NPDM: Difference between revisions
Jump to navigation
Jump to search
whoever wrote this is an old crappy version of ACID |
|||
| Line 141: | Line 141: | ||
= ACI0 = | = ACI0 = | ||
{| class="wikitable" border="1" | |||
|- | |||
! Offset | |||
! Size | |||
! Description | |||
|- | |||
| 0x0 | |||
| 0x4 | |||
| Magic "ACI0". | |||
|- | |||
| 0x4 | |||
| 0xC | |||
| Zeroes | |||
|- | |||
| 0x10 | |||
| 0x8 | |||
| Title id | |||
|- | |||
| 0x18 | |||
| 0x8 | |||
| Padding | |||
|- | |||
| 0x20 | |||
| 0x4 | |||
| [[#FS Access Control]] offset | |||
|- | |||
| 0x24 | |||
| 0x4 | |||
| [[#FS Access Control]] size | |||
|- | |||
| 0x28 | |||
| 0x4 | |||
| [[#Service Access Control]] offset | |||
|- | |||
| 0x2C | |||
| 0x4 | |||
| [[#Service Access Control]] size | |||
|- | |||
| 0x30 | |||
| 4 | |||
| [[#Kernel Access Control]] offset | |||
|- | |||
| 0x34 | |||
| 4 | |||
| [[#Kernel Access Control]] size | |||
|- | |||
| 0x38 | |||
| 0x8 | |||
| Padding | |||
|} | |||
= FS Access Control = | = FS Access Control = | ||
Revision as of 00:26, 18 September 2017
This is the Switch equivalent of 3DS exheader. This is the file with extension ".npdm" in {Switch ExeFS}. The size of this file varies.
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x80 | META |
| 0x80 | <Varies> | ACID |
| <See META> | <See META> | ACI0 |
META
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Magic "META". |
| 0x4 | ||
| 0xE | 1 | MainThreadPrio |
| 0xF | 1 | DefaultCpuId |
| 0x10 | ||
| 0x1C | 4 | MainStackSize |
| 0x20 | ? | Title name |
| 0x70 | 0x4 | #ACI0 offset |
| 0x74 | 0x4 | #ACI0 size |
| 0x78 | 0x4 | #ACID offset |
| 0x7C | 0x4 | #ACID size |
ACID
| Offset | Size | Description |
|---|---|---|
| 0 | 0x100 | RSA-2048 signature, seems to verify the data starting at 0x100 with the size field from 0x204. |
| 0x100 | 0x100 | RSA-2048 public key, seems to be used for the second NCA signature. |
| 0x200 | 0x4 | Magic "ACID". |
| 0x204 | 0x4 | s32 Size field used with the above signature(?). |
| 0x208 | 0x4 | Zeroes |
| 0x20C | 0x4 | Retail flag. Must be 1 on retail, on devunit 0 is also allowed. |
| 0x210 | 0x8 | Title id |
| 0x218 | 0x8 | Title id again |
| 0x220 | 0x4 | #FS Access Control offset |
| 0x224 | 0x4 | #FS Access Control size |
| 0x228 | 0x4 | #Service Access Control offset |
| 0x22C | 0x4 | #Service Access Control size |
| 0x230 | 4 | #Kernel Access Control offset |
| 0x234 | 4 | #Kernel Access Control size |
| 0x238 | 0x8 | Padding |
ACI0
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x4 | Magic "ACI0". |
| 0x4 | 0xC | Zeroes |
| 0x10 | 0x8 | Title id |
| 0x18 | 0x8 | Padding |
| 0x20 | 0x4 | #FS Access Control offset |
| 0x24 | 0x4 | #FS Access Control size |
| 0x28 | 0x4 | #Service Access Control offset |
| 0x2C | 0x4 | #Service Access Control size |
| 0x30 | 4 | #Kernel Access Control offset |
| 0x34 | 4 | #Kernel Access Control size |
| 0x38 | 0x8 | Padding |
FS Access Control
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x1 | Version? Always 1. Must be non-zero. |
| 0x1 | 0x3 | Padding |
| 0x4 | 0x8 | Permissions bitmask |
| ... | ... | ... |
Permissions bitmask:
| Bit | Description |
|---|---|
| 0 | MountContent* is accessible when set. |
| 34 | Enables access to Bis partitionID 27 and 28? |
| 63 | Enables access to everything: all permission-types which check a bitmask have this bit set. |
For bit62 in permissions, see here.
Web-applets permissions:
- "LibAppletWeb" and "LibAppletOff" have same access control: bit0 and bit3 set, and bit62 set.
- Rest of the web-applets: Same as above except bit0 isn't set.
Service Access Control
This is a list of service-name strings which the title has access to, with the following structure:
+0: control_byte
+1: {service-name without nul-terminator}
Bitmask 0x0F in control_byte is the {length of the service-name without nul-terminator} - 1.
Bitmask 0x80 in control_byte means service is allowed to be registered.
The service string can contain a wildcard * character.
Kernel Access Control
On Switch, descriptors are identified by pattern 01..11 in low bits.
| Pattern of lower bits | Lowest clear bitmask/bit | Type | Fields |
|---|---|---|---|
0bxxxxxxxxxxxx0111
|
Bit3 | KernelFlags | Bit31-24: Highest allowed cpu id, bit23-16: Lowest allowed cpu id, bit15-10: Highest allowed thread prio, bit9-4: Lowest allowed thread prio |
0bxxxxxxxxxxx01111
|
Bit4 | SyscallMask | Bits 29-31: Syscall mask table index; Bits 5-28: Mask |
0bxxxxxxxxx0111111
|
Bit6 | MapIoOrNormalRange | Bits 7-30: Alternating start page and number of pages, bit31: Alternating read-only flag then MemoryAttribute 0x2001/0x42002 selector flag |
0bxxxxxxxx01111111
|
Bit7 | MapNormalPage (RW) | Bits 7-31: Page |
0bxxxx011111111111
|
Bit11 | InterruptPair | Bits 12-21: Irq0, bits 20-31: Irq1, 0x3FF means empty. |
0bxx01111111111111
|
Bit13 | ApplicationType | Bit16-14: ApplicationType, bit16 ignored. Parsed by Process Manager services. |
0bx011111111111111
|
Bit14 | KernelReleaseVersion | Bits 15-X: Version. The raw descriptor is compared with 0x80000, when less than an error is returned. This is equivalent to comparing the bits starting at bit15 with 0x10. This enforces a minimum required version, not a maximum. |
0b0111111111111111
|
Bit15 | HandleTableSize | Bit25-16: Number of handles the table shall fit. |
0b1111111111111111
|
Bit16 | DebugFlags | Bit17: can be debugged, bit18: can debug others |
| All ones | Ignored |
Only certain memory ranges are allowed to be mapped via these descriptors.