Nintendo Switch Brew

Flash Filesystem: Difference between revisions

← Older edit
Ootulp (talk | contribs)
64 edits
No edit summary
 
(57 intermediate revisions by 10 users not shown)
Line 1: Line 1:
= NAND structure =
= NAND structure =
The Switch's eMMC storage features a large user area, two smaller boot partitions, and a replay-protected memory block which is unused (no authentication key is programmed).
The Switch's eMMC storage features a large user area, two smaller boot partitions and a replay-protected memory block which is unused (no authentication key is programmed).
 
All official partition names come from [[SystemInitializer]].


== Boot Partitions ==
== Boot Partitions ==
'''Boot Partition 0 (0 of 1)'''
The official name for this partition is "BootPartition1Root" and it has [[Filesystem_services|Bis]] Partition ID == 0.


'''Boot Partition 0 (0 of 1)'''
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
Line 13: Line 17:
|  0x000000
|  0x000000
|  0x4000
|  0x4000
Title 0100000000000819 [[BCT|BCT]]
Normal Firmware [[BCT|BCT]] from [[Title_list#System_Data_Archives|Title 0100000000000819]]
|-
|-
|  0x004000
|  0x004000
|  0x4000
|  0x4000
Title 010000000000081A [[BCT|BCT]]
SafeMode Firmware [[BCT|BCT]] from [[Title_list#System_Data_Archives|Title 010000000000081A]]
|-
|-
|  0x008000
|  0x008000
|  0x4000
|  0x4000
Title 0100000000000819 [[BCT|BCT]]
Normal Firmware [[BCT|BCT]] from [[Title_list#System_Data_Archives|Title 0100000000000819]] (backup)
|-
|-
|  0x00C000
|  0x00C000
|  0x4000
|  0x4000
|  Title 010000000000081A [[BCT|BCT]]
SafeMode Firmware [[BCT|BCT]] from [[Title_list#System_Data_Archives|Title 010000000000081A]] (backup)
|-
|  0x010000
|  0xEC000
|  59 additional BCTs, normally unused/empty on retail systems.
|-
|  0x0FC000
|  0x4000
[[#System Update Control|System Update Control area]]
|-
|-
|  0x100000
|  0x100000
|  0x40000
|  0x40000
|  Title 0100000000000819 "package1"
Normal Firmware [[Package1|package1]] from [[Title_list#System_Data_Archives|Title 0100000000000819]]
|-
|-
|  0x140000
|  0x140000
|  0x40000
|  0x40000
|  Title 0100000000000819 "package1" (Backup)
Normal Firmware [[Package1|package1]] from [[Title_list#System_Data_Archives|Title 0100000000000819]] (backup)
|-
|-
|  0x180000
|  0x180000
Line 40: Line 52:
|-
|-
|  0x184000
|  0x184000
0x20
0x200
Unknown pseudorandom data, often changes on reboot. All zero on 1.0.
[2.0.0+] [[#NAND Patrol|NAND Patrol area]]
|-
|  0x184020
| 0x8?
| Increments on every boot until hitting a certain number? Bottom 10 bits (0x3FF) are always zero. All zero on 1.0.
|}
|}


'''Boot Partition 1 (1 of 1)'''
'''Boot Partition 1 (1 of 1)'''
The official name for this partition is "BootPartition2Root" and it has [[Filesystem_services|Bis]] Partition ID == 10.
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
Line 57: Line 68:
|  0x000000
|  0x000000
|  0x40000
|  0x40000
|  Title 010000000000081A "package1"
SafeMode Firmware [[Package1|package1]] from [[Title_list#System_Data_Archives|Title 010000000000081A]]
|-
|-
|  0x040000
|  0x040000
|  0x40000
|  0x40000
|  Title 010000000000081A "package1" (Backup)
SafeMode Firmware [[Package1|package1]] from [[Title_list#System_Data_Archives|Title 010000000000081A]] (backup)
|-
|-
|  0x080000
|  0x080000
|  0x40000
|  0x40000
|
| Reserved
|-
|-
|  0x0C0000
|  0x0C0000
|  0x40000
|  0x40000
|
| Reserved
|}
 
=== System Update Control ===
The 0x4000 bytes at offset 0xFC000 are used by [[NS_Services|NS]] and [[Boot|boot]] for keeping track of the status of a system update. This area is used by the [[NS_Services#ISystemUpdateControl|ISystemUpdateControl]] commands [[NS_Services#ApplyDownloadedUpdate|ApplyDownloadedUpdate]], [[NS_Services#ApplyCardUpdate|ApplyCardUpdate]] and [[NS_Services#ApplyReceivedUpdate|ApplyReceivedUpdate]].
 
