SceSblAuthMgr: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
 
(85 intermediate revisions by 4 users not shown)
Line 1: Line 1:
'''S'''ecure '''Bl'''ock Authentication Manager
== Module ==
== Module ==


=== Known NIDs ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! Name !! World !! Privilege !! NID
! Version !! World !! Privilege
|-
|-
| 1.69 || SceSblAuthMgr || Non-secure || Kernel || 0xEA5DFC93
| 0.931.010-3.740.011 || Non-secure || Kernel
|}
|}


Line 17: Line 18:
! Version !! Name !! World !! Visibility !! NID
! Version !! Name !! World !! Visibility !! NID
|-
|-
| 1.69 || [[SceSblAuthMgr#SceSblAuthMgrForKernel|SceSblAuthMgrForKernel]] || Non-secure || Kernel || 0x7ABF5135
| 0.931.010-3.740.011 || [[SceSblAuthMgr#SceSblAuthMgrForKernel|SceSblAuthMgrForKernel]] || Non-secure || Kernel || 0x7ABF5135
|-
| 3.60 || [[SceSblAuthMgr#SceSblAuthMgrForKernel|SceSblAuthMgrForKernel]] || Non-secure || Kernel || 0x7ABF5135
|-
| 1.69 || [[SceSblAuthMgr#SceSblAuthMgrForDriver|SceSblAuthMgrForDriver]] || Non-secure || Kernel || 0x4EB2B1BB
|-
| 3.60 || [[SceSblAuthMgr#SceSblAuthMgrForDriver|SceSblAuthMgrForDriver]] || Non-secure || Kernel || 0x4EB2B1BB
|-
|-
| 0.931.010-3.740.011 || [[SceSblAuthMgr#SceSblAuthMgrForDriver|SceSblAuthMgrForDriver]] || Non-secure || Kernel || 0x4EB2B1BB
|}
|}


== SceSblAuthMgrForKernel ==
== SceSblAuthMgrForKernel ==


These functions are used for [[SceKernelModulemgr#Decrypt_SELF_ELF_Program|self decryption]]
These functions are used for [[SceKernelModulemgr#Decrypt_SELF_ELF_Program|SELF decryption]].


=== sceSblAuthMgrStartF00DCommunication ===
=== sceSblAuthMgrOpenForKernel ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.931.010-3.740.011 || 0xA9CD2A09
! NID
|}
|-
 
| 3.60 || 0xA9CD2A09
Temp name was sceSblAuthMgrInvokeSMForKernel, sceSblAuthMgrSmStartForKernel.
 
<source lang="C">
// If initialization is successful - pHandle will be initialized to 1
int sceSblAuthMgrOpenForKernel(int *pHandle);
</source>
 
=== sceSblAuthMgrCloseForKernel ===
{| class="wikitable"
! Version !! NID
|-
|-
| 0.931.010-3.740.011 || 0x026ACBAD
|}
|}
Temp name was sceSblAuthMgrStopSMForKernel, sceSblAuthMgrSmStopForKernel.
Issues [[Secure_Modules_Functions#Request_Buffer|kprx_auth_sm command -1]].


<source lang="C">
<source lang="C">
//if initialization is successful - ctx will be initialized to 1
// handle - obtained with sceSblAuthMgrOpenForKernel. Handle must equal 1 for successful close.
int sceSblAuthMgrStartF00DCommunication(int* ctx);
int sceSblAuthMgrCloseForKernel(int handle);
</source>
</source>


=== sceSblAuthMgrShutDownCurrentlyLoadedSelf ===
=== sceSblAuthMgrStartForKernel ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.931.010-0.996.090 || 0xCAA38DF7
! NID
|-
|-
| 3.60 || 0x026ACBAD
| 1.000.071-3.740.011 || not present
|}
|}


executes special [[F00D_Commands#Request_Buffer|F00D command -1]]
Creates SceSblAuthMgrZlibHeap.
 
<source lang="C">int sceSblAuthMgrStartForKernel(void);</source>
 
=== sceSblAuthMgrStopForKernel ===
{| class="wikitable"
! Version !! NID
|-
| 0.931.010-0.996.090 || 0x6C1F5048
|-
| 1.000.071-3.740.011 || not present
|}
 
Deletes SceSblAuthMgrZlibHeap.
 
