46
edits
Changes
Jump to navigation
Jump to search
Line 16:
Line 16: − + Line 28:
Line 28: − + Line 36:
Line 36: − + Line 61:
Line 61: − + Line 67:
Line 67: + + − + − + − + + − + Line 88:
Line 91: − + Line 148:
Line 151: − + Line 176:
Line 179: + Line 181:
Line 185: + + + + + Line 201:
Line 210: + Line 206:
Line 216: + Line 211:
Line 222: + Line 216:
Line 228: + Line 221:
Line 234: + Line 226:
Line 240: + Line 231:
Line 246: + Line 236:
Line 252: + Line 241:
Line 258: + Line 246:
Line 264: + Line 251:
Line 270: + Line 256:
Line 276: + Line 266:
Line 287: + Line 271:
Line 293: + Line 276:
Line 299: + Line 281:
Line 305: + Line 286:
Line 311: + Line 291:
Line 317: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 296:
Line 377: − + Line 319:
Line 400: + + Line 325:
Line 408: + + + + Line 360:
Line 447: − + − + + + + + Line 386:
Line 477: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→NATIVE_FIRM: 11.14
| 0x004
| 0x004
| 4
| 4
| Reserved1
| Boot priority (highest value = max prio), this is normally zero.
|-
|-
| 0x008
| 0x008
| 0x010
| 0x010
| 0x030
| 0x030
| Reserved2
| Reserved
|-
|-
| 0x040
| 0x040
| 0x100
| 0x100
| 0x100
| 0x100
| RSA-2048 signature of the FIRM header, using SHA-256. This is only checked when bootrom/Process9 is doing FIRM-launch, not when installing FIRM to the NAND firm0/firm1 partitions.
| RSA-2048 signature of the FIRM header's SHA-256 hash. The signature is checked when bootrom/Process9 are doing FIRM-launch (with the public key being hardcoded in each). The signature is not checked when installing FIRM to the NAND firm0/firm1 partitions.
|}
|}
| 0x00C
| 0x00C
| 4
| 4
| Firmware Type ('0'=ARM9/'1'=ARM11) Process9 doesn't use this field at all.
| Copy-method (0 = NDMA, 1 = XDMA, 2 = CPU mem-copy), Process9 ignores this field. Boot9 doesn't immediately throw an error when this isn't 0..2. In that case it will jump over section-data-loading which then results in the hash verification with the below hash being done with the hash already stored in the SHA hardware.
|-
|-
| 0x010
| 0x010
| SHA-256 Hash of Firmware Section
| SHA-256 Hash of Firmware Section
|}
|}
The contents of individual sections ''may'' be encrypted if the FIRM is not meant to be booted from NAND, i.e. if it is meant to be booted from SPI flash or NTR cartridge. If hash checks fail for all FIRM sections if treated as plaintext, it may be worth trying to check if the sections are encrypted. The encryption is detailed on [[Bootloader#Non-NAND_FIRM_boot|the bootloader page]].
== [[New_3DS]] FIRM ==
== [[New_3DS]] FIRM ==
For New3DS firmwares (NATIVE_FIRM, TWL_FIRM, ..), the ARM9 FIRM binary has an additional layer of crypto. At the end of each ARM9 binary, there's a plaintext loader. The format of the FIRM header is identical to regular 3DS FIRM(the RSA modulo is the same as regular 3DS too).
For New3DS firmwares (NATIVE_FIRM, TWL_FIRM, ..), the ARM9 FIRM binary has an additional layer of crypto. At the end of each ARM9 binary, there's a plaintext loader. The format of the FIRM header is identical to regular 3DS FIRM(the RSA modulo is the same as regular 3DS too).
Before checking 0x10000000 the loader main() does the following:
Before checking [[CONFIG_Registers|CFG_SYSPROT9]] the loader main() does the following:
* On [[9.5.0-22|9.5.0-X]]: executes a nop instruction with r0=0 and r1=<address of arm9binhdr+0x50>.
