Changes

1,651 bytes added ,  00:01, 11 September 2022
→‎Development Card Info Header Extension: filled in a bunch of missing pieces
Line 280: Line 280:  
|  CardDeviceReserved2
 
|  CardDeviceReserved2
 
|}
 
|}
 +
 +
== Development Card Info Header Extension ==
 +
{| class="wikitable" border="1"
 +
|-
 +
!  OFFSET
 +
!  SIZE
 +
!  DESCRIPTION
 +
|-
 +
|  0x1200
 +
|  0x200
 +
|  CardDeviceReserved1
 +
|-
 +
|  0x1400
 +
|  0x10
 +
|  TitleKey
 +
|-
 +
|  0x1410
 +
|  0xF0
 +
|  CardDeviceReserved2
 +
|-
 +
|  0x1500
 +
|  0x1B00
 +
|  CardDeviceReserved3
 +
|-
 +
|  0x3000
 +
|  0x1000
 +
|  Test pattern
 +
|}
 +
 +
"TitleKey" is the decrypted version of the title key at 0x1000-0x103B ("Encrypted card seed").  This field appears to be what development--and maybe retail?--cards read to know what card encryption seed to use in the CTR protocol.
    
Note that a particular flashcard vendor puts what many refer to as "private headers" here in place of actual development card information. This header is constituted by a cartridge-unique Id obtained from [[Process_Services_PXI|pxi:ps9::GetRomId]] and the title-unique cart ID (identical for all carts of the same title; can be retrieved using the NTR gamecard protocol command 0x90 or through the CTR protocol commands 0x90 or 0xA2).
 
Note that a particular flashcard vendor puts what many refer to as "private headers" here in place of actual development card information. This header is constituted by a cartridge-unique Id obtained from [[Process_Services_PXI|pxi:ps9::GetRomId]] and the title-unique cart ID (identical for all carts of the same title; can be retrieved using the NTR gamecard protocol command 0x90 or through the CTR protocol commands 0x90 or 0xA2).
 +
 +
The CardDeviceReserved areas have random-looking data whose purpose is unknown, other than perhaps to hide the TitleKey.
 +
 +
The test pattern is the same one encountered in development DS/DSi cartridges.  Its layout is as follows:
 +
 +
{| class="wikitable" border="1"
 +
|-
 +
!  OFFSET
 +
!  SIZE
 +
!  DESCRIPTION
 +
|-
 +
|  0x3000
 +
|  8
 +
|  The bytes FF,00,FF,00,AA,55,AA,55.
 +
|-
 +
|  0x3008
 +
|  0x1F8
 +
|  An ascending byte sequence equal to the offset mod 256 (08,09,0A, ..., FE,FF,00,01, ..., FF).
 +
|-
 +
|  0x3200
 +
|  0x200
 +
|  A descending byte sequence equal to 255 minus the offset mod 256 (FF,FE,FD, ..., 00,FF,DE, ..., 00).
 +
|-
 +
|  0x3400
 +
|  0x200
 +
|  Filled with 00 bytes.
 +
|-
 +
|  0x3600
 +
|  0x200
 +
|  Filled with FF bytes.
 +
|-
 +
|  0x3800
 +
|  0x200
 +
|  Filled with 0F bytes.
 +
|-
 +
|  0x3A00
 +
|  0x200
 +
|  Filled with F0 bytes.
 +
|-
 +
|  0x3C00
 +
|  0x200
 +
|  Filled with 55 bytes.
 +
|-
 +
|  0x3E00
 +
|  0x1FF
 +
|  Filled with AA bytes.
 +
|-
 +
|  0x3FFF
 +
|  1
 +
|  The final byte is a 00.
 +
|}
 +
 +
Retail cards always return FF when attempting to read 0x1200-0x3FFF.  They probably actually have the same data as development cards, but there's no way to read it.
    
== Tools ==
 
== Tools ==
119

edits