Tad

From DSiBrew
Revision as of 18:23, 22 December 2009 by Neimod (talk | contribs)
Jump to navigation Jump to search

The System Settings application delivered with each DSi can be used to export applications from NAND to SD. The files created on SD are encrypted with AES CCM (CTR with CBC-MAC), using a combination of a shared key and a console specific key.

The application itself (APP), and the title metadata (TMD) is encrypted with a console specific key. This means that Nintendo intended that these files can only be imported back into the same DSi.

While the banner, the public savegame, and several other metablocks are encrypted with a shared key, which means any DSi can inspect these parts of the file.

ES blocks

An ES block, for lack of a better name, is a commonly used data encryption method on DSi by Nintendo.

It uses AES CCM to encrypt a maximum of 0x20000 bytes of data per time, and extends it with a 32 byte trail block at the end.

A part of the last 16 bytes of trail block itself is encrypted with AES CTR, and contains the nonce for decryption and size of the ES block:

0000000: qq qq qq qq qq qq qq qq qq qq qq qq qq qq qq qq
0000010: xx nn nn nn nn nn nn nn nn nn nn nn nn yy yy yy

The counter used for decrypting the trail block is the last 16 bytes of the trailblock, with the first, 14th, 15th and 16th byte set to 0:

00 nn nn nn nn nn nn nn nn nn nn nn nn 00 00 00

After decrypting the trailblock, xx is always 0x3A, and yy is the size of the ES block (excluding the trail block). The nonce after decryption is not used. It is assumed that qq is a MAC (Message Authentication Code), used to verify the contents of the ES block after decryption, but this has not been verified yet.

The same 12-byte nonce from the trailblock is again used to decrypt the whole ES block itself.

Data larger than 0x20000 bytes is split into multiple ES blocks, each with their own trailblock.

ES block encryption is used to encrypt the B4 block, 440 block, and the 11 parts.


B4 block

0000000: 34 41 4e 54 31 30 00 01 74 e9 2c 1e 24 00 00 00  4ANT10..t.,.$...
0000010: d6 e0 39 c3 98 3f 06 b6 9a b2 9d 14 e7 06 e9 00  ..9..?..........
0000020: 45 4d 44 4b 04 00 03 00 28 02 00 00 20 d2 e0 00  EMDK....(... ...
0000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000040: 00 00 00 00 00 00 00 00 00 00 00 00 80 80 06 00  ................
0000050: 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00  ................
0000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000070: 00 00 00 00 00 80 06 00 00 00 00 00 00 00 00 00  ................
0000080: 00 00 00 00 00 86 00 00 00 00 00 00 00 00 00 00  ................
0000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000b0: 00 00 00 00                                      ....


Offset Size Description
0x00 4 Always 0x544E4134
0x04 2 Unknown
0x06 2 Unknown
0x08 6 DSi MAC address
0x0E 2 zero
0x10 16 Extracted from HWINFO_N.dat
0x20 4 Lower TitleID of exported app
0x24 4 Upper TitleID of exported app
0x28 11 * 4 Contains the total lengths for each of the 11 parts.
0x54 ? ?

