516
edits
Changes
Jump to navigation
Jump to search
Line 38:
Line 38: − + Line 80:
Line 80: − + Line 474:
Line 474: − + − |- − | 0x01FFB800 − | − | 0x3800 − | 0x4 − | This is always 0xDEADB00F. − |- − | 0x01FFB804 − | − | 0x3804 − | 0x4 − | This is the u32 DeviceId. − |- − | 0x01FFB808 − | − | 0x3808 − | 0x10 − | This is the fall-back keyY used for movable.sed keyY when movable.sed doesn't exist in NAND(the last two words here are used on retail for generating console-unique TWL keydata/etc). This is also used for "LocalFriendCodeSeed", etc. − |- − | 0x01FFB818 − | − | 0x3818 − | 0x1 − | ? − |- − | 0x01FFB819 − | − | 0x3819 − | 0x1 − | This is the [[CTCert]] issuer type: 0 = retail "Nintendo CA - G3_NintendoCTR2prod", non-zero = dev "Nintendo CA - G3_NintendoCTR2dev". − |- − | 0x01FFB81A − | − | 0x381A − | 0x6 − | ? − |- − | 0x01FFB820 − | − | 0x3820 − | 0x4 − | This is the CTCert ECDSA exponent, this is byte-swapped when *((u8*)(0x01FFB800+0x18)) is >=5. − |- − | 0x01FFB824 − | − | 0x3824 − | 0x2 − | ? − |- − | 0x01FFB826 − | − | 0x3826 − | 0x1E − | This is the CTCert ECDSA privk. − |- − | 0x01FFB844 − | − | 0x3844 − | 0x3C − | This is the CTCert ECDSA signature. − + − + − + Line 552:
Line 492: − + Line 641:
Line 581: − + + + + + + Line 693:
Line 638: − + Line 744:
Line 689: − +
Dev2 →FCRAM memory-regions layout
| 0x18000000
| 0x18000000
| 0x00600000
| 0x00600000
| VRAM (divided in two banks, VRAM and VRAMB)
| VRAM (divided in two areas VRAM A and B, four banks in total)
|-
|-
| style="background: red" | No
| style="background: red" | No
* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.
* Writes value <code>0xFFFF</code> to 32-bit register <code>0x17E10000</code>+<code>0x77C</code>.
* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.
* Waits for bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x730</code> to become clear.
* Writes value <code>0x0<code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.
* Writes value <code>0x0</code> to 32-bit register <code>0x17E10000</code>+<code>0x0</code>.
* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.
* Clears bit 0 in 32-bit register <code>0x17E10000</code>+<code>0x100</code>.
| 0x3800
| 0x3800
| 0x100
| 0x100
| This is the first 0x90-bytes of plaintext [[OTP_Registers|OTP]] when OTP hash verification is successful. The remaining 0x70-bytes are cleared.
| This is the first 0x90 bytes of [[OTP_Registers#Plaintext_OTP|plaintext OTP]] when OTP hash verification is successful. The remaining 0x70 bytes are cleared.
|-
|-
| 0x01FFB880
| 0x01FFB880
|
|
| 0x3880
| 0x3890
| 0x80
| 0x70
| This is all-zero.
| This is all zeros; boot ROM does not reveal the console-specific keys or the OTP hash in ITCM.
|-
|-
| 0x01FFB900
| 0x01FFB900
| 0x3B00
| 0x3B00
| 0x200
| 0x200
| This is the 0x200-bytes from the plaintext NAND firm partition FIRM header, read by bootrom.
| This is the 0x200-bytes from the plaintext FIRM header for the FIRM which was loaded by [[Bootloader|Boot9]]. This is the only location Boot9 uses for storing the loaded FIRM headers internally, it's not stored anywhere else.
|-
|-
| 0x01FFBD00
| 0x01FFBD00
| 0xB90
| 0xB90
| Uninitialized memory.
| Uninitialized memory.
0x01FFFC00 size 0x100-bytes starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.
|-
| 0x01FFFC00
|
| 0x7C00
| 0x100
| Starting with [[9.5.0-22|9.5.0-X]] is the FIRM header used during FIRM-launching.
|}
|}
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).
FCRAM is partitioned into three regions of memory (APPLICATION, SYSTEM, and BASE). Most applications can only allocate memory from one of these regions (which is encoded in the [[NCCH/Extended_Header#ARM11_Kernel_Flags|process kernel flags]]). There is a fixed set of possible size of each memory region, determined by the APPMEMTYPE value in [[Configuration_Memory#APPMEMTYPE|configuration memory]] (which in turn is set up according to the [[FIRM#FIRM_Launch_Parameters|firmware launch parameters]]).
Support for APPMEMTYPEs 6 and 7 was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].
Support for APPMEMTYPEs 6 and 7 (and 8?) was implemented in [[NS]] with [[8.0.0-18]]. These configurations are only supported in the [[New_3DS]] ARM11-kernel, and are in fact the only ones supported there at all. Applications only get access to the larger memory regions when this is specified in their [[NCCH/Extended Header#New3DS System Mode|extended header]].
{| class="wikitable" border="1"
{| class="wikitable" border="1"
| 0x01400000
| 0x01400000
|-
|-
| 6 (This is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is not 7)
| 6 and 8 (6 is the default on New3DS. With [[New_3DS]] kernel this is the type used when the value is neither 7 nor 8)
| 0x0
| 0x0
| 0x07C00000(124MB)
| 0x07C00000(124MB)