NCCH: Difference between revisions

Line 39:

The extended header, the [[ExeFS]] and the [[RomFS]] are encrypted using 128-bit AES CTR. See here regarding the [https://github.com/3dshax/ctr/blob/master/ctrtool/ncch.c CTR].

The key is generated using the [[AES|AES Engine]] key generator, where the keyX is set by the bootrom (~~keyslot 0x2C~~) and the keyY is the first 0x10 bytes of the NCCH signature. This method of key generation is referred to as "secure-crypto". ~~Start from~~ [[9.6.0-24]] the ~~old3ds's Process9 add~~ a ~~new keyY generator~~(when ncchflag[7] = 0x20).

The key is generated using the [[AES|AES Engine]] key generator, where the keyX is set by the bootrom (see below for the keyslots) and the keyY is the first 0x10 bytes of the NCCH signature. This method of key generation is referred to as "secure-crypto". Starting with [[9.6.0-24|9.6.0-X]] Process9 can now generate the NCCH keyY a different way(when ncchflag[7] = 0x20).

If a certain NCCH flag is set, a fixed AES key is used. There are two fixed keys, one for titles which have the system category bit set (SystemFixedKey), and one for the rest ("zeros" key). These are debug keys, as they aren't nomally supported on retail systems.

Line 119:

| 0x114

| 4

| Checksum, using for verifying a part of the new keyY generator's parameter(when ncchflag[7] = 0x20) (~~start~~ from ~~firmware:~~ [[9.6.0-24]]).

| Checksum, using for verifying a part of the new keyY generator's parameter(when ncchflag[7] = 0x20) (starting from FIRM [[9.6.0-24|9.6.0-X]]).

|-

| 0x118

Line 229:

|-

| 7

| Bit-masks: FixedCryptoKey = 0x1, NoMountRomFs = 0x2, NoCrypto = 0x4,using a new keyY generator = 0x20(~~start from~~ [[9.6.0-24]]).

| Bit-masks: FixedCryptoKey = 0x1, NoMountRomFs = 0x2, NoCrypto = 0x4, using a new keyY generator = 0x20(starting with FIRM [[9.6.0-24|9.6.0-X]]).

|}

CXIs NCCH header signature is verified using the RSA public key stored in the accessdesc,(which follows the exheader) while CFAs NCCH header is verified with a fixed RSA public key.

@@ Line 39: / Line 39: @@
 The extended header, the [[ExeFS]] and the [[RomFS]] are encrypted using 128-bit AES CTR. See here regarding the [https://github.com/3dshax/ctr/blob/master/ctrtool/ncch.c CTR].
-The key is generated using the [[AES|AES Engine]] key generator, where the keyX is set by the bootrom (keyslot 0x2C) and the keyY is the first 0x10 bytes of the NCCH signature. This method of key generation is referred to as "secure-crypto". Start from [[9.6.0-24]] the old3ds's Process9 add a new keyY generator(when ncchflag[7] = 0x20).
+The key is generated using the [[AES|AES Engine]] key generator, where the keyX is set by the bootrom (see below for the keyslots) and the keyY is the first 0x10 bytes of the NCCH signature. This method of key generation is referred to as "secure-crypto". Starting with [[9.6.0-24|9.6.0-X]] Process9 can now generate the NCCH keyY a different way(when ncchflag[7] = 0x20).
 If a certain NCCH flag is set, a fixed AES key is used. There are two fixed keys, one for titles which have the system category bit set (SystemFixedKey), and one for the rest ("zeros" key). These are debug keys, as they aren't nomally supported on retail systems.
@@ Line 119: / Line 119: @@
 |  0x114
 |  4
-|  Checksum, using for verifying a part of the new keyY generator's parameter(when ncchflag[7] = 0x20) (start from firmware: [[9.6.0-24]]).
+|  Checksum, using for verifying a part of the new keyY generator's parameter(when ncchflag[7] = 0x20) (starting from FIRM [[9.6.0-24|9.6.0-X]]).
 |-
 |  0x118
@@ Line 229: / Line 229: @@
 |-
 |  7
-|  Bit-masks: FixedCryptoKey = 0x1, NoMountRomFs = 0x2, NoCrypto = 0x4,using a new keyY generator = 0x20(start from [[9.6.0-24]]).
+|  Bit-masks: FixedCryptoKey = 0x1, NoMountRomFs = 0x2, NoCrypto = 0x4, using a new keyY generator = 0x20(starting with FIRM [[9.6.0-24|9.6.0-X]]).
 |}
 CXIs NCCH header signature is verified using the RSA public key stored in the accessdesc,(which follows the exheader) while CFAs NCCH header is verified with a fixed RSA public key.