Nintendo Switch Brew

Fuses: Difference between revisions

← Older editNewer edit →
From t194 cboot
No edit summary
Line 1,749: Line 1,749:
| FUSE_SPARE_BIT_29
| FUSE_SPARE_BIT_29
| 0x7000FBF4
| 0x7000FBF4
|-
| FUSE_SPARE_BIT_30
| 0x7000FBF8
|-
| FUSE_SPARE_BIT_31
| 0x7000FBFC
|}
|}


Line 2,403: Line 2,397:


=== irom_patch ===
=== irom_patch ===
Tegra210 based hardware such as the Switch provides support for bootrom patches. The patch data is burned to the hardware fuse bitmap using a specific format (see [https://gist.github.com/shuffle2/f8728159da100e9df2606d43925de0af shuffle2's ipatch decoder]). The bootrom reads these fuses in order to initialize the IPATCH hardware, which allows overriding data returned for code and data fetches done by BPMP.
Bootrom patches are burned to the hardware fuse bitmap using a specific format (see [https://gist.github.com/hexkyz/98c28e292597d8fc7bef7a2200e792d7 ipatch decoder]). The bootrom reads these fuses in order to initialize the IPATCH hardware, which allows overriding data returned for code and data fetches done by BPMP.


The following represents the patch data dumped from a Switch console:
The following represents the patch data dumped from a Switch console:
Line 2,412: Line 2,406:
RAM:00000000 irom_svc_dispatch
RAM:00000000 irom_svc_dispatch
RAM:00000000  STMFD  SP!, {R0-R2}                  ; ipatches (new):
RAM:00000000  STMFD  SP!, {R0-R2}                  ; ipatches (new):
RAM:00000000                                        ;  0 b57df00    16ae    df00 : svc #0x00 (offset 0x48)
RAM:00000000                                        ;  0: 0x0b57df00 0x001016ae 0x0000df00 : svc #0x00 (offset 0x48)
RAM:00000000                                        ;  1 1820df22    3040    df22 : svc #0x22 (offset 0x8c)
RAM:00000000                                        ;  1: 0x1820df22 0x00103040 0x0000df22 : svc #0x22 (offset 0x8c)
RAM:00000000                                        ;  2 3797df26    6f2e    df26 : svc #0x26 (offset 0x94)
RAM:00000000                                        ;  2: 0x3797df26 0x00106f2e 0x0000df26 : svc #0x26 (offset 0x94)
RAM:00000000                                        ;  3 3b4d2100    769a    2100 : movs r1, #0x00
RAM:00000000                                        ;  3: 0x3b4d2100 0x0010769a 0x00002100 : movs r1, #0x00
RAM:00000000                                        ;  4 42bdf2c      856    df2c : svc #0x2c (offset 0xa0)
RAM:00000000                                        ;  4: 0x042bdf2c 0x00100856 0x0000df2c : svc #0x2c (offset 0xa0)
RAM:00000000                                        ;  5 37aadf42    6f54    df42 : svc #0x42 (offset 0xcc)
RAM:00000000                                        ;  5: 0x37aadf42 0x00106f54 0x0000df42 : svc #0x42 (offset 0xcc)
RAM:00000000                                        ;  6 972df4b    12e4    df4b : svc #0x4b (offset 0xde)
RAM:00000000                                        ;  6: 0x0972df4b 0x001012e4 0x0000df4b : svc #0x4b (offset 0xde)
RAM:00000000                                        ;  7 2293df54    4526    df54 : svc #0x54 (offset 0xf0)
RAM:00000000                                        ;  7: 0x2293df54 0x00104526 0x0000df54 : svc #0x54 (offset 0xf0)
RAM:00000000                                        ;  8 21fadf5d    43f4    df5d : svc #0x5d (offset 0x102)
RAM:00000000                                        ;  8: 0x21fadf5d 0x001043f4 0x0000df5d : svc #0x5d (offset 0x102)
RAM:00000000                                        ;  9 bba2ac57    17744    ac57 : data
RAM:00000000                                        ;  9: 0xbba2ac57 0x00117744 0x0000ac57 : data
