Difference between revisions of "DSiWare Exports"

From 3dbrew
Jump to navigation Jump to search
 
(21 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
The DSiWare exported from a 3DS is located at "[[SD_Filesystem|sdmc]]:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as [http://dsibrew.org/wiki/Tad DSi]: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.
 
The DSiWare exported from a 3DS is located at "[[SD_Filesystem|sdmc]]:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as [http://dsibrew.org/wiki/Tad DSi]: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.
  
DSiWare exported from 3DS use [[Nand/private/movable.sed|keyslots]] initialized by movable.sed. Each section is encrypted with AES-CBC.
+
DSiWare exported from 3DS use console-unique [[Nand/private/movable.sed|keyslots]] initialized by movable.sed. Each section is encrypted with AES-CBC.
 +
 
 +
The content sections are ordered the same way as DSi: TMD, SRL from content0, <content1-7 for format v2>, public.sav, and banner.sav when banner.sav exists. When the DSiWare export type is 7-11, the 12th content section is the private.sav, if it exists.(ContentX here is the .app data from TWL-NAND /title)
 +
 
 +
=DSiWare Export Types=
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Value
 +
!  Format version
 +
!  Description
 +
|-
 +
| 0-6
 +
|
 +
| Same as value 14.
 +
|-
 +
| 7-11
 +
| v2
 +
| 12 content sections
 +
|-
 +
| 12
 +
| v2
 +
| 4 content sections
 +
|-
 +
| 13
 +
| v1
 +
| 4 content sections
 +
|-
 +
| 14
 +
| v2
 +
| 11 content sections
 +
|}
 +
 
 +
For NATIVE_FIRM versions where this DSiWare export [[AM:ExportDSiWare|type]] field is unused, format version v1 is used with 4 content sections. Otherwise when this field is used, see the above table. [[System Settings]] uses type 1 for [[AM:ExportDSiWare|exporting]] DSiWare, regardless of the System Settings title-version.
  
 
=Block Metadata=
 
=Block Metadata=
Line 16: Line 48:
 
| 0x10
 
| 0x10
 
| 0x10
 
| 0x10
| IV, generated by the RNG.
+
| IV, generated by the [[PSPXI:GenerateRandomBytes|RNG]].
 
|}
 
|}
  
Each section begins with the payload encrypted data, followed by this block metadata. The hash used for the MAC is calculated over the the cleartext payload, this hash is calculated the same way as the section hashes stored in the footer.
+
Each section begins with the payload encrypted data, followed by this block metadata. The SHA-256 hash used for the MAC is calculated over the cleartext payload. This hash used for generating the MAC is also stored in the footer.
 +
 
 +
=Footer=
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Offset
 +
!  Size
 +
!  Description
 +
|-
 +
| 0x0
 +
| X
 +
| SHA-256 hashes over the banner, header, and content sections. When a content section doesn't exist, the corresponding hash here is uninitialized.
 +
|-
 +
| 0x0 + X
 +
| 0x3C
 +
| ECDSA signature using SHA-256 over the previous hashes, signed by the APCert.
 +
|-
 +
| 0x3C + X
 +
| 0x180
 +
| ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the below [[CTCert]], where X is [[PSPXI:GenerateRandomBytes|random]] lowercase ASCII hex data.
 +
|-
 +
| 0x1BC + X
 +
| 0x180
 +
| ECDSA [[CTCert]]
 +
|-
 +
| 0x33C + X
 +
| 0x4
 +
| Uninitialized padding.
 +
|}
 +
 
 +
These hashes are the same hashes used for generating each section's MAC stored in the metadata block. X = 0x40 + totalcontentsections*0x20.
 +
 
 +
The curve sect233r1 is used for all related ECDSA signing operations
  
 
=File Structure v1=
 
=File Structure v1=
Line 37: Line 101:
 
|-
 
|-
 
| 0x40E0
 
| 0x40E0
| 0x420
+
| 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer.
 
| Footer section
 
| Footer section
 
|-
 
|-
| 0x4500
+
| 0x40E0 + footer_size
 
|  
 
|  
| Data for the 4 content sections are stored here.
+
| Content sections
 
|}
 
|}
  
Line 74: Line 138:
 
| 0x38
 
| 0x38
 
| 0x8
 
| 0x8
| TWL TitleID for the exported title.
+
| Byte-swapped titleID from the TWL [[TMD]].
 
