Difference between revisions of "Savegames"

From 3dbrew
Jump to navigation Jump to search
(46 intermediate revisions by 4 users not shown)
Line 1: Line 1:
This page describes the format and encryption of savegames contained in gamecards, SD/NAND, and SD/NAND [[extdata]]. You can find savegames from various 3DS games on the [[Games]] page.
+
This page describes the format and encryption of savegames contained in gamecards, SD and NAND. You can find savegames from various 3DS games on the [[Games]] page.
  
 +
This page does not describe [[DISA and DIFF|DISA container format]], which all savegames use as wrappers.
  
=== Savegame Encryption ===
+
All data in this page is little-endian unless otherwise specified. All "unused / padding" fields can contain uninitialized data unless otherwise specified.
  
 +
== Overview ==
 +
Savegames are stored in [[DISA and DIFF|DISA container format]] (follow this link for the container format description). It forms a file system inside the inner content of the container. In this page only the inner file system format of the content is described.
 +
 +
Unlike SD and NAND savegames, gamecard savegames has additional encryption + wear leveling layer. They are described in the following sections.
 +
 +
== Gamecard savegame Encryption ==
 +
 +
=== Repeating CTR Fail ===
 
On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plain-text but on the 3DS a layer of encryption was added. This is AES-CTR, as the contents of several savegames exhibit the odd behavior that xor-ing certain parts of the savegame together will result in the plain-text appearing.
 
On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plain-text but on the 3DS a layer of encryption was added. This is AES-CTR, as the contents of several savegames exhibit the odd behavior that xor-ing certain parts of the savegame together will result in the plain-text appearing.
  
Line 10: Line 19:
 
So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
 
So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.
  
All gamecard and SD savegames are encrypted with AES-CTR. The gamecard savegame [[AES|keyslot]] keyY is unique for every region of each game. A flag stored in the [[NCSD]] determines the method used to generate this keyY. This same flag is also used for determining which CTR method is used as well. The keyY when the flag is clear is generated from data stored in the main [[NCCH#CXI|CXI]], and data retrieved from gamecard commands. When the flag is set, a hash is generated for the keyY over the data from the CXI, and an ID retrieved from a gamecard command. The base CTR for gamecard savegames is all-zero. SD savegames use a CTR where the base CTR is fixed per savegame, however the CTR doesn't repeat in the image.
+
=== Savegame keyY ===
 +
 
 +
All gamecard and SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The gamecard savegame [[AES|keyslots]]' keyY(these savegame keyslots use the hardware key-generator) is unique for each region and for each game. The [[NCSD]] partition flags determine the method used to generate this keyY. When the save [[NCSD]] flags checked by the running NATIVE_FIRM are all-zero, the system will use the repeating CTR, otherwise a proper CTR which never repeats within the image is used.
 +
 
 +
The [[AES]]-CMAC (which uses a hardware key-generator keyslot, as mentioned above) at the the beginning of the savegame must match the calculated CMAC using the DISA/DIFF data, otherwise the savegame is considered corrupted(see below).
 +
 
 +
When all of the flags checked by the running NATIVE_FIRM are clear, the keyY(original keyY method used with saves where the CTR repeats within the image) is the following:
 +
{| class="wikitable" border="1"
 +
|-
 +
!  Offset
 +
!  Size
 +
!  Description
 +
|-
 +
| 0x0
 +
| 0x8
 +
| First 8-bytes from the plaintext [[NCCH#CXI|CXI]] accessdesc signature.
 +
|-
 +
| 0x8
 +
| 0x4
 +
| u32 CardID0 from [[Gamecards|gamecard]] plaintext-mode command 0x90, Process9 reads this with the [[NTRCARD]] hw. The actual cmdID used by Process9 is different since Process9 reads it with the gamecard in encrypted-mode.
 +
|-
 +
| 0xC
 +
| 0x4
 +
| u32 CardID1 from [[Gamecards|gamecard]] plaintext-mode command 0xA0, Process9 reads this with the [[NTRCARD]] hw. The actual cmdID used by Process9 is different since Process9 reads it with the gamecard in encrypted-mode.
 +
|}
 +
 
 +
==== [[2.0.0-2]] Hashed keyY and [[2.2.0-4]] Savegame Encryption ====
 +
 
 +
When certain [[NCSD]] partition flags are set, a SHA-256 hash is calculated over the data from the CXI(same data used with the original plain keyY), and the 0x40-bytes read from a gamecard command(this 0x40-byte data is also read by [[Process_Services_PXI|GetRomId]], which is the gamecard-uniqueID). The first 0x10-bytes from this hash is used for the keyY. When flag[7] is set, the CTR will never repeat within the save image, unlike the original CTR-method. All games which had the retail NCSD image finalized after the [[2.2.0-4]] update(and contain [[2.2.0-4]]+ in the [[System Update CFA|System update partition]]), use this encryption method.
 +
 
 +
This keyY generation method was implemented with [[2.0.0-2]] via NCSD partition flag[3], however the proper CTR wasn't implemented for flag[7] until [[2.2.0-4]]. The hashed keyY flag[3] implemented with [[2.0.0-2]] was likely never used with retail gamecards.
 +
 
 +
==== [[6.0.0-11]] Savegame keyY ====
 +
 
 +
[[6.0.0-11]] implemented support for generating the savegame keyY with a new method, this method is much more complex than previous keyY methods. This is enabled via new [[NCSD]] partition flags, all retail games which have the NCSD image finalized after the [[6.0.0-11]] release(and [[6.0.0-11]]+ in the system update partition) will have these flags set for using this new method.
 +
 
 +
A SHA-256 hash is calculated over the same data used with the above hashed keyY method, after hashing the above data the following data is hashed: the CXI programID, and the ExeFS:/.code hash from the decrypted [[ExeFS]] header. An [[AES]]-CMAC (the keyslot used for this uses the hardware key-scrambler) is then calculated over this hash, the output CMAC is used for the savegame keyY.
 +
 
 +
The keyY used for calculating this AES-CMAC is initialized while NATIVE_FIRM is loading, this keyY is generated via the [[RSA]] engine. The RSA slot used here is slot0(key-data for slot0 is initialized by bootrom), this RSA slot0 key-data is overwritten during system boot. This RSA slot0 key-data gets overwritten with the RSA key-data used for verifying RSA signatures, every time Process9 verifies any RSA signatures except for [[NCCH|NCCH]] accessdesc signatures. Starting with [[7.0.0-13]] this key-init function used at boot is also used to initialize a separate keyslot used for the new [[NCCH]] encryption method.
  
With system version [[2.2.0-4]] the system can now use a different gamecard CTR method, which fixed the above flaw. With [[2.2.0-4]] the system checks a [[NCSD]] flag, when it's set the new CTR method is used, otherwise the 0x200-byte CTR period is used. All games released since [[2.2.0-4]] have this flag set. When this flag is set the CTR doesn't repeat within the image at all.
+
This [[FIRM|Process9]] key-init function first checks if a certain 0x10-byte block in the 0x01FF8000 region is all-zero. When all-zero it immediately returns, otherwise it clears that block then continues to do the key generation. This is likely for supporting launching a v6.0+ NATIVE_FIRM under this FIRM.
  
