Difference between revisions of "DSiWare Exports"

From 3dbrew
Jump to navigation Jump to search
 
(35 intermediate revisions by one other user not shown)
Line 1: Line 1:
 
The DSiWare exported from a 3DS is located at "[[SD_Filesystem|sdmc]]:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as [http://dsibrew.org/wiki/Tad DSi]: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.
 
The DSiWare exported from a 3DS is located at "[[SD_Filesystem|sdmc]]:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as [http://dsibrew.org/wiki/Tad DSi]: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.
  
DSiWare exported from 3DS use [[Nand/private/movable.sed|keyslots]] initialized by movable.sed.
+
DSiWare exported from 3DS use console-unique [[Nand/private/movable.sed|keyslots]] initialized by movable.sed. Each section is encrypted with AES-CBC.
 +
 
 +
The content sections are ordered the same way as DSi: TMD, SRL from content0, <content1-7 for format v2>, public.sav, and banner.sav when banner.sav exists. When the DSiWare export type is 7-11, the 12th content section is the private.sav, if it exists.(ContentX here is the .app data from TWL-NAND /title)
 +
 
 +
=DSiWare Export Types=
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Value
 +
!  Format version
 +
!  Description
 +
|-
 +
| 0-6
 +
|
 +
| Same as value 14.
 +
|-
 +
| 7-11
 +
| v2
 +
| 12 content sections
 +
|-
 +
| 12
 +
| v2
 +
| 4 content sections
 +
|-
 +
| 13
 +
| v1
 +
| 4 content sections
 +
|-
 +
| 14
 +
| v2
 +
| 11 content sections
 +
|}
 +
 
 +
For NATIVE_FIRM versions where this DSiWare export [[AM:ExportDSiWare|type]] field is unused, format version v1 is used with 4 content sections. Otherwise when this field is used, see the above table. [[System Settings]] uses type 1 for [[AM:ExportDSiWare|exporting]] DSiWare, regardless of the System Settings title-version.
  
 
=Block Metadata=
 
=Block Metadata=
Line 12: Line 44:
 
| 0x0
 
| 0x0
 
| 0x10
 
| 0x10
| AES MAC
+
| AES MAC over a SHA-256 hash
 
|-
 
|-
 
| 0x10
 
| 0x10
 
| 0x10
 
| 0x10
| CTR for AES-CTR / IV for AES-CBC
+
| IV, generated by the [[PSPXI:GenerateRandomBytes|RNG]].
 +
|}
 +
 
 +
Each section begins with the payload encrypted data, followed by this block metadata. The SHA-256 hash used for the MAC is calculated over the cleartext payload. This hash used for generating the MAC is also stored in the footer.
 +
 
 +
=Footer=
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Offset
 +
!  Size
 +
!  Description
 +
|-
 +
| 0x0
 +
| X
 +
| SHA-256 hashes over the banner, header, and content sections. When a content section doesn't exist, the corresponding hash here is uninitialized.
 +
|-
 +
| 0x0 + X
 +
| 0x3C
 +
| ECDSA signature using SHA-256 over the previous hashes, signed by the APCert.
 +
|-
 +
| 0x3C + X
 +
| 0x180
 +
| ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the below [[CTCert]], where X is [[PSPXI:GenerateRandomBytes|random]] lowercase ASCII hex data.
 +
|-
 +
| 0x1BC + X
 +
| 0x180
 +
| ECDSA [[CTCert]]
 +
|-
 +
| 0x33C + X
 +
| 0x4
 +
| Uninitialized padding.
 +
|}
 +
 
 +
These hashes are the same hashes used for generating each section's MAC stored in the metadata block. X = 0x40 + totalcontentsections*0x20.
 +
 
