5.0.0: Difference between revisions

From Nintendo Switch Brew
Jump to navigation Jump to search
better SMC change description
 
(25 intermediate revisions by 5 users not shown)
Line 5: Line 5:
==Change-log==
==Change-log==
[http://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/p/897 Official] ALL change-log:
[http://en-americas-support.nintendo.com/app/answers/detail/a_id/22525/p/897 Official] ALL change-log:
* Added the following system functionality
*Added the following system functionality
* Facebook and Twitter friends that also use Nintendo Switch can now be added through Friend Suggestions  
:* Facebook and Twitter friends that also use Nintendo Switch can now be added through Friend Suggestions  
* Friend suggestions are based on the Facebook and Twitter accounts you have linked to your Nintendo Account
::* Friend suggestions are based on the Facebook and Twitter accounts you ''have linked to your Nintendo Account''
* To view your friend suggestions, from the top left of the HOME Menu head to your User Page  > Friend Suggestions
::* To view your friend suggestions, from the top left of the HOME Menu head to your User Page  > Friend Suggestions
* You must be 13 or older to use this feature
::* You must be 13 or older to use this feature
* Select from 24 new ARMS and the Kirby series icons for your user
:* Select from 24 new ARMS and the Kirby series icons for your user
* To edit your user icon, head to your My Page on the top left of the Home Menu > Profile
::* To edit your user icon, head to your My Page on the top left of the Home Menu > Profile
* Digital software purchases made from a PC or smart device will start downloading sooner than previously, even if the Nintendo Switch console is in Sleep Mode  
:* Digital software purchases made from a PC or smart device will start downloading sooner than previously, even if the Nintendo Switch console is in Sleep Mode
* Filter News to view only unread news or news from specific channels
:* Filter News to view only unread news or news from specific channels
* To keep the Parental Controls PIN private, the default method for PIN entry has been changed to entering using the Control Stick and buttons instead of the on-screen number pad
:* To keep the Parental Controls PIN private, the default method for PIN entry has been changed to entering using the Control Stick and buttons instead of the on-screen number pad
* When prompted to enter you Parental Controls PIN, press and hold the + Button to change between input methods  
::* When prompted to enter you Parental Controls PIN, press and hold the + Button to change between input methods  
* Captured videos in the Album will be restricted by Parental Controls depending on the Restricted Software setting and Software Rating Organization
:* Captured videos in the Album will be restricted by Parental Controls depending on the Restricted Software setting and Software Rating Organization
* Using the Nintendo Switch Parental Controls app, add specific software titles to your whitelist to exclude them from the console’s Parental Controls Restricted Software setting
:* ''Using the Nintendo Switch Parental Controls app'', add specific software titles to your whitelist to exclude them from the console’s Parental Controls Restricted Software setting
* Play-Time Limit restrictions will still apply even when the software title has been whitelisted.
::* Play-Time Limit restrictions will still apply even when the software title has been whitelisted.
* Receive notification when pre-purchased software is ready to play
:* Receive notification when pre-purchased software is ready to play
* Nintendo Switch Pro Controller grip colors will now display in the Controllers menu
:* Nintendo Switch Pro Controller grip colors will now display in the Controllers menu
* General system stability improvements to enhance the user's experience, including:
* General system stability improvements to enhance the user's experience, including:
* Resolved an issue that caused Play Activity to display incorrectly in the Profile section of your User Page
:* Resolved an issue that caused Play Activity to display incorrectly in the Profile section of your User Page


==System Titles==
==System Titles==
<fill this in (manually) later>
All 01000000000010XX titles and most 01000000000008XX titles were updated. Some 8XX titles were just rebuilt with the new NCA crypto without actual RomFS-content changes.


* 0100000000000824(Mariko Config), 0100000000000825, 0100000000000826 were added.
* 0100000000000824(Mariko Config), 0100000000000825, 0100000000000826 were added.
Line 32: Line 32:
** 0100000000000826 contains a 0x40-byte "/version" file, this is all-zero except for '0' at offset 0x20.
** 0100000000000826 contains a 0x40-byte "/version" file, this is all-zero except for '0' at offset 0x20.