=== Wear leveling ===
+
== Gamecard wear leveling ==
  
The 3DS employs a wear leveling scheme on the savegame FLASH chips. This is done through the usage of blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.
+
The 3DS employs a wear leveling scheme on the savegame FLASH chips(only used for CARD1 gamecards). This is done through the usage of blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.
  
 
First, there are 8 bytes whose purposes are currently unknown. Then comes the actual blockmap.
 
First, there are 8 bytes whose purposes are currently unknown. Then comes the actual blockmap.
Line 58: Line 105:
 
* to calculate the checksum, a CRC16 of the block (with starting value 0xFFFF) is calculated, and the two bytes of the CRC16 are XORed together to produce the 8bit checksum
 
* to calculate the checksum, a CRC16 of the block (with starting value 0xFFFF) is calculated, and the two bytes of the CRC16 are XORed together to produce the 8bit checksum
  
=== AES MAC header ===
+
== Components and partitions ==
  
{| class="wikitable"
+
A savegame, after unwrapping the DISA container, consists of the following components:
|-
 
! Image offset
 
! Length
 
! Description
 
|-
 
| 0x00
 
| 0x10
 
| [[AES]] MAC over a 0x20-byte SHA256 hash
 
|-
 
| 0x10
 
| 0xF0
 
| Zero padding
 
|}
 
 
 
This AES MAC is used to "sign" the DISA/DIFF header. Each time the savegame is updated the hash stored in the DISA/DIFF is updated, therefore the MAC must be updated each time the save is modified as well. SHA256_Update() is used to calculate the hash with the blocks described below.
 
 
 
==== Savegame Types ====
 
{| class="wikitable"
 
|-
 
! Type
 
! Description
 
|-
 
| CTR-EXT0
 
| SD/NAND [[Extdata]]
 
|-
 
| CTR-SYS0
 
| [[System SaveData]]
 
|-
 
| CTR-NOR0
 
| Gamecard Savegames
 
|-
 
| CTR-SAV0
 
| Savegames
 
|-
 
| CTR-SIGN
 
| SD Savegames
 
|-
 
| CTR-9DB0
 
| ?
 
|}
 
 
 
==== Extdata SHA256 Blocks ====
 
{| class="wikitable"
 
|-
 
! Block Size
 
! Description
 
|-
 
| 0x8
 
| Savegame type
 
|-
 
| 0x8
 
| First word is the hex ID from image filename, second word is the hex ID of the sub-dir under the <ExtdataIDLow> directory (all-zero for Quota.dat)
 
|-
 
| 0x4
 
| 1 for Quota.dat, 0 otherwise
 
|-
 
| 0x8
 
| Same as the previous u64
 
|-
 
| 0x100
 
| DIFF header
 
|}
 
  
 +
* SAVE header
 +
* directory hash table
 +
* file hash table
 +
* file allocation table
 +
* directory entry table
 +
* file entry table
 +
* data region
  
==== System SaveData SHA256 Blocks ====
+
A DISA container can have one or two partitions, and correspondingly a savegame has two possible layouts. The layout is determined by the parameter <code>duplicate data</code> passed in [[FS:FormatSaveData]] or [[FS:CreateSystemSaveData]].
{| class="wikitable"
 
|-
 
! Block Size
 
! Description
 
|-
 
| 0x8
 
| Savegame type
 
|-
 
| 0x8
 
| [[FS:OpenFile|SaveID]]
 
|-
 
| 0x100
 
| DISA header
 
|}
 
  
==== CTR-NOR0 SHA256 Blocks ====
+
=== Layout for <code>duplicate data = true</code> ===
{| class="wikitable"
 
|-
 
! Block Size
 
! Description
 
|-
 
| 0x8
 
| Savegame type
 
|-
 
| 0x100
 
| DISA header
 
|}
 
  
==== CTR-SAV0 SHA256 Blocks ====
+
The DISA container only has one partition which is always configured as external IVFC level 4 disabled (see [[DISA and DIFF|DISA format for details]]). All components are stored in this partition as
{| class="wikitable"
 
|-
 
! Block Size
 
! Description
 
|-
 
| 0x8
 
| Savegame type
 
|-
 
|  
 
| Input data, for gamecard savegames this is the output SHA-256 hash from CTR-NOR0.
 
|}
 
  
For gamecard savegames the output hash from this is used with the MAC. This save-type is also used for SD savegames, for SD saves the input data is the 0x100-byte DISA header. For SD savegames, the calculated output hash is used with CTR-SIGN.
+
* SAVE header at the beginning
 +
* directory hash table
 +
* file hash table
 +
* file allocation table
 +
* data region
 +
** directory entry table is allocated inside data region
 +
** file entry table as well
 +
** all file data is also allocated here
  
==== CTR-SIGN SHA256 Blocks ====
+
In this layout, all data is duplicated by DISA's DPFS tree, which is what the parameter <code>duplicate data</code> implies.
{| class="wikitable"
 
|-
 
! Block Size
 
! Description
 
|-
 
| 0x8
 
| Savegame type
 
|-
 
| 0x8
 
| ProgramID/SaveID
 
|-
 
| 0x20
 
| SHA-256 hash from CTR-SAV0
 
|}
 
This is used for SD savegames, the calculated hash from this is used with the MAC.
 
  
==== CTR-9DB0 SHA256 Blocks ====
+
=== Layout for <code>duplicate data = false</code> ===
{| class="wikitable"
 
|-
 
! Block Size
 
! Description
 
|-
 
| 0x8
 
| Savegame type
 
|-
 
| 0x4
 
| ID
 
|-
 
| 0x100
 
| DIFF header
 
|}
 
  
This is used for unknown extdata images.
+
The DISA container has two partitions. Partition A is always configured as external IVFC level 4 disabled, and partition B is configured as it enabled. Components are stored among the two partitions as
  
=== Partitions ===
+
* Partition A
 +
** SAVE header at the beginning.
 +
** directory hash table
 +
** file hash table
 +
** file allocation table
 +
** directory entry table
 +
** file entry table
 +
* Partition B
 +
** used as data region entirely, and only has file data allocated.
  
There can be multiple partitions in the image.
+
In this layout, all file system metadata is duplicated by partition A DPFS tree, but file data is not as partition B has external IVFC level 4.
The partitions are represented by tables of DIFI blobs inside a DISA/DIFF structure.
 
The order of the DIFI blobs is the order of the partitions in the image.
 
  
==== DISA ====
+
=== SAVE Header ===
  
* This is located @ 0x100 in the image, following the MAC header.
+
The SAVE header defines the rest components of the savegame. All &quot;offsets&quot; in the table below are relative to the beginning of partition A (inner content), while all &quot;starting block index&quot; are relative to the beginning of data region.
* If the uint32 @ 0x68 in the DISA(the low 8-bits) is non-zero, then the secondary table is is used, otherwise the primary table is used.
 
* If the table has more then 1 DIFI then the uint32 @ 0x168 is the offset from the DATA partition to the file base (masked with 0xFFFFFFFE).
 
