1
edit
Changes
Jump to navigation
Jump to search
Line 235:
Line 235: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 243:
Line 282: − |- − | 0x1000 − | 0x200 − | InitialData Line 269:
Line 304: − + − === InitialData === Line 279:
Line 313: − + − + − + − + − + − + − + − + − + − + − + − |- − | 0x3C − | 0xC4 − | Reserved − |- − | 0x100 − | 0x100 − | NcchHeader (copy of the first NCCH header, excluding the RSA signature) + + + +
→InitialData: Fix struct being too large caused by having redundant data
| 0xCD6
| 0xCD6
| Reserved
| Reserved
|-
| 0x1000
| 0x200
| InitialData
|}
=== InitialData ===
This data is returned by [[Gamecards|16-byte cartridge command]] 0x82.
{| class="wikitable" border="1"
|-
! OFFSET
! SIZE
! DESCRIPTION
|-
| 0x00
| 0x10
| Seed (keyY used to decrypt the title key - keyX is keyslot 0x3B for production cards, or a key of all zeroes for development cards), consisting of the title ID (little-endian) followed by reserved data (normally all-zero)
|-
| 0x10
| 0x10
| TitleKey (AES-CCM encrypted)
|-
| 0x20
| 0x10
| AES-CCM MAC
|-
| 0x30
| 0xC
| AES-CCM nonce
|-
| 0x3C
| 0xC4
| Reserved (normally all-zero)
|-
| 0x100
| 0x100
| NcchHeader (copy of the first NCCH header, excluding the RSA signature)
|}
|}
! SIZE
! SIZE
! DESCRIPTION
! DESCRIPTION
|-
|-
| 0x1200
| 0x1200
The CardDeviceReserved areas have random-looking data whose purpose is unknown, other than perhaps to hide the TitleKey.
The CardDeviceReserved areas have random-looking data whose purpose is unknown, other than perhaps to hide the TitleKey.
Note that a particular flashcard vendor puts what many refer to as "private headers" here in place of actual development card information. This header is constituted by a cartridge-unique ID obtained from [[Process_Services_PXI|pxi:ps9::GetRomId]] and the title-unique cart ID (identical for all carts of the same title; can be retrieved using the NTR gamecard protocol command 0x90 or through the CTR protocol commands 0x90 or 0xA2).
Note that a particular flashcard vendor, namely Gateway, puts what many refer to as "private headers" at CardDeviceReserved1 in place of actual development card information. This header consists of:
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
|-
|-
| 0x0
| 0x0
| 0x10
| 0x40
| Seed (keyY used to decrypt the title key - keyX is keyslot 0x3B for production cards, or a key of all zeroes for development cards)
| Unique cartridge ID; only the first 0x10 bytes are meaningful, the rest are 0xff; obtainable using encrypted [[Gamecards|16-byte cartridge command]] 0xc6; the first 0x10 bytes can also be obtained in userland via [[Process_Services_PXI|pxi:ps9::GetRomId]]
|-
|-
| 0x10
| 0x40
| 0x10
| 0x4
| TitleKey (AES-CCM encrypted)
| Cartridge ID1; obtainable using 8-byte cartridge command 0x90 or 16-byte cartridge command 0xa2
|-
|-
| 0x20
| 0x44
| 0x10
| 0x4
| Mac
| Cartridge ID2; obtainable using 8-byte cartridge command 0xa0 or 16-byte cartridge command 0xa4
|-
|-
| 0x30
| 0x48
| 0xC
| 0x8
| Nonce
| Padding (all-0xff)
|}
|}
The legitimacy of the unique cartridge ID can be validated by online services.
Some dumping tools, notably GodMode9 as of 2024-05-26, erroneously always write 0x00000000 into the position of the Cartridge ID2. This is presumably because the cartridge ID2 is always zero for retail carts.
=== TestData ===
=== TestData ===