from the TWL TMD.
0x6 0x2 Byte-swapped title version from the TWL TMD.
0x8 0x20 SHA-256 hash calculated over the encrypted movable.sed.
0x28 0x10 Encrypted AES block from encrypting an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
0x38 0x8 Byte-swapped titleID from the TWL TMD.
0x40 0x8 ?
0x48 0x2C u32 payload sizes for the 11 content sections.
0x74 0x30 ?
0xA4 0x3E Data from the TWL TMD reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
0xE2 0x0E Padding?