* On [[9.5.0-22|9.5.0-X]]: executes a nop instruction with r0=0 and r1=<address of arm9binhdr+0x50>.
* Clears bit6 in [[AES_Registers|REG_AESKEYCNT]].
* Clears bit6 in [[AES_Registers|REG_AESKEYCNT]].
If (u8*)0x10000000 bit 1 is clear (which means that this happens only on hard reboots), it does the following things:
If [[CONFIG_Registers#CFG_SYSPROT9|CFG_SYSPROT9]] bit 1 is clear (which means the OTP area is unlocked and so it knows that this is a hard reboot), it does the following things:
* Clears 0x200-bytes on the stack, then reads [[Flash_Filesystem|NAND]] sector 0x96(NAND image offset 0x12C00), with size 0x200-bytes into that stack buffer.
* Clears 0x200-bytes on the stack, then reads [[Flash_Filesystem|NAND]] sector 0x96(NAND image offset 0x12C00), with size 0x200-bytes into that stack buffer.
* Checks u8 0x10000000 bit1 again, if it's set then it executes a panic function(set r0-r2=0, execute nop instruction, then execute instruction "bkpt 0x99"). Hashes data from the OTP region [[IO_Registers|0x10012000-0x10012090]] using SHA256 via the [[SHA_Registers|SHA]] hardware.
* Checks [[CONFIG_Registers#CFG_SYSPROT9|CFG_SYSPROT9]] bit 1 again, if it's set then it executes a panic function(set r0-r2=0, execute nop instruction, then execute instruction "bkpt 0x99").
* Hashes data from the OTP region [[IO_Registers|0x10012000-0x10012090]] using SHA256 via the [[SHA_Registers|SHA]] hardware.
* Clears bit6 in [[AES_Registers|REG_AESKEYCNT]]. Initializes AES keyslot 0x11 keyX, keyY to the lower and higher portion of the above hash, respectively. Due to the above hashed data, the keyX+keyY here are console-unique.
* Clears bit6 in [[AES_Registers|REG_AESKEYCNT]]. Initializes AES keyslot 0x11 keyX, keyY to the lower and higher portion of the above hash, respectively. Due to the above hashed data, the keyX+keyY here are console-unique.
* Decrypts the first 0x10-byte block in the above read NAND sector with keyslot 0x11 using AES-ECB. [[9.6.0-24|9.6.0-X]]: Then it decrypts the 0x10-bytes at offset 0x10 in the sector with keyslot 0x11.
* Decrypts the first 0x10-byte block in the above read NAND sector with keyslot 0x11 using AES-ECB. [[9.6.0-24|9.6.0-X]]: Then it decrypts the 0x10-bytes at offset 0x10 in the sector with keyslot 0x11.
* Then the normalkey, keyX, and keyY, for keyslot 0x11 are cleared to zero. Runs the TWL key-init/etc code which was originally in the ARM9-kernel, then writes 0x2 to [[CONFIG_Registers|REG_SYSPROT9]].
* Then the normalkey, keyX, and keyY, for keyslot 0x11 are cleared to zero. Runs the TWL key-init/etc code which was originally in the ARM9-kernel, then writes 0x2 to [[CONFIG_Registers|CFG_SYSPROT9]] to disable the OTP area.
* Then it uses the above decrypted block from sector+0 to set the normalkey for keyslot 0x11. Decrypts arm9_bin_buf+0 using keyslot 0x11 with AES-ECB, and initialises keyX for keyslot 0x15 with it.
* Then it uses the above decrypted block from sector+0 to set the normalkey for keyslot 0x11. Decrypts arm9_bin_buf+0 using keyslot 0x11 with AES-ECB, and initialises keyX for keyslot 0x15 with it.
