Difference between revisions of "Process Services PXI"
| Line 89: | Line 89: | ||
=Command 0x04030044= | =Command 0x04030044= | ||
| − | This is used for the actual [[Amiibo]] AES crypto, max input buffer size is same as command 0x04010084. | + | This is used for the actual [[Amiibo]] AES crypto, max input buffer size is same as command 0x04010084. AES-CTR is used here. Normal-key = generated_amiibodata+0x0, CTR = generated_amiibodata+0x10(see command 0x04010084 regarding generated_amiibodata). |
=Command 0x04040044= | =Command 0x04040044= | ||
Similar to 0x04030044, except this is devunit-only with dev-only keys. | Similar to 0x04030044, except this is devunit-only with dev-only keys. | ||
Revision as of 03:43, 15 April 2015
| Command Header | Available since system version | Description |
|---|---|---|
| 0x000100C6 | 1.0.0-0 | This crypts a raw message with RSA. |
| 0x00020284 | 1.0.0-0 | SignRsaSha256 |
| 0x00030284 | 1.0.0-0 | VerifyRsaSha256 |
| 0x000401C4 | 1.0.0-0 | EncryptDecryptAes |
| 0x00050284 | 1.0.0-0 | EncryptSignDecryptVerifyAesCcm |
| 0x00060000 | 1.0.0-0 | GetRomId. This reads 0x40-bytes from gamecard command 0xC6 (gamecard-uniqueID), and returns the first 0x10-bytes from that since the rest of the command reply is all 0xFF-bytes. |
| 0x00070000 | 1.0.0-0 | GetRomId2. The first u8 this returns is from GetRomMakerCode, the following 0x10-bytes are from encrypting the 0x10-bytes which GetRomId also returns. This is encrypted with AES-CBC, the regular normal-key and IV set by Process9 for this are loaded from the Process9 .rodata section. |
| 0x00080000 | 1.0.0-0 | GetCTRCardAutoStartupBit |
| 0x00090000 | 1.0.0-0 | GetRomMakerCode |
| 0x000A0000 | 1.0.0-0 | GetLocalFriendCodeSeed |
| 0x000B0000 | 1.0.0-0 | GetDeviceId |
| 0x000C0042 | 1.0.0-0 | GatherEntropy |
| 0x000D0042 | 1.0.0-0 | GenerateRandomBytes |
| 0x000E0042 | 1.0.0-0, removed with 2.0.0-2 | With 2.0.0-2 the system no longer handles this command at all. This was mostly the same as GenerateRandomBytes. |
| 0x04010084 | 8.1.0-0_New3DS | New_3DS-only. cmd[1] = insize, cmd[2] = outsize, cmd[3] = (insize<<8) | 0x4, cmd[4] = inbufptr, cmd[5] = (outsize<<8) | 0x14, and cmd[6] = outbufptr. |
| 0x04020082 | 8.1.0-0_New3DS | New_3DS-only. cmd[1] = insize, cmd[2] = u8 flag, cmd[3] = (insize<<8) | 0x4, cmd[4] = inbufptr. |
| 0x04030044 | 8.1.0-0_New3DS | New_3DS-only. |
| 0x04040044 | 8.1.0-0_New3DS | New_3DS-only. |
These RSA commands are an interface for using the RSA engine. The system will hang when it attempts to use a >RSA-2048 RSA bit-size with the RSA engine, since the RSA engine does not support >RSA-2048. These RSA commands have an input field specifying what RSA bit-size to use, but the RSA padding code is hard-coded to use RSA-2048.
The New3DS 0x040X commands(used for Amiibo crypto) were removed with 9.3.0-21, the code for that was moved into NFC-module.
Command 0x04010084
The input buffer size must be <=0x1E0-bytes, and the out buffer size must be >0 and <=0x20-bytes. This calculates a SHA256-HMAC over the input buffer using the current already-generated Amiibo HMAC key(generated_amiibodata+0x20), the output hash is then written to the out buffer.
Command 0x04020082
This is used for Amiibo key generation. 0x30-bytes are generated. The input buffer size must be 0x40-bytes.
Command 0x04030044
This is used for the actual Amiibo AES crypto, max input buffer size is same as command 0x04010084. AES-CTR is used here. Normal-key = generated_amiibodata+0x0, CTR = generated_amiibodata+0x10(see command 0x04010084 regarding generated_amiibodata).
Command 0x04040044
Similar to 0x04030044, except this is devunit-only with dev-only keys.