Difference between revisions of "NCCH/Extended Header"
Line 354: | Line 354: | ||
|- | |- | ||
| 21, 0x200000 | | 21, 0x200000 | ||
− | | Unknown | + | | Unknown. Introduced in [[9.6.0-24|9.6.0-X]] [[FIRM]]. [[Home Menu]] has this bit set starting with [[9.6.0-24|9.6.0-X]]. |
|} | |} | ||
Revision as of 04:53, 26 March 2015
Overview
This page documents the format of the NCCH Extended Header (exheader for short).
The exheader, has two sections:
- The actual exheader data, containing System Control Info and Access Control Info,
- And a signed copy of NCCH HDR public key, and exheader Access Control Info. (This version of the Access Control Info is used as limitation to the actual Access Control Info)
Main Structure
All values are little endian unless otherwise specified.
Offset | Size | Description |
---|---|---|
0x0 | 0x200 | System Control Info |
0x200 | 0x200 | Access Control Info |
0x400 | 0x100 | AccessDesc Signature (RSA-2048-SHA256) |
0x500 | 0x100 | NCCH Hdr RSA-2048 Public Key |
0x600 | 0x200 | Access Control Info (For limitation of first Access Control Info) |
The AccessDesc Signature covers the NCCH Hdr Public Key and second Access Control Info. The AccessDesc public key is initialised by the bootrom.
When loading the exheader, Process9 compares the exheader data with the data in the accessdesc(note that not everything is compared here). When these don't match, an error is returned. The Process9 code handling this validation was updated with v6.0(the only change in this function seems to be the check for the "Ideal Processor" field).
System Control Info
Offset | Size | Description |
---|---|---|
0x0 | 0x8 | Application Title |
0x8 | 0x5 | Reserved |
0xD | 0x1 | Flag (Bit0: CompressExefsCode, Bit1: SDApplication) |
0xE | 0x2 | Remaster Version |
0x10 | 0xC | Text Code Set Info |
0x1C | 0x4 | Stack Size |
0x20 | 0xC | ReadOnly Code Set Info |
0x2C | 0x4 | Reserved |
0x30 | 0xC | Data Code Set Info |
0x3C | 0x4 | BSS Size |
0x40 | 0x180 (48*8) | Dependency Module (Program ID) List |
0x1C0 | 0x40 | SystemInfo |
Code Set Info
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | Address |
0x4 | 0x4 | Physical region size (in page-multiples) |
0x8 | 0x4 | Size (in bytes) |
System Info
Offset | Size | Description |
---|---|---|
0x0 | 0x8 | SaveData Size |
0x8 | 0x8 | Jump ID |
0x10 | 0x30 | Reserved |
Access Control Info
Offset | Size | Description |
---|---|---|
0x0 | 0x170 | ARM11 Local System Capabilities |
0x170 | 0x80 | ARM11 Kernel Capabilities |
0x1F0 | 0x10 | ARM9 Access Control |
ARM11 Local System Capabilities
Offset | Size | Description |
---|---|---|
0x0 | 0x8 | Program ID |
0x8 | 0x4 | Core Version (The Title ID low of the required FIRM) |
0xC | 0x2 | Flag1 and Flag2 |
0xE | 0x1 | Flag0 |
0xF | 0x1 | Priority |
0x10 | 0x20 (16*2) | Resource Limit Descriptors |
0x30 | 0x20 | Storage Info |
0x50 | 0x100 (32*8) | Service Access Control |
0x150 | 0x10 (2*8) | Extended Service Access Control, support for this was implemented with 9.3.0-X. |
0x160 | 0xF | Reserved |
0x16F | 0x1 | Resource Limit Category. (0 = APPLICATION, 1 = SYS_APPLET, 2 = LIB_APPLET, 3 = OTHER) |
Flag0
This stores the System Mode, Affinity Mask and Ideal Processor values in one byte. They are stored as follows:
u8 Flag0 = (SystemMode << 4 | AffinityMask << 2 | IdealProcessor);
And can be retrieved as follows:
u8 SystemMode = (Flag0>>4)&0xF; u8 AffinityMask = (Flag0>>2)&0x3; u8 IdealProcessor = (Flag0>>0)&0x3;
In the exheader data, the IdealProcessor field is a bit-index, while in the accessdesc the IdealProcessor field is a bitmask. When the bit specified by the exheader field is not set in the accessdesc field, an error is returned. "if((1<<exheaderval) & accessdescval == 0)return error"
During a FIRM-launch when a titleinfo structure was specified, the field at offset 0x400 in the FIRM-launch parameters is set to the SystemMode of the specified title(however in some cases other values are written there). With 8.0.0-18 NS will now check the output of PTMSYSM command 0x040A0000, when the output is non-zero and a certain NS state field is value-zero, the following is executed otherwise this is skipped. With that check passed on 8.0.0-18, NS will then check (Flag2 & 0xf). When that's value2, the output value(used for the FIRM-launcher parameter field mentioned above) is set to value7. Otherwise, when that value is non-zero, the output value is set to 6.
