Difference between revisions of "NCCH/Extended Header"

From 3dbrew
Jump to navigation Jump to search
(This should be a lot more readable)
Line 1: Line 1:
This page documents the format of the '''NCCH Extended Header''' (''exheader'' for short).
+
This page documents the format of the '''NCCH Extended Header''', or '''exheader''' for short.
  
The exheader, has two sections:
+
The exheader has two sections:
* The actual exheader data, containing System Control Info and Access Control Info,
+
 
* And a signed copy of NCCH HDR public key, and exheader Access Control Info. (This version of the Access Control Info is used as limitation to the actual Access Control Info)
+
* The actual exheader data, containing System Control Info (SCI) and Access Control Info (ACI);
 +
* A signed copy of NCCH HDR public key, and exheader ACI. This version of the ACI is used as limitation to the actual ACI.
  
 
== Main Structure ==
 
== Main Structure ==
Line 12: Line 13:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0x200
+
| <code>0x200</code>
| System Control Info
+
| SCI
 
|-
 
|-
| 0x200
+
| <code>0x200</code>
| 0x200
+
| <code>0x200</code>
| Access Control Info
+
| ACI
 
|-
 
|-
| 0x400
+
| <code>0x400</code>
| 0x100
+
| <code>0x100</code>
| AccessDesc Signature (RSA-2048-SHA256)
+
| <code>AccessDesc</code> signature (RSA-2048-SHA256)
 
|-
 
|-
| 0x500
+
| <code>0x500</code>
| 0x100
+
| <code>0x100</code>
| NCCH Hdr RSA-2048 Public Key
+
| NCCH HDR RSA-2048 public key
 
|-
 
|-
| 0x600
+
| <code>0x600</code>
| 0x200
+
| <code>0x200</code>
| Access Control Info (For limitation of first Access Control Info)
+
| ACI (for limitation of first ACI)
 
|}
 
|}
  
The AccessDesc Signature covers the ''NCCH Hdr Public Key'' and second ''Access Control Info''. The AccessDesc public key is initialised by the bootrom.
+
The <code>AccessDesc</code> signature covers the NCCH HDR public key and second ACI. The <code>AccessDesc</code> public key is initialised by the boot ROM.
  
When loading the exheader, [[FIRM|Process9]] compares the exheader data with the data in the accessdesc(note that not everything is compared here). When these don't match, an error is returned. The Process9 code handling this validation was updated with [[6.0.0-11|v6.0]](the only change in this function seems to be the check for the "Ideal Processor" field).
+
When loading the exheader, [[FIRM|Process9]] compares the exheader data with the data in the <code>AccessDesc</code> (note that not everything is compared here). When these don't match, an error is returned. The Process9 code handling this validation was updated with [[6.0.0-11|v6.0]]; the only change in this function seems to be the check for the "Ideal processor" field.
  
 
== System Control Info ==
 
== System Control Info ==
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0x8
+
| <code>0x8</code>
| Application Title
+
| Application title
 
|-
 
|-
| 0x8
+
| <code>0x8</code>
| 0x5
+
| <code>0x5</code>
| Reserved
+
| Reserved
 
|-
 
|-
| 0xD
+
| <code>0xD</code>
| 0x1
+
| <code>0x1</code>
| Flag (Bit0: CompressExefsCode, Bit1: SDApplication)
+
| Flag (bit 0: <code>CompressExefsCode</code>, bit 1: <code>SDApplication</code>)
 
|-
 
|-
| 0xE
+
| <code>0xE</code>
| 0x2
+
| <code>0x2</code>
| Remaster Version
+
| Remaster version
 
|-
 
|-
| 0x10
+
| <code>0x10</code>
| 0xC
+
| <code>0xC</code>
| Text Code Set Info
+
| Text code set info
 
|-
 
|-
| 0x1C
+
| <code>0x1C</code>
| 0x4
+
| <code>0x4</code>
| Stack Size
+
| Stack size
 
|-
 
|-
| 0x20
+
| <code>0x20</code>
| 0xC
+
| <code>0xC</code>
| ReadOnly Code Set Info
+
| Read-only code set info
 
|-
 
|-
| 0x2C
+
| <code>0x2C</code>
| 0x4
+
| <code>0x4</code>
| Reserved
+
| Reserved
 
|-
 
|-
| 0x30
+
| <code>0x30</code>
| 0xC
+
| <code>0xC</code>
| Data Code Set Info
+
| Data code set info
 
|-
 
|-
| 0x3C
+
| <code>0x3C</code>
| 0x4
+
| <code>0x4</code>
| BSS Size
+
| BSS size
 
|-
 
|-
| 0x40
+
| <code>0x40</code>
| 0x180 (48*8)
+
| <code>0x180</code> (<code>48*8</code>)
| Dependency Module (Program ID) List
+
| Dependency module (program ID) list
 
