SceSblSsMgr

From Vita Development Wiki
Jump to navigation Jump to search

Contents

Module

Known NIDs

Version Name World Privilege NID
1.69 SceSblSsMgr Non-secure Kernel 0xFDDD93FA
3.60 SceSblSsMgr Non-secure Kernel 0x4E913538

Libraries

Known NIDs

Version Name World Visibility NID
1.69 SceSblSsMgrForKernel Non-secure Kernel 0x74580D9F
3.60 SceSblSsMgrForKernel Non-secure Kernel 0x74580D9F
1.69 SceSblSsMgrForDriver Non-secure Kernel 0x61E9428D
3.60 SceSblSsMgrForDriver Non-secure Kernel 0x61E9428D
1.69 SceSblSsMgr Non-secure Kernel 0xEC86E4B0
1.69 SceSblQafMgr Non-secure User 0x756B7E89
3.60 SceSblQafMgr Non-secure User 0x756B7E89
1.69 SceSblRng Non-secure User 0x1843F124
3.60 SceSblRng Non-secure User removed
3.60 SceSblRng Non-secure User 0x1843F124
1.69 SceSblDmac5Mgr Non-secure User 0x437366A2
3.60 SceSblDmac5Mgr Non-secure User 0x437366A2
1.69 SceSblAimgr Non-secure User 0xD473F968
3.60 SceSblAimgr Non-secure User 0xD473F968

SceSblSsMgrForKernel

sceSblSsMgrGetQAFlagsForKernel

Version NID
3.60 0x83D254FF
int sceSblSsMgrGetQAFlagsForKernel(char buffer[0x10]);

sceSblSsMgrGetSysconDataForKernel

Version NID
3.60 0xC2EC8F5A

for example gets 0x20 bytes of data for act_sm.self command 0x4 call.

this is done by passing offset 0x520 as first argument.

int sceSblSsMgrGetSysconDataForKernel(int offset, char *buffer, int size);

sceSblSsMgrSetSysconDataForKernel

Version NID
3.60 0xE29E161C
int sceSblSsMgrSetSysconDataForKernel(int offset, char *buffer, int size);

return_ffffffff

Version NID
3.60 0x516ecc08

return -1; // 0xFFFFFFFF

int return_ffffffff(void);

sceSblQafManagerGetQafNameForKernel

Version NID
3.60 0xE2DD0378

Uses string "qaf_workaround" under certain conditions.

sceSblSsMgrGetSysconDataForKernel(0x480, buf, 1);
sceSblSsMgrGetSysconDataForKernel(0x400, buf, 0x80);
memcpy(buffer, buf, 0x18);
int sceSblQafManagerGetQafNameForKernel(char *buffer, unsigned int max_len);

SceSblSsMgrForDriver

Cryptographic functions in this module typically have 3 variations:

  1. Use key - meaning that the key that you provide is used directly for encryption/decryption.
  2. Use slot_id - meaning that you have to use sceSblAuthMgrSetDmac5Key function to set the key into a specific slot.
    • Note that in this case you select a key from F00D by key_id. It will be encrypted by F00D and placed into the slot selected by slot_id.
  3. Use key_id - meaning that the call to sceSblAuthMgrSetDmac5Key will happen internally.
    • In this case the key from F00D is also selected by key_id and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17.

sceSblSsMgrGetRandomNumberForDriver

Version NID
3.60 0x4F9BFBE5
int sceSblSsMgrGetRandomNumberForDriver(char* result, int size);

sceSblSsMgrGetRandomDataForDriver

Version NID
3.60 0xAC57F4F0

Generates random data of length 0x40 by executing Dmac5 command 0x04

used in SceKrm, SceSblGcAuthMgr

int sceSblSsMgrGetRandomDataForDriver(char* dest);

sceSblSsMgrGetRandomDataCropForDriver

Version NID
3.60 0x4DD1B2E5

Generates random data of length 0x40 by executing Dmac5 command 0x04

Data is then cropped to fit the size in outputBuffer.

