SceSblSsMgr: Difference between revisions
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) |
||
Line 1,034: | Line 1,034: | ||
|- | |- | ||
| 0.940 || 0xD8F6F110 | | 0.940 || 0xD8F6F110 | ||
|} | |||
=== sceSblRtcMgrGetCpRtcPhysicalForDriver === | |||
{| class="wikitable" | |||
|- | |||
! Version !! NID | |||
|- | |||
| 0.940 || 0xC96622EC | |||
|} | |||
=== sceSblRtcMgrGetCpRtcLogicalForDriver === | |||
{| class="wikitable" | |||
|- | |||
! Version !! NID | |||
|- | |||
| 0.940 || 0xAF56206D | |||
|} | |} | ||
Revision as of 22:54, 26 January 2019
Module
Known NIDs
Version | Name | World | Privilege | NID |
---|---|---|---|---|
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xFDDD93FA |
3.60 | SceSblSsMgr | Non-secure | Kernel | 0x4E913538 |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69-3.60 | SceSblSsMgrForKernel | Non-secure | Kernel | 0x74580D9F |
1.69-3.60 | SceSblSsMgrForDriver | Non-secure | Kernel | 0x61E9428D |
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xEC86E4B0 |
1.69-3.60 | SceSblQafMgr | Non-secure | User | 0x756B7E89 |
1.69-3.60 | SceSblRng | Non-secure | User | 0x1843F124 |
1.69-3.60 | SceSblDmac5Mgr | Non-secure | User | 0x437366A2 |
1.69-3.60 | SceSblAimgr | Non-secure | User | 0xD473F968 |
NVS Areas
Offset | Size | Comment | Used by |
---|---|---|---|
0 | 0x20 | qaf nvs mgmt area | "sceSblQafManagerSetFlag" (sub_81001610 on 0.990) |
0x2A0 | 0x20 | Qa Flag Version | "sceSblQafManagerSetQaFlagVersion" on .940 |
0x400 | 0x80 | Qaf Token | first 0x18 is QafName |
0x480 | 1 | Qaf Token not set flag | Set to 1 by default when Qaf Token is not set (FFed). |
0x520 | 0x20 | DevKit Activation data ?RTC?, ?issue_no? | 0x10 bytes of data followed by 0x10 bytes of AES256CMAC hash of data |
0x5A0 | 0x100 | Qaf Token signature ?RSA? | Not present on 0.990. Present on 3.60. Maybe added on 1.80. |
SceSblSsMgrForKernel
sceSblNvsReadDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xC2EC8F5A |
Previous name was sceSblSsMgrGetSysconDataForKernel and sceSblSsMgrNvsReadDataForKernel.
For example gets 0x20 bytes of data for act_sm.self command 0x4 call.
This is done by passing offset 0x520 as first argument.
int sceSblNvsReadDataForKernel(int offset, char *buffer, int size);
sceSblNvsWriteDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE29E161C |
Previous name was sceSblSsMgrSetSysconDataForKernel and sceSblSsMgrNvsWriteDataForKernel.
int sceSblNvsWriteDataForKernel(int offset, char *buffer, int size);
return_ffffffff
Version | NID |
---|---|
0.990-3.60 | 0x516ECC08 |
From 0.990 to 3.60, all it does is return -1; // 0xFFFFFFFF.