RAM:00000000                                        ; 10 bbac3d19    17758    3d19 : data
RAM:00000000                                        ; 10: 0xbbac3d19 0x00117758 0x00003d19 : data
RAM:00000000                                        ; 11 1e952001    3d2a    2001 : movs r0, #0x01
RAM:00000000                                        ; 11: 0x1e952001 0x00103d2a 0x00002001 : movs r0, #0x01
RAM:00000000                                        ;  
RAM:00000000                                        ;  
RAM:00000000                                        ; ipatches (old):
RAM:00000000                                        ; ipatches (old):
RAM:00000000                                        ;  0 b57df00    16ae    df00 : svc #0x00 (offset 0x48)
RAM:00000000                                        ;  0: 0x0b57df00 0x001016ae 0x0000df00 : svc #0x00 (offset 0x48)
RAM:00000000                                        ;  1 1820df22    3040    df22 : svc #0x22 (offset 0x8c)
RAM:00000000                                        ;  1: 0x1820df22 0x00103040 0x0000df22 : svc #0x22 (offset 0x8c)
RAM:00000000                                        ;  2 3797df26    6f2e    df26 : svc #0x26 (offset 0x94)
RAM:00000000                                        ;  2: 0x3797df26 0x00106f2e 0x0000df26 : svc #0x26 (offset 0x94)
RAM:00000000                                        ;  3 7d9e2000    fb3c    2000 : movs r0, #0x00
RAM:00000000                                        ;  3: 0x7d9e2000 0x0010fb3c 0x00002000 : movs r0, #0x00
RAM:00000000                                        ;  4 42bdf2c      856    df2c : svc #0x2c (offset 0xa0)
RAM:00000000                                        ;  4: 0x042bdf2c 0x00100856 0x0000df2c : svc #0x2c (offset 0xa0)
RAM:00000000                                        ;  5 37aadf42    6f54    df42 : svc #0x42 (offset 0xcc)
RAM:00000000                                        ;  5: 0x37aadf42 0x00106f54 0x0000df42 : svc #0x42 (offset 0xcc)
RAM:00000000                                        ;  6 972df4b    12e4    df4b : svc #0x4b (offset 0xde)
RAM:00000000                                        ;  6: 0x0972df4b 0x001012e4 0x0000df4b : svc #0x4b (offset 0xde)
RAM:00000000                                        ;  7 2293df54    4526    df54 : svc #0x54 (offset 0xf0)
RAM:00000000                                        ;  7: 0x2293df54 0x00104526 0x0000df54 : svc #0x54 (offset 0xf0)
RAM:00000000                                        ;  8 21fadf5d    43f4    df5d : svc #0x5d (offset 0x102)
RAM:00000000                                        ;  8: 0x21fadf5d 0x001043f4 0x0000df5d : svc #0x5d (offset 0x102)
RAM:00000000                                        ;  9 bba2ac57    17744    ac57 : data
RAM:00000000                                        ;  9: 0xbba2ac57 0x00117744 0x0000ac57 : data
RAM:00000000                                        ; 10 bbac3d19    17758    3d19 : data
RAM:00000000                                        ; 10: 0xbbac3d19 0x00117758 0x00003d19 : data
RAM:00000000                                        ; 11 1e952001    3d2a    2001 : movs r0, #0x01
RAM:00000000                                        ; 11: 0x1e952001 0x00103d2a 0x00002001 : movs r0, #0x01
RAM:00000004  MOV    R2, LR
RAM:00000004  MOV    R2, LR
RAM:00000008  SUB    R2, R2, #2
RAM:00000008  SUB    R2, R2, #2
Line 2,464: Line 2,458:
RAM:00000048
RAM:00000048
RAM:00000048 sub_48
RAM:00000048 sub_48
RAM:00000048  MOVS    R2, #0                        ; 0 b57df00    16ae    df00 : svc #0x00 (offset 0x48)
RAM:00000048  MOVS    R2, #0                        ; 0: 0x0b57df00 0x001016ae 0x0000df00 : svc #0x00 (offset 0x48)
