Changes

3,799 bytes added ,  08:44, 5 May 2013
no edit summary
Line 19: Line 19:  
* Need for Speed - The Run 《极品飞车-亡命狂飙》
 
* Need for Speed - The Run 《极品飞车-亡命狂飙》
   −
'''一些信息:'''
+
'''一些信息(原文已无此段):'''
 
* 旧游戏仍使用0x200字节的异或加密方式。
 
* 旧游戏仍使用0x200字节的异或加密方式。
* 新游戏存档可以被备份和再储存(同样的密钥将被一个个存档使用)。New games saves can be backed-up and restored (same key is used from one save to another).
+
* 新游戏存档可以被备份和再储存(同样的密钥将被一个个存档使用)。
 
* (wearleveling) 没有变化。
 
* (wearleveling) 没有变化。
 
* 对两个文件使用异或将产生一些明文。
 
* 对两个文件使用异或将产生一些明文。
Line 71: Line 71:  
* 每个 byte 是一个 0x200 大小加密的块的验校和
 
* 每个 byte 是一个 0x200 大小加密的块的验校和
 
* 计算一个块的CRC16 (从 0xFFFF 开始) ,两个byte的CRC16一起进行异或运算,以产生 8bit 校验和
 
* 计算一个块的CRC16 (从 0xFFFF 开始) ,两个byte的CRC16一起进行异或运算,以产生 8bit 校验和
 +
 +
 +
=== AES MAC header ===
 +
 +
{| class="wikitable"
 +
|-
 +
! Image offset
 +
! Length
 +
! Description
 +
|-
 +
| 0x00
 +
| 0x10
 +
| [[AES]] MAC over a 0x20-byte SHA256 hash
 +
|-
 +
| 0x10
 +
| 0xF0
 +
| Zero padding
 +
|}
 +
 +
This AES MAC is used to "sign" the DISA/DIFF header. Each time the savegame is updated the hash stored in the DISA/DIFF is updated, therefore the MAC must be updated each time the save is modified as well. SHA256_Update() is used to calculate the hash with the blocks described below.
 +
 +
==== Savegame Types ====
 +
{| class="wikitable"
 +
|-
 +
! Type
 +
! Description
 +
|-
 +
| CTR-EXT0
 +
| SD/NAND [[Extdata]]
 +
|-
 +
| CTR-SYS0
 +
| [[System SaveData]]
 +
|-
 +
| CTR-NOR0
 +
| Gamecard Savegames
 +
|-
 +
| CTR-SAV0
 +
| Savegames
 +
|-
 +
| CTR-SIGN
 +
| SD Savegames
 +
|-
 +
| CTR-9DB0
 +
| [[Title_Database|Title database]] extdata images
 +
|}
 +
 +
==== Extdata SHA256 Blocks ====
 +
{| class="wikitable"
 +
|-
 +
! Block Size
 +
! Description
 +
|-
 +
| 0x8
 +
| Savegame type
 +
|-
 +
| 0x8
 +
| First word is the hex ID from image filename, second word is the hex ID of the sub-dir under the <ExtdataIDLow> directory (all-zero for Quota.dat)
 +
|-
 +
| 0x4
 +
| 1 for Quota.dat, 0 otherwise
 +
|-
 +
| 0x8
 +
| Same as the previous u64
 +
|-
 +
| 0x100
 +
| DIFF header
 +
|}
 +
 +
 +
==== System SaveData SHA256 Blocks ====
 +
{| class="wikitable"
 +
|-
 +
! Block Size
 +
! Description
 +
|-
 +
| 0x8
 +
| Savegame type
 +
|-
 +
| 0x8
 +
| [[FS:OpenFile|SaveID]]
 +
|-
 +
| 0x100
 +
| DISA header
 +
|}
 +
 +
==== CTR-NOR0 SHA256 Blocks ====
 +
{| class="wikitable"
 +
|-
 +
! Block Size
 +
! Description
 +
|-
 +
| 0x8
 +
| Savegame type
 +
|-
 +
| 0x100
 +
| DISA header
 +
|}
 +
 +
==== CTR-SAV0 SHA256 Blocks ====
 +
{| class="wikitable"
 +
|-
 +
! Block Size
 +
! Description
 +
|-
 +
| 0x8
 +
| Savegame type
 +
|-
 +
|
 +
| Input data, for gamecard savegames this is the output SHA-256 hash from CTR-NOR0.
 +
|}
 +
 +
For gamecard savegames the output hash from this is used with the MAC. This save-type is also used for SD savegames, for SD saves the input data is the 0x100-byte DISA header. For SD savegames, the calculated output hash is used with CTR-SIGN.
 +
 +
==== CTR-SIGN SHA256 Blocks ====
 +
{| class="wikitable"
 +
|-
 +
! Block Size
 +
! Description
 +
|-
 +
| 0x8
 +
| Savegame type
 +
|-
 +
| 0x8
 +
| ProgramID/SaveID
 +
|-
 +
| 0x20
 +
| SHA-256 hash from CTR-SAV0
 +
|}
 +
This is used for SD savegames, the calculated hash from this is used with the MAC.
 +
 +
==== CTR-9DB0 SHA256 Blocks ====
 +
{| class="wikitable"
 +
|-
 +
! Block Size
 +
! Description
 +
|-
 +
| 0x8
 +
| Savegame type
 +
|-
 +
| 0x4
 +
| ID, each .db image has a separate ID.
 +
|-
 +
| 0x100
 +
| DIFF header
 +
|}
 +
 +
This is used for the /[[Title_Database|dbs]] .db extdata images.
    
