Difference between revisions of "SD Filesystem"

From 3dbrew
Jump to: navigation, search
(A bit of info about the private folder on the root of the SD card, it needs more research though...)
(26 intermediate revisions by 2 users not shown)
Line 1: Line 1:
The 3DS uses an SD Card for general storage of additional game data, music and photos taken with the 3DS.
+
== Overview ==
 +
The 3DS uses an SD Card for general storage of game data, music, photos and videos taken with the 3DS.
  
  /DCIM - Photos and images downloaded with the Internet Browser.
+
  sdmc
  /Music - Music Files
+
  ├── DCIM
  /Nintendo 3DS - Game Data
+
  ├── Nintendo 3DS
 +
│  ├── <ID0>
 +
│  │  └── <ID1>
 +
│  │      ├── [[SD Savedata Backups|backups]]
 +
│  │      ├── [[Title Database|dbs]]
 +
│  │      ├── [[extdata]]
 +
│  │      ├── [[Title Data Structure|title]]
 +
│  │      └── [[DSiWare_Exports|Nintendo DSiWare]]
 +
│  └── [[SD Filesystem#Private|Private]]
 +
└── [[SD Filesystem#Other Private Data|private]]
 +
    └── Nintendo 3DS
 +
        └── app
  
/DCIM with [[3.0.0-5]] also stores .avi 3D videos from the camera title, video frames use MJPG.
 
  
== Extdata ==
+
* Everything stored under sdmc/Nintendo 3DS/<ID0>/<ID1> is encrypted with console-unique [[AES|keyslots]], files stored under [[Flash Filesystem|nand/data/<ID0>]] only use these keyslots for MACs. All CTR files under these directories use the keyslots initialized by [[nand/private/movable.sed]].
Additional game data is stored here:
+
* ID0 is the first 0x10-bytes from a SHA256 [[nand/private/movable.sed|hash]].  
: /Nintendo 3DS/<SomeID>/<SomeID>/extdata/00000000
+
* ID1 is the scrambled SD card CID from the SD card which this directory was originally created on. To generate this directory name from the original CID, first the CID is rotated 8-bits to the left. Then, each u16 is moved as described in the below table:
 
+
See the [[extdata]] page for more extdata info and the extdataIDs list.
+
 
+
All "extra data" under [[extdata]] is encrypted. Extdata can't be decrypted with the xorpad fail used for old FLASH saves. All "extra data" files can't be copied to other 3DS SD cards, they are locked to the console.
+
 
+
== import.db and title.db ==
+
These two files, introduced with the [[2.0.0-2]] update, are used to manage 3DS titles installed to the SD Card and are part of the DRM for SD Card Titles. They are encrypted with a per-console key.
+
/Nintendo 3DS/<SomeID>/<SomeID>/dbs/import.db
+
                                    /title.db
+
 
+
"'''title.db'''" - The "title.db" file (among other things perhaps), archives data about titles installed on the SD Card which includes as well as their Title ID, TMD version, file names, file sizes and file hashes(it is possible that some of this data lies in the ".cmd" file in the title's directory). This data is taken from the title's [[SD Filesystem#title|TMD]] during install, this is also why the encrypted TMD found in each title directory is redundant. Since this file controls what SD Card titles are accessible to the 3DS, it is possible to move between different versions of an SD Card title if you have the title.db and title data for each version of that specific title.
+
 
+
"'''import.db'''" - The function of the file is not well understood. It appears to be related to the download/install of titles, as in the progress of downloading titles this file will have changed but the title.db will not be modified until the title has been properly downloaded. This file doesn't contain any title specific data which the 3DS has been noted to use in relation to titles on the SD Card, even though this file is modified when titles are installed/deleted. Infact, no matter what titles you install, if you use an old copy of the "import.db" with a recent copy of the "title.db", this creates no noticeable issues.
+
 
+
Note: It is quite unlikely that the either the import.db or title.db contain the cached icon and names of installed titles. The amount of data which changes in those two file when a title installed/deleted is not sufficient to contain the size of data required for the icons and names of the application, they are most likely cached in the NAND.
+
 
+
* [https://gist.github.com/1113cbe10f124e5a2c72 Old and new import.db and title.db xored, revealing some plaintext].
+
 
+
== title ==
+
SD Card titles (3DS eShop downloads) are stored in this directory:
+
: /Nintendo 3DS/<SomeID>/<SomeID>/title/
+
 