RAM:0000004A  MVNS    R2, R2
RAM:0000004A  MVNS    R2, R2
RAM:0000004C  LDR    R1, =0x60006410
RAM:0000004C  LDR    R1, =0x60006410
Line 2,503: Line 2,497:
RAM:0000008C
RAM:0000008C
RAM:0000008C sub_8C
RAM:0000008C sub_8C
RAM:0000008C  LDR    R0, [R1,#0x18]                ; 1 1820df22    3040    df22 : svc #0x22 (offset 0x8c)
RAM:0000008C  LDR    R0, [R1,#0x18]                ; 1: 0x1820df22 0x00103040 0x0000df22 : svc #0x22 (offset 0x8c)
RAM:0000008E  MOVS    R2, #1
RAM:0000008E  MOVS    R2, #1
RAM:00000090  ORRS    R0, R2
RAM:00000090  ORRS    R0, R2
Line 2,514: Line 2,508:
RAM:00000094
RAM:00000094
RAM:00000094 sub_94
RAM:00000094 sub_94
RAM:00000094  LDR    R2, [R4,#0x50]                ; 2 3797df26    6f2e    df26 : svc #0x26 (offset 0x94)
RAM:00000094  LDR    R2, [R4,#0x50]                ; 2: 0x3797df26 0x00106f2e 0x0000df26 : svc #0x26 (offset 0x94)
RAM:00000096  ADDS    R2, R2, #2
RAM:00000096  ADDS    R2, R2, #2
RAM:00000098  STR    R2, [R4,#0x50]
RAM:00000098  STR    R2, [R4,#0x50]
Line 2,530: Line 2,524:
RAM:000000A0 ; FUNCTION CHUNK AT RAM:00000148 SIZE 00000004 BYTES
RAM:000000A0 ; FUNCTION CHUNK AT RAM:00000148 SIZE 00000004 BYTES
RAM:000000A0
RAM:000000A0
RAM:000000A0  MOVS    R0, #0x70000000              ; 4 42bdf2c      856    df2c : svc #0x2c (offset 0xa0)
RAM:000000A0  MOVS    R0, #0x70000000              ; 4: 0x042bdf2c 0x00100856 0x0000df2c : svc #0x2c (offset 0xa0)
RAM:000000A4  LDR    R6, =dword_7000EF14
RAM:000000A4  LDR    R6, =dword_7000EF14
RAM:000000A6  LDR    R2, =dword_7000E5B4
RAM:000000A6  LDR    R2, =dword_7000E5B4
Line 2,562: Line 2,556:
RAM:000000CC
RAM:000000CC
RAM:000000CC sub_CC
RAM:000000CC sub_CC
RAM:000000CC  MOVS    R2, #0xF000000                ; 5 37aadf42    6f54    df42 : svc #0x42 (offset 0xcc)
RAM:000000CC  MOVS    R2, #0xF000000                ; 5: 0x37aadf42 0x00106f54 0x0000df42 : svc #0x42 (offset 0xcc)
RAM:000000D0  BICS    R1, R2
RAM:000000D0  BICS    R1, R2
RAM:000000D2  STR    R1, [R4,#0x10]
RAM:000000D2  STR    R1, [R4,#0x10]
Line 2,577: Line 2,571:
RAM:000000DE
RAM:000000DE
RAM:000000DE sub_DE
RAM:000000DE sub_DE
RAM:000000DE  LDR    R2, =dword_7000FA9C          ; 6 972df4b    12e4    df4b : svc #0x4b (offset 0xde)
RAM:000000DE  LDR    R2, =dword_7000FA9C          ; 6: 0x0972df4b 0x001012e4 0x0000df4b : svc #0x4b (offset 0xde)
RAM:000000E0  LDR    R2, [R2]
RAM:000000E0  LDR    R2, [R2]
RAM:000000E2  LSRS    R2, R2, #8
RAM:000000E2  LSRS    R2, R2, #8
Line 2,596: Line 2,590:
RAM:000000F0 arg_0=  0
RAM:000000F0 arg_0=  0
RAM:000000F0
RAM:000000F0
RAM:000000F0  LDR    R0, =0x400049F0              ; 7 2293df54    4526    df54 : svc #0x54 (offset 0xf0)
RAM:000000F0  LDR    R0, =0x400049F0              ; 7: 0x2293df54 0x00104526 0x0000df54 : svc #0x54 (offset 0xf0)
RAM:000000F2  LDR    R2, [R0]
RAM:000000F2  LDR    R2, [R0]
RAM:000000F4  STR    R2, [SP,#arg_0]
RAM:000000F4  STR    R2, [SP,#arg_0]
Line 2,619: Line 2,613:
RAM:00000102 arg_0=  0
RAM:00000102 arg_0=  0
RAM:00000102
RAM:00000102
RAM:00000102  LDR    R2, =0x40010220              ; 8 21fadf5d    43f4    df5d : svc #0x5d (offset 0x102)
RAM:00000102  LDR    R2, =0x40010220              ; 8: 0x21fadf5d 0x001043f4 0x0000df5d : svc #0x5d (offset 0x102)
RAM:00000104  STR    R2, [SP,#arg_0]              ; set r2 retval = [0x40010220]
RAM:00000104  STR    R2, [SP,#arg_0]              ; set r2 retval = [0x40010220]
RAM:00000106  LDR    R2, [R2,#0x18]
RAM:00000106  LDR    R2, [R2,#0x18]
Line 2,865: Line 2,859:
==== IROM patch 11 ====
==== IROM patch 11 ====
This patch forces the value of [[Security_Engine|SE_TZRAM_SECURITY]] to be 0x01 instead of restoring it from the saved SE context.
