Difference between revisions of "Title Database"

From 3dbrew
Jump to navigation Jump to search
(→‎Title Info Entry: 0x350 appears here, not 0x530)
(25 intermediate revisions by 8 users not shown)
Line 4: Line 4:
 
* sdmc/Nintendo 3DS/<ID0>/<ID1>/dbs
 
* sdmc/Nintendo 3DS/<ID0>/<ID1>/dbs
  
ID0 is the first 0x10-bytes from a SHA256 [[nand/private/movable.sed|hash]]. The installation of [[SD Filesystem|SD Card]] titles was introduced in the [[2.0.0-2]] update and the SD dbs files are encrypted. These files are [[extdata]] images. The NAND extdata images are cleartext, however some of the images contain data encrypted with a console-unique keyslot.
+
ID0 is the first 0x10-bytes from a SHA256 [[nand/private/movable.sed|hash]]. The installation of [[SD Filesystem|SD Card]] titles was introduced in the [[2.0.0-2]] update and the SD dbs files are encrypted by [[SD Filesystem|the general SD filesystem encryption rule]]. These files are [[DISA and DIFF|DIFF containers]]. These DIFF files do not use external IVFC level 4, so all database data is duplicated in the container. In this page only the inner content of the container is described.
 +
 
 +
These files are only created on SD (via [[Application_Manager_Services|AM]]) if they don't exist when the [[eShop]] application is starting up, during network init etc (prior to showing the "system update required" dialog).
  
 
These files are stored under this directory:
 
These files are stored under this directory:
Line 12: Line 14:
 
!  Stored in CTR-NAND
 
!  Stored in CTR-NAND
 
!  Filename
 
!  Filename
 +
!  [[DISA and DIFF#CTR-9DB0|CTR-9DB0]] ID
 
!  Description
 
!  Description
 
|-
 
|-
 +
| No
 
| Yes
 
| Yes
 +
| ticket.db
 +
| 0x0
 +
| This contains the installed tickets (NAND and SD).
 +
|-
 +
| No
 
| Yes
 
| Yes
| import.db
+
| certs.db
| This is an Import Database, it contains entries for titles(or versions of titles) not yet installed, ready for transferring to the title.db. (Automatic Update, uses this, so completing the update takes seconds)
+
| 0x1
 +
| This contains the certificate chain used to verify TMDs and other certificates.
 
|-
 
|-
 
| Yes
 
| Yes
 
| Yes
 
| Yes
 
| title.db
 
| title.db
| Title database, this contains entries for all installed titles (TWL & CTR) on the 3DS(Each database is responsible for titles installed on it's medium).
+
| 0x2
 +
| Title database, this contains entries for all installed titles (TWL & CTR) on the 3DS (Each database is responsible for titles installed on its medium).
 +
|-
 +
| Yes
 +
| Yes
 +
| import.db
 +
| 0x3
 +
| This is an Import Database, it contains entries for titles (or versions of titles) not yet installed, ready for transferring to the title.db. (Automatic Update uses this, so completing the update takes seconds.)
 
|-
 
|-
 
| No
 
| No
 
| Yes
 
| Yes
 
| tmp_t.db
 
| tmp_t.db
 +
| 0x4
 
| This is the temporary Title database containing one entry for the currently installed [[Download Play]] Child.
 
| This is the temporary Title database containing one entry for the currently installed [[Download Play]] Child.
 
|-
 
|-
Line 32: Line 50:
 
| Yes
 
| Yes
 
| tmp_i.db
 
| tmp_i.db
 +
| 0x5
 
| Similar to import.db, except it's used in conjunction with tmp_t.db, for installing [[Download Play]] Children.
 
