SceSblSsMgr: Difference between revisions
CelesteBlue (talk | contribs) No edit summary |
CelesteBlue (talk | contribs) No edit summary |
||
Line 1,404: | Line 1,404: | ||
|} | |} | ||
return | return pKblParam->qa_flags[0xF] & 1; | ||
<source lang="C">int sceSblQafMgrIsAllowMinimumDebugMenuDisplay(void);</source> | <source lang="C">int sceSblQafMgrIsAllowMinimumDebugMenuDisplay(void);</source> | ||
Line 1,416: | Line 1,416: | ||
|} | |} | ||
return ( | return (pKblParam->qa_flags[6] >> 1) & 1; | ||
<source lang="C">int sceSblQafMgrIsAllowLimitedDebugMenuDisplay(void);</source> | <source lang="C">int sceSblQafMgrIsAllowLimitedDebugMenuDisplay(void);</source> | ||
Line 1,428: | Line 1,428: | ||
|} | |} | ||
return ( | return (pKblParam->qa_flags[0xC] >> 1) & 1; | ||
<source lang="C">int sceSblQafMgrIsAllowAllDebugMenuDisplay(void);</source> | <source lang="C">int sceSblQafMgrIsAllowAllDebugMenuDisplay(void);</source> | ||
Line 1,440: | Line 1,440: | ||
|} | |} | ||
return | return pKblParam->qa_flags[0xD] & 1; | ||
<source lang="C">int sceSblQafManagerIsAllowKernelDebugForUser(void);</source> | <source lang="C">int sceSblQafManagerIsAllowKernelDebugForUser(void);</source> | ||
Line 1,452: | Line 1,452: | ||
|} | |} | ||
return ( | return (pKblParam->qa_flags[0xF] >> 1) & 1; | ||
<source lang="C">int sceSblQafMgrIsAllowForceUpdate(void);</source> | <source lang="C">int sceSblQafMgrIsAllowForceUpdate(void);</source> | ||
Line 1,465: | Line 1,465: | ||
<source lang="C"> | <source lang="C"> | ||
if ( | if (pKblParam->qa_flags[0xF] << 31) | ||
return 1; | return 1; | ||
else | else | ||
Line 1,481: | Line 1,481: | ||
|} | |} | ||
return ( | return (pKblParam->qa_flags[6] >> 1) & 1; | ||
<source lang="C">int sceSblQafMgrIsAllowNpFullTest(void);</source> | <source lang="C">int sceSblQafMgrIsAllowNpFullTest(void);</source> | ||
Line 1,493: | Line 1,493: | ||
|} | |} | ||
return | return pKblParam->qa_flags[0xF] & 1; | ||
<source lang="C">int sceSblQafMgrIsAllowNonQAPup(void);</source> | <source lang="C">int sceSblQafMgrIsAllowNonQAPup(void);</source> | ||
Line 1,505: | Line 1,505: | ||
|} | |} | ||
return ( | return (pKblParam->qa_flags[6] >> 1) & 1; | ||
<source lang="C">int sceSblQafMgrIsAllowScreenShotAlways(void);</source> | <source lang="C">int sceSblQafMgrIsAllowScreenShotAlways(void);</source> | ||
Line 1,517: | Line 1,517: | ||
|} | |} | ||
return ( | return (pKblParam->qa_flags[0xD] >> 1) & 1; | ||
<source lang="C">int sceSblQafMgrIsAllowRemoteSysmoduleLoad(void);</source> | <source lang="C">int sceSblQafMgrIsAllowRemoteSysmoduleLoad(void);</source> |
Revision as of 20:23, 4 February 2021
Module
Version | World | Privilege |
---|---|---|
1.69-3.60 | Non-secure | Kernel |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69-3.60 | SceSblSsMgrForKernel | Non-secure | Kernel | 0x74580D9F |
1.69-3.60 | SceSblSsMgrForDriver | Non-secure | Kernel | 0x61E9428D |
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xEC86E4B0 |
1.69-3.60 | SceSblQafMgr | Non-secure | User | 0x756B7E89 |
1.69-3.60 | SceSblRng | Non-secure | User | 0x1843F124 |
1.69-3.60 | SceSblDmac5Mgr | Non-secure | User | 0x437366A2 |
1.69-3.60 | SceSblAimgr | Non-secure | User | 0xD473F968 |
Types
SceKitActivationData
Offset | Size | Description |
---|---|---|
0x00 | 0x4 | Magic "act\0" |
0x04 | 0x4 | Format version |
0x08 | 0x4 | Issue number (increment each activation, prevent rollback) |
0x0C | 0x4 | Start validity time unix timestamp |
0x10 | 0x4 | End validity time unix timestamp |
0x14 | 0x10 | Activation key |
0x24 | 0x1C | Unused |