* [[9.6.0-24|9.6.0-X]]: Then it uses the above decrypted block from sector+0 to set the normalkey for keyslot 0x11. Decrypts a 0x10-byte block from arm9loader .(ro)data using keyslot 0x11 with AES-ECB, and initializes keyX for keyslot 0x18 with it(same block as previous versions).
* [[9.6.0-24|9.6.0-X]]: Then it uses the above decrypted block from sector+0 to set the normalkey for keyslot 0x11. Decrypts a 0x10-byte block from arm9loader .(ro)data using keyslot 0x11 with AES-ECB, and initializes keyX for keyslot 0x18 with it(same block as previous versions).
* [[9.5.0-22|9.5.0-X]]: The normalkey, keyX, and keyY, for keyslot 0x11 are then cleared to zero.
* [[9.5.0-22|9.5.0-X]]: The normalkey, keyX, and keyY, for keyslot 0x11 are then cleared to zero.
When (u8*)0x10000000 bit 1 is set(which means this happens only when this loader runs again for firm-launch), the normalkey, keyX, and keyY, for keyslot 0x11 are cleared to zero.
When [[CONFIG_Registers#CFG_SYSPROT9|CFG_SYSPROT9]] bit 1 is set(which means this happens only when this loader runs again for firm-launch), the normalkey, keyX, and keyY, for keyslot 0x11 are cleared to zero.
It sets KeyY for keyslot 0x15(0x16 with [[9.5.0-22|9.5.0-X]]) to arm9_bin_buf+16, the CTR to arm9_bin_buf+32 (both are unique for every version). It then proceeds to decrypt the binary with AES-CTR. When done, it sets the normal-key for the keyslot used for binary decryption to zeros. It then decrypts arm9_bin_buf+64 using an hardcoded keyY for keyslot 0x15([[9.5.0-22|9.5.0-X]]/[[9.6.0-24|9.6.0-X]] also uses keyslot 0x15), sets the normal-key for this keyslot to zeros again, then makes sure the output block is all zeroes. If it is, it does some cleanup then it jumps to the entrypoint for the decrypted binary. Otherwise it will clear the keyX, keyY, and normal-key for each of the keyslots initialized by this loader (on [[9.6.0-24|9.6.0-X]]+, on older versions this was bugged and cleared keys 0x00..0x07 instead of 0x18..0x1F), do cleanup(same cleanup as when the decrypted block is all-zero) then just loop forever.
It sets KeyY for keyslot 0x15(0x16 with [[9.5.0-22|9.5.0-X]]) to arm9_bin_buf+16, the CTR to arm9_bin_buf+32 (both are unique for every version). It then proceeds to decrypt the binary with AES-CTR. When done, it sets the normal-key for the keyslot used for binary decryption to zeros. It then decrypts arm9_bin_buf+64 using an hardcoded keyY for keyslot 0x15([[9.5.0-22|9.5.0-X]]/[[9.6.0-24|9.6.0-X]] also uses keyslot 0x15), sets the normal-key for this keyslot to zeros again, then makes sure the output block is all zeroes. If it is, it does some cleanup then it jumps to the entrypoint for the decrypted binary. Otherwise it will clear the keyX, keyY, and normal-key for each of the keyslots initialized by this loader (on [[9.6.0-24|9.6.0-X]]+, on older versions this was bugged and cleared keys 0x00..0x07 instead of 0x18..0x1F), do cleanup(same cleanup as when the decrypted block is all-zero) then just loop forever.
| Added keyX initialization for keyslot 0x16(see above), and added code for clearing keyslot 0x11 immediately after the code finishes using keyslot 0x11. The keyslot used for arm9bin decryption was changed from 0x15 to 0x16. Added code for clearing keyslot 0x16 when control-block decryption fails. Added code for using arm9bin_hdr+0x50 with a nop instruction, at the very beginning of the main arm9-loader function. Added two new 0x10-blocks to the arm9bin-hdr.
