STFS

Secure Transacted File System. A package type; file format used for storing game saves and various other content for the Microsoft Xbox 360 console. Package size is always on a 4096 (0x1000) byte block bounds

A header for an STFS package consists of a 0x4 long Magic (CON /PIRS/LIVE), a X.509 (PKI) certificate which holds console specific information as well as the Public Key Exponent and Modulus (signed with PKCS1 (1024 bit) RSA signature) and a PKCS1 RSA signature that's generated from a HMAC SHA#1 hash that's been ran over the header. A series of 16 licenses 0x10 long with 0x8 reserved for the license; 0x4 for flags and 0x4 for info bits. The header also holds a SHA#1 digest of the header (0x344 - 0x9FFF) followed by an Int32 (big endian byte order) value indicating the base hash block and also the STFS type (calculated like: value + 0xFFF And 0xF000).

Next a content type Enum is written (indicating what the package contains and how the data is to be handled; also indicates the corresponding folder the package should be placed in). After that.. metadata for the package is written (containing descriptions, IDs game title, save name, a SHA#1 hash of the top level hash block, a count of valid/old data blocks and a descriptor for the STFS) followed by an icon for the package and an icon for the content.

0xA000/0xB000 are reserved as the base hash blocks (which will be used is based on the base hash block value in the header), these blocks are also considered level 0 of the digest tree (level 1 is determined depending on the base block, block shift/step in the descriptor). Each hash block can contain up to 170 (0x1000 / 0x18) 0x18 byte long hashes (0x14 for the hash/0x1 for info/0x3 for corresponding data block status). I'm not going to go in depth with how the hash tree/levels work.

0xC000 is reserved as the base file table. Each file table entry is 0x40 bytes in length and each file table can hold up to 64 (0x40) entries (0x40 Mod 0x1000). An entry consists of an ASCII file name, file name length byte value (determined like: value And 0x3F), a count of blocks reserved for the file, a count of blocks in use by the file, block offset of first block in file (Int24), flags determining if file is stored in root or specific folder), size of file in bytes, creation datetime (FATX) timestamp and a modified datetime (FATX) timestamp.