/dev/crypto
/dev/crypto is the IOSU device node for the cryptographic engine. It can only be opened by the IOSU and it also provides a stripped down library (IOSC) that is implemented on most IOSU modules under the name "crypto_ios_interface". Requests are issued via ioctl()/ioctlv() commands which are then mapped to internal functions inside the IOS-CRYPTO process. This is done using different message queues, each one mapping a subset of commands in a jump table:
0x00: Mapped by the 3rd message queue 0x01: Mapped by the 3rd message queue 0x02: Mapped by the 4th message queue 0x03: Mapped by the 4th message queue 0x04: Mapped by the 4th message queue 0x05: Mapped by the 4th message queue 0x06: Mapped by the 3rd message queue 0x07: Mapped by the 4th message queue 0x08: Mapped by the 4th message queue 0x09: Mapped by the 3rd message queue 0x0A: Mapped by the 3rd message queue 0x0B: Mapped by the 2nd message queue | Mapped by the 4th message queue (async version) 0x0C: Mapped by the 2nd message queue 0x0D: Mapped by the 2nd message queue 0x0E: Mapped by the 4th message queue 0x0F: Mapped by the 2nd message queue | Mapped by the 4th message queue (async version) 0x10: Mapped by the 4th message queue 0x11: Mapped by the 3rd message queue 0x12: Mapped by the 4th message queue 0x13: Mapped by the 4th message queue 0x14: Mapped by the 1st message queue 0x15: Mapped by the 3rd message queue 0x16: Mapped by the 4th message queue 0x17: Mapped by the 4th message queue 0x18: Not mapped 0x19: Mapped by the 2nd message queue 0x1A: Mapped by the 2nd message queue 0x1B: Mapped by the 1st message queue 0x1C: Mapped by the 2nd message queue 0x1D: Mapped by the 1st message queue 0x1E: Mapped by the 1st message queue 0x1F: Mapped by the 4th message queue 0x20: Mapped by the 4th message queue 0x21: Mapped by the 1st message queue 0x22: Mapped by the 3rd message queue
List of functions (ioctl/ioctlv)
| Command | Function | Call | Description | Notes |
|---|---|---|---|---|
| 0x01 | IOSCError IOSC_CreateObject(u32* key_handle, IOSCObjectType type, IOSCObjectSubType subtype); | IOS_Ioctl(FD, 0x01, in_buf, 0x10, out_buf, 4); | Creates a new crypto object and returns a handle for it. | |
| 0x02 | IOSCError IOSC_DeleteObject(u32 key_handle); | IOS_Ioctl(FD, 0x02, in_buf, 4, 0, 0); | Deletes a crypto object. | |
| 0x03 | IOSCError IOSC_ImportSecretKey(IOSCSecretKeyHandle importedHandle, IOSCSecretKeyHandle verifyHandle, IOSCSecretKeyHandle decryptHandle, IOSCSecretKeySecurity flag, u8 * signbuffer, u8 * ivData, u8 * keybuffer); | IOS_Ioctlv(FD, 0x03, 4, 0, vector); | ||
| 0x04 | IOSCError IOSC_ExportSecretKey(IOSCSecretKeyHandle exportedHandle, IOSCSecretKeyHandle signHandle, IOSCSecretKeyHandle encryptHandle, IOSCSecretKeySecurity security_flag, u8 * signbuffer, u8 * ivData, u8 * keybuffer); | IOS_Ioctlv(FD, 0x04, 1, 3, vector); | ||
| 0x05 | IOSCError IOSC_ImportPublicKey(u8 * publicKeyData, u8 * exponent, IOSCPublicKeyHandle publicKeyHandle); | IOS_Ioctlv(FD, 0x05, 3, 0, vector); | ||
| 0x06 | IOSCError IOSC_ExportPublicKey(u8 * publicKeyData, u8 * exponent, IOSCPublicKeyHandle publicKeyHandle); | IOS_Ioctlv(FD, 0x06, 1, 3, vector); | ||
