3dbrew

AES Registers: Difference between revisions

← Older editNewer edit →
Line 294: Line 294:
|-
|-
| 0x00-0x03
| 0x00-0x03
| TWL keyslots.  
| TWL keys.
| NATIVE_FIRM hard-boot.
| NATIVE_FIRM hard-boot.
| NATIVE_FIRM hard-boot.
| NATIVE_FIRM hard-boot.
Line 301: Line 301:
|-
|-
| 0x04..0x07
| 0x04..0x07
| These are the [[Flash_Filesystem|NAND]] encryption keyslots, which keyslot gets used is determined by the [[NCSD]] partition FS type and the partition encryption type.
| [[Flash_Filesystem|NAND]] partition keys.
The New3DS Process9 sets the keyY for keyslot 0x05(New3DS CTRNAND) to a key from .(ro)data.
 
| Bootrom.
Keyslot is determined by [[NCSD]] partition FS type and encryption type. The New3DS Process9 sets the keyY for keyslot 0x05 (New3DS CTRNAND) to a key from .(ro)data.
| Bootrom.
| -
| Yes
|-
| 0x08..0x0B
| These keyslots use the same console-unique keyX. Each keyslot has a separate keyY.
| Bootrom.
| Bootrom.
| Bootrom.
| Bootrom.
Line 316: Line 310:
|-
|-
| 0x0A
| 0x0A
| This is the console-unique keyslot used for encrypting the all-zero 0x10-byte block in the [[DSiWare_Exports|DSiWare_Exports]] header.
| DSiWare export key.
 
Used for encrypting the all-zero 0x10-byte block in the [[DSiWare_Exports|DSiWare_Exports]] header. Console-unique.
| See above keyslot info.
| See above keyslot info.
| See above keyslot info.
| See above keyslot info.
| -
| -
| Yes
|-
| 0x0C..0x0F
| All of these keyslots are set to the same key-data, which is a regular normal-key. The keyX written before the normal-key is console-unique, this keyX is the same for all of these keyslots.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
| Yes
|-
|-
| 0x0D
| 0x0D
| SSL-certificate key. See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| SSL-certificate key.
 
See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| -
| -
| -
| -
| Bootrom.
| Yes
|-
| 0x10
| The console-unique keyX is set before the normal-key.
| Bootrom.
| Bootrom?
| Bootrom.
| Bootrom.
| Yes
| Yes
|-
|-
| 0x11
| 0x11
| This is used for general normal-key crypto, where the normal-key is set by FIRM. This keyslot is also used by the New3DS [[FIRM]] arm9 binary loader.
| Temporary keyslot.
 
Used by FIRM for general normal-key crypto. Also used by the New3DS [[FIRM]] arm9 binary loader.
| Arm9Loader.  
| Arm9Loader.  
| Arm9Loader.
| Arm9Loader.
| NATIVE_FIRM.
| NATIVE_FIRM.
| Yes
| Yes
|-
| 0x12
| Unused
| -
| -
| -
| -
|-
| 0x13
| Unused
| -
| -
| -
| -
|-
|-
| 0x14
| 0x14
Line 369: Line 341:
| NATIVE_FIRM boot.
| NATIVE_FIRM boot.
| -
| -
| Yes
|-
| 0x15..0x16
| The console-unique keyX is set before the normal-key.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
| Yes
|-
|-
Line 391: Line 356:
| See previous info for this keyslot.
| See previous info for this keyslot.
| No
| No
|-
| 0x17
| The console-unique keyX is set before the normal-key.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
|-
| 0x18..0x1B
| All of these keyslots are set to the same key-data, which is a regular normal-key. The console-unique keyX is set before the normal-key, this keyX is the same for all of these keyslots.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
|-
| 0x1C..0x1F
| All of these keyslots are set to the same key-data, which is a regular normal-key. The console-unique keyX is set before the normal-key, this keyX is the same for all of these keyslots.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
|-
|-
| 0x18..0x1F
| 0x18..0x1F
Line 421: Line 365:
|-
|-
| 0x18
| 0x18
| New3DS [[NCCH]] keyslot, starting with [[9.3.0-21|9.3.0-X]].
| New3DS [[NCCH]] key.
| See above keyslot info.
 
Starting with [[9.3.0-21|9.3.0-X]].
| Arm9Loader.
| NATIVE_FIRM
| NATIVE_FIRM
| -
| -
| Yes
| No
|-
|-
| 0x19
| 0x19
| New3DS gamecard [[Savegames|savedata]] keyslot equalivant of keyslot 0x33, used when a [[NCSD]] flag is set to a certain value(implemented with [[9.3.0-21|9.3.0-X]]).
| New3DS gamecard [[Savegames|savedata]] AES-MAC key.
| See above keyslot info.
 