<source lang="C">int sceSblAuthMgrStopForKernel(void);</source>
 
=== sceSblAuthMgrAuthHeaderForKernel ===
{| class="wikitable"
! Version !! NID
|-
| 0.931.010-3.740.011 || 0xF3411881
|}
 
Issues [[Secure_Modules_Functions#0x10001_-_sceSblAuthMgrAuthHeader|kprx_auth_sm command 0x10001]]
 
<code>SceSblSmCommContext130</code> type is defined in [[SceSblSsSmComm#Types|SceSblSsSmComm]].
 
?Read caller SELF Info using sceKernelGetSelfAuthInfoForKernel? then writes it to context_130->caller_self_auth_info.
 
Calls smc_137 and smc_134 that interact with Cmep. Cmep sets context_130->called_self_auth_info.


<source lang="C">
<source lang="C">
//ctx - should equal 1 for successful deinit. it is obtained by calling sceSblAuthMgrStartF00DCommunication
// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrShutDownCurrentlyLoadedSelf(int ctx);
int sceSblAuthMgrAuthHeaderForKernel(int handle, const void *self_header_addr, SceSize SelfHeaderSize, SceSblSmCommContext130 *auth_info);
</source>
</source>


=== sceSblAuthMgrParseSelfHeader ===
=== sceSblAuthMgrSetupAuthSegmentForKernel ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.931.010-3.740.011 || 0x89CCDA2C
! NID
|-
| 3.60 || 0xF3411881
|}
|}


Issues F00D command [[F00D_Commands#0x10001|0x10001]]
Temp name was sceSblAuthMgrLoadSelfSegmentForKernel, sceSblAuthMgrLoadSegmentForKernel.
 
Issues [[Secure_Modules_Functions#0x20001_-_sceSblAuthMgrSetupAuthSegment|kprx_auth_sm command 0x20001]].


<source lang="C">
<source lang="C">
typedef struct header_ctx_request //size is 0x90
// handle - obtained with sceSblAuthMgrOpenForKernel
{
  uint32_t unk_8;
  uint32_t unk_C;
 
  uint32_t unk_10[20];
 
  uint32_t unk_60;
  uint32_t unk_64;
  char klicensee[0x10]; // offset 0x68
 
  uint32_t unk_78;
  uint32_t unk_7C;
 
  uint32_t unk_80;
  uint32_t unk_84;
  uint32_t unk_88;
  uint32_t unk_8C;
 
  uint32_t unk_90;
  uint32_t unk_94;
}header_ctx_request;


typedef struct header_ctx_response //size is 0x90
0.931.010-1.500
{
int sceSblAuthMgrSetupAuthSegmentForKernel(int handle, int segment_number, SceSize segment_size, void *output_buffer, SceSize program_size);
  char data[0x90]; // offset 0x98
}header_ctx_response;


typedef struct header_ctx // size is 0x130. probably SceSblSmCommContext130
3.600.011-3.740.011
{
int sceSblAuthMgrSetupAuthSegmentForKernel(int handle, int segment_number);
  uint32_t unk_0;
  uint32_t unk_4; //used
 
  header_ctx_request req; //size is 0x90
 
  header_ctx_response resp; //size is 0x90
 
  uint32_t unk_128; // used
  uint32_t unk_12C;
 
}header_ctx;
 
//ctx - obtained with sceSblAuthMgrStartF00DCommunication
int sceSblAuthMgrParseSelfHeader(int ctx, void *addr, int length, char *buffer);
</source>
</source>


=== sceSblAuthMgrSetSelfSegment ===
=== sceSblAuthMgrAuthSegmentForKernel ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.990.000-3.740.011 || 0xBC422443
! NID
|-
| 3.60 || 0x89CCDA2C
|}
|}


Issues F00D command [[F00D_Commands#0x20001|0x20001]]
Temp name was sceSblAuthMgrLoadSelfBlockForKernel, sceSblAuthMgrLoadBlockForKernel.
 
Issues [[Secure_Modules_Functions#0x30001_-_sceSblAuthMgrLoadBlock|kprx_auth_sm command 0x30001]]
 
<source lang="C">
// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrAuthSegmentForKernel(int handle, void *buffer, SceSize len);
</source>


=== sceSblAuthMgrDecryptSelfSegment ===
=== sceSblAuthMgrLoadSegmentInternalForKernel ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.990.000-1.692.000 || 0x15248FB4
! NID
|-
|-
| 3.60 || 0xBC422443
| 1.800.071-3.740.011 || not present
|}
|}


Issues F00D command [[F00D_Commands#0x30001|0x30001]]
<source lang="C">
// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrLoadSegmentInternalForKernel(int handle, int a2, unsigned int a3);
</source>


=== sceSblAuthMgrSetDmac5Key ===
=== sceSblAuthMgrSetDmac5KeyForKernel ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.990.000-3.740.011 || 0x122ACDEA
! NID
|-
| 1.05 || 0x122acdea
|-
| 3.60 || 0x122acdea
|-
|}
|}


Issues F00D command [[F00D_Commands#0x50001_sceSblAuthMgrSetDmac5Key|0x50001]]
Issues [[Secure_Modules_Functions#0x50001_-_sceSblAuthMgrSetDmac5KeyForKernel|kprx_auth_sm command 0x50001]].