 +
The curve sect233r1 is used for all related ECDSA signing operations
 +
 
 +
=File Structure v1=
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Offset
 +
!  Size
 +
!  Description
 +
|-
 +
| 0x0
 +
| 0x4020
 +
| Banner section
 +
|-
 +
| 0x4020
 +
| 0xC0
 +
| Header section
 +
|-
 +
| 0x40E0
 +
| 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer.
 +
| Footer section
 +
|-
 +
| 0x40E0 + footer_size
 +
|
 +
| Content sections
 
|}
 
|}
  
Each section begins with the actual encrypted data, followed by this block metadata.
+
==Header==
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Offset
 +
!  Size
 +
!  Description
 +
|-
 +
| 0x0
 +
| 0x4
 +
| Magic number 0x54444633, "3FDT".
 +
|-
 +
| 0x4
 +
| 0x2
 +
| Byte-swapped groupID from the TWL [[TMD]].
 +
|-
 +
| 0x6
 +
| 0x2
 +
| Byte-swapped title version from the TWL [[TMD]].
 +
|-
 +
| 0x8
 +
| 0x20
 +
| SHA-256 hash [[AMPXI:ValidateDSiWareMovableSedHash|calculated]] over the encrypted movable.sed.
 +
|-
 +
| 0x28
 +
| 0x10
 +
| Encrypted AES block from [[AES|encrypting]] an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
 +
|-
 +
| 0x38
 +
| 0x8
 +
| Byte-swapped titleID from the TWL [[TMD]].
 +
|-
 +
| 0x40
 +
| 0x8
 +
| ?
 +
|-
 +
| 0x48
 +
| 0x10
 +
| u32 payload sizes for the 4 content sections.
 +
|-
 +
| 0x58
 +
| 0x4
 +
| ?
 +
|-
 +
| 0x5C
 +
| 0x3E
 +
| Data from the TWL [[TMD]] reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
 +
|-
 +
| 0x9A
 +
| 0x6
 +
| Padding?
 +
|}
  
=File Structure=
+
=File Structure v2=
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Line 30: Line 170:
 
| 0x0
 
| 0x0
 
| 0x4020
 
| 0x4020
| Banner section encrypted with AES-CBC.
+
| Banner section
 
|-
 
|-
 
| 0x4020
 
| 0x4020
| 0xA0
+
| 0x110
 
| Header section
 
| Header section
 
|-
 
|-
| 0x40C0
+
| 0x4130
| 0x400
+
| 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer.
 
| Footer section
 
| Footer section
 
|-
 
|-
| 0x44C0
+
| 0x4130 + footer_size
 
|  
 
|  
| Data for the 4 content sections are stored here.
+
| Content sections
 +
|}
 +
 
 +
==Header==
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Offset
 +
!  Size
 +
!  Description
 +
|-
 +
| 0x0
 +
| 0x4
 +
| Magic number 0x54444633, "3FDT".
 +
|-
 +
| 0x4
 +
| 0x2
 +
| Byte-swapped groupID from the TWL [[TMD]].
 +
|-
 +
| 0x6
 +
| 0x2
 +
| Byte-swapped title version from the TWL [[TMD]].
 +
|-
 +
| 0x8
 +
| 0x20
 +
| SHA-256 hash [[AMPXI:ValidateDSiWareMovableSedHash|calculated]] over the encrypted movable.sed.
 +
|-
 +
| 0x28
 +
| 0x10
 +
| Encrypted AES block from [[AES|encrypting]] an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
 +
|-
 +
| 0x38
 +
| 0x8
 +
| Byte-swapped titleID from the TWL [[TMD]].
 +
|-
 +
| 0x40
 +
| 0x8
 +
| ?
 +
|-
 +
| 0x48
 +
| 0x2C
 +
| u32 payload sizes for the 11 content sections.
 +
|-
 +
| 0x74
 +
| 0x30
 +
| ?
 +
|-
 +
| 0xA4
 +
| 0x3E
 +
| Data from the TWL [[TMD]] reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
 +
|-
 +
| 0xE2
 +
| 0x0E
 +
| Padding?
 
|}
 
|}

Latest revision as of 19:56, 8 September 2018

The DSiWare exported from a 3DS is located at "sdmc:/Nintendo 3DS/<ID0>/<ID1>/Nintendo DSiWare". Filenames are same format as DSi: "<TitleID-Low>.bin". The below sizes include the 0x20-byte block metadata.

