DeadlyFoez said:
Slowking said:
http://www.youtube.com/watch?v=eVXfgg7otJw It's a side note while talking about the different securiy measures this and last gens consoles.
Oh, Yeah, I did see that. But I don't remember them mentioning the 3DS, nor was the 3DS released yet so there is no way they could have commented on the NAND of the 3DS.
No, they commented on the Wiis Nand, which you were talking about in the post I quoted. Try to read your own posts next time. XD
Sorry, getting lost on things since this is a 3DS thread. But the filesystem is not encrypted. Boot0, Boot1, and the individual files are encrypted, but not the file system itself.
and for proof, I just asked pune on IRC
QUOTE Question, is the wii's filesystem encrypted?
which wii?
i think a betwiin made with my library will work just as fast as ohneswanzenegger. so it should work in like 3-7 minutes
People are saying the wii's filesystem is encrypted, I'm under the belief that it is not.
which wii?
all wii's
in general
depends on which part of the filesystem you are talking abut
just about the file system, obviously not the files
directory structure and file names
those are not
Thank you.
http://www.wiibrew.org/wiki/NAND
search for "plain text"
which parts are encrypted?
you can decrypt boot2 since the ticket and tmd are readable from the nand directly before it. and all the directory tree and filenames is not encrypted 1 little bit
they are signed with hmac, so you cannot edit the names, but you can still read them
it is the actual data that belongs to the files that is encrypted
Ok and here is the page from www.wiibrew.org/wiki/NAND that pune was referring to. Notice what I have bolded out for you guys to see.
QUOTE
Physical layout
The NAND flash device is divided into 4096 blocks of 8 clusters. Each cluster is 8 pages. Each page is 2048 bytes of data and 64 bytes of "spare data" (used for error-correction (ECC) data and HMAC signatures on individual clusters).
Block 0 (pages 0-0x3F): boot1
boot1 is the second-stage bootloader; it is decrypted by boot0, which resides on a read-only mask rom inside the Starlet coprocessor. Its primary function is to load and decrypt boot2.
Block 0 is guaranteed by the manufacturer to be valid, so there is no bad block map necessary.
Blocks 1-7 (Pages 0x40 - 0x1ff) : boot2 (two copies and blockmaps)
boot2 is the third-stage bootloader; it is stored in a modified WAD format, including a ticket that is encrypted with the common key and signed.
Block 8 / Cluster 0x40 / Page 0x200: beginning of per-console unique data
Clusters 0x40 - 0x7EFF: Encrypted filesystem data. Data is encrypted with a per-console AES key, and then signed with a (separate, per-console) HMAC key.
Clusters 0x7F00-0x7FFF: Filesystem metadata (SFFS, unencrypted). There are 16 superblocks contained therein -- one every 16 clusters.
Metadata layout
The authoritative source of information about the Wii's metadata layout is Segher's zestig.c, but here is an attempt to describe that in English.
Each metadata "superblock" starts with the 4 magic bytes "SFFS", followed by a 4-byte "generation number" and another 4-byte number (always 0x10?). When accessing the FS, IOS will choose the superblock with the highest generation number and use it; whenever it modifies the filesystem in any way, it will increment the generation number by 1 and write out an entirely new superblock in the next slot (in round-robin order).
The next 0x10000 bytes (bytes 0xc:0x1000c within the superblock) are 0x8000 2-byte cluster numbers, and comprise the FAT.
The FAT is followed by the FST -- the tree structure containing the directory hierarchy and (plaintext!) filenames.
FAT
The FAT contains cluster chain / allocation information for the entire NAND chip, including parts of it which are not technically part of the filesystem!
The first 64 entries will always be 0xFFFC, which indicates that this cluster is "reserved". These correspond to the first 64 clusters or 8 blocks -- which is where boot1 and boot2 are stored.
Special values include:
0xFFFB - last cluster within a chain
0xFFFC - reserved cluster
0xFFFD - bad block (marked at factory) -- you should always see these in groups of 8 (8 clusters per NAND block)
0xFFFE - empty (unused / available) space
Otherwise, the value stored within a slot in the FAT for a given cluster points to the next cluster in the chain, similar to the FAT used in DOS. Therefore, in order to figure out what clusters belong to what file, you must use the information in the FST to find the starting cluster for each file, and then follow each cluster chain.
FST
Each entry in the FST is 0x20 bytes. Here is a typical entry for a leaf node (regular file):