SD Filesystem: Difference between revisions

(One intermediate revision by the same user not shown)

Line 18:

* Everything stored under sdmc/Nintendo 3DS/<ID0>/<ID1> is encrypted with console-unique [[AES|keyslots]]~~, files stored under~~ [[~~Flash Filesystem|~~nand/~~data~~/<ID0>]] ~~only use these keyslots~~ for ~~MACs~~. ~~All~~ CTR ~~files under these directories use~~ the ~~keyslots initialized~~ by [[nand/~~private~~/~~movable.sed~~]].

* Everything stored under sdmc/Nintendo 3DS/<ID0>/<ID1> is encrypted by 128 bit AES-CTR with console-unique [[AES|keyslots]]. The keyslot is initialized by [[nand/private/movable.sed]].

* The crypto IV/CTR for each file is generated as follows: take the UTF-16 path relative to sdmc/Nintendo 3DS/<ID0>/<ID1> (the path it self begins with "/") and hash it with SHA-256, including the null null-terminator. Then calculate CTR as CTRbyte[i] = Hashbyte[i] ^ Hashbyte[16+i] for i = 0 to 15.

* The base CTR is fixed for each file, therefore the CTR never changes after each write. Thus it is possible to obtain some cleartext by XORing one file(like newly created extdata) with a newer file, where the newer file overwrote zeros in the original file with non-zero data.

* Files stored under [[Flash Filesystem|nand/data/<ID0>]] also use the same keyslot, but it is only used for MACs.

* ID0 is the first 0x10-bytes from a SHA256 [[nand/private/movable.sed|hash]].

* ID1 is the scrambled SD card CID from the SD card which this directory was originally created on. To generate this directory name from the original CID, first the CID is rotated 8-bits to the left. Then, each u16 is moved as described in the below table:

@@ Line 18: / Line 18: @@
-* Everything stored under sdmc/Nintendo 3DS/<ID0>/<ID1> is encrypted with console-unique [[AES|keyslots]], files stored under [[Flash Filesystem|nand/data/<ID0>]] only use these keyslots for MACs. All CTR files under these directories use the keyslots initialized by [[nand/private/movable.sed]].
+* Everything stored under sdmc/Nintendo 3DS/<ID0>/<ID1> is encrypted by 128 bit AES-CTR with console-unique [[AES|keyslots]]. The keyslot is initialized by [[nand/private/movable.sed]].
+* The crypto IV/CTR for each file is generated as follows: take the UTF-16 path relative to sdmc/Nintendo 3DS/<ID0>/<ID1> (the path it self begins with "/") and hash it with SHA-256, including the null null-terminator. Then calculate CTR as CTRbyte[i] = Hashbyte[i] ^ Hashbyte[16+i] for i = 0 to 15.
+* The base CTR is fixed for each file, therefore the CTR never changes after each write. Thus it is possible to obtain some cleartext by XORing one file(like newly created extdata) with a newer file, where the newer file overwrote zeros in the original file with non-zero data.
+* Files stored under [[Flash Filesystem|nand/data/<ID0>]] also use the same keyslot, but it is only used for MACs.
 * ID0 is the first 0x10-bytes from a SHA256 [[nand/private/movable.sed|hash]].
 * ID1 is the scrambled SD card CID from the SD card which this directory was originally created on. To generate this directory name from the original CID, first the CID is rotated 8-bits to the left. Then, each u16 is moved as described in the below table: