Savegames: Difference between revisions

Line 13:

==== Savegame keyY ====

All gamecard and SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The gamecard savegame [[AES|keyslots]]' keyY(these savegame keyslots use the hardware key-~~scrambler~~) is unique for each region and for each game. The [[NCSD]] partition flags determine the method used to generate this keyY. When the save [[NCSD]] flags checked by the running NATIVE_FIRM are all-zero, the system will use the repeating CTR, otherwise a proper CTR which never repeats within the image is used. When all of the flags checked by the running NATIVE_FIRM are clear, the keyY(original keyY method used with saves where the CTR repeats within the image) is the following: the first 8-bytes from the decrypted [[NCCH#CXI|CXI]] accessdesc signature + two u32 cardIDs read from gamecard commands.

All gamecard and SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The gamecard savegame [[AES|keyslots]]' keyY(these savegame keyslots use the hardware key-generator) is unique for each region and for each game. The [[NCSD]] partition flags determine the method used to generate this keyY. When the save [[NCSD]] flags checked by the running NATIVE_FIRM are all-zero, the system will use the repeating CTR, otherwise a proper CTR which never repeats within the image is used.

The [[AES]]-MAC(which uses a hardware key-~~scrambler~~ keyslot, as mentioned above) at the the beginning of the savegame must match the calculated MAC using the DISA/DIFF data, otherwise the savegame is considered corrupted(see below).

The [[AES]]-MAC(which uses a hardware key-generator keyslot, as mentioned above) at the the beginning of the savegame must match the calculated MAC using the DISA/DIFF data, otherwise the savegame is considered corrupted(see below).

When all of the flags checked by the running NATIVE_FIRM are clear, the keyY(original keyY method used with saves where the CTR repeats within the image) is the following:

{| class="wikitable" border="1"

|-

! Offset

! Size

! Description

|-

| 0x0

| 0x8

| First 8-bytes from the plaintext [[NCCH#CXI|CXI]] accessdesc signature.

|-

| 0x8

| 0x4

| u32 CardID0 from [[Gamecards|gamecard]] plaintext-mode command 0x90, Process9 reads this with the [[NTRCARD]] hw. The actual cmdID used by Process9 is different since Process9 reads it with the gamecard in encrypted-mode.

|-

| 0xC

| 0x4

| u32 CardID1 from [[Gamecards|gamecard]] plaintext-mode command 0xA0, Process9 reads this with the [[NTRCARD]] hw. The actual cmdID used by Process9 is different since Process9 reads it with the gamecard in encrypted-mode.

|}

===== [[2.0.0-2]] Hashed keyY and [[2.2.0-4]] Savegame Encryption =====

@@ Line 13: / Line 13: @@
 ==== Savegame keyY ====
-All gamecard and SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The gamecard savegame [[AES|keyslots]]' keyY(these savegame keyslots use the hardware key-scrambler) is unique for each region and for each game. The [[NCSD]] partition flags determine the method used to generate this keyY. When the save [[NCSD]] flags checked by the running NATIVE_FIRM are all-zero, the system will use the repeating CTR, otherwise a proper CTR which never repeats within the image is used. When all of the flags checked by the running NATIVE_FIRM are clear, the keyY(original keyY method used with saves where the CTR repeats within the image) is the following: the first 8-bytes from the decrypted [[NCCH#CXI|CXI]] accessdesc signature + two u32 cardIDs read from gamecard commands.
+All gamecard and SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The gamecard savegame [[AES|keyslots]]' keyY(these savegame keyslots use the hardware key-generator) is unique for each region and for each game. The [[NCSD]] partition flags determine the method used to generate this keyY. When the save [[NCSD]] flags checked by the running NATIVE_FIRM are all-zero, the system will use the repeating CTR, otherwise a proper CTR which never repeats within the image is used.
-The [[AES]]-MAC(which uses a hardware key-scrambler keyslot, as mentioned above) at the the beginning of the savegame must match the calculated MAC using the DISA/DIFF data, otherwise the savegame is considered corrupted(see below).
+The [[AES]]-MAC(which uses a hardware key-generator keyslot, as mentioned above) at the the beginning of the savegame must match the calculated MAC using the DISA/DIFF data, otherwise the savegame is considered corrupted(see below).
+When all of the flags checked by the running NATIVE_FIRM are clear, the keyY(original keyY method used with saves where the CTR repeats within the image) is the following:
+{| class="wikitable" border="1"
+|-
+!  Offset
+!  Size
+!  Description
+|-
+| 0x0
+| 0x8
+| First 8-bytes from the plaintext [[NCCH#CXI|CXI]] accessdesc signature.
+|-
+| 0x8
+| 0x4
+| u32 CardID0 from [[Gamecards|gamecard]] plaintext-mode command 0x90, Process9 reads this with the [[NTRCARD]] hw. The actual cmdID used by Process9 is different since Process9 reads it with the gamecard in encrypted-mode.
+|-
+| 0xC
+| 0x4
+| u32 CardID1 from [[Gamecards|gamecard]] plaintext-mode command 0xA0, Process9 reads this with the [[NTRCARD]] hw. The actual cmdID used by Process9 is different since Process9 reads it with the gamecard in encrypted-mode.
+|}
 ===== [[2.0.0-2]] Hashed keyY and [[2.2.0-4]] Savegame Encryption =====