2,781
edits
Changes
Jump to navigation
Jump to search
Line 12:
Line 12: − + Line 40:
Line 40: − + Line 64:
Line 64: − + − + − + − + + + + + + + + + Line 92:
Line 100: − + − + − + − + Line 124:
Line 132: + + + + + + + Line 130:
Line 145: + + Line 135:
Line 152: − + − + − + − + − + − + − + − Kernel internal process? − − + − + − + − + − + − + − + − + − + + + + + + + + + + + + + − + − + + + + + + + + + + + + + + + + + + + + + − + − + + + + + − + − + − | KernelCaps+ − + − + − + − + − + − + − + − | CompressedSize+ − |- − | 0xC − | u32 − + + − + Line 229:
Line 278: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→Header
| 0x0
| 0x0
| 0x100
| 0x100
| RSA-2048 signature
| [[#Public Keys|RSA-2048]] signature (PKCS#1 v2.1 RSASSA-PSS-VERIFY with SHA256)
|-
|-
| 0x100
| 0x100
| 0x0
| 0x0
| 0x10
| 0x10
| Decrypted header's CTR
| Header's CTR, official code copies the pre-decryption CTR over the decrypted result. Also used as metadata.
|-
|-
| 0x10
| 0x10
| 0x54
| 0x54
| 0x4
| 0x4
| Unknown
| Base offset
|-
|-
| 0x58
| 0x58
| 0x4
| 0x4
| Unknown
| Always 0
|-
|-
| 0x5C
| 0x5C
| 0x4
| 0x1
| Unknown
| Package2 version. Must be >= {minimum valid package2 version} constant in TZ.
|-
| 0x5D
| 0x1
| Bootloader version. Must be <= {current bootloader version} constant in TZ.
|-
| 0x5E
| 0x2
| Padding
|-
|-
| 0x60
| 0x60
| 0x70
| 0x70
| 0x4
| 0x4
| Unknown
| Section 0 offset
|-
|-
| 0x74
| 0x74
| 0x4
| 0x4
| Unknown
| Section 1 offset
|-
|-
| 0x78
| 0x78
| 0x4
| 0x4
| Unknown
| Section 2 offset
|-
|-
| 0x7C
| 0x7C
| 0x4
| 0x4
| Unknown
| Section 3 offset
|-
|-
| 0x80
| 0x80
Each section follows each other immediately and is encrypted with the same key used for encrypting the header.
Each section follows each other immediately and is encrypted with the same key used for encrypting the header.
The section offsets are relative to a base, which is typically 0x80000000 pointing to the base of DRAM.
Before being decrypted, the encrypted header's CTR additionally encodes metadata used to validate package2's contents as follows:
* Size of the entire package2 with the raw header = ctr_word2 ^ ctr_word3 ^ ctr_word0
* Key generation = ((ctr_word1 ^ (ctr_word1 >> 16)) & 0xFF) ^ (ctr_word1 >> 24)
In [4.0.0], the key generation must be less or equal to 4.
== Section 0 ==
== Section 0 ==
== Section 1 ==
== Section 1 ==
When decrypted, this section contains the built-in system modules encapsulated in a custom format.
When decrypted, this section contains the built-in system modules encapsulated in a custom format.
Note: On firmware [[8.0.0]] INI1 is contained within the Kernel and section 1 is empty with NULL SHA256 to match.
=== INI1 ===
=== INI1 ===
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| Magic "INI1"
| Magic "INI1"
|-
|-
| 0x4
| 0x4
| u32
| 0x4
| Size
| Size
|-
|-
| 0x8
| 0x8
| u32
| 0x4
| NumberProcesses
| Number of KIPs (Must be lower than 0x51)
|-
|-
| 0xC
| 0xC
| u32
| 0x4
| Zero
| Reserved
|}
|}
==== KIP1 ====
==== KIP1 ====
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| Magic "KIP1"
| Magic "KIP1"
|-
|-
| 0x4
| 0x4
| char[12]
| 0xC
| Name
| Name
|-
|-
| 0x10
| 0x10
| u64
| 0x8
| TitleId
| Program ID
|-
|-
| 0x18
| 0x18
| u32
| 0x4
|
| Version
|-
|-
| 0x1C
| 0x1C
| u32
| 0x1
| Flags / etc. Byte3 bit0-2: compression-enable for each section, when set.
| Main Thread Priority
|-
| 0x1D
| 0x1
| Main Thread Core Number
|-
| 0x1E
| 0x1
| Reserved
|-
| 0x1F
| 0x1
| Flags (bit0=TextCompress, bit1=RoCompress, bit2=DataCompress, bit3=Is64BitInstruction, bit4=ProcessAddressSpace64Bit, bit5=[2.0.0+] UseSecureMemory)
|-
|-
| 0x20
| 0x20
| [[#SectionHeader]][3]
| 0xC
| Sections
| Text [[#Segment_Header|Segment Header]]
|-
| 0x2C
| 0x4
| Main Thread Affinity Mask
|-
| 0x30
| 0xC
| Ro [[#Segment_Header|Segment Header]]
|-
| 0x3C
| 0x4
| Main Thread Stack Size
|-
| 0x40
| 0xC
| Data [[#Segment_Header|Segment Header]]
|-
| 0x4C
| 0x4
| Reserved
|-
|-
| 0x50
| 0x50
| char[0x20]
| 0xC
| Padding
| Bss [[#Segment_Header|Segment Header]]
|-
| 0x5C
| 0x24
| Reserved (2 unused [[#Segment_Header|Segment Headers]])
|-
|-
| 0x70
| 0x80
| u64[0x20]
| 0x80
| [[NPDM#KernelCapability|Kernel Capability Data]]
|}
|}
===== SectionHeader =====
===== Segment Header =====
{| class="wikitable" border="1"
{| class="wikitable" border="1"
|-
|-
! Offset
! Offset
! Type
! Size
! Description
! Description
|-
|-
| 0x0
| 0x0
| u32
| 0x4
| OutOffset
| Offset
|-
|-
| 0x4
| 0x4
| u32
| 0x4
| DecompressedSize
| Size
|-
|-
| 0x8
| 0x8
| u32
| 0x4
| Compressed/Binary Size
|
|}
|}
Compressed/Binary size can be 0 or lower than expected, this is the case for BSS for example.
