Difference between revisions of "BOSS Services"
Line 273: | Line 273: | ||
==NsDataHeaderInfo== | ==NsDataHeaderInfo== | ||
+ | When the input type is not one of the below or when the specified output size doesn't match the expected size for this type, an error is returned. | ||
+ | |||
+ | ===Type0=== | ||
+ | Total size is 0x8-bytes. | ||
+ | |||
+ | {| class="wikitable" border="1" | ||
+ | |- | ||
+ | ! Offset | ||
+ | ! Size | ||
+ | ! Description | ||
+ | |- | ||
+ | | 0x0 | ||
+ | | 0x8 | ||
+ | | ? | ||
+ | |} | ||
+ | |||
+ | ===Type1=== | ||
+ | Total size is 0x4-bytes. | ||
+ | |||
+ | {| class="wikitable" border="1" | ||
+ | |- | ||
+ | ! Offset | ||
+ | ! Size | ||
+ | ! Description | ||
+ | |- | ||
+ | | 0x0 | ||
+ | | 0x4 | ||
+ | | ? | ||
+ | |} | ||
+ | |||
+ | ===Type2=== | ||
+ | Total size is 0x4-bytes. | ||
+ | |||
+ | {| class="wikitable" border="1" | ||
+ | |- | ||
+ | ! Offset | ||
+ | ! Size | ||
+ | ! Description | ||
+ | |- | ||
+ | | 0x0 | ||
+ | | 0x4 | ||
+ | | ? | ||
+ | |} | ||
+ | |||
===Type3=== | ===Type3=== | ||
Total size is 0x4-bytes. | Total size is 0x4-bytes. | ||
Line 285: | Line 329: | ||
| 0x4 | | 0x4 | ||
| Content size | | Content size | ||
+ | |} | ||
+ | |||
+ | ===Type4=== | ||
+ | Total size is 0x4-bytes. | ||
+ | |||
+ | {| class="wikitable" border="1" | ||
+ | |- | ||
+ | ! Offset | ||
+ | ! Size | ||
+ | ! Description | ||
+ | |- | ||
+ | | 0x0 | ||
+ | | 0x4 | ||
+ | | ? | ||
|} | |} | ||
Revision as of 18:49, 20 November 2016
BOSS Service "boss:U"
Command Header | Description |
---|---|
0x00010082 | InitializeSession |
0x00020100 | SetStorageInfo |
0x00030000 | UnregisterStorage |
0x00040000 | GetTaskStorageInfo |
0x00050042 | ? |
0x00060084 | ? |
0x00070000 | ? |
0x00080002 | ? |
0x00090040 | SetOptoutFlag |
0x000A0000 | GetOptoutFlag |
0x000B00C2 | RegisterTask |
0x000C0082 | UnregisterTask |
0x000D0082 | ReconfigureTask |
0x000E0000 | GetTaskIdList |
0x000F0042 | ? |
0x00100102 | GetNsDataIdList |
0x00110102 | ? |
0x00120102 | ? |
0x00130102 | ? |
0x00140082 | SendProperty |
0x00150042 | SendPropertyHandle |
0x00160082 | ReceiveProperty |
0x00170082 | ? |
0x00180082 | UpdateTaskCount |
0x00190042 | ? |
0x001A0042 | GetTaskCount |
0x001B0042 | GetTaskServiceStatus |
0x001C0042 | StartTask |
0x001D0042 | StartTaskImmediate |
0x001E0042 | CancelTask |
0x001F0000 | GetTaskFinishHandle |
0x00200082 | GetTaskState |
0x00210042 | GetTaskResult |
0x00220042 | ? |
0x002300C2 | GetTaskStatus |
0x00240082 | ? |
0x00250082 | ? |
0x00260040 | DeleteNsData |
0x002700C2 | GetNsDataHeaderInfo |
0x00280102 | ReadNsData |
0x00290080 | ? |
0x002A0040 | Unknown. Writes an output u32 to cmdreply[2]. |
0x002B0080 | SetNsDataNewFlag |
0x002C0040 | GetNsDataNewFlag |
0x002D0040 | unknown... |
0x002E0040 | GetErrorCode |
0x002F0140 | RegisterStorageEntry |
0x00300000 | unknown... |
0x00310100 | ? |
0x00320000 | ? |
0x00330042 | StartBgImmediate |
0x00340042 | ? |
0x003500C2 | RegisterImmediateTask |
0x00360084 | unknown... |
0x00370084 | ? |
Privileged BOSS Service "boss:P"
Command Header | Description |
---|---|
0x04040080 | GetAppNewFlag |
0x040500C0 | unknown... |
0x040600C0 | unknown... |
0x04070080 | unknown... |
0x04090102 | unknown... |
0x040B0080 | unknown... |
0x040D0182 | unknown... |
0x04130082 | SendPropertyPrivileged |
0x041500C0 | DeleteNsDataPrivileged |
0x04160142 | GetNsDataHeaderInfoPrivileged |
0x04170182 | ReadNsDataPrivileged |
0x041A0100 | SetNsDataNewFlagPrivileged |
0x041B00C0 | GetNsDataNewFlagPrivileged |
0x041C00C0 | unknown... |
0x042E00C2 | unknown... |
0x042F00C2 | unknown... |
0x043000C2 | unknown... |
0x04490142 | unknown... |
0x044A0180 | unknown... |
0x044D0080 | unknown... |
0x04500102 | unknown... |
0x04540102 | unknown... |
0x045500C2 | unknown... |
0x04580104 | ? |
boss:P also contains all of the commands from boss:U.
