Difference between revisions of "NRR"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256. | The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256. | ||
| + | |||
| + | = NrrHeader = | ||
| + | This is "nn::ro::detail::NrrHeader". | ||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
| Line 9: | Line 12: | ||
| 0x0 | | 0x0 | ||
| 0x4 | | 0x4 | ||
| − | | | + | | Signature ("NRR0") |
|- | |- | ||
| 0x4 | | 0x4 | ||
| − | | | + | | 0x1 |
| − | | [9.0.0+] | + | | [9.0.0+] SignKeyGeneration |
|- | |- | ||
| − | | | + | | 0x5 |
| − | | | + | | 0xB |
| Reserved | | Reserved | ||
|- | |- | ||
| 0x10 | | 0x10 | ||
| 0x220 | | 0x220 | ||
| − | | [[# | + | | [[#NrrCertification|Certification]] |
|- | |- | ||
| 0x230 | | 0x230 | ||
| 0x100 | | 0x100 | ||
| − | | | + | | Sign (signature verifiable with the certification key, over the rest of the file) |
|- | |- | ||
| 0x330 | | 0x330 | ||
| 0x8 | | 0x8 | ||
| − | | | + | | ProgramId |
|- | |- | ||
| 0x338 | | 0x338 | ||
| Line 45: | Line 48: | ||
| 0x340 | | 0x340 | ||
| 0x4 | | 0x4 | ||
| − | | | + | | HashListOffsetAddress (always 0x350) |
|- | |- | ||
| 0x344 | | 0x344 | ||
| Line 60: | Line 63: | ||
|} | |} | ||
| − | = | + | = NrrCertification = |
| + | This is "nn::ro::detail::NrrCertification". | ||
| + | |||
{| class="wikitable" border="1" | {| class="wikitable" border="1" | ||
|- | |- | ||
| Line 69: | Line 74: | ||
| 0x0 | | 0x0 | ||
| 0x8 | | 0x8 | ||
| − | | | + | | ProgramIdMask |
|- | |- | ||
| 0x8 | | 0x8 | ||
| 0x8 | | 0x8 | ||
| − | | | + | | ProgramIdPattern |
|- | |- | ||
| 0x10 | | 0x10 | ||
| Line 85: | Line 90: | ||
| 0x120 | | 0x120 | ||
| 0x100 | | 0x100 | ||
| − | | | + | | Sign (signature over the above contents) |
|} | |} | ||
Latest revision as of 19:43, 25 September 2024
The Switch uses the NRR file format to verify NRO at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.
NrrHeader
This is "nn::ro::detail::NrrHeader".
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Signature ("NRR0") |
| 0x4 | 0x1 | [9.0.0+] SignKeyGeneration |
| 0x5 | 0xB | Reserved |
| 0x10 | 0x220 | Certification |
| 0x230 | 0x100 | Sign (signature verifiable with the certification key, over the rest of the file) |
| 0x330 | 0x8 | ProgramId |
| 0x338 | 0x4 | Size |
| 0x33C | 0x1 | NrrKind (0 = User, 1 = JitPlugin) |
| 0x33D | 0x3 | Reserved |
| 0x340 | 0x4 | HashListOffsetAddress (always 0x350) |
| 0x344 | 0x4 | NumHash |
| 0x348 | 0x8 | Reserved |
| 0x350 | 0x20 * NumHash | NroHashList (SHA-256) |
NrrCertification
This is "nn::ro::detail::NrrCertification".
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x8 | ProgramIdMask |
| 0x8 | 0x8 | ProgramIdPattern |
| 0x10 | 0x10 | Reserved |
| 0x20 | 0x100 | PublicKey (modulus for verifying the NRR signature) |
| 0x120 | 0x100 | Sign (signature over the above contents) |