SceSblSsSmComm: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
 
(16 intermediate revisions by 2 users not shown)
Line 1: Line 1:
SceSblSsSmComm is a kernel module that is primarily responsible for calling [[SM]] functions.
SceSblSsSmComm is a kernel module that is primarily responsible for calling [[Secure_Modules|Secure Modules]] functions.


== Module ==
== Module ==
Line 7: Line 7:
! Version !! World !! Privilege
! Version !! World !! Privilege
|-
|-
| 0.931-3.60 || Non-secure || Kernel
| 0.931.010-3.740.011 || Non-secure || Kernel
|}
|}


Line 18: Line 18:
! Version !! Name !! World !! Visibility !! NID
! Version !! Name !! World !! Visibility !! NID
|-
|-
| 0.931-3.60 || [[SceSblSsSmComm#SceSblSmCommForKernel|SceSblSmCommForKernel]] || Non-secure || Kernel || 0xCD3C89B6
| 0.931.010-3.740.011 || [[SceSblSsSmComm#SceSblSmCommForKernel|SceSblSmCommForKernel]] || Non-secure || Kernel || 0xCD3C89B6
|-
|-
| 0.931-1.69 || [[SceSblSsSmComm#SceSblSsSmComm|SceSblSsSmComm]] || Non-secure || User || 0xD8DC7847
| 0.931.010-1.692.000 || [[SceSblSsSmComm#SceSblSsSmComm|SceSblSsSmComm]] || Non-secure || User || 0xD8DC7847
|-
| 1.800.071-3.740.011 || [[SceSblSsSmComm#SceSblSsSmComm|SceSblSsSmComm]] || Non-secure || User || not present
|}
|}


Line 49: Line 51:
}; */
}; */


// this struct is used in FW 0.931 secure_kernel.xxx
typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931.010-3.740.011
typedef struct unk_0x30 { // size is 0x30 on FW 0.931
  SceSize size; // Size of this structure
  SceUInt32 maybe_self_type_or_success; // always 1 in 0.931 secure_kernel.xxx
  SceUInt64 program_sceversion;
  char digest[0x20]; // SHA256 of the ELF
} unk_0x30;
 
typedef struct SceSharedSecret { // size is 0x40 on FWs 0.931-3.73
  uint8_t shared_secret_0[0x10];
  uint8_t klicensee[0x10];
  uint8_t shared_secret_2[0x10];
  uint32_t shared_secret_3_0; // ex: 0x10
  uint32_t shared_secret_3_1;
  uint32_t shared_secret_3_2;
  uint32_t shared_secret_3_3;
} SceSharedSecret;
 
typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931-3.73
   SceUInt64 program_authority_id;
   SceUInt64 program_authority_id;
   uint8_t padding[8];
   uint8_t padding[8];
   uint8_t capability[0x20];
   uint8_t capability[0x20];
   uint8_t attribute[0x20];
   uint8_t attribute[0x20];
   SceSharedSecret secret;
   SceSharedSecret shared_secret; // current hypothesis of SceSharedSecret is full (0x40 bytes) shared_secret overwritten with klicensee at offset 0x10
} SceSelfAuthInfo;
} SceSelfAuthInfo;


typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931-3.73 (as its name indicates)
typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931.010-3.740.011 (as its name indicates)
   SceUInt32 unk_0;
   SceUInt32 unk_0;
   SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
   SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
   SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
   SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
   SceSelfAuthInfo spawned_self_auth_info; // set by SK in response SceSblSmCommContext130
   SceSelfAuthInfo spawned_self_auth_info; // set by secure_kernel in response SceSblSmCommContext130
   SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
   SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
   SceUInt32 unk_12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == true set unk_12C to 1, else set to 0xA
   SceUInt32 unk_0x12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == 1, then set unk_0x12C to 1, else set to 10, ?mistook with media_type?
} SceSblSmCommContext130;
} SceSblSmCommContext130;
</source>
</source>
Line 87: Line 71:
== SceSblSmCommForKernel ==
== SceSblSmCommForKernel ==


=== sceSblSmCommStopSmForKernel ===
=== sceSblSmCommCallFunc_ForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 0.931-3.60 || 0x0631F8ED
| 0.931.010-1.03 || 0x4960DF9E
|-
| 1.692.000-3.740.011 || not present
|}
|}


This function calls [[SceSblSsSmComm#sceSblSmCommCallFuncForKernel|sceSblSmCommCallFuncForKernel]] with <code>-1 (0xFFFFFFFF)</code> as <code>func_id</code> and then calls [[SceSblSmschedProxy#sceSblSmSchedProxyWaitForKernel|sceSblSmSchedProxyWaitForKernel]].
This function is just a 4-argument wrapper for [[#sceSblSmCommCallFuncForKernel]].
 