This patch forces the value of [[Security_Engine|SE_TZRAM_SECURITY]] to be 0x01 instead of restoring it from the saved SE context.
== Mariko ==
{| class="wikitable" border="1"
!  Name
!  Number
!  Redundant number
!  Bits
|-
| enable_fuse_program
| 0
| 1
| 0
|-
| disable_fuse_program
| 0
| 1
| 1
|-
| bypass_fuses
| 0
| 1
| 2
|-
| jtag_direct_access_disable
| 0
| 1
| 3
|-
| production_mode
| 0
| 1
| 4
|-
| jtag_secureid_valid
| 0
| 1
| 5
|-
| odm_lock
| 0
| 1
| 6-21
|-
| fa_mode
| 0
| 1
| 22
|-
| security_mode
| 0
| 1
| 23
|-
| arm_debug_dis
| 0
| 1
| 24
|-
| obs_dis
| 0
| 1
| 25
|-
| public_key0
| 64
| 65
| 15-31
|-
| public_key0
| 66
| 67
| 0-14
|-
| public_key1
| 66
| 67
| 15-31
|-
| public_key1
| 68
| 69
| 0-14
|-
| public_key2
| 68
| 69
| 15-31
|-
| public_key2
| 70
| 71
| 0-14
|-
| public_key3
| 70
| 71
| 15-31
|-
| public_key3
| 72
| 73
| 0-14
|-
| public_key4
| 72
| 73
| 15-31
|-
| public_key4
| 74
| 75
| 0-14
|-
| public_key5
| 74
| 75
| 15-31
|-
| public_key5
| 76
| 77
| 0-14
|-
| public_key6
| 76
| 77
| 15-31
|-
| public_key6
| 78
| 79
| 0-14
|-
| public_key7
| 78
| 79
| 15-31
|-
| public_key7
| 80
| 81
| 0-14
|-
| private_key0
| 86
| 87
| 30-31
|-
| private_key0
| 88
| 89
| 0-29
|-
| private_key1
| 88
| 89
| 30-31
|-
| private_key1
| 90
| 91
| 0-29
|-
| private_key2
| 90
| 91
| 30-31
|-
| private_key2
| 92
| 93
| 0-29
|-
| private_key3
| 92
| 93
| 30-31
|-
| private_key3
| 94
| 95
| 0-29
|-
| private_key4
| 94
| 95
| 30-31
|-
| private_key4
| 96
| 97
| 0-29
|-
| boot_device_info
| 96
| 97
| 30-31
|-
| boot_device_info
| 98
| 99
| 0-13
|-
| reserved_sw
| 98
| 99
| 14-25
|-
| secure_provision_index
| 152
| 153
| 23-26
|-
| secure_provision_info
| 152
| 153
| 27-28
|-
| aid
| 165
| None
| 2-31
|-
| aid
| 166
| None
| 0-1
|-
| spare_bit_0
| 167
| None
| 2
|-
| spare_bit_1
| 167
| None
| 3
|-
| spare_bit_2
| 167
| None
| 4
|-
| spare_bit_3
| 167
| None
| 5
|-
| spare_bit_4
| 167
| None
| 6
|-
| spare_bit_5
| 167
| None
| 7
|-
| spare_bit_6
| 167
| None
| 8
|-
| spare_bit_7
| 167
| None
| 9
|-
| spare_bit_8
| 167
| None
| 10
|-
| spare_bit_9
| 167
| None
| 11
|-
| spare_bit_10
| 167
| None
| 12
|-
| spare_bit_11
| 167
| None
| 13
|-
| spare_bit_12
| 167
| None
| 14
|-
| spare_bit_13
| 167
| None
| 15
|-
| spare_bit_14
| 167
| None
| 16
|-
| spare_bit_15
| 167
| None
| 17
|-
| spare_bit_16
| 167
| None
| 18
|-
| spare_bit_17
| 167
| None
| 19
|-
| spare_bit_18
| 167
| None
| 20
|-
| spare_bit_19
| 167
| None
| 21
|-
| spare_bit_20
| 167
| None
| 22
|-
| spare_bit_21
| 167
| None
| 23
|-
| spare_bit_22
| 167
| None
| 24
|-
| spare_bit_23
| 167
| None
| 25
|-
| spare_bit_24
| 167
| None
| 26
|-
| spare_bit_25
| 167
| None
| 27
|-
| spare_bit_26
| 167
| None
| 28
|-
| spare_bit_27
| 167
| None
| 29
|-
| spare_bit_28
| 167
| None
| 30
|-
| spare_bit_29
| 167
| None
| 31
|-
| reshift_fcpu0
| 168
| None
| 0-31
|-
| reshift_fcpu1
| 169
| None
| 0-31
|-
| reshift_fcpu2
| 170
| None
| 0-31
|-
| reshift_fcpu3
| 171
| None
| 0-31
|-
| reshift_fl2_tbank0
| 172
| None
| 0-31
|-
| reshift_fl2_tbank1
| 173
| None
| 0-31
|-
| reshift_fl2_tbank2
| 174
| None
| 0-31
|-
| reshift_fl2_tbank3
