In memory of Ben “bushing” Byer, who passed away on Monday, February 8th, 2016.

Difference between revisions of "/dev/crypto"

From WiiUBrew
Jump to navigation Jump to search
(Added shared keys)
(More keys)
Line 260: Line 260:
  
 
==Key object handles==
 
==Key object handles==
The above crypto commands use key/crypto object handles. These handles can be either from IOSC_CreateObject(which can then be initialized with import_secret_key in the case of AES), or a built-in handle. The available built-in handles/keyids are listed below.
+
The above crypto commands use key/crypto object handles. These handles can be either from IOSC_CreateObject(which can then be initialized with IOSC_ImportSecretKey in the case of AES), or a built-in handle. The available built-in handles/ids are listed below.
  
The maximum number of keyobject-handles is 0x80, hence the highest valid keyobject-handle is 0x7F. Keyobject-handles <=0x40 are reserved for built-in handles, the rest are available for user-processes. Commands which write keyobjects' keydata are only allowed to use handles with value >0x40(user-process handles).
+
The maximum number of keyobject-handles is 0x80, hence the highest valid keyobject-handle is 0x7F. Keyobject-handles <=0x40 are reserved for built-in handles, the rest are available for user-processes. Commands which write keyobjects' keydata are only allowed to use handles with value >0x40 (user-process handles).
  
 
{| class="wikitable sortable"
 
{| class="wikitable sortable"
Line 271: Line 271:
 
| 0x00
 
| 0x00
 
| ECC-233
 
| ECC-233
| Unknown private key. Possibly vWii NG ECC key.
+
| Wii U NG private key
 
|-
 
|-
 
| 0x01
 
| 0x01
 
| NONE
 
| NONE
| Unknown ID (0x04 bytes). Possibly vWii NG ID.
+
| Wii U NG ID
 
|-
 
|-
 
| 0x02
 
| 0x02
 
| AES-128
 
| AES-128
| Wii U NAND (slc) crypto key.
+
| Wii U SLC (NAND) key
 
|-
 
|-
 
| 0x03
 
| 0x03
 
| HMAC SHA-1
 
| HMAC SHA-1
| Wii U NAND (slc) HMAC.
+
| Wii U SLC (NAND) HMAC
 
|-
 
|-
 
| 0x04
 
| 0x04
 
| AES-128
 
| AES-128
| Old Wii common key.
+
| Wii common key
 
|-
 
|-
 
| 0x05
 
| 0x05
 
| AES-128
 
| AES-128
| Wii U RNG key. Used by commands 0x15, 0x16, 0x17 and 0x18.
+
| Wii U RNG key
 +
Used by commands 0x15, 0x16, 0x17 and 0x18.
 
|-
 
|-
 
| 0x06
 
| 0x06
 
| AES-128
 
| AES-128
| Fixed key stored in IOS-CRYPTO's data.
+
| Wii SD key
 
|-
 
|-
 
| 0x07
 
| 0x07
 
| AES-128
 
| AES-128
| Wii U SEEPROM key.
+
| Wii U SEEPROM key
 
|-
 
|-
 
| 0x08
 
| 0x08
 
| NONE
 
| NONE
| Unused.
+
| Unused
 
|-
 
|-
 
| 0x09
 
| 0x09
 
| NONE
 
| NONE
| Unused.
+
| Unused
 
|-
 
|-
 
| 0x0A
 
| 0x0A
 
| NONE
 
| NONE
| Unused.
+
| Unused
 
|-
 
|-
 
| 0x0B
 
| 0x0B
| UNK
+
| AES-128
| Unknown (0x10 bytes).
+
| Wii Korean key
 
|-
 
|-
 
| 0x0C
 
| 0x0C
 
| AES-128
 
| AES-128
| Wii U drive key.
+
| Wii U drive key
 
  This key is generated by decrypting the SEEPROM drive key with the Wii U SEEPROM key.
 