used by SceMsif

int sceSblSsMgrGetRandomDataCropForDriver(char* outputBuffer, int size, int unk);

sceSblSsMgrAESECBEncryptForDriver

Version NID
3.60 0xC517770D

Executes Dmac5 command 0x1

used in ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);

sceSblSsMgrAESECBDecryptForDriver

Version NID
3.60 0x7C978BE7

Executes Dmac5 command 0x02

used ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);

sceSblSsMgrAESECBEncryptForDriver

Version NID
3.60 0x01BE0374

Executes Dmac5 command 0x01

used in SceSblMgKeyMgr

//size - size of data in src
//slot_id - 0x1C, 0x1D, 0x1E, 0x1F
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);

sceSblSsMgrAESECBDecryptForDriver

Version NID
3.60 0x8B4700CB

Executes Dmac5 command 0x02

used by SceSblMgKeyMgr

//size - size of data in src
//slot_id - 0x1D, ?
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);

sceSblSsMgrAESECBEncryptWithKeygenForDriver

Version NID
3.60 0x0F7D28AF

Executes Dmac5 command 0x01

used in ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
int sceSblSsMgrAESECBEncryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);

sceSblSsMgrAESECBDecryptWithKeygenForDriver

Version NID
3.60 0x197ACF6F

Executes Dmac5 command 0x02

no usages found

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
int sceSblSsMgrAESECBDecryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);

sceSblSsMgrDES64ECBEncryptForDriver

Version NID
3.60 0x37DD5CBF

This also implements 3DES. Chosen function depends on key size.

for 0x40 - DES

for 0x80 - not tested. assuming 3DES with K1 = K3.

for 0xC0 - 3DES

Executes Dmac5 command 0x41

used in SceMsif, SceSblMgKeyMgr

//size - size of data in src
//slot_id - 0x1C, ?
//key_size - 0xC0 (size in bits) - other sizes also work
//mask_enable = 1
int sceSblSsMgrDES64ECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);

sceSblSsMgrDES64ECBDecryptForDriver

Version NID
3.60 0x8EAFB18A

This also implements 3DES. Chosen function depends on key size.

for 0x40 - DES

for 0x80 - not tested. assuming 3DES with K1 = K3.

for 0xC0 - 3DES

Executes Dmac5 command 0x42

used in SceSblMgKeyMgr

//size - size of data in src
//slot_id - 0x1C, ?
//key_size - 0xC0 (size in bits) - other sizes also work
//mask_enable = 1
int sceSblSsMgrDES64ECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);

sceSblSsMgrDES64CBCEncryptForDriver

Version NID
3.60 0x05B38698

This also probably implements 3DES. Chosen function depends on key size.

for 0x40 - DES

for 0x80 - not tested. assuming 3DES with K1 = K3.

for 0xC0 - 3DES

Executes Dmac5 command 0x49

no usages found

//size - size of data in src
//slot_id - 0x1D, ?
//key_size - ? - does not matter ?
//iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrDES64CBCEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, char* iv, int mask_enable);

sceSblSsMgrDES64CBCDecryptForDriver

Version NID
3.60 0x926BCCF0

This also probably implements 3DES. Chosen function depends on key size.

for 0x40 - DES

for 0x80 - not tested. assuming 3DES with K1 = K3.

for 0xC0 - 3DES

Executes Dmac5 command 0x4A

no usages found

//size - size of data in src
//slot_id - 0x1D, ?
//key_size - ? - does not matter ?
//iv - length is 8 for DES
//mask_enable = 1
int sceSblSsMgrDES64CBCDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, char* iv, int mask_enable);

sceSblSsMgrAESCBCEncryptForDriver

Version NID
3.60 0xE6E1AD15

Executes Dmac5 command 0x09

used by ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCBCEncryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);

sceSblSsMgrAESCBCDecryptForDriver

Version NID
3.60 0x121FA69F

Executes Dmac5 command 0x0A

used by ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCBCDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);

sceSblSsMgrAESCBCEncryptWithKeygenForDriver

Version NID
3.60 0x711C057A

Executes Dmac5 command 0x09

used by ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
int sceSblSsMgrAESCBCEncryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);

sceSblSsMgrAESCBCDecryptWithKeygenForDriver

Version NID
3.60 0x1901CB5E

Executes Dmac5 command 0x0A

used by ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
int sceSblSsMgrAESCBCDecryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);

