NCSD: Difference between revisions
→Card Info Header: added system update info |
→Development Card Info Header Extension: filled in a bunch of missing pieces |
||
| Line 280: | Line 280: | ||
| CardDeviceReserved2 | | CardDeviceReserved2 | ||
|} | |} | ||
== Development Card Info Header Extension == | |||
{| class="wikitable" border="1" | |||
|- | |||
! OFFSET | |||
! SIZE | |||
! DESCRIPTION | |||
|- | |||
| 0x1200 | |||
| 0x200 | |||
| CardDeviceReserved1 | |||
|- | |||
| 0x1400 | |||
| 0x10 | |||
| TitleKey | |||
|- | |||
| 0x1410 | |||
| 0xF0 | |||
| CardDeviceReserved2 | |||
|- | |||
| 0x1500 | |||
| 0x1B00 | |||
| CardDeviceReserved3 | |||
|- | |||
| 0x3000 | |||
| 0x1000 | |||
| Test pattern | |||
|} | |||
"TitleKey" is the decrypted version of the title key at 0x1000-0x103B ("Encrypted card seed"). This field appears to be what development--and maybe retail?--cards read to know what card encryption seed to use in the CTR protocol. | |||
Note that a particular flashcard vendor puts what many refer to as "private headers" here in place of actual development card information. This header is constituted by a cartridge-unique Id obtained from [[Process_Services_PXI|pxi:ps9::GetRomId]] and the title-unique cart ID (identical for all carts of the same title; can be retrieved using the NTR gamecard protocol command 0x90 or through the CTR protocol commands 0x90 or 0xA2). | Note that a particular flashcard vendor puts what many refer to as "private headers" here in place of actual development card information. This header is constituted by a cartridge-unique Id obtained from [[Process_Services_PXI|pxi:ps9::GetRomId]] and the title-unique cart ID (identical for all carts of the same title; can be retrieved using the NTR gamecard protocol command 0x90 or through the CTR protocol commands 0x90 or 0xA2). | ||
The CardDeviceReserved areas have random-looking data whose purpose is unknown, other than perhaps to hide the TitleKey. | |||
The test pattern is the same one encountered in development DS/DSi cartridges. Its layout is as follows: | |||
{| class="wikitable" border="1" | |||
|- | |||
! OFFSET | |||
! SIZE | |||
! DESCRIPTION | |||
|- | |||
| 0x3000 | |||
| 8 | |||
| The bytes FF,00,FF,00,AA,55,AA,55. | |||
|- | |||
| 0x3008 | |||
| 0x1F8 | |||
| An ascending byte sequence equal to the offset mod 256 (08,09,0A, ..., FE,FF,00,01, ..., FF). | |||
|- | |||
| 0x3200 | |||
| 0x200 | |||
| A descending byte sequence equal to 255 minus the offset mod 256 (FF,FE,FD, ..., 00,FF,DE, ..., 00). | |||
|- | |||
| 0x3400 | |||
| 0x200 | |||
| Filled with 00 bytes. | |||
|- | |||
| 0x3600 | |||
| 0x200 | |||
| Filled with FF bytes. | |||
|- | |||
| 0x3800 | |||
| 0x200 | |||
| Filled with 0F bytes. | |||
|- | |||
| 0x3A00 | |||
| 0x200 | |||
| Filled with F0 bytes. | |||
|- | |||
| 0x3C00 | |||
| 0x200 | |||
| Filled with 55 bytes. | |||
|- | |||
| 0x3E00 | |||
| 0x1FF | |||
| Filled with AA bytes. | |||
|- | |||
| 0x3FFF | |||
| 1 | |||
| The final byte is a 00. | |||
|} | |||
Retail cards always return FF when attempting to read 0x1200-0x3FFF. They probably actually have the same data as development cards, but there's no way to read it. | |||
== Tools == | == Tools == | ||