Nintendo Switch Brew

Package2: Difference between revisions

← Older editNewer edit →
m Formatting fix
(30 intermediate revisions by 7 users not shown)
Line 71: Line 71:
|-
|-
| 0x5C
| 0x5C
| 0x2
| 0x1
| Version. HighByte must be <{maxver} and LowByte must be >{minver}, where {maxver} and {minver} are constants used by TZ updated with each package1 update.
| Package2 version. Must be >= {minimum valid package2 version} constant in TZ.
|-
| 0x5D
| 0x1
| Bootloader version. Must be <= {current bootloader version} constant in TZ.
|-
|-
| 0x5E
| 0x5E
Line 132: Line 136:
Before being decrypted, the encrypted header's CTR additionally encodes metadata used to validate package2's contents as follows:
Before being decrypted, the encrypted header's CTR additionally encodes metadata used to validate package2's contents as follows:
* Size of the entire package2 with the raw header = ctr_word2 ^ ctr_word3 ^ ctr_word0
* Size of the entire package2 with the raw header = ctr_word2 ^ ctr_word3 ^ ctr_word0
* Metadata version field = ((ctr_word1 ^ (ctr_word1 >> 16)) & 0xFF) ^ (ctr_word1 >> 24)
* Key generation = ((ctr_word1 ^ (ctr_word1 >> 16)) & 0xFF) ^ (ctr_word1 >> 24)


In [4.0.0], the metadata version field must be less or equal to 4.
In [4.0.0], the key generation must be less or equal to 4.


== Section 0 ==
== Section 0 ==
Line 141: Line 145:
== Section 1 ==
== Section 1 ==
When decrypted, this section contains the built-in system modules encapsulated in a custom format.
When decrypted, this section contains the built-in system modules encapsulated in a custom format.
Note: On firmware [[8.0.0]] INI1 is contained within the Kernel and section 1 is empty with NULL SHA256 to match.


=== INI1 ===
=== INI1 ===
Line 146: Line 152:
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| Magic "INI1"
| Magic "INI1"
|-
|-
| 0x4
| 0x4
| u32
| 0x4
| Size
| Size
|-
|-
| 0x8
| 0x8
| u32
| 0x4
| NumberProcesses
| Number of KIPs (Must be lower than 0x51)
|-
|-
| 0xC
| 0xC
| u32
| 0x4
| Padding (zero)
| Reserved
|}
|}


==== KIP1 ====
==== KIP1 ====
Kernel internal process?
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| Magic "KIP1"
| Magic "KIP1"
|-
|-
| 0x4
| 0x4
| char[12]
| 0xC
| Name
| Name
|-
|-
| 0x10
| 0x10
| u64
| 0x8
| TitleId
| Program ID
|-
|-
| 0x18
| 0x18
| u32
| 0x4
| Process category (0: regular title, 1: kernel built-in). Should be 1 here.
| Version
|-
|-
| 0x1C
| 0x1C
| u8
| 0x1
| Main thread priority
| Main Thread Priority
|-
|-
| 0x1D
| 0x1D
| u8
| 0x1
| Default CPU core
| Main Thread Core Number
|-
|-
| 0x1E
| 0x1E
| u8
| 0x1
| Reserved (unused)
| Reserved
|-
|-
| 0x1F
| 0x1F
| u8
| 0x1
| Flags: bit0-2: compression-enable for each section, when set. Bit3: Is64Bit. Bit4: IsAddrSpace36Bit. Bit5: [2.0.0+] PoolPartitionId. Bit6, Bit7: reserved (unused)
| Flags (bit0=TextCompress, bit1=RoCompress, bit2=DataCompress, bit3=Is64BitInstruction, bit4=ProcessAddressSpace64Bit, bit5=[2.0.0+] UseSecureMemory)
|-
|-
| 0x20
| 0x20
| [[#SectionHeader]][6]
| 0xC
| Sections: .text, .rodata, .data, .bss and two reserved (ignored) sections.
| Text [[#Segment_Header|Segment Header]]
|-
| 0x2C
| 0x4
| Main Thread Affinity Mask
|-
| 0x30
| 0xC
| Ro [[#Segment_Header|Segment Header]]
|-
|-
| 0x3C
| 0x4
| Main Thread Stack Size
|-
| 0x40
| 0xC
| Data [[#Segment_Header|Segment Header]]
|-
| 0x4C
| 0x4
| Reserved
|-
| 0x50
| 0xC
| Bss [[#Segment_Header|Segment Header]]
|-
| 0x5C
| 0x24
| Reserved
|-
| 0x80
| 0x80
| 0x80
| u32[0x20]
| [[NPDM#KernelCapability|Kernel Capability Data]]
| KernelCaps
|}
|}


===== SectionHeader =====
===== Segment Header =====
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| OutOffset
| Offset
|-
|-
| 0x4
| 0x4
| u32
| 0x4
| DecompressedSize
| Size
|-
|-
| 0x8
| 0x8
| u32
| 0x4
| CompressedSize
| Compressed/Binary Size
|-
| 0xC
| u32
| Attribute: the size in pages of the main thread's stack for .rodata, reserved otherwise.
|}
|}


Compressed size can be 0 or lower than exepected, this is the case for BSS for example.
Compressed/Binary size can be 0 or lower than expected, this is the case for BSS for example.