int return_ffffffff(void);
sceSblQafManagerGetQafTokenForKernel
Version | NID |
---|---|
0.990 | 0x281FD75A |
sceSblQafManagerSetQafTokenForKernel
Version | NID |
---|---|
0.990 | 0x8E9447A1 |
sceSblQafManagerClearQafTokenForKernel
Version | NID |
---|---|
0.990 | 0xD45155C6 |
int sceSblQafManagerClearQafTokenForKernel(void);
uint32_t ret; char buffer[0x80]; memset(&buffer, 0xFF, 0x80); SceKernelSuspendForDriver_4DF40893(0); ret = sceSblSsMgrNvsWriteDataForKernel(0x400, &buffer, 0x80); if ( !ret ) // if buffer successfully written, set a flag at 0x480 ret = sceSblSsMgrNvsWriteDataForKernel(0x480, (char)1, 1); SceKernelSuspendForDriver_2BB92967(0); return ret;
sceSblQafManagerGetQAFlagsForKernel
Version | NID |
---|---|
0.990-3.60 | 0x83D254FF |
int sceSblQafManagerGetQAFlagsForKernel(char buffer[0x10]);
sceSblQafManagerGetQafNameForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE2DD0378 |
if ( byte_81008725 & 2 ) { char workaround_string = "qaf_workaround"; memcpy(buffer, workaround_string, max_len); } else { sceSblNvsReadDataForKernel(0x480, flag, 1); if (flag) { sceSblNvsReadDataForKernel(0x400, buf, 0x80); memcpy(buffer, buf, 0x18); } }
int sceSblQafManagerGetQafNameForKernel(char *buffer, unsigned int max_len);
SceSblSsMgrForDriver
Cryptographic functions in this module typically have 3 variations:
- Use
key
- meaning that the key that you provide is used directly for encryption/decryption. - Use
slot_id
- meaning that you have to use sceSblAuthMgrSetDmac5KeyForKernel function to set the key into a specific slot.- Note that in this case you select a key from F00D by
key_id
. It will be encrypted by F00D and placed into the slot selected byslot_id
.
- Note that in this case you select a key from F00D by
- Use
key_id
- meaning that the call to sceSblAuthMgrSetDmac5KeyForKernel will happen internally.- In this case the key from F00D is also selected by
key_id
and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17.
- In this case the key from F00D is also selected by
sceSblSsMgrGetRandomNumberForDriver
Version | NID |
---|---|
3.60 | 0x4F9BFBE5 |
int sceSblSsMgrGetRandomNumberForDriver(char* result, int size);
sceSblSsMgrGetRandomDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0xAC57F4F0 |
Generates random data of length 0x40 by executing Dmac5 command 0x04
used in SceKrm, SceSblGcAuthMgr
int sceSblSsMgrGetRandomDataForDriver(char* dest);
sceSblDmac5RndForDriver
Version | NID |
---|---|
3.60 | 0x4DD1B2E5 |
Temp name was sceSblSsMgrGetRandomDataCropForDriver.
Generates random data of length 0x40 by executing Dmac5 command 0x04
Data is then cropped to fit the size in outputBuffer.
Used by SceMsif
int sceSblDmac5RndForDriver(char* outputBuffer, int size, int unk);
sceSblSsMgrAESECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0xC517770D |
Executes Dmac5 command 0x1
used in ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //mask_enable = 1 int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);
sceSblSsMgrAESECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x7C978BE7 |
Executes Dmac5 command 0x02
used ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //mask_enable = 1 int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);
sceSblSsMgrAESECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x01BE0374 |
Executes Dmac5 command 0x01
used in SceSblMgKeyMgr
//size - size of data in src //slot_id - 0x1C, 0x1D, 0x1E, 0x1F //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //mask_enable = 1 int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrAESECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x8B4700CB |
Executes Dmac5 command 0x02
used by SceSblMgKeyMgr
//size - size of data in src //slot_id - 0x1D, ? //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //mask_enable = 1 int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrAESECBEncryptWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x0F7D28AF |
Executes Dmac5 command 0x01
used in ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 int sceSblSsMgrAESECBEncryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);
sceSblSsMgrAESECBDecryptWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x197ACF6F |
Executes Dmac5 command 0x02
no usages found
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 int sceSblSsMgrAESECBDecryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);
sceSblSsMgrDES64ECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x37DD5CBF |
This also implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x41
used in SceMsif, SceSblMgKeyMgr
//size - size of data in src //slot_id - 0x1C, ? //key_size - 0xC0 (size in bits) - other sizes also work //mask_enable = 1 int sceSblSsMgrDES64ECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrDES64ECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x8EAFB18A |
This also implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x42
used in SceSblMgKeyMgr
//size - size of data in src //slot_id - 0x1C, ? //key_size - 0xC0 (size in bits) - other sizes also work //mask_enable = 1 int sceSblSsMgrDES64ECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrDES64CBCEncryptForDriver
Version | NID |
---|---|
3.60 | 0x05B38698 |