0x40 | 0x40 | Encrypted Token (First 0x30 bytes of SceKitActivationData then 0x10 byte CMAC) |
typedef struct SceConsoleId { uint16_t unk; // {0, 0} uint16_t company_code; // {0, 1} uint16_t product_code; uint16_t product_sub_code; uint8_t chassis_check; uint8_t unknown[7]; } SceConsoleId; typedef struct SceOpenPsId { uint8_t open_psid[0x10]; } SceOpenPsId; typedef struct ScePsCode { uint16_t company_code; // {0, 1} uint16_t product_code; uint16_t product_sub_code; uint16_t factory_code; // = chassis_check >> 2; } ScePsCode; typedef struct Sce SceVisibleId { char visible_id[0x20]; } SceVisibleId; typedef enum SceSblSsNvsData { SCE_SBL_SS_NVS_DATA_UNK_4A4 = 0, // offset 0x4A4, size 4 SCE_SBL_SS_NVS_DATA_UNK_500 = 1, // offset 0x500, size 1 SCE_SBL_SS_NVS_DATA_UNK_482 = 2, // offset 0x482, size 1 SCE_SBL_SS_NVS_DATA_UNK_4E0 = 3, // offset 0x4E0, size 0x20 SCE_SBL_SS_NVS_DATA_UNK_483 = 4, // offset 0x483, size 1 SCE_SBL_SS_NVS_DATA_UNK_486 = 5 // offset 0x486, size 1 } SceSblSsNvsData; typedef struct SceKitActivationDataToken { // size is 0x40 bytes char magic[4]; // "act\n" uint32_t issue_no; uint32_t format_version; uint32_t start_date; uint32_t end_date; char open_psid[0x10]; char padding[0xC]; char cmac[0x10]; } SceKitActivationDataToken; // This is what embeds the tm0:activation/act.dat file typedef struct SceKitActivationData { // size is 0x80 bytes char magic[4]; // "act\n" uint32_t issue_no; uint32_t format_version; uint32_t start_date; uint32_t end_date; char open_psid[0x10]; char padding[0x1C]; char encrypted_token[0x40]; } SceKitActivationData; typedef struct SceQafToken { // size is 0x80 bytes SceUInt32 qaf_version; SceUInt32 unk_4; char qaf_name[0x10]; // "NO_FLAGS" by default char unk_18[8]; char consoleid[0x10]; char qa_flags[0x10]; char unk_40[0x30]; char cmac[0x10]; // AES256CMAC of SceQafToken with zeroed CMAC field } SceQafToken; typedef struct ScePortabilityData { // size is 0x24 SceSize msg_size; // max size is 0x20 uint8_t msg[0x20]; } ScePortabilityData; // Used by run_encdec_cmd, itself called by sceSblDmac5EncDec for example. typedef struct dmac_op_ctx { dmac_op_ctx_heap *ctx_heap_addr; uint keyring_key_count; // if keyring_key_count < 0x100, keyring_key_count is used as DKey uint unk_8; SceUID dmac_opid; // used with sceKernelDmaOpFreeForDriver char iv[0x28]; // iv_size can be 0, 8, 0x10 or 0x28 depending on cmd itself depending on key_size } dmac_op_ctx; typedef struct dmac_op_ctx_heap { // size is 0x40 on FW 0.990 uint cmd; uint unk_4; // 0x100 uint unk_8; // 0 if unk_flag = 0, 0x3ffff else uint dmac5_op; char reserved[0x30]; } dmac_op_ctx_heap;
SceSblSsMgrForKernel
sceSblNvsReadDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xC2EC8F5A |
Previous name was sceSblSsMgrGetSysconDataForKernel and sceSblSsMgrNvsReadDataForKernel.
Calls sceSysconNvsReadDataForDriver.
Trying to read at offset 0-0x3FF: error 0x8025023C (cannot read SNVS using this function, need to use new protocols, to be documented).
Trying to read at offset > 0xB5F: error 0x80250001 (out of range).
int sceSblNvsReadDataForKernel(int offset, char *buffer, int size);
sceSblNvsWriteDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE29E161C |
Previous name was sceSblSsMgrSetSysconDataForKernel and sceSblSsMgrNvsWriteDataForKernel.
Calls sceSysconNvsWriteDataForDriver.
int sceSblNvsWriteDataForKernel(int offset, char *buffer, int size);
scePmMgrGetProductModeForKernel
Version | NID |
---|---|
0.990-3.60 | 0x516ECC08 |
From FWs 0.990 to 3.60, it is simply a redirect to SceSysmem#scePmMgrGetProductModeForDriver.
