Lotus3

From Nintendo Switch Brew
Revision as of 20:02, 1 December 2020 by Hexkyz (talk | contribs) (User firmware)
Jump to navigation Jump to search

The Gamecard ASIC (known internally as the LOTUS3) is a separate chip on the motherboard responsible for communicating with the Gamecard.

It is the Tegra's SDMMC2 device on the Switch and FS communicates with it using a custom protocol based on vendor specific MMC commands.

Protocol

All communication is done using the following MMC_SEND_MANUFACTURER commands.

Command Name
60 #WriteOperation
61 #FinishOperation
62 #Sleep
63 #UpdateKey

WriteOperation

Submits a Gamecard ASIC operation using a 0x40 byte sized buffer as follows.

OperationBuffer

Offset Size Description
0x0 0x1 Gamecard ASIC operation command
0x1 0x1F Operation specific data
0x20 0x20 Command verification value (secure mode only)

FinishOperation

Returns the status of a completed operation.

Sleep

Puts the Gamecard ASIC in sleep mode.

UpdateKey

Tells the Gamecard ASIC to generate new random key data.

ASIC commands

The Gamecard ASIC supports a total of 19 operation commands. These commands are passed to the ASIC using the #WriteOperation MMC command.

Additional data buffers are then read/written using standard MMC read/write commands.

Command Name
0x01 #SetUserAsicFirmware
0x02 #GetAsicCert
0x03 #SetEmmcEmbeddedSocCertificate
0x04 #GetAsicEncryptedMessage
0x05 #SetLibraryEncryptedMessage
0x06 #GetAsicAuthenticationData
0x07 #SetAsicAuthenticationDataHash
0x08 #SetLibraryAuthenticationData
0x09 #GetLibraryAuthenticationDataHash
0x0A #EnterSecureAsicMode
0x0B #WriteAsicRegister
0x0C #ReadAsicRegister
0x0D #ChangeDebugMode
0x0E #GetCardHeader
0x0F #GetCardKeyArea
0x10 #SendCardCommand
0x11 #EnableCardBus
0x12 #ExchangeRandomValuesInSecureMode
0x13 #GetRmaInformation
0x14 [9.0.0+] #ChallengeCardExistence

SetUserAsicFirmware

Signals the Gamecard ASIC to receive a 0x7800 byte sized buffer containing the ASIC's user firmware.

GetAsicCert

Signals the Gamecard ASIC to send a 0x400 byte sized buffer containing the ASIC's certificate.

SetEmmcEmbeddedSocCertificate

Signals the Gamecard ASIC to receive a 0x400 byte sized buffer containing the certificate from GetGameCardCertificate.

GetAsicEncryptedMessage

Signals the Gamecard ASIC to send a 0x100 byte sized buffer containing a RSA-OAEP encrypted message to be decrypted by the host library. The decrypted message will be used to generate a common AES-128 (CBC and CTR) key and IV/CTR shared between the ASIC and the host library.

SetLibraryEncryptedMessage

Signals the Gamecard ASIC to receive a 0x100 byte sized buffer containing a RSA-OAEP encrypted message to be decrypted by the ASIC. The decrypted message will be used to generate a common AES-128 (CBC and CTR) key and IV/CTR shared between the ASIC and the host library.

GetAsicAuthenticationData

Signals the Gamecard ASIC to send a 0x20 byte sized buffer containing AES-128-CBC encrypted authentication data to be decrypted and hashed by the host library.

SetAsicAuthenticationDataHash

Signals the Gamecard ASIC to receive a 0x20 byte sized buffer containing the AES-128-CBC encrypted hash of the ASIC authentication data.

SetLibraryAuthenticationData

Signals the Gamecard ASIC to receive a 0x20 byte sized buffer containing AES-128-CBC encrypted authentication data to be decrypted and hashed by the ASIC.

GetLibraryAuthenticationDataHash

Signals the Gamecard ASIC to send a 0x20 byte sized buffer containing the AES-128-CBC encrypted hash of the library authentication data.

EnterSecureAsicMode

Signals the Gamecard ASIC to enter secure mode. In secure mode, all communication with the Gamecard ASIC must be AES-128-CTR encrypted.

WriteAsicRegister

Signals the Gamecard ASIC to write an internal register. The register value is passed in the first word of a 0x200 byte sized buffer while the register index is passed in the actual #OperationBuffer as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x0B)
0x1 0x3 Padding
0x4 0x4 Gamecard ASIC register index
0x8 0x18 Empty
0x20 0x20 Command verification value

ReadAsicRegister

Signals the Gamecard ASIC to send a 0x30 byte sized buffer containing the values of all ASIC registers as follows.

Offset Size Description
0x0 0x4 Status
0x4 0x4 Access Control
0x8 0x4
0xC 0x4
0x10 0x4
0x14 0x4
0x18 0x4
0x1C 0x4
0x20 0x4
0x24 0x4
0x28 0x4
0x2C 0x4

ChangeDebugMode

Signals the Gamecard ASIC to change into debug mode and send a 0x200 byte sized buffer containing information on the current Gamecard.