  This key is generated by decrypting the SEEPROM drive key with the Wii U SEEPROM key.
 
|-
 
|-
 
| 0x0D
 
| 0x0D
 
| AES-128
 
| AES-128
| ARM [[Ancast_Image|Ancast Image]] (this and the below one are for all ARM-ancast images launched via IOS-MCP).
+
| Wii U Starbuck [[Ancast_Image|ancast image]] key
 
|-
 
|-
 
| 0x0E
 
| 0x0E
| RSA-2048 modulus
+
| RSA-2048
| ARM [[Ancast_Image|Ancast Image]] (stored inside IOS-CRYPTO's data).
+
| Wii U Starbuck [[Ancast_Image|ancast image]] modulus
 
|-
 
|-
 
| 0x0F
 
| 0x0F
| RSA-2048 modulus
+
| RSA-2048
| Unknown (stored inside IOS-CRYPTO's data).
+
| Wii U boot1 [[Ancast_Image|ancast image]] modulus
 
|-
 
|-
 
| 0x10
 
| 0x10
 
| AES-128
 
| AES-128
| Wii U common key.
+
| Wii U common key
 
|-
 
|-
 
| 0x11
 
| 0x11
 
| AES-128
 
| AES-128
| MLC WFS crypto key. (0x10 bytes).
+
| Wii U MLC (eMMC) key
 
|-
 
|-
 
| 0x12
 
| 0x12
 
| AES-128
 
| AES-128
| USB WFS and WagonU key.
+
| USB WFS and WagonU key
  This key is generated by ECB-encrypting the SEEPROM USB key seed with a key from the OTP. Some factory code uses a static seed instead.
+
  This key is generated by ECB-encrypting the SEEPROM USB key seed with a key from the OTP.
 +
The SEEPROM USB key seed must start with the same first 0x04 bytes as the Wii U NG ID.
 
|-
 
|-
 
| 0x13
 
| 0x13
 
| AES-128
 
| AES-128
| Old Wii NAND (slccmpt) crypto key.
+
| Wii U SLCCMPT (vWii NAND) key
 
|-
 
|-
 
| 0x14
 
| 0x14
 
| HMAC SHA-1
 
| HMAC SHA-1
| Old Wii NAND (slccmpt) HMAC key.
+
| Wii U SLCCMPT (vWii NAND) HMAC
 
|-
 
|-
 
| 0x15
 
| 0x15
 
| AES-128
 
| AES-128
| vWii common key.
+
| vWii common key
 
|-
 
|-
 
| 0x16
 
| 0x16
 
| AES-128
 
| AES-128
| Key to encrypt DRH WLAN data.
+
| Key to encrypt/decrypt DRH WLAN data
 
|-
 
|-
 
| 0x17
 
| 0x17
 
| AES-128
 
| AES-128
| UDS local-WLAN CCMP key.
+
| UDS local-WLAN CCMP key
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NET).
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NET).
 
  This key is shared with the 3DS.
 
  This key is shared with the 3DS.
Line 371: Line 373:
 
| 0x18
 
| 0x18
 
| AES-128
 
| AES-128
| DLP key.
+
| DLP key
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NET).
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NET).
 
  This key is shared with the 3DS.
 
  This key is shared with the 3DS.
Line 377: Line 379:
 
| 0x19
 
| 0x19
 
| AES-128
 
| AES-128
| APT wrap key.
+
| APT wrap key
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-ACP).
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-ACP).
 
  This key is shared with the 3DS.
 