int scePmMgrGetProductModeForKernel(char* result);
sceSblQafManagerGetQafTokenForKernel
Version | NID |
---|---|
0.931-0.990 | 0x281FD75A |
int sceSblQafManagerGetQafTokenForKernel(SceQafToken *pToken);
sceSblQafManagerSetQafTokenForKernel
Version | NID |
---|---|
0.931-0.990 | 0x8E9447A1 |
int sceSblQafManagerSetQafTokenForKernel(SceQafToken *pToken);
sceSblQafManagerGetQafOnNVSForKernel
Version | NID |
---|---|
0.931 | not present |
0.990-1.03 | 0x228A6653 |
3.60 | not present |
SceQafToken *temp_token = pToken; sceSblNvsReadDataForKernel(0x480, flag, 1); if (!flag) { nvs_read(0x400, temp_token, 0x80); ret = exec_qaf_sm(temp_token, 0); } return ret;
int sceSblQafManagerGetQafOnNVSForKernel(SceQafToken *pToken)
sceSblQafManagerClearQafTokenForKernel
Version | NID |
---|---|
0.931-0.990 | 0xD45155C6 |
int sceSblQafManagerClearQafTokenForKernel(void);
uint32_t ret; char qaf_token[0x80]; memset(&qaf_token, 0xFF, 0x80); SceKernelSuspendForDriver_4DF40893(0); ret = sceSblNvsWriteDataForKernel(0x400, &qaf_token, 0x80); if (!ret) // if qaf_token successfully written, set a flag at 0x480 ret = sceSblNvsWriteDataForKernel(0x480, 1, 1); SceKernelSuspendForDriver_2BB92967(0); return ret;
sceSblQafManagerGetQAFlagsForKernel
Version | NID |
---|---|
0.990-3.60 | 0x83D254FF |
int sceSblQafManagerGetQAFlagsForKernel(char buffer[0x10]);
sceSblQafManagerGetQafNameForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE2DD0378 |
if ( byte_81008725 & 2 ) { char workaround_string = "qaf_workaround"; memcpy(buffer, workaround_string, max_len); } else { sceSblNvsReadDataForKernel(0x480, flag, 1); if (flag) { sceSblNvsReadDataForKernel(0x400, buf, 0x80); memcpy(buffer, buf, 0x18); } }
int sceSblQafManagerGetQafNameForKernel(char *buffer, unsigned int max_len);
SceSblSsMgrForDriver
Cryptographic functions in this module typically have 3 variations:
- Use
key
- meaning that the key that you provide is used directly for encryption/decryption. - Use
slot_id
- meaning that you have to use sceSblAuthMgrSetDmac5KeyForKernel function to set the key into a specific slot. In this case you select a key from F00D bykey_id
. It will be encrypted by F00D and placed into the slot selected byslot_id
. - Use
key_id
- meaning that the call to sceSblAuthMgrSetDmac5KeyForKernel will happen internally. In this case the key from F00D is also selected bykey_id
and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17.
sceSblRngPseudoRandomNumberForDriver
Version | NID |
---|---|
3.60 | 0x4F9BFBE5 |
Temp name was sceSblSsMgrGetRandomNumberForDriver.
int sceSblRngPseudoRandomNumberForDriver(char* result, int size);
sceSblRngGenuineRandomNumberForDriver
Version | NID |
---|---|
0.990-3.60 | 0xAC57F4F0 |
Temp name was sceSblSsMgrGetRandomDataForDriver.
Generates random data of length 0x40 bytes by doing: sceSblDmac5RndForDriver(dest, 0x40, 1);
Used in SceKrm, SceSblGcAuthMgr.
int sceSblRngGenuineRandomNumberForDriver(char* dest);
sceSblDmac5AllocOpForDriver
Version | NID |
---|---|
0.931 | 0x18A1BF77 |
3.60 | not present |
sceSblDmac5FreeOpForDriver
Version | NID |
---|---|
0.931 | 0xEB462E80 |
3.60 | not present |
sceSblDmac5DirectCryptForDriver
Version | NID |
---|---|
0.931 | 0x29BE9D99 |
3.60 | not present |
sceSblDmac5RndForDriver
Version | NID |
---|---|
3.60 | 0x4DD1B2E5 |
Temp name was sceSblSsMgrGetRandomDataCropForDriver.
Generates random data of length by executing Dmac5 command 0x4.
Data is then cropped to fit the size in pOutputBuffer.
Used in SceMsif.
int sceSblDmac5RndForDriver(char* pOutputBuffer, int size, int unk);
sceSblDmac5AesEcbEncForDriver
Version | NID |
---|---|
0.990-3.60 | 0xC517770D |
Temp name was sceSblSsMgrAESECBEncryptForDriver.
Executes Dmac5 command 0x1.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // mask_enable = 1 int sceSblDmac5AesEcbEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int mask_enable);
sceSblDmac5AesEcbDecForDriver
Version | NID |
---|---|
0.990-3.60 | 0x7C978BE7 |
Temp name was sceSblSsMgrAESECBDecryptForDriver.
Executes Dmac5 command 0x2.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // mask_enable = 1 int sceSblDmac5AesEcbDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int mask_enable);
sceSblDmac5AesEcbEncNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x0F7D28AF |
Temp name was sceSblSsMgrAESECBEncryptWithKeygenForDriver.
