Overview

This page documents the format of the NCCH Extended Header (exheader for short).

The exheader, has two sections:

  • The actual exheader data, containing System Control Info and Access Control Info,
  • And a signed copy of NCCH HDR public key, and exheader Access Control Info. (This version of the Access Control Info is used as limitation to the actual Access Control Info)

Main Structure

All values are little endian unless otherwise specified.

Offset Size Description
0x0 0x200 System Control Info
0x200 0x200 Access Control Info
0x400 0x100 AccessDesc Signature (RSA-2048-SHA256)
0x500 0x100 NCCH Hdr RSA-2048 Public Key
0x600 0x200 Access Control Info (For limitation of first Access Control Info)

The AccessDesc Signature covers the NCCH Hdr Public Key and second Access Control Info. The AccessDesc public key is initialised by the bootrom.

When loading the exheader, Process9 compares the exheader data with the data in the accessdesc(note that not everything is compared here). When these don't match, an error is returned. The Process9 code handling this validation was updated with v6.0(the only change in this function seems to be the check for the "Ideal Processor" field).

System Control Info

Offset Size Description
0x0 0x8 Application Title
0x8 0x5 Reserved
0xD 0x1 Flag (Bit0: CompressExefsCode, Bit1: SDApplication)
0xE 0x2 Remaster Version
0x10 0xC Text Code Set Info
0x1C 0x4 Stack Size
0x20 0xC ReadOnly Code Set Info
0x2C 0x4 Reserved
0x30 0xC Data Code Set Info
0x3C 0x4 BSS Size
0x40 0x180 (48*8) Dependency Module (Program ID) List
0x1C0 0x40 SystemInfo

Code Set Info

Offset Size Description
0x0 0x4 Address
0x4 0x4 Physical region size (in page-multiples)
0x8 0x4 Size (in bytes)

System Info

Offset Size Description
0x0 0x8 SaveData Size
0x8 0x8 Jump ID
0x10 0x30 Reserved

Access Control Info

Offset Size Description
0x0 0x170 ARM11 Local System Capabilities
0x170 0x80 ARM11 Kernel Capabilities
0x1F0 0x10 ARM9 Access Control

ARM11 Local System Capabilities

Offset Size Description
0x0 0x8 Program ID
0x8 0x4 Core Version (The Title ID low of the required FIRM)
0xC 0x2 Reserved
0xE 0x1 Flag0
0xF 0x1 Priority
0x10 0x20 (16*2) Resource Limit Descriptors
0x30 0x20 Storage Info
0x50 0x100 (32*8) Service Access Control
0x150 0x1F Reserved
0x16F 0x1 Resource Limit Category. (0 = APPLICATION, 1 = SYS_APPLET, 2 = LIB_APPLET, 3 = OTHER)

Flag0

This stores the System Mode, Affinity Mask and Ideal Processor values in one byte. They are stored as follows:

u8 Flag0 = (SystemMode << 4 | AffinityMask << 2 | IdealProcessor);

And can be retrieved as follows:

u8 SystemMode = (Flag0>>4)&0xF;
u8 AffinityMask = (Flag0>>2)&0x3;
u8 IdealProcessor = (Flag0>>0)&0x3;

In the exheader data, the IdealProcessor field is a bit-index, while in the accessdesc the IdealProcessor field is a bitmask. When the bit specified by the exheader field is not set in the accessdesc field, an error is returned. "if((1<<exheaderval) & accessdescval == 0)return error"

Storage Info

Offset Size Description
0x0 0x8 Extdata ID
0x8 0x8 System Save Data Ids
0x10 0x8 Storage Accessable Unique Ids
0x18 0x7 File System Access Info
0x1F 0x1 Other Attributes

File System Access Info:

Bit Description
0 Category System Application
1 Category Hardware Check
2 Category File System Tool
3 Debug
4 TWL Card Backup
5 TWL Nand Data
6 BOSS
7 sdmc:/
8 Core
9 nand:/ro/ (Read Only)
10 nand:/rw/
11 nand:/ro/ (Write Access)
12 Category System Settings
13 Card Board
14 Export Import IVS
15 sdmc:/ (Write-only)
16 Switch Cleanup (Introduced in 3.0.0?)
17 Save Data Move (Introduced in 5.0.0)
18 Shop (Introduced in 5.0.0)
19 Shell (Introduced in 5.0.0)
20 Category HomeMenu (Introduced in 6.0.0)

Other Attributes:

Bit Description
0 Not use RomFS
1 Use Extended Save Data Access. When this is set, the Extdata ID and Storage Accessable Unique Ids regions are used to store a total of 6 Accessible Save Ids. Introduced in 6.0.0.


Service Access Control

This is the list of services which the process is allowed to access, this is registered with the services manager. Each service listed in the exheader must be listed in the accessdesc, otherwise the invalid exheader error is returned. The order of the services for exheader/accessdesc doesn't matter. The accessdesc can list services which are not in the exheader, but normally the service-access-control data for exheader/accessdesc are exactly the same.

ARM11 Kernel Capabilities

Offset Size Description
0x0 0x70 (28*4) Descriptors
0x70 0x10 Reserved

ARM9 Access Control

Offset Size Description
0x0 0xF Descriptors
0xF 0x1 ARM9 Descriptor Version

Descriptors:

Bit Description
0 Mount nand:/
1 Mount nand:/ro/ (Write Access)
2 Mount twln:/
3 Mount wnand:/
4 Mount Card SPI
5 Use SDIF3
6 Create Seed
7 Use Card SPI
8 SD Application (Not checked)
9 Mount sdmc:/ (Write Access)