=== Partitions ===
 
=== Partitions ===
   −
There can be multiple partitions on the chip.  
+
There can be multiple partitions in the image.
The partitions are represented by tables of DIFI blobs inside a DISA structure.
+
The partitions are represented by tables of DIFI blobs inside a DISA/DIFF structure.
The order of the DIFI blobs is the order of the partitions in the chip.
+
The order of the DIFI blobs is the order of the partitions in the image.
   −
'''DISA'''
+
==== DISA ====
   −
* If the uint32 @ 0x168 into the image in the DISA(the low 8-bits) is non-zero, then first table is is hashed, otherwise the second DIFI table is hashed.  
+
* This is located @ 0x100 in the image, following the MAC header.
 +
* If the uint32 @ 0x68 in the DISA(the low 8-bits) is non-zero, then the secondary table is is used, otherwise the primary table is used.  
 
* If the table has more then 1 DIFI then the uint32 @ 0x168 is the offset from the DATA partition to the file base (masked with 0xFFFFFFFE).
 
* If the table has more then 1 DIFI then the uint32 @ 0x168 is the offset from the DATA partition to the file base (masked with 0xFFFFFFFE).
* At offset 0x0 in the image is a 0x10-byte MAC over the 0x100-byte DISA/DIFF, it might be AES-CCM MAC but it's unknown for certain. The following 0xf0-bytes after the MAC normally must be zero, it's unknown whether this can ever be non-zero.
      
{| class="wikitable"
 
{| class="wikitable"
Line 100: Line 247:  
| 0x08
 
| 0x08
 
| 8
 
| 8
| Partition table size
+
| Total partition entries in a table
 
|-
 
|-
 
| 0x10
 
| 0x10
 
| 8
 
| 8
| Offset to primary partition table in DISA
+
| Offset to secondary partition table
 
|-
 
|-
 
| 0x18
 
| 0x18
 
| 8
 
| 8
| Offset to secondary partition table in DISA
+
| Offset to primary partition table
 
|-
 
|-
 
| 0x20
 
| 0x20
 
| 8
 
| 8
| Partition table's length
+
| Partition table size
 
|-
 
|-
 
| 0x28
 
| 0x28
Line 155: Line 302:  
|-
 
|-
 
| 0x8C
 
| 0x8C
| 4*29
+
| 0x74
| Unknown
+
| Reserved
 
|}
 
|}
    
* The hash in the DISA hashes the Active Table (starting from tables's offset to tables's offset + table length) with SHA256.
 