The built codebins now have padding in .text after every function for 0x10-byte alignment.
The only 8XX titles with actual changes are (besides sysver-title, see below for FIRM):
* 801 (Support Error Codes)
* 803 (web-applet "shareddata:/")
* 804 (HTML resources for "Intellectual Property Notices" / "Health & Safety Information")
** "/legallines.htdocs/index.html" was updated with a Twitter mention, and a license section for "Software License for The Fraunhofer FDK AAC Codec Library for Android" was added.
** "/safe.htdocs/html/EU{XX}/index.html" was updated.
* 806 (Bad words)
* 807 ([[Hotspot List]])
** This was updated with more hotspots (these networks use encryption): "nintendoappdebug1", "Nintendo App Debug2", "Nintendo App Debug3", and "NCL-NZSERVICE1-5GHZ".
* 80A (Chara)
* 80B (Offline news)
* 80E (Geo Zoneinfo)
* 810-814 (All fonts)
* 818 (System-config)
* 81E (Controller gfx/icon data + dummy file)
** "/lyt/ColorTable" and "/lyt/footer/controllerIcon.bntx" were updated. The "01-00" image showing handheld-mode with detached joy-cons was replaced with a blank image.
* 81F (Icosa system config)
* 820 (Copper system config)
* 821 (Hoag system config)
* 822 (Firmware binaries for peripherals)
** The following was updated: "FirmwareInfo.csv", "tera_ota.bin", "tera_ota_iap.bin", and "ukyosakyo_ep2_ota.bin".
* 823
 
The built codebins now have padding in .text after every function for 0x10-byte alignment (and other compiler changes).
 
The SDK included with titles (main-codebin) for NV changed/updated NVIDIA hw strings:
 
Previous version:
  00000000: 4e56 4944 4941 2054 6567 7261 204b 3100  NVIDIA Tegra K1.
  00000010: 4e56 4944 4941 2054 6567 7261 2058 31    NVIDIA Tegra X1
 
Current version:
  00000000: 4e56 4944 4941 2054 6567 7261 2f4e 696e  NVIDIA Tegra/Nin
  00000010: 7465 6e64 6f20 5377 6974 6368 004e 5649  tendo Switch.NVI
  00000020: 4449 4120 5465 6772 6120 5832 0047 5031  DIA Tegra X2.GP1
  00000030: 3042 0047 5031 3036 0047 5031 3036 2d41  0B.GP106.GP106-A
  00000040: 0047 6546 6f72 6365 2047 5458 2031 3036  .GeForce GTX 106
  00000050: 3020 3347 4200 4765 466f 7263 6520 4754  0 3GB.GeForce GT
  00000060: 5820 3130 3630 2036 4742 0047 6546 6f72  X 1060 6GB.GeFor
  00000070: 6365 2047 5458 2031 3035 3000 4765 466f  ce GTX 1050.GeFo
  00000080: 7263 6520 4754 5820 3130 3630 0047 6546  rce GTX 1060.GeF
  00000090: 6f72 6365 2047 5458 2031 3035 3020 5469  orce GTX 1050 Ti
  000000a0: 0047 5031 3036 474c 2d41 0051 7561 6472  .GP106GL-A.Quadr
  000000b0: 6f20 5032 3030 3000 4750 3130 362d 4200  o P2000.GP106-B.
  000000c0: 4750 3130 3647 4c2d 42                  GP106GL-B


===FIRM===
===FIRM===
Everything under RomFS was updated.
All FIRM titles were updated, and everything under RomFS was updated.


A new folder "a" was added, in addition to the existing "nx" folder, containing a separate "bct" and "package1". Both of these seem encrypted/meant for the new "Mariko" hardware that support was added for.
A new folder "a" was added, in addition to the existing "nx" folder, containing a separate "bct" and "package1". Both of these seem encrypted/meant for the new "Mariko" hardware that support was added for.
The following firm-sysmodules was added to both safemode-firm, which were originally in separate sysmodule-titles: [[Bus_services|Bus]], [[PCV_services|PCV]], and [[PSC_services|psc]].
All firm-sysmodules were updated (might be due to updated (?) rtld).