|-
 
|-
| 0x1C0
+
| <code>0x1C0</code>
| 0x40
+
| <code>0x40</code>
| SystemInfo
+
| <code>SystemInfo</code>
 
|}
 
|}
  
Line 102: Line 103:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0x4
+
| <code>4</code>
| Address
+
| Address
 
|-
 
|-
| 0x4
+
| <code>0x4</code>
| 0x4
+
| <code>4</code>
| Physical region size (in page-multiples)
+
| Physical region size (in page-multiples)
 
|-
 
|-
| 0x8
+
| <code>0x8</code>
| 0x4
+
| <code>4</code>
| Size (in bytes)
+
| Size (in bytes)
 
|}
 
|}
  
Line 122: Line 123:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0x8
+
| <code>0x8</code>
| SaveData Size
+
| <code>SaveData</code> Size
 
|-
 
|-
| 0x8
+
| <code>0x8</code>
| 0x8
+
| <code>0x8</code>
| Jump ID
+
| Jump ID
 
|-
 
|-
| 0x10
+
| <code>0x10</code>
| 0x30
+
| <code>0x30</code>
| Reserved
+
| Reserved
 
|}
 
|}
  
Line 142: Line 143:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0x170
+
| <code>0x170</code>
| [[#ARM11 Local System Capabilities|ARM11 Local System Capabilities]]
+
| [[#ARM11 Local System Capabilities|ARM11 local system capabilities]]
 
|-
 
|-
| 0x170
+
| <code>0x170</code>
| 0x80
+
| <code>0x80</code>
| [[#ARM11 Kernel Capabilities|ARM11 Kernel Capabilities]]
+
| [[#ARM11 Kernel Capabilities|ARM11 kernel capabilities]]
 
|-
 
|-
| 0x1F0
+
| <code>0x1F0</code>
| 0x10
+
| <code>0x10</code>
| [[#ARM9 Access Control|ARM9 Access Control]]
+
| [[#ARM9 Access Control|ARM9 access control]]
 
|}
 
|}
  
Line 162: Line 163:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0x8
+
| <code>0x8</code>
| Program ID
+
| Program ID
 
|-
 
|-
| 0x8
+
| <code>0x8</code>
| 0x4
+
| <code>0x4</code>
| Core Version (The Title ID low of the required [[FIRM]])
+
| Core version (The Title ID low of the required [[FIRM]])
 
|-
 
|-
| 0xC
+
| <code>0xC</code>
| 0x2
+
| <code>0x2</code>
| [[#Flag1|Flag1]] and [[#Flag2|Flag2]] (both implemented starting from [[8.0.0-18]]).
+
| [[#Flag1|Flag1]] and [[#Flag2|Flag2]] (both implemented starting from [[8.0.0-18]]).
 
|-
 
|-
| 0xE
+
| <code>0xE</code>
| 0x1
+
| <code>0x1</code>
| [[#Flag0|Flag0]]
+
| [[#Flag0|Flag0]]
 
|-
 
|-
| 0xF
+
| <code>0xF</code>
| 0x1
+
| <code>0x1</code>
| Priority
+
| Priority
 
|-
 
|-
| 0x10
+
| <code>0x10</code>
| 0x20 (16*2)
+
| <code>0x20</code> (<code>16*2</code>)
| Resource Limit Descriptors. The first byte here controls the maximum allowed [[PMApp:SetAppResourceLimit|CpuTime]].
+
| Resource limit descriptors. The first byte here controls the maximum allowed [[PMApp:SetAppResourceLimit|<code>CpuTime</code>]].
 
|-
 
|-
| 0x30
+
| <code>0x30</code>
| 0x20
+
| <code>0x20</code>
| [[#Storage Info|Storage Info]]
+
| [[#Storage Info|Storage info]]
 
|-
 
|-
| 0x50
+
| <code>0x50</code>
| 0x100 (32*8)
+
| <code>0x100</code> (<code>32*8</code>)
| [[#Service Access Control|Service Access Control]]
+
| [[#Service Access Control|Service access control]]
 
|-
 
|-
| 0x150
+
| <code>0x150</code>
| 0x10 (2*8)
+
| <code>0x10</code> (<code>2*8</code>)
| Extended Service Access Control, support for this was implemented with [[9.3.0-21|9.3.0-X]].
+
| Extended service access control, support for this was implemented with [[9.3.0-21|9.3.0-X]].
 
