Changes

4,227 bytes added , 05:48, 22 February 2022

section on input structure and possible explanation for 6-24 error

Line 3: Line 3:

'''/dev/di''' is the [[IOS]] driver used to control the disc drive. This documentation is mostly based on the most recent version (dated Jun 3 2009 07:49:09 and included in [[IOS58]] and [[IOS80]]). Names are based on function names found in Nintendo titles (which print an error message including the name if the Ioctl or Ioctlv fails). DVDLowRequestAudioStatus and DVDLowAudioStream are not found in Wii titles, but the names can be found in [https://wiki.dolphin-emu.org/index.php?title=Ships_with_Debugging_Symbols debug symbols included in various Gamecube games].

+

== Input structure ==

The input to all /dev/di commands (other than enable DVD video) is the following struct, which must be sized 0x20 and aligned 4:

Line 23: Line 24:

(DiIoctl) Note: This is normal for DVD software before 6-24

</pre></blockquote>

+

This probably means IOCTL numbers were created on June 24th of some year.

== Return values ==

Line 76: Line 79:

== Version history ==

−

There are '''12''' known normal versions (along with '''9''' [[#vWii note|matching vWii versions]]) of the DI driver found in various [[IOS History|IOS versions]], based on the IOS versions ~~still~~ present on NUS. These are generalized into 5 version families, based on observable behavior (this is not strictly chronological, presumably as Nintendo was working on multiple versions with the same features at the same time). It is quite likely that there are additional changes not noted here.

+

There are '''14''' known normal versions (along with '''9''' [[#vWii note|matching vWii versions]]) of the DI driver found in various [[IOS History|IOS versions]], based on the IOS versions present on NUS and those found on various game discs. These are generalized into 5 version families, based on observable behavior (this is not strictly chronological, presumably as Nintendo was working on multiple versions with the same features at the same time). It is quite likely that there are additional changes not noted here.

The DI driver includes a full set of [[:/dev/es|ES]] IoctlV wrappers, although it only uses ES_DiVerify and ES_DiVerifyWithTicketView. It also includes instructions for all [[syscalls]], even though most are not used. Both of those change across versions, even though those differences do not actually show up in practice.

Line 129: Line 132:

|data-sort-value="z" {{Partial|vWii}}

|-

−

| [[#Group B|B]]

+

|rowspan="2"| [[#Group B|B]]

|data-sort-value="1181326629"| [[#Jun 8 2007 18:17:09|Jun 8 2007 18:17:09]]

−

| {{Yes}}

+

|rowspan="2" {{Yes}}

+

|rowspan="2" {{No}}

+

|rowspan="2" {{Yes}}

+

|rowspan="2" {{Yes}}

+

|rowspan="2" {{Yes}}

+

|rowspan="2" {{Yes}}

+

|rowspan="2" {{Yes}}

+

|rowspan="2" {{Yes}}

+

|rowspan="2" {{Yes}}

+

|rowspan="2" {{No}}

+

|rowspan="2" {{No}}

+

|rowspan="2" data-sort-value="118"| 0x76

+

|rowspan="2" data-sort-value="61" | 0x3d

| {{No}}

−

| ~~{{Yes}}~~

+

|-

−

~~| {{Yes}}~~

+

|data-sort-value="1181326810"| [[#Jun 8 2007 18:20:10|Jun 8 2007 18:20:10]]

−

~~| {{Yes}}~~

−

~~| {{Yes}}~~

−

~~| {{Yes}}~~

−

~~| {{Yes}}~~

−

~~| {{Yes}}~~

−

~~| {{No}}~~

−

~~| {{No}}~~

−

|data-sort-value="~~118~~"| ~~0x76~~

−

|~~data-sort-value="61" | 0x3d~~

| {{No}}

|-

Line 207: Line 213:

|data-sort-value="z" {{Partial|vWii}}

|-

−

|rowspan="6" | [[#Group E|E]]

+

|rowspan="7" | [[#Group E|E]]

|data-sort-value="1227541149"| [[#Nov 24 2008 15:39:09|Nov 24 2008 15:39:09]]

−

|rowspan="6" {{No}}

+

|rowspan="7" {{No}}

−

|rowspan="6" {{Yes}}

+

|rowspan="7" {{Yes}}

−

|rowspan="6" {{Yes}}

+

|rowspan="7" {{Yes}}

−

|rowspan="6" {{Partial}}

+

|rowspan="7" {{Partial}}

−

|rowspan="6" {{Partial}}

+

|rowspan="7" {{Partial}}

−

|rowspan="6" {{Partial}}

+

|rowspan="7" {{Partial}}

−

|rowspan="6" {{Yes}}

+

|rowspan="7" {{Yes}}

−

|rowspan="6" {{Yes}}

+

|rowspan="7" {{Yes}}

−

|rowspan="6" {{Yes}}

+

|rowspan="7" {{Yes}}

−

|rowspan="6" {{Yes}}

+

|rowspan="7" {{Yes}}

−

|rowspan="6" {{Yes}}

+

|rowspan="7" {{Yes}}

−

|rowspan="6" data-sort-value="121"| 0x79

+

|rowspan="7" data-sort-value="121"| 0x79

|data-sort-value="66"| 0x42

+

| {{No}}

+

|-

+

|data-sort-value="1239037807"| [[#Apr 6 2009 17:10:07|Apr 6 2009 17:10:07]]

