FIRM: Difference between revisions

Line 74:

* On [[9.5.0-22|9.5.0-X]]: executes a nop instruction with r0=0 and r1=<address of arm9binhdr+0x50>.

* Hashes data from the region [[IO|0x10012000-0x10012090]] using SHA256 via the [[SHA_Registers|SHA]] hardware.

* Initializes AES keyslot 0x11 keyX, keyY to the lower and higher portion of that hash, respectively.

* Initializes AES keyslot 0x11 keyX, keyY to the lower and higher portion of that hash, respectively. Due to the above hashed data, the keyX+keyY here are console-unique.

* Decrypts ~~an unknown~~ 0x10-byte block with keyslot 0x11 using AES-ECB. Then the normalkey, keyX, and keyY, for keyslot 0x11 are cleared to zero. Then it uses the output block to set the normalkey for keyslot 0x11.

* Reads [[Flash_Filesystem|NAND]] sector 0x96(NAND image offset 0x12C00), with size 0x200-bytes. Decrypts the first 0x10-byte block in that sector with keyslot 0x11 using AES-ECB. Then the normalkey, keyX, and keyY, for keyslot 0x11 are cleared to zero. Then it uses the output block to set the normalkey for keyslot 0x11.

* Decrypts arm9_bin_buf+0 using keyslot 0x11 with AES-ECB, and initialises keyX for keyslot 0x15 with it.

* Initialises KeyX for keyslots 0x18..0x1F with the output of decrypting a 0x10-byte block with AES-ECB using keyslot 0x11. The last byte in this 0x10-byte input block is increased by 0x01 after initializing each keyslot. These are New3DS-specific keys.

@@ Line 74: / Line 74: @@
 * On [[9.5.0-22|9.5.0-X]]: executes a nop instruction with r0=0 and r1=<address of arm9binhdr+0x50>.
 * Hashes data from the region [[IO|0x10012000-0x10012090]] using SHA256 via the [[SHA_Registers|SHA]] hardware.
-* Initializes AES keyslot 0x11 keyX, keyY to the lower and higher portion of that hash, respectively.
+* Initializes AES keyslot 0x11 keyX, keyY to the lower and higher portion of that hash, respectively. Due to the above hashed data, the keyX+keyY here are console-unique.
-* Decrypts an unknown 0x10-byte block with keyslot 0x11 using AES-ECB. Then the normalkey, keyX, and keyY, for keyslot 0x11 are cleared to zero. Then it uses the output block to set the normalkey for keyslot 0x11.
+* Reads [[Flash_Filesystem|NAND]] sector 0x96(NAND image offset 0x12C00), with size 0x200-bytes. Decrypts the first 0x10-byte block in that sector with keyslot 0x11 using AES-ECB. Then the normalkey, keyX, and keyY, for keyslot 0x11 are cleared to zero. Then it uses the output block to set the normalkey for keyslot 0x11.
 * Decrypts arm9_bin_buf+0 using keyslot 0x11 with AES-ECB, and initialises keyX for keyslot 0x15 with it.
 * Initialises KeyX for keyslots 0x18..0x1F with the output of decrypting a 0x10-byte block with AES-ECB using keyslot 0x11. The last byte in this 0x10-byte input block is increased by 0x01 after initializing each keyslot. These are New3DS-specific keys.