GetCardHeader

Signals the Gamecard ASIC to send a 0x108 byte sized buffer containing the current Gamecard's header data as follows.

Offset Size Description
0x0 0x4 CUP Version
0x4 0x4 Gamecard ID1
0x8 0x100 Gamecard Header (without the signature)

GetCardKeyArea

Signals the Gamecard ASIC to send a 0x800 byte sized buffer containing the current Gamecard's key area sectors as follows.

Sector Size Description
0 0x200 Gamecard specific data
1 0x200 Gamecard Certificate
2 0x200 Empty sector (all 0xFF)
3 0x200 Gamecard Initial Data

SendCardCommand

Signals the Gamecard ASIC to relay a specific command to the Gamecard. The command is sent to the Gamecard using the #OperationBuffer as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Page size
0x2 0x1 Direction (0 = read, 1 = write)
0x3 0x1 Padding
0x4 0x4 Page count
0x8 0x1 Gamecard command
0x9 0x17 Command specific data
0x20 0x20 Command verification value

EnableCardBus

Signals the Gamecard ASIC to enable the current Gamecard's bus line.

ExchangeRandomValuesInSecureMode

Signals the Gamecard ASIC to exchange random authentication values with the current Gamecard. The Gamecard response values are returned in a 0x20 sized buffer while the host values are passed in the actual #OperationBuffer as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x12)
0x1 0x1F Random value from host
0x20 0x20 Command verification value

GetRmaInformation

Signals the Gamecard ASIC to send a 0x200 byte sized buffer containing information on the Gamecard ASIC. This is called by GetGameCardAsicInfo.

ChallengeCardExistence

Signals the Gamecard ASIC to exchange random values with the current Gamecard. The Gamecard response values are returned in a 0x58 sized buffer while the host values are passed in the actual #OperationBuffer as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x14)
0x1 0x1F Random value from host
0x20 0x20 Command verification value

Gamecard commands

These commands are issued by the Gamecard ASIC to the actual Gamecard using the #OperationBuffer passed to #SendCardCommand.

Additional data buffers are then read/written using standard MMC read/write commands.

Command Name
0x10 #ReadId1Writer
0x11 #ReadId2Writer
0x12 #ReadId3Writer
0x15 #ReadCrc
0x16 #WritePage
0x18 #Erase
0x19 #ReadDevParam
0x20 #WriteDevParam
0x21 #ReadPageSecure
0x28 #ReadId2Normal
0x2E [2.0.0+] #UnlockForceErase
0x30 #ReadId3Secure
0x39 #SetKey
0x56 #ReadId1Normal
0x83 #WritePageSecure
0x5B #ReadPage
0x67 #ReadId1Secure
0xA5 #ReadId3Normal
0xB8 #Refresh
0xC4 #ReadId2Secure
0xE0 ReadInitialData
0xE2 ChangeInitialData

ReadId1Normal, ReadId1Secure, ReadId1Writer

Returns the Gamecard ID1 under one of the valid Gamecard modes.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 1
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 0
0x8 0x1 Gamecard command (0x10, 0x56 or 0x67)
0x9 0x4 Set to 0
0xD 0x2 Set to 0
0xF 0x1 Set to 0
0x10 0x10 Empty
0x20 0x20 Command verification value

ReadId2Normal, ReadId2Secure, ReadId2Writer

Returns the Gamecard ID2 under one of the valid Gamecard modes.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 1
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 0
0x8 0x1 Gamecard command (0x11, 0x28 or 0xC4)
0x9 0x4 Set to 0
0xD 0x2 Set to 0
0xF 0x1 Set to 0
0x10 0x10 Empty
0x20 0x20 Command verification value

ReadId3Normal, ReadId3Secure, ReadId3Writer

Returns the Gamecard ID3 under one of the valid Gamecard modes.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 1
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 0
0x8 0x1 Gamecard command (0x12, 0x30 or 0xA5)
0x9 0x4 Set to 0
0xD 0x2 Set to 0
0xF 0x1 Set to 0
0x10 0x10 Empty
0x20 0x20 Command verification value

ReadCrc

Reads pages from the Gamecard, calculates their CRC and returns it. This command is only available in Write mode.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 1
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 0
0x8 0x1 Gamecard command (0x15)
0x9 0x4 Gamecard page offset
0xD 0x3 Gamecard page count
0x10 0x10 Empty
0x20 0x20 Command verification value

WritePage, WritePageSecure

Writes Gamecard pages. This command is only available in Write and Secure modes.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 3
0x2 0x1 Set to 1
0x3 0x1 Padding
0x4 0x4 Gamecard page count (duplicate)
0x8 0x1 Gamecard command (0x16 or 0x83)
0x9 0x4 Gamecard page offset
0xD 0x3 Gamecard page count
0x10 0x10 Empty
0x20 0x20 Command verification value