* The hash in the DISA hashes the Active Table (starting from tables's offset to tables's offset + table length) with SHA256.
 +
* The partition offsets are absolute offsets in the image.
 +
* The SAVE partition offset is usually 0x1000. The SAVE/DATA partitions begins with the DPFS partitions, the relative offset for the IVFC partition data is specified by the DPFS header.
   −
* The partitions offsets points to a 0x1000 long block which isn't understood yet. The actual information starts after that block.
+
The DIFIs table at offset 0x200 in the image has 2 DIFIs when the DATA partition isn't used, 4 DIFIs otherwise. Each partition table contains the SAVE DIFI entry and optionally the DATA entry. The secondary partition table is located at offset 0x200 in the image, and the primary table follows the secondary table.
 
  −
The DIFIs table @ 0x200 (into the image) is written twice, (Meaning, if there's 4 DIFI blobs then the table is 2 DIFIs long).
  −
 
  −
The second table is for backup. The active table is mentioned at 0x13C into the image (1=First table, other=Second Table)
     −
'''DIFF'''
+
The non-active table is for backup.
   −
* This is the [[extdata]] equivalent of DISA, for extdata which use FS. DIFF is *only* used with extdata, not regular savegames.
+
==== DIFF ====
   −
* When the active-table field low 8-bits is non-zero, the primary partition is used. Otherwise, the secondary partition is used.
+
* This is the [[extdata]] equivalent of DISA, for extdata which use FS. DIFF is only used for extdata.
 +
* When the active-table field low 8-bits is non-zero, the secondary partition is used. Otherwise, the primary partition is used.
    
{| class="wikitable"
 
{| class="wikitable"
Line 189: Line 335:  
| 0x08
 
| 0x08
 
| 8
 
| 8
| Primary partition table offset
+
| Secondary partition table offset
 
|-
 
|-
 
| 0x10
 
| 0x10
 
| 8
 
| 8
| Secondary partition table offset
+
| Primary partition table offset
 
|-
 
|-
 
| 0x18
 
| 0x18
Line 200: Line 346:  
|-
 
|-
 
| 0x20
 
| 0x20
| 4
+
| 8
 
| Active table (and the offset to the filebase)
 
| Active table (and the offset to the filebase)
 
|-
 
|-
| 0x24
+
| 0x28
| 0x20
+
| 8
| Unknown
+
| File Base Size
 +
|-
 +
| 0x30
 +
| 4
 +
| Reserved0
 
|-
 
|-
 
| 0x34
 
| 0x34
Line 212: Line 362:  
|-
 
|-
 
| 0x54
 
| 0x54
| 0x1ac
+
| 0xAC
| Unknown
+
| Reserved1
 
|}
 
|}
   −
'''DIFI'''
+
==== DIFI ====
 
  −
These 0x130 large blobs describe the partitions. Every DIFI blob describes a partition. Partitions are catted together, so after the end of one partition is the beginning of the next.
     −
Actually DIFI blobs are 0x12C large because the last 4 are not used and appear 0xFFFFFFFF at the encrypted image.
+
These 0x12C-byte blobs describe the partitions. Following each partition is an unused 0xFFFFFFFF cleartext word in the raw image. Every DIFI blob describes a partition. Partitions are catted together, so after the end of one partition is the beginning of the next.
    
For most games there's only 1 partition (The SAVE partition) and some (like Asphalt 3D, Steel Diver & Lego Star Wars III) has 2 partitions.
 
For most games there's only 1 partition (The SAVE partition) and some (like Asphalt 3D, Steel Diver & Lego Star Wars III) has 2 partitions.
   −
* 2 Partitions means that the files inside the SAVE partition is on the other partition (we would call it DATA partition).
+
* 2 Partitions means that the files inside the SAVE partition is on the DATA partition.
 
+
* The DISA/DIFF headers support a maximum of 2 partitions.
* No more than 2 partitions have been seen yet (and can't be because of the DISA known structure).
      