This also probably implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x49
no usages found
//size - size of data in src //slot_id - 0x1D, ? //key_size - ? - does not matter ? //iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrDES64CBCEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, char* iv, int mask_enable);
sceSblSsMgrDES64CBCDecryptForDriver
Version | NID |
---|---|
3.60 | 0x926BCCF0 |
This also probably implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x4A
no usages found
//size - size of data in src //slot_id - 0x1D, ? //key_size - ? - does not matter ? //iv - length is 8 for DES //mask_enable = 1 int sceSblSsMgrDES64CBCDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, char* iv, int mask_enable);
sceSblSsMgrAESCBCEncryptForDriver
Version | NID |
---|---|
3.60 | 0xE6E1AD15 |
Executes Dmac5 command 0x09
used by ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrAESCBCEncryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCBCDecryptForDriver
Version | NID |
---|---|
3.60 | 0x121FA69F |
Executes Dmac5 command 0x0A
used by ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrAESCBCDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblDmac5AesCbcEncNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x711C057A |
Temp name was sceSblSsMgrAESCBCEncryptWithKeygenForDriver.
Executes Dmac5 command 0x09
Used by ScePfsMgr.
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 int sceSblDmac5AesCbcEncNPForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);
sceSblSsMgrAESCBCDecryptWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x1901CB5E |
Executes Dmac5 command 0x0A
used by ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 int sceSblSsMgrAESCBCDecryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);
sceSblSsMgrAESCTREncryptForDriver
Version | NID |
---|---|
3.60 | 0x82B5DCEF |
Executes Dmac5 command 0x21
used by SceNpDrm
this function can also be used for decryption since CTR is symmetric function
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrAESCTREncryptForDriver (char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCTRDecryptForDriver
Version | NID |
---|---|
3.60 | 0x7D46768C |
Executes Dmac5 command 0x22
no usages found
this function can also be used for encryption since CTR is symmetric function
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrAESCTRDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrSHA1ForDriver
Version | NID |
---|---|
3.60 | 0xEB3AF9B5 |
Executes Dmac5 command 0x03
used by ScePfsMgr
key_size is always 0x100 bits
//size - size of data in src //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrSHA1ForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA1ForDriver
Version | NID |
---|---|
3.60 | 0x6704D985 |
Executes Dmac5 command 0x23
used by ScePfsMgr
key_size is always 0x100 bits
//size - size of data in src //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrHMACSHA1ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA1WithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x92E37656 |
Executes Dmac5 command 0x23
no usages found
key_size is always 0x100 bits
//size - size of data in src //key - length is always 0x20 //iv = 0 //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrHMACSHA1WithKeygenForDriver(char *src, char *dst, int size, char *key, char *iv, int key_id, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA256ForDriver
Version | NID |
---|---|
3.60 | 0x79F38554 |
Executes Dmac5 command 0x33
no usages found
//size - size of data in src //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrHMACSHA256ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0x1B14658D |
Executes Dmac5 command 0x3B
used in ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrAESCMACWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x83B058F5 |
Executes Dmac5 command 0x3B
used in ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv = 0 //key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForKernel. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrAESCMACWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0xEA6ACB6D |
Executes Dmac5 command 0x3B
no usages found
//size - size of data in src //slot_id - 0x1D, ? //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, int slot_id, int key_size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrExecuteDmac5HashCommandForDriver
Version | NID |
---|---|
3.60 | 0x9641374E |
Executes Dmac5 commands related to hash functions
used by SceNpDrm
int sceSblSsMgrExecuteDmac5HashCommandForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command, int command_bit);
sceSblSsEncryptWithPortabilityForDriver
Version | NID |
---|---|
0.990-3.60 | 0x21EC51F6 |
derived from _vshSblSsEncryptWithPortability
strangely enough does not use communication with F00D through command 0x1000A from encdec_w_portability_sm.self
struct size_data_pair { int size; char data[0x20]; }; int sceSblSsEncryptWithPortabilityForDriver(int key_id, char *iv, size_data_pair *src, size_data_pair *dst);
sceSblSsDecryptWithPortabilityForDriver
Version | NID |
---|---|
0.990-3.60 | 0x934DB6B5 |
derived from _vshSblSsDecryptWithPortability
Decrypts or derives AES key that is used in msif to decrypt static sha224 table.