| 175
| None
| 0-31
|-
| [[#irom_patch_2|irom_patch]]
| 176
| None
| Variable
|}
=== irom_patch ===
<syntaxhighlight>
RAM:00000000 ; =============== S U B R O U T I N E =======================================
RAM:00000000
RAM:00000000
RAM:00000000 irom_svc_dispatch
RAM:00000000  STMFD  SP!, {R0-R2}                  ; ipatches:
RAM:00000000                                        ;  0: 0x085bdf00 0x001010b6 0x0000df00 : svc #0x00 (offset 0x48)
RAM:00000000                                        ;
RAM:00000000                                        ;  0: 0x12d3df06 0x001025a6 0x0000df06 : svc #0x06 (offset 0x54)
RAM:00000000                                        ;  1: 0x28144770 0x00105028 0x00004770 : bx lr
RAM:00000000                                        ;  2: 0x0fb72001 0x00101f6e 0x00002001 : movs r0, #0x01
RAM:00000000                                        ;  3: 0x692ddf15 0x0010d25a 0x0000df15 : svc #0x15 (offset 0x72)
RAM:00000000                                        ;  4: 0x436ddf1f 0x001086da 0x0000df1f : svc #0x1f (offset 0x86)
RAM:00000000                                        ;  5: 0x4376df23 0x001086ec 0x0000df23 : svc #0x23 (offset 0x8e)
RAM:00000000                                        ;  6: 0x4103df2b 0x00108206 0x0000df2b : svc #0x2b (offset 0x9e)
RAM:00000000                                        ;  7: 0x495c0060 0x001092b8 0x00000060 : lsls r0, r4, #1
RAM:00000000                                        ;  8: 0x62e3ef5b 0x0010c5c6 0x0000ef5b
RAM:00000000                                        ;  9: 0x10d1df6a 0x001021a2 0x0000df6a : svc #0x6a (offset 0x11c)
RAM:00000004  MOV    R2, LR
RAM:00000008  SUB    R2, R2, #2
RAM:0000000C  LDR    R2, [R2]
RAM:00000010  AND    R2, R2, #0xFF
RAM:00000014  MOV    R2, R2,LSL#1
RAM:00000018  LDR    R0, =0x10022C
RAM:0000001C  LDR    R1, =0x100174
RAM:00000020  SUB    R1, R1, R0
RAM:00000024  LDR    R0, =0x40004164
RAM:00000028  ADD    R0, R0, R1
RAM:0000002C  ADD    R2, R2, R0
RAM:00000030  ORR    R2, R2, #1
RAM:00000034  LDMFD  SP!, {R0,R1}
RAM:00000038  BX      R2
RAM:00000038 ; End of function irom_svc_dispatch
RAM:00000038
RAM:00000038 ; ---------------------------------------------------------------------------
RAM:0000003C dword_3C        DCD 0x10022C            ; DATA XREF: irom_svc_dispatch+18↑r
RAM:00000040 dword_40        DCD 0x100174            ; DATA XREF: irom_svc_dispatch+1C↑r
RAM:00000044 dword_44        DCD 0x40004164          ; DATA XREF: irom_svc_dispatch+24↑r
RAM:00000048  CODE16
RAM:00000048
RAM:00000048 ; =============== S U B R O U T I N E =======================================
RAM:00000048
RAM:00000048
RAM:00000048 sub_48                                  ; 0: 0x085bdf00 0x001010b6 0x0000df00 : svc #0x00 (offset 0x48)
RAM:00000048  CMP    R5, #0xAF
RAM:0000004A  BNE    loc_4E
RAM:0000004C  MOVS    R5, #0xFF
RAM:0000004E
RAM:0000004E loc_4E                                  ; CODE XREF: sub_48+2↑j
RAM:0000004E  SUBS    R6, R5, #1
RAM:00000050
RAM:00000050 loc_50                                  ; CODE XREF: sub_54+18↓j
RAM:00000050                                        ; sub_72+12↓j ...