Executes Dmac5 command 0x1.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally // mask_enable = 1 int sceSblDmac5AesEcbEncNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int key_id, int mask_enable);
sceSblDmac5AesEcbDecNPForDriver
Version | NID |
---|---|
3.60 | 0x197ACF6F |
Temp name was sceSblSsMgrAESECBDecryptWithKeygenForDriver.
Executes Dmac5 command 0x2.
no usages found
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally // mask_enable = 1 int sceSblDmac5AesEcbDecNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int key_id, int mask_enable);
sceSblDmac5AesEcbEncWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x01BE0374 |
Executes Dmac5 command 0x1.
Used in SceSblMgKeyMgr.
// size - size of data in src // slot_id - 0x1C, 0x1D, 0x1E, 0x1F // key_size - 0x80 / 0xC0 / 0x100 (size in bits) // mask_enable = 1 int sceSblDmac5AesEcbEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable);
sceSblDmac5AesEcbDecWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x8B4700CB |
Executes Dmac5 command 0x2.
Used in SceSblMgKeyMgr.
// size - size of data in src // slot_id - 0x1D, ? // key_size - 128 / 192 / 256 (size in bits) // mask_enable = 1 int sceSblDmac5AesEcbDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable);
sceSblDmac5DesEcbEncWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x37DD5CBF |
Temp name was sceSblSsMgrDES64ECBEncryptForDriver.
This also implements 3DES. Chosen function depends on key size.
- for 64 - DES
- for 128 - not tested. assuming 3DES with K1 = K3.
- for 192 - 3DES
Executes Dmac5 command 0x41.
Used in SceSblMgKeyMgr.
// size - size of data in src // slot_id - 0x1C, ? // key_size - 192 (size in bits) - other sizes also work // mask_enable = 1 int sceSblDmac5DesEcbEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable);
sceSblDmac5DesEcbDecWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x8EAFB18A |
Temp name was sceSblSsMgrDES64ECBDecryptForDriver.
This also implements 3DES. Chosen function depends on key size.
- for 64 - DES
- for 128 - not tested. assuming 3DES with K1 = K3.
- for 192 - 3DES
Executes Dmac5 command 0x42.
Used in SceSblMgKeyMgr.
// size - size of data in src // slot_id - 0x1C, ? // key_size - 192 (size in bits) - other sizes also work // mask_enable = 1 int sceSblDmac5DesEcbDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable);
sceSblDmac5DesCbcEncWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x05B38698 |
Temp name was sceSblSsMgrDES64CBCEncryptForDriver.
This also probably implements 3DES. Chosen function depends on key size.
- for 0x40 - DES
- for 0x80 - not tested. assuming 3DES with K1 = K3.
- for 0xC0 - 3DES
Executes Dmac5 command 0x49.
no usages found
// size - size of data in src // slot_id - 0x1D, ? // key_size - ? - does not matter ? // iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?) // mask_enable = 1 int sceSblDmac5DesCbcEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5DesCbcDecWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x926BCCF0 |
Temp name was sceSblSsMgrDES64CBCDecryptForDriver.
This also probably implements 3DES. Chosen function depends on key size.
- for 0x40 - DES
- for 0x80 - not tested. assuming 3DES with K1 = K3.
- for 0xC0 - 3DES
Executes Dmac5 command 0x4A.
no usages found
// size - size of data in src // slot_id - 0x1D, ? // key_size - ? - does not matter ? // iv - length is 8 for DES // mask_enable = 1 int sceSblDmac5DesCbcDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5AesCbcEncForDriver
Version | NID |
---|---|
0.990-3.60 | 0xE6E1AD15 |
Temp name was sceSblSsMgrAESCBCEncryptForDriver.
Executes Dmac5 command 0x9.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (lenght in bytes) // key_size - 128 / 192 / 256 (size in bits) // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) // mask_enable = 1 int sceSblDmac5AesCbcEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5AesCbcDecForDriver
Version | NID |
---|---|
0.990-3.60 | 0x121FA69F |
SCE maybe made a typo: sceSblDmac5AEsCbcDecForDriver.
Temp name was sceSblSsMgrAESCBCDecryptForDriver.
Executes Dmac5 command 0xA.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) // mask_enable = 1 int sceSblDmac5AesCbcDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5AesCbcEncNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x711C057A |
Temp name was sceSblSsMgrAESCBCEncryptWithKeygenForDriver.
Executes Dmac5 command 0x9.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally // mask_enable = 1 int sceSblDmac5AesCbcEncNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable);
sceSblDmac5AesCbcDecNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x1901CB5E |
Temp name was sceSblSsMgrAESCBCDecryptWithKeygenForDriver.
Executes Dmac5 command 0xA.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally // mask_enable = 1 int sceSblDmac5AesCbcDecNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable);
sceSblDmac5AesCtrEncForDriver
Version | NID |
---|---|
1.50-3.60 | 0x82B5DCEF |
Temp name was sceSblSsMgrAESCTREncryptForDriver.
Executes Dmac5 command 0x21.
Used in SceNpDrm.
