The extended header, the [[ExeFS]] and the RomFS are encrypted using 128-bit AES CTR.
The extended header, the [[ExeFS]] and the RomFS are encrypted using 128-bit AES CTR.
−
By default encrypted regions are compressed with an LZ77 variant, then encrypted. The spec allows for both unencrypted and uncompressed regions to exist. Retail SD card CXIs must have the [[ExeFS|ExeFS:/.code]] compressed. Development units use a fixed system key for system titles, a separate key is used on retail.
+
By default encrypted regions are compressed with an LZ77 variant, then encrypted. The spec allows for both unencrypted and uncompressed regions to exist. Retail SD card CXIs must have the [[ExeFS|ExeFS:/.code]] compressed. Development units use a fixed system key for system titles. On retail part of the input [[AES]] engine key is unique per NCCH, the AES engine internally generates the final-normal key.
−
Retail CFAs use NCCH product code "CTR-P-CTAP", while retail title/gamecard CXIs use NCCH product code "CTR-P-XXXX". This product code is the NCCH [[Serials|serial code]].
+
Retail CFAs use NCCH product code "CTR-P-CTAP", while retail title/gamecard CXIs use NCCH product code "CTR-P-XXXX". This product code is the NCCH [[Serials|serial code]]. This CXI product code is likely used for region-locking.