|-
 
|-
| 0x160
+
| <code>0x160</code>
| 0xF
+
| <code>0xF</code>
| Reserved
+
| Reserved
 
|-
 
|-
| 0x16F
+
| <code>0x16F</code>
| 0x1
+
| <code>0x1</code>
| Resource Limit Category. (0 = APPLICATION, 1 = SYS_APPLET, 2 = LIB_APPLET, 3 = OTHER(sysmodules running under the BASE memregion))
+
| Resource limit category. (0 = <code>APPLICATION</code>, 1 = <code>SYS_APPLET</code>, 2 = <code>LIB_APPLET</code>, 3 = <code>OTHER</code> (sysmodules running under the BASE memregion))
 
|}
 
|}
  
Line 214: Line 215:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Bits
+
! Bits
! Description
+
! Description
 
|-
 
|-
| 0-1
+
| <code>0-1</code>
| Ideal Processor
+
| Ideal processor
 
|-
 
|-
| 2-3
+
| <code>2-3</code>
| Affinity Mask
+
| Affinity mask
 
|-
 
|-
| 4-7
+
| <code>4-7</code>
| System Mode
+
| System mode
 
|}
 
|}
  
In the exheader data, the IdealProcessor field is a bit-index, while in the accessdesc the IdealProcessor field is a bitmask. When the bit specified by the exheader field is not set in the accessdesc field, an error is returned. "if((1<<exheaderval) & accessdescval == 0)return error"
+
In the exheader data, the ideal processor field is a bit-index, while in the <code>AccessDesc</code> the ideal processor field is a bitmask. When the bit specified by the exheader field is not set in the <code>AccessDesc</code> field, an error is returned.
 +
 
 +
<pre>if((1 << exheaderval) & accessdescval == 0) return error</pre>
  
During a FIRM-launch when a titleinfo structure was specified, the field at offset [[FIRM#FIRM_Launch_Parameters|0x400]] in the FIRM-launch parameters is set to the SystemMode of the specified title(however in some cases other values are written there). With [[8.0.0-18]] NS will now check the output of [[PTM|PTMSYSM]] command 0x040A0000, when the output is non-zero and a certain NS state field is value-zero, the following is executed otherwise this is skipped. With that check passed on [[8.0.0-18]], NS will then check (Flag2 & 0xf). When that's value2, the output value(used for the FIRM-launcher parameter field mentioned above) is set to value7. Otherwise, when that value is non-zero, the output value is set to 6.
+
During a FIRM-launch when a <code>TitleInfo</code> structure was specified, the field at offset [[FIRM#FIRM_Launch_Parameters|0x400]] in the FIRM-launch parameters is set to the SystemMode of the specified title, however in some cases other values are written there. With [[8.0.0-18]] NS will now check the output of [[PTM|PTMSYSM]] command <code>0x040A0000</code>, when the output is non-zero and a certain NS state field is value-zero, the following is executed otherwise this is skipped. With that check passed on [[8.0.0-18]], NS will then check (<code>Flag2 & 0xF</code>). When that is <code>value2</code>, the output value (used for the FIRM-launcher parameter field mentioned above) is set to <code>value7</code>. Otherwise, when that value is non-zero, the output value is set to 6.
  
 
==== Flag1 ====
 
==== Flag1 ====
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Bits
+
! Bits
! Description
+
! Description
 
|-
 
|-
| 0
+
| <code>0</code>
| "EnableL2Cache" (Unknown what this actually does, New3DS-only presumably)
+
| <code>EnableL2Cache</code> (Unknown what this actually does, New3DS-only presumably)
 
|-
 
|-
| 1
+
| <code>1</code>
| "cpuspeed_804MHz" (Default "cpuspeed" when not set)
+
| <code>cpuspeed_804MHz</code> (Default "cpuspeed" when not set)
 
|-
 
|-
| 2-7
+
| <code>2-7</code>
 
| Unused
 
| Unused
 
|}
 
|}
  
In order for the exheader to have any of the above new bits set, the accessdesc must have the corresponding bit set, otherwise the invalid-exheader error is returned.
+
In order for the exheader to have any of the above new bits set, the <code>AccessDesc</code> must have the corresponding bit set, otherwise the invalid-exheader error is returned.
  
Homebrew which runs under a title which has the above cpuspeed flag set, runs much faster on New3DS. It's unknown how exactly the system handles these flags.
+
Homebrew which runs under a title which has the above <code>cpuspeed</code> flag set, runs much faster on New3DS. It's unknown how exactly the system handles these flags.
  
When launching titles / perhaps other things with APT, [[NS]] uses [[PTMSYSM:ConfigureNew3DSCPU]] with data which originally came from these flags(NS does this regardless of what the running 3DS system is). However, due to a bug(?) in NS the value sent to that command is always either 0x0 or 0x3. When calculating that value, the code only ever uses the cpuspeed field, not the cache field: code to actually load and check the value of the cache field appears to be missing.
+
When launching titles / perhaps other things with [[APT]], [[NS]] uses [[PTMSYSM:ConfigureNew3DSCPU]] with data which originally came from these flags; NS does this regardless of what the running 3DS system is. However, due to a bug(?) in NS the value sent to that command is always either 0x0 or 0x3. When calculating that value, the code only ever uses the cpuspeed field, not the cache field: code to actually load and check the value of the cache field appears to be missing.
  