| Similar to import.db, except it's used in conjunction with tmp_t.db, for installing [[Download Play]] Children.
 +
|}
 +
 +
The inner content of the container consists of a pre-header with size of 0x80 identifying the Database Type, followed by a BDRI container. The offsets in the BDRI header are usually relative to the offset to the start of the BDRI header (0x80 in the file)
 +
 +
== Pre Header ==
 +
 +
{| class="wikitable"
 +
|-
 +
! Start
 +
! Length
 +
! Description
 +
|-
 +
| 0x00
 +
| 8
 +
| Database Type "Magic" (see below)
 +
|-
 +
| 0x08
 +
| 0x78
 +
| Reserved
 +
|}
 +
 +
For ticket.db different pre header is used:
 +
 +
{| class="wikitable"
 +
|-
 +
! Start
 +
! Length
 +
! Description
 +
|-
 +
| 0x00
 +
| 4
 +
| Database Type "Magic" (see below)
 +
|-
 +
| 0x04
 +
| 0x04
 +
| Unknown (always 0x00000001 ?)
 +
|-
 +
| 0x08
 +
| 0x04
 +
| Unknown
 +
|-
 +
| 0x0C
 +
| 0x04
 +
| Unknown (0x30 smaller than previous one)
 +
|}
 +
 +
=== Database Magic ===
 +
 +
{| class="wikitable"
 +
|-
 +
! Database Type
 +
! Magic
 +
|-
 +
| CTR-NAND ticket.db
 +
| TICK
 +
|-
 +
| CTR-NAND import.db
 +
| NANDIDB
 +
|-
 +
| CTR-NAND title.db
 +
| NANDTDB
 +
|-
 +
| CTR-NAND tmp_i.db
 +
| TEMPIDB
 +
|-
 +
| CTR-NAND tmp_t.db
 +
| TEMPIDB
 +
|-
 +
| SD Card import.db
 +
| TEMPTDB
 +
|-
 +
| SD Card title.db
 +
| TEMPTDB
 +
|}
 +
 +
== BDRI ==
 +
 +
This is a variant of [[Inner FAT|FAT filesystem]]. It consists one "root" directory and multiple "files". Each "file" is one title info entry described below.
 +
 +
== Title Info Entry ==
 +
 +
An entry contains information taken from both the application NCCH file(s) and TMD.
 +
 +
{| class="wikitable"
 +
|-
 +
! Start
 +
! Length
 +
! Description
 +
|-
 +
| 0x0
 +
| 8
 +
| Title Size
 +
|-
 +
| 0x8
 +
| 4
 +
| Title Type(usually 0x40)
 +
|-
 +
| 0xC
 +
| 4
 +
| Title Version
 +
|-
 +
| 0x10
 +
| 4
 +
| Flags_0
 +
|-
 +
| 0x14
 +
| 4
 +
| TMD Content ID
 +
|-
 +
| 0x18
 +
| 4
 +
| CMD Content ID
 +
|-
 +
| 0x1c
 +
| 4
 +
| Flags_1
 +
|-
 +
| 0x20
 +
| 4
 +
| ExtdataID low (zero if title doesn't use Extdata)
 +
|-
 +
| 0x24
 +
| 4
 +
| Reserved
 +
|-
 +
| 0x28
 +
| 8
 +
| Flags_2
 +
|-
 +
| 0x30
 +
| 0x10
 +
| Product Code
 +
|-
 +
| 0x40
 +
| 0x10
 +
| Reserved
 +
|-
 +
| 0x50
 +
| 0x4
 +
| Unknown
 +
|-
 +
| 0x54
 +
| 0x2c
 +
| Reserved
 +
|}
 +
 +
For ticket.db title info contains a small header and actual ticket data:
 +
{| class="wikitable"
 +
|-
 +
! Start
 +
! Length
 +
! Description
 +
|-
 +
| 0x0
 +
| 4
 +
| Unknown (always 0x00000001?)
 +
|-
 +
| 0x4
 +
| 4
 +
| Ticket data size X (=0x350)
 +
|-
 +
| 0x8
 +
| X
 +
| [[Ticket|Ticket]] data
 +
|}
 +
 +
==== Flags_0 ====
 +
 +
{| class="wikitable"
 +
|-
 +
! Index
 +
! Description
 +
|-
 +
| 0
 +
| Electronic Manual
 
|-
 
|-
| No
+
| 1
| Yes
+
| ?
| certs.db
+
|-
| This contains the certificate chain used to verify TMDs and other certificates.
+
| 2
 +
| ?
 
|-
 
|-
| No
+
| 3
| Yes
+
| ?
| ticket.db
 
| This contains the installed tickets.
 
 
|}
 
|}
  
"'''title.db'''" - With a fixed size of 0x31E400 bytes, this [[Extdata]] image embeds two almost identical copies(the latter is probably an older backup) of the Title Database. For each installed title, the following information is known to be stored:
+
==== Flags_1 ====
  
