Nintendo Switch Brew

Changes

Creport (view source)

Revision as of 03:27, 12 November 2018

1,023 bytes added ,  03:27, 12 November 2018
→‎6.1.0: details on changes
Line 3: Line 3:  
Creport takes a string containing a pid formatted in base10 as input, and generates an error report. This error report can later be sent to the cloud server by [[Eupld services]].
 
Creport takes a string containing a pid formatted in base10 as input, and generates an error report. This error report can later be sent to the cloud server by [[Eupld services]].
   −
[2.1.0+]: An additional input argument string is now used. Only the first byte is used: <code>inarg_flag = u8 inarg[1][0];</code> This is compared with '1' only with the below titleID code, and near the end of nnMain().
+
[2.1.0+]: An additional input argument string is now used. Only the first byte is used: <code>inarg_flag = argv[1][0];</code> This is compared with '1' only with the below titleID code, and near the end of nnMain().
    
== Crash dumping ==
 
== Crash dumping ==
Line 43: Line 43:  
* 0100000000001011
 
* 0100000000001011
   −
[2.1.0+]:
+
[2.1.0+] It also blacklists the creport-sysmodule title-id. Then, if inarg_flag(see above) is set to '1', all title-ids are blacklisted except for the following whitelist:
* If the TID is not one of the above, it then checks if the TID matches the creport-sysmodule. If so, it's flagged as blacklisted like the above.
  −
* Then, if inarg_flag(see above) is set to '1', the following titleIDs are checked. When set to '1', and the titleID matches one of the checked tittleIDs, it will continue as normal. Otherwise, it's handled as if it's blacklisted. Hence, end-result is that the checked TIDs are handled the same way as past system-versions, while non-checked TIDs are blacklisted.
     −
  if(tid > 0x0100704000B39FFF)
+
* 0100704000B3A000 "Snipperclips" (Game)
  {
+
* 01007EF00011E000 "The Legend of Zelda: Breath of the Wild"
      if(tid <= 0x01009b500007BFFF)
+
* 01009B500007C000 "ARMS"
      {
+
* [2.3.0+] 0100C5E003B40000 "ARMS Global Testpunch"
          if(tid == 0x0100704000B3A000)<continue as normal>;//"Snipperclips" (Game)
+
* 0100D87002EE0000 "Snipperclips - Cut it out, together!"
          if(tid == 0x01007EF00011E000)<continue as normal>;//"The Legend of Zelda: Breath of the Wild"
+
* 0100F8F0000A2000 "Splatoon 2" (EUR)
      }
+
* 010000A00218E000 "Splatoon 2 Global Testfire"
      else
+
* 01000320000CC000 "1-2 Switch"
      {
+
* 0100152000022000 "Mario Kart 8 Deluxe"
          if(tid == 0x01009B500007C000)<continue as normal>;//"ARMS"
+
* 01003BC0000A0000 "Splatoon 2" (USA)
          if(tid == 0x0100D87002EE0000)<continue as normal>;//"Snipperclips - Cut it out, together!"
+
* 01003C700009C000 "Splatoon 2" (JPN)
          if(tid == 0x0100F8F0000A2000)<continue as normal>;//"Splatoon 2" (EUR)
  −
      }
  −
  }
  −
  else if(tid <= 0x0100152000021FFF)
  −
  {
  −
      if(tid == 0x010000A00218E000)<continue as normal>;//"Splatoon 2 Global Testfire"
  −
      if(tid == 0x01000320000CC000)<continue as normal>;//"1-2 Switch"
  −
  }
  −
  else
  −
  {
  −
      if(tid == 0x0100152000022000)<continue as normal>;//"Mario Kart 8 Deluxe"
  −
      if(tid == 0x01003BC0000A0000)<continue as normal>;//"Splatoon 2" (USA)
  −
      if(tid == 0x01003C700009C000)<continue as normal>;//"Splatoon 2" (JPN)
  −
  }
      
This is probably because of privacy concerns (software keyboard + browser could contain passwords and personal info).
 