This function can also be used for decryption since CTR is symmetric function.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 // key_size - 128 / 192 / 256 (size in bits) // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) // mask_enable = 1 int sceSblDmac5AesCtrEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5AesCtrDecForDriver
Version | NID |
---|---|
3.60 | 0x7D46768C |
Temp name was sceSblSsMgrAESCTRDecryptForDriver.
Executes Dmac5 command 0x22.
no usages found
this function can also be used for encryption since CTR is symmetric function
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 // key_size - 128 / 192 / 256 (size in bits) // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) // mask_enable = 1 int sceSblDmac5AesCtrDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5Sha1ForDriver
Version | NID |
---|---|
3.60 | 0xEB3AF9B5 |
Executes Dmac5 command 0x3.
Used in ScePfsMgr.
// size - size of data in src // iv = 0 // mask_enable = 1 // command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrSha1ForDriver(const void *src, void *dst, SceSize size, void *iv, int mask_enable, int command_bit);
sceSblDmac5Sha1HmacTransformForDriver
Version | NID |
---|---|
0.990-3.60 | 0x6704D985 |
Temp name was sceSblSsMgrHMACSHA1ForDriver.
Executes Dmac5 command 0x23.
Used in ScePfsMgr.
Key size is always 256 bits.
// size - size of data in src // iv = 0 // mask_enable = 1 // command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblDmac5Sha1HmacTransformForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int mask_enable, int command_bit);
sceSblDmac5Sha1HmacNPForDriver
Version | NID |
---|---|
3.60 | 0x92E37656 |
Temp name was sceSblSsMgrHMACSHA1WithKeygenForDriver.
Executes Dmac5 command 0x23.
no usages found
key_size is always 256 bits
// size - size of data in src // key - length is always 0x20 bytes // iv = 0 // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally // mask_enable = 1 // command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblDmac5Sha1HmacNPForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int key_id, int mask_enable, int command_bit);
sceSblDmac5Sha256HmacForDriver
Version | NID |
---|---|
3.60 | 0x79F38554 |
Temp name was sceSblSsMgrHMACSHA256ForDriver.
Executes Dmac5 command 0x33.
no usages found
// size - size of data in src // iv = 0 // mask_enable = 1 // command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblDmac5Sha256HmacForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int mask_enable, int command_bit);
sceSblDmac5AesCmacForDriver
Version | NID |
---|---|
0.990-3.60 | 0x1B14658D |
Temp name was sceSblSsMgrAESCMACForDriver.
Executes Dmac5 command 0x3B.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // iv = 0 // mask_enable = 1 // command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblDmac5AesCmacForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable, int command_bit);
sceSblDmac5AesCmacNPForDriver
Version | NID |
---|---|
3.60 | 0x83B058F5 |
Temp name was sceSblSsMgrAESCMACWithKeygenForDriver.
Executes Dmac5 command 0x3B.
Used in ScePfsMgr.
// size - size of data in src // key - length is 0x10 / 0x18 / 0x20 (length in bytes) // key_size - 128 / 192 / 256 (size in bits) // iv = 0 // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. Uses slot_id range 0x0C-0x17 internally // mask_enable = 1 // command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblDmac5AesCmacNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable, int command_bit);
sceSblDmac5AesCmacWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0xEA6ACB6D |
Executes Dmac5 command 0x3B.
no usages found
// size - size of data in src // slot_id - 0x1D, ? // key_size - 128 / 192 / 256 (size in bits) // iv = 0 // mask_enable = 1 // command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblDmac5AesCmacWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable, int command_bit);
sceSblSsMgrExecuteDmac5HashCommandForDriver
Version | NID |
---|---|
3.60 | 0x9641374E |
Executes Dmac5 commands related to hash functions.
Used in SceNpDrm.
int sceSblSsMgrExecuteDmac5HashCommandForDriver(const void *src, void *dst, SceSize size, void *iv, int mask_enable, int command, int command_bit);
sceSblSsEncryptWithPortabilityForDriver
Version | NID |
---|---|
0.931-3.60 | 0x21EC51F6 |
derived from _vshSblSsEncryptWithPortability
Strangely it does not communicate with encdec_w_portability_sm command 0x1000A. That's because anyway this SM command is not implemented in release FWs.
int sceSblSsEncryptWithPortabilityForDriver(int key_id, void *iv, ScePortabilityData *plain, ScePortabilityData *enc);
sceSblSsDecryptWithPortabilityForDriver
Version | NID |
---|---|
0.931-3.60 | 0x934DB6B5 |
derived from _vshSblSsDecryptWithPortability
For example, decrypts or derives AES key that is used in msif to decrypt static sha224 table.
Executes F00D encdec_w_portability_sm command 0x2000A.
int sceSblSsDecryptWithPortabilityForDriver(SceUInt32 key_type, void *iv, ScePortabilityData *enc, ScePortabilityData *plain);
sceSblSsGetNvsDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0xFDD6D5DE |
derived from _vshSblSsGetNvsData
Calls sceSysconNvsReadDataForDriver.
