Difference between revisions of "NRR"

From Nintendo Switch Brew
Jump to navigation Jump to search
(update structure)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Category:File formats]]
 
 
The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.
 
The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.
  
Line 13: Line 12:
 
|-
 
|-
 
| 0x4
 
| 0x4
| 0xC
+
| 0x4
| Reserved
+
| [9.0.0+] CertificationSignatureKeyGeneration (0 or 1)
 
|-
 
|-
| 0x10
 
 
| 0x8
 
| 0x8
| Title ID Mask
 
|-
 
| 0x18
 
 
| 0x8
 
| 0x8
| Title ID Pattern
+
| Reserved
 
|-
 
|-
| 0x20
 
 
| 0x10
 
| 0x10
| Reserved
+
| 0x220
|-
+
| [[#Certification|Certification]]
| 0x30
 
| 0x100
 
| Modulus for verifying the second signature
 
|-
 
| 0x130
 
| 0x100
 
| First signature signed by a Nintendo key, over the above contents
 
 
|-
 
|-
 
| 0x230
 
| 0x230
 
| 0x100
 
| 0x100
| Second signature verifiable with the above key, over the rest of the file
+
| Signature (verifiable with the certification key, over the rest of the file)
 
|-
 
|-
 
| 0x330
 
| 0x330
 
| 0x8
 
| 0x8
| Title ID
+
| ApplicationId
 
|-
 
|-
 
| 0x338
 
| 0x338
 
| 0x4
 
| 0x4
| File Size
+
| Size
 
|-
 
|-
 
| 0x33C
 
| 0x33C
| 0x4
+
| 0x1
| Module Type
+
| NrrKind (0 = User, 1 = JitPlugin)
 +
|-
 +
| 0x33D
 +
| 0x3
 +
| Reserved
 
|-
 
|-
 
| 0x340
 
| 0x340
 
| 0x4
 
| 0x4
| Hash Offset (Always 0x350)
+
| HashOffset (always 0x350)
 
|-
 
|-
 
| 0x344
 
| 0x344
 
| 0x4
 
| 0x4
| Hash Count
+
| NumHash
 
|-
 
|-
 
| 0x348
 
| 0x348
Line 65: Line 56:
 
|-
 
|-
 
| 0x350
 
| 0x350
| 0x20 * Hash Count
+
| 0x20 * NumHash
| NRO hashes (SHA-256)  
+
| NroHashList (SHA-256)
 +
|}
 +
 
 +
= Certification =
 +
{| class="wikitable" border="1"
 +
|-
 +
! Offset
 +
! Size
 +
! Description
 +
|-
 +
| 0x0
 +
| 0x8
 +
| ApplicationIdMask
 +
|-
 +
| 0x8
 +
| 0x8
 +
| ApplicationIdPattern
 +
|-
 +
| 0x10
 +
| 0x10
 +
| Reserved
 +
|-
 +
| 0x20
 +
| 0x100
 +
| PublicKey (modulus for verifying the NRR signature)
 +
|-
 +
| 0x120
 +
| 0x100
 +
| Signature (over the above contents)
 
|}
 
|}

Latest revision as of 18:39, 22 February 2020

The Switch uses the NRR file format to verify NRO at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.

Offset Size Description
0x0 0x4 Magic "NRR0"
0x4 0x4 [9.0.0+] CertificationSignatureKeyGeneration (0 or 1)
0x8 0x8 Reserved
0x10 0x220 Certification
0x230 0x100 Signature (verifiable with the certification key, over the rest of the file)
0x330 0x8 ApplicationId
0x338 0x4 Size
0x33C 0x1 NrrKind (0 = User, 1 = JitPlugin)
0x33D 0x3 Reserved
0x340 0x4 HashOffset (always 0x350)
0x344 0x4 NumHash
0x348 0x8 Reserved
0x350 0x20 * NumHash NroHashList (SHA-256)

Certification

Offset Size Description
0x0 0x8 ApplicationIdMask
0x8 0x8 ApplicationIdPattern
0x10 0x10 Reserved
0x20 0x100 PublicKey (modulus for verifying the NRR signature)
0x120 0x100 Signature (over the above contents)