Line 12: |
Line 12: |
| Note: While all title data found on the SD Card is encrypted with the console-unique [[nand/private/movable.sed|keyslots]], it is not known whether title data on the NAND has additional encryption. | | Note: While all title data found on the SD Card is encrypted with the console-unique [[nand/private/movable.sed|keyslots]], it is not known whether title data on the NAND has additional encryption. |
| | | |
− | The base CTR for files stored under /title is likely based on the /title path, similar to extdata. This base CTR is unique per titleID and contentID/filename. | + | The base CTR for files stored under /title is likely based on the /title path, similar to extdata. This base CTR is unique per titleID and filename. The base CTR never changes after creation of each file. |
| | | |
| And the title data is contained in this directory structure: | | And the title data is contained in this directory structure: |
Line 86: |
Line 86: |
| | | |
| | | |
− | "'''XXXXXXXX.cmd'''" - (file name starts with 00000001.cmd and increases with an increment of "1" for each title version the 3DS is introduced to) This file contains data taken from the title's [[TMD]] during install. The data includes the title ID, file names and hashes (possibly sizes as well) of the .app files to prevent tampering. This file appears to be signed(or contains a hash of itself), and keeps a record of its true file name(alternatively it could store the title version, which can be used to determine its true file name). In addition it is also encrypted with a console-unique [[AES|keyslot]]. This acts as part of the DRM for installed titles, along with the [[Title Database|import.db and title.db]] | + | "'''XXXXXXXX.cmd'''" - (file name starts with 00000001.cmd and increases with an increment of "1" for each title version the 3DS is introduced to) This file contains data taken from the title's [[TMD]] during install. See the below table for the format of the cleartext .cmd file. [[Title Database|Title.db]] likely contains a hash over this .cmd file, title.db also likely contains the ID for the .cmd filename. In addition it is also encrypted with a console-unique [[AES|keyslot]]. This acts as part of the DRM for installed titles, along with the [[Title Database|title.db]]. |
| | | |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Offset |
| + | ! Size |
| + | ! Description |
| + | |- |
| + | | 0x0 |
| + | | 0x20 |
| + | | Header, for TWL .cmd the first 3 words are value 1, the rest of the header is all-zero. |
| + | |- |
| + | | 0x20 |
| + | | 0x18 |
| + | | Entries for each content begin here with size 0x18 for each entry, entry size is 0x8 for TWL. |
| + | |} |
| + | |
| + | Entries format: |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Start |
| + | ! Size |
| + | ! Description |
| + | |- |
| + | | 0x0 |
| + | | 0x4 |
| + | | Unknown, zero for TWL |
| + | |- |
| + | | 0x0 |
| + | | 0x4 |
| + | | Unknown, zero for TWL |
| + | |- |
| + | | 0x8 |
| + | | 0x10 |
| + | | AES-CBC MAC over data in the NCCH content? |
| + | |} |
| | | |
− | '''"00000001.sav"''' - This is the title's encrypted savegame. Although these saves look similar to FLASH savegames, these savegames use proper unique CTR for each AES block in the file, and the CTR properly changes for each savegame write. Renaming these savegames causes home-menu to hang while launching titles, modifying saves throws the usual MAC/hash corruption like gamecard flash saves. | + | '''"00000001.sav"''' - This is the title's encrypted savegame. Renaming these savegames causes home-menu to hang while launching titles, modifying these saves results in the same corruption errors as other savegames. |
| | | |
| | | |