  This key is shared with the 3DS.
 
|-
 
|-
 
| 0x1A
 
| 0x1A
| UNK
+
| AES-128
| Unknown (0x10 bytes).
+
| Unknown
 
|-
 
|-
 
| 0x1B
 
| 0x1B
 
| AES-128
 
| AES-128
| Key to encrypt/decrypt SSL RSA key.
+
| Key to encrypt/decrypt SSL RSA key
 
|-
 
|-
 
| 0x1C
 
| 0x1C
| UNK
+
| ECC-233
| Unknown (0x1E bytes).
+
| Wii U private key for NSS device certificate
 
|-
 
|-
 
| 0x1D
 
| 0x1D
| UNK
+
| ECC-233
| Unknown (0x1E bytes).
+
| vWii private key for NSS device certificate
 
|-
 
|-
 
| 0x1E
 
| 0x1E
 
| AES-128
 
| AES-128
| Unknown (used by IOS-NET).
+
| Key to encrypt/decrypt APPSTORE objinfo/objdata
 +
This key is the first 0x10 bytes of the Wii U private key for NSS device certificate.
 
|-
 
|-
 
| 0x1F
 
| 0x1F
 
| AES-128
 
| AES-128
| Unknown.
+
| Unknown
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NIM-BOSS).
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NIM-BOSS).
 
|-
 
|-
 
| 0x20
 
| 0x20
 
| UNK
 
| UNK
| Unknown.
+
| Unknown
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x40 bytes).
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x40 bytes).
 
|-
 
|-
 
| 0x21
 
| 0x21
 
| UNK
 
| UNK
| Unknown.
+
| Unknown
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x40 bytes).
+
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x20 bytes).
 
|-
 
|-
 
| 0x22
 
| 0x22
| UNK
+
| AES-128
| Unknown.
+
| Amiibo HMAC key 1
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x40 bytes).
+
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD).
 +
This key is used to generate a SHA-256 HMAC for the Amiibo data.
 
|-
 
|-
 
| 0x23
 
| 0x23
| UNK
+
| AES-128
| Unknown.
+
| Amiibo HMAC key 2
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x40 bytes).
+
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD).
 +
This key is used to generate a SHA-256 HMAC for the Amiibo data.
 
|-
 
|-
 
| 0x24
 
| 0x24
| UNK
+
| AES-128
| Unknown.
+
| NFC key
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x10 bytes).
+
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD).
 +
This key is shared with the 3DS.
 
|-
 
|-
 
| 0x25
 
| 0x25
| UNK
+
| AES-128
| Unknown.
+
| Key to encrypt/decrypt Wii U NFC key block
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x10 bytes).
+
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD).
 +
This key is used to decrypt a block of 0x70 bytes inside IOS-PAD.
 +
Once decrypted, this block contains the Wii U specific "unfixed infos" and "locked secret" keys.
 
|-
 
|-
 
| 0x26
 
| 0x26
| UNK
+
| AES-128
| Unknown.
+
| Unknown
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x10 bytes).
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x10 bytes).
 
|-
 
|-
 
| 0x27
 
| 0x27
 
| AES-128
 
| AES-128
| Unknown.
+
| Key to encrypt/decrypt "pushmore" links
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NIM-BOSS).
 
  Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NIM-BOSS).
 
|-
 
|-
 
| 0x28
 
| 0x28
 
| AES-128
 
| AES-128
| Devkit key.
+
| Wii U extra storage key
  This unknown key is only generated in devkit units by decrypting the SEEPROM devkit key with a key from the OTP,
+
  In debug hardware with an internal HDD (Kiosk and certain DevKits) this key is generated by decrypting the SEEPROM SHDD key with a key from the OTP.
  or by taking a different key from the OTP if the SEEPROM one is not set.
+
In debug hardware without additional internal storage, this is the same as the Wii U MLC (eMMC) key.
 +
  In retail hardware this key is never set.
 
|-
 
|-
 
| 0x29 to 0x40
 
| 0x29 to 0x40
 
| UNK
 
| UNK
| Unused.
+
| Unused
 
|}
 
|}

Revision as of 22:20, 19 December 2016

/dev/crypto is the IOSU device node for the cryptographic engine. It can only be opened by the IOSU and it also provides a stripped down library (IOSC) that is implemented on most IOSU modules under the name "crypto_ios_interface". Requests are issued via ioctl()/ioctlv() commands which are then mapped to internal functions inside the IOS-CRYPTO process. This is done using different message queues, each one mapping a subset of commands in a jump table: 

