Location:
- NOR: 0x0000800 - 0x0002EFFF
- NAND: 0x0040800 - 0x00807FF
Within asecure_loader is another file table similar to region 1 but is located within region 1 itself. This has only been observed to hold metldr in its encrypted form.
| NOR: 0x0000800 - 0x000080F |
NAND: 0x0040800 - 0x004080F
|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000800 00 00 00 01 00 00 00 01 00 00 00 00 00 02 E8 00 ..............è. |
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00040800 00 00 00 01 00 00 00 01 00 00 00 00 00 04 00 00 ................
|
| Address |
Length |
Value |
Description
|
| 0x00 |
0x04 |
0x01 |
Unknown
|
| 0x04 |
0x04 |
0x01 |
Entry Count
|
| 0x08 |
0x08 |
0x2E800 |
Length of Region
|
Then follows a 32 byte entry for asecure (metldr) file
| NOR: 0x0000810 - 0x000083F |
NAND: 0x0040810 - 0x004083F
|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000810 00 00 00 00 00 00 00 40 00 00 00 00 00 00 E8 D0 .......@......èÐ
00000820 6D 65 74 6C 64 72 00 00 00 00 00 00 00 00 00 00 metldr..........
00000830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00040810 00 00 00 00 00 00 00 40 00 00 00 00 00 00 EE 10 .......@......î.
00040820 6D 65 74 6C 64 72 00 00 00 00 00 00 00 00 00 00 metldr..........
00040830 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
| Address |
Length |
Value |
Description
|
| 0x0 |
0x08 |
0x40 |
File offset relative to 0x800 (asecure_loader header)
|
| 0x8 |
0x08 |
0xE8D0 |
File Length
|
| 0x10 |
0x20 |
char[32]:"metldr" |
File name
|
note: exact length depends on metldr revision and is mentioned in previous entrytable
| NOR: 0x0000840 - 0x000F12F |
NAND: 0x0040840 - 0x004F66F
|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000840 00 00 0E 89 43 B6 EF 4A E2 0F 74 00 C8 80 9E 53 ...‰C¶ïJâ.t.È€žS
00000850 00 00 0E 89 FC D1 D8 BE 6F F4 C8 D8 8F E1 C3 F7 ...‰üÑؾoôÈØ.áÃ÷
00000860 8B E4 7A 13 F1 F9 85 EF 66 01 96 81 BD CA 31 EA ‹äz.ñù…ïf.–.½Ê1ê
00000870 9F 86 36 BB 92 4C FF EE FA 92 88 D3 E5 27 96 24 Ÿ†6»’Lÿîú’ˆÓå'–$
....
0000F0F0 ED BA DE 64 76 29 8E C6 CC FC DD 30 40 56 39 6B íºÞdv)ŽÆÌüÝ0@V9k
0000F100 03 F3 C1 D1 81 41 85 32 24 A6 46 67 CC FB 3F 64 .óÁÑ.A…2$¦FgÌû?d
0000F110 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0000F120 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00040840 00 00 0E DD 2F 6C 62 2E CA 7F AE 0D 2F 76 B5 D4 ...Ý/lb.Ê.®./vµÔ
00040850 00 00 0E DD 93 B7 DF 38 94 92 09 B6 C3 9C D2 AA ...Ý“·ß8”’.¶ÃœÒª
00040860 B2 6A E5 B6 D9 EB D8 5A 63 B2 32 E0 75 18 7C 63 ²jå¶ÙëØZc²2àu.|c
00040870 8D A0 30 54 F6 34 63 FB 01 8F DE 31 0A D7 FF 3D . 0Tö4cû..Þ1.×ÿ=
....
0004F630 2D 76 13 0B F3 89 32 A3 D2 A2 4A 18 19 FD 30 DC -v..ó‰2£Ò¢J..ý0Ü
0004F640 D8 18 00 DA BD E3 99 EB 80 DE CE A8 59 7B 8F 49 Ø..Ú½ã™ë€ÞΨY{.I
0004F650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0004F660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
|
| Address |
Length |
Value |
Description
|
| 0x0 |
0x04 |
0x00000E89 |
Binary size (see below)
|
| 0x4 |
0x0C |
0x2F6C622ECA7FAE0D2F76B5D4 |
Rev key - same per revision (see talkpage)
|
| 0x10 |
0x4 |
0x00000E89 |
Binary size (see below)
|
| 0x14 |
0xC |
0x93B7DF38949209B6C39CD2AA |
perconsole nonce
|
Calculating metldr data size[edit | edit source]
(first 4 bytes from header * 0x10)+0x40 = datasize
thus, above example : 00000E89*0x10+0x40 = 0xE8D0 (which should be same as value at 0x81E (NOR) or 0x4081E (NAND))
