AES Registers: Difference between revisions
Add stuff by sbJFn5r's request |
|||
| Line 186: | Line 186: | ||
! Keyslot | ! Keyslot | ||
! Description | ! Description | ||
! Key-data initialized by ARM9 bootrom | |||
! Key-data initialized by Process9 | |||
|- | |- | ||
| 0x00-0x03 | | 0x00-0x03 | ||
| These are the TWL keyslots, the key-data for these can be set via the REG_AESKEY0-REG_AESKEY3 registers. These keyslots are initialized by NATIVE_FIRM. The console-unique portion of two of these keyslots are only [[CONFIG|initialized]] by NATIVE_FIRM during initial hard-boot. | | These are the TWL keyslots, the key-data for these can be set via the REG_AESKEY0-REG_AESKEY3 registers. These keyslots are initialized by NATIVE_FIRM. The console-unique portion of two of these keyslots are only [[CONFIG|initialized]] by NATIVE_FIRM during initial hard-boot. | ||
| | |||
| Yes | |||
|- | |- | ||
| 0x0D | | 0x0D | ||
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. | | See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. | ||
| Yes | |||
| No | |||
|- | |- | ||
| 0x11 | | 0x11 | ||
| This is used for general normal-key crypto, where the normal-key is set by FIRM. This keyslot is also used by the New3DS [[FIRM]] arm9 binary loader. | | This is used for general normal-key crypto, where the normal-key is set by FIRM. This keyslot is also used by the New3DS [[FIRM]] arm9 binary loader. | ||
| No | |||
| Yes, when using this keyslot | |||
|- | |||
| 0x12 | |||
| Unused? | |||
| No | |||
| No | |||
|- | |- | ||
| 0x14 | | 0x14 | ||
| Starting with [[5.0.0-11]], NATIVE_FIRM Process9 now sets the keyY for this to the same one it uses for initializing 3 of the keyslots' keyYs from [[PSPXI:EncryptDecryptAes|here]]. | | Starting with [[5.0.0-11]], NATIVE_FIRM Process9 now sets the keyY for this to the same one it uses for initializing 3 of the keyslots' keyYs from [[PSPXI:EncryptDecryptAes|here]]. | ||
| Yes | |||
| See description | |||
|- | |- | ||
| 0x20..0x23 | | 0x20..0x23 | ||
| All of these keyslots(initialized by bootrom) are set to the same key-data. These seem to be set to a regular normal-key? | | All of these keyslots(initialized by bootrom) are set to the same key-data. These seem to be set to a regular normal-key? | ||
| Yes | |||
| No | |||
|- | |- | ||
| 0x25 | | 0x25 | ||
| The keyX and keyY initialized by bootrom for this keyslot are console-unique. This keyslot is used for the [[7.0.0-13|v7.0]] [[NCCH]] encryption, the keyX is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. The keyY/CTR used for this keyslot is the same as keyslot 0x2C. | | The keyX and keyY initialized by bootrom for this keyslot are console-unique. This keyslot is used for the [[7.0.0-13|v7.0]] [[NCCH]] encryption, the keyX is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. The keyY/CTR used for this keyslot is the same as keyslot 0x2C. | ||
| | |||
| See description | |||
|- | |||
| 0x26 | |||
| Unused? | |||
| No | |||
| No | |||
|- | |- | ||
| 0x2C | | 0x2C | ||
| Used to decrypt [[NCCH|NCCH]], the keyY is set by Process9(see [[NCCH|here]] regarding the keyY). Keyslots 0x2C..0x2F all use the same keyX, set by bootrom. | | Used to decrypt [[NCCH|NCCH]], the keyY is set by Process9(see [[NCCH|here]] regarding the keyY). Keyslots 0x2C..0x2F all use the same keyX, set by bootrom. | ||
| Yes | |||
| Yes | |||
|- | |- | ||
| 0x2D | | 0x2D | ||
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. | | See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. | ||
| Yes | |||
| No | |||
|- | |- | ||
| 0x2E | | 0x2E | ||
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyY is set by NATIVE_FIRM. | | See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyY is set by NATIVE_FIRM. | ||
| Yes | |||
| Yes | |||
|- | |- | ||
| 0x2F | | 0x2F | ||
| Initially this keyslot has the same keyY as keyslot 0x2D, initialized by bootrom. This keyY is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. This is the keyslot used for calculating v6.0 gamecard savegames' keyYs. | | Initially this keyslot has the same keyY as keyslot 0x2D, initialized by bootrom. This keyY is initialized during NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]]. This is the keyslot used for calculating v6.0 gamecard savegames' keyYs. | ||
| Yes | |||
| See description | |||
|- | |- | ||
| 0x31 | | 0x31 | ||
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E. | | See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E. | ||
| Yes | |||
| Yes | |||
|- | |- | ||
| 0x32 | | 0x32 | ||
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x31. | | See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x31. | ||
| Yes | |||
| No | |||
|- | |- | ||
| 0x34-0x37 | | 0x34-0x37 | ||
| All four of these keyslots use the same keyX. Keyslots 0x35/0x36 use the same keyY, see [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]] for keyslot 0x36. | | All four of these keyslots use the same keyX. Keyslots 0x35/0x36 use the same keyY, see [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]] for keyslot 0x36. | ||
| Yes | |||
| Only for keyslot 0x37 | |||
|- | |- | ||
| 0x38 | | 0x38 | ||
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. | | See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]], this uses the hardware key-scrambler. | ||
| Yes | |||
| No | |||
|- | |- | ||
| 0x39 | | 0x39 | ||
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x38. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E. | | See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. This keyslot keyX is the same keyX used for keyslot 0x38. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E. | ||
| Yes | |||
| Yes | |||
|- | |- | ||
| 0x3D | | 0x3D | ||
| This keyslot uses keyY. Used to decrypt title keys in [[Ticket]]. Used by Gateway. | | This keyslot uses keyY. Used to decrypt title keys in [[Ticket]]. Used by Gateway. | ||
| Yes | |||
| Yes | |||
|- | |- | ||
| 0x3E | | 0x3E | ||
| This keyslot uses an unique keyX/keyY. | | This keyslot uses an unique keyX/keyY. | ||
| | |||
| No | |||
|- | |- | ||
| 0x3F | | 0x3F | ||
| This keyslot uses an unique keyX/keyY. | | This keyslot uses an unique keyX/keyY. | ||
| | |||
| No | |||
|} | |} | ||
| Line 252: | Line 300: | ||
=== keyX === | === keyX === | ||
The ARM9 bootrom initializes the keyX for | The ARM9 bootrom initializes the keyX for certain 3DS keyslots, the ARM9 bootrom may also initialize the keyY for certain keyslots. In certain cases Process9 may also set the keyX. | ||
=== Hardware key generator === | === Hardware key generator === | ||
| Line 260: | Line 308: | ||
=== FIRM-launch key clearing === | === FIRM-launch key clearing === | ||
Starting with [[9.0.0-20]] the Process9 FIRM-launch code now "clears" the following AES keyslots, with certain keydata by writing the normal-key: 0x15 and 0x18-0x20. These are the keyslots used by the New3DS [[FIRM]] arm9bin loader(minus keyslot 0x11), | Starting with [[9.0.0-20]] the Process9 FIRM-launch code now "clears" the following AES keyslots, with certain keydata by writing the normal-key: 0x15 and 0x18-0x20. These are the keyslots used by the New3DS [[FIRM]] arm9bin loader(minus keyslot 0x11), the New3DS Process9 does this too. | ||