====Secure Monitor====
====Secure Monitor====
The [[Memory_layout|Memory layout]] was changed significantly:
The [[Memory_layout|Memory layout]] was changed significantly:
* .text, .rodata, and .data are now separate sections, instead of being mapped RWX.
* .text, .rodata, and .data are now separate sections, mapped with correct permissions (RX, RO, RW, respectively), instead of being mapped RWX.
* Physical layout in TZRAM changed significantly, with pk2ldr being in low TZRAM instead of high TZRAM.
* Physical layout in TZRAM changed significantly, with pk2ldr being in low TZRAM instead of high TZRAM, etc.


In addition, there were changes to the [[SMC]] interface:
In addition, there were changes to the [[SMC]] interface:


* smcGenerateSpecificAesKey was updated to support generating previous 4.x+ device key(s).
* smcLoadSecureExpModKey/smcLoadRsaOaepKey/smcDecryptRsaPrivateKey no longer exist.
* smcLoadSecureExpModKey/smcLoadRsaOaepKey/smcDecryptRsaPrivateKey no longer exist.
* smcLoadRsaOaepKey was replaced with smcEncryptRsaPrivateKeyForImport.
* smcLoadRsaOaepKey was replaced with smcEncryptRsaPrivateKeyForImport.
Line 55: Line 96:
** All keys which were previously imported with specific keys now first call smcEncryptRsaPrivateKeyForImport with the appopriate enum member to get a sealed copy of the RSA key, then smcDecryptOrImportRsaPrivateKey to import/unseal the key when needed.
** All keys which were previously imported with specific keys now first call smcEncryptRsaPrivateKeyForImport with the appopriate enum member to get a sealed copy of the RSA key, then smcDecryptOrImportRsaPrivateKey to import/unseal the key when needed.
* smcGetConfig was extended with two new config items:
* smcGetConfig was extended with two new config items:
* -GetConfig(16) now does the following, which seems to check whether the Switch is running on a Tegra 210:
** GetConfig(16), which seems to check whether the Switch is running on a Tegra 210:
     return (FUSE_RESERVED_ODM4 & 0x800) &&  FUSE_RESERVED_ODM0 == 0x8E61ECAE &&  FUSE_RESERVED_ODM1  == 0xF2BA3BB2 ?  (FUSE_RESERVED_ODM2 & 0x1F) : 0
     return (FUSE_RESERVED_ODM4 & 0x800) &&  FUSE_RESERVED_ODM0 == 0x8E61ECAE &&  FUSE_RESERVED_ODM1  == 0xF2BA3BB2 ?  (FUSE_RESERVED_ODM2 & 0x1F) : 0
* Getconfig(17) now checks whether package2 is plaintext or encrypted.
** Getconfig(17), which returns the Package2 hash if booting from recovery mode.


<fill in the rest later>
<fill in the rest later>
Line 64: Line 105:
* Kernel Address Space Layout Randomization was added.
* Kernel Address Space Layout Randomization was added.
** Instead of using a hardcoded address for per-CPU region, they now use x18 to point to the per-CPU region.
** Instead of using a hardcoded address for per-CPU region, they now use x18 to point to the per-CPU region.
* 5 new syscalls
* When using most [[SMC]]s, IRQs are now disabled first then restored to original state afterwards. x18 is also reinitialized right after most SMCs (see above).
* 5 new syscalls.
** Syscalls 0x48+0x49 (svcAllocateUserHeapMemory+svcFreeUserHeapMemory) are used by [[AM_services|AM]]-sysmodule.
*** This is used to allocate Application pool.
** Syscall 0x4A (svcSetUserHeapMemoryAllocationMax) is used by [[Process_Manager_services|PM]]-sysmodule.
*** This allows PM to set a limit on the number of bytes AM can allocate from Application pool.
** Syscall 0x6F (svcGetMemoryInfo) is used by FS, SM, and PM.
** Syscall 0x2E (svcGetNextThreadInfo) was added, but it only works on dev units.
*** Allows fetching how many bytes free/occupied by the different pools.
** svcControlCodeMemory was [[SVC#svcControlCodeMemory|updated]].
* NPDM irq_id's are no longer checked to be < 0x100, instead max-value is loaded from per-cpu state.
* The order slabheaps are laid out in memory is now randomized.
* There are now 4 memory pool partitions.
** This fixes sysmodule takeover with GMMU hax.