| 0x07 | IOSCError IOSC_ComputeSharedKey(IOSCSecretKeyHandle privateHandle, IOSCPublicKeyHandle publicHandle, IOSCSecretKeyHandle sharedHandle); | IOS_Ioctl(FD, 0x07, in_buf, 0x10, 0, 0); | ||
| 0x08 | IOSCError IOSC_SetData(IOSCDataHandle dataHandle, u32 value); | IOS_Ioctlv(FD, 0x08, 2, 0, vector); | ||
| 0x09 | IOSCError IOSC_GetData(IOSCDataHandle dataHandle, u32 * value); | IOS_Ioctlv(FD, 0x09, 1, 1, vector); | ||
| 0x0A | IOSCError IOSC_GetKeySize(u32 * keySize, IOSCKeyHandle handle); | IOS_Ioctl(FD, 0x0A, in_buf, 4, out_buf, 4); | ||
| 0x0B | IOSCError IOSC_GetSignatureSize(u32 * signSize, int handle); | IOS_Ioctl(FD, 0x0B, in_buf, 4, out_buf, 4); | ||
| 0x0C | IOSCError IOSC_GenerateHash(u8 * context, u8 * inputData, u32 inputSize, u32 chainingFlag, u8 * hashData); / int IOSC_GenerateHashAsync(u8 * context, u8 * inputData, u32 inputSize, u32 chainingFlag, u8 * hashData, int message_queue_id, IOSRequest* reply); | IOS_Ioctlv(FD, 0x0C, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0C, 3, 1, vector, queueid, message); | This function has 2 different implementations, one async and the other not. | |
| 0x0D | IOSCError IOSC_Encrypt(IOSCSecretKeyHandle encryptHandle, u8 * ivData, u8 * inputData, u32 inputSize, u8 * outputData); / int IOSC_EncryptAsync(IOSCSecretKeyHandle encryptHandle, u8 * ivData, u8 * inputData, u32 inputSize, u8 * outputData, int message_queue_id, IOSRequest* reply); | IOS_Ioctlv(FD, 0x0D, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0D, 3, 1, vector, queueid, message); | This function has 2 different implementations, one async and the other not. | |
| 0x0E | IOSCError IOSC_Decrypt(IOSCSecretKeyHandle decryptHandle, u8 * ivData, u8 * inputData, u32 inputSize, u8 * outputData); / int IOSC_DecryptAsync((IOSCSecretKeyHandle decryptHandle, u8 * ivData, u8 * inputData, u32 inputSize, u8 * outputData, int message_queue_id, IOSRequest* request); | IOS_Ioctlv(FD, 0x0E, 3, 1, vector); / IOS_IoctlvAsync(FD, 0x0E, 3, 1, vector, queueid, message); | This function has 2 different implementations, one async and the other not. | |
| 0x0F | IOSCError IOSC_VerifyPublicKeySign(u8 * inputData, u32 inputSize, IOSCPublicKeyHandle publicHandle, u8 * signData); | IOS_Ioctlv(FD, 0x0F, 3, 0, vector); | ||
| 0x10 | IOSCError IOSC_GenerateBlockMAC(u8 * context, u8 * inputData, u32 inputSize, u8 * customData, u32 customDataSize, IOSCSecretKeyHandle signerHandle, u32 chainingFlag, u8 * signData); / IOSCError IOSC_GenerateBlockMACAsync(u8 * context, u8 * inputData, u32 inputSize, u8 * customData, u32 customDataSize, IOSCSecretKeyHandle signerHandle, u32 chainingFlag, u8 * signData, int message_queue_id, IOSRequest* reply); | IOS_Ioctlv(FD, 0x10, 4, 1, vector); / IOS_IoctlvAsync(FD, 0x10, 4, 1, vector, queueid, message); | This function has 2 different implementations, one async and the other not. | |
| 0x11 | IOSCError IOSC_ImportCertificate(u8 * certData, IOSCPublicKeyHandle signerHandle, IOSCPublicKeyHandle publicKeyHandle); | IOS_Ioctlv(FD, 0x11, 2, 0, vector); | ||