<source lang="C">
<source lang="C">
//key_size - in bytes
// key_size - in bytes
int sceSblAuthMgrSetDmac5Key(char *key, int key_size, int slot_id, int key_id);
int sceSblAuthMgrSetDmac5KeyForKernel(const void *key, SceSize key_size, int slot_id, int key_id);
</source>
</source>


=== sceSblAuthMgrClearDmac5Key ===
=== sceSblAuthMgrClearDmac5KeyForKernel ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.990.000-3.740.011 || 0xF2BB723E
! NID
|-
| 1.05 || 0xf2bb723e
|-
| 3.60 || 0xf2bb723e
|-
|}
|}


Issues F00D command [[F00D_Commands#0x60001_sceSblAuthMgrClearDmac5Key|0x60001]]
Issues [[Secure_Modules_Functions#0x60001_-_sceSblAuthMgrClearDmac5KeyForKernel|kprx_auth_sm command 0x60001]].


<source lang="C">int sceSblAuthMgrClearDmac5Key(int unk0, int unk1);</source>
<source lang="C">int sceSblAuthMgrClearDmac5KeyForKernel(int unk0, int unk1);</source>


=== sceSblAuthMgrReturnZero ===
=== SceSblAuthMgrForKernel_2A83A012 ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 1.800.071-3.740.011 || 0x2A83A012
! NID
|-
| 3.60 || 0x2A83A012
|-
|}
|}


returns 0
Not implemented and returns 0. Maybe implemented in some internal System Software versions.
 
<source lang="C">int SceSblAuthMgrForKernel_2A83A012(void);</source>


=== unk_ABAB8466 ===
=== sceSblAuthMgrCompareSwVersionForKernel ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.931.010-0.996.090 || not present
! NID
|-
| 3.60 || 0xABAB8466
|-
|-
| 1.000.071-3.740.011 || 0xABAB8466
|}
|}


aligns unk0 on 12 bits and compares to 0x3600000
Aligns version on 12 bits then compares to the hardcoded current firmware version (example: 0x03600000 on FW 3.60).


<source lang="C">int unk_ABAB8466(int unk0);</source>
<source lang="C">int sceSblAuthMgrCompareSwVersionForKernel(int version);</source>


== SceSblAuthMgrForDriver ==
== SceSblAuthMgrForDriver ==


=== sceSblAuthMgrGetEKc ===
=== sceSblAuthMgrGetEKcForDriver ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.990.000-3.740.011 || 0x868B9E9A
! NID
|-
| 1.05 || 0x868b9e9a
|-
| 3.60 || 0x868b9e9a
|}
|}


Issues F00D command [[F00D_Commands#0x40001_sceSblAuthMgrGetEKc|0x40001]]
EKc might mean Encrypted Klicensee.
 
Issues [[Secure_Modules_Functions#0x40001_-_sceSblAuthMgrGetEKcForDriver|kprx_auth_sm command 0x40001]].


<source lang="C">int sceSblAuthMgrGetEKc(void* data, int size, int key_id);</source>
<source lang="C">int sceSblAuthMgrGetEKcForDriver(void *data, SceSize size, int key_id);</source>


=== sceSblAuthMgrDecBindData ===
=== sceSblAuthMgrDecBindDataForDriver ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.990.000-3.740.011 || 0x41DAEA12
! NID
|-
| 1.05 || 0x41daea12
|-
| 3.60 || 0x41daea12
|-
|}
|}


Issues F00D command [[F00D_Commands#0x70001_sceSblAuthMgrDecBindData|0x70001]]
Issues [[Secure_Modules_Functions#0x70001_-_sceSblAuthMgrDecBindDataForDriver|kprx_auth_sm command 0x70001]].