+

|data-sort-value="68"| 0x44

| {{No}}

|-

Line 263: Line 273:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~43575ada3e27b20543fc13be1395800e~~

+

| colspan="3"| 5032764e723e0db7e6d7f434219c9d50289a1cab

|-

! Thing

Line 317: Line 327:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~43d861243ca8ae5370b08e810566bc06~~

+

| colspan="3"| 9dce75d14e01f6efc8d56821c139490792b8b3f9

|-

! Thing

Line 365: Line 375:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

| colspan="3" {{Not tested|Varies}}

|-

Line 409: Line 419:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

| colspan="3" {{Not tested|Varies}}

|-

Line 498: Line 508:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~c808d8b90a74a4ee808b199a1b1e8d53~~

+

| colspan="3"| 260be947a08f57f6ef51086427fe222fd4040399

|-

! Thing

Line 537: Line 547:

|}

−

=== ~~Group C~~ ===

+

==== Jun 8 2007 18:20:10 ====

−

~~Removes IOCtlVs [[#0x90 DVDLowGetNoDiscOpenPartitionParams|0x90]], [[#0x91 DVDLowNoDiscOpenPartition|0x91]], and [[#0x92 DVDLowGetNoDiscBufferSizes|0x92]] (but they are still accessible as IOCtls).~~ ~~([[#0x93 DVDLowOpenPartitionWithTmdAndTicket|0x93]] and [[#0x94 DVDLowOpenPartitionWithTmdAndTicketView|0x94]] remain available as IOCtlVs.)~~

−

~~The thunk function for memcpy are now located between thunks for IOS_FlushDCache and IOSC_GenerateHash (at 20205b80) instead of request_di_interrupt and time_now (at 20205dc0) in group B.~~

−

~~==== Jul 14 2008 19~~:25:32 ====

−

~~Replaces the Jun 8 build for IOS versions other than IOS37:~~

−

* [[~~IOS31~~]] ~~starting with v3088~~

+

Only found in [[IOS28]] version 1288 (which is the first build that split things into modules). This version is not present on NUS, but can be found on the update partition of some discs, such as ''LEGO Star Wars: The Complete Saga'' and ''Marble Saga: Kororinpa''. The only difference between the build from the earlier build is that the open heap is at address 0x13800000 (0x9c << 0x15) instead of address 0x13600000 (0x9b << 0x15). This is a 1-byte difference at offset bfc in the file or at address 20200ad4. (There are also differences for the build dates).

−

* [[IOS33]] starting with v2832

−

* [[IOS34]] starting with v3087

−

* [[IOS35]] starting with v3088

−

* [[IOS36]] starting with v3090

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~366021c440e6377044f8ca8c94e2e6bc~~

+

| colspan="3"| fb308a9a1d9341df9517db155f4383162325dcc0

|-

! Thing

Line 565: Line 563:

| 20200000

| 139B0000

−

| ~~0x7D74~~

+

| 0x80E0

|-

| Data (ES vars)

−

| ~~20208000~~

+

| 20209000

−

| ~~139B8000~~

+

| 139B9000

| 0x140

|-

| BSS (zero'd)

−

| ~~20209000~~

+

| 2020A000

−

| ~~139B9000~~

+

| 139BA000

| 0x2BDC4

|-

| Stack

−

| ~~2022cdc4~~

+

| 2022ddc4

| ?

| 0x8000

|-

| Protected heap

−

| ~~20209020~~

+

| 2020A020

| ?

| 0x4000

|-

| Open heap

−

| ~~13600000~~

+

| 13800000

| ?

| 0x18000

|}

−

==== Jul 14 2008 19:32~~:38~~ ====

+

=== Group C ===

+

Removes IOCtlVs [[#0x90 DVDLowGetNoDiscOpenPartitionParams|0x90]], [[#0x91 DVDLowNoDiscOpenPartition|0x91]], and [[#0x92 DVDLowGetNoDiscBufferSizes|0x92]] (but they are still accessible as IOCtls). ([[#0x93 DVDLowOpenPartitionWithTmdAndTicket|0x93]] and [[#0x94 DVDLowOpenPartitionWithTmdAndTicketView|0x94]] remain available as IOCtlVs.)

+

The thunk function for memcpy are now located between thunks for IOS_FlushDCache and IOSC_GenerateHash (at 20205b80) instead of request_di_interrupt and time_now (at 20205dc0) in group B.

+

==== Jul 14 2008 19:25:32 ====

+

Replaces the Jun 8 build for IOS versions other than IOS37:

−

~~Only found in~~ [[~~IOS28~~]] (which is the first build that split things into modules). The only difference between the build from 7 minutes earlier is that the open heap is at address 0x13800000 (0x9c << 0x15) instead of address 0x13600000 (0x9b << 0x15). This is a 1-byte difference at offset 924 in the file or at address 202007fc. (There are technically 2 other differences between the versions, for the build date strings.)

+

* [[IOS31]] starting with v3088

+

* [[IOS33]] starting with v2832

+

* [[IOS34]] starting with v3087

+

* [[IOS35]] starting with v3088

+

* [[IOS36]] starting with v3090

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~49f714dd1a0985fbd4c44ee9fe4f945a~~

+

| colspan="3"| 57667279972205462da427535a75a913574f2798

|-

! Thing

Line 632: Line 642:

|-

| Open heap

−

| ~~13800000~~

+

| 13600000

| ?

| 0x18000

|}

−

==== Jul 24 2008 20:08:45 ====

+

==== Jul 14 2008 19:32:38 ====

−

Only found in [[~~IOS38~~]].

