Changes

15 bytes added ,  17:13, 7 May 2015
Line 41: Line 41:  
The key is generated using the [[AES|AES Engine]] key generator, where the keyX is set by the bootrom (see below for the keyslots) and the keyY is the first 0x10 bytes of the NCCH signature. This method of key generation is referred to as "secure-crypto".  
 
The key is generated using the [[AES|AES Engine]] key generator, where the keyX is set by the bootrom (see below for the keyslots) and the keyY is the first 0x10 bytes of the NCCH signature. This method of key generation is referred to as "secure-crypto".  
   −
Starting with [[9.6.0-24|9.6.0-X]] Process9 can now generate the NCCH keyY with the first 0x10-bytes from a SHA256 hash(when ncchflag[7] = 0x20). This hash is generated with the data <0x10-long old-method keyY><last 0x10-bytes which gets hashed during keyY generation>. This new keyY generation can only be used with [[7.0.0-13|7.0.0-X]] NCCH encryption or above.  
+
Starting with [[9.6.0-24|9.6.0-X]] Process9 can now generate the NCCH keyY with the first 0x10-bytes from a SHA256 hash (when ncchflag[7] has bitmask 0x20 set). This hash is generated with the data <0x10-long old-method keyY><last 0x10-bytes which gets hashed during keyY generation>. This new keyY generation can only be used with [[7.0.0-13|7.0.0-X]] NCCH encryption or above.  
    
If a certain NCCH flag is set, a fixed AES key is used. There are two fixed keys, one for titles which have the system category bit set (SystemFixedKey), and one for the rest ("zeros" key). These are debug keys, as they aren't nomally supported on retail systems.
 
If a certain NCCH flag is set, a fixed AES key is used. There are two fixed keys, one for titles which have the system category bit set (SystemFixedKey), and one for the rest ("zeros" key). These are debug keys, as they aren't nomally supported on retail systems.