| Added keyX initialization for keyslot 0x16(see above), and added code for clearing keyslot 0x11 immediately after the code finishes using keyslot 0x11. The keyslot used for arm9bin decryption was changed from 0x15 to 0x16. Added code for clearing keyslot 0x16 when control-block decryption fails. Added code for using arm9bin_hdr+0x50 with a nop instruction, at the very beginning of the main arm9-loader function. Added two new 0x10-blocks to the arm9bin-hdr.
|-
|-
| [[9.6.0-24|9.6.0-X]] - [[10.0.0-27|10.0.0-X]]
| [[9.6.0-24|9.6.0-X]] - [[11.3.0-36|11.3.0-X]]
| See above and [[9.6.0-24|here]].
| See above and [[9.6.0-24|here]].
|}
|}
! old 3DS hex title contentID
! old 3DS hex title contentID
! Kernel/FIRM version (old 3DS/new 3DS)
! Kernel/FIRM version (old 3DS/new 3DS)
! FIRM ARM11-sysmodule Product Code
|-
|-
| [[Factory_Setup|Factory]] FIRM (titleID 00040001-00000002)
| [[Factory_Setup|Factory]] FIRM (titleID 00040001-00000002)
| 00
| 00
| 2.3-0
| 2.3-0
|-
| Pre-1.0. Referenced in the v1.0 Home Menu NCCH plain-region.
|
|
| 2.23-X
|-
|-
| [[1.0.0-0|1.0.0]]
| [[1.0.0-0|1.0.0]]
| 0B
| 0B
| 2.30-18
| 2.30-18
| 0608builder
|-
|-
| [[2.2.0-X|2.2.0]]
| [[2.2.0-X|2.2.0]]
| 0F
| 0F
| 2.31-40
| 2.31-40
| 0909builder
|-
|-
| [[3.0.0-5|3.0.0]]
| [[3.0.0-5|3.0.0]]
| 18
| 18
| 2.32-15
| 2.32-15
| 1128builder
|-
|-
| [[4.0.0-7|4.0.0]]
| [[4.0.0-7|4.0.0]]
| 1D
| 1D
| 2.33-4
| 2.33-4
| 0406builder
|-
|-
| [[4.1.0-8|4.1.0]]
| [[4.1.0-8|4.1.0]]
| 1F
| 1F
| 2.34-0
| 2.34-0
| 0508builder
|-
|-
| [[5.0.0-11|5.0.0]]
| [[5.0.0-11|5.0.0]]
| 25
| 25
| 2.35-6
| 2.35-6
| 0228builder
|-
|-
| [[5.1.0-11|5.1.0]]
| [[5.1.0-11|5.1.0]]
| 26
| 26
| 2.36-0
| 2.36-0
| 0401builder
|-
|-
| [[6.0.0-11|6.0.0]]
| [[6.0.0-11|6.0.0]]
| 29
| 29
| 2.37-0
| 2.37-0
| 0520builder
|-
|-
| [[6.1.0-11|6.1.0]]
| [[6.1.0-11|6.1.0]]
| 2A
| 2A
| 2.38-0
| 2.38-0
| 0625builder
|-
|-
| [[7.0.0-13|7.0.0]]
| [[7.0.0-13|7.0.0]]
| 2E
| 2E
| 2.39-4
| 2.39-4
| 1125builder
|-
|-
| [[7.2.0-17|7.2.0]]
| [[7.2.0-17|7.2.0]]
| 30
| 30
| 2.40-0
| 2.40-0
| 0404builder
|-
|-
| [[8.0.0-18|8.0.0]]
| [[8.0.0-18|8.0.0]]
| 37
| 37
| 2.44-6
| 2.44-6
| 0701builder
|-
|-
| [[8.1.0-0_New3DS]]
| [[8.1.0-0_New3DS]]
| 38
| 38
| 2.46-0
| 2.46-0
| 0828builder
|-
|-
| [[9.3.0-21|9.3.0]]
| [[9.3.0-21|9.3.0]]
| 3F
| 3F
| 2.48-3
| 2.48-3
| 1125builder
|-
|-
| [[9.5.0-22|9.5.0]]
| [[9.5.0-22|9.5.0]]
| 40
| 40
| 2.49-0
| 2.49-0
| 0126builder
|-
|-
| [[9.6.0-24|9.6.0]]