RAM:00000050  POP    {R2}
RAM:00000052  MOV    PC, LR
RAM:00000052 ; End of function sub_48
RAM:00000052
RAM:00000054
RAM:00000054 ; =============== S U B R O U T I N E =======================================
RAM:00000054
RAM:00000054
RAM:00000054 sub_54                                  ; 0: 0x12d3df06 0x001025a6 0x0000df06 : svc #0x06 (offset 0x54)
RAM:00000054  MOVS    R3, #7
RAM:00000056
RAM:00000056 loc_56                                  ; CODE XREF: sub_72+10↓j
RAM:00000056                                        ; sub_8E+E↓j
RAM:00000056  PUSH    {R0,R1,R3-R6}
RAM:00000058  LDR    R0, =0x4000FC20
RAM:0000005A  LDR    R1, =0x40040000
RAM:0000005C  LDR    R3, =0xEAFFFFFE
RAM:0000005E  MOVS    R4, R3
RAM:00000060  MOVS    R5, R3
RAM:00000062  ADDS    R6, R3, #0
RAM:00000064
RAM:00000064 loc_64                                  ; CODE XREF: sub_54+14↓j
RAM:00000064  STMIA  R0!, {R3-R6}
RAM:00000066  CMP    R0, R1
RAM:00000068  BCC    loc_64
RAM:0000006A  POP    {R0,R1,R3-R6}
RAM:0000006C  B      loc_50
RAM:0000006C ; End of function sub_54
RAM:0000006C
RAM:0000006E ; ---------------------------------------------------------------------------
RAM:0000006E ; START OF FUNCTION CHUNK FOR sub_8E
RAM:0000006E
RAM:0000006E loc_6E                                  ; CODE XREF: sub_8E+8↓j
RAM:0000006E  LDR    R0, =0x1002A0
RAM:00000070  BX      R0
RAM:00000070 ; END OF FUNCTION CHUNK FOR sub_8E
RAM:00000072
RAM:00000072 ; =============== S U B R O U T I N E =======================================
RAM:00000072
RAM:00000072
RAM:00000072 sub_72                                  ; 3: 0x692ddf15 0x0010d25a 0x0000df15 : svc #0x15 (offset 0x72)
RAM:00000072  MOVS    R2, #2
RAM:00000074  CMP    R0, #0x26 ; '&'
RAM:00000076  BLS    loc_7A
RAM:00000078  ADDS    R2, #0x50 ; 'P'
RAM:0000007A
RAM:0000007A loc_7A                                  ; CODE XREF: sub_72+4↑j
RAM:0000007A  MOV    R3, LR
RAM:0000007C  ADDS    R3, R3, R2
RAM:0000007E  MOV    LR, R3
RAM:00000080  CMP    R0, #0
RAM:00000082  BNE    loc_56
RAM:00000084  B      loc_50
RAM:00000084 ; End of function sub_72
RAM:00000084
RAM:00000086
RAM:00000086 ; =============== S U B R O U T I N E =======================================
RAM:00000086
RAM:00000086
RAM:00000086 sub_86                                  ; 4: 0x436ddf1f 0x001086da 0x0000df1f : svc #0x1f (offset 0x86)
RAM:00000086
RAM:00000086 arg_8  =  8
RAM:00000086
RAM:00000086  MOVS    R3, R0
RAM:00000088  LDR    R2, =0x5A55F0E1
RAM:0000008A  STR    R2, [SP,#arg_8]
RAM:0000008C  B      loc_50
RAM:0000008C ; End of function sub_86
RAM:0000008C
RAM:0000008E
RAM:0000008E ; =============== S U B R O U T I N E =======================================
RAM:0000008E
RAM:0000008E
RAM:0000008E sub_8E                                  ; 5: 0x4376df23 0x001086ec 0x0000df23 : svc #0x23 (offset 0x8e)
RAM:0000008E
RAM:0000008E arg_8  =  8
RAM:0000008E
RAM:0000008E ; FUNCTION CHUNK AT RAM:0000006E SIZE 00000004 BYTES
RAM:0000008E
RAM:0000008E  MOVS    R3, R0
RAM:00000090  LDR    R2, =0x5A55F0E1
RAM:00000092  LDR    R0, [SP,#arg_8]
RAM:00000094  CMP    R0, R2
RAM:00000096  BEQ    loc_6E
RAM:00000098  CMP    R0, #0
RAM:0000009A  BEQ    loc_50
RAM:0000009C  B      loc_56
RAM:0000009C ; End of function sub_8E
RAM:0000009C
RAM:0000009E
RAM:0000009E ; =============== S U B R O U T I N E =======================================
RAM:0000009E