// index - 0-5 // pData - destination buffer // size - 2, 4, 8, 0x10, 0x20 int sceSblSsGetNvsDataForDriver(SceSblSsNvsData index, void *pData, SceSize size);
sceSblSsSetNvsDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0x249ADB07 |
derived from _vshSblSsSetNvsData
Calls sceSysconNvsWriteDataForDriver.
// index - 0-5 // pData - source buffer // size - 2, 4, 8, 0x10, 0x20 int sceSblSsSetNvsDataForDriver(SceSblSsNvsData index, void *pData, SceSize size);
sceSblAimgrGetVisibleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0x04843835 |
Temp name was sceSblSsMgrGetVisibleIdForDriver, sceSblSsMgrGetFuseIdForDriver.
Derived from _vshSblAimgrGetVisibleId
.
Executes F00D aimgr_sm command 0x3.
int sceSblAimgrGetVisibleIdForDriver(SceVisibleId *pVisibleId);
sceSblAimgrGetConsoleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xFC6CDD68 |
Temp name was sceSblSsMgrGetConsoleIdForDriver.
This function obtains Console Id by executing F00D aimgr_sm command 0x1.
int sceSblAimgrGetConsoleIdForDriver(SceConsoleId *pConsoleId);
sceSblAimgrGetOpenPsIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xA5B5D269 |
Temp name was sceSblSsMgrGetOpenPsIdForDriver.
This function returns information from a static buffer that is initialized on module_start.
OpenPsId comes from kbl_param->openpsid using SceSysmem#sceKernelSysrootGetKblParamForKernel.
int sceSblAimgrGetOpenPsIdForDriver(SceOpenPsId *pOpenPsId);
sceSblAimgrGetPscodeForDriver
Version | NID |
---|---|
0.990-3.60 | 0xE0DC2587 |
Temp name was sceSblSsMgrGetPscodeForDriver.
Derived from _vshSblAimgrGetPscode
.
This function returns information from a static buffer that is initialized on module_start.
PsCode comes from kbl_param->pscode using SceSysmem#sceKernelSysrootGetKblParamForKernel.
int sceSblAimgrGetPscodeForDriver(ScePsCode *pPsCode);
sceSblAimgrGetPscode2ForDriver
Version | NID |
---|---|
3.60 | 0x9A9676D0 |
Temp name was sceSblSsMgrGetPscode2ForDriver.
Derived from _vshSblAimgrGetPscode2
Executes F00D aimgr_sm command 0x4.
int sceSblAimgrGetPscode2ForDriver(ScePsCode *pPsCode);
sceSblSsCreatePassPhraseForDriver
Version | NID |
---|---|
3.60 | 0xB8B298FD |
Executes F00D aimgr_sm command 0x5.
derived from _vshSblSsCreatePassPhrase
// input is of size 0x18 int sceSblSsCreatePassPhraseForDriver(char *input, char *output);
sceSblSsInfraAllocatePARangeVectorForDriver
Version | NID |
---|---|
0.931-3.60 | 0xE0B13BA7 |
Used by SceSblUpdateMgr.
int sceSblSsInfraAllocatePARangeVectorForDriver(void *buf, SceSize size, SceUID blockid, SceKernelPAVector *pPAV);
sceSblSsInfraFreePARangeVectorForDriver
Version | NID |
---|---|
0.931-3.60 | 0xC38D0CEA |
Used by SceSblUpdateMgr.
int sceSblSsInfraFreePARangeVectorForDriver(SceUID blockid, SceKernelPAVector *pPAV);
sceSblSsMemsetForDriver
Version | NID |
---|---|
3.60 | 0xCD98CC92 |
Used by SceSblPostSsMgr.
void sceSblSsMemsetForDriver(char* dest, char value, int size);
sceSblRtcMgrSetCpRtc_1ForDriver
Version | NID |
---|---|
0.931 | 0x2B259A82 |
3.60 | not present |
sceSblRtcMgrSetCpRtc_2ForDriver
Version | NID |
---|---|
0.940 | 0xD8F6F110 |
3.60 | moved to PostSsMgr |
sceSblRtcMgrGetCpRtcPhysicalForDriver
Version | NID |
---|---|
0.940 | 0xC96622EC |
3.60 | moved to PostSsMgr |
sceSblRtcMgrGetCpRtcLogicalForDriver
Version | NID |
---|---|
0.940 | 0xAF56206D |
3.60 | moved to PostSsMgr |
sceSblLicGetActivationKeyForDriver
Version | NID |
---|---|
0.940 | 0xED4878A4 |
3.60 | moved to PostSsMgr |
sceSblLicMgrGetExpireDateForDriver
Version | NID |
---|---|
0.940 | 0xE840CD4E |
3.60 | moved to PostSsMgr |
sceSblPmMgrGetProductModeFromNVSForDriver
Version | NID |
---|---|
0.931-0.940 | 0x196C7FB2 |
3.60 | moved to PostSsMgr |
sceSblPmMgrSetProductModeForDriver
Version | NID |
---|---|
0.931-0.940 | 0x33B706E1 |
3.60 | moved to PostSsMgr |
sceSblPmMgrAuthEtoIForDriver
Version | NID |
---|---|
0.931-0.940 | 0xB241EA2B |
3.60 | moved to PostSsMgr |
SceSblSsMgr
This library exists on FW 1.69 but does not exist on FW 3.60.