Communication with F00D is done with command 0x2000A from encdec_w_portability_sm.self.
typedef struct ScePortabilityInputData // size of structure is 0x24 { uint32_t enc_size; // max size is 0x20 uint8_t enc_msg[0x20]; } ScePortabilityInputData; typedef struct ScePortabilityOutputData // size of structure is 0x24 { uint32_t plain_size; // max size is 0x20 uint8_t plain_msg[0x20]; } ScePortabilityOutputData; int sceSblSsDecryptWithPortabilityForDriver(int key_type, char *iv, ScePortabilityInputData* enc, ScePortabilityOutputData* plain);
sceSblSsGetNvsDataForDriver
Version | NID |
---|---|
3.60 | 0xFDD6D5DE |
derived from _vshSblSsGetNvsData
uses syscon function to get the data
//index - max index is 5 //input - max size is 0x20 int sceSblSsGetNvsDataForDriver(int index, char *output, int size);
sceSblSsSetNvsDataForDriver
Version | NID |
---|---|
3.60 | 0x249ADB07 |
derived from _vshSblSsSetNvsData
uses syscon function to set the data
//index - max index is 5 //input - max size is 0x20 int sceSblSsSetNvsDataForDriver(int index, char *input, int size);
sceSblAimgrGetVisibleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0x04843835 |
Temp name was sceSblSsMgrGetVisibleIdForDriver.
In old firmwares this function was named sceSblSsMgrGetFuseIdForDriver
.
Derived from _vshSblAimgrGetVisibleId
.
Executes F00D aimgr_sm.self command 0x3.
typedef struct VisibleId { char visible_id[0x20]; } VisibleId; int sceSblAimgrGetVisibleIdForDriver(VisibleId* visible_id);
sceSblAimgrGetConsoleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xFC6CDD68 |
Temp name was sceSblSsMgrGetConsoleIdForDriver.
This function obtains Console Id by executing aimgr_sm.self F00D command 0x1
typedef struct ConsoleId { // size 0x10 char magic[4]; // {0, 0, 0, 1} char product_code[2]; char product_sub_code[2]; char chassis_check; char unknown[7]; } ConsoleId; int sceSblAimgrGetConsoleIdForDriver(ConsoleId* console_id);
sceSblAimgrGetOpenPsIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xA5B5D269 |
Temp name was sceSblSsMgrGetOpenPsIdForDriver.
This function returns information from a static buffer that is initialized on module_start.
Read OpenPsId from sysroot_buffer+0x70 using sceSysrootGetSysrootBufferForKernel.
typedef struct OpenPsId { char open_psid[0x10]; } OpenPsId; int sceSblAimgrGetOpenPsIdForDriver(OpenPsId *open_psid);
sceSblAimgrGetPscodeForDriver
Version | NID |
---|---|
0.990-3.60 | 0xE0DC2587 |
Temp name was sceSblSsMgrGetPscodeForDriver.