 
==== Flag2 ====
 
==== Flag2 ====
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Bit
+
! Bit
! Description
+
! Description
 
|-
 
|-
| 0-3
+
| <code>0-3</code>
| ?
+
| ''Unknown''
 
|-
 
|-
| 4-7
+
| <code>4-7</code>
 
| Unused
 
| Unused
 
|}
 
|}
  
The exheader value for the above 4-bit value must be <= to the accessdesc value, otherwise the invalid-exheader error is returned.
+
The exheader value for the above 4-bit value must be to the <code>AccessDesc</code> value, otherwise the invalid-exheader error is returned.
  
 
==== Storage Info ====
 
==== Storage Info ====
Line 273: Line 276:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0x8
+
| <code>8</code>
| Extdata ID
+
| Extdata ID
 
|-
 
|-
| 0x8
+
| <code>0x8</code>
| 0x8
+
| <code>8</code>
| System Save Data Ids
+
| System savedata IDs
 
|-
 
|-
| 0x10
+
| <code>0x10</code>
| 0x8
+
| <code>8</code>
| Storage Accessable Unique Ids
+
| Storage accessible unique IDs
 
|-
 
|-
| 0x18
+
| <code>0x18</code>
| 0x7
+
| <code>7</code>
| File System Access Info
+
| Filesystem access info
 
|-
 
|-
| 0x1F
+
| <code>0x1F</code>
| 0x1
+
| <code>1</code>
| Other Attributes
+
| Other attributes
 
|}
 
|}
  
Line 301: Line 304:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Bit and bitmask
+
! Bit and bitmask
! Description
+
! Description
 
|-
 
|-
| 0, 0x1
+
| <code>0</code>, <code>0x1</code>
| Category System Application
+
| Category system application
 
|-
 
|-
| 1, 0x2
+
| <code>1</code>, <code>0x2</code>
| Category Hardware Check
+
| Category hardware check
 
|-
 
|-
| 2, 0x4
+
| <code>2</code>, <code>0x4</code>
| Category File System Tool
+
| Category filesystem tool
 
|-
 
|-
| 3, 0x8
+
| <code>3</code>, <code>0x8</code>
| Debug
+
| Debug
 
|-
 
|-
| 4, 0x10
+
| <code>4</code>, <code>0x10</code>
| TWL Card Backup
+
| TWL card backup
 
|-
 
|-
| 5, 0x20
+
| <code>5</code>, <code>0x20</code>
| TWL Nand Data
+
| TWL NAND data
 
|-
 
|-
| 6, 0x40
+
| <code>6</code>, <code>0x40</code>
| BOSS
+
| BOSS
 
|-
 
|-
| 7, 0x80
+
| <code>7</code>, <code>0x80</code>
| [[FS:OpenArchive|sdmc:/]]
+
| [[FS:OpenArchive|<code>sdmc:/</code>]]
 
|-
 
|-
| 8, 0x100
+
| <code>8</code>, <code>0x100</code>
| Core
+
| Core
 
|-
 
|-
| 9, 0x200
+
| <code>9</code>, <code>0x200</code>
| [[Flash Filesystem|nand:/ro/]] (Read Only)
+
| [[Flash Filesystem|<code>nand:/ro/</code>]] (Read Only)
 
|-
 
|-
| 10, 0x400
+
| <code>10</code>, <code>0x400</code>
| [[Flash Filesystem|nand:/rw/]]
+
| [[Flash Filesystem|<code>nand:/rw/</code>]]
 
|-
 
|-
| 11, 0x800
+
| <code>11</code>, <code>0x800</code>
| [[Flash Filesystem|nand:/ro/]] (Write Access)
+
| [[Flash Filesystem|<code>nand:/ro/</code>]] (Write Access)
 
|-
 
|-
| 12, 0x1000
+
| <code>12</code>, <code>0x1000</code>
| Category System Settings
+
| Category system settings
 
|-
 
|-
| 13, 0x2000
+
| <code>13</code>, <code>0x2000</code>
| Card Board
+
| Cardboard
 
|-
 
|-
| 14, 0x4000
+
| <code>14</code>, <code>0x4000</code>
| Export Import IVS
+
| Export/Import IVS
 
|-
 
|-
| 15, 0x8000
+
| <code>15</code>, <code>0x8000</code>
| [[FS:OpenArchive|sdmc:/]] (Write-only)
+
| [[FS:OpenArchive|<code>sdmc:/</code>]] (Write-only)
 
|-
 
|-
| 16, 0x10000
+
| <code>16</code>, <code>0x10000</code>
| Switch Cleanup (Introduced in [[3.0.0-5|3.0.0]]?)  
+
| Switch cleanup (Introduced in [[3.0.0-5|3.0.0]]?)  
 
