Nand/private/movable.sed
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | Magic "SEED" |
0x4 | 0x4 | This u8 must be zero |
0x8 | 0x100 | RSA-2048 signature over the 0x10-byte data at 0x108 |
0x108 | 0x10 | ? |
0x118 | 0x8 | Last 8-bytes of an AES engine keyY for 3 keyslots |
This file is transferred to the destination 3DS during a System Transfer, the source 3DS then uses a new file retrieved from the shop server. This keyY is the console-unique portion of these 3 keyslots. All of the data under sdmc/Nintendo 3DS/<ID0>/<ID1> and nand/data/<ID0> use these console-unique keyslots. It's unknown where the first 8-bytes of the keyY is loaded from.
Movable.sed always exists on retail, however if this file doesn't exist the system will fall-back to using a console-unique keyY already in memory. Therefore, movable.sed presumably doesn't exist on development units.
The keyY is hashed with SHA256, the first 0x10-bytes from the hash is used for ID0 in sdmc/Nintendo 3DS/<ID0>/<ID1> and nand/data/<ID0>.