NRR

Revision as of 19:43, 25 September 2024 by Hexkyz (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The Switch uses the NRR file format to verify NRO at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.

NrrHeader

This is "nn::ro::detail::NrrHeader".

Offset Size Description
0x0 0x4 Signature ("NRR0")
0x4 0x1 [9.0.0+] SignKeyGeneration
0x5 0xB Reserved
0x10 0x220 Certification
0x230 0x100 Sign (signature verifiable with the certification key, over the rest of the file)
0x330 0x8 ProgramId
0x338 0x4 Size
0x33C 0x1 NrrKind (0 = User, 1 = JitPlugin)
0x33D 0x3 Reserved
0x340 0x4 HashListOffsetAddress (always 0x350)
0x344 0x4 NumHash
0x348 0x8 Reserved
0x350 0x20 * NumHash NroHashList (SHA-256)

NrrCertification

This is "nn::ro::detail::NrrCertification".

Offset Size Description
0x0 0x8 ProgramIdMask
0x8 0x8 ProgramIdPattern
0x10 0x10 Reserved
0x20 0x100 PublicKey (modulus for verifying the NRR signature)
0x120 0x100 Sign (signature over the above contents)