|-
 
|-
| 17, 0x20000
+
| <code>17</code>, <code>0x20000</code>
| Save Data Move (Introduced in [[5.0.0-11|5.0.0]])  
+
| Savedata move (Introduced in [[5.0.0-11|5.0.0]])  
 
|-
 
|-
| 18, 0x40000
+
| <code>18</code>, <code>0x40000</code>
| Shop (Introduced in [[5.0.0-11|5.0.0]])  
+
| Shop (Introduced in [[5.0.0-11|5.0.0]])  
 
|-
 
|-
| 19, 0x80000
+
| <code>19</code>, <code>0x80000</code>
| Shell (Introduced in [[5.0.0-11|5.0.0]])  
+
| Shell (Introduced in [[5.0.0-11|5.0.0]])  
 
|-
 
|-
| 20, 0x100000
+
| <code>20</code>, <code>0x100000</code>
| Category HomeMenu (Introduced in [[6.0.0-11|6.0.0]])
+
| Category home menu (Introduced in [[6.0.0-11|6.0.0]])
 
|-
 
|-
| 21, 0x200000
+
| <code>21</code>, <code>0x200000</code>
| Seed DB. Introduced in [[9.6.0-24|9.6.0-X]] [[FIRM]]. [[Home Menu]] has this bit set starting with [[9.6.0-24|9.6.0-X]].
+
| Seed DB. Introduced in [[9.6.0-24|9.6.0-X]] [[FIRM]]. [[Home Menu]] has this bit set starting with [[9.6.0-24|9.6.0-X]].
 
|}
 
|}
  
Other Attributes:
+
====Other Attributes====
 +
 
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Bit
+
! Bit
! Description
+
! Description
 
|-
 
|-
| 0
+
| <code>0</code>
| Not use RomFS
+
| Not use ROMFS
 
|-
 
|-
| 1
+
| <code>1</code>
| Use Extended Save Data Access. When this is set, the ''Extdata ID'' and ''Storage Accessable Unique Ids'' regions are used to store a total of 6 ''Accessible Save Ids''. Introduced in [[6.0.0-11|6.0.0]].
+
| Use Extended savedata access.
 
|}
 
|}
 +
 +
When this is set, the "Extdata ID" and "Storage Accessable Unique IDs" regions are used to store a total of 6 "Accessible Save IDs". Introduced in [[6.0.0-11|6.0.0]].
  
 
==== Service Access Control ====
 
==== Service Access Control ====
This is the list of [[Services_API|services]] which the process is allowed to access, this is registered with the [[Services|services]] manager. Each service listed in the exheader must be listed in the accessdesc, otherwise the invalid exheader error is returned. The order of the services for exheader/accessdesc doesn't matter. The accessdesc can list services which are not in the exheader, but normally the service-access-control data for exheader/accessdesc are exactly the same.
+
This is the list of [[Services_API|services]] which the process is allowed to access, this is registered with the [[Services|services]] manager. Each service listed in the exheader must be listed in the <code>AccessDesc</code>, otherwise the invalid exheader error is returned. The order of the services for exheader/<code>AccessDesc</code> doesn't matter. The <code>AccessDesc</code> can list services which are not in the exheader, but normally the service-access-control data for exheader/<code>AccessDesc</code> are exactly the same.
  
 
This list is submitted to [[SRVPM:RegisterProcess]].
 
This list is submitted to [[SRVPM:RegisterProcess]].
Line 394: Line 400:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0x70 (28*4)
+
| <code>0x70</code> (<code>28*4</code>)
| Descriptors
+
| Descriptors
 
|-
 
|-
| 0x70
+
| <code>0x70</code>
| 0x10
+
| <code>0x10</code>
| Reserved
+
| Reserved
 
|}
 
|}
  
There are different descriptor types, determined by the number of leading "1"s in the binary value representation of bits 20-31. The different types are laid out as follows:
+
There are different descriptor types, determined by the number of leading ones in the binary value representation of bits 20-31. The different types are laid out as follows:
  
