Changes

25 bytes added ,  19:29, 7 May 2015
Line 41: Line 41:  
The key is generated using the [[AES|AES Engine]] key generator, where the keyX is set by the bootrom (see below for the keyslots) and the keyY is the first 0x10 bytes of the NCCH signature. This method of key generation is referred to as "secure-crypto".  
 
The key is generated using the [[AES|AES Engine]] key generator, where the keyX is set by the bootrom (see below for the keyslots) and the keyY is the first 0x10 bytes of the NCCH signature. This method of key generation is referred to as "secure-crypto".  
   −
Starting with [[9.6.0-24|9.6.0-X]] Process9 can now generate the NCCH keyY with the first 0x10-bytes from a SHA256 hash (when ncchflag[7] has bitmask 0x20 set). This hash is generated with the data <unknown 0x10-bytes><unknown 0x10-bytes>. This new keyY generation can only be used with [[7.0.0-13|7.0.0-X]] NCCH encryption or above.  
+
Starting with [[9.6.0-24|9.6.0-X]] Process9 can now generate the NCCH keyY with the first 0x10-bytes from a SHA256 hash (when ncchflag[7] has bitmask 0x20 set). This hash is generated with the data <first 0x10-bytes from NCCH header signature><unknown 0x10-bytes>. This new keyY generation can only be used with [[7.0.0-13|7.0.0-X]] NCCH encryption or above.  
    
If a certain NCCH flag is set, a fixed AES key is used. There are two fixed keys, one for titles which have the system category bit set (SystemFixedKey), and one for the rest ("zeros" key). These are debug keys, as they aren't nomally supported on retail systems.
 
If a certain NCCH flag is set, a fixed AES key is used. There are two fixed keys, one for titles which have the system category bit set (SystemFixedKey), and one for the rest ("zeros" key). These are debug keys, as they aren't nomally supported on retail systems.