6,263
edits
Changes
Jump to navigation
Jump to search
Line 79:
Line 79: − + Line 98:
Line 98: − +
→New_3DS FIRM
* Initialises KeyX for keyslots 0x18-0x20 with the output of encrypting a certain binary sequence using keyslot 0x11. These are presumably New3DS-specific keys.
* Initialises KeyX for keyslots 0x18-0x20 with the output of encrypting a certain binary sequence using keyslot 0x11. These are presumably New3DS-specific keys.
It sets KeyY for keyslot 0x15 to arm9_bin_buf+16, the IV to arm9_bin_buf+32. It then proceeds to decrypt the binary. When done, it decrypts arm9_bin_buf+64 using an hardcoded keyY for keyslot 0x15 and makes sure it's all zeroes. It it is, it jumps to the decrypted addr. Otherwise it will just loop forever.
It sets KeyY for keyslot 0x15 to arm9_bin_buf+16, the CTR to arm9_bin_buf+32. It then proceeds to decrypt the binary. When done, it decrypts arm9_bin_buf+64 using an hardcoded keyY for keyslot 0x15 and makes sure it's all zeroes. If it is, it jumps to the decrypted addr. Otherwise it will just loop forever.
Thus, the ARM9 binary has the following header:
Thus, the ARM9 binary has the following header:
| 0x020
| 0x020
| 16
| 16
| IV
| CTR
|-
|-
| 0x030
| 0x030