Changes

784 bytes added ,  01:05, 26 June 2013
no edit summary
Line 4: Line 4:  
=== Savegame Encryption ===
 
=== Savegame Encryption ===
    +
==== Repeating CTR Fail ====
 
On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plain-text but on the 3DS a layer of encryption was added. This is AES-CTR, as the contents of several savegames exhibit the odd behavior that xor-ing certain parts of the savegame together will result in the plain-text appearing.
 
On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plain-text but on the 3DS a layer of encryption was added. This is AES-CTR, as the contents of several savegames exhibit the odd behavior that xor-ing certain parts of the savegame together will result in the plain-text appearing.
   Line 10: Line 11:  
So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
 
So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
   −
All gamecard and SD savegames are encrypted with AES-CTR. The gamecard savegame [[AES|keyslot]] keyY is unique for every region of each game. A flag stored in the [[NCSD]] determines the method used to generate this keyY. This same flag is also used for determining which CTR method is used as well. The keyY when the flag is clear is generated from data stored in the main [[NCCH#CXI|CXI]], and data retrieved from gamecard commands. When the flag is set, a hash is generated for the keyY over the data from the CXI, and an ID retrieved from a gamecard command. The base CTR for gamecard savegames is all-zero. SD savegames use a CTR where the base CTR is fixed per savegame, however the CTR doesn't repeat in the image.
+
==== Savegame keyY ====
   −
With system version [[2.2.0-4]] the system can now use a different gamecard CTR method, which fixed the above flaw. With [[2.2.0-4]] the system checks a [[NCSD]] flag, when it's set the new CTR method is used, otherwise the 0x200-byte CTR period is used. All games released since [[2.2.0-4]] have this flag set. When this flag is set the CTR doesn't repeat within the image at all.
+
All gamecard and SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The gamecard savegame [[AES|keyslot]] keyY is unique for every region of each game. The [[NCSD]] partition flags determine the method used to generate this keyY. When the save [[NCSD]] flags checked by the running NATIVE_FIRM are all-zero, the system will use the repeating CTR, otherwise a proper CTR which never repeats within the image is used. When all of the flags checked by the running NATIVE_FIRM are clear, the keyY is a 8-byte block decrypted from the main [[NCCH#CXI|CXI]] + two u32 IDs read from gamecard commands.
 +
 
 +
===== [[2.2.0-4]] Savegame Encryption =====
 +
 
 +
When [[NCSD]] partition flag[3] or flag[7] are set, a SHA-256 hash is calculated over the data from the CXI(same data used with the original plain keyY), and an ID read from a gamecard command. The first 0x10-bytes from this hash is used for the keyY. When flag[7] is set(normally this is the only save flag set for [[2.2.0-4]] save encryption), the CTR will never repeat within the save image, unlike the original CTR-method. All games which had the retail NCSD image finalized after the [[2.2.0-4]] update(and contain [[2.2.0-4]]+ in the [[System Update CFA|System update partition]]), use this encryption method.
 +
 
 +
This keyY generation was supported before [[2.2.0-4]], however the proper CTR wasn't implemented until [[2.2.0-4]].
 +
 
 +
===== [[6.0.0-11]] Savegame keyY =====
 +
 
 +
[[6.0.0-11]] implemented support for generating the savegame keyY with a new method, this method is much more secure than previous keyY methods. This is enabled via a new [[NCSD]] partition flag, all retail games which have the NCSD image finalized after the [[6.0.0-11]] release(and [[6.0.0-11]]+ in the system update partition) will have that flag set for using this new method.
    
=== Wear leveling ===
 
=== Wear leveling ===