{| class="wikitable"
 
{| class="wikitable"
Line 244: Line 391:  
| 0x08
 
| 0x08
 
| 8
 
| 8
| Offset to "IVFC" blob in DIFI (usually 0x44)
+
| Offset to "IVFC" blob in DIFI (Always 0x44)
 
|-
 
|-
 
| 0x10
 
| 0x10
Line 252: Line 399:  
| 0x18
 
| 0x18
 
| 8
 
| 8
| Offset to "DPFS" blob in DIFI (usually 0xBC)
+
| Offset to "DPFS" blob in DIFI (Always 0xBC)
 
|-
 
|-
 
| 0x20
 
| 0x20
Line 260: Line 407:  
| 0x28
 
| 0x28
 
| 8
 
| 8
| Offset to the hash in DIFI (usually 0x010C)
+
| Offset to the hash in DIFI (Always 0x10C)
 
|-
 
|-
 
| 0x30
 
| 0x30
Line 275: Line 422:  
|}
 
|}
   −
'''IVFC'''
+
==== IVFC ====
    
{| class="wikitable"
 
{| class="wikitable"
Line 292: Line 439:  
|-
 
|-
 
| 0x08
 
| 0x08
| 8
+
| 0x8
| Unknown (0x20?)
+
| Master hash size
 
|-
 
|-
 
| 0x10
 
| 0x10
| 8
+
| 0x8
| First Hash Offset
+
| Level 1 relative offset
 
|-
 
|-
 
| 0x18
 
| 0x18
| 8
+
| 0x8
| First Hash Length
+
| Level 1 hashdata size
 
|-
 
|-
 
| 0x20
 
| 0x20
| 8
+
| 0x4
| First Hash Block Size (1<<value)
+
| Level 1 block size, in log2
 +
|-
 +
| 0x24
 +
| 0x4
 +
| Reserved
 
|-
 
|-
 
| 0x28
 
| 0x28
| 8
+
| 0x8
| Second Hash Offset
+
| Level 2 relative offset
 
|-
 
|-
 
| 0x30
 
| 0x30
| 8
+
| 0x8
| Second Hash Length
+
| Level 2 hashdata size
 
|-
 
|-
 
| 0x38
 
| 0x38
| 8
+
| 0x4
| Second Hash Block Size (1<<value)
+
| Level 2 block size, in log2.
 +
|-
 +
| 0x3C
 +
| 0x4
 +
| Reserved
 
|-
 
|-
 
| 0x40
 
| 0x40
| 8
+
| 0x8
| HashTable Offset
+
| Level 3 relative offset
 
|-
 
|-
 
| 0x48
 
| 0x48
| 8
+
| 0x8
| HashTable Length
+
| Level 3 hashdata size
 
|-
 
|-
 
| 0x50
 
| 0x50
| 8
+
| 0x4
| HashTable Block Size (1<<value)
+
| Level 3 block size, in log2.
 +
|-
 +
| 0x54
 +
| 0x4
 +
| Reserved
 
|-
 
|-
 
| 0x58
 
| 0x58
 
| 8
 
| 8
| FileSystem Offset
+
| Level 4 filesystem relative offset
 
|-
 
|-
 
| 0x60
 
| 0x60
 
| 8
 
| 8
| FileSystem Length
+
| Level 4 filesystem size
 
|-
 
|-
 
| 0x68
 
| 0x68
 
| 8
 
| 8
| FileSystem Block Size (1<<value)
+
| Level 4 filesystem block size, in log2.
 
|-
 
|-
 
| 0x70
 
| 0x70
Line 349: Line 508:  
|}
 
|}
   −
* First & Second hash are not understood yet.
+
* This savegame IVFC is almost identical to the [[RomFS]] IVFC, except for the additional filesystem level. Exactly like RomFS, each level except level4 is a hash-table where each hash entry hashes the data in the next level, padded to the log2 block size.
   −
'''DPFS'''
+
==== DPFS ====
    
{| class="wikitable"
 