+

Only found in [[IOS28]] (which is the first build that split things into modules). The only difference between the build from 7 minutes earlier is that the open heap is at address 0x13800000 (0x9c << 0x15) instead of address 0x13600000 (0x9b << 0x15). This is a 1-byte difference at offset 924 in the file or at address 202007fc. (There are technically 2 other differences between the versions, for the build date strings.)

−

~~Identical to~~ the ~~Jul 14 2008 19:25:32~~ build ~~apart~~ from the ~~priority of the main thread being set to 0x1b~~ instead of ~~0x54~~ (~~all versions other than this and Jul 24 2008 00:30:13 use 0x54~~). This ~~results in~~ byte ~~differences~~ at ~~address 20207c2c (file~~ offset ~~7d54), as well as~~ in ~~some ELF header area~~ (~~file offset 114)~~, ~~and~~ the ~~timestamps~~.

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~ef1a8c1270f82e0993f504f1e17a5152~~

+

| colspan="3"| 92b9a637383729b25fbcb663f2895f66c6d9c987

|-

! Thing

Line 678: Line 686:

|-

| Open heap

−

| ~~13600000~~

+

| 13800000

| ?

| 0x18000

|}

−

==== ~~Apr 3 2012 12~~:00:~~16 1~~ ====

+

==== Jul 24 2008 20:08:45 ====

+

Only found in [[IOS38]]. Note that this also has a version string of <code>$IOSVersion: DIP: 07/24/08 20:08:<mark>44</mark> 64M $</code>, probably just due to the two timestamps being determined at separate instants.

−

~~Wii U vWii variant of [[#~~Jul 14 2008 19:25:32|Jul 14 2008 19:25:~~32]], with the normal [[#vWii note|vWii changes]]~~. ~~Used by [[IOS31]], [[IOS33]], [[IOS34]]~~, ~~[[IOS35]]~~, and ~~[[IOS36]]~~.

+

Identical to the Jul 14 2008 19:25:32 build apart from the priority of the main thread being set to 0x1b instead of 0x54 (all versions other than this and Jul 24 2008 00:30:13 use 0x54). This results in byte differences at address 20207c2c (file offset 7d54), as well as in some ELF header area (file offset 114), and the timestamps.

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~c85216d854989109ec95912e8993d4c6~~

+

| colspan="3"| b4cdc54a5912d64f9ef1e516931ab32d64677a9c

|-

! Thing

Line 699: Line 709:

| 20200000

| 139B0000

−

| ~~0x7D90~~

+

| 0x7D74

|-

| Data (ES vars)

Line 727: Line 737:

|}

−

==== Apr 3 2012 12:00:16 2 ====

+

==== Apr 3 2012 12:00:16 1 ====

−

Wii U vWii variant of [[#Jul 24 2008 20:08:45|Jul 24 2008 20:08:45]], with the normal [[#vWii note|vWii changes]]. Used by [[~~IOS38~~]] exclusively. The only difference from the other build with the same timestamp is the main thread's priority (which was changed to 0x1b from 0x54). This difference appears in memory at address 20207c48 (offset 7d70) and ~~in the ELF header at file offset 114. It's rather odd that the timestamp was not updated despite that change~~.

+

Wii U vWii variant of [[#Jul 14 2008 19:25:32|Jul 14 2008 19:25:32]], with the normal [[#vWii note|vWii changes]]. Used by [[IOS31]], [[IOS33]], [[IOS34]], [[IOS35]], and [[IOS36]].

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~777436b7131e08e59672a927d6ea3559~~

+

| colspan="3"| e04f3abe93ca9b9a2518c2ddc3d273e43caed1f8

|-

! Thing

Line 771: Line 781:

|}

−

==== Apr 3 2012 13:11:40 ====

+

==== Apr 3 2012 12:00:16 2 ====

−

Wii U vWii variant of [[#Jul 14 2008 19:32:38|Jul 14 2008 19:32:38]], with the normal [[#vWii note|vWii changes]]. Used by [[~~IOS28~~]] exclusively. The ~~open heap~~ is ~~at 0x13800000 instead of 0x13600000, due~~ to ~~a 1-byte change~~ at address ~~202007fc or~~ offset ~~924~~.

+

Wii U vWii variant of [[#Jul 24 2008 20:08:45|Jul 24 2008 20:08:45]], with the normal [[#vWii note|vWii changes]]. Used by [[IOS38]] exclusively. The only difference from the other build with the same timestamp is the main thread's priority (which was changed to 0x1b from 0x54). This difference appears in memory at address 20207c48 (offset 7d70) and in the ELF header at file offset 114. It's rather odd that the timestamp was not updated despite that change.

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~0878e12c454539450e9e75c19d5a75e9~~

+

| colspan="3"| b62ad5ea5a2e03d2fb73e93dad1d34c102ec357a

|-

! Thing

Line 810: Line 820:

|-

| Open heap

−

| ~~0x13800000~~

+

| 13600000

| ?

| 0x18000

|}

−

=== ~~Group D~~ ===

+

==== Apr 3 2012 13:11:40 ====

−

~~Adds~~ [[#~~0x96 DVDLowGetControlRegister~~|~~0x96 DVDLowGetControlRegister~~]]. ~~Note that although these versions are earlier than group C~~, ~~they have more features~~.