Flag1 and Flag2
Support for these two u8 fields were implemented with 8.0.0-18.
Flag1
Bit | Description |
---|---|
0 | Unknown. |
1 | Unknown. |
2-7 | Unused |
In order for the exheader to have any of the above new bits set, the accessdesc must have the corresponding bit set, otherwise the invalid-exheader error is returned.
Flag2
Bit | Description |
---|---|
0-3 | ? |
4-7 | Unused |
The exheader value for the above 4-bit value must be <= to the accessdesc value, otherwise the invalid-exheader error is returned.
Storage Info
Offset | Size | Description |
---|---|---|
0x0 | 0x8 | Extdata ID |
0x8 | 0x8 | System Save Data Ids |
0x10 | 0x8 | Storage Accessable Unique Ids |
0x18 | 0x7 | File System Access Info |
0x1F | 0x1 | Other Attributes |
File System Access Info:
Bit and bitmask | Description |
---|---|
0, 0x1 | Category System Application |
1, 0x2 | Category Hardware Check |
2, 0x4 | Category File System Tool |
3, 0x8 | Debug |
4, 0x10 | TWL Card Backup |
5, 0x20 | TWL Nand Data |
6, 0x40 | BOSS |
7, 0x80 | sdmc:/ |
8, 0x100 | Core |
9, 0x200 | nand:/ro/ (Read Only) |
10, 0x400 | nand:/rw/ |
11, 0x800 | nand:/ro/ (Write Access) |
12, 0x1000 | Category System Settings |
13, 0x2000 | Card Board |
14, 0x4000 | Export Import IVS |
15, 0x8000 | sdmc:/ (Write-only) |
16, 0x10000 | Switch Cleanup (Introduced in 3.0.0?) |
17, 0x20000 | Save Data Move (Introduced in 5.0.0) |
18, 0x40000 | Shop (Introduced in 5.0.0) |
19, 0x80000 | Shell (Introduced in 5.0.0) |
20, 0x100000 | Category HomeMenu (Introduced in 6.0.0) |
21, 0x200000 | Unknown. Introduced in 9.6.0-X FIRM. Home Menu has this bit set starting with 9.6.0-X. |
Other Attributes:
Bit | Description |
---|---|
0 | Not use RomFS |
1 | Use Extended Save Data Access. When this is set, the Extdata ID and Storage Accessable Unique Ids regions are used to store a total of 6 Accessible Save Ids. Introduced in 6.0.0. |
Service Access Control
This is the list of services which the process is allowed to access, this is registered with the services manager. Each service listed in the exheader must be listed in the accessdesc, otherwise the invalid exheader error is returned. The order of the services for exheader/accessdesc doesn't matter. The accessdesc can list services which are not in the exheader, but normally the service-access-control data for exheader/accessdesc are exactly the same.
ARM11 Kernel Capabilities
Offset | Size | Description |
---|---|---|
0x0 | 0x70 (28*4) | Descriptors |
0x70 | 0x10 | Reserved |
ARM9 Access Control
Offset | Size | Description |
---|---|---|
0x0 | 0xF | Descriptors |
0xF | 0x1 | ARM9 Descriptor Version. Originally this value had to be >=2. Starting with 9.3.0-X this value has to be either value 2 or value 3. |
Descriptors:
Bit | Description |
---|---|
0 | Mount nand:/ |
1 | Mount nand:/ro/ (Write Access) |
2 | Mount twln:/ |
3 | Mount wnand:/ |
4 | Mount Card SPI |
5 | Use SDIF3 |
6 | Create Seed |
7 | Use Card SPI |
8 | SD Application (Not checked) |
9 | Mount sdmc:/ (Write Access) |