When Home Menu loads the SpotPass CBMD with Extended_Banner, it uses bossP command 0x040D0182 first. Then it uses GetNsDataHeaderInfoPrivileged, then ReadNsDataPrivileged for loading the actual banner data.
BOSS Service "boss:M"
Content Data Storage
SpotPass content for each application is stored under the extdata specified by BOSS:SetStorageInfo. That command and others verify that the PID associated with the current service session has access to the specified extdata by using FS:CheckAuthorityToAccessExtSaveData, returning an error on failure. This basically renders SpotPass unusable under user-processes(when initialized under those processes) which don't have access to any SD extdata(unless NAND extdata is used instead).
Custom SpotPass content
All data downloaded with SpotPass must use the signed+encrypted BOSS container. There doesn't seem to be any way to write to the SpotPass data stored in extdata via service commands either.
Therefore, the only known ways to use custom SpotPass content(homebrew usage etc) is: "CFW" / ARM11-kernelhax with the sigchecks for this patched, or some sort of BOSS-sysmodule exploit if there's any vulns to begin with.
BOSS Tasks
The TaskID is a 8-byte buffer containing a string including NUL-terminator(taskIDs are compared with: strncmp(str0, str1, 7)).
When disabling SpotPass, applications use BOSSU:CancelTask then BOSSU:UnregisterTask, to delete each task.
NsDataId
This is an u32 ID for SpotPass content, used with the NsData service commands etc.
NsDataHeaderInfo
When the input type is not one of the below or when the specified output size doesn't match the expected size for this type, an error is returned.
Type0
Total size is 0x8-bytes.
Offset | Size | Description |
---|---|---|
0x0 | 0x8 | ? |
Type1
Total size is 0x4-bytes.
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | ? |
Type2
Total size is 0x4-bytes.
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | ? |
Type3
Total size is 0x4-bytes.
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | Content size |
Type4
Total size is 0x4-bytes.
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | ? |
Type5
Total size is 0x4-bytes.
Offset | Size | Description |
---|---|---|
0x0 | 0x4 | ? |
Type6
Total size is 0x20-bytes.
Offset | Size | Description |
---|---|---|
0x0 | 0x8 | programID |
0x8 | 0x18 | ? |
PropertyIDs
ID | Size | Description |
---|---|---|
0x0 | 0x1 | Unknown. Usually 0x7D? |
0x1 | 0x1 | Unknown. Usually 0x1? |
0x2 | 0x4 | Unknown. Usually 0x0? |
0x3 | 0x4 | Interval in seconds. |
0x4 | 0x4 | Duration, ~1 = infinite. 0x1 can be used for running the task just once. |
0x5 | 0x1 | Unknown. Usually 0x2? |
0x7 | 0x200 | URL |
0xC | BOSSU:SendPropertyHandle is used for this. This property is only setup for HTTP uploads? | |
0xD | 0x360 | Contains additional HTTP headers to send in the request, otherwise this is all-zero. This is an array of 3 entries: +0x0 size 0x20 is the header name, and +0x20 size 0x100 is the header value. Example: header-name "Content-Type" at 0x0, with header-value "application/octet-stream" at offset 0x20. |
0x35 | 0x2 | u16 total_tasks. BOSSU:GetTaskIdList is used before reading this. |
0x36 | 0x400 | List of TaskIDs. BOSSU:GetTaskIdList is used before reading this. |