Difference between revisions of "10.4.0-29"
Line 65: | Line 65: | ||
Page | Page | ||
Go to Page | Go to Page | ||
+ | |||
+ | ===0004009B00012302=== | ||
+ | The USA 0004009B00012302 CFA(and the equivalent titleIDs for the other regions) was updated, the following message was added to 20000_msbt_LZ.bin: | ||
+ | An error has occurred. | ||
+ | Please check if there is corrupted data | ||
+ | in Data Management | ||
+ | Nintendo 3DS | ||
+ | in the System Settings. | ||
+ | If the problem persists, please | ||
+ | make a note of the error code | ||
+ | and visit support.nintendo.com. | ||
==See Also== | ==See Also== |
Revision as of 04:43, 22 January 2016
The Old3DS+New3DS 10.4.0-29 system update was released on January 18, 2016. This Old3DS update was released for the following regions: USA, EUR, JPN, CHN, KOR, and TWN. This New3DS update was released for the following regions: USA, EUR, JPN, CHN, and KOR.
Security flaws fixed: <fill this in manually later, see the updatedetails page from the ninupdates-report page(s) once available for now>.
Old3DS/New3DS browserhax and menuhax were not fixed(the Old3DS browser wasn't even updated).
Change-log
Official USA change-log:
- Further improvements to overall system stability and other minor adjustments have been made to enhance the user experience
System Titles
NATIVE_FIRM
memchunkhax2 was fixed by reading the MemoryBlockHeader next pointer before it is mapped to userland. Only one function was changed in arm11kernel.
The only updated FIRM sysmodules were fs and loader, for fs only a version-field in .code was updated used with a debug NOP-instruction.
loader
The loader process .text was previously 0x331C-bytes, it's now 0x36F0-bytes.
All code changes:
- Some code using svcGetSystemTick was added. This is used by L_14002670.
- L_140022b8(L_14002234 in previous loader version): This is the function which calls L_140025f0. Code was added between the code which loads the memregion value from exheader, and the func call for mapping it(L_140025f0). This new code determines what to pass for the L_140025f0 insp4 flag. By default the value passed for that flag is 0.
- When the process memregion is APPLICATION, the programID is for a CTR title, and the uniqueid matches the eShop system-application(all regions including CHN), the flag is set to 1.
- When the process memregion is SYSTEM, the flag is set to 1 when the reslimit_category is not LIB_APPLET.
- L_140025f0(L_140024e4 in previous loader version) now calls another function(L_14002670) instead of svcControlMemory directly, for mapping the codebin memory. The insp4 flag from the L_140025f0 input is passed to L_14002670 as sp0.
- L_14002670: New function used for mapping the codebin. When the insp0 flag is zero, this does the normal memory-mapping, otherwise a special memory-mapping codepath is used. This codepath still uses the same memregion specified in the exheader.
The special memory-mapping codepath is basically a method of mapping the codebin with svcControlMemory using up to 8 chunks, each with a random size. Each chunk is done in a random order. Since the allocation order is random, this also means the order of each .text chunk in physmem is random too. When the total size of the randomized page-count is less than the required amount, an 8th chunk is used to pad the total size to the exact required size. It appears the total combined size used with svcControlMemory is always exactly the same as what's required for the codebin.
Regarding chunk size calculation:
- s32 maxval = (codebin_totalrequiredpages - pagepos) >> 4;
- The above maxval field is set to 15 if it's >=15.
- pagecount = L_14001730(maxval);
- pagecount = (pagecount+1) << 4;
- chunksize = pagecount << 12;
This is an attempt at randomizing the layout of physmem .text, due to gspwn.
NS
NS added a new APT command used by Home Menu which now checks whether IronFall is on the latest version before launching; if it is on an exploitable version and the function is called to launch IronFall the system will reboot. This check is done again before launching the title, throwing an error if it fails.
Home Menu
The code changes for Home Menu appear to be just title/AM related / GUI.
Code was implemented for using APT:IsTitleAllowed mentioned above, when that returns 0 when you try launching an application Home Menu will display a message using the following text from new message-strings:
You need to update this software before you can launch it.
eShop system-application
Some ratings-related strings were added to the main codebin("ratPEGI_U_02" and "detailPEGI_D_01").
The message files were updated:
diff --git a/v19465/tiger.msbt.lz.decom.wstrs b/v20482/tiger.msbt.lz.decom.wstrs index 2a3a24e..55358d0 100644 --- a/v19465/tiger.msbt.lz.decom.wstrs +++ b/v20482/tiger.msbt.lz.decom.wstrs @@ -258,6 +258,7 @@ Charts Search Results: Price: TBD Offers in-game purchases +Video This software is currently unavailable. Page Go to Page
0004009B00012302
The USA 0004009B00012302 CFA(and the equivalent titleIDs for the other regions) was updated, the following message was added to 20000_msbt_LZ.bin:
An error has occurred. Please check if there is corrupted data in Data Management Nintendo 3DS in the System Settings. If the problem persists, please make a note of the error code and visit support.nintendo.com.
See Also
System update report(s):