SceSblSsSmComm: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
 
(46 intermediate revisions by 3 users not shown)
Line 1: Line 1:
SceSblSsSmComm is a kernel module that is primary responsible for sending F00D commands.
SceSblSsSmComm is a kernel module that is primarily responsible for calling [[Secure_Modules|Secure Modules]] functions.


== Module ==
== Module ==


=== Known NIDs ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! Name !! World !! Privilege !! NID
! Version !! World !! Privilege
|-
| 1.69 || SceSblSsSmComm || Non-secure || Kernel || 0xA6A2A041
|-
| 3.57 || SceSblSsSmComm || Non-secure || Kernel || 0x301EDC39
|-
|-
| 3.60 || SceSblSsSmComm || Non-secure || Kernel || 0xBB4B5D92
| 0.931.010-3.740.011 || Non-secure || Kernel
|}
|}


Line 23: Line 18:
! Version !! Name !! World !! Visibility !! NID
! Version !! Name !! World !! Visibility !! NID
|-
|-
| 1.69-3.60 || [[SceSblSsSmComm#SceSblSmCommForKernel|SceSblSmCommForKernel]] || Non-secure || Kernel || 0xCD3C89B6
| 0.931.010-3.740.011 || [[SceSblSsSmComm#SceSblSmCommForKernel|SceSblSmCommForKernel]] || Non-secure || Kernel || 0xCD3C89B6
|-
| 0.931.010-1.692.000 || [[SceSblSsSmComm#SceSblSsSmComm|SceSblSsSmComm]] || Non-secure || User || 0xD8DC7847
|-
|-
| 1.69 || [[SceSblSsSmComm#SceSblSsSmComm|SceSblSsSmComm]] || Non-secure || User || 0xD8DC7847
| 1.800.071-3.740.011 || [[SceSblSsSmComm#SceSblSsSmComm|SceSblSsSmComm]] || Non-secure || User || not present
|}
|}


Line 31: Line 28:


<source lang = "C">
<source lang = "C">
/* example of caller_self_info
/* example of spawner_self_auth_info
char data[0x90] =
char data[0x90] =
{
{
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // max program-authority-id
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // KBL program-authority-id
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00,
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00, // KBL capability
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00,
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00, // KBL attribute
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, // KBL shared secret
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
Line 54: Line 51:
}; */
}; */


typedef struct SceSblSmCommContext130 // size is 0x130 as its name indicates
typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931.010-3.740.011
{
  SceUInt64 program_authority_id;
   uint32_t unk_0;
  uint8_t padding[8];
   uint32_t self_type; // kernel = 0, user = 1, SM = 2
  uint8_t capability[0x20];
   SceSelfInfo caller_self_info; // can be obtained with sceKernelGetSelfInfoForKernel
  uint8_t attribute[0x20];
   SceSelfInfo called_self_info; // set by F00D in F00D SceSblSmCommContext130 response
  SceSharedSecret shared_secret; // current hypothesis of SceSharedSecret is full (0x40 bytes) shared_secret overwritten with klicensee at offset 0x10
   uint32_t pathId; // can be obtained with sceSblACMgrGetPathIdForKernel or sceIoGetPathIdExForDriver
} SceSelfAuthInfo;
   uint32_t unk_12C;
 
typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931.010-3.740.011 (as its name indicates)
   SceUInt32 unk_0;
   SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
   SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
   SceSelfAuthInfo spawned_self_auth_info; // set by secure_kernel in response SceSblSmCommContext130
   SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
   SceUInt32 unk_0x12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == 1, then set unk_0x12C to 1, else set to 10, ?mistook with media_type?
} SceSblSmCommContext130;
} SceSblSmCommContext130;
</source>
</source>
Line 67: Line 71:
== SceSblSmCommForKernel ==
== SceSblSmCommForKernel ==


=== sceSblSmCommStopSmForKernel ===
=== sceSblSmCommCallFunc_ForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 1.69-3.60 || 0x0631F8ED
| 0.931.010-1.03 || 0x4960DF9E
|-
| 1.692.000-3.740.011 || not present
|}
|}


This function calls [[SceSblSsSmComm#sceSblSmCommCallFuncForKernel|sceSblSmCommCallFuncForKernel]] with <code>-1</code> as <code>command_id</code> and then calls [[SceSblSmschedProxy#sceSblSmSchedProxyWaitForKernel|sceSblSmSchedProxyWaitForKernel]].
This function is just a 4-argument wrapper for [[#sceSblSmCommCallFuncForKernel]].