===== Compression =====
===== Compression =====
The compression used here is BLZ, with a modified footer since 3ds. The footer is now 0xC bytes instead of 0x8, and has the form u32 compressed_data_len; u32 initial_index; u32 additional_len_when_uncompressed;
The compression used here is BLZ, with a modified footer since 3ds. The footer is now 0xC bytes instead of 0x8, and has the form u32 compressed_data_len; u32 footer_size; u32 additional_len_when_uncompressed;


== Section 2 ==
== Section 2 ==
Line 255: Line 283:
|-
|-
! System version
! System version
! Package1 maxver constant
! Bootloader current version
! Package1 minver constant
! Package2 minimum valid version
! Package2 version field
|-
|-
| [[1.0.0]]
| [[1.0.0]]
| 0x1
| 0x4
|-
| [[2.0.0]]
| 0x2
| 0x2
| 0x5
|-
| [[3.0.0]]
| 0x3
| 0x3
| 0x0104
| 0x6
|-
|-
| [[2.0.0]]
| [[3.0.2]]
| 0x3
| 0x4
| 0x4
| 0x0205
| 0x7
|-
|-
| [[3.0.0]]
| [[4.0.0]]
| 0x4
| 0x5
| 0x5
| 0x0306
| 0x8
|-
|-
| [[3.0.2]]
| [[5.0.0]]
| 0x5
| 0x6
| 0x6
| 0x0407
| 0x9
|-
|-
| [[4.0.0]]
| [[6.0.0]]
| 0x6
| 0x7
| 0x7
| 0x0508
| 0xA
|-
| [[6.2.0]]
| 0x8
| 0xB
|-
| [[7.0.0]]
| 0x9
| 0xC
|-
| [[8.1.0]]
| 0xA
| 0xD
|-
| [[9.0.0]]
| 0xB
| 0xE
|-
| [[9.1.0]]
| 0xC
| 0xF
|-
| [[10.0.0]]
| 0xD
| 0x10
|-
| [[11.0.0]]
| 0xE
| 0x11
|-
| [[12.0.2]]
| 0xF
| 0x12
|-
| [[12.1.0]]
| 0xF
| 0x13
|-
| [[13.0.0]]
| 0xF
| 0x14
|}
|}


Line 291: Line 361:


=== Retail Modulus ===
=== Retail Modulus ===
<syntaxhighlight>
  8D 13 A7 77 6A E5 DC C0 3B 25 D0 58 E4 20 69 59
00000000: 8D13A777 6AE5DCC0 3B25D058 E4206959 ..§wjåÜÀ;%ÐXä iY
  55 4B AB 70 40 08 28 07 A8 A7 FD 0F 31 2E 11 FE
00000010: 554BAB70 40082807 A8A7FD0F 312E11FE UK«p@.(.¨§ý.1..þ
  47 A0 F9 9D DF 80 DB 86 5A 27 89 CD 97 6C 85 C5
00000020: 47A0F99D DF80DB86 5A2789CD 976C85C5 G ù.߀ۆZ'‰Í—l…Å
  6C 39 7F 41 F2 FF 24 20 C3 95 A6 F7 9D 4A 45 74
00000030: 6C397F41 F2FF2420 C395A6F7 9D4A4574 l9.Aòÿ$ Õ¦÷.JEt
  8B 5D 28 8A C6 99 35 68 85 A5 64 32 80 9F D3 48
00000040: 8B5D288A C6993568 85A56432 809FD348 ‹](ŠÆ™5h…¥d2€ŸÓH
  39 A2 1D 24 67 69 DF 75 AC 12 B5 BD C3 29 90 BE
00000050: 39A21D24 6769DF75 AC12B5BD C32990BE 9¢.$gißu¬.µ½Ã).¾
  37 E4 A0 80 9A BE 36 BF 1F 2C AB 2B AD F5 97 32
00000060: 37E4A080 9ABE36BF 1F2CAB2B ADF59732 7ä €š¾6¿.,«+.õ—2
  9A 42 9D 09 8B 08 F0 63 47 A3 E9 1B 36 D8 2D 8A
00000070: 9A429D09 8B08F063 47A3E91B 36D82D8A šB..‹.ðcG£é.6Ø-Š
  D7 E1 54 11 95 E4 45 88 69 8A 2B 35 CE D0 A5 0B
00000080: D7E15411 95E44588 698A2B35 CED0A50B ×áT.•äEˆiŠ+5ÎÐ¥.
  D5 5D AC DB AF 11 4D CA B8 1E E7 01 9E F4 46 A3
00000090: D55DACDB AF114DCA B81EE701 9EF446A3 Õ]¬Û¯.Mʸ.ç.žôF£
  8A 94 6D 76 BD 8A C8 3B D2 31 58 0C 79 A8 26 E9
000000A0: 8A946D76 BD8AC83B D231580C 79A826E9 Š”mv½ŠÈ;Ò1X.y¨&é
  D1 79 9C CB D4 2B 6A 4F C6 CC CF 90 A7 B9 98 47
000000B0: D1799CCB D42B6A4F C6CCCF90 A7B99847 ÑyœËÔ+jOÆÌÏ.§¹˜G
  FD FA 4C 6C 6F 81 87 3B CA B8 50 F6 3E 39 5D 4D
000000C0: FDFA4C6C 6F81873B CAB850F6 3E395D4D ýúLlo.‡;ʸPö>9]M
  97 3F 0F 35 39 53 FB FA CD AB A8 7A 62 9A 3F F2
000000D0: 973F0F35 3953FBFA CDABA87A 629A3FF2 —?.59SûúÍ«¨zbš?ò
  09 27 96 3F 07 9A 91 F7 16 BF C6 3A 82 5A 4B CF
000000E0: 0927963F 079A91F7 16BFC63A 825A4BCF .'–?.š‘÷.¿Æ:‚ZKÏ
  49 50 95 8C 55 80 7E 39 B1 48 05 1E 21 C7 24 4F
000000F0: 4950958C 55807E39 B148051E 21C7244F IP•ŒU€~9±H..!Ç$O
</syntaxhighlight>


=== Debug Modulus ===
=== Debug Modulus ===
Retrieved from "https://switchbrew.org/wiki/Package2"