  
{| class="wikitable"
+
{| class="wikitable" border="1"
|-
+
! Offset
! Start
 
 
! Length
 
! Length
 
! Description
 
! Description
Line 224: Line 161:
 
| 0x00
 
| 0x00
 
| 4
 
| 4
| Magic ("DISA")
+
| Magic &quot;SAVE&quot;
 
|-
 
|-
 
| 0x04
 
| 0x04
 
| 4
 
| 4
| Magic Number (0x40000)
+
| Magic 0x40000
 
|-
 
|-
 
| 0x08
 
| 0x08
 
| 8
 
| 8
| Total partition entries in a table
+
| File system Information offset (0x20)
 
|-
 
|-
 
| 0x10
 
| 0x10
 
| 8
 
| 8
| Offset to secondary partition table
+
| Image size in blocks
 
|-
 
|-
 
| 0x18
 
| 0x18
| 8
+
| 4
| Offset to primary partition table
+
| Image block size
 +
|-
 +
| 0x1C
 +
| 4
 +
| Padding
 +
|-
 +
|
 +
 
 +
|
 +
 
 +
| Below is File system Information
 
|-
 
|-
 
| 0x20
 
| 0x20
| 8
+
| 4
| Partition table size
+
| Unknown
 +
|-
 +
| 0x24
 +
| 4
 +
| Data region block size
 
|-
 
|-
 
| 0x28
 
| 0x28
 
| 8
 
| 8
| SAVE Partition entry offset in the partition table
+
| Directory hash table offset
 
|-
 
|-
 
| 0x30
 
| 0x30
| 8
+
| 4
| SAVE Partition entry length in the partition table
+
| Directory hash table bucket count
 +
|-
 +
| 0x34
 +
| 4
 +
| Padding
 
|-
 
|-
 
| 0x38
 
| 0x38
 
| 8
 
| 8
| DATA Partition entry offset in the partition table
+
| File hash table offset
 
|-
 
|-
 
| 0x40
 
| 0x40
| 8
+
| 4
| DATA Partition entry length in the partition table
+
| File hash table bucket count
 +
|-
 +
| 0x44
 +
| 4
 +
| Padding
 
|-
 
|-
 
| 0x48
 
| 0x48
 
| 8
 
| 8
| SAVE Partition offset
+
| File allocation table offset
 
|-
 
|-
 
| 0x50
 
| 0x50
| 8
+
| 4
| SAVE Partition length
+
| File allocation table entry count
 +
|-
 +
| 0x54
 +
| 4
 +
| Padding
 
|-
 
|-
 
| 0x58
 
| 0x58
 
| 8
 
| 8
| DATA Partition offset
+
| Data region offset (if no partition B)
 
|-
 
|-
 
| 0x60
 
| 0x60
| 8
+
| 4
| DATA Partition length
+
| Data region block count (= File allocation table entry count)
 
|-
 
|-
| 0x68
+
| 0x64
 
| 4
 
| 4
| Active table (and the offset to the filebase)
+
| Padding
 
|-
 
|-
| 0x6C
+
| 0x68
| 0x20
+
| 8
| Hash from active table
+
| If partition B exists: directory entry table offset;
 
|-
 
|-
| 0x8C
+
|
| 0x74
 
| Reserved
 
|}
 
 
 
* The hash in the DISA hashes the Active Table (starting from tables's offset to tables's offset + table length) with SHA256.
 
* The partition offsets are absolute offsets in the image.
 
* The SAVE partition offset is usually 0x1000. The SAVE/DATA partitions begins with the DPFS partitions, the relative offset for the IVFC partition data is specified by the DPFS header.
 
 
 
The DIFIs table at offset 0x200 in the image has 2 DIFIs when the DATA partition isn't used, 4 DIFIs otherwise. Each partition table contains the SAVE DIFI entry and optionally the DATA entry. The secondary partition table is located at offset 0x200 in the image, and the primary table follows the secondary table.
 
 
 
The non-active table is for backup.
 
  
==== DIFF ====
+
|
  
* This is the [[extdata]] equivalent of DISA, for extdata which use FS. DIFF is only used for extdata.
+
| otherwise: u32 directory entry table starting block index + u32 directory entry table block count
* When the active-table field low 8-bits is non-zero, the secondary partition is used. Otherwise, the primary partition is used.
 
 
 
{| class="wikitable"
 
 
|-
 
|-
! Start
+
| 0x70
! Length
 
! Description
 
|-
 
| 0x00
 
 
| 4
 
| 4
| Magic ("DIFF")
+
| Maximum directory count
 
|-
 
|-
| 0x04
+
| 0x74
 
| 4
 
| 4
| Magic Number (0x30000)
+
| Padding
 
|-
 
|-
| 0x08
+
| 0x78
 
| 8
 
| 8
| Secondary partition table offset
+
| If partition B exists: file entry table offset;
 
|-
 
|-
| 0x10
+
|
| 8
+
 
| Primary partition table offset
+
|
 +
 
 +
| otherwise: u32 file entry table starting block index + u32 file entry table block count
 
|-
 
|-
| 0x18
+
| 0x80
| 8
+
| 4
| Partition table length
+
| Maximum file count
 
|-
 
|-
| 0x20
+
| 0x84
| 8
 
| Active table (and the offset to the filebase)
 
|-
 
| 0x28
 
| 8
 
| File Base Size
 
|-
 
| 0x30
 
 
| 4
 
| 4
| Reserved0
+
| Padding
|-
 
| 0x34
 
| 0x20
 
| Hash of the active partition table
 
|-
 
| 0x54
 
| 0xAC
 
| Reserved1
 
 
|}
 
|}
  
==== DIFI ====
+
* The file/directory bucket count &amp; maximum count are specified by the parameters of [[FS:FormatSaveData]] or [[FS:CreateSystemSaveData]].
 +
* When partition B doesn't exist, directory &amp; file entry tables are allocated in the data region, and while be marked allocated in file allocation table as if they are two normal files. However, only continuous allocation has been observed, so directly reading <code>block_count * block_size</code> bytes from <code>data_region + starting_block_index * block_size</code> should be safe. See the section [[#File Allocation Table]] below for more information.
  
These 0x12C-byte blobs describe the partitions. Following each partition is an unused 0xFFFFFFFF cleartext word in the raw image. Every DIFI blob describes a partition. Partitions are catted together, so after the end of one partition is the beginning of the next.
+
=== Directory Entry Table ===
  
For most games there's only 1 partition (The SAVE partition) and some (like Asphalt 3D, Steel Diver & Lego Star Wars III) has 2 partitions.
+
The directory entry table is an array of the entry type shown below. It describes the directory hierarchy of the file system.
  
* 2 Partitions means that the files inside the SAVE partition is on the DATA partition.
+
{| class="wikitable" border="1"
* The DISA/DIFF headers support a maximum of 2 partitions.
+
! Offset
 
 
{| class="wikitable"
 
|-
 
! Start
 
 
! Length
 
! Length
 
! Description
 
! Description
Line 368: Line 296:
 
| 0x00
 
| 0x00
 
| 4
 
| 4
| Magic ("DIFI")
+
| Parent directory index. 0 for root
 
|-
 
|-
 
| 0x04
 
| 0x04
 +
| 16
 +
| ASCII directory name in. All zero for root
 +
|-
 +
| 0x14
 
| 4
 
| 4
| Magic Number (0x10000)
+
| Next sibling directory index. 0 if this is the last one
 
|-
 
|-
| 0x08
+
| 0x18
| 8
+
| 4
| Offset to "IVFC" blob in DIFI (Always 0x44)
+
| First subdirectory index. 0 if not exists
 
|-
 
|-
| 0x10
+
| 0x1C
| 8
+
| 4
| Size of "IVFC" blob
+
| First file index in file entry table. 0 for empty directory
|-
 
| 0x18
 
| 8
 
| Offset to "DPFS" blob in DIFI (Always 0xBC)
 
 
|-
 
|-
 
| 0x20
 
| 0x20
| 8
+
| 4
| Size of "DPFS" blob
+
| Padding / zero?
 