RAM:0000009E
RAM:0000009E sub_9E                                  ; 6: 0x4103df2b 0x00108206 0x0000df2b : svc #0x2b (offset 0x9e)
RAM:0000009E  LDR    R0, =0x7000F900
RAM:000000A0  SUBS    R0, #0xD8
RAM:000000A2  MOVS    R2, #1
RAM:000000A4  STR    R2, [R0]
RAM:000000A6  LDR    R0, =0x7001231C
RAM:000000A8  LDR    R3, =0x7041231C
RAM:000000AA  MOVS    R1, #0xE0
RAM:000000AC  B      loc_B4
RAM:000000AE ; ---------------------------------------------------------------------------
RAM:000000AE
RAM:000000AE loc_AE                                  ; CODE XREF: sub_9E+2E↓j
RAM:000000AE  MOVS    R1, #0xF0
RAM:000000B0  B      loc_B4
RAM:000000B2 ; ---------------------------------------------------------------------------
RAM:000000B2
RAM:000000B2 loc_B2                                  ; CODE XREF: sub_9E+32↓j
RAM:000000B2  MOVS    R1, #0xC0
RAM:000000B4
RAM:000000B4 loc_B4                                  ; CODE XREF: sub_9E+E↑j
RAM:000000B4                                        ; sub_9E+12↑j
RAM:000000B4  MOVS    R4, #0
RAM:000000B6
RAM:000000B6 loc_B6                                  ; CODE XREF: sub_9E+28↓j
RAM:000000B6  MOVS    R2, #0
RAM:000000B8  STR    R1, [R0]
RAM:000000BA  STR    R2, [R0,#4]
RAM:000000BC  STR    R1, [R3]
RAM:000000BE  STR    R2, [R3,#4]
RAM:000000C0  ADDS    R1, #1
RAM:000000C2  ADDS    R4, #1
RAM:000000C4  CMP    R4, #7
RAM:000000C6  BLS    loc_B6
RAM:000000C8  LSRS    R1, R1, #4
RAM:000000CA  CMP    R1, #0xE
RAM:000000CC  BEQ    loc_AE
RAM:000000CE  CMP    R1, #0xF
RAM:000000D0  BEQ    loc_B2
RAM:000000D2  MOV    R5, LR
RAM:000000D4  MOVS    R0, #0
RAM:000000D6
RAM:000000D6 loc_D6                                  ; CODE XREF: sub_9E+56↓j
RAM:000000D6  MOVS    R1, #0xD
RAM:000000D8  MOVS    R2, #0
RAM:000000DA  MOVS    R3, #0xD
RAM:000000DC  PUSH    {R0-R3}
RAM:000000DE  LDR    R4, =0x40004164
RAM:000000E0  PUSH    {R2,R4}
RAM:000000E2  ADRL    R4, (loc_EC+1)
RAM:000000E6  MOV    LR, R4
RAM:000000E8  LDR    R4, =0x105A19
RAM:000000EA  BX      R4
RAM:000000EC
RAM:000000EC loc_EC                                  ; DATA XREF: sub_9E+44↑o
RAM:000000EC  ADD    SP, SP, #8
RAM:000000EE  POP    {R0-R3}
RAM:000000F0  ADDS    R0, #1
RAM:000000F2  CMP    R0, #1
RAM:000000F4  BEQ    loc_D6
RAM:000000F6  MOV    LR, R5
RAM:000000F8  LDR    R0, =0x4000FC20
RAM:000000FA  MOV    R8, R0
RAM:000000FC  B      loc_50
RAM:000000FC ; End of function sub_9E
RAM:000000FC
RAM:000000FE
RAM:000000FE ; =============== S U B R O U T I N E =======================================
RAM:000000FE
RAM:000000FE
RAM:000000FE sub_FE
RAM:000000FE  POP    {R2}
RAM:00000100  MOV    R4, SP
RAM:00000102  SUBS    R4, R4, R0
RAM:00000104  BLS    loc_10C
RAM:00000106  CMP    R4, R2
RAM:00000108  BCS    loc_118
RAM:0000010A  B      loc_116
RAM:0000010C ; ---------------------------------------------------------------------------
RAM:0000010C
RAM:0000010C loc_10C                                ; CODE XREF: sub_FE+6↑j
RAM:0000010C  LDR    R4, =0x4000BE68
RAM:0000010E  SUBS    R4, R4, R0
RAM:00000110  BLS    loc_118
RAM:00000112  CMP    R4, R2
RAM:00000114  BCS    loc_118
RAM:00000116
RAM:00000116 loc_116                                ; CODE XREF: sub_FE+C↑j
RAM:00000116  ADDS    R2, R4, #0
RAM:00000118
RAM:00000118 loc_118                                ; CODE XREF: sub_FE+A↑j
RAM:00000118                                        ; sub_FE+12↑j ...
