Idk, this was like around when *hax 2.8 beta was revealed by smea including the PASLR bypass, I imagine that there was also something said about bypassing the need for speed of a seed for preloads for example. I couldn't find any technical writeup on that (Or I'm to dumb to browse 3dbrew/other sites idk) and I'd like to have somone has has knowledge regarding this, to anser it, I have no actual clue how the seed crypto works etc... So any good answers are appreciated.
Thanks.
Basically, a cia (also physical games, but they never use seed mode) is made up of different partitions, called Contents or NCCHs
The whole cia (but not .3ds or the actually installed files) are protected by a titlekey, itself encrypted with key 0x3D
(installed files have, at this layer, console-specific encryption coming from the movable.sed and other factors = key 0x34)
(physical games use key 0x3B)
Individual contents may or may not be encrypted by some keys (they actually refer to only one part of the final key, the other comes from the ncch itself anyway):
- No encryption at all
- Zerokey
- System fixed key
- Normal key (comes from the bootrom, that's why only as of 2 days ago we got the first PC title decryptor, Slot0x2CKeyX)
- 7.0 key (better known as Slot0x25keyX)
- Secure3 (slot0x18KeyX, N3DS exclusive, Xenoblade uses this)
- Secure4 (slot0x1BKeyX, N3DS exclusive, 9.6+)
Now, my phrase above "the other comes from the ncch itself anyway" is wrong if seed encryption is used (which adds complexity to one of the above, it's not an alternative)
There simply is one more key, which anyone can freely download from the eShop servers (with FBI2, or even just visiting the game's page on the eShop), and is saved to internal storage in the FS driver's save...
The trick, of course, is that Nintendo decides when and for which regions the key should be available (the second problem is easily bypassed, the first.. nope) and is indeed the reason we could download big-name recent games days before launch, even install them because we had the titlekey, but not run them
(The icon was still visible on Home, despite being part of the ExeFS which is inside the NCCH, because some parts of a content like the icon/header/exheader use old-style encryption so that they can be read on outdated consoles - or ones without seed! - and they select which key to use anyway)
Seeds are exclusive to 9.6+ digital titles (not for technical reasons, but it would be stupid to force physical game owners to connect to the eShop)
HBL/Payload updates never claimed to bypass seeds actually, rather they fixed running a .3dsx over a title which uses seed, but you must have that seed installed!