ReadPage, ReadPageSecure

Reads Gamecard pages. This command is only available in Normal and Secure modes.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 3
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Gamecard page count (duplicate)
0x8 0x1 Gamecard command (0x21 or 0x5B)
0x9 0x4 Gamecard page offset
0xD 0x3 Gamecard page count
0x10 0x10 Empty
0x20 0x20 Command verification value

Erase

Fully erases a Gamecard's contents. This command is only available in Write mode.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 1
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 0
0x8 0x1 Gamecard command (0x18)
0x9 0x4 Set to 0
0xD 0x2 Set to 0
0xF 0x1 Set to 0
0x10 0x10 Empty
0x20 0x20 Command verification value

ReadDevParam

Reads a development Gamecard's parameters. This command is only available in Write mode.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 3
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 1
0x8 0x1 Gamecard command (0x19)
0x9 0x4 Set to 0
0xD 0x2 Set to 0
0xF 0x1 Set to 0
0x10 0x10 Empty
0x20 0x20 Command verification value

WriteDevParam

Writes a development Gamecard's parameters. This command is only available in Write mode.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 3
0x2 0x1 Set to 1
0x3 0x1 Padding
0x4 0x4 Set to 1
0x8 0x1 Gamecard command (0x20)
0x9 0x4 Set to 0
0xD 0x2 Set to 0
0xF 0x1 Set to 0
0x10 0x10 Empty
0x20 0x20 Command verification value

SetKey

Sets the Gamecard's internal key data. This command is only available in Secure mode.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 0
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 0
0x8 0x1 Gamecard command (0x39)
0x9 0x4 Set to 0
0xD 0x2 Set to 0
0xF 0x1 Set to 0
0x10 0x10 Empty
0x20 0x20 Command verification value

Refresh

Resets the Gamecard's internal status. This command is only available in Secure mode.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 2
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 0
0x8 0x1 Gamecard command (0xB8)
0x9 0x4 Set to 0
0xD 0x2 Set to 0
0xF 0x1 Set to 0
0x10 0x10 Empty
0x20 0x20 Command verification value

UnlockForceErase

Used by OpenGameCardStorage. This command is only available in Normal mode.

The #OperationBuffer is as follows.

Offset Size Description
0x0 0x1 Gamecard ASIC operation command (0x10)
0x1 0x1 Set to 1
0x2 0x1 Set to 0
0x3 0x1 Padding
0x4 0x4 Set to 0
0x8 0x1 Gamecard command (0x2E)
0x9 0xF Unlock password
0x18 0x8 Empty
0x20 0x20 Command verification value

Modes

Both the Gamecard ASIC and the actual Gamecard can operate in different modes.

ASIC modes

Mode Name
0x00 Initial
0x01 Secure

Gamecard modes

Mode Name
0x00 Initial
0x01 Normal
0x02 Secure
0x03 Write

User firmware

FS provides the appropriate Gamecard ASIC's user firmware (Lotus ASIC Firmware or LAFW) which is encrypted, signed and follows the format below.

Offset Size Description
0x0 0x100 RSA-2048 PKCS #1 signature over the firmware (data from 0x100 to 0x7800)
0x100 0x4 Magic ("LAFW")
0x104 0x4 Unknown (0xFF000000, 0xFFFF0000 or 0xFFFFFF00)
0x108 0x4 Empty
0x10C 0x4 Empty
0x110 0x4 Version (0, 0x1, [4.0.0+] 0x3, [9.0.0+] 0x7, [11.0.0+] 0xF)
0x114 0x4 Unknown (0x80000000)
0x118 0x4 Data size
0x11C 0x4 Empty
0x120 0x10 Encrypted data IV/CTR
0x130 0x10 Placeholder string ("IDIDIDIDIDIDIDID")
0x140 0x40 Empty
0x180 0x7680 Encrypted data

Types

Depending on it's purpose, multiple user firmware blobs exist.

FwRead

Code for reading retail Gamecards. Only the normal and secure Gamecard modes are supported.

Found inside FS.

[4.0.0+] This firmware blob was updated to provide support for new Gamecards.

FwWriter

Code for writing development Gamecards. Only the normal and write Gamecard modes are supported.

Found inside FS.

FwReadDev

Code for reading development Gamecards. Development Gamecards use common initial data which justifies the need for a specialized read firmware.

Found inside FS.

FwDebug

Code for calling #GetRmaInformation. Must be passed as an argument for GetGameCardAsicInfo.

Never observed (possibly factory only).

Anti-downgrade

Loading an user firmware blob with a certain version field will lock the Gamecard ASIC to only allow running firmware blobs with the same or higher version number. Therefore, it is speculated that the Gamecard ASIC contains some sort of non-volatile memory bank which could be used for this purpose (among others).

The FwWriter and FwReadDev blobs' version is always 0, but FwRead blob's version is either 1 or 3 ([4.0.0+]). This effectively locks retail consoles from using the development firmware blobs.