| [[9.6.0-24|9.6.0]]
| 49
| 49
| 2.50-1
| 2.50-1
| 0311builder
|-
|-
| [[10.0.0-27|10.0.0]]
| [[10.0.0-27|10.0.0]]
| 4B
| 4B
| 2.50-7
| 2.50-7
| 0812builder
|-
|-
| [[10.2.0-28|10.2.0]]
| [[10.2.0-28|10.2.0]]
| 4C
| 4C
| 2.50-9
| 2.50-9
| 1009builder
|-
| [[10.4.0-29|10.4.0]]
| v23341
| 50
| 2.50-11
| 1224builder
|-
| [[11.0.0-33|11.0.0]]
| v24368
| 52
| 2.51-0
| 0406builder
|-
| [[11.1.0-34|11.1.0]]
| v25396
| 56
| 2.51-2
| 0805builder
|-
| [[11.2.0-35|11.2.0]]
| v26432
| 58
| 2.52-0
| 1015builder
|-
| [[11.3.0-36|11.3.0]]
| v27476
| 5C
| 2.53-0
| 0126builder
|-
| [[11.4.0-37|11.4.0]]
| v28512
| 5E
| 2.54-0
| 0314builder
|-
| [[11.8.0-41|11.8.0]]
| v29557
| 64
| 2.55-0
| 0710pseg-ciuser
|-
| [[11.12.0-44|11.12.0]]
| v30593
| 66
| 2.56-0
| 1021pseg-ciuser
|-
| [[11.14.0-46|11.14.0]]
| v31633
| 69
| 2.57-0
| 0929pseg-ciuser
|}
|}
=== SAFE_MODE_FIRM ===
=== SAFE_MODE_FIRM ===
SAFE_MODE is used for running the [[System_Settings#System_Updater|System Updater]]. SAFE_MODE_FIRM and NATIVE_FIRM for the initial versions are exactly the same, except for the system core version fields.
SAFE_MODE is used for running the [[System_Settings#System_Updater|System Updater]]. SAFE_MODE_FIRM and NATIVE_FIRM for the initial versions are exactly the same, except for the system core version fields. Kernel/FIRM versions for SAFE_MODE_FIRM are: (old3ds) v432 = 3.27-0, v5632 = 3.32-0, (new3ds) v16081 = 3.45-3.
=== TWL_FIRM ===
=== TWL_FIRM ===
== FIRM Launch Parameters ==
== FIRM Launch Parameters ==
The FIRM-launch parameters structure is located at FCRAM+0, size 0x1000-bytes. The ARM11-kernel copies this structure elsewhere, then clears the 0x1000-bytes at FCRAM+0. It will not handle an existing structure at FCRAM+0 if [[CONFIG Registers#CFG_BOOTENV|CFG_BOOTENV]] is zero. The ARM9 kernel [[Configuration_Memory#0x1FF80016|writes some values]] about the boot environment to AXI WRAM during init to enable this.
The FIRM-launch parameters structure is located at FCRAM+0, size 0x1000-bytes. The ARM11-kernel copies this structure elsewhere, then clears the 0x1000-bytes at FCRAM+0. It will not handle an existing structure at FCRAM+0 if [[CONFIG Registers#CFG_BOOTENV|CFG_BOOTENV]] is zero. The ARM9 kernel [[Configuration_Memory#0x1FF80016|writes some values]] about the boot environment to AXI WRAM during init to enable this.
Note: it seems NATIVE_FIRM ARM11-kernel didn't parse this during boot until [[3.0.0-5|3.0.0-X]]?