+

Wii U vWii variant of [[#Jul 14 2008 19:32:38|Jul 14 2008 19:32:38]], with the normal [[#vWii note|vWii changes]]. Used by [[IOS28]] exclusively. The open heap is at 0x13800000 instead of 0x13600000, due to a 1-byte change at address 202007fc or offset 924.

−

diFatalError attempts to write 0xdeadbeef to 0xffff0000 before it calls CancelThread and enters an infinite loop. The message was also changed from "(diFatalError) Fatal error in DI driver: %s\nExiting\n" to "(diFatalError) *** DI FATAL ERROR: %s\nExiting\n". Something about this changed compiler or decompiler behavior, changing the way uses of that function affect code flow which makes some changes harder to spot and creates a lot of changes that aren't actually changes.

+

{| class="wikitable"

−

+

! MD5

−

clearDriveErrorInterupt and doWaitForCoverClose were moved to be before handleDiCommand instead of after (group C has them at 2020146c/2020149c, and now they are at 20200b80/20200b98). Furthermore, clearDriveErrorInterupt no longer issues a 0xE0 command to the drive, and always returns success (however, the rest of the code still assumes it can fail, printing a warning in that case).

+

| colspan="3"| 1d1723825d53b5389ec80c89c8a3aa06701ae07d

−

+

|-

−

Improved error messages in doBlockRead. The debug messages for when a hash failed now also print the first parameter as a pointer (e.g. "(doBlockRead) Data subblock %d failed to verify against H0 Hash (%08x)"). The fatal error message for the first case was changed from "Data failed to verify against H0 Hash" to "Data subblock failed to verify against H0 Hash" (the other messages of the form "H0 Hashes failed to verify" were not changed). Additionally, if the call to doRawDiskRead fails, the message "(doBlockRead) doRawDiskRead failed, rc=%d\n" is printed (previously nothing was printed); the return value is still that of doRawDiskRead in that case. Lastly, when a hash fails, the parameter is memset with value 0xA5 prior to calling diFatalError.

+

! Thing

−

+

! Virtual address

−

The implementation of DVDLowRead no longer calls doReadHashEncryptedState if it hasn't been called before (before it checks if the disc is a secure disc). It never needed to anyways, as it is called after DVDLowReadDiskID, which *must* be called first. It was also moved to be before doNonConfirmingDiscRead and doReadHashEncryptedState (at 202029e8) instead of after them (at 20202950).

−

doReadHashEncryptedState only considers a disc as secure (and only enables hashing) if both disable hashing (byte 0x60 of the [[Wii Disc]]) and disable encryption (byte 0x61) are false (and also acts as if hashing were disabled if encryption is disabled). Previously, only the hashing byte controlled whether the disc was secure and hashing was enabled.

−

The 0x18000-byte H3 hashes buffer is cleared by commonOpenPartition with value 0xA5 if a non-encrypted disc is used (disc encryption at byte 0x61 on the [[Wii Disc]] is 0 and the partition's H3 offset is also 0; disabling encryption but having an H3 offset set will result in a fatal error in both this version and earlier versions).

−

~~Some more ES wrappers were added:~~

−

* 0x3E (at 2020525c)

−

* ES_GetV0TicketFromView (0x40, at 20205068)

−

~~==== Jul 11 2008 14:34:27 ====~~

−

~~Used by several IOS builds:~~

−

* [[IOS37]] starting with v2816

−

* [[IOS50]] v4889 (v5120 is a stub)

−

* [[IOS51]] v4633 (v4864 is a stub)

−

* [[IOS52]] v5661 (v5888 is a stub)

−

* [[IOS53]] (all versions)

−

* [[IOS55]] (all versions)

−

{| class="wikitable"

−

! MD5

−

| colspan="3"| ~~382d4a5cafdb1e28ba039d25db7c4c1f~~

−

|-

−

! Thing

−

! Virtual address

! Physical address

! Size

Line 858: Line 841:

| 20200000

| 139B0000

−

| ~~0x8088~~

+

| 0x7D90

|-

| Data (ES vars)

−

| ~~20209000~~

+

| 20208000

−

| ~~139B9000~~

+

| 139B8000

| 0x140

|-

| BSS (zero'd)

−

| ~~2020A000~~

+

| 20209000

−

| ~~139BA000~~

+

| 139B9000

| 0x2BDC4

|-

| Stack

−

| ~~2022ddc4~~

+

| 2022cdc4

| ?

| 0x8000

|-

| Protected heap

−

| ~~2020a020~~

+

| 20209020

| ?

| 0x4000

|-

| Open heap

−

| ~~13600000~~

+

| 0x13800000

| ?

| 0x18000

|}

−

==== ~~Jul 24 2008 00~~:30:~~13 ====~~

+

=== Group D ===

+

Adds [[#0x96 DVDLowGetControlRegister|0x96 DVDLowGetControlRegister]]. Note that although these versions are earlier than group C, they have more features.

+

diFatalError attempts to write 0xdeadbeef to 0xffff0000 before it calls CancelThread and enters an infinite loop. The message was also changed from "(diFatalError) Fatal error in DI driver: %s\nExiting\n" to "(diFatalError) *** DI FATAL ERROR: %s\nExiting\n". Something about this changed compiler or decompiler behavior, changing the way uses of that function affect code flow which makes some changes harder to spot and creates a lot of changes that aren't actually changes.