{| class="wikitable" border="1"
|-
!  Offset
!  Size
!  Description
|-
| 0x0
| 0x1
| BootImages status. Set to 1 by [[NS_Services|NS]] during a system update and cleared by [[Boot|boot]] after restarting.
|-
| 0x1
| 0x1
| BootImagesSafe status. Set to 1 by [[NS_Services|NS]] during a system update and cleared by [[Boot|boot]] after restarting.
|}
|}


=== Keyblob ===
=== Keyblob ===
Starting at offset 0x180000 is an array of 0x200-byte entries, for a total of 32 keyblobs. Each one is unique compared to the others and they are all console unique.
Starting at offset 0x180000 is an array of 0x200-byte entries, for a total of 32 keyblobs. Each one is unique compared to the others and they are all console unique. This is officially known as the "EKS" (encryption key source) area.


From each 0x200-byte entry only the first 0xB0 bytes effectively form the keyblob as below.
From each 0x200-byte entry only the first 0xB0 bytes effectively form the keyblob as below.
Line 100: Line 129:
|}
|}


The active bootloader's version (offset 0x2330 in the BCT) acts as an index to control which keyblob should be installed into the system.
The active bootloader's version (offset 0x2330 in the BCT) acts as an index (<code>version-1</code>) to control which keyblob should be installed into the system.
[[NS_Services|NS]] uses this during system updates to install the keyblob into the [[BCT#customer_data|customer data]] section in BCTs (offset 0x450).
[[NS_Services|NS]] uses this during system updates to install the keyblob into the [[BCT#customer_data|customer data]] section in BCTs (offset 0x450).


[[Boot]] also uses this index for repairing corrupt sectors.
[[Boot]] also uses this index for repairing corrupt sectors.
The currently active keyblob is officially known as "SecureInfo".
=== NAND Patrol ===
The 0x200 bytes at offset 0x184000 are used by [[Filesystem_services|FS]] for keeping track of NAND patrolling.
{| class="wikitable" border="1"
|-
!  Offset
!  Size
!  Description
|-
| 0x0
| 0x20
| HMAC-SHA-256 over the next 0x1E0 bytes
|-
| 0x20
| 0x4
| Last patrolled NAND block's offset
|-
| 0x24
| 0x4
| NAND patrol count
|-
| 0x28
| 0x1D8
| Unused, all-zero.
|}


