NVRAM

From DSiBrew

Jump to: navigation, search

The DSi contains a 128KB block (organized into 256-byte pages) of memory referred to as "NVRAM"; it is stored in a SPI flash chip onboard the WiFi dongle. On the DS, this was the system's firmware, plus it included writeable areas for user preferences and wifi connection settings. On the DSi, this chip is maintained for backward compatibility, but it is mostly empty.

(khmann: data actually seems to follow the format of http://www.daftcode.net/gbatek/ds#dsfirmwareheader quite closely to my eyes)

There is some new unknown data near the beginning of NVRAM which is involved in the boot process. The NVRAM is read very early in boot, before the NAND flash is initialized. An unreadable NVRAM chip will hang the boot process in an infinite retry loop, and errors in this portion of NVRAM will cause a stage1 Bootloader error.

Most of the address space is blank, with the exception of the following data:

Pages 0-2: Old partial NDS firmware header (for compatibility)

00000: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00010: 0000 0000 0000 0000 0000 0000 0057 ffff  .............W..
00020: c03f 0000 0000 0000 ffff e861 3801 000f  .?.........a8...
00030: ffff ffff ff00 0022 4cd8 968a fe3f ffff  ......."L....?..
00040: 0394 2902 0200 1700 2600 1818 4800 4048  ..).....&...H.@H
00050: 5800 4200 4601 6480 e6e6 4324 0e00 0100  X.B.F.d...C$....
00060: 0100 0204 0316 4000 1b6c 4880 3800 3507  ......@..lH.8.5.
00070: 0000 0000 0000 0000 b000 0000 0000 00c7  ................
00080: bb01 247f 5a01 3f01 3f36 1d00 7835 5512  ..$.Z.?.?6..x5U.
00090: 341c 0001 0e38 0370 c52a 0a08 0401 0000  4....8.p.*......
000a0: 00ff fffe fefe fefc fcfa fafa fafa f8f8  ................
000b0: f600 1214 1241 2303 0470 350e 2c2c 0000  .....A#..p5.,,..
000c0: 0000 0000 0000 000e 0000 1228 1c00 314c  ...........(..1L
000d0: 4f21 0010 b008 fa15 26e7 fe3e 0e51 0500  O!......&..>.Q..
000e0: 6d12 0300 01ff 0e00 0200 0000 0205 0500  m...............
000f0: 0000 1800 0200 0002 1e12 1212 1414 1414  ................

00100: 1414 1414 1616 1626 2223 2324 2424 2526  .......&"##$$$%&
00110: 2626 2728 2818 014b 4b4b 4b4c 4c4c 4c4c  &&'((..KKKKLLLLL
00120: 4c4c 4d4d 4d02 6c71 765b 4045 4a2f 3439  LLMMM.lqv[@EJ/49
00130: 3e03 0814 ffff ffff ffff ffff ffff ffff  >...............
00140: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00150: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00160: ffff 1cff ffff ffff ffff ffff ffff ffff  ................
00170: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00180: ffff ffff ffff ffff ffff ffff ffff ffff  ................
00190: ffff ffff ffff ffff ffff ffff ffff ffff  ................
001a0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
001b0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
001c0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
001d0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
001e0: ffff ffff ffff ffff ffff ffff ffff ffff  ................
001f0: ffff ffff ffff ffff ffff ffff ff01 20ff  .............. .

any changes between 0x00 and 0x27, yields bootloader error 0000FEFE

NVRAM u8 0x1FD is used by launcher to determine which binary to load from the wififw title content, that id *must* match one of the entries in that title content otherwise launcher will display a black error screen while booting. Apparently there are two options for DSi 1.4.4: 01 and 02. Perhaps this is used to identify DWM-W015 vs DWM-W024


00200: 0000 0000 0000 0000 0000 0000 0000 0000  ................
**
002e0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
002f0: 0000 0000 0000 0000 0000 0000 0000 0080  ................

If bit 7 of 0x2FF = 0, bootloader error 0000FE00, this particular error makes it sound like the DSi is being told to boot from some other area, or with a different encryption.



There are 10 pages starting at 0x1f400 (page 0xFA) that describe the WiFi settings (2 pages per slot?)

1f400: 0000 0000 0000 0000 0000 0000 0000 0000  ................
**
1f440: 3c65 7373 6964 3e0a 0000 0000 0000 0000  <essid>.......
1f450: 0000 0000 0000 0000 0000 0000 0000 0000  ................
**
1f4d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1f4e0: 0000 0000 0000 0000 0900 7805 0000 0001  ..........x.....
1f4f0: 0000 0000 0000 0000 0000 0000 0000 f80f  ................
1f500: 0000 0000 0000 0000 0000 0000 0000 0000  ................
**
1f5f0: 0000 0000 0000 0000 0000 0000 0000 0000  ................

The last 2 pages store 2 identical copies of user settings.

1fe00: 0500 0b01 0100 6200 7500 7300 6800 6900  ......b.u.s.h.i.
1fe10: 6e00 6700 0000 0000 0000 0700 0000 0000  n.g.............
1fe20: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fe30: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fe40: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fe50: 0000 0000 0000 0000 8102 1603 2020 a30d  ............  ..
1fe60: 970c e0a0 00fc 0900 4010 db10 0000 0000  ........@.......
1fe70: 0900 84dd 0100 0300 0000 0000 0000 0000  ................
1fe80: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fe90: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fea0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1feb0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fec0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fed0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fee0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fef0: 0000 0000 0000 0000 0000 0000 0000 1fcf  ................

1ff00: 0500 0b01 0100 6200 7500 7300 6800 6900  ......b.u.s.h.i.
1ff10: 6e00 6700 0000 0000 0000 0700 0000 0000  n.g.............
1ff20: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ff30: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ff40: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ff50: 0000 0000 0000 0000 8102 1603 2020 a30d  ............  ..
1ff60: 970c e0a0 00fc 0000 0000 0000 0000 0000  ................
1ff70: 0a00 922b 0100 0300 0000 0000 0000 0000  ...+............
1ff80: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ff90: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ffa0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ffb0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ffc0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ffd0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1ffe0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
1fff0: 0000 0000 0000 0000 0000 0000 0000 1fcf  ................
Personal tools