|-
 
|-
| 0x28
+
| 0x24
| 8
 
| Offset to the hash in DIFI (Always 0x10C)
 
|-
 
| 0x30
 
| 8
 
| Size of this hash
 
|-
 
| 0x38
 
 
| 4
 
| 4
| Flags (when this byte is non-zero, this is a DATA partition)
+
| Index of the next directory in the same hash table bucket. 0 if this is the last one
|-
 
| 0x3C
 
| 8
 
| File base offset (for DATA partitions)
 
 
|}
 
|}
  
==== IVFC ====
+
There are also some dummy entries in the array:
  
{| class="wikitable"
+
{| class="wikitable" border="1"
|-
+
! Offset
! Start
 
 
! Length
 
! Length
 
! Description
 
! Description
Line 417: Line 332:
 
| 0x00
 
| 0x00
 
| 4
 
| 4
| Magic ("IVFC")
+
| Current Total entry count
 
|-
 
|-
 
| 0x04
 
| 0x04
 
| 4
 
| 4
| Magic Number (0x20000)
+
| Maximum entry count = maximum directory count + 2
 
|-
 
|-
 
| 0x08
 
| 0x08
| 0x8
+
| 28
| Master hash size
+
| Padding / All zero
|-
 
| 0x10
 
| 0x8
 
| Level 1 relative offset
 
|-
 
| 0x18
 
| 0x8
 
| Level 1 hashdata size
 
|-
 
| 0x20
 
| 0x4
 
| Level 1 block size, in log2
 
 
|-
 
|-
 
| 0x24
 
| 0x24
| 0x4
+
| 4
| Reserved
+
| Index of the next dummy entry. 0 if this is the last one
|-
 
| 0x28
 
| 0x8
 
| Level 2 relative offset
 
|-
 
| 0x30
 
| 0x8
 
| Level 2 hashdata size
 
|-
 
| 0x38
 
| 0x4
 
| Level 2 block size, in log2.
 
|-
 
| 0x3C
 
| 0x4
 
| Reserved
 
|-
 
| 0x40
 
| 0x8
 
| Level 3 relative offset
 
|-
 
| 0x48
 
| 0x8
 
| Level 3 hashdata size
 
|-
 
| 0x50
 
| 0x4
 
| Level 3 block size, in log2.
 
|-
 
| 0x54
 
| 0x4
 
| Reserved
 
|-
 
| 0x58
 
| 8
 
| Level 4 filesystem relative offset
 
|-
 
| 0x60
 
| 8
 
| Level 4 filesystem size
 
|-
 
| 0x68
 
| 8
 
| Level 4 filesystem block size, in log2.
 
|-
 
| 0x70
 
| 8
 
| Unknown (usually 0x78=120)
 
|-
 
 
|}
 
|}
  
* This savegame IVFC is almost identical to the [[RomFS]] IVFC, except for the additional filesystem level. Exactly like RomFS, each level except level4 is a hash-table where each hash entry hashes the data in the next level, padded to the log2 block size.
+
The 0-th entry of the array is always a dummy entry, which functions as the head of the dummy entry linked list. The 1-st entry of the array is always the root. Therefore maximum entry count is two more than maximum directory count. Dummy entries are left there when deleting directories, and reserved for future use.
 +
 
 +
=== File Entry Table ===
  
==== DPFS ====
+
The file entry table is an array of the entry type shown below. It contains information for each file.
  
{| class="wikitable"
+
{| class="wikitable" border="1"
|-
+
! Offset
! Start
 
 
! Length
 
! Length
 
! Description
 
! Description
Line 505: Line 360:
 
| 0x00
 
| 0x00
 
| 4
 
| 4
| Magic ("DPFS")
+
| Parent directory index in directory entry table
 
|-
 
|-
 
| 0x04
 
| 0x04
 +
| 16
 +
| ASCII file name
 +
|-
 +
| 0x14
 
| 4
 
| 4
| Magic Number (0x10000)
+
| Next sibling file index. 0 if this is the last one
 
|-
 
|-
| 0x08
+
| 0x18
| 8
+
| 4
| Offset to first table
+
| Padding
 
|-
 
|-
| 0x10
+
| 0x1C
| 8
+
| 4
| First table length
+
| First block index in data region. 0x80000000 if the file is just created and has no data.
|-
 
| 0x18
 
| 8
 
| First table block size (1<<value)
 
 
|-
 
|-
 
| 0x20
 
| 0x20
 
| 8
 
| 8
| Offset to second table
+
| File Size
 
|-
 
|-
 
| 0x28
 
| 0x28
| 8
+
| 4
| Second table length
+
| Padding?
 
|-
 
|-
| 0x30
+
| 0x2C
| 8
+
| 4
| Second table block size (1<<value)
+
| Index of the next file in the same hash table bucket. 0 if this is the last one
 +
|}
 +
 
 +
Like directory entry table, file entry table also has some dummy entries:
 +
 
 +
{| class="wikitable" border="1"
 +
! Offset
 +
! Length
 +
! Description
 
|-
 
|-
| 0x38
+
| 0x00
| 8
+
| 4
| IVFC partition offset
+
| Current total entry count
 
|-
 
|-
| 0x40
+
| 0x04
| 8
+
| 4
| IVFC partition size
+
| Maximum entry count = maximum file count + 1
 
|-
 
|-
| 0x48
+
| 0x08
| 8
+
| 36
| IVFC partition block size (1<<value)
+
| Padding / All zero
 
|-
 
|-
 +
| 0x2C
 +
| 4
 +
| Index of the next dummy entry. 0 if this is the last one
 
|}
 
|}
  
* Every block this table point to is written twice (concatenated). You can see that the offset to the next block is twice the length (except the data which always begin after 0x1000).
+
The 0-th entry of the array is always a dummy entry, which functions as the head of the dummy entry linked list. Therefore maximum entry count is one more than maximum file count. Dummy entries are left there when deleting files, and reserved for future use.
* The offsets contained in the DPFS and IVFC are relative to the partition offset in the DISA/DIFF. The offsets from the IVFC are additionally added with the IVFC partition offset from the DPFS.
 
