6,264
edits
Changes
→Keyslots
Line 186:
Line 186:
! Keyslot
! Keyslot
! Description
! Description
+! Key-data initialized by ARM9 bootrom
+! Key-data initialized by Process9
|-
|-
| 0x00-0x03
| 0x00-0x03
| These are the TWL keyslots, the key-data for these can be set via the REG_AESKEY0-REG_AESKEY3 registers. These keyslots are initialized by NATIVE_FIRM. The console-unique portion of two of these keyslots are only [[CONFIG|initialized]] by NATIVE_FIRM during initial hard-boot.
| These are the TWL keyslots, the key-data for these can be set via the REG_AESKEY0-REG_AESKEY3 registers. These keyslots are initialized by NATIVE_FIRM. The console-unique portion of two of these keyslots are only [[CONFIG|initialized]] by NATIVE_FIRM during initial hard-boot.
+|
+| Yes
|-
|-
| 0x0D
| 0x0D
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
+| Yes
+| No
|-
|-
| 0x11
| 0x11
| This is used for general normal-key crypto, where the normal-key is set by FIRM. This keyslot is also used by the New3DS [[FIRM]] arm9 binary loader.
| This is used for general normal-key crypto, where the normal-key is set by FIRM. This keyslot is also used by the New3DS [[FIRM]] arm9 binary loader.
+| No
+| Yes, when using this keyslot
+|-
+| 0x12
+| Unused?
+| No
+| No
|-
|-
| 0x14
| 0x14
| Starting with [[5.0.0-11]], NATIVE_FIRM Process9 now sets the keyY for this to the same one it uses for initializing 3 of the keyslots' keyYs from [[PSPXI:EncryptDecryptAes|here]].
| Starting with [[5.0.0-11]], NATIVE_FIRM Process9 now sets the keyY for this to the same one it uses for initializing 3 of the keyslots' keyYs from [[PSPXI:EncryptDecryptAes|here]].
+| Yes
+| See description
|-
|-
| 0x20..0x23
| 0x20..0x23
| All of these keyslots(initialized by bootrom) are set to the same key-data. These seem to be set to a regular normal-key?
| All of these keyslots(initialized by bootrom) are set to the same key-data. These seem to be set to a regular normal-key?
+| Yes
+| No
|-
|-
| 0x25
| 0x25
| The keyX and keyY initialized by bootrom for this keyslot are console-unique. This keyslot is used for the [[7.0.0-13|v7.0]] [[NCCH]] encryption, the keyX is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. The keyY/CTR used for this keyslot is the same as keyslot 0x2C.
| The keyX and keyY initialized by bootrom for this keyslot are console-unique. This keyslot is used for the [[7.0.0-13|v7.0]] [[NCCH]] encryption, the keyX is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. The keyY/CTR used for this keyslot is the same as keyslot 0x2C.
+|
+| See description
+|-
+| 0x26
+| Unused?
+| No
+| No
|-
|-
| 0x2C
| 0x2C
| Used to decrypt [[NCCH|NCCH]], the keyY is set by Process9(see [[NCCH|here]] regarding the keyY). Keyslots 0x2C..0x2F all use the same keyX, set by bootrom.
| Used to decrypt [[NCCH|NCCH]], the keyY is set by Process9(see [[NCCH|here]] regarding the keyY). Keyslots 0x2C..0x2F all use the same keyX, set by bootrom.
+| Yes
+| Yes
|-
|-
| 0x2D
| 0x2D
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
+| Yes
+| No
|-
|-
| 0x2E
| 0x2E
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyY is set by NATIVE_FIRM.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyY is set by NATIVE_FIRM.
+| Yes
+| Yes
|-
|-
| 0x2F
| 0x2F
| Initially this keyslot has the same keyY as keyslot 0x2D, initialized by bootrom. This keyY is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. This is the keyslot used for calculating v6.0 gamecard savegames' keyYs.
| Initially this keyslot has the same keyY as keyslot 0x2D, initialized by bootrom. This keyY is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. This is the keyslot used for calculating v6.0 gamecard savegames' keyYs.
+| Yes
+| See description
|-
|-
| 0x31
| 0x31
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
+| Yes
+| Yes
|-
|-
| 0x32
| 0x32
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x31.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x31.
+| Yes
+| No
|-
|-
| 0x34-0x37
| 0x34-0x37
| All four of these keyslots use the same keyX. Keyslots 0x35/0x36 use the same keyY, see [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]] for keyslot 0x36.
| All four of these keyslots use the same keyX. Keyslots 0x35/0x36 use the same keyY, see [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]] for keyslot 0x36.
+| Yes
+| Only for keyslot 0x37
|-
|-
| 0x38
| 0x38
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler.
+| Yes
+| No
|-
|-
| 0x39
| 0x39
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x38. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x38. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
+| Yes
+| Yes
|-
|-
| 0x3D
| 0x3D
| This keyslot uses keyY. Used to decrypt title keys in [[Ticket]]. Used by Gateway.
| This keyslot uses keyY. Used to decrypt title keys in [[Ticket]]. Used by Gateway.
+| Yes
+| Yes
|-
|-
| 0x3E
| 0x3E
| This keyslot uses an unique keyX/keyY.
| This keyslot uses an unique keyX/keyY.
+|
+| No
|-
|-
| 0x3F
| 0x3F
| This keyslot uses an unique keyX/keyY.
| This keyslot uses an unique keyX/keyY.
+|
+| No
|}
|}
Line 252:
Line 300:
=== keyX ===
=== keyX ===
−The ARM9 bootrom initializes the keyX for each 3DS keyslot, the ARM9 bootrom also initializes the keyY for the keyslots where NATIVE_FIRM doesn't set the keyY. In certain cases Process9 may also set the keyX.
+The ARM9 bootrom initializes the keyX for certain 3DS keyslots, the ARM9 bootrom may also initialize the keyY for certain keyslots. In certain cases Process9 may also set the keyX.
=== Hardware key generator ===
=== Hardware key generator ===
Line 260:
Line 308:
=== FIRM-launch key clearing ===
=== FIRM-launch key clearing ===
−Starting with [[9.0.0-20]] the Process9 FIRM-launch code now "clears" the following AES keyslots, with certain keydata by writing the normal-key: 0x15 and 0x18-0x20. These are the keyslots used by the New3DS [[FIRM]] arm9bin loader(minus keyslot 0x11), so the New3DS Process9 presumably does this too.
+Starting with [[9.0.0-20]] the Process9 FIRM-launch code now "clears" the following AES keyslots, with certain keydata by writing the normal-key: 0x15 and 0x18-0x20. These are the keyslots used by the New3DS [[FIRM]] arm9bin loader(minus keyslot 0x11), the New3DS Process9 does this too.