3dbrew

CTCert: Difference between revisions

← Older editNewer edit →
Luigoalma (talk | contribs)
Trusted
26 edits
Found while digging the Process9 binary executable, function generating a CTCert can be found using OTP registers.
Myria (talk | contribs)
119 edits
More accurate description of ECDSA stuff
Line 16: Line 16:
| 0x04
| 0x04
| 0x3C
| 0x3C
| ECDSA Signature
| ECDSA Signature using Nintendo's private key, in big-endian.  The first 0x1E bytes are "r"; the second 0x1E bytes are "s".  The hash is SHA-256 computed over this certificate, starting at byte 0x80 ("Cert Issue ID") to the end.
|-
|-
| 0x40
| 0x40
Line 40: Line 40:
| 0x108
| 0x108
| 0x3C
| 0x3C
| ECDSA Public Key. This is two consecutive u8 arrays (each one of length 0x1E), where the first one corresponds to the ECDSA R coordinate, and the second to ECDSA S coordinate. These are in '''big''' endian.
| ECDSA Public Key of this console as a curve point in big-endian. The first 0x1E bytes are "x" of this point; the second 0x1E bytes are "y".
|-
|-
| 0x144
| 0x144
Line 47: Line 47:
|}
|}


The ECDSA public key for this cert is converted from the ECDSA private key initialized by bootrom.
The ECDSA public key for this cert is calculated from the ECDSA private key initialized by bootrom.  Boot ROM decrypts [[OTP]] and writes the private key and Nintendo's signature of this certificate to [[ITCM]]; the public key is computed from the private key.
The curve used for ECDSA is sect233r1.
The curve used for ECDSA is sect233r1.
Retrieved from "https://www.3dbrew.org/wiki/CTCert"