Changes

Savegames (edit)

Revision as of 22:19, 22 August 2012

448 bytes added , 22:19, 22 August 2012

no edit summary

Line 2: Line 2: −

=== ~~Gamecard~~ Savegame Encryption ===

+

=== Savegame Encryption ===

On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plain-text but on the 3DS a layer of encryption was added. This is AES-CTR, as the contents of several savegames exhibit the odd behavior that xor-ing certain parts of the savegame together will result in the plain-text appearing.

Line 57: Line 57:

* each byte is the checksum of an encrypted 0x200 bytes large block

* to calculate the checksum, a CRC16 of the block (with starting value 0xFFFF) is calculated, and the two bytes of the CRC16 are XORed together to produce the 8bit checksum

+

=== MAC header ===

+

{| class="wikitable"

+

|-

+

! Image offset

+

! Length

+

! Description

+

|-

+

| 0x00

+

| 0x10

+

| AES-CCM MAC over a SHA256 hash, with an all-zero nonce

+

|-

+

| 0x10

+

| 0xF0

+

| Zero padding

+

|}

+

The [[AES]] engine keyslot used for crypting the image seems to be the same one used for this MAC. This MAC is used to verify the DISA/DIFF header. SHA256_Update() is used to calculate the hash with the blocks described below.

+

==== Extdata SHA256 blocks ====

+

{| class="wikitable"

+

|-

+

! Block Size

+

! Description

+

|-

+

| 0x8

+

| Savegame type, "CTR-EXT0"

+

|-

+

| 0x8

+

| First word is the hex ID from image filename, second word is the hex ID of the sub-dir under the <ExtdataIDLow> directory (all-zero for Quota.dat)

+

|-

+

| 0x4

+

| 1 for Quota.dat, 0 otherwise

+

|-

+

| 0x8

+

| Same as the previous u64

+

|-

+

| 0x100

+

| 0x100-byte header from offset 0x100 in image (DIFF for extdata)

+

|}

=== Partitions ===

There can be multiple partitions on the chip.

−

The partitions are represented by tables of DIFI blobs inside a DISA structure.

+

The partitions are represented by tables of DIFI blobs inside a DISA/DIFF structure.

The order of the DIFI blobs is the order of the partitions in the chip.

'''DISA'''

−

* If the uint32 @ 0x168 ~~into~~ the image in the DISA(the low 8-bits) is non-zero, then first table is is hashed, otherwise the second DIFI table is hashed.

+

* This is located @ 0x100 in the image, following the MAC header.

+

* If the uint32 @ 0x168 in the image in the DISA(the low 8-bits) is non-zero, then first table is is hashed, otherwise the second DIFI table is hashed.

* If the table has more then 1 DIFI then the uint32 @ 0x168 is the offset from the DATA partition to the file base (masked with 0xFFFFFFFE).

−

* At offset 0x0 in the image is a 0x10-byte AES-CCM MAC over a SHA-256 hash. The 0xf0 bytes following the MAC is always zero. For extdata, this hashes parts of the extdata image file path and other data, including the 0x100-byte DISA/DIFF header. SD/NAND uses the the same [[AES]] engine [[Extdata#Encryption|keyslot]] for this MAC, it's unknown what regular SD/NAND savegames uses but gamecard savegames use a separate keyslot for the MAC.

{| class="wikitable"

Line 155: Line 196:

'''DIFF'''

−

* This is the [[extdata]] equivalent of DISA, for extdata which use FS. DIFF is *only* used ~~with~~ extdata~~, not regular savegames~~.

+

* This is the [[extdata]] equivalent of DISA, for extdata which use FS. DIFF is only used for extdata.

* When the active-table field low 8-bits is non-zero, the primary partition is used. Otherwise, the secondary partition is used.

Yellows8

Bureaucrats, Administrators

6,264

edits

Changes

Savegames (edit)

Revision as of 22:19, 22 August 2012

Navigation menu

Search