+

clearDriveErrorInterupt and doWaitForCoverClose were moved to be before handleDiCommand instead of after (group C has them at 2020146c/2020149c, and now they are at 20200b80/20200b98). Furthermore, clearDriveErrorInterupt no longer issues a 0xE0 command to the drive, and always returns success (however, the rest of the code still assumes it can fail, printing a warning in that case).

−

~~Only found~~ in ~~[[IOS48]]~~.

+

Improved error messages in doBlockRead. The debug messages for when a hash failed now also print the first parameter as a pointer (e.g. "(doBlockRead) Data subblock %d failed to verify against H0 Hash (%08x)"). The fatal error message for the first case was changed from "Data failed to verify against H0 Hash" to "Data subblock failed to verify against H0 Hash" (the other messages of the form "H0 Hashes failed to verify" were not changed). Additionally, if the call to doRawDiskRead fails, the message "(doBlockRead) doRawDiskRead failed, rc=%d\n" is printed (previously nothing was printed); the return value is still that of doRawDiskRead in that case. Lastly, when a hash fails, the parameter is memset with value 0xA5 prior to calling diFatalError.

−

~~Identical to the Jul 11 2008 14:34:27 build apart from the priority~~ of the ~~main thread being set~~ to ~~0x1b instead of 0x54 (all versions other than this and Jul 24 2008 20:08:45 use 0x54)~~. ~~This results in byte differences~~ at ~~address 20207f40 (file offset 8068~~)~~, as well as in some ELF header area~~ (~~file offset 114~~)~~, and the timestamps~~.

+

The implementation of DVDLowRead no longer calls doReadHashEncryptedState if it hasn't been called before (before it checks if the disc is a secure disc). It never needed to anyways, as it is called after DVDLowReadDiskID, which *must* be called first. It was also moved to be before doNonConfirmingDiscRead and doReadHashEncryptedState (at 202029e8) instead of after them (at 20202950).

−

{| class="wikitable"

+

doReadHashEncryptedState only considers a disc as secure (and only enables hashing) if both disable hashing (byte 0x60 of the [[Wii Disc]]) and disable encryption (byte 0x61) are false (and also acts as if hashing were disabled if encryption is disabled). Previously, only the hashing byte controlled whether the disc was secure and hashing was enabled.

−

! ~~MD5~~

+

−

| colspan="3"| ~~108011e89e557d4e8adf1a02f87cb8ea~~

+

The 0x18000-byte H3 hashes buffer is cleared by commonOpenPartition with value 0xA5 if a non-encrypted disc is used (disc encryption at byte 0x61 on the [[Wii Disc]] is 0 and the partition's H3 offset is also 0; disabling encryption but having an H3 offset set will result in a fatal error in both this version and earlier versions).

−

|-

+

−

! Thing

+

Some more ES wrappers were added:

−

! Virtual address

+

* 0x3E (at 2020525c)

−

! Physical address

+

* ES_GetV0TicketFromView (0x40, at 20205068)

−

! Size

+

==== Jul 11 2008 14:34:27 ====

+

Used by several IOS builds:

+

* [[IOS37]] starting with v2816

+

* [[IOS50]] v4889 (v5120 is a stub)

+

* [[IOS51]] v4633 (v4864 is a stub)

+

* [[IOS52]] v5661 (v5888 is a stub)

+

* [[IOS53]] (all versions)

+

* [[IOS55]] (all versions)

+

Note that this also has a version string of <code>$IOSVersion: DIP: 07/11/08 14:34:<mark>26</mark> 64M $</code>, probably just due to the two timestamps being determined at separate instants.

+

{| class="wikitable"

+

! SHA-1

+

| colspan="3"| bff35f53a0ed9f69b15a224552fcc73372308099

+

|-

+

! Thing

+

! Virtual address

+

! Physical address

+

! Size

|-

| Code (and entry point)

Line 932: Line 942:

|}

−

==== ~~Dec~~ 24 2008 13:51:06 ====

+

==== Jul 24 2008 00:30:13 ====

−

~~Used~~ in ~~all versions of~~ [[~~IOS41]], [[IOS43]], [[IOS45]], and [[IOS46~~]].

+

Only found in [[IOS48]].

−

~~Rebuild with no changes (other than~~ the ~~timestamps) of~~ Jul 11 2008 14:34:27.

+

Identical to the Jul 11 2008 14:34:27 build apart from the priority of the main thread being set to 0x1b instead of 0x54 (all versions other than this and Jul 24 2008 20:08:45 use 0x54). This results in byte differences at address 20207f40 (file offset 8068), as well as in some ELF header area (file offset 114), and the timestamps.

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~72122c88cdcd4279cc09e197d3079624~~

+

| colspan="3"| 0fc5a88a327ee2b5c4ce3dc05faf8c7ef3bbcc1b

|-

! Thing

Line 978: Line 988:

|}

−

==== ~~Apr 3 2012 12~~:21:34 ====

+

==== Dec 24 2008 13:51:06 ====

+

Used in all versions of [[IOS41]], [[IOS43]], [[IOS45]], and [[IOS46]].

