Nintendo Switch Brew

Flash Filesystem: Difference between revisions

← Older edit
Specify which bis keys are used for which partitions
No edit summary
 
(40 intermediate revisions by 8 users not shown)
Line 5: Line 5:


== Boot Partitions ==
== Boot Partitions ==
'''Boot Partition 0 (0 of 1)'''
'''Boot Partition 0 (0 of 1)'''


Line 33: Line 32:
|-
|-
|  0x010000
|  0x010000
0xF0000
0xEC000
60 additional BCTs, normally unused/empty on retail systems.
59 additional BCTs, normally unused/empty on retail systems.
|-
|  0x0FC000
|  0x4000
|  [[#System Update Control|System Update Control area]]
|-
|-
|  0x100000
|  0x100000
Line 49: Line 52:
|-
|-
|  0x184000
|  0x184000
0x20
0x200
Unknown pseudorandom data, often changes on reboot. All zero on 1.0.
[2.0.0+] [[#NAND Patrol|NAND Patrol area]]
|-
|  0x184020
|  0x8?
| Increments on every boot until hitting a certain number? Bottom 10 bits (0x3FF) are always zero. All zero on 1.0.
|}
|}


Line 74: Line 73:
|  0x40000
|  0x40000
|  SafeMode Firmware [[Package1|package1]] from [[Title_list#System_Data_Archives|Title 010000000000081A]] (backup)
|  SafeMode Firmware [[Package1|package1]] from [[Title_list#System_Data_Archives|Title 010000000000081A]] (backup)
|-
|  0x080000
|  0x40000
|  Reserved
|-
|  0x0C0000
|  0x40000
|  Reserved
|}
=== System Update Control ===
The 0x4000 bytes at offset 0xFC000 are used by [[NS_Services|NS]] and [[Boot|boot]] for keeping track of the status of a system update. This area is used by the [[NS_Services#ISystemUpdateControl|ISystemUpdateControl]] commands [[NS_Services#ApplyDownloadedUpdate|ApplyDownloadedUpdate]], [[NS_Services#ApplyCardUpdate|ApplyCardUpdate]] and [[NS_Services#ApplyReceivedUpdate|ApplyReceivedUpdate]].
{| class="wikitable" border="1"
|-
!  Offset
!  Size
!  Description
|-
| 0x0
| 0x1
| BootImages status. Set to 1 by [[NS_Services|NS]] during a system update and cleared by [[Boot|boot]] after restarting.
|-
| 0x1
| 0x1
| BootImagesSafe status. Set to 1 by [[NS_Services|NS]] during a system update and cleared by [[Boot|boot]] after restarting.
|}
|}


Line 104: Line 129:
|}
|}


The active bootloader's version (offset 0x2330 in the BCT) acts as an index to control which keyblob should be installed into the system.
The active bootloader's version (offset 0x2330 in the BCT) acts as an index (<code>version-1</code>) to control which keyblob should be installed into the system.
[[NS_Services|NS]] uses this during system updates to install the keyblob into the [[BCT#customer_data|customer data]] section in BCTs (offset 0x450).
[[NS_Services|NS]] uses this during system updates to install the keyblob into the [[BCT#customer_data|customer data]] section in BCTs (offset 0x450).


Line 110: Line 135:


The currently active keyblob is officially known as "SecureInfo".
The currently active keyblob is officially known as "SecureInfo".
=== NAND Patrol ===
The 0x200 bytes at offset 0x184000 are used by [[Filesystem_services|FS]] for keeping track of NAND patrolling.
{| class="wikitable" border="1"
|-
!  Offset
!  Size
!  Description
|-
| 0x0
| 0x20
| HMAC-SHA-256 over the next 0x1E0 bytes
|-
| 0x20
| 0x4
| Last patrolled NAND block's offset
|-
| 0x24
| 0x4
| NAND patrol count
|-
| 0x28
| 0x1D8
| Unused, all-zero.
|}