sceSblSsMgrAESCTREncryptForDriver

Version NID
3.60 0x82B5DCEF

Executes Dmac5 command 0x21

used by SceNpDrm

this function can also be used for decryption since CTR is symmetric function

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCTREncryptForDriver (char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);

sceSblSsMgrAESCTRDecryptForDriver

Version NID
3.60 0x7D46768C

Executes Dmac5 command 0x22

no usages found

this function can also be used for encryption since CTR is symmetric function

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCTRDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);

sceSblSsMgrSHA1ForDriver

Version NID
3.60 0xEB3AF9B5

Executes Dmac5 command 0x03

used by ScePfsMgr

key_size is always 0x100 bits

//size - size of data in src
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrSHA1ForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command_bit);

sceSblSsMgrHMACSHA1ForDriver

Version NID
3.60 0x6704D985

Executes Dmac5 command 0x23

used by ScePfsMgr

key_size is always 0x100 bits

//size - size of data in src
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrHMACSHA1ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);

sceSblSsMgrHMACSHA1WithKeygenForDriver

Version NID
3.60 0x92E37656

Executes Dmac5 command 0x23

no usages found

key_size is always 0x100 bits

//size - size of data in src
//key - length is always 0x20
//iv = 0
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrHMACSHA1WithKeygenForDriver(char *src, char *dst, int size, char *key, char *iv, int key_id, int mask_enable, int command_bit);

sceSblSsMgrHMACSHA256ForDriver

Version NID
3.60 0x79F38554

Executes Dmac5 command 0x33

no usages found

//size - size of data in src
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrHMACSHA256ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);

sceSblSsMgrAESCMACForDriver

Version NID
3.60 0x1B14658D

Executes Dmac5 command 0x3B

used in ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable, int command_bit);

sceSblSsMgrAESCMACWithKeygenForDriver

Version NID
3.60 0x83B058F5

Executes Dmac5 command 0x3B

used in ScePfsMgr

//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv = 0
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable, int command_bit);

sceSblSsMgrAESCMACForDriver

Version NID
3.60 0xEA6ACB6D

Executes Dmac5 command 0x3B

no usages found

//size - size of data in src
//slot_id - 0x1D, ?
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, int slot_id, int key_size, char *iv, int mask_enable, int command_bit);

sceSblSsMgrExecuteDmac5HashCommandForDriver

Version NID
3.60 0x9641374E

Executes Dmac5 commands related to hashe functions

used by SceNpDrm

int sceSblSsMgrExecuteDmac5HashCommandForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command, int command_bit);

sceSblSsMgrGetConsoleIdForDriver

Version NID
3.60 0xFC6CDD68

This function obtains ConsoleId by executing aimgr_sm.self F00D command 0x1

//buffer is of size 0x10
int sceSblSsMgrGetConsoleIdForDriver(void* cid);

sceSblSsMgrGetOpenPsIdForDriver

Version NID
3.60 0xA5B5D269

This function returns information from a static buffer that is initialized on module_start.

Read OpenPsId from sysroot_buffer+0x70 using sceSysrootGetSysrootBufferForKernel.

typedef struct OpenPsId {
	char open_psid[0x10];
} OpenPsId;

int sceSblSsMgrGetOpenPsIdForDriver(OpenPsId *open_psid);

sceSblSsMgrEncryptWithPortabilityForDriver

Version NID
3.60 0x21ec51f6

derived from _vshSblSsEncryptWithPortability

strangely enough does not use communication with F00D through command 0x1000A from encdec_w_portability_sm.self

struct size_data_pair
{
  int size;
  char data[0x20];
};

int sceSblSsMgrEncryptWithPortabilityForDriver(int key_id, char *iv, size_data_pair *src, size_data_pair *dst);

sceSblSsMgrDecryptWithPortabilityForDriver

Version NID
3.60 0x934db6b5

derived from _vshSblSsDecryptWithPortability

decrypts or derives aes key that is used in msif to decrypt static sha224 table

communication with F00D is done with command 0x2000A from encdec_w_portability_sm.self

typedef struct ScePortabilityInputData //size is 0x24
{
   uint32_t size;
   uint8_t data[0x20];
}ScePortabilityInputData;

typedef struct ScePortabilityOutputData //size is 0x24
{
   uint32_t size;
   uint8_t data[0x20];
}ScePortabilityOutputData;

