3dbrew

OTP Registers: Difference between revisions

← Older edit
SciresM (talk | contribs)
29 edits
Plaintext OTP: Fix leftover from ITCM c/p.
PabloMK7 (talk | contribs)
37 edits
Wrong size fixed
 
(10 intermediate revisions by 4 users not shown)
Line 22: Line 22:
| 0x0
| 0x0
| 0x100
| 0x100
| Console-unique data encrypted with AES-CBC. The normalkey and IV are stored in Boot9. The last 0x20-bytes of plaintext are a SHA256 hash over the first 0xE0-bytes of plaintext.
| Console-unique data encrypted with AES-CBC. The normalkey and IV are stored in Boot9(retail/devunit have seperate normalkey+IV for this). The last 0x20-bytes of plaintext are a SHA256 hash over the first 0xE0-bytes of plaintext.
|-
|-
| 0x100
| 0x100
Line 34: Line 34:
!  Size
!  Size
!  Description
!  Description
|-
| 0x0
| 0x90
| Copied into ITCM. The encrypted version of this is what New3DS-arm9loader hashes for key-generation.
|-
|-
| 0x0
| 0x0
Line 49: Line 45:
| 0x8
| 0x8
| 0x10
| 0x10
| This is the fall-back keyY used for movable.sed keyY when movable.sed doesn't exist in NAND(the last two words here are used on retail for generating console-unique TWL keydata/etc). This is also used for "LocalFriendCodeSeed", etc.
| This is the fall-back keyY used for movable.sed keyY when movable.sed doesn't exist in NAND(the first two words here are used on retail for generating console-unique TWL keydata/etc). This is also used for "LocalFriendCodeSeed", etc.
|-
|-
| 0x18
| 0x18
| 0x1
| 0x1
| ?
| OTP version
|-
|-
| 0x19
| 0x19
| 0x1
| 0x1
| This is the [[CTCert]] issuer type: 0 = retail "Nintendo CA - G3_NintendoCTR2prod", non-zero = dev "Nintendo CA - G3_NintendoCTR2dev".
| This determines if the OTP is for a dev system; it indicates the [[CTCert]] issuer type: 0 = retail "Nintendo CA - G3_NintendoCTR2prod", non-zero = dev "Nintendo CA - G3_NintendoCTR2dev".
|-
|-
| 0x1A
| 0x1A
| 0x6
| 0x6
| ?
| Manufacturing date (of the SoC?). Usually month(s) before the dates in the logs stored in [[Flash_Filesystem|TWLNAND]]. Each byte is one field: year, month, day, hour, minute, second. Year is encoded as year-1900 so that it fits in one byte. This order matches up with the layout of a <code>struct tm</code>.
|-
|-
| 0x20
| 0x20
| 0x4
| 0x4
| This is the CTCert ECDSA exponent, this is byte-swapped when plaintext_otp+0x18 is >=5.
| This is the CTCert expiry time as UNIX timestamp, this is specified in big endian if the OTP version is <5.
|-
|-
| 0x24
| 0x24
| 0x2
| 0x20
| ?
|-
| 0x26
| 0x1E
| This is the CTCert ECDSA privk.
| This is the CTCert ECDSA privk.
|-
|-
| 0x44
| 0x44
| 0x3C
| 0x3C
| This is the CTCert ECDSA signature.
| This is the CTCert ECDSA signature (sect233r1?/SHA-256).
|-
|-
| 0x80
| 0x80
Line 84: Line 76:
|-
|-
| 0x90
| 0x90
| 0x70
| 0x50
| Used by Boot9 for generating the console-unique AES [[AES_Registers|keyXs]].
| Used by Boot9 for generating the console-unique AES [[AES_Registers|keyXs]]. However, due to a bug(?) in Boot9, only the first 0x1C-bytes here actually affect console-unique key generation. The rest of the data is used for hashing, but that output hash only gets overwritten without being used afterwards.
 
Note that the size passed to the Boot9 keyinit code for console-unique-buffer-size is 0x70, hence this includes the below OTP hash.
|-
| 0xE0
| 0x20
| SHA256 hash over the previous 0xE0-bytes.
|}
|}
Retrieved from "https://www.3dbrew.org/wiki/OTP_Registers"