<source lang="c">int sceSblSmCommStopSmForKernel(int id, int result[2]);</source>
<source lang="c">
typedef struct sceSblSmCommCallFunc_Param {
    void *pData;
    SceSize dataSize;
} sceSblSmCommCallFunc_Param;


=== sceSblSmCommStartSmFromDataForKernel ===
int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);
</source>
 
=== sceSblSmCommStopCommForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 1.69 || 0x992BB9DB
| 0.931.010-1.03 || 0xC35FB95A
|-
|-
| 3.60 || 0x039C73B1
| 1.692.000-3.740.011 || not present
|}
|}


<source lang="c">int sceSblSmCommStartSmFromDataForKernel(int priority, const char *sm_self_data, int sm_self_size, int num1, SceSblSmCommContext130 *ctx_130, int* id);</source>
<source lang="C">int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);</source>


=== sceSblSmCommStartSmFromFileForKernel ===
=== sceSblSmCommStartSmForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 3.60 || 0x7863A0CC
| 0.931.010-1.03 || 0x7863A0CC
|-
| 1.692.000-1.810.021 || not present
|-
| 2.000.081-3.740.011 || 0x7863A0CC
|}
|}


<source lang="c">int sceSblSmCommStartSmFromFileForKernel(int priority, char* sm_self_path, int num1, SceSblSmCommContext130* ctx_130, int* id);</source>
Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will [[CMeP#Protocol|suspend]] the low one.
 
The following conditions must be met in order for this function to be called successfully:
- In kernel thread.
- In kernel context.


Priority is binary: 1 = low, 0 = high. Running a high priority SM module while a low priority one is currently running will [[F00D Processor|suspend]] it.
Calling a function without satisfying the conditions freezes the system.
 
<source lang="c">int sceSblSmCommStartSmForKernel(SceBool priority, const char *sm_self_path, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);</source>
 
=== sceSblSmCommStartSm_ForKernel ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.931.010-1.800.071 || 0x992BB9DB
|-
| 2.000.081-3.740.011 || not present
|}
 
<source lang="c">int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);</source>
 
=== sceSblSmCommStartSmFromDataForKernel ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.931.010-1.800.071 || not present
|-
| 3.600.011-3.740.011 || 0x039C73B1
|}
 
<source lang="c">int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const void *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);</source>


=== sceSblSmCommCallFuncForKernel ===
=== sceSblSmCommCallFuncForKernel ===
{| class="wikitable"
! Version !! NID
|-
| 0.931.010-3.740.011 || 0xDB9FC204
|}
<source lang="c">int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);</source>
=== sceSblSmCommStopSmForKernel ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
| 1.69-3.60 || 0xDB9FC204
|-
| 0.931.010-3.740.011 || 0x0631F8ED
|}
|}


sm_comm_context is described more [[F00D_Commands#0x1000B|here]]
This function calls [[SceSblSsSmComm#sceSblSmCommCallFuncForKernel|sceSblSmCommCallFuncForKernel]] with <code>-1 (0xFFFFFFFF)</code> as <code>func_id</code> and then calls [[SceSblSmschedProxy#sceSblSmSchedProxyWaitForKernel|sceSblSmSchedProxyWaitForKernel]].


f00d_resp comes from [[F00D_Commands#Request_Buffer|Request Buffer]] from offset 0x08
<source lang="c">int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);</source>


gc_param is generated by game card and has value 0x01
== SceSblSsSmComm ==


<source lang="c">
This library is present up to and including System Software version 1.692.000, then removed since System Software version 1.800.071 for security reasons.
typedef struct SceSblSmCommGcData {
int unk_0; // 1
int gc_command;
char gc_buffer[0x800];
int gc_param;
int length;
int unk_810; // 0
} SceSblSmCommGcData; /* size = 0x814 */


typedef struct SceSblSmCommMsifData {
=== sceSblSmCommStartSm ===
unsigned int unk00;
{| class="wikitable"
unsigned int unk04;
|-
unsigned int unk08;
! Version !! NID
unsigned int unk0C;
|-
unsigned int unk10;
| 0.931.010-1.000.041 || 0x7863A0CC
unsigned int unk14;
|-
unsigned int unk18;
| 1.692.000-3.740.011 || not present
unsigned int unk1C;
|}
} SceSblSmCommMsifData; /* size = 0x20 */


int sceSblSmCommCallFuncForKernel(int id, int service_id, int *f00d_resp, void *data, int size);
Alias for [[#sceSblSmCommStartSmForKernel]].
</source>


== SceSblSsSmComm ==
=== sceSblSmCommCallFunc_ ===
{| class="wikitable"
|-
! Version !! NID
|-
| 0.931.010-1.000.041 || 0x4960DF9E
|-
| 1.692.000-3.740.011 || not present
|}


This library is present on 1.69 but is not present on 3.60.
Alias for [[#sceSblSmCommCallFunc_ForKernel]].