{| class="wikitable" border="1"
{| class="wikitable" border="1"
! SIZE
! SIZE
! DESCRIPTION
! DESCRIPTION
|-
| 0x300
| 0x100
| 'TLNC' block created by TWL applications, handled by NS for backwards-compatibility purposes. See [[NS#Auto-boot|here]] for more info.
|-
|-
| 0x400
| 0x400
| 0x4A0
| 0x4A0
| 0x10
| 0x10
| This can be set by [[NSS:SetFIRMParams4A0]].
| This can be set by [[NSS:SetWirelessRebootInfo]].
|-
|-
| 0x4B0
| 0x4B0
| 0x14
| 0x14
| SHA1-HMAC of the banner for TWL/NTR titles. This can be set by [[NSS:SetFIRMParams4B0]].
| SHA1-HMAC of the banner for TWL/NTR titles. This can be set by [[NSS:SetTWLBannerHMAC]].
|-
|-
| 0x500
| 0x500
| 0x40
| 0x40
| This is used by [[APT:LoadSysMenuArg]] and [[APT:StoreSysMenuArg]].
| This is used by [[APT:LoadSysMenuArg]] and [[APT:StoreSysMenuArg]].
|-
| 0xD70
| 0x290
| [[Config Savegame|Config]] data struct for LGY FIRM.
|}
|}
| Setting bit0 here enables overriding the FIRM_* fields in [[Configuration_Memory]].
| Setting bit0 here enables overriding the FIRM_* fields in [[Configuration_Memory]].
|}
|}
[[Config Savegame|Config]] struct for booting LGY FIRMs from offset 0xD70:
{| class="wikitable" border="1"
|-
! OFFSET
! SIZE
! DESCRIPTION
|-
| 0x0
| 0x1
| Config block 0x30000.
|-
| 0x1
| 0x1
| Config block 0x70001.
|-
| 0x2
| 0x1
| System language (Config block 0xA0002).
|-
| 0x3
| 0x1
| [[Cfg:SecureInfoGetRegion|Region from SecureInfo]] ("pseudo-block" 0x140000 in LGY FIRM).
|-
| 0x4
| 0xF
| [[CfgS:SecureInfoGetSerialNo|Serial number from SecureInfo]] ("pseudo-block" 0x140001 in LGY FIRM).
|-
| 0x13
| 0x1
| Config block 0x100002.
|-
| 0x14
| 0x10
| Config block 0x100003.
|-
| 0x24
| 0x2
| Config block 0x100000.
|-
| 0x26
| 0x1
| Cleared to zero.
|-
| 0x27
| 0x1
| Cleared to zero.
|-
| 0x28
| 0x94
| Config block 0x100001.
|-
| 0xBC
| 0x2
| Config block 0x50000.
|-
| 0xBE
| 0x2
| Config block 0x50001.
|-
| 0xC0
| 0x38
| Config block 0x50002.
|-
| 0xF8
| 0x20
| Config block 0x50004.
|-
| 0x118
| 0x134
| Config block 0x20000.
|-
| 0x24C
| 0x10
| Config block 0x40000.
|-
| 0x25C
| 0x1C
| Config block 0x40001.
|-
| 0x278
| 0x4
| Cleared to zero.
|-
| 0x27C
| 0x4
| Cleared to zero.
|-
| 0x280
| 0x8
| Config block 0x30001.
|-
| 0x288
| 0x2
| CRC16 over the above fields from offset 0x0, size 0x288. If not valid, LGY FIRM uses dummy data from .(ro)data.
|-
| 0x28A
| 0x2
| If non-zero, the size (below) is hardcoded (currently) to value 0x288, otherwise the size field below is used.
|-
| 0x28C
| 0x4
| Value 0x288 (size used for verifying the CRC16).
|}
"Cleared to zero" fields above are not read at all by LGY FIRM.