nyyu/LibHac
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update KEYS.md

Browse Source
This commit is contained in:
Alex Barney 2018-09-09 20:27:59 -05:00
parent c4117aa85f
commit a1668b2214
1 changed files with 173 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
KEYS.md
View File

@ -1,14 +1,176 @@
### Console-unique keys
# Keys
The following is an example of what a console-unique keyset might look like. (`sd_seed` is SD card-unique rather than console-unique)
Keys are required for decrypting most of the file formats used by the Nintendo Switch.
Keysets are stored as text files, and are loaded from `$HOME/.switch`. These 3 filenames are automatically read:
`prod.keys` - Contains common keys usedy by all Switch devices.
`console.keys` - Contains console-unique keys.
`title.keys` - Contains game-specific keys.
#### XTS-AES keys note
The Switch uses 128-bit XTS-AES for decrypting the built-in storage (BIS), NCA header and the SD card contents.
This encryption method uses 2 128-bit keys: a "data" or "cipher" key, and a "tweak" key.
In the keyfile these are stored as one 256-bit key with the data key first, followed by the tweak key.
## Keyfile format
`prod.keys` and `console.keys` should be in the following format with one key per line:
`key_name = hexadecimal_key_value`
e.g. (Not actual keys)
```
master_key_00 = 63C9FCB338CDE3D037D29BB66F897C6B
master_key_01 = 4636CB976DFE95095C1F55151A8326C6
header_key_source = 343795270AAD5D19EBE2956C9BC71F4C41836B21DC6ACD7BACD4F6AF4816692C
```
#### Title Keys
`title.keys` should be in the following format with one key per line:
`rights_id,hexadecimal_key_value`.
e.g. (Not actual keys)
```
01000000000100000000000000000003,B4A1F5575D7D8A81624ED36D4E4BD8FD
01000000000108000000000000000003,C8AD76F8C78E241ADFEE6EB12E33F1BD
01000000000108000000000000000004,F9C8EAD30BB594434E4AF62C483CD796
```
## Keyfile templates
This template contains the keys needed to derive all the keys used by hactoolnet, although not all of them are needed for every task.
Fill out the template with the actual keys to get a working keyfile.
```
sd_seed = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
tsec_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
secure_boot_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
device_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_00 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_01 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_02 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_03 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```
master_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_00 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_01 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_02 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_03 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_04 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
master_key_05 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_mac_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_key_source_00 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_key_source_01 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_key_source_02 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_key_source_03 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_key_source_04 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
keyblob_key_source_05 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_00 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_01 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_02 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_03 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package1_key_04 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
package2_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
aes_kek_generation_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
aes_key_generation_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
titlekek_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_application_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_ocean_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
key_area_key_system_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_card_kek_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_card_save_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_card_nca_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
header_kek_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
header_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
xci_header_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
retail_specific_aes_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
per_console_key_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
eticket_rsa_kek = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_source_00 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_source_01 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_source_02 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_kek_source = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```
### Console-unique keys
This template is for console-unique keys.
```
tsec_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
secure_boot_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
sd_seed = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# The below keys can be derived from tsec_key and secure_boot_key
device_key = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_00 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_01 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_02 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
bis_key_03 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```
## Complete key list
Below is a complete list of keys that are currently recognized.
\## represents a hexadecimal number between 00 and 1F
### Common keys
```
master_key_source
keyblob_mac_key_source
package2_key_source
aes_kek_generation_source
aes_key_generation_source
key_area_key_application_source
key_area_key_ocean_source
key_area_key_system_source
titlekek_source
header_kek_source
header_key_source
sd_card_kek_source
sd_card_nca_key_source
sd_card_save_key_source
retail_specific_aes_key_source
per_console_key_source
bis_kek_source
bis_key_source_00
bis_key_source_01
bis_key_source_02
header_key
xci_header_key
eticket_rsa_kek
master_key_##
package1_key_##
package2_key_##
titlekek_##
key_area_key_application_##
key_area_key_ocean_##
key_area_key_system_##
keyblob_key_source_##
keyblob_##
```
### Console-unique keys
```
secure_boot_key
tsec_key
device_key
bis_key_00
bis_key_01
bis_key_02
bis_key_03
keyblob_key_##
keyblob_mac_key_##
encrypted_keyblob_##
sd_seed
```