|-
 
|-
 
| 0x40
 
| 0x40
Line 82: Line 146:
 
| 0x48
 
| 0x48
 
| 0x10
 
| 0x10
| u32 payload sizes for each content section.
+
| u32 payload sizes for the 4 content sections.
 
|-
 
|-
 
| 0x58
 
| 0x58
Line 90: Line 154:
 
| 0x5C
 
| 0x5C
 
| 0x3E
 
| 0x3E
| Data from the TWL [[TMD]] 0x3E-byte reserved section.
+
| Data from the TWL [[TMD]] reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
 
|-
 
|-
 
| 0x9A
 
| 0x9A
 
| 0x6
 
| 0x6
 
| Padding?
 
| Padding?
|}
 
 
==Footer==
 
{| class="wikitable" border="1"
 
|-
 
!  Offset
 
!  Size
 
!  Description
 
|-
 
| 0x0
 
| 0xC0
 
| SHA-256 hashes over each section, it's unknown how these are calculated.
 
|-
 
| 0xC0
 
| 0x3C
 
| ECDSA signature over the previous data, signed by the AP cert?
 
|-
 
| 0xFC
 
| 0x180
 
| ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the [[CTCert]], where X is random lowercase ASCII hex data.
 
|-
 
| 0x27C
 
| 0x180
 
| ECDSA [[CTCert]]
 
|-
 
| 0x3FC
 
| 0x4
 
| Uninitialized padding.
 
 
|}
 
|}
  
Line 137: Line 173:
 
|-
 
|-
 
| 0x4020
 
| 0x4020
| 0xC0
+
| 0x110
 
| Header section
 
| Header section
 
|-
 
|-
| 0x40E0
+
| 0x4130
| ?
+
| 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer.
 
| Footer section
 
| Footer section
 
|-
 
|-
 +
| 0x4130 + footer_size
 
|  
 
|  
|  
+
| Content sections
| Data for the 4 content sections are stored here.
 
 
|}
 
|}
  
Line 158: Line 194:
 
| 0x0
 
| 0x0
 
| 0x4
 
| 0x4
| Magic number possibly?
+
| Magic number 0x54444633, "3FDT".
 
|-
 
|-
 
| 0x4
 
| 0x4
| 0x4
+
| 0x2
| ?
+
| Byte-swapped groupID from the TWL [[TMD]].
 +
|-
 +
| 0x6
 +
| 0x2
 +
| Byte-swapped title version from the TWL [[TMD]].
 
|-
 
|-
 
| 0x8
 
| 0x8
| 0x38
+
| 0x20
| Unknown
+
| SHA-256 hash [[AMPXI:ValidateDSiWareMovableSedHash|calculated]] over the encrypted movable.sed.
 +
|-
 +
| 0x28
 +
| 0x10
 +
| Encrypted AES block from [[AES|encrypting]] an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
 
|-
 
|-
 
| 0x38
 
| 0x38
 
| 0x8
 
| 0x8
| TWL TitleID for the exported title.
+
| Byte-swapped titleID from the TWL [[TMD]].
 
|-
 
|-
 
| 0x40
 
| 0x40
| 0x60
+
| 0x8
 
| ?
 
| ?
|}
 
 
==Footer==
 
{| class="wikitable" border="1"
 
 
|-
 
|-
!  Offset
+
| 0x48
!  Size
+
| 0x2C
!  Description
+
| u32 payload sizes for the 11 content sections.
 
|-
 
|-
| 0x0
+
| 0x74
| 0xD0
+
| 0x30
 
| ?
 
| ?
 
|-
 
|-
| 0xD0
+
| 0xA4
| 0xE0
+
| 0x3E
| Normally all-zero?
+
| Data from the TWL [[TMD]] reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
 
|-
 
|-
| 0x1B0
+
| 0xE2
| 0x20
+
| 0x0E
| SHA256 hash?
+
| Padding?
|-
 
| 0x1D0
 
| 0x20
 
| Normally all-zero?
 
|-
 
| 0x1F0
 
| 0x3C
 
| ECDSA signature over the previous data, signed by the AP cert?
 
|-
 
| 0x22C
 
| 0x180
 
| ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the [[CTCert]], where X is random lowercase ASCII hex data.
 
|-
 
| 0x3AC
 
| 0x54
 
| ECDSA certificate, the last 0x14-bytes here are all-zero.
 
 
|}
 
|}

Latest revision as of 19:56, 8 September 2018

The DSiWare exported from a 3DS is located at "sdmc:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as DSi: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.