DSiWare exported from 3DS use console-unique keyslots initialized by movable.sed. Each section is encrypted with AES-CBC.

The content sections are ordered the same way as DSi: TMD, SRL from content0, <content1-7 for format v2>, public.sav, and banner.sav when banner.sav exists. When the DSiWare export type is 7-11, the 12th content section is the private.sav, if it exists.(ContentX here is the .app data from TWL-NAND /title)

DSiWare Export Types[edit]

Value Format version Description
0-6 Same as value 14.
7-11 v2 12 content sections
12 v2 4 content sections
13 v1 4 content sections
14 v2 11 content sections

For NATIVE_FIRM versions where this DSiWare export type field is unused, format version v1 is used with 4 content sections. Otherwise when this field is used, see the above table. System Settings uses type 1 for exporting DSiWare, regardless of the System Settings title-version.

Block Metadata[edit]

Offset Size Description
0x0 0x10 AES MAC over a SHA-256 hash
0x10 0x10 IV, generated by the RNG.

Each section begins with the payload encrypted data, followed by this block metadata. The SHA-256 hash used for the MAC is calculated over the cleartext payload. This hash used for generating the MAC is also stored in the footer.

Footer[edit]

Offset Size Description
0x0 X SHA-256 hashes over the banner, header, and content sections. When a content section doesn't exist, the corresponding hash here is uninitialized.
0x0 + X 0x3C ECDSA signature using SHA-256 over the previous hashes, signed by the APCert.
0x3C + X 0x180 ECDSA "APXXXXXXXXXXXXXXXX" cert signed by the below CTCert, where X is random lowercase ASCII hex data.
0x1BC + X 0x180 ECDSA CTCert
0x33C + X 0x4 Uninitialized padding.

These hashes are the same hashes used for generating each section's MAC stored in the metadata block. X = 0x40 + totalcontentsections*0x20.

The curve sect233r1 is used for all related ECDSA signing operations

File Structure v1[edit]

Offset Size Description
0x0 0x4020 Banner section
0x4020 0xC0 Header section
0x40E0 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer. Footer section
0x40E0 + footer_size Content sections

Header[edit]

Offset Size Description
0x0 0x4 Magic number 0x54444633, "3FDT".
0x4 0x2 Byte-swapped groupID from the TWL TMD.
0x6 0x2 Byte-swapped title version from the TWL TMD.
0x8 0x20 SHA-256 hash calculated over the encrypted movable.sed.
0x28 0x10 Encrypted AES block from encrypting an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
0x38 0x8 Byte-swapped titleID from the TWL TMD.
0x40 0x8 ?
0x48 0x10 u32 payload sizes for the 4 content sections.
0x58 0x4 ?
0x5C 0x3E Data from the TWL TMD reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
0x9A 0x6 Padding?

File Structure v2[edit]

Offset Size Description
0x0 0x4020 Banner section
0x4020 0x110 Header section
0x4130 0x340 + 0x20 + X, where X is the total size of the hashes stored in the footer. Footer section
0x4130 + footer_size Content sections

Header[edit]

Offset Size Description
0x0 0x4 Magic number 0x54444633, "3FDT".
0x4 0x2 Byte-swapped groupID from the TWL TMD.
0x6 0x2 Byte-swapped title version from the TWL TMD.
0x8 0x20 SHA-256 hash calculated over the encrypted movable.sed.
0x28 0x10 Encrypted AES block from encrypting an all-zero 0x10-byte block with AES-CBC, where the IV is all-zero.
0x38 0x8 Byte-swapped titleID from the TWL TMD.
0x40 0x8 ?
0x48 0x2C u32 payload sizes for the 11 content sections.
0x74 0x30 ?
0xA4 0x3E Data from the TWL TMD reserved section. Only the first 0x20-bytes from the TWL TMD is written here, the rest is uninitialized.
0xE2 0x0E Padding?