===[[Internet Browser]]===
===[[Internet Browser]]===
Line 70: Line 124:


In the [[NPDM]], besides the RSA region the only changes were the kernel-release-version descriptor + {new ACID flag is set}.
In the [[NPDM]], besides the RSA region the only changes were the kernel-release-version descriptor + {new ACID flag is set}.
In the "shareddata:/" title, the NROs are now compressed: "{name}.nro.lz4" instead of "{name}.nro".


===[[qlaunch]]===
===[[qlaunch]]===
Line 92: Line 148:
** "IcoPctl.bntx"
** "IcoPctl.bntx"
** "LogoMoon{region/language-text}.bntx", for every region/language.
** "LogoMoon{region/language-text}.bntx", for every region/language.
===System Config===
New fields were added to [[Settings_services#System_Config|System Config]].


==[[NPDM]]==
==[[NPDM]]==

Latest revision as of 19:56, 21 May 2018

The Switch 5.0.0 system update was released on March 12, 2018. This Switch update was released for the following regions: ALL.

Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.

Change-log

Official ALL change-log:

  • Added the following system functionality
  • Facebook and Twitter friends that also use Nintendo Switch can now be added through Friend Suggestions
  • Friend suggestions are based on the Facebook and Twitter accounts you have linked to your Nintendo Account
  • To view your friend suggestions, from the top left of the HOME Menu head to your User Page > Friend Suggestions
  • You must be 13 or older to use this feature
  • Select from 24 new ARMS and the Kirby series icons for your user
  • To edit your user icon, head to your My Page on the top left of the Home Menu > Profile
  • Digital software purchases made from a PC or smart device will start downloading sooner than previously, even if the Nintendo Switch console is in Sleep Mode
  • Filter News to view only unread news or news from specific channels
  • To keep the Parental Controls PIN private, the default method for PIN entry has been changed to entering using the Control Stick and buttons instead of the on-screen number pad
  • When prompted to enter you Parental Controls PIN, press and hold the + Button to change between input methods
  • Captured videos in the Album will be restricted by Parental Controls depending on the Restricted Software setting and Software Rating Organization
  • Using the Nintendo Switch Parental Controls app, add specific software titles to your whitelist to exclude them from the console’s Parental Controls Restricted Software setting
  • Play-Time Limit restrictions will still apply even when the software title has been whitelisted.
  • Receive notification when pre-purchased software is ready to play
  • Nintendo Switch Pro Controller grip colors will now display in the Controllers menu
  • General system stability improvements to enhance the user's experience, including:
  • Resolved an issue that caused Play Activity to display incorrectly in the Profile section of your User Page

System Titles

All 01000000000010XX titles and most 01000000000008XX titles were updated. Some 8XX titles were just rebuilt with the new NCA crypto without actual RomFS-content changes.

  • 0100000000000824(Mariko Config), 0100000000000825, 0100000000000826 were added.
    • 0100000000000824 provides configuration for the new "T214" SoC.
    • 0100000000000825 contains an empty "/blacklist.dat" file.
    • 0100000000000826 contains a 0x40-byte "/version" file, this is all-zero except for '0' at offset 0x20.

The only 8XX titles with actual changes are (besides sysver-title, see below for FIRM):

