Nintendo Switch Brew

Package2: Difference between revisions

← Older edit
Q (talk | contribs)
10 edits
mNo edit summary
No edit summary
 
(49 intermediate revisions by 10 users not shown)
Line 12: Line 12:
| 0x0
| 0x0
| 0x100
| 0x100
| RSA-2048 signature (PKCS#1 v2.1 RSASSA-PSS-VERIFY with SHA256)
| [[#Public Keys|RSA-2048]] signature (PKCS#1 v2.1 RSASSA-PSS-VERIFY with SHA256)
|-
|-
| 0x100
| 0x100
Line 40: Line 40:
| 0x0
| 0x0
| 0x10
| 0x10
| Decrypted header's CTR
| Header's CTR, official code copies the pre-decryption CTR over the decrypted result. Also used as metadata.
|-
|-
| 0x10
| 0x10
Line 64: Line 64:
| 0x54
| 0x54
| 0x4
| 0x4
| Unknown
| Base offset
|-
|-
| 0x58
| 0x58
| 0x4
| 0x4
| Unknown
| Always 0
|-
|-
| 0x5C
| 0x5C
| 0x2
| 0x1
| Version. HighByte must be <{maxver} and LowByte must be >{minver}, where {maxver} and {minver} are constants used by TZ updated with each package1 update.
| Package2 version. Must be >= {minimum valid package2 version} constant in TZ.
|-
| 0x5D
| 0x1
| Bootloader version. Must be <= {current bootloader version} constant in TZ.
|-
|-
| 0x5E
| 0x5E
| 0x2
| 0x2
| ?
| Padding
|-
|-
| 0x60
| 0x60
Line 96: Line 100:
| 0x70
| 0x70
| 0x4
| 0x4
| Unknown
| Section 0 offset
|-
|-
| 0x74
| 0x74
| 0x4
| 0x4
| Unknown
| Section 1 offset
|-
|-
| 0x78
| 0x78
| 0x4
| 0x4
| Unknown
| Section 2 offset
|-
|-
| 0x7C
| 0x7C
| 0x4
| 0x4
| Unknown
| Section 3 offset
|-
|-
| 0x80
| 0x80
Line 128: Line 132:


Each section follows each other immediately and is encrypted with the same key used for encrypting the header.
Each section follows each other immediately and is encrypted with the same key used for encrypting the header.
The section offsets are relative to a base, which is typically 0x80000000 pointing to the base of DRAM.
Before being decrypted, the encrypted header's CTR additionally encodes metadata used to validate package2's contents as follows:
* Size of the entire package2 with the raw header = ctr_word2 ^ ctr_word3 ^ ctr_word0
* Key generation = ((ctr_word1 ^ (ctr_word1 >> 16)) & 0xFF) ^ (ctr_word1 >> 24)
In [4.0.0], the key generation must be less or equal to 4.


== Section 0 ==
== Section 0 ==
Line 134: Line 145:
== Section 1 ==
== Section 1 ==
When decrypted, this section contains the built-in system modules encapsulated in a custom format.
When decrypted, this section contains the built-in system modules encapsulated in a custom format.
Note: On firmware [[8.0.0]] INI1 is contained within the Kernel and section 1 is empty with NULL SHA256 to match.


=== INI1 ===
=== INI1 ===
Line 139: Line 152:
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| Magic "INI1"
| Magic "INI1"
|-
|-
| 0x4
| 0x4
| u32
| 0x4
| Size
| Size
|-
|-
| 0x8
| 0x8
| u32
| 0x4
| NumberProcesses
| Number of KIPs (Must be lower than 0x51)
|-
|-
| 0xC
| 0xC
| u32
| 0x4
| Zero
| Reserved
|}
|}


==== KIP1 ====
== Section 2 ==
Kernel internal process?
This section has a valid CTR and SHA-256 hash (over NULL) stored in the package2's header, but it's size is always 0. Likely reserved for future expansion.
 
== Section 3 ==
This section is not present (CTR and SHA-256 hash in package2's header are NULL). Likely reserved for future expansion.


= Versions =
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Offset
! System version
! Type
! Bootloader current version
! Description
! Package2 minimum valid version
|-
| 0x0
| u32
| Magic "KIP1"
|-
|-
| [[1.0.0]]
| 0x1
| 0x4
| 0x4
| char[12]
| Name
|-
|-
| 0x10
| [[2.0.0]]
| u64
| 0x2
| TitleId
| 0x5
|-
|-
| 0x18
| [[3.0.0]]
| u32
| 0x3
|  
| 0x6
|-
|-
| 0x1C
| [[3.0.2]]
| u32
| 0x4
| Flags / etc. Byte3 bit0-2: compression-enable for each section, when set.
| 0x7
|-
|-
| 0x20
| [[4.0.0]]
| [[#SectionHeader]][3]
| 0x5
| Sections
| 0x8
|-
|-
| 0x50
| [[5.0.0]]
| char[0x20]
| 0x6
| Padding
| 0x9
|-
|-
| 0x70
| [[6.0.0]]
| u64[0x20]
| 0x7
| KernelCaps
| 0xA
|}
 
===== SectionHeader =====
{| class="wikitable" border="1"
|-
|-
! Offset
| [[6.2.0]]
! Type
| 0x8
! Description
| 0xB
|-
|-
| 0x0
| [[7.0.0]]
| u32
| 0x9
| OutOffset
| 0xC
|-
|-
| 0x4
| [[8.1.0]]
| u32
| 0xA
| DecompressedSize
| 0xD
|-
|-
| 0x8
| [[9.0.0]]
| u32
| 0xB
| CompressedSize
| 0xE
|-
|-
| [[9.1.0]]
| 0xC
| 0xC
| u32
| 0xF
|  
|-
|}
| [[10.0.0]]
 
| 0xD
===== Compression =====
| 0x10
The compression used here is BLZ, with a modified footer since 3ds. The footer is now 0xC bytes instead of 0x8, and has the form u32 compressed_data_len; u32 initial_index; u32 additional_len_when_uncompressed;
|-
 
| [[11.0.0]]
== Section 2 ==
| 0xE
This section has a valid CTR and SHA-256 hash (over NULL) stored in the package2's header, but it's size is always 0. Likely reserved for future expansion.
| 0x11
 
== Section 3 ==
This section is not present (CTR and SHA-256 hash in package2's header are NULL). Likely reserved for future expansion.
 
= Versions =
{| class="wikitable" border="1"
|-
|-
! System version
| [[12.0.2]]
! Package1 maxver constant
| 0xF
! Package1 minver constant
| 0x12
! Package2 version field
|-
|-
| [[2.0.0]]
| [[12.1.0]]
| 0x3
| 0xF
| 0x4
| 0x13
|-
|-
| [[4.1.0]]
| [[13.0.0]]
| 0x6
| 0xF
| 0x7
| 0x14
|  
|}
|}


= Public Keys =
= Public Keys =


== Exponent ==
=== Exponent ===
  10001
  0x10001
 
== 4.1.0 ==


=== Retail Modulus ===
=== Retail Modulus ===
Retrieved from "https://switchbrew.org/wiki/Package2"