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Pattern of bits 20-31
+
! Pattern of bits 20-31
! Type
+
! Type
! Fields
+
! Fields
 
|-
 
|-
| 0b1110xxxxxxxx
+
| <code>0b1110xxxxxxxx</code>
| Interrupt info
+
| Interrupt info
 
|
 
|
 
|-
 
|-
| 0b11110xxxxxxx
+
| <code>0b11110xxxxxxx</code>
| System call mask
+
| System call mask
| Bits 24-26: System call mask table index; Bits 0-23: mask
+
| Bits 24-26: System call mask table index; Bits 0-23: mask
 
|-
 
|-
| 0b1111110xxxxx
+
| <code>0b1111110xxxxx</code>
| Kernel release version
+
| Kernel release version
| Bits 8-15: Major version; Bits 0-7: Minor version
+
| Bits 8-15: Major version; Bits 0-7: Minor version
 
|-
 
|-
| 0b11111110xxxx
+
| <code>0b11111110xxxx</code>
| Handle table size
+
| Handle table size
| Bits 0-18: size
+
| Bits 0-18: size
 
|-
 
|-
| 0b111111110xxx
+
| <code>0b111111110xxx</code>
| [[#ARM11_Kernel_Flags|Kernel flags]]
+
| [[#ARM11_Kernel_Flags|Kernel flags]]
| See below
+
| See below
 
|-
 
|-
| 0b11111111100x
+
| <code>0b11111111100x</code>
| Mapping static address
+
| Mapping static address
 
|
 
|
 
|-
 
|-
| 0b111111111110
+
| <code>0b111111111110</code>
| Mapping IO address
+
| Mapping IO address
| Bits 0-19: IO page index to map; Bit 20: Map read-only (otherwise read-write)
+
| Bits 0-19: IO page index to map; Bit 20: Map read-only (otherwise read-write)
 
|}
 
|}
  
Line 447: Line 453:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Bit
+
! Bit
! Description
+
! Description
 
|-
 
|-
| 0
+
| <code>0</code>
| Allow debug
+
| Allow debug
 
|-
 
|-
| 1
+
| <code>1</code>
| Force debug
+
| Force debug
 
|-
 
|-
| 2
+
| <code>2</code>
| Allow non-alphanum
+
| Allow non-alphanum
 
|-
 
|-
| 3
+
| <code>3</code>
| Shared page writing
+
| Shared page writing
 
|-
 
|-
| 4
+
| <code>4</code>
| Privilege priority
+
| Privilege priority
 
|-
 
|-
| 5
+
| <code>5</code>
| Allow main() args
+
| Allow <code>main()</code> args
 
|-
 
|-
| 6
+
| <code>6</code>
| Shared device mem
+
| Shared device memory
 
|-
 
|-
| 7
+
| <code>7</code>
| Runnable on sleep
+
| Runnable on sleep
 
|-
 
|-
| 8-11
+
| <code>8-11</code>
| Memory type (1: application, 2: system, 3: base)
+
| Memory type (1: application, 2: system, 3: base)
 
|-
 
|-
| 12
+
| <code>12</code>
| [[Memory_layout#NATIVE_FIRM.2FSAFE_MODE_FIRM_Userland_Memory|Special memory]]
+
| [[Memory_layout#NATIVE_FIRM.2FSAFE_MODE_FIRM_Userland_Memory|Special memory]]
 
|-
 
|-
| 13
+
| <code>13</code>
| Process has access to CPU core 2 (New3DS only)
+
| Process has access to CPU core 2 (New3DS only)
 
|}
 
|}
  
Line 487: Line 493:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Offset
+
! Offset
! Size
+
! Size
! Description
+
! Description
 
|-
 
|-
| 0x0
+
| <code>0x0</code>
| 0xF
+
| <code>15</code>
| Descriptors
+
| Descriptors
 
|-
 
|-
| 0xF
+
| <code>0xF</code>
| 0x1
+
| <code>1</code>
| ARM9 Descriptor Version. Originally this value had to be >=2. Starting with [[9.3.0-21|9.3.0-X]] this value has to be either value 2 or value 3.
+
| ARM9 Descriptor Version. Originally this value had to be 2. Starting with [[9.3.0-21|9.3.0-X]] this value has to be either value 2 or value 3.
 
|}
 
|}
  
Line 503: Line 509:
 
{| class="wikitable" border="1"
 
{| class="wikitable" border="1"
 
|-
 
|-
! Bit
+
! Bit
! Description
+
! Description
 
|-
 
|-
| 0
+
| <code>0</code>
| Mount [[Flash Filesystem|nand:/]]
+
| Mount [[Flash Filesystem|<code>nand:/</code>]]
 
|-
 
|-
| 1
+
| <code>1</code>
| Mount [[Flash Filesystem|nand:/ro/]] (Write Access)
+
| Mount [[Flash Filesystem|<code>nand:/ro/</code>]] (Write Access)
 
|-
 
|-
| 2
+
| <code>2</code>
| Mount [[Flash Filesystem|twln:/]]
+
| Mount [[Flash Filesystem|<code>twln:/</code>]]
 
|-
 
|-
| 3
+
| <code>3</code>
| Mount [[Flash Filesystem|wnand:/]]
+
| Mount [[Flash Filesystem|<code>wnand:/</code>]]
 
