Difference between revisions of "NRR"

From Nintendo Switch Brew
Jump to navigation Jump to search
Line 1: Line 1:
[[Category:File formats]]
 
 
The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.
 
The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.
  
Line 14: Line 13:
 
| 0x4
 
| 0x4
 
| 0x4
 
| 0x4
| [9.0.0+] NRR signing key selector
+
| [9.0.0+] KeyGeneration
 
|-
 
|-
 
| 0x8
 
| 0x8
Line 21: Line 20:
 
|-
 
|-
 
| 0x10
 
| 0x10
| 0x8
+
| 0x220
| Title ID Mask
+
| [[#Certification|Certification]]
|-
 
| 0x18
 
| 0x8
 
| Title ID Pattern
 
|-
 
| 0x20
 
| 0x10
 
| Reserved
 
|-
 
| 0x30
 
| 0x100
 
| Modulus for verifying the second signature
 
|-
 
| 0x130
 
| 0x100
 
| First signature signed by a Nintendo key, over the above contents
 
 
|-
 
|-
 
| 0x230
 
| 0x230
 
| 0x100
 
| 0x100
| Second signature verifiable with the above key, over the rest of the file
+
| Signature (verifiable with the certification key, over the rest of the file)
 
|-
 
|-
 
| 0x330
 
| 0x330
 
| 0x8
 
| 0x8
| Title ID
+
| ApplicationId
 
|-
 
|-
 
| 0x338
 
| 0x338
 
| 0x4
 
| 0x4
| File Size
+
| Size
 
|-
 
|-
 
| 0x33C
 
| 0x33C
| 0x4
+
| 0x1
| Module Type
+
| NrrKind (0 = User, 1 = JitPlugin)
 +
|-
 +
| 0x33D
 +
| 0x3
 +
| Reserved
 
|-
 
|-
 
| 0x340
 
| 0x340
 
| 0x4
 
| 0x4
| Hash Offset (Always 0x350)
+
| HashOffset (always 0x350)
 
|-
 
|-
 
| 0x344
 
| 0x344
 
| 0x4
 
| 0x4
| Hash Count
+
| NumHash
 
|-
 
|-
 
| 0x348
 
| 0x348
Line 69: Line 56:
 
|-
 
|-
 
| 0x350
 
| 0x350
| 0x20 * Hash Count
+
| 0x20 * NumHash
| NRO hashes (SHA-256)  
+
| NroHashList (SHA-256)
 +
|}
 +
 
 +
= Certification =
 +
{| class="wikitable" border="1"
 +
|-
 +
! Offset
 +
! Size
 +
! Description
 +
|-
 +
| 0x0
 +
| 0x8
 +
| ApplicationIdMask
 +
|-
 +
| 0x8
 +
| 0x8
 +
| ApplicationIdPattern
 +
|-
 +
| 0x10
 +
| 0x10
 +
| Reserved
 +
|-
 +
| 0x20
 +
| 0x100
 +
| PublicKey (modulus for verifying the NRR signature)
 +
|-
 +
| 0x120
 +
| 0x100
 +
| Signature (over the above contents)
 
|}
 
|}

Revision as of 18:18, 22 February 2020

The Switch uses the NRR file format to verify NRO at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.

Offset Size Description
0x0 0x4 Magic "NRR0"
0x4 0x4 [9.0.0+] KeyGeneration
0x8 0x8 Reserved
0x10 0x220 Certification
0x230 0x100 Signature (verifiable with the certification key, over the rest of the file)
0x330 0x8 ApplicationId
0x338 0x4 Size
0x33C 0x1 NrrKind (0 = User, 1 = JitPlugin)
0x33D 0x3 Reserved
0x340 0x4 HashOffset (always 0x350)
0x344 0x4 NumHash
0x348 0x8 Reserved
0x350 0x20 * NumHash NroHashList (SHA-256)

Certification

Offset Size Description
0x0 0x8 ApplicationIdMask
0x8 0x8 ApplicationIdPattern
0x10 0x10 Reserved
0x20 0x100 PublicKey (modulus for verifying the NRR signature)
0x120 0x100 Signature (over the above contents)