== User Partitions ==
== User Partitions ==
Line 115: Line 166:
|-
|-
!  Partition name
!  Partition name
!  Partition type GUID
!  Offset
!  Offset
!  Size
!  Size
Line 122: Line 174:
|-
|-
|  N/A
|  N/A
|
|  0x0
|  0x0
|
|  
|  20
|  20
|  No
|  No
|  GPT header, Bis-storage also allows raw access to the entire NAND eMMC sectors starting at sector0. The official name for this partition is "UserDataRoot".
|  GPT header, Bis-storage also allows raw access to the entire NAND eMMC sectors starting at sector0. The official name for this partition is "UserDataRoot".
|-
|-
|  PRODINFO
[[Calibration#CalibrationBinary|PRODINFO]]
|  {98109E25-64E2-4C95-8A77-414916F5BCEB}
|  0x00004400
|  0x00004400
|  0x003FBC00
|  0x003FBC00
Line 135: Line 189:
|  "CAL0" raw partition containing set:cal data. The official name for this partition is "CalibrationBinary".
|  "CAL0" raw partition containing set:cal data. The official name for this partition is "CalibrationBinary".
|-
|-
|  PRODINFOF
[[Calibration#CalibrationFile|PRODINFOF]]
|  {F3056AEC-5449-494C-9F2C-5FDCB75B6E6E}
|  0x00400000
|  0x00400000
|  0x00400000
|  0x00400000
Line 143: Line 198:
|-
|-
|  BCPKG2-1-Normal-Main
|  BCPKG2-1-Normal-Main
|  {5365DE36-911B-4BB4-8FF9-AA1EBCD73990}
|  0x00800000
|  0x00800000
|  0x00800000
|  0x00800000
Line 150: Line 206:
|-
|-
|  BCPKG2-2-Normal-Sub
|  BCPKG2-2-Normal-Sub
|  {8455717B-BD2B-4162-8454-91695218FC38}
|  0x01000000
|  0x01000000
|  0x00800000
|  0x00800000
Line 157: Line 214:
|-
|-
|  BCPKG2-3-SafeMode-Main
|  BCPKG2-3-SafeMode-Main
|  {8ED6C9A6-9C48-490B-BBEB-001D17A4C0F7}
|  0x01800000
|  0x01800000
|  0x00800000
|  0x00800000
Line 164: Line 222:
|-
|-
|  BCPKG2-4-SafeMode-Sub
|  BCPKG2-4-SafeMode-Sub
|  {5E99751C-56C9-47CC-AA30-B65039888917}
|  0x02000000
|  0x02000000
|  0x00800000
|  0x00800000
Line 171: Line 230:
|-
|-
|  BCPKG2-5-Repair-Main
|  BCPKG2-5-Repair-Main
|  {C447D9A2-24B7-468A-98C8-595CD077165A}
|  0x02800000
|  0x02800000
|  0x00800000
|  0x00800000
Line 178: Line 238:
|-
|-
|  BCPKG2-6-Repair-Sub
|  BCPKG2-6-Repair-Sub
|  {9586E1A1-3AA2-4C90-91B3-2F4A5195B4D2}
|  0x03000000
|  0x03000000
|  0x00800000
|  0x00800000
Line 185: Line 246:
|-
|-
|  SAFE
|  SAFE
|  {A44F9F6B-4ED3-441F-A34A-56AAA136BC6A}
|  0x03800000
|  0x03800000
|  0x04000000
|  0x04000000
Line 192: Line 254:
|-
|-
|  SYSTEM
|  SYSTEM
|  {ACB0CDF0-4F72-432D-AA0D-5388C733B224}
|  0x07800000  
|  0x07800000  
|  0xA0000000
|  0xA0000000
|  31 and 32
|  31, 32 and 33
|  Yes (Bis key 2)
|  Yes (Bis key 2)
|  FAT32 filesystem. The official name for this partition is "SystemProperEncryption".
|  FAT32 filesystem. The official names for these partitions are "System", "SystemProperEncryption" and "SystemProperPartition".
|-
|-
|  USER
|  USER
|  {2B777F63-E842-47AF-94C4-25A7F18B2280}
|  0xA7800000
|  0xA7800000
|  0x680000000
|  0x680000000
Line 205: Line 269:
|  FAT32 filesystem.
|  FAT32 filesystem.
|-
|-
|
|  
|  
| 0x747BFFE00
| 0x747BFFE00
Line 215: Line 280:
If the client process lacks the relevant permission for any of the above partition IDs, error 0x2EE202 is returned.
If the client process lacks the relevant permission for any of the above partition IDs, error 0x2EE202 is returned.


[[NCA]]s stored in NAND are raw, identical to the data readable with [[Content_Manager_services#ReadEntryRaw]].
[[NCA]]s stored in NAND are raw, identical to the data readable with [[NCM_services#ReadContentIdFile]].