Derived from _vshSblAimgrGetPscode
.
This function returns information from a static buffer that is initialized on module_start.
Read PsCode from sysroot_buffer+0xA0 using sceSysrootGetSysrootBufferForKernel.
typedef struct PsCode { char magic[2]; // {0, 1} char product_code[2]; char product_sub_code[2]; uint16_t chassis; // chassis = chassis_check >> 2; } PsCode; int sceSblAimgrGetPscodeForDriver(PsCode *pscode);
sceSblAimgrGetPscode2ForDriver
Version | NID |
---|---|
3.60 | 0x9A9676D0 |
Temp name was sceSblSsMgrGetPscode2ForDriver.
Executes F00D aimgr_sm.self command 0x4.
derived from _vshSblAimgrGetPscode2
int sceSblAimgrGetPscode2ForDriver(PsCode *pscode);
sceSblSsCreatePassPhraseForDriver
Version | NID |
---|---|
3.60 | 0xB8B298FD |
executes F00D aimgr_sm.self command 0x5
derived from _vshSblSsCreatePassPhrase
//input is of size 0x18 int sceSblSsCreatePassPhraseForDriver(char *input, char *output);
unk_e0b13ba7
Version | NID |
---|---|
3.60 | 0xE0B13BA7 |
Used by SceSblUpdateMgr - does some initialization
unk_c38d0cea
Version | NID |
---|---|
3.60 | 0xC38D0CEA |
Used by SceSblUpdateMgr - does some cleanup
sceSblSsMgrMemsetForDriver
Version | NID |
---|---|
3.60 | 0xCD98CC92 |
Used by SceSblPostSsMgr
void sceSblSsMgrMemsetForDriver(char* dest, char value, int size);
sceSblPmMgrSetProductModeForDriver
Version | NID |
---|---|
0.940 | 0x33B706E1 |
Know values: set 1 then reboot.
void sceSblPmMgrSetProductModeForDriver(int product_mode);
sceSblPmMgrAuthEtoIForDriver
Version | NID |
---|---|
0.940 | 0xB241EA2B |
sceSblRtcMgrSetCpRtcForDriver
Version | NID |
---|---|
0.940 | 0xD8F6F110 |
sceSblRtcMgrGetCpRtcPhysicalForDriver
Version | NID |
---|---|
0.940 | 0xC96622EC |
sceSblRtcMgrGetCpRtcLogicalForDriver
Version | NID |
---|---|
0.940 | 0xAF56206D |
sceSblLicGetActivationKeyForDriver
Version | NID |
---|---|
0.940 | 0xED4878A4 |
3.60 | moved to PostSsMgr |
sceSblLicMgrGetExpireDateForDriver
Version | NID |
---|---|
0.940 | 0xE840CD4E |
3.60 | moved to PostSsMgr |
SceSblSsMgr
This library exists on 1.69 but doesn't exist on 3.60.
sceSblSsInfraAllocatePARangeVector
Version | NID |
---|---|
0.990 | 0x8C2822A9 |
SceSblSsMgr_FAD42134
Version | NID |
---|---|
0.990 | 0xFAD42134 |
SceSblQafMgr
typedef struct SceQafToken { char data[0x80]; char sig[0x100]; // not present on 0.990 };
sceSblQafMgrGetQafToken
Version | NID |
---|---|
1.69-3.60 | 0xB6BAE81D |
On 3.60 returns 0x80010058.
int sceSblQafMgrGetQafToken(SceQafToken *qaf_token);
sceSblQafMgrGetQafToken2
Version | NID |
---|---|
3.60 | 0xDFBA8569 |
int sceSblQafMgrGetQafToken2(SceQafToken *qaf_token);
sceSblQafManagerSetQafTokenForUser
Version | NID |
---|---|
1.69-3.60 | 0x56A16392 |
On 3.60 returns 0x80010058.