<source lang="c">
typedef struct sceSblSmCommCallFunc_Param {
    void *pData;
    SceSize dataSize;
} sceSblSmCommCallFunc_Param;


<source lang="c">int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);</source>
int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);
</source>


=== sceSblSmCommStartSmFromDataForKernel ===
=== sceSblSmCommStopCommForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 3.60 || 0x039C73B1
| 0.931.010-1.03 || 0xC35FB95A
|-
| 1.692.000-3.740.011 || not present
|}
|}


<source lang="c">int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const char *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);</source>
<source lang="C">int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);</source>


=== sceSblSmCommStartSmForKernel ===
=== sceSblSmCommStartSmForKernel ===
Line 114: Line 109:
! Version !! NID
! Version !! NID
|-
|-
| 0.931-3.60 || 0x7863A0CC
| 0.931.010-1.03 || 0x7863A0CC
|-
| 1.692.000-1.810.021 || not present
|-
| 2.000.081-3.740.011 || 0x7863A0CC
|}
|}


Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will [[F00D Processor|suspend]] the low one.
Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will [[CMeP#Protocol|suspend]] the low one.


<source lang="c">int sceSblSmCommStartSmForKernel(SceBool priority, void *sm_self, SceSize sm_self_size, SceSblSmCommContext130* ctx_130, SceSmSchedRequestId *req_id);</source>
The following conditions must be met in order for this function to be called successfully:
- In kernel thread.
- In kernel context.
 
Calling a function without satisfying the conditions freezes the system.
 
<source lang="c">int sceSblSmCommStartSmForKernel(SceBool priority, const char *sm_self_path, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);</source>


=== sceSblSmCommStartSm_ForKernel ===
=== sceSblSmCommStartSm_ForKernel ===
Line 126: Line 131:
! Version !! NID
! Version !! NID
|-
|-
| 0.931-1.69 || 0x992BB9DB
| 0.931.010-1.800.071 || 0x992BB9DB
|-
| 2.000.081-3.740.011 || not present
|}
|}


<source lang="c">int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);</source>
<source lang="c">int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);</source>
=== sceSblSmCommStartSmFromDataForKernel ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.931.010-1.800.071 || not present
|-
| 3.600.011-3.740.011 || 0x039C73B1
|}
<source lang="c">int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const void *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);</source>


=== sceSblSmCommCallFuncForKernel ===
=== sceSblSmCommCallFuncForKernel ===
Line 135: Line 154:
! Version !! NID
! Version !! NID
|-
|-
| 0.931-3.60 || 0xDB9FC204
| 0.931.010-3.740.011 || 0xDB9FC204
|}
|}


<source lang="c">int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);</source>
<source lang="c">int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);</source>


=== sceSblSmCommCallFunc_ForKernel ===
=== sceSblSmCommStopSmForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 0.931 || 0x4960DF9E
| 0.931.010-3.740.011 || 0x0631F8ED
|}
|}


<source lang="c">
This function calls [[SceSblSsSmComm#sceSblSmCommCallFuncForKernel|sceSblSmCommCallFuncForKernel]] with <code>-1 (0xFFFFFFFF)</code> as <code>func_id</code> and then calls [[SceSblSmschedProxy#sceSblSmSchedProxyWaitForKernel|sceSblSmSchedProxyWaitForKernel]].
typedef struct sceSblSmCommCallFunc_Param {
 
    void *pData;
<source lang="c">int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);</source>
    SceSize dataSize;
 
} sceSblSmCommCallFunc_Param;
== SceSblSsSmComm ==


int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);
This library is present up to and including System Software version 1.692.000, then removed since System Software version 1.800.071 for security reasons.
</source>


=== sceSblSmCommStopCommForKernel ===
=== sceSblSmCommStartSm ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 0.931 || 0xC35FB95A
| 0.931.010-1.000.041 || 0x7863A0CC
|-
| 1.692.000-3.740.011 || not present
|}
|}


<source lang="C">int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);</source>
Alias for [[#sceSblSmCommStartSmForKernel]].


== SceSblSsSmComm ==
=== sceSblSmCommCallFunc_ ===
 
This library is present on 1.69 but is not present on 3.60.
 
=== sceSblSmCommStopSm ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 0.931-1.69 || 0x0631F8ED
| 0.931.010-1.000.041 || 0x4960DF9E
|-
| 1.692.000-3.740.011 || not present
|}
|}


=== sceSblSmCommStartSm ===
Alias for [[#sceSblSmCommCallFunc_ForKernel]].
 
=== sceSblSmCommStopComm ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 0.931 || 0x7863A0CC
| 0.931.010-1.000.041 || 0xC35FB95A
|-
| 1.692.000-3.740.011 || not present
|}
|}
Alias for [[#sceSblSmCommStopCommForKernel]].