=== sceSblSmCommStopSm ===
=== sceSblSmCommStopComm ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 1.69 || 0x631F8ED
| 0.931.010-1.000.041 || 0xC35FB95A
|-
| 1.692.000-3.740.011 || not present
|}
|}
Alias for [[#sceSblSmCommStopCommForKernel]].


=== sceSblSmCommStartSm_ ===
=== sceSblSmCommStartSm_ ===
Line 157: Line 216:
! Version !! NID
! Version !! NID
|-
|-
| 1.69 || 0x992BB9DB
| 0.931.010-1.692.000 || 0x992BB9DB
|-
| 1.800.071-3.740.011 || not present
|}
|}
Alias for [[#sceSblSmCommStartSm_ForKernel]].


=== sceSblSmCommCallFunc ===
=== sceSblSmCommCallFunc ===
{| class="wikitable"
! Version !! NID
|-
| 0.931.010-1.692.000 || 0xDB9FC204
|-
| 1.800.071-3.740.011 || not present
|}
Alias for [[#sceSblSmCommCallFuncForKernel]].
=== sceSblSmCommStopSm ===
{| class="wikitable"
{| class="wikitable"
|-
|-
! Version !! NID
! Version !! NID
|-
|-
| 1.69 || 0xDB9FC204
| 0.931.010-1.692.000 || 0x0631F8ED
|-
| 1.800.071-3.740.011 || not present
|}
|}


Alias for [[#sceSblSmCommStopSmForKernel]].
== Changelog ==
Between 1.000.041 and 1.692.000 (to precise): many exported functions were removed. These functions were exported both to usermode and to kernel.
Between 1.692.000 and 1.800.071: the usermode library SceSblSsSmComm was removed. It should not have been exported to usermode for two security reasons: firstly SM communication should not be handled by usermode programs, secondly these exported functions were pointing to their kernel equivalent without any check on input addresses.
Between 1.800.071 and 2.500.071 (to precise): sceSblSmCommStartSm_ForKernel was replaced by two functions: sceSblSmCommStartSmForKernel (same name as in 0.931.010) that has the same features and sceSblSmCommStartSmFromDataForKernel that loads a SM from a buffer instead of a file.
== Obfuscated names ==
Since some System Software version between 1.000.041 and 1.692.000 (to precise), the module is compiled with a MACRO that converts some object names to obfuscated names. The algorithm is obfuscated_name = "SceSblSmComm" + hash(real_name) where hash is an unknown function.


{| class="wikitable"
|-
! Real name !! Hash of real name !! Obfuscated name !! Comments
|-
| SceSblSmComm || 0xB639DB03 || SceSblSmCommB639DB03 || event flag
|-
| SceSblSmCommMutex || 0xAB75E2BE || SceSblSmCommAB75E2BE || fast mutex
|-
| SceSblSmCommSema (guessed name) || 0x62970C2D || SceSblSmComm62970c2d || sema (not present on <=1.000.041)
|-
| SceSblSmCommReadBuff || 0x8D26C678 || SceSblSmComm8D26C678 || memblock
|-
| SceSblCmCommBuff || 0x7EB92BED || SceSblSmComm7EB92BED || memblock
|}
[[Category:ARM]]
[[Category:Kernel]]
[[Category:Modules]]
[[Category:Modules]]
[[Category:Kernel]]
[[Category:Library]]

Latest revision as of 15:37, 27 August 2023

SceSblSsSmComm is a kernel module that is primarily responsible for calling Secure Modules functions.

Module

Version World Privilege
0.931.010-3.740.011 Non-secure Kernel

Libraries

Known NIDs

Version Name World Visibility NID
0.931.010-3.740.011 SceSblSmCommForKernel Non-secure Kernel 0xCD3C89B6
0.931.010-1.692.000 SceSblSsSmComm Non-secure User 0xD8DC7847
1.800.071-3.740.011 SceSblSsSmComm Non-secure User not present

Types

/* example of spawner_self_auth_info
char data[0x90] =
{
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // KBL program-authority-id
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00, // KBL capability
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00, // KBL attribute
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, // KBL shared secret
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
}; */

typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931.010-3.740.011
   SceUInt64 program_authority_id;
   uint8_t padding[8];
   uint8_t capability[0x20];
   uint8_t attribute[0x20];
   SceSharedSecret shared_secret; // current hypothesis of SceSharedSecret is full (0x40 bytes) shared_secret overwritten with klicensee at offset 0x10
} SceSelfAuthInfo;

typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931.010-3.740.011 (as its name indicates)
   SceUInt32 unk_0;
   SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
   SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
   SceSelfAuthInfo spawned_self_auth_info; // set by secure_kernel in response SceSblSmCommContext130
   SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
   SceUInt32 unk_0x12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == 1, then set unk_0x12C to 1, else set to 10, ?mistook with media_type?
} SceSblSmCommContext130;

