Line 6: |
Line 6: |
| |- | | |- |
| | 0 | | | 0 |
− | | Header code [0x00460002] | + | | Header code [0x00450002] |
| |- | | |- |
| | 1 | | | 1 |
− | | Always 0x00013004, for 0x130 size: (size<<8) <nowiki>|</nowiki> 4 | + | | Always 0x00013006, for 0x130 size: (size<<8) <nowiki>|</nowiki> 6 |
| |- | | |- |
| | 2 | | | 2 |
Line 37: |
Line 37: |
| | 0x0 | | | 0x0 |
| | 0x10 | | | 0x10 |
− | | AES-CCM MAC over a SHA256 hash, which hashes the first 0x110-bytes of the cleartext SEED. | + | | AES-CBC MAC over a SHA256 hash, which hashes the first 0x110-bytes of the cleartext SEED. |
| |- | | |- |
| | 0x10 | | | 0x10 |
| | 0x120 | | | 0x120 |
− | | The [[nand/private/movable.sed]], encrypted with AES-CTR using the above MAC for the counter. | + | | The [[nand/private/movable.sed]], encrypted with AES-CBC using the above MAC for the counter. |
| |} | | |} |
| | | |
| =Description= | | =Description= |
− | This decrypts the input SEED and verifies it with the input AES-CCM MAC, verifies the RSA-signature, then writes the data to [[nand/private/movable.sed]]. The nonce used for the AES-CCM MAC is all-zero. | + | This decrypts the input SEED and verifies it with the input AES-CBC MAC, verifies the RSA-signature, then writes the data to [[nand/private/movable.sed]]. |