Difference between revisions of "2.0.0"

From Nintendo Switch Brew
Jump to navigation Jump to search
 
(9 intermediate revisions by 5 users not shown)
Line 35: Line 35:
 
** 0100000000000805(CHN/KOR dictionary), 0100000000000808("European, English and Japanese dictionaries"), 010000000000080A(Chara?), and 010000000000080C(EULA).
 
** 0100000000000805(CHN/KOR dictionary), 0100000000000808("European, English and Japanese dictionaries"), 010000000000080A(Chara?), and 010000000000080C(EULA).
 
* The following 01000000000008XX titles were added:
 
* The following 01000000000008XX titles were added:
** 0100000000000800(SSL trusted certs), 0100000000000807(Hotspot List), 010000000000081E(Dummy file), 010000000000081F(Icosa system config), 0100000000000820(Copper system config), 0100000000000821(Hoag system config),
+
** 0100000000000800(SSL trusted certs), 0100000000000807(Hotspot List), 010000000000081E(Dummy file), 010000000000081F(Icosa system config), 0100000000000820(Copper system config), 0100000000000821(Hoag system config)
* The System Application "flog" (01008BB00013C000) was added.
+
* 010000000000081B ("exFAT FIRM") package2 is no longer "stubbed"/overwritten with garbage.
 +
 
 +
===FIRM===
 +
====Package1====
 +
The encrypted binaries' order and calculation for next stage's entrypoint was changed.
 +
 
 +
Old layout (before 2.0.0):
 +
1.- PK11 header
 +
2.- Secure Monitor blob
 +
3.- NX bootloader blob
 +
4.- Warmboot blob
 +
 +
NX bootloader entrypoint is calculated as:
 +
0x40013FE0 + 0x20 + 0x20 + NX bootloader blob's offset + Secure Monitor blob's size
 +
 
 +
New layout (2.0.0+):
 +
1.- PK11 header
 +
2.- Warmboot blob
 +
3.- NX bootloader blob
 +
4.- Secure Monitor blob
 +
 +
NX bootloader entrypoint is calculated as:
 +
0x40013FE0 + 0x20 + 0x20 + NX bootloader blob's offset + Warmboot blob's size
 +
 
 +
Some AES-ECB decryption related code was refactored.
  
 
==Kernel==
 
==Kernel==
 
* KPoolManager was majorly rewritten.
 
* KPoolManager was majorly rewritten.
** Per-page reference counting was removed.
 
 
** Added MAC crypto on heap-chunk headers, to protect against DMA attacks (same as 3DS).
 
** Added MAC crypto on heap-chunk headers, to protect against DMA attacks (same as 3DS).
  
Line 50: Line 73:
 
* KAddressSpace was renamed to KDeviceAddressSpace.
 
* KAddressSpace was renamed to KDeviceAddressSpace.
  
* KSharedMemory now doesn't incref for each map.
+
* KSharedMemory now maintains a list of every map (each 0x20-byte entry).
** Instead it maintains a list of every map (each 0x20-byte entry).
+
** To do cleanup of mapped shared memories when a process is killed.
** Probably to do better cleanup.
 
  
 
* KSharedMemory no longer references the owning KProcess.
 
* KSharedMemory no longer references the owning KProcess.
Line 60: Line 82:
 
** Creation doesn't use KIrqSingleton directly anymore.
 
** Creation doesn't use KIrqSingleton directly anymore.
 
** Instead it allocates a 0x20-byte entry, and then uses KIrqSingleton.
 
** Instead it allocates a 0x20-byte entry, and then uses KIrqSingleton.
** Probaly to do better cleanup.
+
** Probably to do better cleanup.
  
 
* Size-checks >= 0x180000000 was added to a bunch of syscalls.
 
* Size-checks >= 0x180000000 was added to a bunch of syscalls.
Line 81: Line 103:
 
* AArch64 exception vector for "SError interrupt" was implemented.
 
* AArch64 exception vector for "SError interrupt" was implemented.
  
* TLS pages are now allocated with a slabheap.
+
* Kernel stacks are now allocated with a slabheap.
 +
 
 +
* KHeapArrange was changed. On 1.0.0 it held address/size for three pools ("base", "application", "system") and application/system were zero-sized/unused. Now it holds "pool management", "secure", "non-secure". Pool management and secure are now protected by the kernel carveout.
 +
** Secure pool size is dynamically calculated as size of all kips (including stacks) + 24 MB (FS sysmodule heap) + 1 MB (spare pages for e.g. IPC buffer usage).
 +
** If only one KIP is present, all memory goes to secure pool and non-secure pool does not exist.
  
 
{{NavboxVersions}}
 
{{NavboxVersions}}

Latest revision as of 08:43, 25 August 2020

The 2.0.0 system update was released on March 2, 2017. This update was released for all regions.

Change-log

The 2.0.0 release added the eShop functionality, the ability to add friends via Friend Codes, and to post screenshots to Facebook and Twitter.

