Changes

2,649 bytes added , 02:27, 17 March 2023

→‎NATIVE_FIRM: fix 11.16, never try to type your self...

Line 67: Line 67:

| SHA-256 Hash of Firmware Section

|}

+

The contents of individual sections ''may'' be encrypted if the FIRM is not meant to be booted from NAND, i.e. if it is meant to be booted from SPI flash or NTR cartridge. If hash checks fail for all FIRM sections if treated as plaintext, it may be worth trying to check if the sections are encrypted. The encryption is detailed on [[Bootloader#Non-NAND_FIRM_boot|the bootloader page]].

== [[New_3DS]] FIRM ==

Line 149: Line 151:

| Added keyX initialization for keyslot 0x16(see above), and added code for clearing keyslot 0x11 immediately after the code finishes using keyslot 0x11. The keyslot used for arm9bin decryption was changed from 0x15 to 0x16. Added code for clearing keyslot 0x16 when control-block decryption fails. Added code for using arm9bin_hdr+0x50 with a nop instruction, at the very beginning of the main arm9-loader function. Added two new 0x10-blocks to the arm9bin-hdr.

|-

−

| [[9.6.0-24|9.6.0-X]] - [[11.2.0-35|11.2.0-X]]

+

| [[9.6.0-24|9.6.0-X]] - [[11.3.0-36|11.3.0-X]]

| See above and [[9.6.0-24|here]].

|}

Line 177: Line 179:

! old 3DS hex title contentID

! Kernel/FIRM version (old 3DS/new 3DS)

+

! FIRM ARM11-sysmodule Product Code

|-

| [[Factory_Setup|Factory]] FIRM (titleID 00040001-00000002)

Line 207: Line 210:

| 0B

| 2.30-18

+

| 0608builder

|-

| [[2.2.0-X|2.2.0]]

Line 212: Line 216:

| 0F

| 2.31-40

+

| 0909builder

|-

| [[3.0.0-5|3.0.0]]

Line 217: Line 222:

| 18

| 2.32-15

+

| 1128builder

|-

| [[4.0.0-7|4.0.0]]

Line 222: Line 228:

| 1D

| 2.33-4

+

| 0406builder

|-

| [[4.1.0-8|4.1.0]]

Line 227: Line 234:

| 1F

| 2.34-0

+

| 0508builder

|-

| [[5.0.0-11|5.0.0]]

Line 232: Line 240:

| 25

| 2.35-6

+

| 0228builder

|-

| [[5.1.0-11|5.1.0]]

Line 237: Line 246:

| 26

| 2.36-0

+

| 0401builder

|-

| [[6.0.0-11|6.0.0]]

Line 242: Line 252:

| 29

| 2.37-0

+

| 0520builder

|-

| [[6.1.0-11|6.1.0]]

Line 247: Line 258:

| 2A

| 2.38-0

+

| 0625builder

|-

| [[7.0.0-13|7.0.0]]

Line 252: Line 264:

| 2E

| 2.39-4

+

| 1125builder

|-

| [[7.2.0-17|7.2.0]]

Line 257: Line 270:

| 30

| 2.40-0

+

| 0404builder

|-

| [[8.0.0-18|8.0.0]]

Line 262: Line 276:

| 37

| 2.44-6

+

| 0701builder

|-

| [[8.1.0-0_New3DS]]

Line 272: Line 287:

| 38

| 2.46-0

+

| 0828builder

|-

| [[9.3.0-21|9.3.0]]

Line 277: Line 293:

| 3F

| 2.48-3

+

| 1125builder

|-

| [[9.5.0-22|9.5.0]]

Line 282: Line 299:

| 40

| 2.49-0

+

| 0126builder

|-

| [[9.6.0-24|9.6.0]]

Line 287: Line 305:

| 49

| 2.50-1

+

| 0311builder

|-

| [[10.0.0-27|10.0.0]]

Line 292: Line 311:

| 4B

| 2.50-7

+

| 0812builder

|-

| [[10.2.0-28|10.2.0]]

Line 297: Line 317:

| 4C

| 2.50-9

+

| 1009builder

|-

| [[10.4.0-29|10.4.0]]

Line 302: Line 323:

| 50

| 2.50-11

+

| 1224builder

|-

| [[11.0.0-33|11.0.0]]

Line 307: Line 329:

| 52

| 2.51-0

+

| 0406builder

|-

| [[11.1.0-34|11.1.0]]

Line 312: Line 335:

| 56

| 2.51-2

+

| 0805builder

|-

| [[11.2.0-35|11.2.0]]

Line 317: Line 341:

| 58

| 2.52-0

+

| 1015builder

|-

| [[11.3.0-36|11.3.0]]

Line 322: Line 347:

| 5C

| 2.53-0

+

| 0126builder

+

|-

+

| [[11.4.0-37|11.4.0]]

+

| v28512

+

| 5E

+

| 2.54-0

+

| 0314builder

+

|-

+

| [[11.8.0-41|11.8.0]]

+

| v29557

+

| 64

+

| 2.55-0

+

| 0710pseg-ciuser

+

|-

+

| [[11.12.0-44|11.12.0]]

+

| v30593

+

| 66

+

| 2.56-0

+

| 1021pseg-ciuser

+

|-

+

| [[11.14.0-46|11.14.0]]

+

| v31633

+

| 69

+

| 2.57-0

+

| 0929pseg-ciuser

+

|-

+

| [[11.16.0-48|11.16.0]]

+

| v32673

+

| 6C

+

| 2.58-0

+

| 0701pseg-ciuser

|}

Line 327: Line 383:

=== SAFE_MODE_FIRM ===

−

SAFE_MODE is used for running the [[System_Settings#System_Updater|System Updater]]. SAFE_MODE_FIRM and NATIVE_FIRM for the initial versions are exactly the same, except for the system core version fields.

