Difference between revisions of "NPDM"
Jump to navigation
Jump to search
(whoever wrote this is an old crappy version of ACID) |
|||
Line 141: | Line 141: | ||
= ACI0 = | = ACI0 = | ||
− | + | {| class="wikitable" border="1" | |
+ | |- | ||
+ | ! Offset | ||
+ | ! Size | ||
+ | ! Description | ||
+ | |- | ||
+ | | 0x0 | ||
+ | | 0x4 | ||
+ | | Magic "ACI0". | ||
+ | |- | ||
+ | | 0x4 | ||
+ | | 0xC | ||
+ | | Zeroes | ||
+ | |- | ||
+ | | 0x10 | ||
+ | | 0x8 | ||
+ | | Title id | ||
+ | |- | ||
+ | | 0x18 | ||
+ | | 0x8 | ||
+ | | Padding | ||
+ | |- | ||
+ | | 0x20 | ||
+ | | 0x4 | ||
+ | | [[#FS Access Control]] offset | ||
+ | |- | ||
+ | | 0x24 | ||
+ | | 0x4 | ||
+ | | [[#FS Access Control]] size | ||
+ | |- | ||
+ | | 0x28 | ||
+ | | 0x4 | ||
+ | | [[#Service Access Control]] offset | ||
+ | |- | ||
+ | | 0x2C | ||
+ | | 0x4 | ||
+ | | [[#Service Access Control]] size | ||
+ | |- | ||
+ | | 0x30 | ||
+ | | 4 | ||
+ | | [[#Kernel Access Control]] offset | ||
+ | |- | ||
+ | | 0x34 | ||
+ | | 4 | ||
+ | | [[#Kernel Access Control]] size | ||
+ | |- | ||
+ | | 0x38 | ||
+ | | 0x8 | ||
+ | | Padding | ||
+ | |} | ||
= FS Access Control = | = FS Access Control = |
Revision as of 23:26, 17 September 2017
This is the Switch equivalent of 3DS exheader. This is the file with extension ".npdm" in {Switch ExeFS}. The size of this file varies.
Offset | Size | Description |
---|---|---|
0x0 | 0x80 | META |
0x80 | <Varies> | ACID |
<See META> | <See META> | ACI0 |
META
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | Magic "META". |
0x4 | ||
0xE | 1 | MainThreadPrio |
0xF | 1 | DefaultCpuId |
0x10 | ||
0x1C | 4 | MainStackSize |
0x20 | ? | Title name |
0x70 | 0x4 | #ACI0 offset |
0x74 | 0x4 | #ACI0 size |
0x78 | 0x4 | #ACID offset |
0x7C | 0x4 | #ACID size |
ACID
Offset | Size | Description |
---|---|---|
0 | 0x100 | RSA-2048 signature, seems to verify the data starting at 0x100 with the size field from 0x204. |
0x100 | 0x100 | RSA-2048 public key, seems to be used for the second NCA signature. |
0x200 | 0x4 | Magic "ACID". |
0x204 | 0x4 | s32 Size field used with the above signature(?). |
0x208 | 0x4 | Zeroes |
0x20C | 0x4 | Retail flag. Must be 1 on retail, on devunit 0 is also allowed. |
0x210 | 0x8 | Title id |
0x218 | 0x8 | Title id again |
0x220 | 0x4 | #FS Access Control offset |
0x224 | 0x4 | #FS Access Control size |
0x228 | 0x4 | #Service Access Control offset |
0x22C | 0x4 | #Service Access Control size |
0x230 | 4 | #Kernel Access Control offset |
0x234 | 4 | #Kernel Access Control size |
0x238 | 0x8 | Padding |
ACI0
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | Magic "ACI0". |
0x4 | 0xC | Zeroes |
0x10 | 0x8 | Title id |
0x18 | 0x8 | Padding |
0x20 | 0x4 | #FS Access Control offset |
0x24 | 0x4 | #FS Access Control size |
0x28 | 0x4 | #Service Access Control offset |
0x2C | 0x4 | #Service Access Control size |
0x30 | 4 | #Kernel Access Control offset |
0x34 | 4 | #Kernel Access Control size |
0x38 | 0x8 | Padding |
FS Access Control
Offset | Size | Description |
---|---|---|
0x0 | 0x1 | Version? Always 1. Must be non-zero. |
0x1 | 0x3 | Padding |
0x4 | 0x8 | Permissions bitmask |
... | ... | ... |
Permissions bitmask:
Bit | Description |
---|---|
0 | MountContent* is accessible when set. |
34 | Enables access to Bis partitionID 27 and 28? |
63 | Enables access to everything: all permission-types which check a bitmask have this bit set. |
For bit62 in permissions, see here.
Web-applets permissions:
- "LibAppletWeb" and "LibAppletOff" have same access control: bit0 and bit3 set, and bit62 set.
- Rest of the web-applets: Same as above except bit0 isn't set.
Service Access Control
This is a list of service-name strings which the title has access to, with the following structure:
+0: control_byte +1: {service-name without nul-terminator}
Bitmask 0x0F in control_byte is the {length of the service-name without nul-terminator} - 1.
Bitmask 0x80 in control_byte means service is allowed to be registered.
The service string can contain a wildcard *
character.
Kernel Access Control
On Switch, descriptors are identified by pattern 01..11 in low bits.
Pattern of lower bits | Lowest clear bitmask/bit | Type | Fields |
---|---|---|---|
0bxxxxxxxxxxxx0111
|
Bit3 | KernelFlags | Bit31-24: Highest allowed cpu id, bit23-16: Lowest allowed cpu id, bit15-10: Highest allowed thread prio, bit9-4: Lowest allowed thread prio |
0bxxxxxxxxxxx01111
|
Bit4 | SyscallMask | Bits 29-31: Syscall mask table index; Bits 5-28: Mask |
0bxxxxxxxxx0111111
|
Bit6 | MapIoOrNormalRange | Bits 7-30: Alternating start page and number of pages, bit31: Alternating read-only flag then MemoryAttribute 0x2001/0x42002 selector flag |
0bxxxxxxxx01111111
|
Bit7 | MapNormalPage (RW) | Bits 7-31: Page |
0bxxxx011111111111
|
Bit11 | InterruptPair | Bits 12-21: Irq0, bits 20-31: Irq1, 0x3FF means empty. |
0bxx01111111111111
|
Bit13 | ApplicationType | Bit16-14: ApplicationType, bit16 ignored. Parsed by Process Manager services. |
0bx011111111111111
|
Bit14 | KernelReleaseVersion | Bits 15-X: Version. The raw descriptor is compared with 0x80000, when less than an error is returned. This is equivalent to comparing the bits starting at bit15 with 0x10. This enforces a minimum required version, not a maximum. |
0b0111111111111111
|
Bit15 | HandleTableSize | Bit25-16: Number of handles the table shall fit. |
0b1111111111111111
|
Bit16 | DebugFlags | Bit17: can be debugged, bit18: can debug others |
All ones | Ignored |
Only certain memory ranges are allowed to be mapped via these descriptors.