| 0x12 | IOSCError IOSC_GetDeviceCertificate(IOSCEccSignedCert * certificate); | IOS_Ioctl(FD, 0x12, 0, 0, out_buf, 0x180); | ||
| 0x13 | IOSCError IOSC_SetOwnership(u32 handle, u32 users); | IOS_Ioctlv(FD, 0x13, 2, 0, vector); | ||
| 0x14 | IOSCError IOSC_GetOwnership(u32 handle, u32 * users); | IOS_Ioctlv(FD, 0x14, 1, 1, vector); | ||
| 0x15 | IOSCError IOSC_GenerateRand(u8 * randBytes, u32 numBytes); | IOS_Ioctl(FD, 0x15, 0, 0, out_buf, out_size); | Generate random data of an arbitrary size. | |
| 0x16 | IOSCError IOSC_GenerateKey(IOSCKeyHandle handle); | IOS_Ioctl(FD, 0x16, in_buf, 4, 0, 0); | ||
| 0x17 | IOSCError IOSC_GeneratePublicKeySign(u8 * hash, u32 hashLength, IOSCSecretKeyHandle signerHandle, u8 * eccSignature); | IOS_Ioctlv(FD, 0x17, 2, 1, vector); | ||
| 0x18 | IOSCError IOSC_GenerateCertificate(IOSCSecretKeyHandle privateHandle, IOSCCertName certname, IOSCEccSignedCert * certificate); | IOS_Ioctlv(FD, 0x18, 2, 1, vector); | ||
| 0x19 | IOSCError IOSC_CheckDiHashes(u8 * destAddr, u8 * diskRdBuf, u32 h1Index, u32 h2Index, u8 * h3Ptr); | IOS_Ioctl(FD, 0x19, ???, ???, ???, ???); | This command is not mapped by the IOS-CRYPTO process. | |
| 0x1A | odm_encrypt() | IOS_Ioctlv(FD, 0x1A, 3, 2, vector); | ||
| 0x1B | odm_generate_session_key() | IOS_Ioctlv(FD, 0x1B, 3, 1, vector); | ||
| 0x1C | get_security_level() | IOS_Ioctl(FD, 0x1C, 0, 0, out_buf, 4); | Gets the security level flag from the OTP. | |
| 0x1D | IOSCError IOSC_ReadHashedBlock(u8 * destAddr, u8 * diskRdBuf, u32 h1Index, u32 h2Index, u8 * h3Ptr); | IOS_Ioctlv(FD, 0x1D, 5, 1, vector); | ||
| 0x1E | read_wii_seeprom_data() | IOS_Ioctl(FD, 0x1E, 0, 0, out_buf, 0x60); | Reads the old Wii SEEPROM certificate data from OTP's bank 6. | |
| 0x1F | generate_wagonu_key() | IOS_Ioctl(FD, 0x1F, in_buf, 0x10, 0, 0); | Generates the 0x12-keyhandle keydata used to encrypt/decrypt data for Wii U to Wii U system transfers. | If in_buf is NULL, a key from SEEPROM is used. If in_buf is not NULL, then it must be a pointer to a user supplied key. |
| 0x20 | IOSC_EncryptBlocks() | IOS_Ioctlv(FD, 0x20, 3, 1, vector); | Software AES encryption, this supports multiple AES-modes (AES-CTR, ...). Used by IOS-PAD to encrypt amiibo data. | |
| 0x21 | IOSC_DecryptBlocks() | IOS_Ioctlv(FD, 0x21, 3, 1, vector); | Software AES decryption version of the above ioctlv. Used by IOS-PAD to decrypt amiibo data. | |
| 0x22 | set_crypto_thread_priority() | IOS_Ioctl(FD, 0x22, in_buf, 4, 0, 0); | Modifies the IOS-CRYPTO main thread's priority. | |
| 0x23 | get_wagon_certificate_data() | IOS_Ioctl(FD, 0x23, in_buf, 0x10, out_buf, out_size); | Gets Wagon certificate data stored inside IOS-CRYPTO. | If the first word in in_buf is 0x00000000, a Root-CA00000003 with 0x400 bytes of size is written to out_buf. If the first word in in_buf is 0x00000001, a Root-CA00000003 MS00000012 with 0x240 bytes of size is written to out_buf. |
Key object handles
The above crypto commands use key/crypto object handles. These handles can be either from IOSC_CreateObject(which can then be initialized with IOSC_ImportSecretKey in the case of AES), or a built-in handle. The available built-in handles/ids are listed below.