+

SAFE_MODE is used for running the [[System_Settings#System_Updater|System Updater]]. SAFE_MODE_FIRM and NATIVE_FIRM for the initial versions are exactly the same, except for the system core version fields. Kernel/FIRM versions for SAFE_MODE_FIRM are: (old3ds) v432 = 3.27-0, v5632 = 3.32-0, (new3ds) v16081 = 3.45-3.

=== TWL_FIRM ===

Line 358: Line 414:

! SIZE

! DESCRIPTION

+

|-

+

| 0x000

+

| 0x300

+

| TWL auto-load parameters, passed as-is onto the new title. NS will only read the oldTitleId field from it and add it to the TWL title list if it's a CTR titleId

|-

| 0x300

Line 406: Line 466:

| 0x40

| This is used by [[APT:LoadSysMenuArg]] and [[APT:StoreSysMenuArg]].

+

|-

+

| 0xD50

+

| 0x20

+

| Atheros WiFi configuration struct

|-

| 0xD70

Line 426: Line 490:

| 0x3

| Setting bit0 here enables overriding the FIRM_* fields in [[Configuration_Memory]].

+

|}

+

Atheros WiFi configuration struct for booting TWL_FIRM, from offset 0xD50. This struct is copied directly to 0x20005E0 in DSi memory. Since DSi cartridge ROMs include SDIO drivers for the wireless card and can't be updated, this structure allows interoperability between the original DSi wireless cards (AR6002/DWM-W015 and AR6013/DWM-W024) as well as the 3DS's AR6014/DWM-W028.

+

{| class="wikitable" border="1"

+

|-

+

! OFFSET

+

! SIZE

+

! DESCRIPTION

+

|-

+

| 0x0

+

| 0x1

+

| WiFi Board Type (1=DWM-W015, 2=DWM-W024, 3=DWM-W028; 0x03 on 3DS)

+

|-

+

| 0x1

+

| 0x1

+

| Unknown (0x00)

+

|-

+

| 0x2

+

| 0x2

+

| CRC16 from 0x4 to 0x20 (0x1C bytes)

+

|-

+

| 0x4

+

| 0x4

+

| Atheros RAM Vars/Host Interest address (0x520000 on 3DS)

+

|-

+

| 0x8

+

| 0x4

+

| Atheros RAM base (0x520000 on 3DS)

+

|-

+

| 0xC

+

| 0x4

+

| Atheros RAM size (0x20000 on 3DS)

+

|-

+

| 0x10

+

| 0x10

+

| Unknown (Zeroed)

|}

Line 437: Line 537:

| 0x0

| 0x1

−

| ~~Config~~ block 0x30000.

+

| RTC compensation value (config block 0x30000).

|-

| 0x1

−

| ~~Config~~ block 0x70001.

+

| Sound output mode (config block 0x70001).

|-

| 0x2

| 0x1

−

| System language (~~Config~~ block 0xA0002).

+

| System language (config block 0xA0002).

|-

| 0x3

Line 457: Line 557:

| 0x13

| 0x1

−

| ~~Config~~ block 0x100002.

+

| TWL country code (config block 0x100002).

|-

| 0x14

| 0x10

−

| ~~Config~~ block 0x100003.

+

| TWL "movable" UID, used for DSiWare exports (config block 0x100003).

|-

| 0x24

| 0x2

−

| ~~Config~~ block 0x100000.

+

| TWL EULA info (config block 0x100000).

|-

| 0x26

Line 477: Line 577:

| 0x28

| 0x94

−

| ~~Config~~ block 0x100001.

+

| TWL parental control data (config block 0x100001).

|-

| 0xBC

| 0x2

−

| ~~Config~~ block 0x50000.

+

| LCD flicker calibration data (config block 0x50000).

|-

| 0xBE

| 0x2

−

| ~~Config~~ block 0x50001.

+

| Backlight data (config block 0x50001).

|-

| 0xC0

| 0x38

−

| ~~Config~~ block 0x50002.

+

| Backlight PWM table (config block 0x50002).

|-

| 0xF8

| 0x20

−

| ~~Config~~ block 0x50004.

+

| Power saving mode (ABL) calibration (config block 0x50004).

|-

| 0x118

| 0x134

−

| ~~Config~~ block 0x20000.

+

| CODEC calibration data (config block 0x20000).

|-

| 0x24C

| 0x10

−

| ~~Config~~ block 0x40000.

+

| Touch screen calibration data (config block 0x40000).

|-

| 0x25C

| 0x1C

−

| ~~Config~~ block 0x40001.

+

| Analog stick calibration data (config block 0x40001).

|-

| 0x278

Line 517: Line 617:

| 0x280

| 0x8

−

| ~~Config~~ block 0x30001.

+

| User time offset (config block 0x30001).

|-

| 0x288

Line 525: Line 625:

| 0x28A

| 0x2

−

| If non-zero, the size (below) is hardcoded (currently) to value 0x288, otherwise the size field below is used.

+

| Version, maybe? If non-zero, the size (below) is hardcoded (currently) to value 0x288, otherwise the size field below is used.

|-

| 0x28C

Danny8376

4

edits

Changes

FIRM (edit)

Revision as of 02:27, 17 March 2023