WiiBrew

Changes

/dev/di (view source)

Revision as of 02:38, 22 December 2019

3,242 bytes added ,  02:38, 22 December 2019
β†’β€ŽVersion history: Prelaunch versions, which have a few differences
Line 76: Line 76:  
== Version history ==
 
== Version history ==
   βˆ’
There are '''10''' known versions of the DI driver found in various [[IOS History|IOS versions]], based on the IOS versions still present on NUS.  These are generalized into 5 version families, based on observable behavior (this is not strictly chronological, presumably as Nintendo was working on multiple versions with the same features at the same time).  It is quite likely that there are additional changes not noted here.
+
There are '''12''' known versions of the DI driver found in various [[IOS History|IOS versions]], based on the IOS versions still present on NUS.  These are generalized into 5 version families, based on observable behavior (this is not strictly chronological, presumably as Nintendo was working on multiple versions with the same features at the same time).  It is quite likely that there are additional changes not noted here.
    
The DI driver includes a full set of [[:/dev/es|ES]] IoctlV wrappers, although it only uses ES_DiVerify and ES_DiVerifyWithTicketView.  It also includes instructions for all [[syscalls]], even though most are not used.  Both of those change across versions, even though those differences do not actually show up in practice.
 
The DI driver includes a full set of [[:/dev/es|ES]] IoctlV wrappers, although it only uses ES_DiVerify and ES_DiVerifyWithTicketView.  It also includes instructions for all [[syscalls]], even though most are not used.  Both of those change across versions, even though those differences do not actually show up in practice.
Line 99: Line 99:  
  ! <abbr title="Present in the latest version of at least one IOS version">Live</abbr>
 
  ! <abbr title="Present in the latest version of at least one IOS version">Live</abbr>
 
  |-
 
  |-
βˆ’
  | [[#Group A|A]]
+
  |rowspan="3"| [[#Group A|A]]
βˆ’
  |data-sort-value="1160070081"| [[#Oct  5 2006 17:41:21|Oct  5 2006 17:41:21]]
+
  |data-sort-value="1155209090"| [[#Aug 10 2006 11:24:50|Aug 10 2006 11:24:50]]
βˆ’
  | {{Yes}}
+
  |rowspan="2" {{Yes2}} Yes
 +
|rowspan="3" {{No}}
 
  | {{No}}
 
  | {{No}}
 +
|rowspan="3" {{No}}
 +
|rowspan="3" {{No}}
 +
|rowspan="3" {{No}}
 +
|rowspan="3" {{No}}
 +
|rowspan="3" {{No}}
 +
|rowspan="3" {{No}}
 +
|rowspan="3" {{No}}
 +
|rowspan="3" {{No}}
 +
| 0x73
 +
| 0x2f
 
  | {{No}}
 
  | {{No}}
 +
|-
 +
|data-sort-value="1155490424"| [[#Aug 13 2006 17:33:44|Aug 13 2006 17:33:44]]
 +
|rowspan="2" {{No2}} No
 +
|rowspan="2"| 0x74
 +
|rowspan="2"| 0x31
 
  | {{No}}
 
  | {{No}}
βˆ’
  | {{No}}
+
  |-
βˆ’
  | {{No}}
+
  |data-sort-value="1160070081"| [[#Oct 5 2006 17:41:21|Oct 5 2006 17:41:21]]
βˆ’
| {{No}}
+
  | {{Yes}}
βˆ’
| {{No}}
  βˆ’
  | {{No}}
  βˆ’
  | {{No}}
  βˆ’
  | {{No}}
  βˆ’
| 0x74
  βˆ’
| 0x31
   
  | {{Yes}}
 
  | {{Yes}}
 
  |-
 
  |-
Line 209: Line 219:     
Furthermore, the IOSC [[syscalls]] seem to have weird IDs shifted up by 2; IOSC_Decrypt (used by AESdecryptHW) is 0x69 instead of 0x6b, IOSC_GenerateHash is 0x65 instead of 0x67, and IOSC_DeleteObject is 0x5a instead of 0x5c.  Presumably, later versions added two syscalls before these{{check}} (and after 0x52, as that syscall has the same ID in later versions).
 