//arg1 - size is 0x10
int sceSblSsMgrDecryptWithPortabilityForDriver(int key_id, char *iv, ScePortabilityInputData* in, ScePortabilityOutputData* out);

sceSblSsMgrGetVisibleId

Version NID
3.60 0x04843835

In old firmwares this function was named sceSblSsMgrGetFuseIdForDriver.

derived from _vshSblAimgrGetVisibleId

Executes F00D aimgr_sm.self command 0x3.

typedef struct VisibleId {
	char visible_id[0x20];
} VisibleId;

int sceSblSsMgrGetVisibleId(VisibleId* visible_id);

sceSblSsMgrGetNvsDataForDriver

Version NID
3.60 0xfdd6d5de

derived from _vshSblSsGetNvsData

uses syscon function to get the data

//index - max index is 5
//input - max size is 0x20
int sceSblSsMgrGetNvsDataForDriver(int index, char *output, int size);

sceSblSsMgrSetNvsDataForDriver

Version NID
3.60 0x249adb07

derived from _vshSblSsSetNvsData

uses syscon function to set the data

//index - max index is 5
//input - max size is 0x20
int sceSblSsMgrSetNvsDataForDriver(int index, char *input, int size);

sceSblSsMgrGetPscodeForDriver

Version NID
3.60 0xE0DC2587

derived from _vshSblAimgrGetPscode

This function returns information from a static buffer that is initialized on module_start.

Read PsCode from sysroot_buffer+0xA0 using sceSysrootGetSysrootBufferForKernel.

typedef struct PsCode {
	char magic[2]; // {0, 1}
	char target_id[2];
	char model_revision[2];
	uint16_t chassis; // chassis = ConsoleId.chassis_check >> 2;
} PsCode;

int sceSblSsMgrGetPscodeForDriver(PsCode *pscode);

sceSblSsMgrGetPscode2ForDriver

Version NID
3.60 0x9a9676d0

Executes F00D aimgr_sm.self command 0x4.

derived from _vshSblAimgrGetPscode2

typedef struct PsCode {
	char magic[2]; // {0, 1}
	char target_id[2];
	char model_revision[2];
	uint16_t chassis; // chassis = ConsoleId.chassis_check >> 2;
} PsCode;

int sceSblSsMgrGetPscode2ForDriver(uint64_t* result);

sceSblSsMgrCreatePassPhraseForDriver

Version NID
3.60 0xb8b298fd

executes F00D aimgr_sm.self command 0x5

derived from _vshSblSsCreatePassPhrase

//input is of size 0x18
int sceSblSsMgrCreatePassPhraseForDriver(char *input, char *output);

unk_e0b13ba7

Version NID
3.60 0xe0b13ba7

Used by SceSblUpdateMgr - does some initialization

unk_c38d0cea

Version NID
3.60 0xc38d0cea

Used by SceSblUpdateMgr - does some cleanup

sceSblSsMgrMemsetForDriver

Version NID
3.60 0xcd98cc92

Used by SceSblPostSsMgr

void sceSblSsMgrMemsetForDriver(char* dest, char value, int size);

SceSblSsMgr

This library exists on 1.69 but doesn't exist on 3.60.

SceSblQafMgr

typedef struct SceQafToken
{
  char data[0x180];
};

sceSblQafMgrGetQafToken

Version NID
1.69 0xB6BAE81D
3.60 0xB6BAE81D

On 3.60 returns 0x80010058.

int sceSblQafMgrGetQafToken(SceQafToken *qaf_token);

sceSblQafMgrGetQafToken2

Version NID
3.60 0xDFBA8569
int sceSblQafMgrGetQafToken2(SceQafToken *qaf_token);

sceSblQafManagerSetQafTokenForUser

Version NID
1.69 0x56A16392
3.60 0x56A16392

On 3.60 returns 0x80010058.