  
The first partition's data usually starts at 0x2000. First comes the hashtable (usually start @ 0x40 into the partition) and then the filesystem.
+
=== Directory Hash Table &amp; File Hash Table ===
  
The hashtable entries' size is 2^x where x is the 'Filesystem block size' from the IVFC block.
+
This is a u32 array of size = bucket count, each of which is an index to the directory / file entry table. The directory / file name is hashed and its entry index is put to the corresponding bucket. If there is already a directory/file entry in the bucket, then it appends to the linked list formed by <code>Index of the next directory/file in the same hash table bucket</code> field in the directory/file entry table. i.e. this is a hash table using separate chaining with linked lists
  
'''DIFI Hash'''
+
The hash function takes the parent index and the name as key. The function is equivalent to
  
The last 0x20-bytes of the partition following the DIFI, IVFC and DPFS is a SHA256 hash. The offset to this hash is stored in the DIFI. This hashes the IVFC level 1, with the buffer which is hashed aligned to the IVFC level 1 log2 block-size.
+
<pre>uint32_t GetBucket(
 
+
    char name[16], // takes all 16 bytes including trailing zeros
'''Summary Drawing'''
+
    uint32_t parent_dir_index,
 
+
    uint32_t bucket_count
[[File:Sfimg_drawing.png]]
+
) {
 
+
    uint32_t hash = parent_dir_index ^ 0x091A2B3C;
==== The SAVE partition ====
+
    for (int i = 0; i &lt; 4; ++i) {
 
+
        hash = (hash &gt;&gt; 1) | (hash &lt;&lt; 31);
* The SAVE filesystem works with a backup. There are two SAVE blocks inside the partition concatenated. Which SAVE block is the updated one is unknown yet.. (I'm guessing from experience that (image[0x100B] & 0x20) == 0x20 --> 1st SAVE --[[User:Elisherer|Elisherer]] 01:30, 18 October 2011 (CEST))
+
        hash ^= (uint32_t)name[i * 4]
 
+
        hash ^= (uint32_t)name[i * 4 + 1] &lt;&lt; 8
'''Finding the folders table:'''
+
        hash ^= (uint32_t)name[i * 4 + 2] &lt;&lt; 16
* If DATA partition exists: At folder table exact offset from the SAVE struct (from the beginning of the struct).
+
        hash ^= (uint32_t)name[i * 4 + 3] &lt;&lt; 24
* Otherwise: The 'folder table offset' * 'folder table media' (=0x200) from the 'filestore offset'. (usually 0 from filebase)
+
    }
 
+
    return hash % bucket_count;
'''Finding the files table:'''
+
}
* If DATA partition exists: At file table exact offset from the SAVE struct (from the beginning of the struct).
 
* Otherwise: The 'file table offset' * 'file table media' (=0x200) from the 'filestore offset'.
 
 
 
'''Detemining the filestore base:'''
 
* If DATA partition exists: At file base from the DATA's DIFI struct into the DATA partition.
 
* Otherwise: At the 'filestore offset' from the beginning of the SAVE struct.
 
 
 
Folder's entry structure:
 
<pre>
 
struct folder_entry {
 
    u32 parent_folder_index;
 
    u8  filename[0x10];
 
    u32 folder_index;
 
    u32 unk1;
 
    u32 last_file_index;
 
    u32 unk3;
 
    u32 unk4;
 
}
 
</pre>
 
 
 
File's entry structure:
 
<pre>
 
struct file_entry {
 
    u32 parent_folder_index;
 
    u8  filename[0x10];
 
    u32 index;
 
    u32 unk1; // magic?
 
    u32 block_offset;
 
    u64 file_size;
 
    u32 unk2; // flags?
 
    u32 unk3;
 
}
 
 
</pre>
 
</pre>
 +
=== File Allocation Table ===
  
The first entry in both tables is the count of the table, the parent directory index will be the amount of table rows. The root includes itself, so there are the amount - 1 (minus one) folders in the root directory (or files). The entries that follow after the root are the actual folders/files.
+
The file allocation table is an array of a 8-byte entry shown below. The array size is actually ''one larger than'' the size recorded in the SAVE header. Each entry corresponds to a block in the data region (the block size is defined in SAVE header). However, the 0th entry corresponds to nothing, so the corresponding block index is off by one. e.g. entry 31 in this table corresponds to block 30 in the data region.
 
 
Reading the files out is as simple as taking the file base offset and adding (block_offset * 0x200) to it.
 
 
 
Here's a follow-up example from the Legend of Zelda: Ocarina of Time 3D:
 
<pre>
 
//FST entry = SAVE base + File base + (FST offset * 0x200) + (FST entry # * 0x30)
 
//0x2600    = 0x2000    + 0x400    + (0x1        * 0x200) + (0x0        * 0x30)
 
 
 
00002600: 03000000 09000000 00000000 00000000  ................
 
00002610: 00000000 00000000 00000000 00000000  ................
 
00002620: 00000000 00000000 00000000 00000000  ................
 
00002630: 01000000 73797374 656D2E64 61740000  ....system.dat..
 
00002640: 00000000 00000000 D57B1100 02000000  ........Õ{......
 
00002650: 22000000 00000000 E8121500 00000000  ".......è.......
 
00002660: 01000000 73617665 30302E62 696E0000  ....save00.bin..
 
00002670: 00000000 01000000 69921100 03000000  ........i’......
 
00002680: DC140000 00000000 04000000 00000000  Ü...............
 
</pre>
 
  
{| class="wikitable"
+
{| class="wikitable" border="1"
|-
+
! Offset
! Start
 
 
! Length
 
! Length
 
! Description
 
! Description
Line 635: Line 450:
 
| 0x00
 
| 0x00
 
| 4
 
| 4
| Magic ("SAVE")
+
| bit[0:30]: Index U; bit[31]: Flag U
 
|-
 
|-
 
| 0x04
 
| 0x04
 
| 4
 
| 4
| Magic Number (0x40000)
+
| bit[0:30]: Index V; bit[31]: Flag V
|-
 
| 0x08
 
| 8
 
| Offset to data in this SAVE header(normally 0x20)
 
|-
 
| 0x10
 
| 8
 
| Partition Size [medias]
 
|-
 
| 0x18
 
| 4
 
| Partition Media Size
 
|-
 
| 0x1C
 
| 8
 
| Unknown
 
|-
 
| 0x24
 
| 4
 
| Unknown
 
|-
 
| 0x28
 
| 8
 
| FolderMap Offset
 
|-
 
| 0x30
 
| 4
 
| FolderMap Size
 
|-
 
| 0x34
 
| 4
 
| FolderMap Media Size
 
|-
 
| 0x38
 
| 8
 
| FileMap Offset
 
|-
 
| 0x40
 
| 4
 
| FileMap Size
 
|-
 
| 0x44
 
| 4
 
| FileMap Media Size
 
|-
 
| 0x48
 
| 8
 
| BlockMap Offset
 
|-
 
| 0x50
 
| 4
 
| BlockMap Size
 
|-
 
| 0x54
 
| 4
 
| BlockMap Media Size
 
|-
 
| 0x58
 
| 8
 
| File store offset (from SAVE)
 
|-
 
| 0x60
 
| 4
 
| File store length [medias]
 
|-
 
| 0x64
 
| 4
 
| File store media size
 
|-
 
| 0x68
 
| 4/8
 
| Folders Table offset (8 bytes in DATA)
 
|-
 
| 0x6C
 
| 4
 
| Folders Table Length (medias) (Only in no DATA)
 
|-
 
| 0x70
 
| 4
 
| Folders Table unknown
 
|-
 
| 0x74
 
| 4
 
| Folders Table Media size
 
|-
 
| 0x78
 
| 4/8
 
| Files Table offset (8 bytes in DATA)
 
|-
 
| 0x7C
 
| 4
 
| Files Table Length (medias) (Only in no DATA)
 
|-
 
| 0x80
 
| 4
 
| Files Table unknown
 
|-
 
| 0x84
 
| 4
 
| Files Table Media size
 
|-
 
 
|}
 
|}
  
* The FolderMap and FileMap still unknown. They are tables of uint32.
+
Entries in this table forms several chains, representing how blocks in the data region should be linked together. However, unlike normal FAT systems, which uses chains of entries, 3DS savegames use chain of ''nodes''. Each node spans one or multiple entries.
* The BlockMap is a map of the blocks in the filestore. An entry in the BlockMap is 2 uint32: {uint32 start_block; uint32 end_block; }. This is still being researched. (You can use [[3DSExplorer]] to see those maps.
 