  • 801 (Support Error Codes)
  • 803 (web-applet "shareddata:/")
  • 804 (HTML resources for "Intellectual Property Notices" / "Health & Safety Information")
    • "/legallines.htdocs/index.html" was updated with a Twitter mention, and a license section for "Software License for The Fraunhofer FDK AAC Codec Library for Android" was added.
    • "/safe.htdocs/html/EU{XX}/index.html" was updated.
  • 806 (Bad words)
  • 807 (Hotspot List)
    • This was updated with more hotspots (these networks use encryption): "nintendoappdebug1", "Nintendo App Debug2", "Nintendo App Debug3", and "NCL-NZSERVICE1-5GHZ".
  • 80A (Chara)
  • 80B (Offline news)
  • 80E (Geo Zoneinfo)
  • 810-814 (All fonts)
  • 818 (System-config)
  • 81E (Controller gfx/icon data + dummy file)
    • "/lyt/ColorTable" and "/lyt/footer/controllerIcon.bntx" were updated. The "01-00" image showing handheld-mode with detached joy-cons was replaced with a blank image.
  • 81F (Icosa system config)
  • 820 (Copper system config)
  • 821 (Hoag system config)
  • 822 (Firmware binaries for peripherals)
    • The following was updated: "FirmwareInfo.csv", "tera_ota.bin", "tera_ota_iap.bin", and "ukyosakyo_ep2_ota.bin".
  • 823

The built codebins now have padding in .text after every function for 0x10-byte alignment (and other compiler changes).

The SDK included with titles (main-codebin) for NV changed/updated NVIDIA hw strings:

Previous version:

 00000000: 4e56 4944 4941 2054 6567 7261 204b 3100  NVIDIA Tegra K1.
 00000010: 4e56 4944 4941 2054 6567 7261 2058 31    NVIDIA Tegra X1

Current version:

 00000000: 4e56 4944 4941 2054 6567 7261 2f4e 696e  NVIDIA Tegra/Nin
 00000010: 7465 6e64 6f20 5377 6974 6368 004e 5649  tendo Switch.NVI
 00000020: 4449 4120 5465 6772 6120 5832 0047 5031  DIA Tegra X2.GP1
 00000030: 3042 0047 5031 3036 0047 5031 3036 2d41  0B.GP106.GP106-A
 00000040: 0047 6546 6f72 6365 2047 5458 2031 3036  .GeForce GTX 106
 00000050: 3020 3347 4200 4765 466f 7263 6520 4754  0 3GB.GeForce GT
 00000060: 5820 3130 3630 2036 4742 0047 6546 6f72  X 1060 6GB.GeFor
 00000070: 6365 2047 5458 2031 3035 3000 4765 466f  ce GTX 1050.GeFo
 00000080: 7263 6520 4754 5820 3130 3630 0047 6546  rce GTX 1060.GeF
 00000090: 6f72 6365 2047 5458 2031 3035 3020 5469  orce GTX 1050 Ti
 000000a0: 0047 5031 3036 474c 2d41 0051 7561 6472  .GP106GL-A.Quadr
 000000b0: 6f20 5032 3030 3000 4750 3130 362d 4200  o P2000.GP106-B.
 000000c0: 4750 3130 3647 4c2d 42                   GP106GL-B

FIRM

All FIRM titles were updated, and everything under RomFS was updated.

A new folder "a" was added, in addition to the existing "nx" folder, containing a separate "bct" and "package1". Both of these seem encrypted/meant for the new "Mariko" hardware that support was added for.

Secure Monitor

The Memory layout was changed significantly:

  • .text, .rodata, and .data are now separate sections, mapped with correct permissions (RX, RO, RW, respectively), instead of being mapped RWX.
  • Physical layout in TZRAM changed significantly, with pk2ldr being in low TZRAM instead of high TZRAM, etc.

In addition, there were changes to the SMC interface:

  • smcGenerateSpecificAesKey was updated to support generating previous 4.x+ device key(s).
  • smcLoadSecureExpModKey/smcLoadRsaOaepKey/smcDecryptRsaPrivateKey no longer exist.
  • smcLoadRsaOaepKey was replaced with smcEncryptRsaPrivateKeyForImport.
  • smcDecryptRsaPrivateKey was replaced with smcDecryptOrImportRsaPrivateKey.
    • All keys which were previously imported with specific keys now first call smcEncryptRsaPrivateKeyForImport with the appopriate enum member to get a sealed copy of the RSA key, then smcDecryptOrImportRsaPrivateKey to import/unseal the key when needed.
  • smcGetConfig was extended with two new config items:
    • GetConfig(16), which seems to check whether the Switch is running on a Tegra 210:
   return (FUSE_RESERVED_ODM4 & 0x800) &&  FUSE_RESERVED_ODM0 == 0x8E61ECAE &&  FUSE_RESERVED_ODM1  == 0xF2BA3BB2 ?  (FUSE_RESERVED_ODM2 & 0x1F) : 0
    • Getconfig(17), which returns the Package2 hash if booting from recovery mode.