<source lang="C">
<source lang="C">
//request should contain pair of keys and rif data
// request should contain pair of keys and rif data


int sceSblAuthMgrDecBindData(char* klicensee, int klicensee_len, char* request, int request_len, int zero);
int sceSblAuthMgrDecBindDataForDriver(char* klicensee, int klicensee_len, char* request, int request_len, int zero);
</source>
</source>


=== sceSblAuthMgrVerifySpfsoCtx ===
=== sceSblAuthMgrVerifySpsfoForDriver ===
{| class="wikitable"
{| class="wikitable"
! Version !! NID
|-
|-
! Version
| 0.931.010-0.990.000 || not present
! NID
|-
|-
| 3.60 || 0x24C4CE64
| 0.996.090-3.740.011 || 0x24C4CE64
|}
|}


Used by [[SceSblPostSsMgr#sceSblPostSsMgrVerifySpfsoCtxForDriver|sceSblPostSsMgrVerifySpfsoCtxForDriver]]
Used by [[SceSblPostSsMgr#sceSblSpsfoMgrVerifyForDriver|sceSblSpsfoMgrVerifyForDriver]].
 
Issues [[Secure_Modules_Functions#0x80001_-_sceSblAuthMgrVerifySpsfo|kprx_auth_sm command 0x80001]].
 
Spsfo (signed param.sfo) file is located in game cartridge at path gro0:gc/param.sfo. It can also be loaded from host0: on DevKit. It has 3 parts: CF header and certification, plain SceSpsfoHeader and plain SFO (maybe reduced).
 
<source lang="C">
typedef struct SceSpsfoHeader { // size is 0x200 usually
    int version;                  // ex: 1
    SceSize size;                // header size
    uint64_t system_version;      // ex: 0x0330000000000110
    char titleid[0x20];
    uint64_t parent_authority_id; // ex: 0x2800000000000030
    uint64_t process_authority_id;
    char reserved[0x1C0];
} SceSpsfoHeader;
 
Note : SceSpsfoHeader and spsfo_ctx may be different
</source>


Issues F00D command [[F00D_Commands#0x80001|0x80001]]
<source lang="C">int sceSblAuthMgrVerifySpsfoForDriver(spsfo_ctx *ctx);</source>


<source lang="C">int sceSblAuthMgrVerifySpfsoCtx(spsfo_ctx *ctx);</source>


[[Category:ARM]]
[[Category:Kernel]]
[[Category:Modules]]
[[Category:Modules]]
[[Category:Kernel]]
[[Category:Library]]

Latest revision as of 22:25, 16 July 2023

Secure Block Authentication Manager

Module

Version World Privilege
0.931.010-3.740.011 Non-secure Kernel

Libraries

Known NIDs

Version Name World Visibility NID
0.931.010-3.740.011 SceSblAuthMgrForKernel Non-secure Kernel 0x7ABF5135
0.931.010-3.740.011 SceSblAuthMgrForDriver Non-secure Kernel 0x4EB2B1BB

SceSblAuthMgrForKernel

These functions are used for SELF decryption.

sceSblAuthMgrOpenForKernel

Version NID
0.931.010-3.740.011 0xA9CD2A09

Temp name was sceSblAuthMgrInvokeSMForKernel, sceSblAuthMgrSmStartForKernel.

// If initialization is successful - pHandle will be initialized to 1
int sceSblAuthMgrOpenForKernel(int *pHandle);

sceSblAuthMgrCloseForKernel

Version NID
0.931.010-3.740.011 0x026ACBAD

Temp name was sceSblAuthMgrStopSMForKernel, sceSblAuthMgrSmStopForKernel.

Issues kprx_auth_sm command -1.

// handle - obtained with sceSblAuthMgrOpenForKernel. Handle must equal 1 for successful close.
int sceSblAuthMgrCloseForKernel(int handle);

sceSblAuthMgrStartForKernel

Version NID
0.931.010-0.996.090 0xCAA38DF7
1.000.071-3.740.011 not present

Creates SceSblAuthMgrZlibHeap.

int sceSblAuthMgrStartForKernel(void);

sceSblAuthMgrStopForKernel

Version NID
0.931.010-0.996.090 0x6C1F5048
1.000.071-3.740.011 not present

Deletes SceSblAuthMgrZlibHeap.

int sceSblAuthMgrStopForKernel(void);

sceSblAuthMgrAuthHeaderForKernel

Version NID
0.931.010-3.740.011 0xF3411881

Issues kprx_auth_sm command 0x10001

SceSblSmCommContext130 type is defined in SceSblSsSmComm.

?Read caller SELF Info using sceKernelGetSelfAuthInfoForKernel? then writes it to context_130->caller_self_auth_info.