0x00: Mapped by the 3rd message queue
0x01: Mapped by the 3rd message queue
0x02: Mapped by the 4th message queue
0x03: Mapped by the 4th message queue
0x04: Mapped by the 4th message queue
0x05: Mapped by the 4th message queue
0x06: Mapped by the 3rd message queue
0x07: Mapped by the 4th message queue
0x08: Mapped by the 4th message queue
0x09: Mapped by the 3rd message queue
0x0A: Mapped by the 3rd message queue
0x0B: Mapped by the 2nd message queue | Mapped by the 4th message queue (async version)
0x0C: Mapped by the 2nd message queue
0x0D: Mapped by the 2nd message queue
0x0E: Mapped by the 4th message queue
0x0F: Mapped by the 2nd message queue | Mapped by the 4th message queue (async version)
0x10: Mapped by the 4th message queue
0x11: Mapped by the 3rd message queue
0x12: Mapped by the 4th message queue
0x13: Mapped by the 4th message queue
0x14: Mapped by the 1st message queue
0x15: Mapped by the 3rd message queue
0x16: Mapped by the 4th message queue
0x17: Mapped by the 4th message queue
0x18: Not mapped
0x19: Mapped by the 2nd message queue
0x1A: Mapped by the 2nd message queue
0x1B: Mapped by the 1st message queue
0x1C: Mapped by the 2nd message queue
0x1D: Mapped by the 1st message queue
0x1E: Mapped by the 1st message queue
0x1F: Mapped by the 4th message queue
0x20: Mapped by the 4th message queue
0x21: Mapped by the 1st message queue
0x22: Mapped by the 3rd message queue

List of functions (ioctl/ioctlv)