This is the official changelog from Nintendo regarding this update:

Improvements Included in Version 2.0.0

The following network features are now available

  • Nintendo Account required. Some features may not be available in all countries/regions.
  • Playing online
    • Online multiplayer available for free until the paid online service launches in fall 2017. Not available in all countries.
  • Adding friends
    • Friends can be added from My Page, head to the HOME Menu and select your icon on the upper left.
  • Sharing Album screenshots to Facebook and Twitter
  • Browsing and purchasing content on Nintendo eShop
  • Receiving News relating to games, Nintendo eShop discounts, and promotions
  • Earning My Nintendo points for game card (retail version)

Added the following system functionality

  • Update game software
  • Turn on the TV automatically when placing the Nintendo Switch console in the Nintendo Switch dock.
    • HDMI settings must also be enabled on your TV. Some TV models may be unable to use this feature. To turn on this feature for the Nintendo Switch console, head to System Settings > TV Settings > Match TV Power State
  • Display the battery percentage on the HOME Menu
    • To turn this ON/OFF, head to System Settings > System > Console Battery (%)
  • Format the microSD card
    • To format, head to System Settings > System > Initialize > Format microSD Card

System Titles

  • Every system module was updated.
    • The creport system module (0100000000000036) was added.
  • Every system applet was updated.
  • Every 01000000000008XX title was updated except for:
    • 0100000000000805(CHN/KOR dictionary), 0100000000000808("European, English and Japanese dictionaries"), 010000000000080A(Chara?), and 010000000000080C(EULA).
  • The following 01000000000008XX titles were added:
    • 0100000000000800(SSL trusted certs), 0100000000000807(Hotspot List), 010000000000081E(Dummy file), 010000000000081F(Icosa system config), 0100000000000820(Copper system config), 0100000000000821(Hoag system config)
  • 010000000000081B ("exFAT FIRM") package2 is no longer "stubbed"/overwritten with garbage.

FIRM

Package1

The encrypted binaries' order and calculation for next stage's entrypoint was changed.

Old layout (before 2.0.0):

1.- PK11 header
2.- Secure Monitor blob
3.- NX bootloader blob
4.- Warmboot blob

NX bootloader entrypoint is calculated as:
0x40013FE0 + 0x20 + 0x20 + NX bootloader blob's offset + Secure Monitor blob's size

New layout (2.0.0+):

1.- PK11 header
2.- Warmboot blob
3.- NX bootloader blob
4.- Secure Monitor blob

NX bootloader entrypoint is calculated as:
0x40013FE0 + 0x20 + 0x20 + NX bootloader blob's offset + Warmboot blob's size

Some AES-ECB decryption related code was refactored.

Kernel

  • KPoolManager was majorly rewritten.
    • Added MAC crypto on heap-chunk headers, to protect against DMA attacks (same as 3DS).
  • KHandleTable default size was improved from 40 to 1024.
  • The code to create a bigger handle table in allocated pool memory has been removed.
  • KHandleTable spinlock was given core-suspension logic.
  • KHandleTable compresses 64-bit pointers into 32-bit offsets.
  • KAddressSpace was renamed to KDeviceAddressSpace.
  • KSharedMemory now maintains a list of every map (each 0x20-byte entry).
    • To do cleanup of mapped shared memories when a process is killed.
  • KSharedMemory no longer references the owning KProcess.
    • Instead it stores the pid, so that the process can be freed even though the shared memory still exists.
  • KInterruptEvent changed:
    • Creation doesn't use KIrqSingleton directly anymore.
    • Instead it allocates a 0x20-byte entry, and then uses KIrqSingleton.
    • Probably to do better cleanup.
  • Size-checks >= 0x180000000 was added to a bunch of syscalls.
  • Restriction on debug SVCs were loosened to support creport.
  • svcReadWriteRegister was extended with more registers.
  • Added blacklist on NPDM kernel descriptor memory mappings.
  • svcGetInfo was extended with more id0's.
  • Process exception dispatching was implemented/improved.
  • Support for processes with 39-bit AddressSpaceType was added.
    • Includes required IPC changes.
  • On startup, kernel now calls SMC id1 0xC3000007 with the kernel memory range start and size.
  • AArch64 exception vector for "SError interrupt" was implemented.
  • Kernel stacks are now allocated with a slabheap.
  • KHeapArrange was changed. On 1.0.0 it held address/size for three pools ("base", "application", "system") and application/system were zero-sized/unused. Now it holds "pool management", "secure", "non-secure". Pool management and secure are now protected by the kernel carveout.
    • Secure pool size is dynamically calculated as size of all kips (including stacks) + 24 MB (FS sysmodule heap) + 1 MB (spare pages for e.g. IPC buffer usage).
    • If only one KIP is present, all memory goes to secure pool and non-secure pool does not exist.
Nintendo Switch System Versions
1.0.0
2.0.02.1.02.2.02.3.0
3.0.03.0.13.0.2
4.0.04.0.14.1.0
5.0.05.0.15.0.25.1.0
6.0.06.0.16.1.06.2.0
7.0.07.0.1
8.0.08.0.18.1.08.1.1
9.0.09.0.19.1.09.2.0
10.0.010.0.110.0.210.0.310.0.410.1.010.1.110.2.0
11.0.011.0.1
12.0.012.0.112.0.212.0.312.1.0
13.0.013.1.013.2.013.2.1
14.0.014.1.014.1.114.1.2
15.0.015.0.1
16.0.016.0.116.0.216.0.316.1.0
17.0.017.0.1
18.0.018.0.118.1.0
19.0.019.0.1