== User Partitions ==
== User Partitions ==
Line 109: Line 166:
|-
|-
!  Partition name
!  Partition name
!  Partition type GUID
!  Offset
!  Offset
!  Size
!  Size
!  [[Filesystem_services|Bis]] Partition ID
!  [[Filesystem_services|Bis]] Partition ID
!  Encrypted
!  Description
!  Description
|-
|-
|  N/A
|  N/A
|
|  0x0
|  0x0
|
|  
|  20
|  20
|  GPT header, Bis-storage also allows raw access to the entire NAND eMMC sectors starting at sector0.
|  No
|  GPT header, Bis-storage also allows raw access to the entire NAND eMMC sectors starting at sector0. The official name for this partition is "UserDataRoot".
|-
|-
|  PRODINFO
[[Calibration#CalibrationBinary|PRODINFO]]
|  {98109E25-64E2-4C95-8A77-414916F5BCEB}
|  0x00004400
|  0x00004400
|  0x003FBC00
|  0x003FBC00
|  27
|  27
|  "CAL0" raw partition containing set:cal data.
|  Yes (Bis key 0)
|  "CAL0" raw partition containing set:cal data. The official name for this partition is "CalibrationBinary".
|-
|-
|  PRODINFOF
[[Calibration#CalibrationFile|PRODINFOF]]
|  {F3056AEC-5449-494C-9F2C-5FDCB75B6E6E}
|  0x00400000
|  0x00400000
|  0x00400000
|  0x00400000
|  28
|  28
|  FAT12 filesystem, additional calibration.
|  Yes (Bis key 0)
|  FAT12 filesystem, additional calibration. The official name for this partition is "CalibrationFile".
|-
|-
|  BCPKG2-1-Normal-Main
|  BCPKG2-1-Normal-Main
|  {5365DE36-911B-4BB4-8FF9-AA1EBCD73990}
|  0x00800000
|  0x00800000
|  0x00800000
|  0x00800000
|  21
|  21
For all these packages, data starts at offset 0x4000 and is not console-unique. This is installed from "package2" in firmware package A (0100000000000819) by default. With the exFAT update installed, this is switched to firmware package C (010000000000081B). The data stored here matches the raw /nx/package2 file stored in the 81[9AB] data archives -- there is no additional encryption.
No
|  Raw partition where the first 0x4000 bytes (usually empty) contain the [[BootConfig]] and the remaining space contains the [[Package2|package2]] image from [[Title_list#System_Data_Archives|Title 0100000000000819]] by default. With the exFAT update installed, the [[Package2|package2]] image is switched to the one from [[Title_list#System_Data_Archives|Title 010000000000081B]]. The official name for this partition is "BootConfigAndPackage2Part1".
|-
|-
|  BCPKG2-2-Normal-Sub
|  BCPKG2-2-Normal-Sub
|  {8455717B-BD2B-4162-8454-91695218FC38}
|  0x01000000
|  0x01000000
|  0x00800000
|  0x00800000
|  22
|  22
Identical to BCPKG2-1-Normal-Main, probably used as a backup partition.
No
|  Backup partition for BCPKG2-1-Normal-Main. The official name for this partition is "BootConfigAndPackage2Part2".
|-
|-
|  BCPKG2-3-SafeMode-Main
|  BCPKG2-3-SafeMode-Main
|  {8ED6C9A6-9C48-490B-BBEB-001D17A4C0F7}
|  0x01800000
|  0x01800000
|  0x00800000
|  0x00800000
|  23
|  23
This is installed from "package2" in firmware package B (010000000000081A).
No
|  Raw partition where the first 0x4000 bytes (usually empty) contain the [[BootConfig]] and the remaining space contains the [[Package2|package2]] image from [[Title_list#System_Data_Archives|Title 010000000000081A]] by default. On [4.0.0+] and with the exFAT update installed, the [[Package2|package2]] image is switched to the one from [[Title_list#System_Data_Archives|Title 010000000000081C]]. The official name for this partition is "BootConfigAndPackage2Part3".
|-
|-
|  BCPKG2-4-SafeMode-Sub
|  BCPKG2-4-SafeMode-Sub
|  {5E99751C-56C9-47CC-AA30-B65039888917}
|  0x02000000
|  0x02000000
|  0x00800000
|  0x00800000
|  24
|  24
Identical to BCPKG2-3-SafeMode-Main.
No
|  Backup partition for BCPKG2-3-SafeMode-Main. The official name for this partition is "BootConfigAndPackage2Part4".
|-
|-
|  BCPKG2-5-Repair-Main
|  BCPKG2-5-Repair-Main
|  {C447D9A2-24B7-468A-98C8-595CD077165A}
|  0x02800000
|  0x02800000
|  0x00800000
|  0x00800000
|  25
|  25
|  Installed at the factory.
|  No
|  Installed at the factory, never written afterwards on retail. In one case this is identical to normal [[1.0.0]] [[Package2|package2]], except this has encrypted data at the end padded for 0x1000-byte alignment. The official name for this partition is "BootConfigAndPackage2Part5".
|-
|-
|  BCPKG2-6-Repair-Sub
|  BCPKG2-6-Repair-Sub
|  {9586E1A1-3AA2-4C90-91B3-2F4A5195B4D2}
|  0x03000000
|  0x03000000
|  0x00800000
|  0x00800000
|  26
|  26
Identical to BCPKG2-5-Repair-Main.
No
|  Backup partition for BCPKG2-5-Repair-Main. The official name for this partition is "BootConfigAndPackage2Part6".
|-
|-
|  SAFE
|  SAFE
|  {A44F9F6B-4ED3-441F-A34A-56AAA136BC6A}
|  0x03800000
|  0x03800000
|  0x04000000
|  0x04000000
|  29
|  29
|  FAT32 filesystem.
|  Yes (Bis key 1)
|  FAT32 filesystem. The official name for this partition is "SafeMode".
|-
|-
|  SYSTEM
|  SYSTEM
|  {ACB0CDF0-4F72-432D-AA0D-5388C733B224}
|  0x07800000  
|  0x07800000  
|  0xA0000000
|  0xA0000000
|  31 (and 32?)
|  31, 32 and 33
|  FAT32 filesystem.
|  Yes (Bis key 2)
|  FAT32 filesystem. The official names for these partitions are "System", "SystemProperEncryption" and "SystemProperPartition".
|-
|-
|  USER
|  USER
|  {2B777F63-E842-47AF-94C4-25A7F18B2280}
|  0xA7800000
|  0xA7800000
|  0x680000000
|  0x680000000
|  30
|  30
|  Yes (Bis key 3)
|  FAT32 filesystem.
|  FAT32 filesystem.
|-
|-
|
|  
|  
| 0x747BFFE00
| 0x747BFFE00
| 0x200
| 0x200
|  
|  
| This is the backup GPT header specified by the main GPT header. This is also the last sector readable with Bis-storage paritionID 20.
| No
This is the backup GPT header specified by the main GPT header. This is also the last sector readable with Bis-storage paritionID 20.
|}
|}