=== sceSblSmCommStartSm_ ===
=== sceSblSmCommStartSm_ ===
Line 192: Line 216:
! Version !! NID
! Version !! NID
|-
|-
| 0.931-1.69 || 0x992BB9DB
| 0.931.010-1.692.000 || 0x992BB9DB
|-
| 1.800.071-3.740.011 || not present
|}
|}
Alias for [[#sceSblSmCommStartSm_ForKernel]].


=== sceSblSmCommCallFunc ===
=== sceSblSmCommCallFunc ===
Line 199: Line 227:
! Version !! NID
! Version !! NID
|-
|-
| 0.931 || 0xDB9FC204
| 0.931.010-1.692.000 || 0xDB9FC204
|-
| 1.800.071-3.740.011 || not present
|}
|}


=== sceSblSmCommCallFunc_ ===
Alias for [[#sceSblSmCommCallFuncForKernel]].
 
=== sceSblSmCommStopSm ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 0.931-1.69 || 0x4960DF9E
| 0.931.010-1.692.000 || 0x0631F8ED
|-
| 1.800.071-3.740.011 || not present
|}
|}


=== sceSblSmCommStopComm ===
Alias for [[#sceSblSmCommStopSmForKernel]].
 
== Changelog ==
 
Between 1.000.041 and 1.692.000 (to precise): many exported functions were removed. These functions were exported both to usermode and to kernel.
 
Between 1.692.000 and 1.800.071: the usermode library SceSblSsSmComm was removed. It should not have been exported to usermode for two security reasons: firstly SM communication should not be handled by usermode programs, secondly these exported functions were pointing to their kernel equivalent without any check on input addresses.
 
Between 1.800.071 and 2.500.071 (to precise): sceSblSmCommStartSm_ForKernel was replaced by two functions: sceSblSmCommStartSmForKernel (same name as in 0.931.010) that has the same features and sceSblSmCommStartSmFromDataForKernel that loads a SM from a buffer instead of a file.
 
== Obfuscated names ==
 
Since some System Software version between 1.000.041 and 1.692.000 (to precise), the module is compiled with a MACRO that converts some object names to obfuscated names. The algorithm is obfuscated_name = "SceSblSmComm" + hash(real_name) where hash is an unknown function.
 
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Real name !! Hash of real name !! Obfuscated name !! Comments
|-
| SceSblSmComm || 0xB639DB03 || SceSblSmCommB639DB03 || event flag
|-
| SceSblSmCommMutex || 0xAB75E2BE || SceSblSmCommAB75E2BE || fast mutex
|-
| SceSblSmCommSema (guessed name) || 0x62970C2D || SceSblSmComm62970c2d || sema (not present on <=1.000.041)
|-
| SceSblSmCommReadBuff || 0x8D26C678 || SceSblSmComm8D26C678 || memblock
|-
|-
| 0.931 || 0xC35FB95A
| SceSblCmCommBuff || 0x7EB92BED || SceSblSmComm7EB92BED || memblock
|}
|}


 
[[Category:ARM]]
[[Category:Kernel]]
[[Category:Modules]]
[[Category:Modules]]
[[Category:Kernel]]
[[Category:Library]]

Latest revision as of 15:37, 27 August 2023

SceSblSsSmComm is a kernel module that is primarily responsible for calling Secure Modules functions.

Module

Version World Privilege
0.931.010-3.740.011 Non-secure Kernel

Libraries

Known NIDs

Version Name World Visibility NID
0.931.010-3.740.011 SceSblSmCommForKernel Non-secure Kernel 0xCD3C89B6
0.931.010-1.692.000 SceSblSsSmComm Non-secure User 0xD8DC7847
1.800.071-3.740.011 SceSblSsSmComm Non-secure User not present

Types

/* example of spawner_self_auth_info
char data[0x90] =
{
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // KBL program-authority-id
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00, // KBL capability
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00, // KBL attribute
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, // KBL shared secret
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
}; */

typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931.010-3.740.011
   SceUInt64 program_authority_id;
   uint8_t padding[8];
   uint8_t capability[0x20];
   uint8_t attribute[0x20];
   SceSharedSecret shared_secret; // current hypothesis of SceSharedSecret is full (0x40 bytes) shared_secret overwritten with klicensee at offset 0x10
} SceSelfAuthInfo;

typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931.010-3.740.011 (as its name indicates)
   SceUInt32 unk_0;
   SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
   SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
   SceSelfAuthInfo spawned_self_auth_info; // set by secure_kernel in response SceSblSmCommContext130
   SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
   SceUInt32 unk_0x12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == 1, then set unk_0x12C to 1, else set to 10, ?mistook with media_type?
} SceSblSmCommContext130;