  
'''Summary Drawing'''
+
One node spanning <code>n</code> entries starting from <code>FAT[k]</code> is in the following format:
  
[[File:Sfsave_drawing.png]]
+
<pre>FAT[k + 0]:
 +
    Index_U = index of the first entry of the previous node. 0 if this is the first node.
 +
    Index_V = index of the first entry of the next node. 0 if this is the last node.
 +
    Flag_U set if this is the first node.
 +
    Flag_V set if this node has multiple entries.
  
=== Initialization ===
+
FAT[k + 1]:
 +
    Index_U = k (the first entry index of this node)
 +
    Index_V = k + n - 1 (the last entry index of this node)
 +
    Flag_U always set
 +
    Flag_V always clear
 +
 
 +
FAT[k + 2] ~ FAT[k + n - 2]:
 +
    All these entries are uninitialized
 +
 
 +
FAT[k + n - 1]:
 +
    Index_U = k
 +
    Index_V = k + n - 1
 +
    Flag_U always set
 +
    Flag_V always clear
 +
    (Same values as FAT[k + 1])
 +
</pre>
 +
* Note: all indices above are entry indices (block index + 1)
 +
 
 +
All free blocks that are not allocated to any files also form a node chain in the allocation table. The head index of this &quot;free chain&quot; is recorded in <code>FAT[0].Index_V</code>. Other fields of <code>FAT[0]</code> are all zero
 +
 
 +
Here is an example: [https://raw.githubusercontent.com/wwylele/3ds-save-tool/master/disa-fat.png]
 +
 
 +
== Initialization ==
  
 
When a save FLASH contains all xFFFF blocks it's assumed uninitialized by the game cartridges and it initializes default data in place, without prompting the user. The 0xFFFFFFFF blocks are uninitialized data. When creating a non-gamecard savegame and other images/files, it's initially all 0xFFFFFFFF until it's formatted where some of the blocks are overwritten with encrypted data.
 
When a save FLASH contains all xFFFF blocks it's assumed uninitialized by the game cartridges and it initializes default data in place, without prompting the user. The 0xFFFFFFFF blocks are uninitialized data. When creating a non-gamecard savegame and other images/files, it's initially all 0xFFFFFFFF until it's formatted where some of the blocks are overwritten with encrypted data.
Line 756: Line 495:
 
I got a new game SplinterCell3D-Pal and I downloaded the save and it was 128KB of 0xFF, except the first 0x10 bytes which were the letter 'Z' (uppercase) --[[User:Elisherer|Elisherer]] 22:41, 15 October 2011 (CEST)
 
I got a new game SplinterCell3D-Pal and I downloaded the save and it was 128KB of 0xFF, except the first 0x10 bytes which were the letter 'Z' (uppercase) --[[User:Elisherer|Elisherer]] 22:41, 15 October 2011 (CEST)
  
=== Fun Facts ===
+
== Fun Facts ==
  
 
If you have facts that you found out by looking at the binary files please share them here:
 
If you have facts that you found out by looking at the binary files please share them here:
Line 762: Line 501:
 
* From one save to another the game backups the last files that were in the partition and the entire image header in "random" locations.. --[[User:Elisherer|Elisherer]] 22:41, 15 October 2011 (CEST)
 
* From one save to another the game backups the last files that were in the partition and the entire image header in "random" locations.. --[[User:Elisherer|Elisherer]] 22:41, 15 October 2011 (CEST)
  
=== Tools ===
+
== Tools ==
  
* [https://github.com/3dshax/3ds/tree/master/3dsfuse 3dsfuse] supports reading and modifying savegames. In the mounted FUSE filesystem, the /output.sav is the raw FLASH save-image. When the save was modified, a separate tool to update the MAC must be used with /clean.sav, prior to writing output.sav to a gamecard.
+
* [https://github.com/3dshax/3ds/tree/master/3dsfuse 3dsfuse] supports reading and modifying savegames. In the mounted FUSE filesystem, the /output.sav is the raw FLASH save-image. When the save was modified, a separate tool to update the CMAC must be used with /clean.sav, prior to writing output.sav to a gamecard.
 
* [[3DSExplorer]] supports reading of savegames, it doesn't support reading the new encrypted savegames and maybe in the future it will support modifying (some of the modyfing code is already implemented).
 
* [[3DSExplorer]] supports reading of savegames, it doesn't support reading the new encrypted savegames and maybe in the future it will support modifying (some of the modyfing code is already implemented).
 +
* [https://github.com/wwylele/3ds-save-tool wwylele's 3ds-save-tool] supports extracting files from savegames and extdata. It properly reconstructs data from the DPFS tree and extracts files in directories hierarchy.
 +
* [https://github.com/wwylele/3dsfuse-ex 3dsfuse-ex] similar to 3dsfuse, but supports savegame inner FS, proper DPFS handling, and automatic CMAC update. Still WIP.
 +
 
[[セーブデータ|Japanese]]
 
[[セーブデータ|Japanese]]

Revision as of 23:05, 29 October 2018

This page describes the format and encryption of savegames contained in gamecards, SD and NAND. You can find savegames from various 3DS games on the Games page.

This page does not describe DISA container format, which all savegames use as wrappers.

All data in this page is little-endian unless otherwise specified. All "unused / padding" fields can contain uninitialized data unless otherwise specified.

Overview

Savegames are stored in DISA container format (follow this link for the container format description). It forms a file system inside the inner content of the container. In this page only the inner file system format of the content is described.

Unlike SD and NAND savegames, gamecard savegames has additional encryption + wear leveling layer. They are described in the following sections.

Gamecard savegame Encryption

Repeating CTR Fail

On the 3DS savegames are stored much like on the DS, that is on a FLASH chip in the gamecart. On the DS these savegames were stored in plain-text but on the 3DS a layer of encryption was added. This is AES-CTR, as the contents of several savegames exhibit the odd behavior that xor-ing certain parts of the savegame together will result in the plain-text appearing.

The reason this works is because the stream cipher used has a period of 512 bytes. That is to say, it will repeat the same keystream after 512 bytes. The way you encrypt with a stream cipher is you XOR your data with the keystream as it is produced. Unfortunately, if your streamcipher repeats and you are encrypting a known plain-text (in our case, zeros) you are basically giving away your valuable keystream.

So how do you use this to decrypt a savegame on a 3DS? First off, you chunk up the savegame into 512 byte chunks. Then, you bin these chunks by their contents, discarding any that contain only FF. Now look for the most common chunk. This is your keystream. Now XOR the keystream with your original savegame and you should have a fully decrypted savegame. XOR with the keystream again to produce an encrypted savegame.

Savegame keyY

All gamecard and SD savegames are encrypted with AES-CTR. The base CTR for gamecard savegames is all-zero. The gamecard savegame keyslots' keyY(these savegame keyslots use the hardware key-generator) is unique for each region and for each game. The NCSD partition flags determine the method used to generate this keyY. When the save NCSD flags checked by the running NATIVE_FIRM are all-zero, the system will use the repeating CTR, otherwise a proper CTR which never repeats within the image is used.