sceSblSsInfraAllocatePARangeVector
Version | NID |
---|---|
0.931-1.69 | 0x8C2822A9 |
int sceSblSsInfraAllocatePARangeVector(void *buf, SceSize size, SceUID blockid, SceKernelPAVector *pPAV);
sceSblSsInfraFreePARangeVector
Version | NID |
---|---|
0.931-1.69 | 0xFAD42134 |
int sceSblSsInfraFreePARangeVector(SceUID blockid, SceKernelPAVector *pPAV);
SceSblQafMgr
typedef struct SceQafToken { char data[0x80]; char sig[0x100]; // Not present on FW 0.990. Present on FW 3.60 } SceQafToken;
sceSblQafMgrGetQafToken
Version | NID |
---|---|
1.69-3.60 | 0xB6BAE81D |
On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS).
int sceSblQafMgrGetQafToken(SceQafToken *qaf_token);
sceSblQafMgrGetQafToken2
Version | NID |
---|---|
3.60 | 0xDFBA8569 |
int sceSblQafMgrGetQafToken2(SceQafToken *qaf_token);
sceSblQafManagerSetQafTokenForUser
Version | NID |
---|---|
1.69-3.60 | 0x56A16392 |
On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS).
int sceSblQafManagerSetQafTokenForUser(SceQafToken qaf_token);
sceSblQafMgrSetQafToken2
Version | NID |
---|---|
3.60 | 0xF4B5C8A5 |
int sceSblQafMgrSetQafToken2(SceQafToken qaf_token);
sceSblQafManagerDeleteQafTokenForUser
Version | NID |
---|---|
0.940-3.60 | 0xD542583F |
On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS).
int sceSblQafManagerDeleteQafTokenForUser(void);
sceSblQafMgrDeleteQafToken2
Version | NID |
---|---|
3.60 | 0x62E30BF4 |
int ret; int ret2; int ret3; signed int result; char flag; char data[0x80]; char sig[0x100]; memset(data, (char)0xFF, 0x180); SceKernelSuspendForDriver_4DF40893_0(0); ret = sceSblNvsWriteDataForKernel(0x400, data, 0x80); if ( ret ) { SceKernelSuspendForDriver_4DF40893(0); result = ret; } else { ret2 = sceSblNvsWriteDataForKernel(0x5A0, sig, 0x100); if ( ret2 ) { SceKernelSuspendForDriver_4DF40893(0); result = ret2; } else { flag = 1; ret3 = sceSblNvsWriteDataForKernel(0x480, &flag, 1); SceKernelSuspendForDriver_4DF40893(0); result = ret3; } } return result;
int sceSblQafMgrDeleteQafToken2(void);
sceSblQafManagerGetQafNameForUser
Version | NID |
---|---|
0.940-3.60 | 0x0F7EA8C2 |
Wrapper to sceSblQafManagerGetQafNameForKernel.
int sceSblQafManagerGetQafNameForUser(char *buffer, unsigned int max_len);
sceSblQafManagerGetQafName2ForUser
Version | NID |
---|---|
3.60 | 0xF0CA8766 |
memset(buf, 0, 0x180); sceSblNvsReadDataForKernel(0x480, buf, 1); sceSblNvsReadDataForKernel(0x400, buf, 0x80); memcpy(buffer, buf, 0x18); sceSblNvsReadDataForKernel(0x5A0, buf, 0x100); // if all functions returned success sceSblQafManagerGetQafNameForKernel(buf2, len); sceKernelMemcpyKernelToUserForDriver(buffer, buf2, len)) != 0 )
int sceSblQafManagerGetQafName2ForUser(char *buffer, unsigned int max_len);
sceSblQafMgrIsAllowMinimumDebugMenuDisplay
Version | NID |
---|---|
3.60 | 0xA156BBD2 |
return pKblParam->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowMinimumDebugMenuDisplay(void);
sceSblQafMgrIsAllowLimitedDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0xC456212D |
return (pKblParam->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowLimitedDebugMenuDisplay(void);
sceSblQafMgrIsAllowAllDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0x66843305 |
return (pKblParam->qa_flags[0xC] >> 1) & 1;
int sceSblQafMgrIsAllowAllDebugMenuDisplay(void);
sceSblQafManagerIsAllowKernelDebugForUser
Version | NID |
---|---|
0.940-3.60 | 0x11D30766 |
return pKblParam->qa_flags[0xD] & 1;
int sceSblQafManagerIsAllowKernelDebugForUser(void);