+
And follow this directory structure:
+
/<Title ID High>/<Title ID Low>/Content/00000000.tmd
+
                                /XXXXXXXX.app
+
                                /cmd/00000001.cmd
+
/<Title ID High>/<Title ID Low>/Data/00000001.sav
+
/<Title ID High>/<Title ID Low>/00000000.ctx
+
   
+
For list of eShop titles see the [[Title list]]                         
+
                   
+
"'''00000000.tmd'''" - (file name varies depending on title version) This is the Title Metadata associated with the title, it is encrypted with a per-console key. The decrypted TMD is available on Nintendo's CDN server at "http://nus.cdn.c.shop.nintendowifi.net/ccs/download/TitleIDhere/tmd". Though CDN version of the title TMD has a certificate chain attached at the end of the TMD, so removing it will give you the 1:1 decrypted TMD. After installation the "00000000.tmd" is redundant, because important title data is extracted and imported into the [[SD Filesystem#import.db and title.db|title.db]].
+
 
+
 
+
"'''XXXXXXXX.app'''" - (There is no pattern to the file name) These files are [[NCCH]] files, where the entire file is encrypted with a per-console key. There can be more than one NCCH in this directory, as seen with .[[CCI]] files, the game executable ([[CXI]]) can be accompanied with additionally non-executable NCCH files ([[NCCH#CFA|CFA]]) such as the game manual and DLP Child containers. Determining the function of the encrypted NCCH, is done by finding the Content Index of the "XXXXXXXX.app" file in the title's TMD(see above for retrieving decrypted TMD), interpreting the Content Index is as follows:
+
  
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
Index
+
Input rotated CID u16 index
Content Type
+
Output CID u16 index
 
|-
 
|-
0000
+
6
Main Executable (.[[NCCH#CXI|CXI]])
+
0
 
|-
 
|-
0001
+
7
Home Menu Manual (.[[NCCH#CFA|CFA]])
+
1
 
|-
 
|-
0002
+
4
DLP Child Container (.[[NCCH#CFA|CFA]])
+
2
 +
|-
 +
|  5
 +
|  3
 +
|-
 +
|  2
 +
|  4
 +
|-
 +
|  3
 +
|  5
 +
|-
 +
|  0
 +
|  6
 +
|-
 +
|  1
 +
|  7
 
|}
 
|}
  
Unlike the TMD, a decrypted version of the NCCH files cannot be retrieved from Nintendo's CDN, the NCCH files do exist on Nintendo's CDN but are encrypted. Of course editing/deleting ".app" files will have an effect. Deleting/renaming the manual ".app' will cause the manual not to load when clicked on. And deleting/renaming the executable ".app" will cause the application to not load, and the 3D Banner does not show(The banner is loaded each time from the game's executable NCCH when the home menu loads, it is not cached like the icon and name).
+
'''DCIM''' - Photos and Videos taken by the [[Nintendo 3DS Camera]] application are stored in this directory. Internet Browser image downloads are stored here too.  
  
 +
Note: Playing/Recording (3D) Videos was introduced with update [[3.0.0-5]]. The 3D videos are in .avi format and the video frames use MJPG.
  
"'''00000001.cmd'''" - (file name varies depending on title version) May contain hashes, or some other kind of file authentication, as the size of the "00000001.cmd" varies with the number of files in the 'Content' directory. Also, if the "00000001.cmd" cannot be found or is edited, the title is completely non-functional.
+
'''backups''' - This directory contains SD Title Savedata backups. For more info, see [[SD Savedata Backups]].
  
 +
'''dbs''' - This contains database files relating to the titles installed on the SD Card. These files are encrypted. For more info, see [[Title Database]]
  
'''"00000001.sav"''' - This is the title's encrypted savegame. Although these saves look similar to FLASH savegames, these savegames use proper unique CTR for each AES block in the file, and the CTR properly changes for each savegame write. Renaming these savegames causes home-menu to hang while launching titles, modifying saves throws the usual checksum/hash corruption like gamecard flash saves.
+
'''title''' - Title data for titles installed to the SD Card are found here. All data in this directory is encrypted with a console-unique [[AES|keyslot]]. For a list of SD Card titles see the [[Title list]]. For more info on the title data structure see [[Title Data Structure]].
 
+
 
+
'''"00000000.ctx"''' - This file is used only while a title is being downloaded from the eShop, it is deleted after the download is completed.(Might be moved to NAND after installation is completed?)
+
  
 +
'''Nintendo DSiWare''' - DSiWare titles are [[DSiWare_Exports|exported]] here.
  