The AES-CMAC (which uses a hardware key-generator keyslot, as mentioned above) at the the beginning of the savegame must match the calculated CMAC using the DISA/DIFF data, otherwise the savegame is considered corrupted(see below).

When all of the flags checked by the running NATIVE_FIRM are clear, the keyY(original keyY method used with saves where the CTR repeats within the image) is the following:

Offset Size Description
0x0 0x8 First 8-bytes from the plaintext CXI accessdesc signature.
0x8 0x4 u32 CardID0 from gamecard plaintext-mode command 0x90, Process9 reads this with the NTRCARD hw. The actual cmdID used by Process9 is different since Process9 reads it with the gamecard in encrypted-mode.
0xC 0x4 u32 CardID1 from gamecard plaintext-mode command 0xA0, Process9 reads this with the NTRCARD hw. The actual cmdID used by Process9 is different since Process9 reads it with the gamecard in encrypted-mode.

2.0.0-2 Hashed keyY and 2.2.0-4 Savegame Encryption

When certain NCSD partition flags are set, a SHA-256 hash is calculated over the data from the CXI(same data used with the original plain keyY), and the 0x40-bytes read from a gamecard command(this 0x40-byte data is also read by GetRomId, which is the gamecard-uniqueID). The first 0x10-bytes from this hash is used for the keyY. When flag[7] is set, the CTR will never repeat within the save image, unlike the original CTR-method. All games which had the retail NCSD image finalized after the 2.2.0-4 update(and contain 2.2.0-4+ in the System update partition), use this encryption method.

This keyY generation method was implemented with 2.0.0-2 via NCSD partition flag[3], however the proper CTR wasn't implemented for flag[7] until 2.2.0-4. The hashed keyY flag[3] implemented with 2.0.0-2 was likely never used with retail gamecards.

6.0.0-11 Savegame keyY

6.0.0-11 implemented support for generating the savegame keyY with a new method, this method is much more complex than previous keyY methods. This is enabled via new NCSD partition flags, all retail games which have the NCSD image finalized after the 6.0.0-11 release(and 6.0.0-11+ in the system update partition) will have these flags set for using this new method.

A SHA-256 hash is calculated over the same data used with the above hashed keyY method, after hashing the above data the following data is hashed: the CXI programID, and the ExeFS:/.code hash from the decrypted ExeFS header. An AES-CMAC (the keyslot used for this uses the hardware key-scrambler) is then calculated over this hash, the output CMAC is used for the savegame keyY.

The keyY used for calculating this AES-CMAC is initialized while NATIVE_FIRM is loading, this keyY is generated via the RSA engine. The RSA slot used here is slot0(key-data for slot0 is initialized by bootrom), this RSA slot0 key-data is overwritten during system boot. This RSA slot0 key-data gets overwritten with the RSA key-data used for verifying RSA signatures, every time Process9 verifies any RSA signatures except for NCCH accessdesc signatures. Starting with 7.0.0-13 this key-init function used at boot is also used to initialize a separate keyslot used for the new NCCH encryption method.

This Process9 key-init function first checks if a certain 0x10-byte block in the 0x01FF8000 region is all-zero. When all-zero it immediately returns, otherwise it clears that block then continues to do the key generation. This is likely for supporting launching a v6.0+ NATIVE_FIRM under this FIRM.

Gamecard wear leveling

The 3DS employs a wear leveling scheme on the savegame FLASH chips(only used for CARD1 gamecards). This is done through the usage of blockmaps and a journal. The blockmap is located at offset 0 of the flash chip, and is immediately followed by the journal. The initial state is dictated by the blockmap, and the journal is then applied to that.

First, there are 8 bytes whose purposes are currently unknown. Then comes the actual blockmap. The blockmap structure is simple: 

struct header_entry {
        uint8_t phys_sec; // when bit7 is set, block has checksums, otherwise checksums are all zero
        uint8_t alloc_cnt;
        uint8_t chksums[8];
} __attribute__((__packed__));

There's one entry per sector, counting from physical sector 1 (sector 0 contains the blockmap/journal).

The 2 bytes that follow the blockmap are the CRC16 (with starting value 0xFFFF (like modbus)) of the first 8 bytes and the blockmap.

Then comes the journal. The journal structure is as follows: 

struct sector_entry {
        uint8_t virt_sec;       // Mapped to sector
        uint8_t prev_virt_sec;  // Physical sector previously mapped to
        uint8_t phys_sec;       // Mapped from sector
        uint8_t prev_phys_sec;  // Virtual sector previously mapped to
        uint8_t phys_realloc_cnt;       // Amount of times physical sector has been remapped
        uint8_t virt_realloc_cnt;       // Amount of times virtual sector has been remapped
        uint8_t chksums[8];
} __attribute__((__packed__));

struct long_sector_entry{
        struct sector_entry sector;
        struct sector_entry dupe;
        uint32_t magic;
}__attribute__((__packed__));

With magic being a constant 0x080d6ce0.

The checksums in the blockmap/journal entries work as follows:

  • each byte is the checksum of an encrypted 0x200 bytes large block
  • to calculate the checksum, a CRC16 of the block (with starting value 0xFFFF) is calculated, and the two bytes of the CRC16 are XORed together to produce the 8bit checksum

Components and partitions

A savegame, after unwrapping the DISA container, consists of the following components:

  • SAVE header
  • directory hash table
  • file hash table
  • file allocation table
  • directory entry table
  • file entry table
  • data region

A DISA container can have one or two partitions, and correspondingly a savegame has two possible layouts. The layout is determined by the parameter duplicate data passed in FS:FormatSaveData or FS:CreateSystemSaveData.

Layout for duplicate data = true

The DISA container only has one partition which is always configured as external IVFC level 4 disabled (see DISA format for details). All components are stored in this partition as

  • SAVE header at the beginning
  • directory hash table
  • file hash table
  • file allocation table
  • data region
    • directory entry table is allocated inside data region
    • file entry table as well
    • all file data is also allocated here

In this layout, all data is duplicated by DISA's DPFS tree, which is what the parameter duplicate data implies.

Layout for duplicate data = false

The DISA container has two partitions. Partition A is always configured as external IVFC level 4 disabled, and partition B is configured as it enabled. Components are stored among the two partitions as

  • Partition A
    • SAVE header at the beginning.
    • directory hash table
    • file hash table
    • file allocation table
    • directory entry table
    • file entry table
  • Partition B
    • used as data region entirely, and only has file data allocated.

In this layout, all file system metadata is duplicated by partition A DPFS tree, but file data is not as partition B has external IVFC level 4.

SAVE Header

The SAVE header defines the rest components of the savegame. All "offsets" in the table below are relative to the beginning of partition A (inner content), while all "starting block index" are relative to the beginning of data region.

