NS and APT Services

Revision as of 01:45, 12 April 2014 by Yellows8 (talk | contribs)

The NS (Nintendo User Interface Shell) system module is the first module launched from a CTR-NAND title after the FIRM processes are loaded. This module is launched by the pm process, with the titleID loaded from NS state(hard-coded TID initialized during applet TID-array initialization). NS first launches ErrDisp, then the menu. On retail the menu TID is loaded from NS state, while on dev/debug the menu TID is loaded from config. On dev-units if the menu TID block doesn't exist in config, NS will attempt to launch the alternate menu instead. The TID of the launched menu is then written to ACTIVEMENUTID. NS uses pm:app to launch titles.

NS will not trigger the fatal-error screen when launching the regular/alternate menu fails.

Like home menu NS is constantly running while the system is in 3DS-mode. When attempting to return to home-menu when the home-menu process isn't running(like when the process terminated/crashed), NS will trigger a fatal error.

Alternate menu

When launching the regular menu fails, NS will then attempt to launch the alternate menu. This title could be used as a recovery process, however it's normally not used after the factory. This title is used at the factory for installing system titles, this title seems to be installed from a factory gamecard. This installer title likely deletes itself from NAND once it's finished installing titles.

On development Units, this is the Test Menu, and isn't deleted after being setup at factory.

Auto-boot

After loading FIRM params and prior to launching ErrDisp/Home Menu, NS handles auto-booting titles. The same code called by APT:Reboot is used for launching FIRM here. When the UPDATEFLAG is set, NS will launch SAFE_MODE_FIRM with the application titleID set to the System Updater titleID for this region. When the UPDATEFLAG is not set, NS can auto-boot the following titles as well if 0x1FF80016 bit0 is set.

When bit1 and bit2 are value zero in 0x1FF80016, NS will launch the title specified by the FIRM parameters if the title-info is set. This FIRM launch is done after launching ErrDisp and Home Menu. Otherwise when 0x1FF80016 is value 2 and the output u8 from PTMSYSM command 0x08140000 is value 0, NS will boot the title specified from the TWL TLNC block from FIRMparams+0x300. This is the same TLNC block which DSi titles wrote to RAM+0x300 for launching other titles via the launcher title. When handling the TLNC block, NS will boot the 3DS System Settings title when the TLNC titleID is the DSi System Settings titleID(the region field in the TLNC TID is not checked/used). When the TLNC titleID is not System Settings, NS will convert the input DSi titleID-high to the 3DS TWL titleID-high(tidhigh = (TLNCtidhigh & 0x7FFF) | 0x48000), then launch TWL_FIRM to run the title. NS does not support launching from gamecard via TLNC.

NS Workaround

A "ns_workaround" was added in NS to workaround the flaw added with 5.0.0-11. When NS is loading before launching any ARM11 processes and certain Configuration Memory fields are set, NS will launch AM then use command AM:InstallNATIVEFIRM. NS will then execute the code called by APT:StartNewestHomeMenu, the code related to APT:PrepareToStartNewestHomeMenu is not executed here.

NS will only execute this code-path when 0x1FF80016 is value zero, when KERNEL_VERSIONMAJOR is value 2, and when KERNEL_VERSIONMINOR is less than 35. Therefore, this code-path is only executed when the running NATIVE_FIFM version is prior to 5.0.0-11.

NS Service "ns:s"