 
== Private ==
 
== Private ==
"Private" data is stored here:
+
"Private" data is stored here as cleartext:
  
 
  /Nintendo 3DS/Private/<Title ID Low>/
 
  /Nintendo 3DS/Private/<Title ID Low>/
Line 81: Line 72:
 
  00020500 - Nintendo 3DS Sound
 
  00020500 - Nintendo 3DS Sound
  
 +
Under the camera private dir is [[phtcache.bin]].
 +
When you want to install and see pictures with 3DS, rename to 8 numbers.mpo and save it on /DCIM.
 +
Under the sound private dir is: voice/XX/*.m4a. Where XX is 01-10, with sound saved as .m4a.
 +
 +
== Other Private Data ==
 +
 +
There is also a directory called "private" on the root of the SD card that contains data, in which would otherwise be completely different from what the Nintendo 3DS normally uses, but known to the application itself.
 +
 +
Some apps, such as Flipnote Studio 3D create a directory called "private" on the root of the SD Card, it contains a Nintendo 3DS directory inside it. Inside the app directory contains a directory with the game code of the application (eg. "JKZP" for Flipnote Studio 3D), then its corresponding data, as shown here:
 +
 +
/private/Nintendo 3DS/app/<Game Code>/
  
"Private" data for 3DS Sound/Camera are cleartext.
+
In this case of Flipnote Studio 3D, there are multiple files with an ID, then ending with the .kwz extension. There is also a !!.lst file as well.
Under the camera priv dir is [[phtcache.bin]], this seems to list the pictures on SD card?
+
When you want to install and see pictures with 3DS,rename to 8 numbers.mpo and save it on /DCIM .
+
Under the sound priv dir is: voice/XX/*.m4a. Where XX is 01-10, with sound saved as .m4a.
+

Revision as of 22:56, 11 August 2017

Overview

The 3DS uses an SD Card for general storage of game data, music, photos and videos taken with the 3DS.

sdmc
├── DCIM
├── Nintendo 3DS
│   ├── <ID0>
│   │   └── <ID1>
│   │       ├── backups
│   │       ├── dbs
│   │       ├── extdata
│   │       ├── title
│   │       └── Nintendo DSiWare
│   └── Private
└── private
    └── Nintendo 3DS
        └── app


  • Everything stored under sdmc/Nintendo 3DS/<ID0>/<ID1> is encrypted with console-unique keyslots, files stored under nand/data/<ID0> only use these keyslots for MACs. All CTR files under these directories use the keyslots initialized by nand/private/movable.sed.
  • ID0 is the first 0x10-bytes from a SHA256 hash.
  • ID1 is the scrambled SD card CID from the SD card which this directory was originally created on. To generate this directory name from the original CID, first the CID is rotated 8-bits to the left. Then, each u16 is moved as described in the below table:
Input rotated CID u16 index Output CID u16 index
6 0
7 1
4 2
5 3
2 4
3 5
0 6
1 7

DCIM - Photos and Videos taken by the Nintendo 3DS Camera application are stored in this directory. Internet Browser image downloads are stored here too.

Note: Playing/Recording (3D) Videos was introduced with update 3.0.0-5. The 3D videos are in .avi format and the video frames use MJPG.

backups - This directory contains SD Title Savedata backups. For more info, see SD Savedata Backups.

dbs - This contains database files relating to the titles installed on the SD Card. These files are encrypted. For more info, see Title Database

title - Title data for titles installed to the SD Card are found here. All data in this directory is encrypted with a console-unique keyslot. For a list of SD Card titles see the Title list. For more info on the title data structure see Title Data Structure.

Nintendo DSiWare - DSiWare titles are exported here.

Private

"Private" data is stored here as cleartext:

/Nintendo 3DS/Private/<Title ID Low>/
00020400 - Nintendo 3DS Camera 
00020500 - Nintendo 3DS Sound

Under the camera private dir is phtcache.bin. When you want to install and see pictures with 3DS, rename to 8 numbers.mpo and save it on /DCIM. Under the sound private dir is: voice/XX/*.m4a. Where XX is 01-10, with sound saved as .m4a.

Other Private Data

There is also a directory called "private" on the root of the SD card that contains data, in which would otherwise be completely different from what the Nintendo 3DS normally uses, but known to the application itself.

Some apps, such as Flipnote Studio 3D create a directory called "private" on the root of the SD Card, it contains a Nintendo 3DS directory inside it. Inside the app directory contains a directory with the game code of the application (eg. "JKZP" for Flipnote Studio 3D), then its corresponding data, as shown here:

/private/Nintendo 3DS/app/<Game Code>/

In this case of Flipnote Studio 3D, there are multiple files with an ID, then ending with the .kwz extension. There is also a !!.lst file as well.