Changes

19 bytes added ,  01:28, 10 July 2016
no edit summary
Line 94: Line 94:  
* The titlekey is decrypted by using the [[AES]] engine with the ticket common-key keyslot. The keyY is selected through an index (ticket offset 0xB1) into a plaintext array of 6 keys ("common keyYs") stored in the data section of Process9. AES-CBC mode is used where the IV is the big-endian titleID. Note that on a retail unit index0 is a retail keyY, while on a dev-unit index0 is the dev common-key which is a normal-key. (On retail for these keyYs, the hardware key-scrambler is used)
 
* The titlekey is decrypted by using the [[AES]] engine with the ticket common-key keyslot. The keyY is selected through an index (ticket offset 0xB1) into a plaintext array of 6 keys ("common keyYs") stored in the data section of Process9. AES-CBC mode is used where the IV is the big-endian titleID. Note that on a retail unit index0 is a retail keyY, while on a dev-unit index0 is the dev common-key which is a normal-key. (On retail for these keyYs, the hardware key-scrambler is used)
   −
* The titlekey is used to decrypt content downloaded from the CDN using 128-bit AES-CBC with the content index (padded with trailing zeroes) as the IV.  
+
* The titlekey is used to decrypt content downloaded from the CDN using 128-bit AES-CBC with the content index (as big endian u16, padded with trailing zeroes) as the IV.  
    
* In demos, the first u32 in the "Limits" section is 0x4, then the second u32 is the max-playcount.
 
* In demos, the first u32 in the "Limits" section is 0x4, then the second u32 is the max-playcount.
254

edits