Offset Length Description
0x00 4 Magic "SAVE"
0x04 4 Magic 0x40000
0x08 8 File system Information offset (0x20)
0x10 8 Image size in blocks
0x18 4 Image block size
0x1C 4 Padding
Below is File system Information
0x20 4 Unknown
0x24 4 Data region block size
0x28 8 Directory hash table offset
0x30 4 Directory hash table bucket count
0x34 4 Padding
0x38 8 File hash table offset
0x40 4 File hash table bucket count
0x44 4 Padding
0x48 8 File allocation table offset
0x50 4 File allocation table entry count
0x54 4 Padding
0x58 8 Data region offset (if no partition B)
0x60 4 Data region block count (= File allocation table entry count)
0x64 4 Padding
0x68 8 If partition B exists: directory entry table offset;
otherwise: u32 directory entry table starting block index + u32 directory entry table block count
0x70 4 Maximum directory count
0x74 4 Padding
0x78 8 If partition B exists: file entry table offset;
otherwise: u32 file entry table starting block index + u32 file entry table block count
0x80 4 Maximum file count
0x84 4 Padding
  • The file/directory bucket count & maximum count are specified by the parameters of FS:FormatSaveData or FS:CreateSystemSaveData.
  • When partition B doesn't exist, directory & file entry tables are allocated in the data region, and while be marked allocated in file allocation table as if they are two normal files. However, only continuous allocation has been observed, so directly reading block_count * block_size bytes from data_region + starting_block_index * block_size should be safe. See the section #File Allocation Table below for more information.

Directory Entry Table

The directory entry table is an array of the entry type shown below. It describes the directory hierarchy of the file system.

Offset Length Description
0x00 4 Parent directory index. 0 for root
0x04 16 ASCII directory name in. All zero for root
0x14 4 Next sibling directory index. 0 if this is the last one
0x18 4 First subdirectory index. 0 if not exists
0x1C 4 First file index in file entry table. 0 for empty directory
0x20 4 Padding / zero?
0x24 4 Index of the next directory in the same hash table bucket. 0 if this is the last one

There are also some dummy entries in the array:

Offset Length Description
0x00 4 Current Total entry count
0x04 4 Maximum entry count = maximum directory count + 2
0x08 28 Padding / All zero
0x24 4 Index of the next dummy entry. 0 if this is the last one

The 0-th entry of the array is always a dummy entry, which functions as the head of the dummy entry linked list. The 1-st entry of the array is always the root. Therefore maximum entry count is two more than maximum directory count. Dummy entries are left there when deleting directories, and reserved for future use.

File Entry Table

The file entry table is an array of the entry type shown below. It contains information for each file.

Offset Length Description
0x00 4 Parent directory index in directory entry table
0x04 16 ASCII file name
0x14 4 Next sibling file index. 0 if this is the last one
0x18 4 Padding
0x1C 4 First block index in data region. 0x80000000 if the file is just created and has no data.
0x20 8 File Size
0x28 4 Padding?
0x2C 4 Index of the next file in the same hash table bucket. 0 if this is the last one

Like directory entry table, file entry table also has some dummy entries:

Offset Length Description
0x00 4 Current total entry count
0x04 4 Maximum entry count = maximum file count + 1
0x08 36 Padding / All zero
0x2C 4 Index of the next dummy entry. 0 if this is the last one

The 0-th entry of the array is always a dummy entry, which functions as the head of the dummy entry linked list. Therefore maximum entry count is one more than maximum file count. Dummy entries are left there when deleting files, and reserved for future use.

Directory Hash Table & File Hash Table

This is a u32 array of size = bucket count, each of which is an index to the directory / file entry table. The directory / file name is hashed and its entry index is put to the corresponding bucket. If there is already a directory/file entry in the bucket, then it appends to the linked list formed by Index of the next directory/file in the same hash table bucket field in the directory/file entry table. i.e. this is a hash table using separate chaining with linked lists

The hash function takes the parent index and the name as key. The function is equivalent to 

uint32_t GetBucket(
    char name[16], // takes all 16 bytes including trailing zeros
    uint32_t parent_dir_index,
    uint32_t bucket_count
) {
    uint32_t hash = parent_dir_index ^ 0x091A2B3C;
    for (int i = 0; i < 4; ++i) {
        hash = (hash >> 1) | (hash << 31);
        hash ^= (uint32_t)name[i * 4]
        hash ^= (uint32_t)name[i * 4 + 1] << 8
        hash ^= (uint32_t)name[i * 4 + 2] << 16
        hash ^= (uint32_t)name[i * 4 + 3] << 24
    }
    return hash % bucket_count;
}

File Allocation Table

The file allocation table is an array of a 8-byte entry shown below. The array size is actually one larger than the size recorded in the SAVE header. Each entry corresponds to a block in the data region (the block size is defined in SAVE header). However, the 0th entry corresponds to nothing, so the corresponding block index is off by one. e.g. entry 31 in this table corresponds to block 30 in the data region.

Offset Length Description
0x00 4 bit[0:30]: Index U; bit[31]: Flag U
0x04 4 bit[0:30]: Index V; bit[31]: Flag V

Entries in this table forms several chains, representing how blocks in the data region should be linked together. However, unlike normal FAT systems, which uses chains of entries, 3DS savegames use chain of nodes. Each node spans one or multiple entries.

One node spanning n entries starting from FAT[k] is in the following format: 

FAT[k + 0]:
    Index_U = index of the first entry of the previous node. 0 if this is the first node.
    Index_V = index of the first entry of the next node. 0 if this is the last node.
    Flag_U set if this is the first node.
    Flag_V set if this node has multiple entries.

FAT[k + 1]:
    Index_U = k (the first entry index of this node)
    Index_V = k + n - 1 (the last entry index of this node)
    Flag_U always set
    Flag_V always clear

FAT[k + 2] ~ FAT[k + n - 2]:
    All these entries are uninitialized

FAT[k + n - 1]:
    Index_U = k
    Index_V = k + n - 1
    Flag_U always set
    Flag_V always clear
    (Same values as FAT[k + 1])
  • Note: all indices above are entry indices (block index + 1)

All free blocks that are not allocated to any files also form a node chain in the allocation table. The head index of this "free chain" is recorded in FAT[0].Index_V. Other fields of FAT[0] are all zero

Here is an example: [1]

Initialization

When a save FLASH contains all xFFFF blocks it's assumed uninitialized by the game cartridges and it initializes default data in place, without prompting the user. The 0xFFFFFFFF blocks are uninitialized data. When creating a non-gamecard savegame and other images/files, it's initially all 0xFFFFFFFF until it's formatted where some of the blocks are overwritten with encrypted data.

I got a new game SplinterCell3D-Pal and I downloaded the save and it was 128KB of 0xFF, except the first 0x10 bytes which were the letter 'Z' (uppercase) --Elisherer 22:41, 15 October 2011 (CEST)

Fun Facts

If you have facts that you found out by looking at the binary files please share them here:

  • From one save to another the game backups the last files that were in the partition and the entire image header in "random" locations.. --Elisherer 22:41, 15 October 2011 (CEST)

Tools

  • 3dsfuse supports reading and modifying savegames. In the mounted FUSE filesystem, the /output.sav is the raw FLASH save-image. When the save was modified, a separate tool to update the CMAC must be used with /clean.sav, prior to writing output.sav to a gamecard.
  • 3DSExplorer supports reading of savegames, it doesn't support reading the new encrypted savegames and maybe in the future it will support modifying (some of the modyfing code is already implemented).
  • wwylele's 3ds-save-tool supports extracting files from savegames and extdata. It properly reconstructs data from the DPFS tree and extracts files in directories hierarchy.
  • 3dsfuse-ex similar to 3dsfuse, but supports savegame inner FS, proper DPFS handling, and automatic CMAC update. Still WIP.

Japanese

Retrieved from "https://www.3dbrew.org/w/index.php?title=Savegames&oldid=20843"