4,628
edits
Changes
→KIP1
| 0x0
| 0x0
| 0x10
| 0x10
| Decrypted header's CTR. Also used to calculate the size of the entire package2 with the raw header: size = word2 ^ word3 ^ word0.
| Header's CTR, official code copies the pre-decryption CTR over the decrypted result. Also used as metadata.
|-
|-
| 0x10
| 0x10
|-
|-
| 0x5C
| 0x5C
| 0x2
| 0x1
| Version. HighByte must be <{maxver} and LowByte must be >{minver}, where {maxver} and {minver} are constants used by TZ updated with each package1 update.
| Package2 version. Must be >= {minimum valid package2 version} constant in TZ.
|-
| 0x5D
| 0x1
| Bootloader version. Must be <= {current bootloader version} constant in TZ.
|-
|-
| 0x5E
| 0x5E
Each section follows each other immediately and is encrypted with the same key used for encrypting the header.
Each section follows each other immediately and is encrypted with the same key used for encrypting the header.
The section offsets are relative to a base, which is typically 0x80000000 pointing to the base of DRAM.
The section offsets are relative to a base, which is typically 0x80000000 pointing to the base of DRAM.
Before being decrypted, the encrypted header's CTR additionally encodes metadata used to validate package2's contents as follows:
* Size of the entire package2 with the raw header = ctr_word2 ^ ctr_word3 ^ ctr_word0
* Key generation = ((ctr_word1 ^ (ctr_word1 >> 16)) & 0xFF) ^ (ctr_word1 >> 24)
In [4.0.0], the key generation must be less or equal to 4.
== Section 0 ==
== Section 0 ==
== Section 1 ==
== Section 1 ==
When decrypted, this section contains the built-in system modules encapsulated in a custom format.
When decrypted, this section contains the built-in system modules encapsulated in a custom format.
Note: On firmware [[8.0.0]] INI1 is contained within the Kernel and section 1 is empty with NULL SHA256 to match.
=== INI1 ===
=== INI1 ===
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| Magic "INI1"
| Magic "INI1"
|-
|-
| 0x4
| 0x4
| u32
| 0x4
| Size
| Size
|-
|-
| 0x8
| 0x8
| u32
| 0x4
| NumberProcesses
| Number of KIPs (Must be lower than 0x51)
|-
|-
| 0xC
| 0xC
| u32
| 0x4
| Padding (zero)
| Reserved
|}
|}
==== KIP1 ====
==== KIP1 ====
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| Magic "KIP1"
| Magic "KIP1"
|-
|-
| 0x4
| 0x4
| char[12]
| 0xC
| Name
| Name
|-
|-
| 0x10
| 0x10
| u64
| 0x8
| TitleId
| Program ID
|-
|-
| 0x18
| 0x18
| u32
| 0x4
| Process category (0: regular title, 1: kernel built-in). Should be 1 here.
| Version
|-
|-
| 0x1C
| 0x1C
| u8
| 0x1
| Main thread priority
| Main Thread Priority
|-
|-
| 0x1D
| 0x1D
| u8
| 0x1
| Default CPU core
| Main Thread Core Number
|-
|-
| 0x1E
| 0x1E
| u8
| 0x1
| Reserved (unused)
| Reserved
|-
|-
| 0x1F
| 0x1F
| u8
| 0x1
| Flags: bit0-2: compression-enable for each section, when set. Bit3: Is64Bit. Bit4: IsAddrSpace36Bit. Bit5: [2.0.0+] PoolPartitionId. Bit6, Bit7: reserved (unused)
| Flags (bit0=TextCompress, bit1=RoCompress, bit2=DataCompress, bit3=Is64BitInstruction, bit4=ProcessAddressSpace64Bit, bit5=[2.0.0+] UseSecureMemory)
|-
|-
| 0x20
| 0x20
| [[#SectionHeader]][6]
| 0xC
| Sections: .text, .rodata, .data, .bss and two reserved (ignored) sections.
| Text [[#Segment_Header|Segment Header]]
|-
| 0x2C
| 0x4
| Main Thread Affinity Mask
|-
| 0x30
| 0xC
| Ro [[#Segment_Header|Segment Header]]
|-
| 0x3C
| 0x4
| Main Thread Stack Size
|-
| 0x40
| 0xC
| Data [[#Segment_Header|Segment Header]]
|-
| 0x4C
| 0x4
| Reserved
|-
| 0x50
| 0xC
| Bss [[#Segment_Header|Segment Header]]
|-
| 0x5C
| 0x24
| Reserved
|-
|-
| 0x80
| 0x80
| u32[0x20]
| 0x80
| [[NPDM#KernelCapability|Kernel Capability Data]]
|}
|}
===== SectionHeader =====
===== Segment Header =====
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| OutOffset
| Offset
|-
|-
| 0x4
| 0x4
| u32
| 0x4
| DecompressedSize
| Size
|-
|-
| 0x8
| 0x8
| u32
| 0x4
| CompressedSize
| Compressed/Binary Size
|}
|}
Compressed size can be 0 or lower than exepected, this is the case for BSS for example.
Compressed/Binary size can be 0 or lower than expected, this is the case for BSS for example.
===== Compression =====
===== Compression =====
The compression used here is BLZ, with a modified footer since 3ds. The footer is now 0xC bytes instead of 0x8, and has the form u32 compressed_data_len; u32 initial_index; u32 additional_len_when_uncompressed;
The compression used here is BLZ, with a modified footer since 3ds. The footer is now 0xC bytes instead of 0x8, and has the form u32 compressed_data_len; u32 footer_size; u32 additional_len_when_uncompressed;
== Section 2 ==
== Section 2 ==
|-
|-
! System version
! System version
! Package1 maxver constant
! Bootloader current version
! Package2 minimum valid version
! Package2 version field
|-
|-
| [[1.0.0]]
| [[1.0.0]]
| 0x1
| 0x4
|-
| [[2.0.0]]
| 0x2
| 0x2
| 0x5
|-
| [[3.0.0]]
| 0x3
| 0x3
| 0x0104
| 0x6
|-
|-
| [[2.0.0]]
| [[3.0.2]]
| 0x4
| 0x4
| 0x0205
| 0x7
|-
| [[4.0.0]]
| 0x5
| 0x8
|-
|-
| [[4.1.0]]
| [[5.0.0]]
| 0x6
| 0x6
| 0x9
|-
| [[6.0.0]]
| 0x7
| 0x7
| 0x0508
| 0xA
|-
| [[6.2.0]]
| 0x8
| 0xB
|-
| [[7.0.0]]
| 0x9
| 0xC
|-
| [[8.1.0]]
| 0xA
| 0xD
|-
| [[9.0.0]]
| 0xB
| 0xE
|-
| [[9.1.0]]
| 0xC
| 0xF
|-
| [[10.0.0]]
| 0xD
| 0x10
|-
| [[11.0.0]]
| 0xE
| 0x11
|-
| [[12.0.2]]
| 0xF
| 0x12
|-
| [[12.1.0]]
| 0xF
| 0x13
|-
| [[13.0.0]]
| 0xF
| 0x14
|}
|}