6,264
edits
Changes
no edit summary
=== Encryption ===
=== Encryption ===
These files are encrypted with AES-CTR, with a per-console key. The WCHAR LowPath "/extdata/<ExtdataIDHigh>/<ExtdataIDLow>/<PathToImage>" text path is hashed with SHA-256, including the WCHAR null-terminator. A separate hash is used for Quota.dat. The base CTR seems to be then generated by XORing the calculated hash: CTRword[i] = Hashword[i] ^ Hashword[4+i].
These files are encrypted with AES-CTR. The [[AES]] engine keyslot(s) used for extdata crypto and the AES-CCM MAC has the console-unique portion of the keyslot(s) initialized from [[nand/private/movable.sed|movable.sed]].(The nonce used for the AES-CCM MAC is unknown) Both SD extdata and NAND extdata use the same AES engine keyslot(s). The WCHAR LowPath "/extdata/<ExtdataIDHigh>/<ExtdataIDLow>/<PathToImage>" text path is hashed with SHA-256, including the WCHAR null-terminator. A separate hash is used for Quota.dat. The base CTR seems to be then generated by XORing the calculated hash: CTRword[i] = Hashword[i] ^ Hashword[4+i].
The base CTR is fixed therefore the CTR never changes after each write. Thus it is possible to obtain some cleartext by XORing one file(like newly created extdata) with a newer file, where the newer file overwrote zeros in the original file with non-zero data.
The base CTR is fixed therefore the CTR never changes after each write. Thus it is possible to obtain some cleartext by XORing one file(like newly created extdata) with a newer file, where the newer file overwrote zeros in the original file with non-zero data.