−

~~Wii U vWii variant~~ of ~~[[#~~Jul 14 2008 ~~19:32:38|Jul~~ 14 ~~2008 19~~:32:~~38]], with the normal [[#vWii note|vWii changes]]. Used by [[IOS37]], [[IOS53]], and [[IOS55]]~~.

+

Rebuild with no changes (other than the timestamps) of Jul 11 2008 14:34:27.

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~4ec5199c40a08746ebd6931e181d6737~~

+

| colspan="3"| d254a265d25d96723a566e6f877f5df05a645699

|-

! Thing

Line 994: Line 1,006:

| 20200000

| 139B0000

−

| ~~0x80A4~~

+

| 0x8088

|-

| Data (ES vars)

Line 1,022: Line 1,034:

|}

−

==== Apr 3 2012 12:31:01 ====

+

==== Apr 3 2012 12:21:34 ====

−

Wii U vWii variant of [[#Jul 14 2008 19:32:38|Jul 14 2008 19:32:38]], with the normal [[#vWii note|vWii changes]]. Used by [[~~IOS41~~]], [[~~IOS43]], [[IOS45]], [[IOS46~~]], and [[~~IOS48]] (the original version was only used by IOS48, with the rest using [[#Dec 24 2008 13:51:06|Dec 24 2008 13:51:06~~]]). The main thread has priority 0x1b instead of 0x54, resulting in byte differences at address 20207f5c (offset 8084) and in the ELF header (offset 114), as well as the timestamps. Was the priority change for versions other than IOS48 intentional, with the other modules being updated to compensate{{check}}?

+

Wii U vWii variant of [[#Jul 14 2008 19:32:38|Jul 14 2008 19:32:38]], with the normal [[#vWii note|vWii changes]]. Used by [[IOS37]], [[IOS53]], and [[IOS55]].

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~ecbcd75c788ffab75f291dd510e440c0~~

+

| colspan="3"| e7a0824785268df455d56c1803620eff180d6556

|-

! Thing

Line 1,066: Line 1,078:

|}

−

=== ~~Group E~~ ===

+

==== Apr 3 2012 12:31:01 ====

−

~~The code that checks H0/H1/H2 hashes was moved into~~ the ~~kernel, using~~ [[~~IOS/Syscalls~~|~~syscall~~]] ~~0x77 (IOSC_CheckDiHashes)~~. ~~H3 hashes are still present. It's not clear if the actual hashing behavior changed{{check}}.~~

+

Wii U vWii variant of [[#Jul 14 2008 19:32:38|Jul 14 2008 19:32:38]], with the normal [[#vWii note|vWii changes]]. Used by [[IOS41]], [[IOS43]], [[IOS45]], [[IOS46]], and [[IOS48]] (the original version was only used by IOS48, with the rest using [[#Dec 24 2008 13:51:06|Dec 24 2008 13:51:06]]). The main thread has priority 0x1b instead of 0x54, resulting in byte differences at address 20207f5c (offset 8084) and in the ELF header (offset 114), as well as the timestamps. Was the priority change for versions other than IOS48 intentional, with the other modules being updated to compensate{{check}}?

−

~~Wrappers for ES IoctlVs 0x41 (at 20205ba4 in 2008 and 20205c58 in 2009 and 2012) and 0x42 (at 20205b44 in 2008 and 20205bf8 in 2009 and 2012) were added.~~

−

~~Instructions for syscalls 0x77~~, ~~0x78~~, and 0x79 were added, though only 0x77 is used. Note that these are out of order; 0x77 is at the end of the list at 202042d0 while 0x78 and 0x79 are wedged between 0x5a and 0x5b at 202041e0 for some reason.

−

~~==== Nov 24 2008 15:39:09 ====~~

−

~~Used in the first builds of a few IOS versions:~~

−

* [[~~IOS56~~]] ~~v4890 only~~

−

* [[~~IOS57~~]] ~~v5404 only~~

−

* [[~~IOS60~~]] ~~v6174 only~~ (~~other~~ version ~~is a stub)~~

−

* [[~~IOS61~~]] ~~v4890 only~~

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~48e1be8f767feb59cbc51aa4329d735a~~

+

| colspan="3"| 8835422c143de4b359fea4a0a56aef9386caa53d

|-

! Thing

Line 1,095: Line 1,094:

| 20200000

| 139B0000

−

| 0x7F00

+

| 0x80A4

−

|-

+

|-

−

| Data (ES vars)

+

| Data (ES vars)

−

| 20208000

+

| 20209000

−

| 139B8000

+

| 139B9000

−

| 0x140

+

| 0x140

−

|-

+

|-

−

| BSS (zero'd)

+

| BSS (zero'd)

−

| 20209000

+

| 2020A000

−

| 139B9000

+

| 139BA000

−

| 0x2BDC4

+

| 0x2BDC4

−

|-

+

|-

−

| Stack

+

| Stack

−

| 2022cdc4

+

| 2022ddc4

−

| ?

+

| ?

−

| 0x8000

+

| 0x8000

−

|-

+

|-

−

| Protected heap

+

| Protected heap

−

| 20209020

+

| 2020a020

−

| ?

+

| ?

−

| 0x4000

+

| 0x4000

−

|-

+

|-

−

| Open heap

+

| Open heap

−

| 13600000

+

| 13600000

−

| ?

+

| ?