If the client process lacks the relevant permission for any of the above partition IDs, error 0x2EE202 is returned.
If the client process lacks the relevant permission for any of the above partition IDs, error 0x2EE202 is returned.


[[NCA]]s stored in NAND are raw, identical to the data readable with [[Content_Manager_services#ReadEntryRaw]].
[[NCA]]s stored in NAND are raw, identical to the data readable with [[NCM_services#ReadContentIdFile]].


The filenames for saveimages is just "<lower-case hex u64 saveID>". SYSTEM-partition saveIDs are specified by [[Filesystem_services|FS]] commands, while USER-partition saveIDs are determined by FS-module internally. The high u32 of the saveID is normally either 0x00000000 or 0x80000000.
The filenames for saveimages is just "<lower-case hex u64 saveID>". SYSTEM-partition saveIDs are specified by [[Filesystem_services|FS]] commands, while USER-partition saveIDs are determined by FS-module internally. The high u32 of the saveID is normally either 0x00000000 or 0x80000000.


=== PRODINFOF ===
Encrypted partitions use AES-XTS using the same non-standard tweak (tweak[0] = sectorIdx[MSB] .. tweak[15] = sectorIdx[LSB], if using 32bit sectorIdx that means tweak[0]..tweak[11] are 0, with tweak[12]..tweak[15] containing big-endian sectorIdx) as other Nintendo AES-XTS code, initial_sector = 0, and sector size 0x4000. All encrypted partitions use console unique keydata.
PRODINFOF
├── Certifications
│  └── WirelessCertification.png
└── ptd
    ├── DeviceIdWithEmsBit.dat
    ├── Ecid.dat
    ├── prodCode.dat
    └── log
        ├── Process_asm1.log
        ├── Process_board1.log
        ├── TestFlagLine.log
        ├── TestFlagQc.log
        ├── AGING
        │  └── Sequence.log
        ├── BOARD_TEST
        │  └── Sequence.log
        ├── BOARD_WIRELESS
        │  └── Sequence.log
        ├── FINAL_CHECK
        │  └── Sequence.log
        ├── LCD_AND_KEY
        │  └── Sequence.log
        └── USB_AND_HP
            └── Sequence.log
 
==== DeviceIdWithEmsBit.dat ====
Contains a 0x10-byte uppercase hex string, identical to the DeviceId in the [[Settings_services|DeviceCert]].


=== SYSTEM ===
=== SYSTEM ===
Line 274: Line 332:
On a v2.1 system with MountBis, the only thing under here is "PRF2SAFE.RCV".
On a v2.1 system with MountBis, the only thing under here is "PRF2SAFE.RCV".


= System Savegames =
== SystemSaveData ==
 
See [[SystemSaveData]].
This is a listing of known System Savedata and what titles they correspond to.
 