DSiWare exported from 3DS use console-unique keyslots initialized by movable.sed. Each section is encrypted with AES-CBC.

The content sections are ordered the same way as DSi: TMD, SRL from content0, <content1-7 for format v2>, public.sav, and banner.sav when banner.sav exists. When the DSiWare export type is 7-11, the 12th content section is the private.sav, if it exists.(ContentX here is the .app data from TWL-NAND /title)

DSiWare Export Types[edit]

Value Format version Description
0-6 Same as value 14.
7-11 v2 12 content sections
12 v2 4 content sections
13 v1 4 content sections
14 v2 11 content sections

For NATIVE_FIRM versions where this DSiWare export type field is unused, format version v1 is used with 4 content sections. Otherwise when this field is used, see the above table. System Settings uses type 1 for exporting DSiWare, regardless of the System Settings title-version.

Block Metadata[edit]

Offset Size Description
0x0 0x10 AES MAC over a SHA-256 hash
0x10 0x10 IV, generated by the RNG.

Each section begins with the payload encrypted data, followed by this block metadata. The SHA-256 hash used for the MAC is calculated over the cleartext payload. This hash used for generating the MAC is also stored in the footer.

Footer[edit]

Offset Size Description
0x0 X SHA-256 hashes over the banner, header, and content sections. When a content section doesn't exist, the corresponding hash here is uninitialized.
0x0 + X 0x3C ECDSA signature using SHA-256 over the previous hashes, signed by the APCert.
0x3C + X 0x180 ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the below CTCert, where X is random lowercase ASCII hex data.
0x1BC + X 0x180 ECDSA CTCert
0x33C + X 0x4 Uninitialized padding.

These hashes are the same hashes used for generating each section's MAC stored in the metadata block. X = 0x40 + totalcontentsections*0x20.

The curve sect233r1 is used for all related ECDSA signing operations

File Structure v1[edit]

Offset Size Description
0x0 0x4020 Banner section
0x4020 0xC0 Header section
0x40E0 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer. Footer section
0x40E0 + footer_size Content sections

Header[edit]

Offset Size Description
0x0 0x4 Magic number 0x54444633, "3FDT".
0x4 0x2 Byte-swapped groupID from the TWL TMD.
0x6 0x2 Byte-swapped title version from the TWL TMD.
0x8 0x20 SHA-256 hash calculated over the encrypted movable.sed.
0x28 0x10 Encrypted AES block from encrypting an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
0x38 0x8 Byte-swapped titleID from the TWL TMD.
0x40 0x8 ?
0x48 0x10 u32 payload sizes for the 4 content sections.
0x58 0x4 ?
0x5C 0x3E Data from the TWL TMD reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
0x9A 0x6 Padding?

File Structure v2[edit]

Offset Size Description
0x0 0x4020 Banner section
0x4020 0x110 Header section
0x4130 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer. Footer section
0x4130 + footer_size Content sections

Header[edit]

Offset Size Description
0x0 0x4 Magic number 0x54444633, "3FDT".
0x4 0x2 Byte-swapped groupID from the TWL TMD.
0x6 0x2 Byte-swapped title version from the TWL TMD.
0x8 0x20 SHA-256 hash calculated over the encrypted movable.sed.
0x28 0x10 Encrypted AES block from encrypting an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
0x38 0x8 Byte-swapped titleID from the TWL TMD.
0x40 0x8 ?
0x48 0x2C u32 payload sizes for the 11 content sections.
0x74 0x30 ?
0xA4 0x3E Data from the TWL TMD reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
0xE2 0x0E Padding?