|-
 
|-
| 4
+
| <code>4</code>
| Mount Card SPI
+
| Mount card SPI
 
|-
 
|-
| 5
+
| <code>5</code>
| Use SDIF3
+
| Use SDIF3
 
|-
 
|-
| 6
+
| <code>6</code>
| Create Seed
+
| Create seed
 
|-
 
|-
| 7
+
| <code>7</code>
| Use Card SPI
+
| Use card SPI
 
|-
 
|-
| 8
+
| <code>8</code>
| SD Application (Not checked)
+
| SD application (Not checked)
 
|-
 
|-
| 9
+
| <code>9</code>
| Mount [[SD Filesystem|sdmc:/]] (Write Access)
+
| Mount [[SD Filesystem|sdmc:/]] (Write Access)
 
|}
 
|}

Revision as of 19:02, 15 June 2016

This page documents the format of the NCCH Extended Header, or exheader for short.

The exheader has two sections:

  • The actual exheader data, containing System Control Info (SCI) and Access Control Info (ACI);
  • A signed copy of NCCH HDR public key, and exheader ACI. This version of the ACI is used as limitation to the actual ACI.

Main Structure

All values are little endian unless otherwise specified.

See also: [1]

Offset Size Description
0x0 0x200 SCI
0x200 0x200 ACI
0x400 0x100 AccessDesc signature (RSA-2048-SHA256)
0x500 0x100 NCCH HDR RSA-2048 public key
0x600 0x200 ACI (for limitation of first ACI)

The AccessDesc signature covers the NCCH HDR public key and second ACI. The AccessDesc public key is initialised by the boot ROM.

When loading the exheader, Process9 compares the exheader data with the data in the AccessDesc (note that not everything is compared here). When these don't match, an error is returned. The Process9 code handling this validation was updated with v6.0; the only change in this function seems to be the check for the "Ideal processor" field.

System Control Info

Offset Size Description
0x0 0x8 Application title
0x8 0x5 Reserved
0xD 0x1 Flag (bit 0: CompressExefsCode, bit 1: SDApplication)
0xE 0x2 Remaster version
0x10 0xC Text code set info
0x1C 0x4 Stack size
0x20 0xC Read-only code set info
0x2C 0x4 Reserved
0x30 0xC Data code set info
0x3C 0x4 BSS size
0x40 0x180 (48*8) Dependency module (program ID) list
0x1C0 0x40 SystemInfo

Most of these fields are used in LOADER:LoadProcess.

Code Set Info

Offset Size Description
0x0 4 Address
0x4 4 Physical region size (in page-multiples)
0x8 4 Size (in bytes)

System Info

Offset Size Description
0x0 0x8 SaveData Size
0x8 0x8 Jump ID
0x10 0x30 Reserved

Access Control Info

Offset Size Description
0x0 0x170 ARM11 local system capabilities
0x170 0x80 ARM11 kernel capabilities
0x1F0 0x10 ARM9 access control

ARM11 Local System Capabilities

Offset Size Description
0x0 0x8 Program ID
0x8 0x4 Core version (The Title ID low of the required FIRM)
0xC 0x2 Flag1 and Flag2 (both implemented starting from 8.0.0-18).
0xE 0x1 Flag0
0xF 0x1 Priority
0x10 0x20 (16*2) Resource limit descriptors. The first byte here controls the maximum allowed CpuTime.
0x30 0x20 Storage info
0x50 0x100 (32*8) Service access control
0x150 0x10 (2*8) Extended service access control, support for this was implemented with 9.3.0-X.
0x160 0xF Reserved
0x16F 0x1 Resource limit category. (0 = APPLICATION, 1 = SYS_APPLET, 2 = LIB_APPLET, 3 = OTHER (sysmodules running under the BASE memregion))

Flag0

Bits Description
0-1 Ideal processor
2-3 Affinity mask
4-7 System mode

In the exheader data, the ideal processor field is a bit-index, while in the AccessDesc the ideal processor field is a bitmask. When the bit specified by the exheader field is not set in the AccessDesc field, an error is returned.

if((1 << exheaderval) & accessdescval == 0) return error

During a FIRM-launch when a TitleInfo structure was specified, the field at offset 0x400 in the FIRM-launch parameters is set to the SystemMode of the specified title, however in some cases other values are written there. With 8.0.0-18 NS will now check the output of PTMSYSM command 0x040A0000, when the output is non-zero and a certain NS state field is value-zero, the following is executed otherwise this is skipped. With that check passed on 8.0.0-18, NS will then check (Flag2 & 0xF). When that is value2, the output value (used for the FIRM-launcher parameter field mentioned above) is set to value7. Otherwise, when that value is non-zero, the output value is set to 6.

