From a1668b22140206de2be3433d99746967e2fc07bd Mon Sep 17 00:00:00 2001
From: Alex Barney <thealexbarney@gmail.com>
Date: Sun, 9 Sep 2018 20:27:59 -0500
Subject: [PATCH] Update KEYS.md

---
 KEYS.md | 184 ++++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 173 insertions(+), 11 deletions(-)

diff --git a/KEYS.md b/KEYS.md
index a552f612..1a16a865 100644
--- a/KEYS.md
+++ b/KEYS.md
@@ -1,14 +1,176 @@
-### Console-unique keys
+# Keys
 
-The following is an example of what a console-unique keyset might look like. (`sd_seed` is SD card-unique rather than console-unique)
+Keys are required for decrypting most of the file formats used by the Nintendo Switch.
+
+Keysets are stored as text files, and are loaded from `$HOME/.switch`. These 3 filenames are automatically read:  
+`prod.keys` - Contains common keys usedy by all Switch devices.  
+`console.keys` - Contains console-unique keys.  
+`title.keys` - Contains game-specific keys.
+
+#### XTS-AES keys note
+
+The Switch uses 128-bit XTS-AES for decrypting the built-in storage (BIS), NCA header and the SD card contents.
+This encryption method uses 2 128-bit keys: a "data" or "cipher" key, and a "tweak" key.
+
+In the keyfile these are stored as one 256-bit key with the data key first, followed by the tweak key.
+
+## Keyfile format
+
+`prod.keys` and `console.keys` should be in the following format with one key per line:  
+`key_name = hexadecimal_key_value`
+
+e.g. (Not actual keys)
+```
+master_key_00     = 63C9FCB338CDE3D037D29BB66F897C6B
+master_key_01     = 4636CB976DFE95095C1F55151A8326C6
+header_key_source = 343795270AAD5D19EBE2956C9BC71F4C41836B21DC6ACD7BACD4F6AF4816692C
+```
+
+#### Title Keys
+
+`title.keys` should be in the following format with one key per line:  
+`rights_id,hexadecimal_key_value`.
+
+e.g. (Not actual keys)
+```
+01000000000100000000000000000003,B4A1F5575D7D8A81624ED36D4E4BD8FD
+01000000000108000000000000000003,C8AD76F8C78E241ADFEE6EB12E33F1BD
+01000000000108000000000000000004,F9C8EAD30BB594434E4AF62C483CD796
+```
+
+## Keyfile templates
+
+This template contains the keys needed to derive all the keys used by hactoolnet, although not all of them are needed for every task.
+
+Fill out the template with the actual keys to get a working keyfile.
 
 ```
-sd_seed           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-tsec_key          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-secure_boot_key   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-device_key        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-bis_key_00        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-bis_key_01        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-bis_key_02        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-bis_key_03        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-```
\ No newline at end of file
+master_key_source                = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+master_key_00                    = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+master_key_01                    = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+master_key_02                    = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+master_key_03                    = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+master_key_04                    = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+master_key_05                    = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+keyblob_mac_key_source           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+keyblob_key_source_00            = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+keyblob_key_source_01            = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+keyblob_key_source_02            = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+keyblob_key_source_03            = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+keyblob_key_source_04            = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+keyblob_key_source_05            = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+package1_key_00                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+package1_key_01                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+package1_key_02                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+package1_key_03                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+package1_key_04                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+package2_key_source              = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+aes_kek_generation_source        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+aes_key_generation_source        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+titlekek_source                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+key_area_key_application_source  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+key_area_key_ocean_source        = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+key_area_key_system_source       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+sd_card_kek_source               = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+sd_card_save_key_source          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+sd_card_nca_key_source           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+header_kek_source                = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+header_key_source                = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+xci_header_key                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+retail_specific_aes_key_source   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+per_console_key_source           = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+eticket_rsa_kek                  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+bis_key_source_00                = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+bis_key_source_01                = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+bis_key_source_02                = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+bis_kek_source                   = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+```
+
+### Console-unique keys
+
+This template is for console-unique keys.
+
+```
+tsec_key         = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+secure_boot_key  = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+sd_seed          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+
+# The below keys can be derived from tsec_key and secure_boot_key
+device_key       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+bis_key_00       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+bis_key_01       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+bis_key_02       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+bis_key_03       = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+```
+
+## Complete key list
+Below is a complete list of keys that are currently recognized.  
+\## represents a hexadecimal number between 00 and 1F  
+
+### Common keys
+
+```
+master_key_source
+keyblob_mac_key_source
+package2_key_source
+aes_kek_generation_source
+aes_key_generation_source
+key_area_key_application_source
+key_area_key_ocean_source
+key_area_key_system_source
+titlekek_source
+header_kek_source
+header_key_source
+sd_card_kek_source
+sd_card_nca_key_source
+sd_card_save_key_source
+retail_specific_aes_key_source
+per_console_key_source
+bis_kek_source
+bis_key_source_00
+bis_key_source_01
+bis_key_source_02
+
+header_key
+xci_header_key
+eticket_rsa_kek
+
+master_key_##
+package1_key_##
+package2_key_##
+titlekek_##
+key_area_key_application_##
+key_area_key_ocean_##
+key_area_key_system_##
+keyblob_key_source_##
+keyblob_##
+```
+
+### Console-unique keys
+
+```
+secure_boot_key
+tsec_key
+device_key
+bis_key_00
+bis_key_01
+bis_key_02
+bis_key_03
+
+keyblob_key_##
+keyblob_mac_key_##
+encrypted_keyblob_##
+
+sd_seed
+```