This is probably because of privacy concerns (software keyboard + browser could contain passwords and personal info).
 +
 +
The above whitelist handling is probably so that only Nintendo (published) applications get full exception info reported, since crash-reports for other applications probably(?) wouldn't be shared with third-parties.
    
For all other title-ids, it generates a random AES-128 key and CTR using <code>csrng</code>.
 
For all other title-ids, it generates a random AES-128 key and CTR using <code>csrng</code>.
Line 108: Line 94:  
nnMain:
 
nnMain:
 
* Two input arguments are now used+required, see above.
 
* Two input arguments are now used+required, see above.
* ...
+
* During init near the start of this func, u64 val0 is now written to x24+32.
 +
* A lot of new code was added.
 
* TID handling block was updated, see above.
 
* TID handling block was updated, see above.
 
* The check for <is_blacklisted> was changed from "if(val<=0)<branch>" to "if(val<1)<branch>".
 
* The check for <is_blacklisted> was changed from "if(val<=0)<branch>" to "if(val<1)<branch>".
Line 114: Line 101:  
** Prev code: <code>if(<loadedval> != 1)return;</code> New code: <code>if(<loadedval> != 1)<jump over the two following func calls which are the same as prev ver></code>
 
** Prev code: <code>if(<loadedval> != 1)return;</code> New code: <code>if(<loadedval> != 1)<jump over the two following func calls which are the same as prev ver></code>
 
** Following the two funcs mentioned above, prev code: <code>if(<loadedval> == 1 && (u8 *(ptr+1) & 1) == 0)<call func>; return;</code> New code: <code>if(inarg_flag != '1' && (u8 *(ptr+1) & 1) == 0 && ((u8 *(ptr+0) ^ 0x1) & 0x1) == 0)<call func>; return;</code>
 
** Following the two funcs mentioned above, prev code: <code>if(<loadedval> == 1 && (u8 *(ptr+1) & 1) == 0)<call func>; return;</code> New code: <code>if(inarg_flag != '1' && (u8 *(ptr+1) & 1) == 0 && ((u8 *(ptr+0) ^ 0x1) & 0x1) == 0)<call func>; return;</code>
** <call func> here is throw_fatalerr(ptr+4). The above second block basically changed the conditions required for throwing fatal-error. For example, fatal-error is no longer thrown when applications(?) crash.
+
** <call func> here is throw_fatalerr(ptr+4). The above second block basically changed the conditions required for throwing fatal-error. For example, fatal-error is no longer thrown when applications crash.
 +
 
 +
== [[2.3.0]] ==
 +
Exactly the following code was changed:
 +
 
 +
Only change was adding a titleID to the above whitelist.
 +
 
 +
== [[5.0.0]] ==
 +
Many changes were made to add more detail to reports. In particular:
 +
 
 +
* The second input flag is no longer actually used, instead whether the process is an application is parsed from the ATTACH_PROCESS debug info.
 +
* Support was added for reading a custom user error code from process memory in the UserBdsak case.
 +
* Support was added for reading a custom user "Dying Message" of up to 0x1000 bytes from process memory if the crashes process was an application.
 +
* All reports now have additional info in their crash reports:
 +
** A list of up to 0x60 threads is retrieved via svcGetThreadList, and each thread has a full register dump + stacktrace added to the report.
 +
** The crashing thread's PC and LR are used to try to locate the base executable region that caused the crash -- if found, it and up to 15 code regions with higher virtual addresses have their start and end addresses saved, and their executable name and GNU build IDs read out of .rodata and added to the report. This fixes the problem of crash reports in previous versions not including information on ASLR.
 +
 
 +
== [[6.1.0]] ==
 +
Support was improved for detecting code regions. In particular:
 +
 
 +
* The number of processable code regions was increased from 16 to 96.
 +
* Instead of processing the crashing thread's PC or LR, now both are processed, and additionally every address in the thread's stacktrace are processed.
 +
** If the crashed module is an application, this is further done for all threads.
Retrieved from "https://switchbrew.org/wiki/Special:MobileDiff/1874...5525"