Command Function Call Description Notes
0x01 IOSC_CreateObject() IOS_Ioctl(FD, 0x01, in_buf, 0x10, out_buf, 4); Creates a new crypto object and returns a handle for it.
0x02 IOSC_DeleteObject() IOS_Ioctl(FD, 0x02, in_buf, 4, 0, 0); Deletes a crypto object.
0x03 IOSC_ImportSecretKey() IOS_Ioctlv(FD, 0x03, 4, 0, vector);
0x04 keyring_deallocate_entry() IOS_Ioctlv(FD, 0x04, 1, 3, vector);
0x05 import_pub_key() IOS_Ioctlv(FD, 0x05, 3, 0, vector);
0x06 export_root() IOS_Ioctlv(FD, 0x06, 1, 3, vector);
0x07 compute_shared_key() IOS_Ioctl(FD, 0x07, in_buf, 0x10, 0, 0);
0x08 set_device_id() IOS_Ioctlv(FD, 0x08, 2, 0, vector);
0x09 get_device_id() IOS_Ioctlv(FD, 0x09, 1, 1, vector);
0x0A get_key_size() IOS_Ioctl(FD, 0x0A, in_buf, 4, out_buf, 4);
0x0B get_key_userdata_size() IOS_Ioctl(FD, 0x0B, in_buf, 4, out_buf, 4);
0x0C IOSC_GenerateHash() / IOSC_GenerateHashAsync(); IOS_Ioctlv(FD, 0x0C, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0C, 3, 1, vector, queueid, message); This function has 2 different implementations, one async and the other not.
0x0D IOSC_Encrypt() / IOSC_EncryptAsync() IOS_Ioctlv(FD, 0x0D, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0D, 3, 1, vector, queueid, message); This function has 2 different implementations, one async and the other not.
0x0E IOSC_Decrypt() / IOSC_DecryptAsync() IOS_Ioctlv(FD, 0x0E, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0E, 3, 1, vector, queueid, message); This function has 2 different implementations, one async and the other not.
0x0F verify_public_key_sign() IOS_Ioctlv(FD, 0x0F, 3, 0, vector);
0x10 IOSC_GenerateBlockMAC() / IOSC_GenerateBlockMACAsync() IOS_Ioctlv(FD, 0x10, 4, 1, vector); / IOS_IoctlvAsync(FD, 0x10, 4, 1, vector, queueid, message); This function has 2 different implementations, one async and the other not.
0x11 verify_cert() IOS_Ioctlv(FD, 0x11, 2, 0, vector);
0x12 get_device_cert() IOS_Ioctl(FD, 0x12, 0, 0, out_buf, 0x180);
0x13 set_title_key_ownership() IOS_Ioctlv(FD, 0x13, 2, 0, vector);
0x14 get_title_key_ownership() IOS_Ioctlv(FD, 0x14, 1, 1, vector);
0x15 IOSC_GenerateRand() IOS_Ioctl(FD, 0x15, 0, 0, out_buf, out_size); Generate random data of an arbitrary size.
0x16 generate_secret_key() IOS_Ioctl(FD, 0x16, in_buf, 4, 0, 0);
0x17 sign() IOS_Ioctlv(FD, 0x17, 2, 1, vector);
0x18 IOSC_GenerateCertificate() IOS_Ioctlv(FD, 0x18, 2, 1, vector);
0x19 Unknown IOS_Ioctl(FD, 0x19, ???, ???, ???, ???); This command is not mapped by the IOS-CRYPTO process.
0x1A odm_encrypt() IOS_Ioctlv(FD, 0x1A, 3, 2, vector);
0x1B odm_generate_session_key() IOS_Ioctlv(FD, 0x1B, 3, 1, vector);
0x1C get_security_level() IOS_Ioctl(FD, 0x1C, 0, 0, out_buf, 4); Gets the security level flag from the OTP.
0x1D cryptoReadHashedBlock() IOS_Ioctlv(FD, 0x1D, 5, 1, vector);
0x1E read_wii_seeprom_data() IOS_Ioctl(FD, 0x1E, 0, 0, out_buf, 0x60); Reads the old Wii SEEPROM certificate data from OTP's bank 6.
0x1F generate_wagonu_key() IOS_Ioctl(FD, 0x1F, in_buf, 0x10, 0, 0); Generates the 0x12-keyhandle keydata used to encrypt/decrypt data for Wii U to Wii U system transfers. If in_buf is NULL, a key from SEEPROM is used. If in_buf is not NULL, then it must be a pointer to a user supplied key.
0x20 IOSC_EncryptBlocks() IOS_Ioctlv(FD, 0x20, 3, 1, vector); Software AES encryption, this supports multiple AES-modes (AES-CTR, ...). Used by IOS-PAD to encrypt amiibo data.
0x21 IOSC_DecryptBlocks() IOS_Ioctlv(FD, 0x21, 3, 1, vector); Software AES decryption version of the above ioctlv. Used by IOS-PAD to decrypt amiibo data.
0x22 set_crypto_thread_priority() IOS_Ioctl(FD, 0x22, in_buf, 4, 0, 0); Modifies the IOS-CRYPTO main thread's priority.
0x23 get_wagon_certificate_data() IOS_Ioctl(FD, 0x23, in_buf, 0x10, out_buf, out_size); Gets Wagon certificate data stored inside IOS-CRYPTO. If the first word in in_buf is 0x00000000, a Root-CA00000003 with 0x400 bytes of size is written to out_buf. If the first word in in_buf is 0x00000001, a Root-CA00000003 MS00000012 with 0x240 bytes of size is written to out_buf.

Key object handles

The above crypto commands use key/crypto object handles. These handles can be either from IOSC_CreateObject(which can then be initialized with IOSC_ImportSecretKey in the case of AES), or a built-in handle. The available built-in handles/ids are listed below.

