Line 9: |
Line 9: |
| ! Media | | ! Media |
| ! Container format | | ! Container format |
− | ! CMAC type | + | ! [[#AES CMAC|CMAC type]] |
| ! CMAC [[AES Registers|Keyslot]] | | ! CMAC [[AES Registers|Keyslot]] |
| |- | | |- |
Line 15: |
Line 15: |
| | Gamecard | | | Gamecard |
| | DISA | | | DISA |
− | | CTR-SAV0 | + | | [[#CTR-SAV0|CTR-SAV0]] |
| | 0x19 | | | 0x19 |
| |- | | |- |
Line 21: |
Line 21: |
| | [[SD Filesystem|SD]] | | | [[SD Filesystem|SD]] |
| | DISA | | | DISA |
− | | CTR-SIGN | + | | [[#CTR-SIGN|CTR-SIGN]] |
| | 0x30 | | | 0x30 |
| |- | | |- |
Line 27: |
Line 27: |
| | [[Flash Filesystem|NAND]] | | | [[Flash Filesystem|NAND]] |
| | DISA | | | DISA |
− | | CTR-SYS0 | + | | [[#CTR-SYS0|CTR-SYS0]] |
| | 0x30 | | | 0x30 |
| |- | | |- |
Line 33: |
Line 33: |
| | [[SD Filesystem|SD]] | | | [[SD Filesystem|SD]] |
| | DIFF | | | DIFF |
− | | CTR-EXT0 | + | | [[#CTR-EXT0|CTR-EXT0]] |
| | 0x30 | | | 0x30 |
| |- | | |- |
Line 39: |
Line 39: |
| | [[Flash Filesystem|NAND]] | | | [[Flash Filesystem|NAND]] |
| | DIFF | | | DIFF |
− | | CTR-EXT0 | + | | [[#CTR-EXT0|CTR-EXT0]] |
| | 0x30 | | | 0x30 |
| |- | | |- |
Line 45: |
Line 45: |
| | [[SD Filesystem|SD]] | | | [[SD Filesystem|SD]] |
| | DIFF | | | DIFF |
− | | CTR-9DB0 | + | | [[#CTR-9DB0|CTR-9DB0]] |
| | 0x30 | | | 0x30 |
| |- | | |- |
Line 51: |
Line 51: |
| | [[Flash Filesystem|NAND]] | | | [[Flash Filesystem|NAND]] |
| | DIFF | | | DIFF |
− | | CTR-9DB0 | + | | [[#CTR-9DB0|CTR-9DB0]] |
| | 0x0B | | | 0x0B |
| |} | | |} |
Line 80: |
Line 80: |
| | | |
| == AES CMAC == | | == AES CMAC == |
| + | |
| + | The AES CMAC is located at the beginning of the DISA / DIFF image, and it is 0x10 long. the rest 0xF0 bytes before the header are unused. |
| + | |
| + | The key used for the AES CMAC is generated by the hardware key scrambler. See the keyslot it uses in the table above. |
| + | |
| + | The data being authenticated by the AES CMAC is a 0x20-byte SHA-256 hash of a data block. The data block has different content formats among CMAC types. Effectively, all types of data block contain a copy or a hash of the header, which is the start of the the rest of the verification chain, so the AES CMAC authenticates the whole save image. Each type of data block is explained below. |
| + | |
| + | === CTR-SAV0 === |
| + | |
| + | This CMAC type is used for gamecard savegames. It is 0x28-byte long. |
| + | |
| + | {| class="wikitable" border="1" |
| + | ! Offset |
| + | ! Length |
| + | ! Description |
| + | |- |
| + | | 0x00 |
| + | | 8 |
| + | | Magic "CTR-SAV0" |
| + | |- |
| + | | 0x8 |
| + | | 0x20 |
| + | | SHA-256 of the following 0x108-byte block |
| + | |- |
| + | | |
| + | |
| + | | |
| + | |
| + | | |
| + | |
| + | |- |
| + | | 0x00 |
| + | | 8 |
| + | | Magic "CTR-NOR0" |
| + | |- |
| + | | 0x08 |
| + | | 0x100 |
| + | | Copy of the DISA header |
| + | |} |
| + | |
| + | === CTR-SIGN === |
| + | |
| + | This CMAC type is used for SD savegames. It is 0x30-byte long. |
| + | |
| + | {| class="wikitable" border="1" |
| + | ! Offset |
| + | ! Length |
| + | ! Description |
| + | |- |
| + | | 0x00 |
| + | | 8 |
| + | | Magic "CTR-SIGN" |
| + | |- |
| + | | 0x08 |
| + | | 8 |
| + | | Title ID |
| + | |- |
| + | | 0x10 |
| + | | 0x20 |
| + | | SHA-256 of the following 0x108-byte block |
| + | |- |
| + | | |
| + | |
| + | | |
| + | |
| + | | |
| + | |
| + | |- |
| + | | 0x00 |
| + | | 8 |
| + | | Magic "CTR-SAV0" |
| + | |- |
| + | | 0x08 |
| + | | 0x100 |
| + | | Copy of the DISA header |
| + | |} |
| + | |
| + | === CTR-SYS0 === |
| + | |
| + | This CMAC type is used for NAND system save. It is 0x110-byte long. |
| + | |
| + | {| class="wikitable" border="1" |
| + | ! Offset |
| + | ! Length |
| + | ! Description |
| + | |- |
| + | | 0x00 |
| + | | 8 |
| + | | Magic "CTR-SYS0" |
| + | |- |
| + | | 0x08 |
| + | | 8 |
| + | | Save ID. The higher word is always zero |
| + | |- |
| + | | 0x10 |
| + | | 0x100 |
| + | | Copy of the DISA header |
| + | |} |
| + | |
| + | === CTR-EXT0 === |
| + | |
| + | This CMAC type is used for extdata. It is 0x11C-byte long. |
| + | |
| + | {| class="wikitable" border="1" |
| + | ! Offset |
| + | ! Length |
| + | ! Description |
| + | |- |
| + | | 0x00 |
| + | | 8 |
| + | | Magic "CTR-EXT0" |
| + | |- |
| + | | 0x08 |
| + | | 8 |
| + | | Extdata ID |
| + | |- |
| + | | 0x10 |
| + | | 4 |
| + | | 0 for Quota.dat, 1 otherwise |
| + | |- |
| + | | 0x14 |
| + | | 4 |
| + | | ID in the device file name. 0 for Quota.dat |
| + | |- |
| + | | 0x18 |
| + | | 4 |
| + | | ID in the device directory name that the file is in. 0 for Quota.dat |
| + | |- |
| + | | 0x1C |
| + | | 0x100 |
| + | | Copy of the DIFF header |
| + | |} |
| + | |
| + | === CTR-9DB0 === |
| + | |
| + | This CMAC type is used for title database. It is 0x10C-byte long. |
| + | |
| + | {| class="wikitable" border="1" |
| + | ! Offset |
| + | ! Length |
| + | ! Description |
| + | |- |
| + | | 0x00 |
| + | | 8 |
| + | | Magic "CTR-9DB0" |
| + | |- |
| + | | 0x08 |
| + | | 4 |
| + | | Database ID. Each .db file has its own ID |
| + | |- |
| + | | 0x0C |
| + | | 0x100 |
| + | | Copy of the DIFF header |
| + | |} |
| | | |
| == Header == | | == Header == |