int sceSblQafManagerSetQafTokenForUser(SceQafToken qaf_token);
sceSblQafMgrSetQafToken2
Version | NID |
---|---|
3.60 | 0xF4B5C8A5 |
int sceSblQafMgrSetQafToken2(SceQafToken qaf_token);
sceSblQafManagerDeleteQafTokenForUser
Version | NID |
---|---|
1.69-3.60 | 0xD542583F |
On 3.60 returns 0x80010058.
int sceSblQafManagerDeleteQafTokenForUser(void);
sceSblQafMgrDeleteQafToken2
Version | NID |
---|---|
3.60 | 0x62E30BF4 |
int ret; int ret2; int ret3; signed int result; char flag; char data[0x80]; char sig[0x100]; memset(data, (char)0xFF, 0x180); SceKernelSuspendForDriver_4DF40893_0(0); ret = sceSblNvsWriteDataForKernel(0x400, data, 0x80); if ( ret ) { SceKernelSuspendForDriver_4DF40893(0); result = ret; } else { ret2 = sceSblNvsWriteDataForKernel(0x5A0, sig, 0x100); if ( ret2 ) { SceKernelSuspendForDriver_4DF40893(0); result = ret2; } else { flag = 1; ret3 = sceSblNvsWriteDataForKernel(0x480, &flag, 1); SceKernelSuspendForDriver_4DF40893(0); result = ret3; } } return result;
int sceSblQafMgrDeleteQafToken2(void);
sceSblQafManagerGetQafNameForUser
Version | NID |
---|---|
1.69-3.60 | 0x0F7EA8C2 |
Wrapper to sceSblQafManagerGetQafNameForKernel.
int sceSblQafManagerGetQafNameForUser(char *buffer, unsigned int max_len);
sceSblQafManagerGetQafName2ForUser
Version | NID |
---|---|
3.60 | 0xF0CA8766 |
memset(buf, 0, 0x180); sceSblNvsReadDataForKernel(0x480, buf, 1); sceSblNvsReadDataForKernel(0x400, buf, 0x80); memcpy(buffer, buf, 0x18); sceSblNvsReadDataForKernel(0x5A0, buf, 0x100); // if all functions returned success sceSblQafManagerGetQafNameForKernel(buf2, len); sceKernelMemcpyKernelToUserForDriver(buffer, buf2, len)) != 0 )
int sceSblQafManagerGetQafName2ForUser(char *buffer, unsigned int max_len);
sceSblQafMgrIsAllowMinimumDebugMenuDisplay
Version | NID |
---|---|
3.60 | 0xA156BBD2 |
return sysroot_buffer->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowMinimumDebugMenuDisplay(void);
sceSblQafMgrIsAllowLimitedDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0xC456212D |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowLimitedDebugMenuDisplay(void);
sceSblQafMgrIsAllowAllDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0x66843305 |
return (sysroot_buffer->qa_flags[0xC] >> 1) & 1;
int sceSblQafMgrIsAllowAllDebugMenuDisplay(void);
sceSblQafManagerIsAllowKernelDebugForUser
Version | NID |
---|---|
1.69-3.60 | 0x11D30766 |
return sysroot_buffer->qa_flags[0xD] & 1;
int sceSblQafManagerIsAllowKernelDebugForUser(void);
sceSblQafMgrIsAllowForceUpdate
Version | NID |
---|---|
1.69-3.60 | 0x63F29BA0 |
return (sysroot_buffer->qa_flags[0xF] >> 1) & 1;
int sceSblQafMgrIsAllowForceUpdate(void);
sceSblQafMgrIsAllowNpTest
Version | NID |
---|---|
1.69-3.60 | 0xA9EBCBAC |
if (sysroot_buffer->qa_flags[0xF] << 31) return 1; else return sceSysrootUtMgrHasNpTestFlagForKernel(a1, a2, a3);
int sceSblQafMgrIsAllowNpTest(int a1, int a2, int a3);
sceSblQafMgrIsAllowNpFullTest
Version | NID |
---|---|
3.60 | 0x72168C6E |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowNpFullTest(void);
sceSblQafMgrIsAllowNonQAPup
Version | NID |
---|---|
1.69-3.60 | 0xB5621615 |
return sysroot_buffer->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowNonQAPup(void);
sceSblQafMgrIsAllowScreenShotAlways
Version | NID |
---|---|
1.69-3.60 | 0xD22A8731 |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowScreenShotAlways(void);
sceSblQafMgrIsAllowRemoteSysmoduleLoad
Version | NID |
---|---|
1.69-3.60 | 0xF45AA706 |
return (sysroot_buffer->qa_flags[0xD] >> 1) & 1;
int sceSblQafMgrIsAllowRemoteSysmoduleLoad(void);
SceSblRng
sceSblSsMgrGetRandomData
Version | NID |
---|---|
0.990 | 0xD1189305 |
Calls sceSblSsMgrGetRandomDataForDriver.