The filenames for saveimages is just "<lower-case hex u64 saveID>". SYSTEM-partition saveIDs are specified by [[Filesystem_services|FS]] commands, while USER-partition saveIDs are determined by FS-module internally. The high u32 of the saveID is normally either 0x00000000 or 0x80000000.
The filenames for saveimages is just "<lower-case hex u64 saveID>". SYSTEM-partition saveIDs are specified by [[Filesystem_services|FS]] commands, while USER-partition saveIDs are determined by FS-module internally. The high u32 of the saveID is normally either 0x00000000 or 0x80000000.


Encrypted partitions use AES-XTS using the same non-standard tweak (tweak[0] = sectorIdx[MSB] .. tweak[15] = sectorIdx[LSB], if using 32bit sectorIdx that means tweak[0]..tweak[11] are 0, with tweak[12]..tweak[15] containing big-endian sectorIdx) as other Nintendo AES-XTS code, initial_sector = 0, and sector size 0x4000. All encrypted partitions use console unique keydata.
Encrypted partitions use AES-XTS using the same non-standard tweak (tweak[0] = sectorIdx[MSB] .. tweak[15] = sectorIdx[LSB], if using 32bit sectorIdx that means tweak[0]..tweak[11] are 0, with tweak[12]..tweak[15] containing big-endian sectorIdx) as other Nintendo AES-XTS code, initial_sector = 0, and sector size 0x4000. All encrypted partitions use console unique keydata.
=== PRODINFOF ===
PRODINFOF
├── Certifications
│  └── WirelessCertification.png
└── ptd
    ├── DeviceIdWithEmsBit.dat
    ├── Ecid.dat
    ├── prodCode.dat
    └── log
        ├── Process_asm1.log
        ├── Process_board1.log
        ├── TestFlagLine.log
        ├── TestFlagQc.log
        ├── AGING
        │  └── Sequence.log
        ├── BOARD_TEST
        │  └── Sequence.log
        ├── BOARD_WIRELESS
        │  └── Sequence.log
        ├── FINAL_CHECK
        │  └── Sequence.log
        ├── LCD_AND_KEY
        │  └── Sequence.log
        └── USB_AND_HP
            └── Sequence.log
==== DeviceIdWithEmsBit.dat ====
Contains a 0x10-byte uppercase hex string, identical to the DeviceId in the [[Settings_services|DeviceCert]].


=== SYSTEM ===
=== SYSTEM ===
Line 296: Line 332:
On a v2.1 system with MountBis, the only thing under here is "PRF2SAFE.RCV".
On a v2.1 system with MountBis, the only thing under here is "PRF2SAFE.RCV".


= System Savegames =
== SystemSaveData ==
 
See [[SystemSaveData]].
This is a listing of known System Savedata and what titles they correspond to.
 