sceSblQafMgrIsAllowForceUpdate
Version | NID |
---|---|
1.69-3.60 | 0x63F29BA0 |
return (pKblParam->qa_flags[0xF] >> 1) & 1;
int sceSblQafMgrIsAllowForceUpdate(void);
sceSblQafMgrIsAllowNpTest
Version | NID |
---|---|
1.69-3.60 | 0xA9EBCBAC |
if (pKblParam->qa_flags[0xF] << 31) return 1; else return sceSysrootUtMgrHasNpTestFlagForKernel(a1, a2, a3);
int sceSblQafMgrIsAllowNpTest(int a1, int a2, int a3);
sceSblQafMgrIsAllowNpFullTest
Version | NID |
---|---|
3.60 | 0x72168C6E |
return (pKblParam->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowNpFullTest(void);
sceSblQafMgrIsAllowNonQAPup
Version | NID |
---|---|
1.69-3.60 | 0xB5621615 |
return pKblParam->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowNonQAPup(void);
sceSblQafMgrIsAllowScreenShotAlways
Version | NID |
---|---|
1.69-3.60 | 0xD22A8731 |
return (pKblParam->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowScreenShotAlways(void);
sceSblQafMgrIsAllowRemoteSysmoduleLoad
Version | NID |
---|---|
0.940-3.60 | 0xF45AA706 |
return (pKblParam->qa_flags[0xD] >> 1) & 1;
int sceSblQafMgrIsAllowRemoteSysmoduleLoad(void);
SceSblRng
sceSblRngGenuineRandomNumber
Version | NID |
---|---|
0.940-0.990 | 0xD1189305 |
Temp name was sceSblSsMgrGetRandomData.
Calls sceSblRngGenuineRandomNumberForDriver.
sceSblRngPseudoRandomNumber
Version | NID |
---|---|
0.940-0.990 | 0xD8BC42B8 |
_sceKernelGetRandomNumber
Version | NID |
---|---|
1.69-3.60 | 0xC37E818C |
int _sceKernelGetRandomNumber(int *out, int a2, char a3[8]);
SceSblDmac5Mgr
sceSblDmac5HashTransform
Version | NID |
---|---|
1.69-3.60 | 0x09EBC6EF |
This function can execute the following dmac5 commands:
- 0x3B: CMAC-AES (length 0x10)
- 0x03: SHA1 (length 0x14)
- 0x23: HMAC-SHA1 (length 0x14)
- 0x13: SHA256 (length 0x20)
- 0x33: HMAC-SHA256 (length 0x20)
typedef struct hash_trans_opt_t //size 0x18 { char* src; char* dst; uint32_t size; uint32_t unk_C; // = 0 uint32_t unk_10; // = 0 char* iv; } hash_trans_opt_t; // flags: // 0x000 // 0x400 // 0x800 // 0xC00 int sceSblDmac5HashTransform(hash_trans_opt_t* ctx, int command, int flags);
sceSblDmac5EncDecKeyGen
Version | NID |
---|---|
1.69-3.60 | 0x5BF4F924 |
This function is also named sceSblDmac5AesCbcDecKeyGen
or sceSblDmac5AesCbcEncKeyGen
in SceGameDataPlugin
typedef struct keygen_ctx //size is 0x18 { char *src; char *dst; int size; char* key; uint32_t key_size; // (int bits) char* out; //hash ? } keygen_ctx; // command - 0xA (dmac5 command AES-192-CBC decrypt) // command - 0x9 (dmac5 command AES-192-CBC encrypt) int sceSblDmac5EncDecKeyGen(keygen_ctx* ctx, int key_id, int command);
sceSblDmac5EncDec
Version | NID |
---|---|
0.931 | not present |
0.990-3.60 | 0xD0B1F759 |
int sceSblDmac5EncDec(void *args, int command);
sceSblDmac5EncDecNP
Version | NID |
---|---|
0.931 | not present |
0.940-0.990 | 0x30702CC7 |
3.60 | not present |
int sceSblDmac5EncDecNP(void *args, int key_id, int command);
sceSblDmac5HmacKeyGen
Version | NID |
---|---|
3.60 | 0xCCE57D33 |
This function is named sceSblDmac5HmacKeyGen
in SceSysLibTrace but is also called sceSblDmac5Sha256HmacKeyGen
in SceGameDataPlugin
.
// data is of size 0x18 (24 - 192 bits ?) // unk1 - 0x20001 // command - 0x33 (dmac5 HMAC-SHA256 command) // flags - 0x400, 0x800, 0xC00 int sceSblDmac5HmacKeyGen(char* data, int unk1, int command, int flags);
SceSblAimgr
_sceKernelGetOpenPsId
Version | NID |
---|---|
1.69-3.60 | 0x6E283E2E |
int _sceKernelGetOpenPsId(SceOpenPsId *pOpenPsId);