The maximum number of keyobject-handles is 0x80, hence the highest valid keyobject-handle is 0x7F. Keyobject-handles <=0x40 are reserved for built-in handles, the rest are available for user-processes. Commands which write keyobjects' keydata are only allowed to use handles with value >0x40 (user-process handles).
| ID | Type | Description |
|---|---|---|
| 0x00 | ECC-233 | IOSC_DEV_SIGNING_KEY_HANDLE (Wii U NG private key) |
| 0x01 | NONE | IOSC_DEV_ID_HANDLE (Wii U NG ID) |
| 0x02 | AES-128 | IOSC_FS_ENC_HANDLE (Wii U SLC key) |
| 0x03 | HMAC SHA-1 | IOSC_FS_MAC_HANDLE (Wii U SLC HMAC) |
| 0x04 | AES-128 | IOSC_COMMON_ENC_HANDLE (Wii common key) |
| 0x05 | AES-128 | IOSC_BACKUP_ENC_HANDLE (Wii U RNG key)
Used by commands 0x15, 0x16, 0x17 and 0x18. |
| 0x06 | AES-128 | IOSC_APP_ENC_HANDLE (Wii SD key) |
| 0x07 | AES-128 | IOSC_BOOTOSVER_ENC_HANDLE (Wii U SEEPROM key) |
| 0x08 | NONE | IOSC_CACRLVER_HANDLE (Unused) |
| 0x09 | NONE | IOSC_SIGNERCRLVER_HANDLE (Unused) |
| 0x0A | NONE | IOSC_FSVER_HANDLE (Unused) |
| 0x0B | AES-128 | IOSC_COMMON2_ENC_HANDLE (Wii Korean key) |
| 0x0C | AES-128 | Wii U drive key
This key is generated by decrypting the SEEPROM drive key with the Wii U SEEPROM key. |
| 0x0D | AES-128 | Wii U Starbuck ancast image key |
| 0x0E | RSA-2048 | Wii U Starbuck ancast image modulus |
| 0x0F | RSA-2048 | Wii U boot1 ancast image modulus |
| 0x10 | AES-128 | Wii U common key |
| 0x11 | AES-128 | Wii U MLC (eMMC) key |
| 0x12 | AES-128 | USB WFS and WagonU key
This key is generated by ECB-encrypting the SEEPROM USB key seed with a key from the OTP. The SEEPROM USB key seed must start with the same first 0x04 bytes as the Wii U NG ID. |
| 0x13 | AES-128 | Wii U SLCCMPT (vWii NAND) key |
| 0x14 | HMAC SHA-1 | Wii U SLCCMPT (vWii NAND) HMAC |
| 0x15 | AES-128 | vWii common key |
| 0x16 | AES-128 | Key to encrypt/decrypt DRH WLAN data |
| 0x17 | AES-128 | UDS local-WLAN CCMP key
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NET). This key is shared with the 3DS. |
| 0x18 | AES-128 | DLP key
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NET). This key is shared with the 3DS. |
| 0x19 | AES-128 | APT wrap key
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-ACP). This key is shared with the 3DS. |
| 0x1A | AES-128 | Unknown |
| 0x1B | AES-128 | Key to encrypt/decrypt SSL RSA key |
| 0x1C | ECC-233 | Wii U private key for NSS device certificate |
| 0x1D | ECC-233 | vWii private key for NSS device certificate |
| 0x1E | AES-128 | Key to encrypt/decrypt APPSTORE objinfo/objdata
This key is the first 0x10 bytes of the Wii U private key for NSS device certificate. |
| 0x1F | AES-128 | Unknown
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NIM-BOSS). |
| 0x20 | UNK | Unknown
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x40 bytes). |
| 0x21 | UNK | Unknown
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x20 bytes). |
| 0x22 | AES-128 | Amiibo HMAC key 1
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD). This key is used to generate a SHA-256 HMAC for the Amiibo data. |
| 0x23 | AES-128 | Amiibo HMAC key 2
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD). This key is used to generate a SHA-256 HMAC for the Amiibo data. |
| 0x24 | AES-128 | NFC key
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD). This key is shared with the 3DS. |
| 0x25 | AES-128 | Key to encrypt/decrypt Wii U NFC key block
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-PAD). This key is used to decrypt a block of 0x70 bytes inside IOS-PAD. Once decrypted, this block contains the Wii U specific "unfixed infos" and "locked secret" keys. |
| 0x26 | AES-128 | Unknown
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (0x10 bytes). |
| 0x27 | AES-128 | Key to encrypt/decrypt "pushmore" links
Generated by XORing the Wii U XOR key and static data inside IOS-CRYPTO (used by IOS-NIM-BOSS). |
| 0x28 | AES-128 | Wii U extra storage key
In debug hardware with an internal HDD (Kiosk and certain DevKits) this key is generated by decrypting the SEEPROM SHDD key with a key from the OTP. In debug hardware without additional internal storage, this is the same as the Wii U MLC (eMMC) key. In retail hardware this key is never set. |
| 0x29 to 0x40 | UNK | Unused |