<fill in the rest later>

Kernel

  • Kernel Address Space Layout Randomization was added.
    • Instead of using a hardcoded address for per-CPU region, they now use x18 to point to the per-CPU region.
  • When using most SMCs, IRQs are now disabled first then restored to original state afterwards. x18 is also reinitialized right after most SMCs (see above).
  • 5 new syscalls.
    • Syscalls 0x48+0x49 (svcAllocateUserHeapMemory+svcFreeUserHeapMemory) are used by AM-sysmodule.
      • This is used to allocate Application pool.
    • Syscall 0x4A (svcSetUserHeapMemoryAllocationMax) is used by PM-sysmodule.
      • This allows PM to set a limit on the number of bytes AM can allocate from Application pool.
    • Syscall 0x6F (svcGetMemoryInfo) is used by FS, SM, and PM.
    • Syscall 0x2E (svcGetNextThreadInfo) was added, but it only works on dev units.
      • Allows fetching how many bytes free/occupied by the different pools.
    • svcControlCodeMemory was updated.
  • NPDM irq_id's are no longer checked to be < 0x100, instead max-value is loaded from per-cpu state.
  • The order slabheaps are laid out in memory is now randomized.
  • There are now 4 memory pool partitions.
    • This fixes sysmodule takeover with GMMU hax.

Internet Browser

OSS/WebKit was updated.

In the NPDM, besides the RSA region the only changes were the kernel-release-version descriptor + {new ACID flag is set}.

In the "shareddata:/" title, the NROs are now compressed: "{name}.nro.lz4" instead of "{name}.nro".

qlaunch

RomFS changes:

  • "/common/shader/VarietyOceanShader_Nx.arc.szs" updated
  • "/lyt/common.szs" updated
  • "/lyt/DummyGameA.szs" and "/lyt/DummyGame.szs" were removed.
  • "/lyt/Entrance.szs" updated
  • "/lyt/Eula.szs" added
  • "/lyt/Flaunch.szs" updated
  • "/lyt/Gift.szs" updated
  • "/lyt/Interrupt.szs" updated
  • "/lyt/Migration.szs" updated
  • "/lyt/Notification.szs" updated
  • "/lyt/Option.szs"
  • "/lyt/ResidentMenu.szs"
  • "/lyt/Set.szs"
  • "/message/" Everything under here was updated.
  • "/message/Ocean.msbp.szs" added
  • "/sound/qlaunch_action.bksnd" and "/sound/qlaunch.bfsar" were updated.
  • "/texture" Directory was added, which contains images for Nintendo Switch Parental Controls:
    • "IcoPctl.bntx"
    • "LogoMoon{region/language-text}.bntx", for every region/language.

System Config

New fields were added to System Config.

NPDM

New flags bit2/bit3 were added to the flags at ACID+0xC.

Keys

Keyblob 5 is now used, instead of 4. New NCA keydata is now used as well.

See Also

System update report(s):

Nintendo Switch System Versions
1.0.0
2.0.02.1.02.2.02.3.0
3.0.03.0.13.0.2
4.0.04.0.14.1.0
5.0.05.0.15.0.25.1.0
6.0.06.0.16.1.06.2.0
7.0.07.0.1
8.0.08.0.18.1.08.1.1
9.0.09.0.19.1.09.2.0
10.0.010.0.110.0.210.0.310.0.410.1.010.1.110.2.0
11.0.011.0.1
12.0.012.0.112.0.212.0.312.1.0
13.0.013.1.013.2.013.2.1
14.0.014.1.014.1.114.1.2
15.0.015.0.1
16.0.016.0.116.0.216.0.316.1.0
17.0.017.0.1
18.0.018.0.118.1.0
19.0.019.0.1
20.0.020.0.120.1.020.1.120.1.520.2.020.3.020.4.020.5.0