{| class="wikitable" border="1"
! SaveID || Owner || Mount || Notes
|-
| 0x8000000000000010 || account || <nowiki>account:/</nowiki> || Account database.
|-
| 0x8000000000000011 || account || <nowiki>idgen:/</nowiki> ||
|-
| 0x8000000000000020 || nfc || <nowiki>data:/</nowiki> || NFC data and backups.
|-
| 0x8000000000000030 || ns || <nowiki>mii:/</nowiki> || Mii database.
|-
| 0x8000000000000031 || ns || <nowiki>mii:/</nowiki> || Mii test mode database.
|-
| 0x8000000000000040 || ns || <nowiki>apprecdb:/</nowiki> ||
|-
| 0x8000000000000041 || ns || <nowiki>nsaccache:/</nowiki> || Home menu icondata/lru list for recently played games.
|-
| 0x8000000000000043 || ns || <nowiki>ns_appman:/</nowiki> ||
|-
| 0x8000000000000044 || ns || <nowiki>ns_sysup:/</nowiki> || Content update context.
|-
| 0x8000000000000045 || ns || <nowiki>vmdb:/</nowiki> || Version List/Required Version List storage.
|-
| 0x8000000000000046 || ns || <nowiki>dtlman:/</nowiki> ||
|-
| 0x8000000000000047 || ns || <nowiki>ns_exfat:/</nowiki> ||
|-
| 0x8000000000000048 || ns || <nowiki>ns_systemseed:/</nowiki> ||
|-
| 0x8000000000000050 || settings || <nowiki>SystemSettings:/</nowiki> ||
|-
| 0x8000000000000051 || settings || <nowiki>FwdbgSettingsS:/</nowiki> ||
|-
| 0x8000000000000052 || settings || <nowiki>PrivateSettings:/</nowiki> ||
|-
| 0x8000000000000053 || settings || <nowiki>DeviceSettings:/</nowiki> ||
|-
| 0x8000000000000054 || settings || <nowiki>ApplnSettings:/</nowiki> ||
|-
| 0x8000000000000060 || ssl || <nowiki>SslSave:/</nowiki> ||
|-
| 0x8000000000000070 || nim || <nowiki>nim_sys:/</nowiki> ||
|-
| 0x8000000000000071 || nim || <nowiki>nim_net:/</nowiki> ||
|-
| 0x8000000000000072 || nim || <nowiki>nim_tmp:/</nowiki> ||
|-
| 0x8000000000000073 || nim || <nowiki>nim_dac:/</nowiki> ||
|-
| 0x8000000000000074 || nim || <nowiki>nim_delta:/</nowiki> ||
|-
| 0x8000000000000075 || nim || <nowiki>nim_vac:/</nowiki> ||
|-
| 0x8000000000000080 || friends || <nowiki>friends:/</nowiki> ||
|-
| 0x8000000000000081 || friends || <nowiki>friends-sys:/</nowiki> ||
|-
| 0x8000000000000082 || friends || <nowiki>friends-image:/</nowiki> ||
|-
| 0x8000000000000090 || bcat || <nowiki>news:/</nowiki> || Actual news msgpack archives.
|-
| 0x8000000000000091 || bcat || <nowiki>news-sys:/</nowiki> || News metadata, tasklist, history, database, required system version, etc.
|-
| 0x8000000000000092 || bcat || <nowiki>news-dl:/</nowiki> || Storage for newly(?) downloaded news list/data.
|-
| 0x80000000000000A0 || bcat || <nowiki>prepo-sys:/</nowiki> || Play Report system information.
|-
| 0x80000000000000A1 || bcat || <nowiki>prepo:/</nowiki> || Play Report msgpack archives.
|-
| 0x80000000000000B0 || bsdsockets || <nowiki>nsdsave:/</nowiki> || Socket configuration saved data.
|-
| 0x80000000000000C1 || bcat || <nowiki>bcat-sys:/</nowiki> ||
|-
| 0x80000000000000C2 || bcat || <nowiki>bcat-dl:/</nowiki> ||
|-
| 0x80000000000000D1 || erpt || <nowiki>save:/</nowiki> || Contains "/journal" report listing + actual crash reports ("/%08x-%04x-%04x-%02x%02x-%04x%08x"), which are serialized via [http://msgpack.org/ MsgPack].
|-
| 0x80000000000000E0 || es || <nowiki>escertificate:/</nowiki> ||
|-
| 0x80000000000000E1 || es || <nowiki>escommon:/</nowiki> ||
|-
| 0x80000000000000E2 || es || <nowiki>espersonalized:/</nowiki> ||
|-
| 0x80000000000000F0 || ns || <nowiki>pdm:/</nowiki> || Play Data log.
|-
| 0x8000000000000100 || pctl || <nowiki>pctlss:/</nowiki> || Parental Control settings.
|-
| 0x8000000000000110 || npns || <nowiki>npns_save:/</nowiki> || Push notifications persistent storage.
|-
| 0x8000000000000120 || ncm || ? || meta/imkvdb.arc for system partition.
|-
| 0x8000000000000121 || ncm || ? || meta/imkvdb.arc for sd partition.
|-
|}
Retrieved from "https://switchbrew.org/wiki/Flash_Filesystem"