int sceSblQafManagerSetQafTokenForUser(SceQafToken qaf_token);

sceSblQafMgrSetQafToken2

Version NID
3.60 0xF4B5C8A5
int sceSblQafMgrSetQafToken2(SceQafToken qaf_token);

sceSblQafManagerDeleteQafTokenForUser

Version NID
1.69 0xD542583F
3.60 0xD542583F

On 3.60 returns 0x80010058.

int sceSblQafManagerDeleteQafTokenForUser(void);

sceSblQafMgrDeleteQafToken2

Version NID
3.60 0x62E30BF4
int v0; // r5
  int v1; // r6
  int v2; // r5
  signed int result; // r0
  char v4; // [sp+7h] [bp-199h]
  char buffer[128]; // [sp+8h] [bp-198h]
  char v6; // [sp+88h] [bp-118h]
  int v7; // [sp+18Ch] [bp-14h]

  v7 = MEMORY[0];
  memset(buffer, 0xFF, 0x180u);
  SceKernelSuspendForDriver_4DF40893_0(0);
  v0 = sceSblSsMgrSetSysconDataForKernel(0x400, buffer, 0x80);
  if ( v0 )
  {
    SceKernelSuspendForDriver_4DF40893(0);
    result = v0;
  }
  else
  {
    v1 = sceSblSsMgrSetSysconDataForKernel(0x5A0, &v6, 0x100);
    if ( v1 )
    {
      SceKernelSuspendForDriver_4DF40893(0);
      result = v1;
    }
    else
    {
      v4 = 1;
      v2 = sceSblSsMgrSetSysconDataForKernel(0x480, &v4, 1);
      SceKernelSuspendForDriver_4DF40893(0);
      result = v2;
    }
  }
  return result;
int sceSblQafMgrDeleteQafToken2(void);

sceSblQafManagerGetQafNameForUser

Version NID
1.69 0x0F7EA8C2
3.60 0x0F7EA8C2

Wrapper to sceSblQafManagerGetQafNameForKernel.

int sceSblQafManagerGetQafNameForUser(char *buffer, unsigned int max_len);

sceSblQafManagerGetQafName2ForUser

Version NID
3.60 0xF0CA8766
memset(buf, 0, 0x180);
sceSblSsMgrGetSysconDataForKernel(0x480, buf, 1);
sceSblSsMgrGetSysconDataForKernel(0x400, buf, 0x80);
memcpy(buffer, buf, 0x18);
sceSblSsMgrGetSysconDataForKernel(0x5A0, buf, 0x100);
// if all functions returned success
sceSblQafManagerGetQafNameForKernel(buf2, len);
sceKernelMemcpyKernelToUserForDriver(buffer, buf2, len)) != 0 )
int sceSblQafManagerGetQafName2ForUser(char *buffer, unsigned int max_len);

sceSblQafMgrIsAllowMinimumDebugMenuDisplay

Version NID
3.60 0xA156BBD2

return sysroot_buffer->qa_flags[0xF] & 1;

int sceSblQafMgrIsAllowMinimumDebugMenuDisplay(void);

sceSblQafMgrIsAllowLimitedDebugMenuDisplay

Version NID
1.69 0xC456212D
3.60 0xC456212D

return (sysroot_buffer->qa_flags[6] >> 1) & 1;

int sceSblQafMgrIsAllowLimitedDebugMenuDisplay(void);

sceSblQafMgrIsAllowAllDebugMenuDisplay

Version NID
1.69 0x66843305
3.60 0x66843305

return (sysroot_buffer->qa_flags[0xC] >> 1) & 1;

int sceSblQafMgrIsAllowAllDebugMenuDisplay(void);

sceSblQafManagerIsAllowKernelDebugForUser

Version NID
1.69 0x11D30766
3.60 0x11D30766

return sysroot_buffer->qa_flags[0xD] & 1;

int sceSblQafManagerIsAllowKernelDebugForUser(void);

sceSblQafMgrIsAllowForceUpdate

Version NID
1.69 0x63F29BA0
3.60 0x63F29BA0

return (sysroot_buffer->qa_flags[0xF] >> 1) & 1;

int sceSblQafMgrIsAllowForceUpdate(void);