Command Header Available since system version Description
0x0001.... 1.0.0-0 - 2.0.0-2 LaunchFIRM
0x000200C0 1.0.0-0 - 2.0.0-2 LaunchTitle
0x0003.... 1.0.0-0 - 2.0.0-2 Wrapper for PMApp command 0x00030080.
0x0004.... 1.0.0-0 - 2.0.0-2 Wrapper for PMApp command 0x000500C0.
0x000500C0 1.0.0-0 - 2.0.0-2 LaunchApplicationFIRM
0x00060042 1.0.0-0 - 2.0.0-2 SetFIRMParams4A0
0x00070042 1.0.0-0 - 2.0.0-2 This does initialization for the gamecard system update. Then this checks whether this gamecard system-update needs to be installed, by comparing the title-version of the CVer CIA stored in the system-update CFA with the title-version of the CVer title already installed in NAND.
0x00080000 1.0.0-0 - 2.0.0-2 This shuts down the gamecard system update interface: the shared memory is unmapped, the CFA archive is closed, state is cleared, etc.
0x0009.... 1.0.0-0 - 2.0.0-2 Gamecard system update related.
0x000A.... 1.0.0-0 - 2.0.0-2 Gamecard system update related.
0x000B.... 1.0.0-0 - 2.0.0-2 Gamecard system update related.
0x000C.... 1.0.0-0 - 2.0.0-2 Gamecard system update related.
0x000D.... 1.0.0-0 - 2.0.0-2 SetFIRMParams4B0
0x000E.... 1.0.0-0 - 2.0.0-2 Wrapper for "ptm:sysm" service command 0x040700C0.
0x000F.... 1.0.0-0 - 2.0.0-2 ?
0x00100180 1.0.0-0 - 2.0.0-2 RebootSystem
0x0011.... 1.0.0-0 - 2.0.0-2 TerminateProcessTID
0x0012.... ? ?
0x0013.... ? ?
0x0014.... ? ?
0x0015.... ? ?

The maximum sessions that can be used with this service is two, therefore only two processes can use this service at the same time.

APT Services

Command Header Available since system version Accessible with APT:U Description
0x00010040 Yes GetLockHandle
0x00020080 See here. Initialize
0x00030040 Yes Enable
0x00040040 Yes Finalize
0x00050040 Yes GetAppletManInfo
0x00060040 Yes GetAppletInfo
0x00070000 Yes GetLastSignaledAppletId
0x00080000 Yes CountRegisteredApplet
0x00090040 Yes IsRegistered
0x000A0040 Yes GetAttribute
0x000B0040 Yes InquireNotification
0x000C0104 Yes SendParameter
0x000D0080 Yes ReceiveParameter
0x000E0080 Yes GlanceParameter
0x000F0100 Yes CancelParameter
0x001000C2 Yes DebugFunc
0x001100C0 Yes MapProgramIdForDebug
0x00120040 Yes SetHomeMenuAppletIdForDebug
0x00130000 Yes GetPreparationState
0x00140040 Yes SetPreparationState
0x00150140 No PrepareToStartApplication
0x00160040 Yes PreloadLibraryApplet
0x00170040 Yes FinishPreloadingLibraryApplet
0x00180040 Yes PrepareToStartLibraryApplet
0x00190040 Yes PrepareToStartSystemApplet
0x001A0000 Yes PrepareToStartNewestHomeMenu
0x001B00C4 Yes StartApplication
0x001C0000 Yes WakeupApplication
0x001D0000 Yes CancelApplication
0x001E0084 Yes StartLibraryApplet
0x001F0084 Yes StartSystemApplet
0x00200044 Yes StartNewestHomeMenu
0x00210000 No OrderToCloseApplication
0x00220040 Yes PrepareToCloseApplication
0x00230040 Yes PrepareToJumpToApplication
0x00240044 Yes JumpToApplication
0x002500C0 Yes PrepareToCloseLibraryApplet
0x00260000 Yes PrepareToCloseSystemApplet
0x00270044 Yes CloseApplication
0x00280044 Yes CloseLibraryApplet
0x00290044 Yes CloseSystemApplet
0x002A0000 Yes OrderToCloseSystemApplet
0x002B0000 Yes PrepareToJumpToHomeMenu
0x002C0044 Yes JumpToHomeMenu
0x002D0000 Yes PrepareToLeaveHomeMenu
0x002E0044 Yes LeaveHomeMenu
0x002F0040 Yes PrepareToLeaveResidentApplet
0x00300044 Yes LeaveResidentApplet
0x00310100 Yes PrepareToDoApplicationJump
0x00320084 Yes DoApplicationJump
0x00330000 Yes GetProgramIdOnApplicationJump
0x00340084 Yes SendDeliverArg
0x00350080 Yes ReceiveDeliverArg
0x00360040 Yes LoadSysMenuArg
0x00370042 Yes StoreSysMenuArg
0x00380040 Yes PreloadResidentApplet
0x00390040 Yes PrepareToStartResidentApplet
0x003A0044 Yes StartResidentApplet
0x003B0040 Yes CancelLibraryApplet
0x003C0042 Yes SendDspSleep
0x003D0042 Yes SendDspWakeUp
0x003E0080 Yes ReplySleepQuery
0x003F0040 Yes ReplySleepNotificationComplete
0x00400042 Yes SendCaptureBufferInfo
0x00410040 Yes ReceiveCaptureBufferInfo
0x00420080 Yes SleepSystem
0x00430040 Yes NotifyToWait
0x00440000 Yes GetSharedFont
0x00450040 Yes GetWirelessRebootInfo
0x00460104 Yes Wrap
0x00470104 Yes Unwrap
0x00480100 No GetProgramInfo
0x00490180 No Reboot
0x004A0040 Yes GetCaptureInfo
0x004B00C2 Yes AppletUtility
0x004C0000 Yes SetFatalErrDispMode
0x004D0080 Yes GetAppletProgramInfo
0x004E0000 Yes HardwareResetAsync
0x004F.... ? ? ?
0x0050.... ? ? ?
0x0051.... ? ? ?
0x0052.... ? ? ?
0x0053.... ? ? ?
0x00540040 5.0.0-11 ? ?