440 block

0000000: d6 f3 24 7c a1 0f 4a dc cd 07 34 d6 ce 62 32 93  ..$|..J...4..b2.
0000010: 11 54 54 a5 28 38 13 5a 0c 87 8e dc 63 0a ab 2e  .TT.(8.Z....c...
0000020: 4a 0f 12 5c d7 31 ee 29 72 53 39 1d ff 70 c1 8a  J..\.1.)rS9..p..
0000030: 45 18 c1 88 85 1f f5 55 c6 5f 48 37 27 f3 0a 02  E......U._H7'...
0000040: e7 77 18 8b 84 ee cc e5 e4 40 e5 cb 64 bb 0a f3  .w.......@..d...
0000050: 20 00 53 00 74 00 75 00 64 00 69 00 6f 00 0a 00   .S.t.u.d.i.o...
0000060: 4e 00 69 00 6e 00 74 00 65 00 6e 00 64 00 6f 00  N.i.n.t.e.n.d.o.
0000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000d0: 00 00 00 00 00 00 00 00 00 00 00 00 c5 16 e5 12  ................
00000e0: 4c 70 9a fd 7a 03 87 d0 13 94 da 86 46 11 ff 31  Lp..z.......F..1
00000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000100: 00 00 00 00 00 b5 62 b1 02 c9 4e f3 14 2c 85 3d  ......b...N..,.=
0000110: a2 c6 be c9 d8 01 db 46 03 12 44 6e 89 87 c4 e5  .......F..Dn....
0000120: 83 1e 00 03 8f f8 cd 35 e3 e4 b8 8e be 6e 65 36  .......5.....ne6
0000130: f2 6d c6 dc 2c 4b d6 38 2b 2d 7f e5 22 b0 44 3b  .m..,K.8+-..".D;
0000140: 00 01 00 02 00 78 58 de a6 c4 70 9c 89 26 22 f2  .....xX...p..&".
0000150: 60 38 cb c5 d7 54 cd a3 d5 b9 d9 b3 84 63 6f be  `8...T.......co.
0000160: 36 ef 00 68 f0 9a 6b 35 91 1a 67 6f 73 dc 54 61  6..h..k5..gos.Ta
0000170: c1 c7 6c 6f d4 43 58 e6 e2 62 52 11 65 77 9a ce  ..lo.CX..bR.ew..
0000180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00001a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00001b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00001c0: 52 6f 6f 74 2d 43 41 30 30 30 30 30 30 30 31 2d  Root-CA00000001-
00001d0: 4d 53 30 30 30 30 30 30 30 38 2d 54 57 63 37 39  MS00000008-TWc79
00001e0: 64 63 65 63 39 2d 30 38 61 32 30 32 38 37 30 31  dcec9-08a2028701
00001f0: 30 38 34 31 31 38 00 00 00 00 00 00 00 00 00 00  084118..........
0000200: 00 00 00 02 41 50 30 30 30 33 30 30 31 35 34 38  ....AP0003001548
0000210: 34 65 34 32 34 35 00 00 00 00 00 00 00 00 00 00  4e4245..........
0000220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000240: 00 00 00 00 00 00 00 00 00 d7 c1 33 4e 24 8c 13  ...........3N$..
0000250: 0f b3 f4 c4 bb 2a 4a 79 81 51 39 6f 00 ee a2 00  .....*Jy.Q9o....
0000260: 20 a6 f5 cc d8 72 01 74 60 57 4f a4 92 52 9b 5a   ....r.t`WO..R.Z
0000270: 56 75 a9 62 4f 67 25 e3 7b 05 21 e4 4f 1f c3 21  Vu.bOg%.{.!.O..!
0000280: 2b d8 ec e7 00 00 00 00 00 00 00 00 00 00 00 00  +...............
0000290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00002a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00002b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00002c0: 00 01 00 02 00 db da 21 3b e1 f1 bf bb 4d dc 1d  .......!;....M..
00002d0: 60 29 da 19 42 1e 66 4f a8 e5 27 a1 d4 ea 46 7d  `)..B.fO..'...F}
00002e0: 9b b4 00 95 c5 0d e8 fa ef a7 8d e9 bc 54 da c1  .............T..
00002f0: 24 94 0b 7c ad a8 61 d5 05 97 c2 64 38 ad 18 f9  $..|..a....d8...
0000300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000310: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000320: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000330: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000340: 52 6f 6f 74 2d 43 41 30 30 30 30 30 30 30 31 2d  Root-CA00000001-
0000350: 4d 53 30 30 30 30 30 30 30 38 00 00 00 00 00 00  MS00000008......
0000360: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000380: 00 00 00 02 54 57 63 37 39 64 63 65 63 39 2d 30  ....TWc79dcec9-0
0000390: 38 61 32 30 32 38 37 30 31 30 38 34 31 31 38 00  8a2028701084118.
00003a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00003b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00003c0: 00 00 00 00 6f dd de 42 01 e0 34 a3 19 bc a9 af  ....o..B..4.....
00003d0: 50 fe 8a ac 75 08 07 a9 3a 2c 21 51 93 ae 4a 90  P...u...:,!Q..J.
00003e0: 6e 62 41 f1 a2 fe 00 00 3d 0a 13 97 da 53 17 98  nbA.....=....S..
00003f0: 69 38 65 67 ca f4 9c 87 ec 44 b7 eb d0 ec b8 3d  i8eg.....D.....=
0000400: 23 cf 7a 35 00 00 00 00 00 00 00 00 00 00 00 00  #.z5............
0000410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0000430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

It is assumed that this block contains an ECC signature, aswell as the console id and serial of the DSi that exported the file.