SceSblSmCommForKernel

sceSblSmCommCallFunc_ForKernel

Version NID
0.931.010-1.03 0x4960DF9E
1.692.000-3.740.011 not present

This function is just a 4-argument wrapper for #sceSblSmCommCallFuncForKernel.

typedef struct sceSblSmCommCallFunc_Param {
    void *pData;
    SceSize dataSize;
} sceSblSmCommCallFunc_Param;

int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);

sceSblSmCommStopCommForKernel

Version NID
0.931.010-1.03 0xC35FB95A
1.692.000-3.740.011 not present
int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);

sceSblSmCommStartSmForKernel

Version NID
0.931.010-1.03 0x7863A0CC
1.692.000-1.810.021 not present
2.000.081-3.740.011 0x7863A0CC

Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will suspend the low one.

The following conditions must be met in order for this function to be called successfully: - In kernel thread. - In kernel context.

Calling a function without satisfying the conditions freezes the system.

int sceSblSmCommStartSmForKernel(SceBool priority, const char *sm_self_path, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);

sceSblSmCommStartSm_ForKernel

Version NID
0.931.010-1.800.071 0x992BB9DB
2.000.081-3.740.011 not present
int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);

sceSblSmCommStartSmFromDataForKernel

Version NID
0.931.010-1.800.071 not present
3.600.011-3.740.011 0x039C73B1
int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const void *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);

sceSblSmCommCallFuncForKernel

Version NID
0.931.010-3.740.011 0xDB9FC204
int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);

sceSblSmCommStopSmForKernel

Version NID
0.931.010-3.740.011 0x0631F8ED

This function calls sceSblSmCommCallFuncForKernel with -1 (0xFFFFFFFF) as func_id and then calls sceSblSmSchedProxyWaitForKernel.

int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);

SceSblSsSmComm

This library is present up to and including System Software version 1.692.000, then removed since System Software version 1.800.071 for security reasons.

sceSblSmCommStartSm

Version NID
0.931.010-1.000.041 0x7863A0CC
1.692.000-3.740.011 not present

Alias for #sceSblSmCommStartSmForKernel.

sceSblSmCommCallFunc_

Version NID
0.931.010-1.000.041 0x4960DF9E
1.692.000-3.740.011 not present

Alias for #sceSblSmCommCallFunc_ForKernel.

sceSblSmCommStopComm

Version NID
0.931.010-1.000.041 0xC35FB95A
1.692.000-3.740.011 not present

Alias for #sceSblSmCommStopCommForKernel.

sceSblSmCommStartSm_

Version NID
0.931.010-1.692.000 0x992BB9DB
1.800.071-3.740.011 not present

Alias for #sceSblSmCommStartSm_ForKernel.

sceSblSmCommCallFunc

Version NID
0.931.010-1.692.000 0xDB9FC204
1.800.071-3.740.011 not present

Alias for #sceSblSmCommCallFuncForKernel.

sceSblSmCommStopSm

Version NID
0.931.010-1.692.000 0x0631F8ED
1.800.071-3.740.011 not present

Alias for #sceSblSmCommStopSmForKernel.

Changelog

Between 1.000.041 and 1.692.000 (to precise): many exported functions were removed. These functions were exported both to usermode and to kernel.

Between 1.692.000 and 1.800.071: the usermode library SceSblSsSmComm was removed. It should not have been exported to usermode for two security reasons: firstly SM communication should not be handled by usermode programs, secondly these exported functions were pointing to their kernel equivalent without any check on input addresses.

Between 1.800.071 and 2.500.071 (to precise): sceSblSmCommStartSm_ForKernel was replaced by two functions: sceSblSmCommStartSmForKernel (same name as in 0.931.010) that has the same features and sceSblSmCommStartSmFromDataForKernel that loads a SM from a buffer instead of a file.

Obfuscated names

Since some System Software version between 1.000.041 and 1.692.000 (to precise), the module is compiled with a MACRO that converts some object names to obfuscated names. The algorithm is obfuscated_name = "SceSblSmComm" + hash(real_name) where hash is an unknown function.

Real name Hash of real name Obfuscated name Comments
SceSblSmComm 0xB639DB03 SceSblSmCommB639DB03 event flag
SceSblSmCommMutex 0xAB75E2BE SceSblSmCommAB75E2BE fast mutex
SceSblSmCommSema (guessed name) 0x62970C2D SceSblSmComm62970c2d sema (not present on <=1.000.041)
SceSblSmCommReadBuff 0x8D26C678 SceSblSmComm8D26C678 memblock
SceSblCmCommBuff 0x7EB92BED SceSblSmComm7EB92BED memblock