SceSblSmCommForKernel

sceSblSmCommCallFunc_ForKernel

Version NID
0.931.010-1.03 0x4960DF9E
1.692.000-3.740.011 not present

This function is just a 4-argument wrapper for #sceSblSmCommCallFuncForKernel.

typedef struct sceSblSmCommCallFunc_Param {
    void *pData;
    SceSize dataSize;
} sceSblSmCommCallFunc_Param;

int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);

sceSblSmCommStopCommForKernel

Version NID
0.931.010-1.03 0xC35FB95A
1.692.000-3.740.011 not present
int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);

sceSblSmCommStartSmForKernel

Version NID
0.931.010-1.03 0x7863A0CC
1.692.000-1.810.021 not present
2.000.081-3.740.011 0x7863A0CC

Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will suspend the low one.

The following conditions must be met in order for this function to be called successfully: - In kernel thread. - In kernel context.

Calling a function without satisfying the conditions freezes the system.

int sceSblSmCommStartSmForKernel(SceBool priority, const char *sm_self_path, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);

sceSblSmCommStartSm_ForKernel

Version NID
0.931.010-1.800.071 0x992BB9DB
2.000.081-3.740.011 not present
int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);

sceSblSmCommStartSmFromDataForKernel

Version NID
0.931.010-1.800.071 not present
3.600.011-3.740.011 0x039C73B1
int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const void *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);

sceSblSmCommCallFuncForKernel

Version NID
0.931.010-3.740.011 0xDB9FC204
int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);

sceSblSmCommStopSmForKernel

Version NID
0.931.010-3.740.011 0x0631F8ED

This function calls sceSblSmCommCallFuncForKernel with -1 (0xFFFFFFFF) as func_id and then calls sceSblSmSchedProxyWaitForKernel.

int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);

SceSblSsSmComm

This library is present up to and including System Software version 1.692.000, then removed since System Software version 1.800.071 for security reasons.

sceSblSmCommStartSm

Version NID
0.931.010-1.000.041 0x7863A0CC
1.692.000-3.740.011 not present

Alias for #sceSblSmCommStartSmForKernel.

sceSblSmCommCallFunc_

Version NID
0.931.010-1.000.041 0x4960DF9E
1.692.000-3.740.011 not present

Alias for #sceSblSmCommCallFunc_ForKernel.

sceSblSmCommStopComm

Version NID
0.931.010-1.000.041 0xC35FB95A
1.692.000-3.740.011 not present

Alias for #sceSblSmCommStopCommForKernel.

sceSblSmCommStartSm_

Version NID
0.931.010-1.692.000 0x992BB9DB
1.800.071-3.740.011 not present

Alias for #sceSblSmCommStartSm_ForKernel.

sceSblSmCommCallFunc

Version NID
0.931.010-1.692.000 0xDB9FC204
1.800.071-3.740.011 not present

Alias for #sceSblSmCommCallFuncForKernel.

sceSblSmCommStopSm

Version NID
0.931.010-1.692.000 0x0631F8ED
1.800.071-3.740.011 not present

Alias for #sceSblSmCommStopSmForKernel.

Changelog

Between 1.000.041 and 1.692.000 (to precise): many exported functions were removed. These functions were exported both to usermode and to kernel.

Between 1.692.000 and 1.800.071: the usermode library SceSblSsSmComm was removed. It should not have been exported to usermode for two security reasons: firstly SM communication should not be handled by usermode programs, secondly these exported functions were pointing to their kernel equivalent without any check on input addresses.

Between 1.800.071 and 2.500.071 (to precise): sceSblSmCommStartSm_ForKernel was replaced by two functions: sceSblSmCommStartSmForKernel (same name as in 0.931.010) that has the same features and sceSblSmCommStartSmFromDataForKernel that loads a SM from a buffer instead of a file.

Obfuscated names

Since some System Software version between 1.000.041 and 1.692.000 (to precise), the module is compiled with a MACRO that converts some object names to obfuscated names. The algorithm is obfuscated_name = "SceSblSmComm" + hash(real_name) where hash is an unknown function.

Real name Hash of real name Obfuscated name Comments
SceSblSmComm 0xB639DB03 SceSblSmCommB639DB03 event flag
SceSblSmCommMutex 0xAB75E2BE SceSblSmCommAB75E2BE fast mutex
SceSblSmCommSema (guessed name) 0x62970C2D SceSblSmComm62970c2d sema (not present on <=1.000.041)
SceSblSmCommReadBuff 0x8D26C678 SceSblSmComm8D26C678 memblock
SceSblCmCommBuff 0x7EB92BED SceSblSmComm7EB92BED memblock