{| class="wikitable" border="1"
! SaveID || Owner || Mount || Notes
|-
| 0x8000000000000000 || || ||
|-
| 0x8000000000000010 || account || <nowiki>account:/</nowiki> || Account database.
|-
| 0x8000000000000011 || account || <nowiki>idgen:/</nowiki> ||
|-
| 0x8000000000000020 || nfc || <nowiki>data:/</nowiki> || NFC data and backups.
|-
| 0x8000000000000030 || ns || <nowiki>mii:/</nowiki> || Mii database.
|-
| 0x8000000000000031 || ns || <nowiki>mii:/</nowiki> || Mii test mode database.
|-
| 0x8000000000000040 || ns || <nowiki>apprecdb:/</nowiki> ||
|-
| 0x8000000000000041 || ns || <nowiki>nsaccache:/</nowiki> || Home menu icondata/lru list for recently played games.
|-
| 0x8000000000000043 || ns || <nowiki>ns_appman:/</nowiki> ||
|-
| 0x8000000000000044 || ns || <nowiki>ns_sysup:/</nowiki> || Content update context.
|-
| 0x8000000000000045 || ns || <nowiki>vmdb:/</nowiki> || Version List/Required Version List storage.
|-
| 0x8000000000000046 || ns || <nowiki>dtlman:/</nowiki> ||
|-
| 0x8000000000000047 || ns || <nowiki>ns_exfat:/</nowiki> ||
|-
| 0x8000000000000048 || ns || <nowiki>ns_systemseed:/</nowiki> ||
|-
| 0x8000000000000050 || settings || <nowiki>SystemSettings:/</nowiki> ||
|-
| 0x8000000000000051 || settings || <nowiki>FwdbgSettingsS:/</nowiki> ||
|-
| 0x8000000000000052 || settings || <nowiki>PrivateSettings:/</nowiki> ||
|-
| 0x8000000000000053 || settings || <nowiki>DeviceSettings:/</nowiki> ||
|-
| 0x8000000000000054 || settings || <nowiki>ApplnSettings:/</nowiki> ||
|-
| 0x8000000000000060 || ssl || <nowiki>SslSave:/</nowiki> ||
|-
| 0x8000000000000070 || nim || <nowiki>nim_sys:/</nowiki> ||
|-
| 0x8000000000000071 || nim || <nowiki>nim_net:/</nowiki> ||
|-
| 0x8000000000000072 || nim || <nowiki>nim_tmp:/</nowiki> ||
|-
| 0x8000000000000073 || nim || <nowiki>nim_dac:/</nowiki> ||
|-
| 0x8000000000000074 || nim || <nowiki>nim_delta:/</nowiki> ||
|-
| 0x8000000000000075 || nim || <nowiki>nim_vac:/</nowiki> ||
|-
| 0x8000000000000080 || friends || <nowiki>friends:/</nowiki> ||
|-
| 0x8000000000000081 || friends || <nowiki>friends-sys:/</nowiki> ||
|-
| 0x8000000000000082 || friends || <nowiki>friends-image:/</nowiki> ||
|-
| 0x8000000000000090 || bcat || <nowiki>news:/</nowiki> || Actual news msgpack archives.
|-
| 0x8000000000000091 || bcat || <nowiki>news-sys:/</nowiki> || News metadata, tasklist, history, database, required system version, etc.
|-
| 0x8000000000000092 || bcat || <nowiki>news-dl:/</nowiki> || Storage for newly(?) downloaded news list/data.
|-
| 0x80000000000000A0 || bcat || <nowiki>prepo-sys:/</nowiki> || Play Report system information.
|-
| 0x80000000000000A1 || bcat || <nowiki>prepo:/</nowiki> || Play Report msgpack archives.
|-
| 0x80000000000000B0 || bsdsockets || <nowiki>nsdsave:/</nowiki> || Socket configuration saved data.
|-
| 0x80000000000000C1 || bcat || <nowiki>bcat-sys:/</nowiki> ||
|-
| 0x80000000000000C2 || bcat || <nowiki>bcat-dl:/</nowiki> ||
|-
| 0x80000000000000D1 || erpt || <nowiki>save:/</nowiki> || Contains "/journal" report listing + actual crash reports ("/%08x-%04x-%04x-%02x%02x-%04x%08x"), which are serialized via [http://msgpack.org/ MsgPack].
|-
| 0x80000000000000E0 || es || <nowiki>escertificate:/</nowiki> ||
|-
| 0x80000000000000E1 || es || <nowiki>escommon:/</nowiki> ||
|-
| 0x80000000000000E2 || es || <nowiki>espersonalized:/</nowiki> ||
|-
| 0x80000000000000F0 || ns || <nowiki>pdm:/</nowiki> || Play Data log.
|-
| 0x8000000000000100 || pctl || <nowiki>pctlss:/</nowiki> || Parental Control settings.
|-
| 0x8000000000000110 || npns || <nowiki>npns_save:/</nowiki> || Push notifications persistent storage.
|-
| 0x8000000000000120 || ncm || ? || meta/[[IMKV|imkvdb.arc]] for system partition. Cache of data extracted from the [[NCA|.cnmt]] for installed titles?(Including 816)
|-
| 0x8000000000000121 || ncm || ? || meta/[[IMKV|imkvdb.arc]] for sd partition. In some cases this save only contains a "meta/" directory without any file.
|-
| 0x8000000000000122 || || ||
|-
| 0x8000000000001010 || || ||
|-
| 0x8000000000001040 || || ||
|-
| 0x8000000000001050 || || ||
|-
| 0x8000000000001070 || || ||
|-
| 0x80000000000010B0 || || ||
|-
| 0x0000000000000001 || || ||
|-
| 0x0000000000000003 || || ||
|-
| 0x0000000000000004 || || ||
|-
| 0x0000000000000005 || || ||
|-
| 0x0000000000000006 || || ||
|-
| 0x0000000000000007 || || ||
|-
| 0x0000000000000008 || || ||
|-
| 0x0000000000000009 || || ||
|-
| 0x000000000000000A || || ||
|-
| 0x8000000000001060 || || ||
|-
| 0x000000000000000C || || ||
|-
| 0x000000000000000D || || ||
|-
|}
Retrieved from "https://switchbrew.org/wiki/Flash_Filesystem"