−

| 0x18000

+

| 0x18000

−

|}

+

|}

−

+

=== Group E ===

+

The code that checks H0/H1/H2 hashes was moved into the kernel, using [[IOS/Syscalls|syscall]] 0x77 (IOSC_CheckDiHashes). H3 hashes are still present. It's not clear if the actual hashing behavior changed{{check}}.

+

Wrappers for ES IoctlVs 0x41 (at 20205ba4 in 2008 and 20205c58 in 2009 and 2012) and 0x42 (at 20205b44 in 2008 and 20205bf8 in 2009 and 2012) were added.

+

Instructions for syscalls 0x77, 0x78, and 0x79 were added, though only 0x77 is used. Note that these are out of order; 0x77 is at the end of the list at 202042d0 while 0x78 and 0x79 are wedged between 0x5a and 0x5b at 202041e0 for some reason.

+

==== Nov 24 2008 15:39:09 ====

+

Used in the first builds of a few IOS versions:

+

* [[IOS56]] v4890 only

+

* [[IOS57]] v5404 only

+

* [[IOS60]] v6174 only (other version is a stub)

+

* [[IOS61]] v4890 only

+

{| class="wikitable"

+

! SHA-1

+

| colspan="3"| 96b035dafcfaf826d1772abd07b8014aed15035f

+

|-

+

! Thing

+

! Virtual address

+

! Physical address

+

! Size

+

|-

+

| Code (and entry point)

+

| 20200000

+

| 139B0000

+

| 0x7F00

+

|-

+

| Data (ES vars)

+

| 20208000

+

| 139B8000

+

| 0x140

+

|-

+

| BSS (zero'd)

+

| 20209000

+

| 139B9000

+

| 0x2BDC4

+

|-

+

| Stack

+

| 2022cdc4

+

| ?

+

| 0x8000

+

|-

+

| Protected heap

+

| 20209020

+

| ?

+

| 0x4000

+

|-

+

| Open heap

+

| 13600000

+

| ?

+

| 0x18000

+

|}

+

==== Apr 6 2009 17:10:07 ====

+

Used exclusively by [[IOS56]] v5146, which is not found on NUS (but can be found on e.g. Guitar Hero 5).

+

No changes to the actual driver code from the Nov 24 2008 version, but some of the ES wrapper code changed. These also cause string constants to shift, which makes byte comparisons slightly annoying. The changes:

+

* ES_AddTicket (20204514, Ioctlv 0x01) no longer always uses a size of 0x2a4, but will instead use 0x2a4 plus a 32-bit size at offset 0x2a8 if the byte at offset 0x1bc is nonzero.

+

* ES_GetTicketFromView (20204fc0, Ioctlvs 0x43 and 0x44) was added

+

{| class="wikitable"

+

! SHA-1

+

| colspan="3"| 9a915fd77389a79c7fa516e4aac4e30e4e1174ad

+

|-

+

! Thing

+

! Virtual address

+

! Physical address

+

! Size

+

|-

+

| Code (and entry point)

+

| 20200000

+

| 139B0000

+

| 0x7FB4

+

|-

+

| Data (ES vars)

+

| 20208000

+

| 139B8000

+

| 0x140

+

|-

+

| BSS (zero'd)

+

| 20209000

+

| 139B9000

+

| 0x2BDC4

+

|-

+

| Stack

+

| 2022cdc4

+

| ?

+

| 0x8000

+

|-

+

| Protected heap

+

| 20209020

+

| ?

+

| 0x4000

+

|-

+

| Open heap

+

| 13600000

+

| ?

+

| 0x18000

+

|}

+

==== Jun 3 2009 07:49:09 ====

Line 1,137: Line 1,242:

No changes to the actual driver code from the Nov 24 2008 version, but some of the ES wrapper code changed. These also cause string constants to shift, which makes byte comparisons slightly annoying. The changes:

−

* ES_AddTicket (20204514, Ioctlv 0x01) no longer always uses a size of 0x2a4, but will instead use 0x2a4 plus a 32-bit size at offset 0x2a8 if the byte at offset 0x1bc is nonzero.

−

* ES_GetTicketFromView (20204fc0, Ioctlvs 0x43 and 0x44) was added

* Ioctlv 0x45 (20205cb8) was added

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~89f7dc21f07e2cae97c3a571b23d8abd~~

+

| colspan="3"| 4e04e88ec7250de84a1e788ae69fdad9351330a8

|-

! Thing

Line 1,186: Line 1,289:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~a92e0407a61fe6812724cf1ed4ccab68~~

+

| colspan="3"| d5dfeb42909a20453c0f574e9a8c41f50792bf8f

|-

! Thing

Line 1,230: Line 1,333:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~c4d353400390fc748813076464b33996~~

+

| colspan="3"| 43cbc9d451df6296214347f8a33349b2dda843f0

|-

! Thing

Line 1,274: Line 1,377:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~6912011de2cf16c358865f2cc8316055~~

+

| colspan="3"| e961f817c53ad3d87af96635df99bc6ee70ed056

|-

! Thing

Line 1,318: Line 1,421:

{| class="wikitable"

−

! ~~MD5~~

+

! SHA-1

−

| colspan="3"| ~~6b87425010ac8256ee5d331a8073838b~~

+

| colspan="3"| 86bec5ad6815c2bf1f154690f2abd0e6141f0f8b

|-

! Thing

Line 1,860: Line 1,963:

<li>0x83 DVDLowGetLength</li>

<li>0x84 Get DIIMMBUF</li>

−

<li>0x85 ~~DVDLowUnmaskCoverInterrupt~~</li>

+

<li>0x85 DVDLowMaskCoverInterrupt</li>

<li>0x86 DVDLowClearCoverInterrupt</li>

−

+

<li>0x87 DVDLowUnmaskStatusInterrupts</li>

<li>0x88 DVDLowGetCoverStatus</li>

−

<li>0x89 ~~Enable Cover Interrupt~~</li>

+

<li>0x89 DVDLowUnmaskCoverInterrupt</li>

<li>0x8B DVDLowOpenPartition ioctl</li>

<li>0x8E DVDLowEnableDvdVideo</li>

Line 2,138: Line 2,241:

|}

−

=== 0x85 ~~DVDLowUnmaskCoverInterrupt~~ ===

+

=== 0x85 DVDLowMaskCoverInterrupt ===

+

Disables the cover interrupt by clearing bit 1 of DICVR (leaving bit zero unchanged). Does not clear the cover interrupt if it is currently asserted (does not write bit 2). Actual code is <code>DICVR = (DICVR & ~4 & ~2)</code>.

−

~~Disables~~ the ~~cover interrupt by clearing bit 1 of~~ DICVR (~~leaving~~ bit ~~zero unchanged~~). ~~Does not clear the cover interrupt if~~ it is ~~currently asserted (does not write bit 2)~~.

+

Titles have a DVDLowMaskCoverInterrupt function that is dummied out to always return 1; this function is used by DVDInit in the exact same place that gamecube titles write <code>DICVR = 0</code> (which should be equivalent, as writes to bit 0 which indicates the cover status presumably do nothing{{check}}). However, since it is stubbed out, there is no way of being sure that 0x85 was actually used by that function.

The output buffer is not used, and it may be null. Its size is not checked.

Line 2,172: Line 2,277:

|}

−

=== <s>0x87</s> ===

+

=== <s>0x87 DVDLowUnmaskStatusInterrupts</s> ===

+

Dummied out; does nothing (and always returns 1).

−

~~Dummied~~ out; ~~does nothing~~ (and ~~always returns 1~~). ~~Possibly an ID reserved for a PPC-only command (DVDLowBreak?)~~, as is ~~also done with DVDLowSetSpinupFlag?~~

+

Titles have a DVDLowUnmaskStatusInterrupts function that is dummied out to always return 1; this function is used by DVDInit in the exact same place that gamecube titles write <code>DISR = 0x2a</code> (which enables DEINTMASK, TCINTMASK, and BRKINTMASK, and does not clear any asserted interrupts). However, since it is stubbed out, there is no way of being sure that 0x87 was actually used by that function.

The output buffer is not used, and it may be null. Its size is not checked.

Line 2,206: Line 2,313:

|}

−

=== 0x89 ~~Enable Cover Interrupt~~ ===

+

=== 0x89 DVDLowUnmaskCoverInterrupt ===

+

Enables the cover interrupt by setting bit 1 of DICVR (leaving bit zero unchanged). Does not clear the cover interrupt if it is currently asserted (does not write bit 2). Actual code is <code>DICVR = ((DICVR & ~4) | 2)</code>.

−

~~Enables the cover interrupt by setting bit~~ 1 ~~of DICVR (leaving bit zero unchanged~~). ~~Does not clear the cover interrupt if~~ it ~~is currently asserted (does not write bit 2)~~.

+

Debug symbols list a function called DVDLowUnmaskCoverInterrupt, but no actual function remains as it was removed as unused (and even if it did still exist, it presumably would be dummied out to just return 1 as it is only 8 bytes). Therefore, there is no way to be certain that 0x89 actually was called DVDLowUnmaskCoverInterrupt, but it seems very likely based on DVDLowMaskCoverInterrupt.

The output buffer is not used, and it may be null. Its size is not checked.

Line 2,225: Line 2,334:

=== 0x8A DVDLowReset ===

−

Resets the drive, using [[IOS/Syscalls|syscalls]] 0x44, 0x45, and 0x46. If a reset is already in progress (~~syscall_check_di_reset~~ returns true), then it immediately calls ~~syscall_deassert_di_reset~~; otherwise, it calls ~~syscall_assert_di_reset~~, waits 12µs, and then calls ~~syscall_deassert_di_reset~~. Afterwards, registers are reset in the same way as DVDLowNotifyReset other than the cover interrupt. The cover interrupt is temporarilly disabled during this process, but is reenabled afterwards if it was enabled before.

+

Resets the drive, using [[IOS/Syscalls|syscalls]] 0x44, 0x45, and 0x46. If a reset is already in progress (check_di_reset returns true), then it immediately calls deassert_di_reset; otherwise, it calls assert_di_reset, waits 12µs, and then calls deassert_di_reset. Afterwards, registers are reset in the same way as DVDLowNotifyReset other than the cover interrupt. The cover interrupt is temporarilly disabled during this process, but is reenabled afterwards if it was enabled before.

Enable spinup is passed to syscall 0x4e, which activates the DI_SPIN [[Hardware/Hollywood_GPIOs|GPIO]] if it is 0 and disables it otherwise.

Hallowizer

5,579

edits

Changes

/dev/di (view source)

Revision as of 05:48, 22 February 2022