Flash Filesystem

From 3dbrew
Revision as of 05:10, 23 August 2012 by Yellows8 (talk | contribs)
Jump to navigation Jump to search

The Nintendo 3DS has a 1GB NAND Flash chip.

Format

The format of the Nintendo 3DS's flash filesystem is currently undocumented. Reading of the flash chip is possible through pinouts on the motherboard and has been performed successfully but the data is encrypted and can't be understood without first decrypting it.

Encryption

The NAND file system is encrypted using AES-CTR. The TWL regions of NAND use the TWL NAND keyslot, while the CTR regions use the CTR NAND keyslot. The TWL/CTR NAND regions are specified by the NCSD header.

Partitions

Name Offset Size Description
firm0 Firmware partition.
firm1 Firmware partition.
nand CTR-NAND FAT File System. (3DS)
twln 0x00012E00 0x08FB5200 TWL-NAND FAT16 File System. (DSi)
twlp 0x09011A00 0x020B6600 TWL-NAND PHOTO FAT12 File System. (DSi)

3DS TWL NAND FAT partitions has FAT volume name "TWL", for CTR FAT partitions this is "CTR". The offset/size for TWL partitions are stored in the MBR partition table, while the CTR partition table info is stored in the NAND NCSD header.

None of the above physical NAND partitions are normally accessible from the ARM11, except for twlp. CTR/TWL NAND can only be accessed when the exheader access control descriptor for those are enabled. Normally the CTR/TWL NAND descriptors are never enabled for retail ARM11 CXI processes. The ARM11 can only access "nand:/rw/" mounted as the nandrw archive, and "nand:/ro/" mounted as the nandro archive below.

CTR partition

The structure of nand/title appears to be exactly the same as SD. The structure of nand/extdata appears to be exactly the same as SD and contains shared extdata.

The "nandrw" archive is mounted at "nand:/rw/", while the "nandro" archive is mounted at "nand:/ro/".

TWL partition

The structure of these TWL partitions is mostly the same as DSi, except tickets are stored in the CTR FAT FS. The twlp partition is exactly the same as DSi. The structure of twln/title is exactly the same as CTR NAND/SD, except the .cmd file is a cleartext file. The data directory under system titles' /title directory does not exist, this likely only exists for DSiWare. The directory names titleID-High used under twln/title is from DSi.