sceSblQafMgrIsAllowNpTest

Version NID
1.69 0xA9EBCBAC
3.60 0xA9EBCBAC
if (sysroot_buffer->qa_flags[0xF] << 31)
   return 1;
else
   return sceSysrootUtMgrHasNpTestFlagForKernel(a1, a2, a3);
int sceSblQafMgrIsAllowNpTest(int a1, int a2, int a3);

sceSblQafMgrIsAllowNpFullTest

Version NID
3.60 0x72168C6E

return (sysroot_buffer->qa_flags[6] >> 1) & 1;

int sceSblQafMgrIsAllowNpFullTest(void);

sceSblQafMgrIsAllowNonQAPup

Version NID
1.69 0xB5621615
3.60 0xB5621615

return sysroot_buffer->qa_flags[0xF] & 1;

int sceSblQafMgrIsAllowNonQAPup(void);

sceSblQafMgrIsAllowScreenShotAlways

Version NID
1.69 0xD22A8731
3.60 0xD22A8731

return (sysroot_buffer->qa_flags[6] >> 1) & 1;

int sceSblQafMgrIsAllowScreenShotAlways(void);

sceSblQafMgrIsAllowRemoteSysmoduleLoad

Version NID
1.69 0xF45AA706
3.60 0xF45AA706

return (sysroot_buffer->qa_flags[0xD] >> 1) & 1;

int sceSblQafMgrIsAllowRemoteSysmoduleLoad(void);

SceSblRng

_sceKernelGetRandomNumber

Version NID
1.69 0xC37E818C
3.60 0xC37E818C
int _sceKernelGetRandomNumber(int *out, int a2, char a3[8]);

SceSblDmac5Mgr

sceSblDmac5HashTransform

Version NID
1.69 0x09EBC6EF
3.60 0x09EBC6EF

This function can execute the following dmac5 commands:

  • 0x3B: CMAC-AES (length 0x10)
  • 0x3: SHA1 (length 0x14)
  • 0x23: HMAC-SHA1 (length 0x14)
  • 0x13: SHA256 (length 0x20)
  • 0x33: HMAC-SHA256 (length 0x20)
typedef struct hash_trans_opt_t //size 0x18
{
   char* src;
   char* dst;
   uint32_t size;
   uint32_t unk_C; // = 0

   uint32_t unk_10; // = 0
   char* iv;
}hash_trans_opt_t;

// flags: 
// 0x000
// 0x400
// 0x800
// 0xC00

int sceSblDmac5HashTransform (hash_trans_opt_t* ctx, int command, int flags);

sceSblDmac5EncDecKeyGen

Version NID
1.69 0x5BF4F924
3.60 0x5BF4F924

This function is also called sceSblDmac5AesCbcDecKeyGen or sceSblDmac5AesCbcEncKeyGen in SceGameDataPlugin

typedef struct keygen_ctx //size is 0x18
{
   char *src; 
   char *dst; 
   int size; 
   char* key; 
   
   uint32_t key_size;  // (int bits)
   char* out; //hash ?
}keygen_ctx;

//command - 0xA (dmac5 command AES-192-CBC decrypt)
//command - 0x9 (dmac5 command AES-192-CBC encrypt)
int sceSblDmac5EncDecKeyGen(keygen_ctx* ctx, int key_id, int command);

sceSblDmac5EncDec

Version NID
1.69-3.60 0xD0B1F759
int sceSblDmac5EncDec(void *args, int command);

sceSblDmac5HmacKeyGen

Version NID
3.60 0xCCE57D33

This function called sceSblDmac5HmacKeyGen in SceSysLibTrace but is also called sceSblDmac5Sha256HmacKeyGen in SceGameDataPlugin

// data is of size 0x18 (24 - 192 bits ?)
// unk1 - 0x20001
// command - 0x33 (dmac5 HMAC-SHA256 command)
// flags - 0x400, 0x800, 0xC00
int sceSblDmac5HmacKeyGen(char* data, int unk1, int command, int flags);

SceSblAimgr

_sceKernelGetOpenPsId

Version NID
1.69 0x6E283E2E
3.60 0x6E283E2E
int _sceKernelGetOpenPsId(char open_psid[0x10]);