These "APT:U" and "APT:S" NS services can handle launching titles/"applets", these services handle signaling for home/power button as well. Only one session for either APT service can be open at a time, normally processes close the service handle immediately once finished using the service. The commands for APT:U and APT:S are exactly the same, however certain commands are only accessible with APT:S(NS module will call svcBreak when the command isn't accessible).

Applets returning to home-menu first use commands APT:PrepareToJumpToHomeMenu and APT:JumpToHomeMenu, followed by these commands to launch home-menu: APT:PrepareToStartSystemApplet and APT:StartSystemApplet. APT:PrepareToStartSystemApplet and APT:StartSystemApplet are also used for launching the Internet Browser, the camera applet, etc.

Processes launch applications via home-menu, not directly with APT:PrepareToStartApplication and APT:StartApplication. Regular applications can't directly launch applications since APT:StartApplication launches the process without terminating the currently running application.

APT:PrepareToDoApplicationJump and APT:DoApplicationJump are used for launching applications(CTR/TWL applications, etc), for non-NATIVE_FIRM titles this does a FIRM launch.

AppIDs

AppID Description
0x101 Home Menu
0x103 Alternate Menu
0x110 Camera applet
0x112 Friends List applet
0x113 Game Notes applet
0x114 Internet Browser
0x115 Instruction Manual applet
0x116 Notifications applet
0x117 Miiverse("olv") applet
0x201 Software Keyboard (swkbd)
0x202 appletEd
0x204 PNOTE_AP
0x205 SNOTE_AP
0x206 error
0x207 mint
0x208 extrapad
0x209 memolib
0x300 Application
0xF10 ProgramID: 0004003000008900.
0xF11 ProgramID: 000400000FFFFD00.
0xF12 ProgramID: 000400000FFFFC00.
0xF13 ProgramID: 000400000FFFFB00.
0xF14 ProgramID: 000400000FFFF900.
0xF15 ProgramID: 000400000FFFF800.
0xF16 ProgramID: 000400000FFFF700.
0xF17 ProgramID: 000400000FFFF600.
0xF18 ProgramID: 000400000FFFF500.

These AppIDs are all for NAND titles, except for 0x300. AppIDs in the 0x1XX range are applets(programID-high 00040030), and the AppIDs in the 0x2XX range are "system libraries"(programID-high 00040030). The 0xFXX AppID range is for development NAND applications, these are not available for retail.

Note that at some point the total AppID entry count was changed from 28 to 27.