Process Services PXI
Process Services PXI "pxi:ps9"
|Command Header||Available since system version||Description|
|0x000100C6||1.0.0-0||This crypts a raw message with RSA.|
|0x00060000||1.0.0-0||GetRomId. This reads 0x40-bytes from gamecard command 0xC6 (gamecard-uniqueID), and returns the first 0x10-bytes from that since the rest of the command reply is all 0xFF-bytes.|
|0x00070000||1.0.0-0||GetRomId2. The first u8 this returns is from GetRomMakerCode, the following 0x10-bytes are from encrypting the 0x10-bytes which GetRomId also returns. This is encrypted with AES-CBC, the regular normal-key and IV set by Process9 for this are loaded from the Process9 .rodata section.|
|0x000E0042||1.0.0-0, removed with 2.0.0-2||With 2.0.0-2 the system no longer handles this command at all. This was mostly the same as GenerateRandomBytes.|
|0x04010084||8.1.0-0_New3DS||New_3DS-only. cmd = insize, cmd = outsize, cmd = (insize<<8) | 0x4, cmd = inbufptr, cmd = (outsize<<8) | 0x14, and cmd = outbufptr.|
|0x04020082||8.1.0-0_New3DS||New_3DS-only. cmd = insize, cmd = u8 flag, cmd = (insize<<8) | 0x4, cmd = inbufptr.|
These RSA commands are an interface for using the RSA engine. The system will hang when it attempts to use a >RSA-2048 RSA bit-size with the RSA engine, since the RSA engine does not support >RSA-2048. These RSA commands have an input field specifying what RSA bit-size to use, but the RSA padding code is hard-coded to use RSA-2048.
The input buffer size must be <=0x1E0-bytes, and the out buffer size must be >0 and <=0x20-bytes. This calculates a SHA256-HMAC over the input buffer using the current already-generated Amiibo HMAC key(generated_amiibodata+0x20), the output hash is then written to the out buffer.
This is used for Amiibo key generation. 0x30-bytes are generated. The input buffer size must be 0x40-bytes.
The input u8 must be either zero or non-zero, the used value varies depending on what crypto(AES/HMAC) operation is done after the crypto init.
Structure of the input buffer:
|0x0||0x2||This is the raw Amiibo-write counter u16 from page byte1.|
|0x10||0x8||This is the first 8-bytes of the NFC tag serial-number(page0-1).|
|0x18||0x8||Same 8-bytes as above.|
|0x20||0x20||This is the plaintext hash from NFC tag page[0x18], which is the hash listed under the page 0x15 section here.|
This is used for the actual Amiibo AES crypto, max input buffer size is same as command 0x04010084. AES-CTR is used here. Normal-key = generated_amiibodata+0x0, CTR = generated_amiibodata+0x10(see command 0x04010084 regarding generated_amiibodata).
Similar to 0x04030044, except this is devunit-only with dev-only keys.