?_sceKernelGetRandomNumber_OLD?
Version | NID |
---|---|
0.990 | 0xD8BC42B8 |
_sceKernelGetRandomNumber
Version | NID |
---|---|
1.69-3.60 | 0xC37E818C |
int _sceKernelGetRandomNumber(int *out, int a2, char a3[8]);
SceSblDmac5Mgr
sceSblDmac5HashTransform
Version | NID |
---|---|
1.69-3.60 | 0x09EBC6EF |
This function can execute the following dmac5 commands:
- 0x3B: CMAC-AES (length 0x10)
- 0x03: SHA1 (length 0x14)
- 0x23: HMAC-SHA1 (length 0x14)
- 0x13: SHA256 (length 0x20)
- 0x33: HMAC-SHA256 (length 0x20)
typedef struct hash_trans_opt_t //size 0x18 { char* src; char* dst; uint32_t size; uint32_t unk_C; // = 0 uint32_t unk_10; // = 0 char* iv; }hash_trans_opt_t; // flags: // 0x000 // 0x400 // 0x800 // 0xC00 int sceSblDmac5HashTransform(hash_trans_opt_t* ctx, int command, int flags);
sceSblDmac5EncDecKeyGen
Version | NID |
---|---|
1.69-3.60 | 0x5BF4F924 |
This function is also named sceSblDmac5AesCbcDecKeyGen
or sceSblDmac5AesCbcEncKeyGen
in SceGameDataPlugin
typedef struct keygen_ctx //size is 0x18 { char *src; char *dst; int size; char* key; uint32_t key_size; // (int bits) char* out; //hash ? }keygen_ctx; //command - 0xA (dmac5 command AES-192-CBC decrypt) //command - 0x9 (dmac5 command AES-192-CBC encrypt) int sceSblDmac5EncDecKeyGen(keygen_ctx* ctx, int key_id, int command);
sceSblDmac5EncDec
Version | NID |
---|---|
1.69-3.60 | 0xD0B1F759 |
int sceSblDmac5EncDec(void *args, int command);
sceSblDmac5HmacKeyGen
Version | NID |
---|---|
3.60 | 0xCCE57D33 |
This function is named sceSblDmac5HmacKeyGen
in SceSysLibTrace but is also called sceSblDmac5Sha256HmacKeyGen
in SceGameDataPlugin
.
// data is of size 0x18 (24 - 192 bits ?) // unk1 - 0x20001 // command - 0x33 (dmac5 HMAC-SHA256 command) // flags - 0x400, 0x800, 0xC00 int sceSblDmac5HmacKeyGen(char* data, int unk1, int command, int flags);
SceSblAimgr
_sceKernelGetOpenPsId
Version | NID |
---|---|
1.69-3.60 | 0x6E283E2E |
int _sceKernelGetOpenPsId(char open_psid[0x10]);