Furthermore, the IOSC [[syscalls]] seem to have weird IDs shifted up by 2; IOSC_Decrypt (used by AESdecryptHW) is 0x69 instead of 0x6b, IOSC_GenerateHash is 0x65 instead of 0x67, and IOSC_DeleteObject is 0x5a instead of 0x5c.  Presumably, later versions added two syscalls before these{{check}} (and after 0x52, as that syscall has the same ID in later versions).
 +
 +
For the sake of organization, prelaunch versions are also listed here, although they have slight differences.
 +
 +
==== Aug 10 2006 11:24:50 ====
 +
 +
Found in [[IOS4]] v3 in the [[Prelaunch System Menu|insert startup disc]] Wii's NAND.  Not available on NUS.
 +
 +
[[#0x8D DVDLowUnencryptedRead|0x8D]] can only be used with start and end offsets between 0x10000 and 0x14001 or bytes 0x40000 through 0x50003.  The size alignment check means this doesn't actually allow reading more bytes past the end.  This means that the PPC would only have access to the [[Wii Disc]]'s partitions information and such, and not header bytes beyond 0x20 (the first 0x20 bytes are accessible through [[#0x70 DVDLowReadDiskID|0x70 DVDLowReadDiskID]]), i.e. the game title and encryption information cannot be accessed.
 +
 +
{| class="wikitable"
 +
! MD5
 +
| colspan="3"| 43575ada3e27b20543fc13be1395800e
 +
|-
 +
! Thing
 +
! Virtual address
 +
! Physical address
 +
! Size
 +
|-
 +
| Code (and entry point)
 +
| 20200000
 +
| 13580000
 +
| 0x6540
 +
|-
 +
| Data (ES vars)
 +
| 20207000
 +
| 13587000
 +
| 0x140
 +
|-
 +
| BSS (zero'd)
 +
| 20208000
 +
| 13588000
 +
| 0x2BE08
 +
|-
 +
| Stack
 +
| 2022bd40
 +
| ?
 +
| 0x8000
 +
|-
 +
| Protected heap
 +
| 20208020
 +
| ?
 +
| 0x4000
 +
|-
 +
| Open heap
 +
| 13400000
 +
| ?
 +
| 0x18000
 +
|}
 +
 +
==== Aug 13 2006 17:33:44 ====
 +
 +
Found in [[IOS9]] v1 in the [[Prelaunch System Menu|insert startup disc]] Wii's NAND.  Not available on NUS.
 +
 +
A hash error in doBlockRead ("Data failed to verify against H0 Hash"/"H0 Hashes failed to verify"/"H1 Hashes failed to verify"/"H2 Hashes failed to verify") or openPartition ("Verifying H3 hashes against H4 hash failed") results in a security error being returned, instead of diFatalError being called.
 +
 +
[[#0x8D DVDLowUnencryptedRead|0x8D]] now is able to access data between 0 and 0x14000.
 +
 +
In this version only, [[#0x71 DVDLowRead|0x71 DVDLowRead]] can be used with non-secure discs, simply calling doRawDiskRead.  In versions both before and after, attempting to do this returns a security error.
 +
 +
Added ES wrappers:
 +
* ES_Sign (0x30, at 202045e0)
 +
* ES_VerifySign (0x31, at 20204650)
 +
 +
{| class="wikitable"
 +
! MD5
 +
| colspan="3"| 43d861243ca8ae5370b08e810566bc06
 +
|-
 +
! Thing
 +
! Virtual address
 +
! Physical address
 +
! Size
 +
|-
 +
| Code (and entry point)
 +
| 20200000
 +
| 13580000
 +
| 0x670C
 +
|-
 +
| Data (ES vars)
 +
| 20207000
 +
| 13587000
 +
| 0x140
 +
|-
 +
| BSS (zero'd)
 +
| 20208000
 +
| 13588000
 +
| 0x2BE08
 +
|-
 +
| Stack
 +
| 2022bd40
 +
| ?
 +
| 0x8000
 +
|-
 +
| Protected heap
 +
| 20208020
 +
| ?
 +
| 0x4000
 +
|-
 +
| Open heap
 +
| 13400000
 +
| ?
 +
| 0x18000
 +
|}
    
==== Oct  5 2006 17:41:21 ====
 
==== Oct  5 2006 17:41:21 ====
    
Used in monolithic IOS versions (those prior to IOS28, obviously excluding stubbed IOS versions).  As these versions have only a single ELF file for all modules, there is no single hash for the DI driver.
 
Used in monolithic IOS versions (those prior to IOS28, obviously excluding stubbed IOS versions).  As these versions have only a single ELF file for all modules, there is no single hash for the DI driver.
 +
 +
The main thread's priority is now 0x54 instead of 0x50.  DVDLowReset now also skips the check for clearing the drive error (in addition to DVDLowRequestError).
 +
 +
openPartition now allocates and reads 0x2c0 bytes for the [[Wii Disc#Partition|partition]] (instead of 0x2bc bytes), meaning the "Data size >> 2" field was not read before.
    
{| class="wikitable"
 
{| class="wikitable"
Pokechu22
303

edits

Retrieved from "https://wiibrew.org/wiki/Special:MobileDiff/108133"