3dbrew

Memory layout: Difference between revisions

← Older editNewer edit →
(8 intermediate revisions by 4 users not shown)
Line 38: Line 38:
| 0x18000000
| 0x18000000
| 0x00600000
| 0x00600000
| VRAM (divided in two banks, VRAM and VRAMB)
| VRAM (divided in two areas VRAM A and B, four banks in total)
|-
|-
| style="background: red" | No
| style="background: red" | No
Line 80: Line 80:
* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.
* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.
* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.
* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.
* Writes value <code>0x0<code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.
* Writes value <code>0x0</code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.
* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.
* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.


Line 474: Line 474:
| 0x3800
| 0x3800
| 0x100
| 0x100
| This is the first 0x90-bytes of plaintext [[OTP_Registers|OTP]] when OTP hash verification is successful. The remaining 0x70-bytes are cleared.
| This is the first 0x90 bytes of [[OTP_Registers#Plaintext_OTP|plaintext OTP]] when OTP hash verification is successful. The remaining 0x70 bytes are cleared.
|-
| 0x01FFB800
|
| 0x3800
| 0x4
| This is always 0xDEADB00F.
|-
| 0x01FFB804
|
| 0x3804
| 0x4
| This is the u32 DeviceId.
|-
| 0x01FFB808
|
| 0x3808
| 0x10
| This is the fall-back keyY used for movable.sed keyY when movable.sed doesn't exist in NAND(the last two words here are used on retail for generating console-unique TWL keydata/etc). This is also used for "LocalFriendCodeSeed", etc.
|-
| 0x01FFB818
|
| 0x3818
| 0x1
| ?
|-
| 0x01FFB819
|
| 0x3819
| 0x1
| This is the [[CTCert]] issuer type: 0 = retail "Nintendo CA - G3_NintendoCTR2prod", non-zero = dev "Nintendo CA - G3_NintendoCTR2dev".
|-
| 0x01FFB81A
|
| 0x381A
| 0x6
| ?
|-
| 0x01FFB820
|
| 0x3820
| 0x4
| This is the CTCert ECDSA exponent, this is byte-swapped when *((u8*)(0x01FFB800+0x18)) is >=5.
|-
| 0x01FFB824
|
| 0x3824
| 0x2
| ?
|-
| 0x01FFB826
|
| 0x3826
| 0x1E
| This is the CTCert ECDSA privk.
|-
| 0x01FFB844
|
| 0x3844
| 0x3C
| This is the CTCert ECDSA signature.
|-
|-
| 0x01FFB880
| 0x01FFB880
|  
|  
| 0x3880
| 0x3890
| 0x80
| 0x70
| This is all-zero.
| This is all zeros; boot ROM does not reveal the console-specific keys or the OTP hash in ITCM.
|-
|-
| 0x01FFB900
| 0x01FFB900
Line 552: Line 492:
| 0x3B00
| 0x3B00
| 0x200
| 0x200
| This is the 0x200-bytes from the plaintext NAND firm partition FIRM header, read by bootrom.
| This is the 0x200-bytes from the plaintext FIRM header for the FIRM which was loaded by [[Bootloader|Boot9]]. This is the only location Boot9 uses for storing the loaded FIRM headers internally, it's not stored anywhere else.
|-
|-
| 0x01FFBD00
| 0x01FFBD00
Line 641: Line 581:
| 0xB90
| 0xB90
| Uninitialized memory.
| Uninitialized memory.
0x01FFFC00 size 0x100-bytes starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.
|-
| 0x01FFFC00
|
| 0x7C00
| 0x100
| Starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.
|}
|}


Line 693: Line 638:
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).


Support for APPMEMTYPEs 6 and 7 was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].
Support for APPMEMTYPEs 6 and 7 (and 8?) was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].


{| class="wikitable" border="1"
{| class="wikitable" border="1"
Line 744: Line 689:
| 0x01400000
| 0x01400000
|-
|-
| 6 (This is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is not 7)
| 6 and 8 (6 is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is neither 7 nor 8)
| 0x0
| 0x0
| 0x07C00000(124MB)
| 0x07C00000(124MB)
Retrieved from "https://www.3dbrew.org/wiki/Memory_layout"