Equivalent of keyslot 0x33, used when a [[NCSD]] flag is set to a certain value (implemented with [[9.3.0-21|9.3.0-X]]).
| Arm9Loader.
| NATIVE_FIRM
| NATIVE_FIRM
| -
| -
| Yes
| No
|-
|-
| 0x1A
| 0x1A
| New3DS gamecard [[Savegames|savedata]] keyslot equalivant of keyslot 0x37, used when a [[NCSD]] flag is set to a certain value(implemented with [[9.3.0-21|9.3.0-X]]).
| New3DS gamecard [[Savegames|savedata]] actual key.
| See above keyslot info.
 
Equivalent of keyslot 0x37, used when a [[NCSD]] flag is set to a certain value (implemented with [[9.3.0-21|9.3.0-X]]).
| Arm9Loader.
| NATIVE_FIRM
| NATIVE_FIRM
| -
| -
| Yes
| No
|-
| 0x20..0x23
| All of these keyslots are set to the same key-data, which is a regular normal-key. The keyX written to these keyslots before writing the normal-key by the bootrom, is console-unique.
| Bootrom.
| -
| Bootrom.
| Yes
|-
| 0x24
| This is set to a normal-key by bootrom. The keyX written to this keyslot before writing the normal-key by the bootrom, is console-unique.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
|-
|-
| 0x25
| 0x25
| [[7.0.0-13|v7.0]] [[NCCH]] key.
| [[7.0.0-13|v7.0]] [[NCCH]] key.
<!--
The keyX and keyY initialized by bootrom for this keyslot are console-unique.
-->
| NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]].
| NATIVE_FIRM [[Savegames#6.0.0-11_Savegame_keyY|boot]].
| NATIVE_FIRM.
| NATIVE_FIRM.
| -
| Yes
|-
| 0x26
| Unused
| -
| -
| -
| Yes
|-
| 0x27
| Unused
| -
| -
| -
| Yes
|-
| 0x28
| Unknown. The normal-key for this is the same as keyslot 0x24, the console-unique keyX written before the normal-key is different from keyslot 0x24.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
|-
| 0x29
| Unknown. The keyX written before the normal-key is console-unique.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
|-
| 0x2A
| Unknown. The keyX written before the normal-key is console-unique.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
|-
| 0x2B
| Unknown. The keyX written before the normal-key is console-unique.
| Bootrom.
| Bootrom?
| Bootrom.
| Yes
|-
| 0x2C..0x2F
| All of these keyslots use the same keyX initialized by bootrom. During key-init in arm9 bootrom, keyslots 0x2D and 0x2F are set to the same keyY.
| Bootrom.
| Bootrom, then NATIVE_FIRM for keyslots 0x2C and 0x2F on >=v6.0 FIRM.
| -
| -
| Yes
| Yes
|-
|-
| 0x2C
| 0x2C
| [[NCCH|NCCH]] key. Keyslots 0x2C..0x2F all use the same keyX, set by bootrom.
| [[NCCH|NCCH]] key.
| Bootrom.
| Bootrom.
| Process9.
| Process9.
Line 522: Line 406:
|-
|-
| 0x2D
| 0x2D
| UDS local-WLAN CCMP key. See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| UDS local-WLAN CCMP key.
 
See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| Bootrom.
| Bootrom.
| Bootrom.
| Bootrom.
Line 529: Line 415:
|-
|-
| 0x2E
| 0x2E
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| Unknown key.
 
See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| Bootrom.
| Bootrom.
| NATIVE_FIRM.
| NATIVE_FIRM.
Line 538: Line 426:
| [[Savegames#6.0.0-11_Savegame_keyY|v6.0]] save key.
| [[Savegames#6.0.0-11_Savegame_keyY|v6.0]] save key.
| Bootrom.
| Bootrom.
| Bootrom, then later NATIVE_FIRM.
| NATIVE_FIRM.
| -
| Yes
|-
| 0x30-0x33
| All of these keyslots use the same keyX. The keyY for keyslots 0x32 and 0x33 are set to the same keyY by bootrom.
| Bootrom.
| Bootrom, then later NATIVE_FIRM except for keyslot 0x32.
| -
| -
| Yes
| Yes
|-
|-
| 0x30
| 0x30
| This keyY is initialized via [[Nand/private/movable.sed|movable.sed]]. This is used for calculating the AESMACs under SD [[SD_Filesystem|/Nintendo 3DS/<ID0>/<ID1>/]](except [[DSiWare_Exports]]) and [[Flash_Filesystem|NAND]] /data/.
| SD/NAND AES-MAC key.
 
This keyY is initialized via [[Nand/private/movable.sed|movable.sed]]. This is used for calculating the AESMACs under SD [[SD_Filesystem|/Nintendo 3DS/<ID0>/<ID1>/]] (except [[DSiWare_Exports]]) and [[Flash_Filesystem|NAND]] /data/.
| Bootrom.
| Bootrom.
| Bootrom(?), then later NATIVE_FIRM.
| NATIVE_FIRM.
| -
| -
| Yes
| Yes
|-
|-
| 0x31
| 0x31
| APT wrap key. See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]
| APT wrap key.


NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| Bootrom.
| Bootrom.
| Bootrom(?), then later NATIVE_FIRM.
| Bootrom(?), then later NATIVE_FIRM.
Line 566: Line 449:
|-
|-
| 0x32
| 0x32
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| Unknown.
 
