Extdata: Difference between revisions

Line 8:

=== Encryption ===

These files are encrypted with AES-CTR~~, with a per~~-console ~~key~~. The WCHAR LowPath "/extdata/<ExtdataIDHigh>/<ExtdataIDLow>/<PathToImage>" text path is hashed with SHA-256, including the WCHAR null-terminator. A separate hash is used for Quota.dat. The base CTR seems to be then generated by XORing the calculated hash: CTRword[i] = Hashword[i] ^ Hashword[4+i].

These files are encrypted with AES-CTR. The [[AES]] engine keyslot(s) used for extdata crypto and the AES-CCM MAC has the console-unique portion of the keyslot(s) initialized from [[nand/private/movable.sed|movable.sed]].(The nonce used for the AES-CCM MAC is unknown) Both SD extdata and NAND extdata use the same AES engine keyslot(s). The WCHAR LowPath "/extdata/<ExtdataIDHigh>/<ExtdataIDLow>/<PathToImage>" text path is hashed with SHA-256, including the WCHAR null-terminator. A separate hash is used for Quota.dat. The base CTR seems to be then generated by XORing the calculated hash: CTRword[i] = Hashword[i] ^ Hashword[4+i].

The base CTR is fixed therefore the CTR never changes after each write. Thus it is possible to obtain some cleartext by XORing one file(like newly created extdata) with a newer file, where the newer file overwrote zeros in the original file with non-zero data.

@@ Line 8: / Line 8: @@
 === Encryption ===
-These files are encrypted with AES-CTR, with a per-console key. The WCHAR LowPath "/extdata/<ExtdataIDHigh>/<ExtdataIDLow>/<PathToImage>" text path is hashed with SHA-256, including the WCHAR null-terminator. A separate hash is used for Quota.dat. The base CTR seems to be then generated by XORing the calculated hash: CTRword[i] = Hashword[i] ^ Hashword[4+i].
+These files are encrypted with AES-CTR. The [[AES]] engine keyslot(s) used for extdata crypto and the AES-CCM MAC has the console-unique portion of the keyslot(s) initialized from [[nand/private/movable.sed|movable.sed]].(The nonce used for the AES-CCM MAC is unknown) Both SD extdata and NAND extdata use the same AES engine keyslot(s). The WCHAR LowPath "/extdata/<ExtdataIDHigh>/<ExtdataIDLow>/<PathToImage>" text path is hashed with SHA-256, including the WCHAR null-terminator. A separate hash is used for Quota.dat. The base CTR seems to be then generated by XORing the calculated hash: CTRword[i] = Hashword[i] ^ Hashword[4+i].
 The base CTR is fixed therefore the CTR never changes after each write. Thus it is possible to obtain some cleartext by XORing one file(like newly created extdata) with a newer file, where the newer file overwrote zeros in the original file with non-zero data.