Difference between revisions of "2.1.0"
Jump to navigation
Jump to search
(Add navbox) |
|||
| Line 156: | Line 156: | ||
{3 funcs with the same changes as L_6f0cf92d8} | {3 funcs with the same changes as L_6f0cf92d8} | ||
| + | |||
| + | {{NavboxVersions}} | ||
Revision as of 02:14, 28 July 2017
The 2.1.0 system update was released on March 27, 2017. This update was released for all regions.
Security flaws fixed: yes.
Change-log
This is the official changelog from Nintendo regarding this update:
Improvements Included in Version 2.1.0
- General system stability improvements to enhance the user's experience
System Titles
Exactly the following titles were updated:
- The following sysmodules were updated:
- nifm
- ptm
- hid
- wlan
- nvservices
- nvnflinger
- ns
- am
- nim
- erpt
- pctl
- eupld
- fatal
- creport
- The only updated 01000000000008XX titles are: shareddata, 0100000000000816, FIRM-packages(see below), and System_Version_Title.
- The only updated 01000000000010XX titles are: "System applet", 0100000000001008, 010000000000100A, ShopN, 010000000000100F, Whitelisted-applet, and WifiWebAuthApplet.
Browser
A browser vuln was fixed, see also here for v2.1 browser details.
FIRM Packages
The only changes in titles 0100000000000819 and 010000000000081A was that "/nx/package2" in the FS were updated. 010000000000081B firm was also updated.
819:
Kernel was not changed.
Sysmodules:
- All 3 codebin sections in the following sysmodules were updated: boot, FS, Loader, and NCM. Offset of the RW section for FS increased by 0x1000.
- For ProcessMana and sm, only the RO section changed. The only change was the builid hash at the very end of the section, following the "GNU" string.
- spl wasn't updated.
NS-sysmodule
The NS-sysmodule was updated. 4 new funcs were added and 29 funcs were updated.
The ASLR'd codebin base(rtld+0) for the below addrs is 0x6f0c00000. For "prev ver" it's 0x5381800000.
L_6f0c26f84
new func.
called via vtable funcptr.
return L_6f0c2814c(inx0+8, inx1, w2=0xd9) & 0xffffffff;
L_6f0c2814c
inx0=_this inx1=0x40-byte outbuf copied from cmdreply inw2=cmdid
new func.
Sends an ipc cmd, service unknown.
only called by L_6f0c26f84.
L_6f0c373f4
updated, prev ver @ L_5381837284.
For the func call executed from the first branch(L_6f0c377e8()), x1 and x2 are now set: x1 = *(0x6f0d9d000+0xfc0)+0x90, x2 = 0x6f0d44000+0xb36("ncm")
L_6f0c377e8
updated, prev ver @ L_5381837640.
Basically, instead of hard-coded inputs for various stuff, code now loads those using the additional input params.
L_6f0c378b4
updated, prev ver @ L_538183771c.
ipc related func.
After the first func call, instead of "if(inx0==0 || ret^1)return;" this now just does "if(ret==0)return;" and "objptr = *(inx0+32);" afterwards.
The code at the end was replaced with code for calling a vtable funcptr from the objptr.
L_6f0c379fc
updated, prev ver @ L_5381837874.
Instead of writing 0 to sp8, this now writes *(inx0+32) there.
L_6f0c37a94
updated, prev ver @ L_5381837904.
Same change as L_6f0c379fc.
L_6f0c37bf8
updated, prev ver @ L_5381837a60.
Loads stuff from input instead of hard-coding basically.
{3 funcs with same changes as elsewhere}
L_6f0c3a5f8
updated, prev ver @ L_538183a480.
Calls a different func and calls another func.
L_6f0c3b644
updated, prev ver @ L_538183b494.
Error-related(?) code changed.
L_6f0c400dc
updated, prev ver @ L_538183ff24.
A bunch of func calls were added after the bne.
L_6f0c47590
updated, prev ver @ L_5381847394.
An additional check was added at 6f0c47748.
Some code at the end of the func was adjusted.
L_6f0c49848
updated, prev ver @ L_5381849650.
Some sort of error(?) parsing func.
L_6f0c51f44
updated, prev ver @ L_5381851d2c.
w7 passed to L_6f0c3a83c() with both calls is now value 7 instead of 0.
This also now calls L_6f0c3af70() when the retval from the previous func-call is zero.
{3 error(?) parsing funcs which were updated}
L_6f0c593ac
updated, prev ver @ L_5381859114.
Code was added inbetween the last func-call and the memwrite after that.
L_6f0c5a528
updated, prev ver @ L_538185a254
Code was added at 0x6f0c5a6d4(prev 0x538185a400): L_6f0c67938(inx0+0xf0, 0, 0); u8 *(inx0+0x110) = 0;
L_6f0c60d60
updated, prev ver @ L_5381860a78.
Code was updated starting at 0x6f0c61190(prev 0x5381860ea8). An additional param is passed to the snprintf call as well.
Some code was added at the end before the last branch.
L_6f0c61ebc
updated, prev ver @ L_5381861b5c.
Code was added at 0x6f0c61f24(prev 0x5381861bc4).
L_6f0cf7914
new func.
called via vtable funcptr.
L_6f0cf7948
new func.
called via vtable funcptr.
L_6f0cf7d24
updated, prev ver @ L_53818f7940.
Code was added at 0x6f0cf7ec4(prev 0x53818f7b00). "L_6f0c6798c(x21); w28 = u8 *(x19+0xf0); L_6f0c67a78(x21); <branch if w28!=0> if(u16 *(x26+16) <= x22)<branch to assert>"
The code at 0x6f0cf7fac(prev 0x53818f7bc8) now sets w8 to 0x15 instead of 0x13(likewise for the same instruction after the branch).
...
L_6f0cf8190
updated, prev ver @ L_53818f7d2c.
Some flag is determined differently now.
L_6f0cf92d8
updated, prev ver @ L_53818f8e7c.
Added a call to L_6f0c67984 after the memwrite.
{3 funcs with the same changes as L_6f0cf92d8}
| Nintendo Switch System Versions | |
|---|---|
| 1.0.0 | |
| 2.0.0 • 2.1.0 • 2.2.0 • 2.3.0 | |
| 3.0.0 • 3.0.1 • 3.0.2 | |
| 4.0.0 • 4.0.1 • 4.1.0 | |
| 5.0.0 • 5.0.1 • 5.0.2 • 5.1.0 | |
| 6.0.0 • 6.0.1 • 6.1.0 • 6.2.0 | |
| 7.0.0 • 7.0.1 | |
| 8.0.0 • 8.0.1 • 8.1.0 • 8.1.1 | |
| 9.0.0 • 9.0.1 • 9.1.0 • 9.2.0 | |
| 10.0.0 • 10.0.1 • 10.0.2 • 10.0.3 • 10.0.4 • 10.1.0 • 10.1.1 • 10.2.0 | |
| 11.0.0 • 11.0.1 | |
| 12.0.0 • 12.0.1 • 12.0.2 • 12.0.3 • 12.1.0 | |
| 13.0.0 • 13.1.0 • 13.2.0 • 13.2.1 | |
| 14.0.0 • 14.1.0 • 14.1.1 • 14.1.2 | |
| 15.0.0 • 15.0.1 | |
| 16.0.0 • 16.0.1 • 16.0.2 • 16.0.3 • 16.1.0 | |
| 17.0.0 • 17.0.1 | |
| 18.0.0 • 18.0.1 | |