* Title ID - Taken from the main [[NCCH#CXI|CXI]]/[[TMD]]
+
{| class="wikitable"
* Product Code - Taken from the main [[NCCH#CXI|CXI]]
+
|-
* [[TMD|Title Size]] - This is generally larger than the total size of the Content.
+
! Index
* [[TMD|Title Type]]
+
! Description
* [[TMD|Title Version]]
+
|-
* [[Title Data Structure|.tmd]] Content ID
+
| 0
* [[Title Data Structure|.cmd]] Content ID
+
| SD Save Data
* [[Extdata#SD Extdata|ExtdataID low]] (if the title uses ExtData)
+
|-
* Whether or not a [[NCCH#CFA|Electronic Manual]] is used
+
| 1
* Whether or not [[Savegames|Savedata]] is used
+
| ?
 +
|-
 +
| 2
 +
| ?
 +
|-
 +
| 3
 +
| ?
 +
|}
  
It is important to note the database doesn't contain a hash of the [[Title Data Structure|.cmd]]. So if a user has more than one valid set of [[Title Data Structure|application data]] for a given .cmd Content ID they can be manually interchanged without issue. Though renaming a .cmd file to match the Content ID which the title.db is expecting will result in an error, as the CTR for the per-console encryption layer changes depending on the file path, and the MAC of the .cmd is probably generated with the .cmd Content ID in mind.
+
==== Flags_2 ====
  
 +
{| class="wikitable"
 +
|-
 +
! Index
 +
! Description
 +
|-
 +
| 0
 +
| DSiWare Related (Visibility on Home Menu/Export Flag?)
 +
|-
 +
| 1
 +
| ?
 +
|-
 +
| 2
 +
| ?
 +
|-
 +
| 3
 +
| ?
 +
|-
 +
| 4
 +
| Found with DSiWare Titles and titles with an 'Application' Title ID
 +
|-
 +
| 5
 +
| DSiWare Related (Visibility on Home Menu/Export Flag?)
 +
|-
 +
| 6
 +
| ?
 +
|-
 +
| 7
 +
| ?
 +
|}
  
"'''import.db'''" - The function of the file is not well understood. It appears to be related to the download/install of titles, as in the progress of downloading titles this file will have changed but the title.db will not be modified until the title has been properly downloaded.
+
'''NOTES:'''
*This file doesn't contain any title specific data which the [[Application Manager Services PXI|ARM9]] has been noted to use in relation to installed titles, even though this file is modified when titles are installed/deleted. In fact, no matter what titles you install, if you use an old copy of the "import.db" with a recent copy of the "title.db", this creates no noticeable issues.
 
  
 +
It is important to note the database doesn't contain a hash of the [[Title Data Structure|.cmd]]. So if a user has more than one valid set of [[Title Data Structure|application data]] for a given .cmd Content ID they can be manually interchanged without issue. Though renaming a .cmd file to match the Content ID which the title.db is expecting will result in an error, as the CTR for the per-console encryption layer changes depending on the file path, and the MAC of the .cmd is probably generated with the .cmd Content ID in mind.
  
Note: It is quite unlikely that the either the import.db or title.db contain the cached icon and names of installed titles. The amount of data which changes in those two file when a title installed/deleted is not sufficient to contain the size of data required for the icons and names of the application, they are most likely cached in the [[Flash Filesystem|NAND]].
+
These NAND/SD /dbs images seem to be loaded by the ARM9 while NATIVE_FIRM is booting.
  
* [https://gist.github.com/1113cbe10f124e5a2c72 Old and new import.db and title.db xored, revealing some plaintext].
+
Removing ticket.db from a New-3DS with signature checks disabled will not result in an unbootable system, however all icons except Slot-1 will disappear from Home. Applets can however still be used. Recovery can be accomplished via [[Hardware|hardmod]] or [[arm9loaderhax]] plus a known good backup of the file (or the whole partition or disk); Gamecard exploits were not tested, and Browserhax did not work.

Revision as of 03:25, 31 May 2019

These files contain data relating to install/usage/management of installed 3DS titles. The database files are located at:

  • nand/dbs
  • sdmc/Nintendo 3DS/<ID0>/<ID1>/dbs

ID0 is the first 0x10-bytes from a SHA256 hash. The installation of SD Card titles was introduced in the 2.0.0-2 update and the SD dbs files are encrypted by the general SD filesystem encryption rule. These files are DIFF containers. These DIFF files do not use external IVFC level 4, so all database data is duplicated in the container. In this page only the inner content of the container is described.