Flag1

Bits Description
0 EnableL2Cache (Unknown what this actually does, New3DS-only presumably)
1 cpuspeed_804MHz (Default "cpuspeed" when not set)
2-7 Unused

In order for the exheader to have any of the above new bits set, the AccessDesc must have the corresponding bit set, otherwise the invalid-exheader error is returned.

Homebrew which runs under a title which has the above cpuspeed flag set, runs much faster on New3DS. It's unknown how exactly the system handles these flags.

When launching titles / perhaps other things with APT, NS uses PTMSYSM:ConfigureNew3DSCPU with data which originally came from these flags; NS does this regardless of what the running 3DS system is. However, due to a bug(?) in NS the value sent to that command is always either 0x0 or 0x3. When calculating that value, the code only ever uses the cpuspeed field, not the cache field: code to actually load and check the value of the cache field appears to be missing.

Flag2

Bit Description
0-3 Unknown
4-7 Unused

The exheader value for the above 4-bit value must be ≤ to the AccessDesc value, otherwise the invalid-exheader error is returned.

Storage Info

Used in FSReg:Register.

Offset Size Description
0x0 8 Extdata ID
0x8 8 System savedata IDs
0x10 8 Storage accessible unique IDs
0x18 7 Filesystem access info
0x1F 1 Other attributes

File System Access Info:

Bit and bitmask Description
0, 0x1 Category system application
1, 0x2 Category hardware check
2, 0x4 Category filesystem tool
3, 0x8 Debug
4, 0x10 TWL card backup
5, 0x20 TWL NAND data
6, 0x40 BOSS
7, 0x80 sdmc:/
8, 0x100 Core
9, 0x200 nand:/ro/ (Read Only)
10, 0x400 nand:/rw/
11, 0x800 nand:/ro/ (Write Access)
12, 0x1000 Category system settings
13, 0x2000 Cardboard
14, 0x4000 Export/Import IVS
15, 0x8000 sdmc:/ (Write-only)
16, 0x10000 Switch cleanup (Introduced in 3.0.0?)
17, 0x20000 Savedata move (Introduced in 5.0.0)
18, 0x40000 Shop (Introduced in 5.0.0)
19, 0x80000 Shell (Introduced in 5.0.0)
20, 0x100000 Category home menu (Introduced in 6.0.0)
21, 0x200000 Seed DB. Introduced in 9.6.0-X FIRM. Home Menu has this bit set starting with 9.6.0-X.

Other Attributes

Bit Description
0 Not use ROMFS
1 Use Extended savedata access.

When this is set, the "Extdata ID" and "Storage Accessable Unique IDs" regions are used to store a total of 6 "Accessible Save IDs". Introduced in 6.0.0.

Service Access Control

This is the list of services which the process is allowed to access, this is registered with the services manager. Each service listed in the exheader must be listed in the AccessDesc, otherwise the invalid exheader error is returned. The order of the services for exheader/AccessDesc doesn't matter. The AccessDesc can list services which are not in the exheader, but normally the service-access-control data for exheader/AccessDesc are exactly the same.

This list is submitted to SRVPM:RegisterProcess.

ARM11 Kernel Capabilities

The kernel capability descriptors are passed to svcCreateProcess.

Offset Size Description
0x0 0x70 (28*4) Descriptors
0x70 0x10 Reserved

There are different descriptor types, determined by the number of leading ones in the binary value representation of bits 20-31. The different types are laid out as follows:

Pattern of bits 20-31 Type Fields
0b1110xxxxxxxx Interrupt info
0b11110xxxxxxx System call mask Bits 24-26: System call mask table index; Bits 0-23: mask
0b1111110xxxxx Kernel release version Bits 8-15: Major version; Bits 0-7: Minor version
0b11111110xxxx Handle table size Bits 0-18: size
0b111111110xxx Kernel flags See below
0b11111111100x Mapping static address
0b111111111110 Mapping IO address Bits 0-19: IO page index to map; Bit 20: Map read-only (otherwise read-write)

ARM11 Kernel Flags

Bit Description
0 Allow debug
1 Force debug
2 Allow non-alphanum
3 Shared page writing
4 Privilege priority
5 Allow main() args
6 Shared device memory
7 Runnable on sleep
8-11 Memory type (1: application, 2: system, 3: base)
12 Special memory
13 Process has access to CPU core 2 (New3DS only)

ARM9 Access Control

Offset Size Description
0x0 15 Descriptors
0xF 1 ARM9 Descriptor Version. Originally this value had to be ≥ 2. Starting with 9.3.0-X this value has to be either value 2 or value 3.

Descriptors:

Bit Description
0 Mount nand:/
1 Mount nand:/ro/ (Write Access)
2 Mount twln:/
3 Mount wnand:/
4 Mount card SPI
5 Use SDIF3
6 Create seed
7 Use card SPI
8 SD application (Not checked)
9 Mount sdmc:/ (Write Access)