The maximum number of keyobject-handles is 0x80, hence the highest valid keyobject-handle is 0x7F. Keyobject-handles <=0x40 are reserved for built-in handles, the rest are available for user-processes. Commands which write keyobjects' keydata are only allowed to use handles with value >0x40 (user-process handles).

ID Type Description
0x00 ECC-233 Wii U NG private key
0x01 NONE Wii U NG ID
0x02 AES-128 Wii U SLC (NAND) key
0x03 HMAC SHA-1 Wii U SLC (NAND) HMAC
0x04 AES-128 Wii common key
0x05 AES-128 Wii U RNG key 
Used by commands 0x15, 0x16, 0x17 and 0x18.
0x06 AES-128 Wii SD key
0x07 AES-128 Wii U SEEPROM key
0x08 NONE Unused
0x09 NONE Unused
0x0A NONE Unused
0x0B AES-128 Wii Korean key
0x0C AES-128 Wii U drive key 
This key is generated by decrypting the SEEPROM drive key with the Wii U SEEPROM key.
0x0D AES-128 Wii U Starbuck ancast image key
0x0E RSA-2048 Wii U Starbuck ancast image modulus
0x0F RSA-2048 Wii U boot1 ancast image modulus
0x10 AES-128 Wii U common key
0x11 AES-128 Wii U MLC (eMMC) key
0x12 AES-128 USB WFS and WagonU key 
This key is generated by ECB-encrypting the SEEPROM USB key seed with a key from the OTP.
The SEEPROM USB key seed must start with the same first 0x04 bytes as the Wii U NG ID.
0x13 AES-128 Wii U SLCCMPT (vWii NAND) key
0x14 HMAC SHA-1 Wii U SLCCMPT (vWii NAND) HMAC
0x15 AES-128 vWii common key
0x16 AES-128 Key to encrypt/decrypt DRH WLAN data
0x17 AES-128 UDS local-WLAN CCMP key 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NET).
This key is shared with the 3DS.
0x18 AES-128 DLP key 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NET).
This key is shared with the 3DS.
0x19 AES-128 APT wrap key 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-ACP).
This key is shared with the 3DS.
0x1A AES-128 Unknown
0x1B AES-128 Key to encrypt/decrypt SSL RSA key
0x1C ECC-233 Wii U private key for NSS device certificate
0x1D ECC-233 vWii private key for NSS device certificate
0x1E AES-128 Key to encrypt/decrypt APPSTORE objinfo/objdata 
This key is the first 0x10 bytes of the Wii U private key for NSS device certificate.
0x1F AES-128 Unknown 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NIM-BOSS).
0x20 UNK Unknown 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x40 bytes).
0x21 UNK Unknown 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x20 bytes).
0x22 AES-128 Amiibo HMAC key 1 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD).
This key is used to generate a SHA-256 HMAC for the Amiibo data.
0x23 AES-128 Amiibo HMAC key 2 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD).
This key is used to generate a SHA-256 HMAC for the Amiibo data.
0x24 AES-128 NFC key 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD).
This key is shared with the 3DS.
0x25 AES-128 Key to encrypt/decrypt Wii U NFC key block 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD).
This key is used to decrypt a block of 0x70 bytes inside IOS-PAD.
Once decrypted, this block contains the Wii U specific "unfixed infos" and "locked secret" keys.
0x26 AES-128 Unknown 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x10 bytes).
0x27 AES-128 Key to encrypt/decrypt "pushmore" links 
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NIM-BOSS).
0x28 AES-128 Wii U extra storage key 
In debug hardware with an internal HDD (Kiosk and certain DevKits) this key is generated by decrypting the SEEPROM SHDD key with a key from the OTP.
In debug hardware without additional internal storage, this is the same as the Wii U MLC (eMMC) key.
In retail hardware this key is never set.
0x29 to 0x40 UNK Unused
Retrieved from "https://wiiubrew.org/w/index.php?title=/dev/crypto&oldid=2382"