Difference between revisions of "NRR"
Jump to navigation
Jump to search
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | |||
The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256. | The Switch uses the NRR file format to verify [[NRO]] at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256. | ||
| Line 10: | Line 9: | ||
| 0x0 | | 0x0 | ||
| 0x4 | | 0x4 | ||
| − | | Magic "NRR0" | + | | Magic ("NRR0") |
|- | |- | ||
| 0x4 | | 0x4 | ||
| 0x4 | | 0x4 | ||
| − | | [9.0.0+] | + | | [9.0.0+] SignatureKeyGeneration |
|- | |- | ||
| 0x8 | | 0x8 | ||
| Line 21: | Line 20: | ||
|- | |- | ||
| 0x10 | | 0x10 | ||
| − | | | + | | 0x220 |
| − | | | + | | [[#Certification|Certification]] |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | | | ||
|- | |- | ||
| 0x230 | | 0x230 | ||
| 0x100 | | 0x100 | ||
| − | | | + | | Signature (verifiable with the certification key, over the rest of the file) |
|- | |- | ||
| 0x330 | | 0x330 | ||
| 0x8 | | 0x8 | ||
| − | | | + | | ApplicationId |
|- | |- | ||
| 0x338 | | 0x338 | ||
| 0x4 | | 0x4 | ||
| − | | | + | | Size |
|- | |- | ||
| 0x33C | | 0x33C | ||
| − | | | + | | 0x1 |
| − | | | + | | NrrKind (0 = User, 1 = JitPlugin) |
| + | |- | ||
| + | | 0x33D | ||
| + | | 0x3 | ||
| + | | Reserved | ||
|- | |- | ||
| 0x340 | | 0x340 | ||
| 0x4 | | 0x4 | ||
| − | | | + | | HashOffset (always 0x350) |
|- | |- | ||
| 0x344 | | 0x344 | ||
| 0x4 | | 0x4 | ||
| − | | | + | | NumHash |
|- | |- | ||
| 0x348 | | 0x348 | ||
| Line 69: | Line 56: | ||
|- | |- | ||
| 0x350 | | 0x350 | ||
| − | | 0x20 * | + | | 0x20 * NumHash |
| − | | | + | | NroHashList (SHA-256) |
| + | |} | ||
| + | |||
| + | = Certification = | ||
| + | {| class="wikitable" border="1" | ||
| + | |- | ||
| + | ! Offset | ||
| + | ! Size | ||
| + | ! Description | ||
| + | |- | ||
| + | | 0x0 | ||
| + | | 0x8 | ||
| + | | ApplicationIdMask | ||
| + | |- | ||
| + | | 0x8 | ||
| + | | 0x8 | ||
| + | | ApplicationIdPattern | ||
| + | |- | ||
| + | | 0x10 | ||
| + | | 0x10 | ||
| + | | Reserved | ||
| + | |- | ||
| + | | 0x20 | ||
| + | | 0x100 | ||
| + | | PublicKey (modulus for verifying the NRR signature) | ||
| + | |- | ||
| + | | 0x120 | ||
| + | | 0x100 | ||
| + | | Signature (over the above contents) | ||
|} | |} | ||
Latest revision as of 19:25, 18 April 2022
The Switch uses the NRR file format to verify NRO at load time. These files contain hashes of each NRO that is allowed to be loaded by the program. An NRO's SHA-256 hash must match any of the hashes in the hash table. NRRs are signed with RSASSA-PSS-2048/SHA-256.
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Magic ("NRR0") |
| 0x4 | 0x4 | [9.0.0+] SignatureKeyGeneration |
| 0x8 | 0x8 | Reserved |
| 0x10 | 0x220 | Certification |
| 0x230 | 0x100 | Signature (verifiable with the certification key, over the rest of the file) |
| 0x330 | 0x8 | ApplicationId |
| 0x338 | 0x4 | Size |
| 0x33C | 0x1 | NrrKind (0 = User, 1 = JitPlugin) |
| 0x33D | 0x3 | Reserved |
| 0x340 | 0x4 | HashOffset (always 0x350) |
| 0x344 | 0x4 | NumHash |
| 0x348 | 0x8 | Reserved |
| 0x350 | 0x20 * NumHash | NroHashList (SHA-256) |
Certification
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x8 | ApplicationIdMask |
| 0x8 | 0x8 | ApplicationIdPattern |
| 0x10 | 0x10 | Reserved |
| 0x20 | 0x100 | PublicKey (modulus for verifying the NRR signature) |
| 0x120 | 0x100 | Signature (over the above contents) |