===== Compression =====
===== Compression =====
The compression used here is BLZ, with a modified footer since 3ds. The footer is now 0xC bytes instead of 0x8, and has the form u32 compressed_data_len; u32 initial_index; u32 additional_len_when_uncompressed;
The compression used here is BLZ, with a modified footer since 3ds. The footer is now 0xC bytes instead of 0x8, and has the form u32 compressed_data_len; u32 footer_size; u32 additional_len_when_uncompressed;
== Section 2 ==
== Section 2 ==
== Section 3 ==
== Section 3 ==
This section is not present (CTR and SHA-256 hash in package2's header are NULL). Likely reserved for future expansion.
This section is not present (CTR and SHA-256 hash in package2's header are NULL). Likely reserved for future expansion.
= Versions =
{| class="wikitable" border="1"
|-
! System version
! Bootloader current version
! Package2 minimum valid version
|-
| [[1.0.0]]
| 0x1
| 0x4
|-
| [[2.0.0]]
| 0x2
| 0x5
|-
| [[3.0.0]]
| 0x3
| 0x6
|-
| [[3.0.2]]
| 0x4
| 0x7
|-
| [[4.0.0]]
| 0x5
| 0x8
|-
| [[5.0.0]]
| 0x6
| 0x9
|-
| [[6.0.0]]
| 0x7
| 0xA
|-
| [[6.2.0]]
| 0x8
| 0xB
|-
| [[7.0.0]]
| 0x9
| 0xC
|-
| [[8.1.0]]
| 0xA
| 0xD
|-
| [[9.0.0]]
| 0xB
| 0xE
|-
| [[9.1.0]]
| 0xC
| 0xF
|-
| [[10.0.0]]
| 0xD
| 0x10
|}
= Public Keys =
=== Exponent ===
0x10001
=== Retail Modulus ===
8D 13 A7 77 6A E5 DC C0 3B 25 D0 58 E4 20 69 59
55 4B AB 70 40 08 28 07 A8 A7 FD 0F 31 2E 11 FE
47 A0 F9 9D DF 80 DB 86 5A 27 89 CD 97 6C 85 C5
6C 39 7F 41 F2 FF 24 20 C3 95 A6 F7 9D 4A 45 74
8B 5D 28 8A C6 99 35 68 85 A5 64 32 80 9F D3 48
39 A2 1D 24 67 69 DF 75 AC 12 B5 BD C3 29 90 BE
37 E4 A0 80 9A BE 36 BF 1F 2C AB 2B AD F5 97 32
9A 42 9D 09 8B 08 F0 63 47 A3 E9 1B 36 D8 2D 8A
D7 E1 54 11 95 E4 45 88 69 8A 2B 35 CE D0 A5 0B
D5 5D AC DB AF 11 4D CA B8 1E E7 01 9E F4 46 A3
8A 94 6D 76 BD 8A C8 3B D2 31 58 0C 79 A8 26 E9
D1 79 9C CB D4 2B 6A 4F C6 CC CF 90 A7 B9 98 47
FD FA 4C 6C 6F 81 87 3B CA B8 50 F6 3E 39 5D 4D
97 3F 0F 35 39 53 FB FA CD AB A8 7A 62 9A 3F F2
09 27 96 3F 07 9A 91 F7 16 BF C6 3A 82 5A 4B CF
49 50 95 8C 55 80 7E 39 B1 48 05 1E 21 C7 24 4F
=== Debug Modulus ===
B3 65 54 FB 0A B0 1E 85 A7 F6 CF 91 8E BA 96 99
0D 8B 91 69 2A EE 01 20 4F 34 5C 2C 4F 4E 37 C7
F1 0B D4 CD A1 7F 93 F1 33 59 CE B1 E9 DD 26 E6
F3 BB 77 87 46 7A D6 4E 47 4A D1 41 B7 79 4A 38
06 6E CF 61 8F CD C1 40 0B FA 26 DC C0 34 51 83
D9 3B 11 54 3B 96 27 32 9A 95 BE 1E 68 11 50 A0
6B 10 A8 83 8B F5 FC BC 90 84 7A 5A 5C 43 52 E6
C8 26 E9 FE 06 A0 8B 53 0F AF 1E C4 1C 0B CF 50
1A A4 F3 5C FB F0 97 E4 DE 32 0A 9F E3 5A AA B7
44 7F 5C 33 60 B9 0F 22 2D 33 2A E9 69 79 31 42
8F E4 3A 13 8B E7 26 BD 08 87 6C A6 F2 73 F6 8E
A7 F2 FE FB 6C 28 66 0D BD D7 EB 42 A8 78 E6 B8
6B AE C7 A9 E2 40 6E 89 20 82 25 8E 3C 6A 60 D7
F3 56 8E EC 8D 51 8A 63 3C 04 78 23 0E 90 0C B4
E7 86 3B 4F 8E 13 09 47 32 0E 04 B8 4D 5B B0 46
71 B0 5C F4 AD 63 4F C5 E2 AC 1E C4 33 96 09 7B