Difference between revisions of "CXI"

From 3dbrew
Jump to navigation Jump to search
(Created page with "The following text tries to document the structure of the CTR Executable Image (CXI) format. === Overview === A CXI file contains the 'application' program code, which runs on a...")
 
Line 7: Line 7:
  
 
More specifically, the CXI file format is structured in the following order:
 
More specifically, the CXI file format is structured in the following order:
- first an NCCH header,
+
* first an NCCH header,
- followed by an extended header,  
+
* followed by an extended header,  
- followed by a plain binary region,
+
* followed by a plain binary region,
- followed by an embedded executable filesystem (ExeFS),
+
* followed by an embedded executable filesystem (ExeFS),
- and finally followed by a read-only filesystem (RomFS).
+
* and finally followed by a read-only filesystem (RomFS).
  
 
The extended header contains additional information regarding access control.
 
The extended header contains additional information regarding access control.

Revision as of 01:39, 29 May 2011

The following text tries to document the structure of the CTR Executable Image (CXI) format.

Overview

A CXI file contains the 'application' program code, which runs on a single ARM11 core. It can communicate through SVC calls with the other ARM11 core running the 'system' program code. For reasons of clarity, the ARM11 cores will sometimes be called the 'appcore' and 'syscore' respectively.

The CXI file format contains application ARM11 code, the menu icon, the menu 3D model, and an embedded read-only (ROM) filesystem for external filestorage. In fact, the application ARM11 code, menu icon, and menu 3D model are embedded into its own filesystem, called the ExeFS.

More specifically, the CXI file format is structured in the following order:

  • first an NCCH header,
  • followed by an extended header,
  • followed by a plain binary region,
  • followed by an embedded executable filesystem (ExeFS),
  • and finally followed by a read-only filesystem (RomFS).

The extended header contains additional information regarding access control. The plain binary region is an area specifically stored in plaintext, mostly containing SDK library strings for identification.

The extended header, the ExeFS and the RomFS are encrypted using AES CTR.


NCCH Header

OFFSET SIZE DESCRIPTION
0x000 0x100 RSA-2048 signature of the NCCH header, using SHA-256.
0x100 4 Magic ID, always 'NCCH'
0x104 4 Content size, in media units (1 media unit = 0x200 bytes)
0x108 8 Partition ID
0x110 2 Maker code
0x112 2 Version
0x114 4 Reserved
0x118 8 Program ID
0x120 1 Temp flag
0x121 0x2F Reserved
0x150 0x10 Product code
0x160 0x20 Extended header hash
0x180 4 Extended header size
0x184 4 Reserved
0x188 8 Flags
0x190 4 Plain region offset, in media units
0x194 4 Plain region size, in media units
0x198 8 Reserved
0x1A0 4 ExeFS offset, in media units
0x1A4 4 ExeFS size, in media units
0x1A8 4 ExeFS hash region size, in media units
0x1AC 4 Reserved
0x1B0 4 RomFS offset, in media units
0x1B4 4 RomFS size, in media units
0x1B8 4 RomFS hash region size, in media units
0x1BC 4 Reserved
0x1C0 0x20 ExeFS superblock hash
0x1E0 0x20 RomFS superblock hash