{| class="wikitable"
Line 369: Line 528:  
| 0x08
 
| 0x08
 
| 8
 
| 8
| Offset To First table
+
| Offset to first table
 
|-
 
|-
 
| 0x10
 
| 0x10
Line 381: Line 540:  
| 0x20
 
| 0x20
 
| 8
 
| 8
| Offset To Second table
+
| Offset to second table
 
|-
 
|-
 
| 0x28
 
| 0x28
Line 393: Line 552:  
| 0x38
 
| 0x38
 
| 8
 
| 8
| Offset to Data
+
| IVFC partition offset
 
|-
 
|-
 
| 0x40
 
| 0x40
 
| 8
 
| 8
| Data Length
+
| IVFC partition size
 
|-
 
|-
 
| 0x48
 
| 0x48
 
| 8
 
| 8
| Data block size (1<<value)
+
| IVFC partition block size (1<<value)
 
|-
 
|-
 
|}
 
|}
    
* Every block this table point to is written twice (concatenated). You can see that the offset to the next block is twice the length (except the data which always begin after 0x1000).
 
* Every block this table point to is written twice (concatenated). You can see that the offset to the next block is twice the length (except the data which always begin after 0x1000).
 +
* The offsets contained in the DPFS and IVFC are relative to the partition offset in the DISA/DIFF. The offsets from the IVFC are additionally added with the IVFC partition offset from the DPFS.
   −
The first partition's data starts at 0x2000. First comes the hashtable (usually start @ 0x40 into the partition) and then the filesystem.
+
The first partition's data usually starts at 0x2000. First comes the hashtable (usually start @ 0x40 into the partition) and then the filesystem.
   −
The hashtable entries' size is 2^x where x is the 'Hashed block size' from the IVFC block.
+
The hashtable entries' size is 2^x where x is the 'Filesystem block size' from the IVFC block.
   −
'''Hash'''
+
'''DIFI Hash'''
   −
After the DIFI,IVFC & DPFS comes a 0x20 long hash, it is unknown what it's hashing.
+
The last 0x20-bytes of the partition following the DIFI, IVFC and DPFS is a SHA256 hash. The offset to this hash is stored in the DIFI. This hashes the IVFC level 1, with the buffer which is hashed aligned to the IVFC level 1 log2 block-size.
    
'''Summary Drawing'''
 
'''Summary Drawing'''
Line 607: Line 767:  
=== Initialization ===
 
=== Initialization ===
   −
When a save FLASH contains all xFFFF blocks it's assumed uninitialized by the game cartridges and it initializes default data in place, without prompting the user.  
+
When a save FLASH contains all xFFFF blocks it's assumed uninitialized by the game cartridges and it initializes default data in place, without prompting the user. The 0xFFFFFFFF blocks are uninitialized data. When creating a non-gamecard savegame and other images/files, it's initially all 0xFFFFFFFF until it's formatted where some of the blocks are overwritten with encrypted data.
    
I got a new game SplinterCell3D-Pal and I downloaded the save and it was 128KB of 0xFF, except the first 0x10 bytes which were the letter 'Z' (uppercase) --[[User:Elisherer|Elisherer]] 22:41, 15 October 2011 (CEST)
 
I got a new game SplinterCell3D-Pal and I downloaded the save and it was 128KB of 0xFF, except the first 0x10 bytes which were the letter 'Z' (uppercase) --[[User:Elisherer|Elisherer]] 22:41, 15 October 2011 (CEST)
Line 617: Line 777:  
* From one save to another the game backups the last files that were in the partition and the entire image header in "random" locations.. --[[User:Elisherer|Elisherer]] 22:41, 15 October 2011 (CEST)
 
* From one save to another the game backups the last files that were in the partition and the entire image header in "random" locations.. --[[User:Elisherer|Elisherer]] 22:41, 15 October 2011 (CEST)
    +
=== Tools ===
 +
 +
* [https://github.com/3dshax/3ds/tree/master/3dsfuse 3dsfuse] supports reading and modifying savegames. In the mounted FUSE filesystem, the /output.sav is the raw FLASH save-image. When the save was modified, a separate tool to update the MAC must be used with /clean.sav, prior to writing output.sav to a gamecard.
 +
* [[3DSExplorer]] supports reading of savegames, it doesn't support reading the new encrypted savegames and maybe in the future it will support modifying (some of the modyfing code is already implemented).
 
[[セーブデータ|Japanese]]
 
[[セーブデータ|Japanese]]
155

edits