Calls smc_137 and smc_134 that interact with Cmep. Cmep sets context_130->called_self_auth_info.

// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrAuthHeaderForKernel(int handle, const void *self_header_addr, SceSize SelfHeaderSize, SceSblSmCommContext130 *auth_info);

sceSblAuthMgrSetupAuthSegmentForKernel

Version NID
0.931.010-3.740.011 0x89CCDA2C

Temp name was sceSblAuthMgrLoadSelfSegmentForKernel, sceSblAuthMgrLoadSegmentForKernel.

Issues kprx_auth_sm command 0x20001.

// handle - obtained with sceSblAuthMgrOpenForKernel

0.931.010-1.500
int sceSblAuthMgrSetupAuthSegmentForKernel(int handle, int segment_number, SceSize segment_size, void *output_buffer, SceSize program_size);

3.600.011-3.740.011
int sceSblAuthMgrSetupAuthSegmentForKernel(int handle, int segment_number);

sceSblAuthMgrAuthSegmentForKernel

Version NID
0.990.000-3.740.011 0xBC422443

Temp name was sceSblAuthMgrLoadSelfBlockForKernel, sceSblAuthMgrLoadBlockForKernel.

Issues kprx_auth_sm command 0x30001

// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrAuthSegmentForKernel(int handle, void *buffer, SceSize len);

sceSblAuthMgrLoadSegmentInternalForKernel

Version NID
0.990.000-1.692.000 0x15248FB4
1.800.071-3.740.011 not present
// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrLoadSegmentInternalForKernel(int handle, int a2, unsigned int a3);

sceSblAuthMgrSetDmac5KeyForKernel

Version NID
0.990.000-3.740.011 0x122ACDEA

Issues kprx_auth_sm command 0x50001.

// key_size - in bytes
int sceSblAuthMgrSetDmac5KeyForKernel(const void *key, SceSize key_size, int slot_id, int key_id);

sceSblAuthMgrClearDmac5KeyForKernel

Version NID
0.990.000-3.740.011 0xF2BB723E

Issues kprx_auth_sm command 0x60001.

int sceSblAuthMgrClearDmac5KeyForKernel(int unk0, int unk1);

SceSblAuthMgrForKernel_2A83A012

Version NID
1.800.071-3.740.011 0x2A83A012

Not implemented and returns 0. Maybe implemented in some internal System Software versions.

int SceSblAuthMgrForKernel_2A83A012(void);

sceSblAuthMgrCompareSwVersionForKernel

Version NID
0.931.010-0.996.090 not present
1.000.071-3.740.011 0xABAB8466

Aligns version on 12 bits then compares to the hardcoded current firmware version (example: 0x03600000 on FW 3.60).

int sceSblAuthMgrCompareSwVersionForKernel(int version);

SceSblAuthMgrForDriver

sceSblAuthMgrGetEKcForDriver

Version NID
0.990.000-3.740.011 0x868B9E9A

EKc might mean Encrypted Klicensee.

Issues kprx_auth_sm command 0x40001.

int sceSblAuthMgrGetEKcForDriver(void *data, SceSize size, int key_id);

sceSblAuthMgrDecBindDataForDriver

Version NID
0.990.000-3.740.011 0x41DAEA12

Issues kprx_auth_sm command 0x70001.

// request should contain pair of keys and rif data

int sceSblAuthMgrDecBindDataForDriver(char* klicensee, int klicensee_len, char* request, int request_len, int zero);

sceSblAuthMgrVerifySpsfoForDriver

Version NID
0.931.010-0.990.000 not present
0.996.090-3.740.011 0x24C4CE64

Used by sceSblSpsfoMgrVerifyForDriver.

Issues kprx_auth_sm command 0x80001.

Spsfo (signed param.sfo) file is located in game cartridge at path gro0:gc/param.sfo. It can also be loaded from host0: on DevKit. It has 3 parts: CF header and certification, plain SceSpsfoHeader and plain SFO (maybe reduced).

typedef struct SceSpsfoHeader { // size is 0x200 usually
    int version;                  // ex: 1
    SceSize size;                 // header size
    uint64_t system_version;      // ex: 0x0330000000000110
    char titleid[0x20];
    uint64_t parent_authority_id; // ex: 0x2800000000000030
    uint64_t process_authority_id;
    char reserved[0x1C0];
} SceSpsfoHeader;

Note : SceSpsfoHeader and spsfo_ctx may be different
int sceSblAuthMgrVerifySpsfoForDriver(spsfo_ctx *ctx);