See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| Bootrom.
| Bootrom.
| Bootrom.
| Bootrom.
Line 573: Line 458:
|-
|-
| 0x33
| 0x33
| This is the keyslot for the gamecard [[Savegames|savedata]] AESMAC.
| Gamecard [[Savegames|savedata]] AES-MAC.
| Bootrom.
| Bootrom.
| Bootrom, then later NATIVE_FIRM.
| NATIVE_FIRM.
| -
| Yes
|-
| 0x34-0x37
| All four of these keyslots use the same keyX. Keyslots 0x35, 0x36, and 0x37 use the same bootrom keyY. See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]] for keyslot 0x36.
| Bootrom.
| Bootrom, then NATIVE_FIRM for keyslot 0x37.
| -
| -
| Yes
| Yes
|-
|-
| 0x34
| 0x34
| This keyY is initialized via [[Nand/private/movable.sed|movable.sed]]. This is used for encrypting *all* SD card data under [[SD_Filesystem|/Nintendo 3DS/<ID0>/<ID1>/]].
| SD key.
 
This keyY is initialized via [[Nand/private/movable.sed|movable.sed]]. This is used for encrypting *all* SD card data under [[SD_Filesystem|/Nintendo 3DS/<ID0>/<ID1>/]].
| Bootrom.
| Bootrom.
| Bootrom(?), then later NATIVE_FIRM.
| NATIVE_FIRM.
| -
| -
| Yes
| Yes
|-
|-
| 0x35
| 0x35
| This is the keyslot used for movable.sed encryption + AESMAC with the import/export [[FSPXI:ImportIntegrityVerificationSeed|commands]].
| Movable.sed key.
 
This is the keyslot used for movable.sed encryption + AES-MAC with the import/export [[FSPXI:ImportIntegrityVerificationSeed|commands]].
| Bootrom.
| Bootrom.
| Bootrom.
| Bootrom.
Line 602: Line 484:
| 0x36
| 0x36
| Unknown.
| Unknown.
See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| Bootrom.
| Bootrom.
| Bootrom.
| Bootrom.
Line 608: Line 492:
|-
|-
| 0x37
| 0x37
| This is the keyslot for the actual gamecard [[Savegames|savedata]] encryption.
| Gamecard [[Savegames|savedata]] actual key.
| Bootrom.
| Bootrom.
| Bootrom, then later NATIVE_FIRM.
| NATIVE_FIRM.
| -
| Yes
|-
| 0x38-0x3B
| All of these keyslots use the same keyX. Keyslot 0x3B uses an unique keyY initialized by bootrom.
| Bootrom.
| Bootrom, then NATIVE_FIRM for keyslot 0x3A.
| -
| -
| Yes
| Yes
|-
|-
| 0x38
| 0x38
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| Unknown.
 
See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]].
| Bootrom.
| Bootrom.
| Bootrom.
| Bootrom.
Line 629: Line 508:
|-
|-
| 0x39
| 0x39
| See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| Unknown.
 
See [[PSPXI:EncryptDecryptAes|EncryptDecryptAes]]. NATIVE_FIRM sets this keyY to the same one used for keyslot 0x2E.
| Bootrom.
| Bootrom.
| Bootrom, then NATIVE_FIRM.
| NATIVE_FIRM.
| -
| -
| Yes
| Yes
|-
|-
| 0x3A
| 0x3A
| This keyY is initialized via [[Nand/private/movable.sed|movable.sed]]. This is used for calculating the AESMACs for SD [[DSiWare_Exports]].
| DSiWare export key.
| Bootrom.
 
| Bootrom(?), then later NATIVE_FIRM.
This keyY is initialized via [[Nand/private/movable.sed|movable.sed]]. This is used for calculating the AESMACs for SD [[DSiWare_Exports]].
| -
| Yes
|-
| 0x3B
| Unknown.
| Bootrom.
| Bootrom.
| -
| Yes
|-
| 0x3C
| Unknown. The keyX for this is unique for this keyslot. The keyY for this initialized by bootrom is the same as keyslot 0x38.
| Bootrom.
| Bootrom.
| Bootrom.
| NATIVE_FIRM.
| -
| -
| Yes
| Yes
|-
|-
| 0x3D
| 0x3D
| Common key. Used to decrypt title keys in [[Ticket]]. Used by Gateway.
| Common key.
 
Used to decrypt title keys in [[Ticket]]. Used by Gateway.
| Bootrom.
| Bootrom.
| NATIVE_FIRM.
| NATIVE_FIRM.
| -
| Yes
|-
| 0x3E
| Unknown. This keyslot uses an unique keyX/keyY.
| Bootrom.
| Bootrom.
| -
| Yes
|-
| 0x3F
| Unknown. This keyslot uses an unique keyX/keyY.
| Bootrom.
| Bootrom.
| -
| -
| Yes
| Yes
Retrieved from "https://www.3dbrew.org/wiki/AES_Registers"