Line 50: |
Line 50: |
| All UDS local-WLAN communications have the CCMP key for data encryption generated via NWM module. The CCMP key passed to nwm::CEC commands(stored in a 0x44-byte input structure) for [[StreetPass]] is generated by the CECD module. The input data used with [[Process_Services|EncryptDecryptAes]] with [[PSPXI:EncryptDecryptAes|keytype1]] is a MD5 hash over an input passphrase. This input passphrase is fixed for [[Download Play]], it's unique per local-WLAN protocol. The CTR is a MD5 hash over the below 0x10-byte structure. The output from encrypting that data with AES-CTR is the final CCMP key. | | All UDS local-WLAN communications have the CCMP key for data encryption generated via NWM module. The CCMP key passed to nwm::CEC commands(stored in a 0x44-byte input structure) for [[StreetPass]] is generated by the CECD module. The input data used with [[Process_Services|EncryptDecryptAes]] with [[PSPXI:EncryptDecryptAes|keytype1]] is a MD5 hash over an input passphrase. This input passphrase is fixed for [[Download Play]], it's unique per local-WLAN protocol. The CTR is a MD5 hash over the below 0x10-byte structure. The output from encrypting that data with AES-CTR is the final CCMP key. |
| | | |
− | ==Structure used for generating the CTR== | + | ==Structure used for generating the CTR for CCMP key generation== |
| {| class="wikitable" border="1" | | {| class="wikitable" border="1" |
| |- | | |- |
Line 59: |
Line 59: |
| | 0x0 | | | 0x0 |
| | 0x4 | | | 0x4 |
− | | Little-endian local-WLAN communication ID, normally this is: (user_process [[Title_list|uniqueID]] << 8) | val. Where val is 0x10 on retail([[Configuration_Memory|configmem]] UNITINFO bit0 set), 0x90 for devunit. For [[Download Play]], this is always 0x2810 on retail(0x2890 on devunit). | + | | Local-WLAN communication ID, normally this is: (user_process [[Title_list|uniqueID]] << 8) | val. Where val is 0x10 on retail([[Configuration_Memory|configmem]] UNITINFO bit0 set), 0x90 for devunit. For [[Download Play]], this is always 0x2810 on retail(0x2890 on devunit). |
| |- | | |- |
| | 0x4 | | | 0x4 |
| | 0x4 | | | 0x4 |
− | | Little-endian u32 networkID, randomly-generated when creating the network. The network SSID used when a client connects to the network is sprintf(out, "%08X", networkID). | + | | u32 networkID, randomly-generated when creating the network. The network SSID used when a client connects to the network is sprintf(out, "%08X", networkID). |
| |- | | |- |
| | 0x8 | | | 0x8 |
Line 71: |
Line 71: |
| | 0xE | | | 0xE |
| | 0x2 | | | 0x2 |
− | | Little-endian ID, for [[Download Play]] this is 0x55. | + | | ID, for [[Download Play]] this is 0x55. |
| |} | | |} |
| + | |
| + | This data is stored as little-endian. |
| + | |
| + | ==CTR used for beacon tags crypto== |
| + | {| class="wikitable" border="1" |
| + | |- |
| + | ! Offset |
| + | ! Size |
| + | ! Description |
| + | |- |
| + | | 0x0 |
| + | | 0x6 |
| + | | Host MAC address |
| + | |- |
| + | | 0x6 |
| + | | 0x4 |
| + | | wlancommID |
| + | |- |
| + | | 0xA |
| + | | 0x1 |
| + | | This ID is also stored at offset 0xE in the CTR-generation structure. |
| + | |- |
| + | | 0xB |
| + | | 0x1 |
| + | | Padding, value zero. |
| + | |- |
| + | | 0xC |
| + | | 0x4 |
| + | | This is the u32 from offset 0x18 in the network-struct. |
| + | |} |
| + | |
| + | This data is stored as little-endian. All data here is all-zero except for the MAC address, when the u8 at offset 0x8 in the network-struct is 0. |
| | | |
| ==Network structure== | | ==Network structure== |