RAM:00000118  SUBS    R3, R0, R1
RAM:0000011A  BX      LR
RAM:0000011A ; End of function sub_FE
RAM:0000011A
RAM:0000011C
RAM:0000011C ; =============== S U B R O U T I N E =======================================
RAM:0000011C
RAM:0000011C
RAM:0000011C sub_11C                                ; 9: 0x10d1df6a 0x001021a2 0x0000df6a : svc #0x6a (offset 0x11c)
RAM:0000011C  SUBS    R3, #5
RAM:0000011E  MOVS    R2, #0xF0
RAM:00000120  BICS    R2, R3
RAM:00000122  B      loc_50
RAM:00000122 ; End of function sub_11C
RAM:00000122
RAM:00000122 ; ---------------------------------------------------------------------------
RAM:00000124 dword_124      DCD 0x4000FC20          ; DATA XREF: sub_54+4↑r
RAM:00000124                                        ; sub_9E+5A↑r
RAM:00000128 dword_128      DCD 0x40040000          ; DATA XREF: sub_54+6↑r
RAM:0000012C dword_12C      DCD 0xEAFFFFFE          ; DATA XREF: sub_54+8↑r
RAM:00000130 off_130        DCD 0x1002A0            ; DATA XREF: sub_8E:loc_6E↑r
RAM:00000134 dword_134      DCD 0x5A55F0E1          ; DATA XREF: sub_86+2↑r
RAM:00000134                                        ; sub_8E+2↑r
RAM:00000138 dword_138      DCD 0x7000F900          ; DATA XREF: sub_9E↑r
RAM:0000013C off_13C        DCD 0x7001231C          ; DATA XREF: sub_9E+8↑r
RAM:00000140 off_140        DCD 0x7041231C          ; DATA XREF: sub_9E+A↑r
RAM:00000144 dword_144      DCD 0x40004164          ; DATA XREF: sub_9E+40↑r
RAM:00000148 off_148        DCD 0x105A19            ; DATA XREF: sub_9E+4A↑r
RAM:0000014C dword_14C      DCD 0x4000BE68          ; DATA XREF: sub_FE:loc_10C↑r
RAM:0000014C ; RAM          ends
</syntaxhighlight>
==== First IROM patch ====
This patch is applied to the bootrom IPATCH handling function so that more patches can be loaded from fuses.
<syntaxhighlight lang="c">
if (patch_start_addr == 0xAF) {
    patch_start_addr = 0xFF;
}
patch_start_addr--;
return;
</syntaxhighlight>
==== IROM patch 0 ====
This patch initializes all unused IRAM memory to 0xEAFFFFFE (infinite loop instruction).
<syntaxhighlight lang="c">
/*
    Untranslated instructions:
    MOVS    R3, #7
    PUSH    {R0,R1,R3-R6}
*/
for (u32 addr = 0x4000FC20; addr < 0x40040000; addr += 0x04) {
    *(u32 *)addr = 0xEAFFFFFE;
}
/*
    Untranslated instructions:
    POP    {R0,R1,R3-R6}
*/
return;
</syntaxhighlight>


= Anti-downgrade =
= Anti-downgrade =
Retrieved from "https://switchbrew.org/wiki/Fuses"