Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Suggestion: More accurate dumps (retrieve comms keydata sector from cartridge) #10

Open
mariomadproductions opened this issue Oct 6, 2018 · 5 comments
Labels
enhancement New feature or request implemented This feature or request has already been implemented

Comments

@mariomadproductions
Copy link

Here you (@DarkMatterCore) suggested that the dumps made with this tool aren't 1:1 - they are partially decrypted and are probably missing "ECC data".
Would it be feasible to dump the carts encrypted - and would the resultant ROM dump be decryptable?
Would it also be feasible to dump the "padding" properly (what you think is probably "ECC data") - as I understand it, this data is dumped as "FF" bytes, but this is not an accurate reproduction of the data on the ROM chip.

@DarkMatterCore
Copy link
Owner

There's a problem with this. The application currently uses IPC calls to filesystem services in order to retrieve raw data sectors from the gamecard storage.

However, a separate gamecard controller from the Switch takes care of decrypting the data on-the-fly, and provides no way of getting the encrypted data, nor a way to retrieve the ECC blocks (any read operation beyond the gamecard storage size results in an IPC error).

@mariomadproductions
Copy link
Author

Okay. Hopefully a way will be found in the near-future.

@DarkMatterCore DarkMatterCore added the enhancement New feature or request label Apr 22, 2019
@DarkMatterCore
Copy link
Owner

For the time being, I'm gonna leave this issue open. If new information related to this topic comes to light, I'll make sure to update this issue status.

@DarkMatterCore DarkMatterCore added the help wanted Extra attention is needed label Apr 23, 2019
@DarkMatterCore DarkMatterCore changed the title Suggestion: More accurate dumps Suggestion: More accurate dumps (retrieve ECC data from cartridge) Apr 23, 2019
@DarkMatterCore
Copy link
Owner

@mariomadproductions According to SciresM, it seems there are no ECC blocks at all in Switch gamecards.

However, it has been proved that all Switch gamecards hold a 0x200 byte long sector that precedes the gamecard header, which contains communication keydata (title-specific, not gamecard-specific).

The data from this sector is used to configure the gamecard <-> ASIC communication encryption.

typedef struct {
    u8 key_source[0x10];
    u8 encrypted_title_key[0x10];
    u8 mac[0x10];
    u8 nonce[0xC];
    u8 reserved_1[0x1C4];
} InitialDataRegion;

I will try to implement a way to dump this specific sector.

@DarkMatterCore DarkMatterCore changed the title Suggestion: More accurate dumps (retrieve ECC data from cartridge) Suggestion: More accurate dumps (retrieve comms keydata sector from cartridge) Jun 2, 2020
@DarkMatterCore
Copy link
Owner

@mariomadproductions Support for dumping the initial data region + padding up to 0x1000 bytes has been implemented in the experimental rewrite branch. It has already been confirmed to work properly by some other users.

This issue will be kept open until the rewrite is finished.

@DarkMatterCore DarkMatterCore removed the help wanted Extra attention is needed label Feb 4, 2022
@DarkMatterCore DarkMatterCore added the implemented This feature or request has already been implemented label Aug 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request implemented This feature or request has already been implemented
Projects
None yet
Development

No branches or pull requests

2 participants