These files are only created on SD (via AM) if they don't exist when the eShop application is starting up, during network init etc (prior to showing the "system update required" dialog).

These files are stored under this directory:

Stored on SD card Stored in CTR-NAND Filename CTR-9DB0 ID Description
No Yes ticket.db 0x0 This contains the installed tickets (NAND and SD).
No Yes certs.db 0x1 This contains the certificate chain used to verify TMDs and other certificates.
Yes Yes title.db 0x2 Title database, this contains entries for all installed titles (TWL & CTR) on the 3DS (Each database is responsible for titles installed on its medium).
Yes Yes import.db 0x3 This is an Import Database, it contains entries for titles (or versions of titles) not yet installed, ready for transferring to the title.db. (Automatic Update uses this, so completing the update takes seconds.)
No Yes tmp_t.db 0x4 This is the temporary Title database containing one entry for the currently installed Download Play Child.
No Yes tmp_i.db 0x5 Similar to import.db, except it's used in conjunction with tmp_t.db, for installing Download Play Children.

The inner content of the container consists of a pre-header with size of 0x80 identifying the Database Type, followed by a BDRI container. The offsets in the BDRI header are usually relative to the offset to the start of the BDRI header (0x80 in the file)

Pre Header

Start Length Description
0x00 8 Database Type "Magic" (see below)
0x08 0x78 Reserved

For ticket.db different pre header is used:

Start Length Description
0x00 4 Database Type "Magic" (see below)
0x04 0x04 Unknown (always 0x00000001 ?)
0x08 0x04 Unknown
0x0C 0x04 Unknown (0x30 smaller than previous one)

Database Magic

Database Type Magic
CTR-NAND ticket.db TICK
CTR-NAND import.db NANDIDB
CTR-NAND title.db NANDTDB
CTR-NAND tmp_i.db TEMPIDB
CTR-NAND tmp_t.db TEMPIDB
SD Card import.db TEMPTDB
SD Card title.db TEMPTDB

BDRI

This is a variant of FAT filesystem. It consists one "root" directory and multiple "files". Each "file" is one title info entry described below.

Title Info Entry

An entry contains information taken from both the application NCCH file(s) and TMD.

Start Length Description
0x0 8 Title Size
0x8 4 Title Type(usually 0x40)
0xC 4 Title Version
0x10 4 Flags_0
0x14 4 TMD Content ID
0x18 4 CMD Content ID
0x1c 4 Flags_1
0x20 4 ExtdataID low (zero if title doesn't use Extdata)
0x24 4 Reserved
0x28 8 Flags_2
0x30 0x10 Product Code
0x40 0x10 Reserved
0x50 0x4 Unknown
0x54 0x2c Reserved

For ticket.db title info contains a small header and actual ticket data:

Start Length Description
0x0 4 Unknown (always 0x00000001?)
0x4 4 Ticket data size X (=0x350)
0x8 X Ticket data

Flags_0

Index Description
0 Electronic Manual
1 ?
2 ?
3 ?

Flags_1

Index Description
0 SD Save Data
1 ?
2 ?
3 ?

Flags_2

Index Description
0 DSiWare Related (Visibility on Home Menu/Export Flag?)
1 ?
2 ?
3 ?
4 Found with DSiWare Titles and titles with an 'Application' Title ID
5 DSiWare Related (Visibility on Home Menu/Export Flag?)
6 ?
7 ?

NOTES:

It is important to note the database doesn't contain a hash of the .cmd. So if a user has more than one valid set of application data for a given .cmd Content ID they can be manually interchanged without issue. Though renaming a .cmd file to match the Content ID which the title.db is expecting will result in an error, as the CTR for the per-console encryption layer changes depending on the file path, and the MAC of the .cmd is probably generated with the .cmd Content ID in mind.

These NAND/SD /dbs images seem to be loaded by the ARM9 while NATIVE_FIRM is booting.

Removing ticket.db from a New-3DS with signature checks disabled will not result in an unbootable system, however all icons except Slot-1 will disappear from Home. Applets can however still be used. Recovery can be accomplished via hardmod or arm9loaderhax plus a known good backup of the file (or the whole partition or disk); Gamecard exploits were not tested, and Browserhax did not work.

Retrieved from "https://www.3dbrew.org/w/index.php?title=Title_Database&oldid=20991"