Difference between revisions of "NRR"

From Nintendo Switch Brew
Jump to navigation Jump to search
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:File formats]]
 
 
The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.
 
The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.
 +
 +
= NrrHeader =
 +
This is "nn::ro::detail::NrrHeader".
  
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
Line 10: Line 12:
 
| 0x0
 
| 0x0
 
| 0x4
 
| 0x4
| Magic "NRR0"
+
| Signature ("NRR0")
 
|-
 
|-
 
| 0x4
 
| 0x4
| 0x4
+
| 0x1
| [9.0.0+] NRR signing key selector
+
| [9.0.0+] SignKeyGeneration
 
|-
 
|-
| 0x8
+
| 0x5
| 0x8
+
| 0xB
 
| Reserved
 
| Reserved
 
|-
 
|-
 
| 0x10
 
| 0x10
| 0x8
+
| 0x220
| Title ID Mask
+
| [[#NrrCertification|Certification]]
|-
 
| 0x18
 
| 0x8
 
| Title ID Pattern
 
|-
 
| 0x20
 
| 0x10
 
| Reserved
 
|-
 
| 0x30
 
| 0x100
 
| Modulus for verifying the second signature
 
|-
 
| 0x130
 
| 0x100
 
| First signature signed by a Nintendo key, over the above contents
 
 
|-
 
|-
 
| 0x230
 
| 0x230
 
| 0x100
 
| 0x100
| Second signature verifiable with the above key, over the rest of the file
+
| Sign (signature verifiable with the certification key, over the rest of the file)
 
|-
 
|-
 
| 0x330
 
| 0x330
 
| 0x8
 
| 0x8
| Title ID
+
| ProgramId
 
|-
 
|-
 
| 0x338
 
| 0x338
 
| 0x4
 
| 0x4
| File Size
+
| Size
 
|-
 
|-
 
| 0x33C
 
| 0x33C
| 0x4
+
| 0x1
| Module Type
+
| NrrKind (0 = User, 1 = JitPlugin)
 +
|-
 +
| 0x33D
 +
| 0x3
 +
| Reserved
 
|-
 
|-
 
| 0x340
 
| 0x340
 
| 0x4
 
| 0x4
| Hash Offset (Always 0x350)
+
| HashListOffsetAddress (always 0x350)
 
|-
 
|-
 
| 0x344
 
| 0x344
 
| 0x4
 
| 0x4
| Hash Count
+
| NumHash
 
|-
 
|-
 
| 0x348
 
| 0x348
Line 69: Line 59:
 
|-
 
|-
 
| 0x350
 
| 0x350
| 0x20 * Hash Count
+
| 0x20 * NumHash
| NRO hashes (SHA-256)  
+
| NroHashList (SHA-256)
 +
|}
 +
 
 +
= NrrCertification =
 +
This is "nn::ro::detail::NrrCertification".
 +
 
 +
{| class="wikitable" border="1"
 +
|-
 +
! Offset
 +
! Size
 +
! Description
 +
|-
 +
| 0x0
 +
| 0x8
 +
| ProgramIdMask
 +
|-
 +
| 0x8
 +
| 0x8
 +
| ProgramIdPattern
 +
|-
 +
| 0x10
 +
| 0x10
 +
| Reserved
 +
|-
 +
| 0x20
 +
| 0x100
 +
| PublicKey (modulus for verifying the NRR signature)
 +
|-
 +
| 0x120
 +
| 0x100
 +
| Sign (signature over the above contents)
 
|}
 
|}

Latest revision as of 19:43, 25 September 2024

The Switch uses the NRR file format to verify NRO at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.

NrrHeader

This is "nn::ro::detail::NrrHeader".

Offset Size Description
0x0 0x4 Signature ("NRR0")
0x4 0x1 [9.0.0+] SignKeyGeneration
0x5 0xB Reserved
0x10 0x220 Certification
0x230 0x100 Sign (signature verifiable with the certification key, over the rest of the file)
0x330 0x8 ProgramId
0x338 0x4 Size
0x33C 0x1 NrrKind (0 = User, 1 = JitPlugin)
0x33D 0x3 Reserved
0x340 0x4 HashListOffsetAddress (always 0x350)
0x344 0x4 NumHash
0x348 0x8 Reserved
0x350 0x20 * NumHash NroHashList (SHA-256)

NrrCertification

This is "nn::ro::detail::NrrCertification".

Offset Size Description
0x0 0x8 ProgramIdMask
0x8 0x8 ProgramIdPattern
0x10 0x10 Reserved
0x20 0x100 PublicKey (modulus for verifying the NRR signature)
0x120 0x100 Sign (signature over the above contents)
Retrieved from "https://switchbrew.org/w/index.php?title=NRR&oldid=12896"