Difference between revisions of "OTP Registers"
(Copy over plaintext OTP info from the ITCM page.)
(→Plaintext OTP: Fix leftover from ITCM c/p.)
|Line 65:||Line 65:|
| This is the CTCert ECDSA exponent, this is byte-swapped when
| This is the CTCert ECDSA exponent, this is byte-swapped when +0x18 is >=5.
Revision as of 09:23, 3 January 2017
This region (0x10012000-0x10012100) is used as persistent storage on SoC and for passing the TWL console ID around (0x10012100-0x10012108).
Console-unique keys are derived from here. Access to this region is disabled once the ARM9 writes 0x2 to REG_SYSPROT9.
This is the console-unique data store, including CTCert etc, that ends up in ITCM at 0x01FFB800. After decryption, the first 0x90-bytes of plaintext are copied to 0x01FFB800 if hash verification passes. Refer to Memory_layout#ARM9_ITCM for what is contained in the decrypted OTP.
On FIRM versions prior to 3.0.0-X, this region was left unprotected. On versions since 3.0.0-X, this has been fixed, and the region disable is now done by Kernel9 after doing console-unique TWL keyinit, by setting bit 1 of REG_SYSPROT9. However, with the New_3DS FIRM ARM9 binary this is now done in the FIRM ARM9 binary loader, which also uses the 0x10012000 region for New 3DS key generation.
On development units (UNITINFO != 0) ARM9 uses the first 8-bytes from 0x10012000 for the TWL Console ID. This region doesn't seem to be used by NATIVE_FIRM on retail at all, besides New3DS key-generation in the ARM9-loader.
Normally Boot9 will pass plaintext_otp+0x90 to the AES keyinit function, but when hash verification fails it will pass 0x10012000(otp+0) instead.
|0x0||0x100||Console-unique data encrypted with AES-CBC. The normalkey and IV are stored in Boot9. The last 0x20-bytes of plaintext are a SHA256 hash over the first 0xE0-bytes of plaintext.|
|0x100||0x8||Before writing REG_SYSPROT9 bit1, the ARM9 copies the 8-byte TWL Console ID here. This sets the registers at 0x4004D00 for ARM7.|
|0x0||0x90||Copied into ITCM. The encrypted version of this is what New3DS-arm9loader hashes for key-generation.|
|0x0||0x4||This is always 0xDEADB00F.|
|0x4||0x4||This is the u32 DeviceId.|
|0x8||0x10||This is the fall-back keyY used for movable.sed keyY when movable.sed doesn't exist in NAND(the last two words here are used on retail for generating console-unique TWL keydata/etc). This is also used for "LocalFriendCodeSeed", etc.|
|0x19||0x1||This is the CTCert issuer type: 0 = retail "Nintendo CA - G3_NintendoCTR2prod", non-zero = dev "Nintendo CA - G3_NintendoCTR2dev".|
|0x20||0x4||This is the CTCert ECDSA exponent, this is byte-swapped when plaintext_otp+0x18 is >=5.|
|0x26||0x1E||This is the CTCert ECDSA privk.|
|0x44||0x3C||This is the CTCert ECDSA signature.|
|0x80||0x10||This is all-zero.|
|0x90||0x70||Used by Boot9 for generating the console-unique AES keyXs.|