Game Card: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
 
(33 intermediate revisions by 3 users not shown)
Line 1: Line 1:
Game card is a standard MMC card. Pinout is different, however it complies with MMC card.
Game card is a standard MMC card. Pinout is different, however it complies with MMC card.
There are two types of gc, one for retail and one for QA.


[[File:Gamecard_pinout.png]]
[[File:Gamecard_pinout.png]]


== Partitions ==
Game card can be accessed with [[SceSdif|SceSdif]] module. It has the following [[Partitions|partitions]]:
{| class="wikitable"
|-
! code !! type !! name !! desc
|-
| 0x9 || exfat || gro0 || Game Card
|-
| 0xD || raw || || Some data
|-
|}


== Card initialization ==
== Card initialization ==
Line 16: Line 31:
== Standard MMC initialization ==
== Standard MMC initialization ==


This step is performed by SceSdif.
This step is performed by [[SceSdif]].


Part1: Card identification (SD, MMC, SDIO)
Part1: Card identification (SD, MMC, SDIO)
Line 39: Line 54:
== Custom CMD56 initialization ==
== Custom CMD56 initialization ==


This step is performed by [[SceSblGcAuthMgr|SceSblGcAuthMgr]].
CMD56 initialization is performed by [[SceSblGcAuthMgr]].


[[SceSblGcAuthMgr|SceSblGcAuthMgr]] uses [[SceSblSsSmComm|SceSblSsSmComm]] API to send [[F00D_Commands#0x1000B|F00D Commands]] to call Kirk services 1B-20.
[[SceSblGcAuthMgr]] uses [[SceSblSsSmComm]] API to call [[Secure_Modules_Functions#0x1000B|gcauthmgr_sm function 0x1000B]] that is a wrapper for Kirk services 0x1B-0x20.
Game card can be accessed with [[SceSdif|device index]] 1


Initialization consists of 20 packets total.
Game card can be accessed with [[SceSdif]] device index 1.
There are 10 request and 10 response packets.
Each packet is sent or received with CMD56.


=== packet 1 ===
Initialization consists of 20 packets total. There are 10 request and 10 response packets. Each packet is sent or received with CMD56.
 
* 78 00 00 00 00 25 - CMD56 (REQUEST)
* 78 00 00 00 01 37 - CMD56 (RESPONSE)
 
<source lang="c">
char key0[0x20] =
{
    0xDD, 0x10, 0x25, 0x44, 0x15, 0x23, 0xFD, 0xC0,
    0xF9, 0xE9, 0x15, 0x26, 0xDC, 0x2A, 0xE0, 0x84,
    0xA9, 0x03, 0xA2, 0x97, 0xD4, 0xBB, 0xF8, 0x52,
    0xD3, 0xD4, 0x94, 0x2C, 0x89, 0x03, 0xCC, 0x77,
};
</source>
 
=== packet 1 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 70: Line 97:
|}
|}


=== packet 2 ===
=== packet 2 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x31 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x13 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x10 || 0x00 || packet 2 data
|-
|-
|}
|}


=== packet 3 ===
=== packet 3 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 100: Line 137:
|}
|}


=== packet 4 ===
=== packet 4 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x23 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x05 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x02 || 0xFF00 || initialization state
|-
|-
|}
|}


=== packet 5 ===
=== packet 5 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 130: Line 177:
|}
|}


=== packet 6 ===
=== packet 6 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x02 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x2B || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x02 || 0xE000 || unknown
|-
| 0x0D|| 0x02 || 0x01 || gc parameter
|-
| 0x0F|| 0x02 || 0x02 || unknown
|-
| 0x11|| 0x02 || 0x03 || unknown
|-
| 0x13|| 0x20 || - || packet 6 data
|-
|-
|}
|}


=== packet 7 ===
=== packet 7 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 164: Line 229:
|}
|}


=== packet 8 ===
=== packet 8 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x03|| response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x23 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x20 || - || packet 8 data
|-
|-
|}
|}


=== packet 9 ===
=== packet 9 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 186: Line 261:
| 0x28|| 0x04 || 0x03 || response size
| 0x28|| 0x04 || 0x03 || response size
|-
|-
| 0x2C|| 0x01 || - || command ? (generated with Kirk 1C)
| 0x2C|| 0x01 || 0xA3 || command ? (generated with Kirk 1C)
|-
|-
| 0x2D|| 0x01 || - || unknown (generated with Kirk 1C)
| 0x2D|| 0x01 || 0x00 || unknown (generated with Kirk 1C)
|-
|-
| 0x2E|| 0x01 || - || additional data size (generated with Kirk 1C)
| 0x2E|| 0x01 || 0x33 || additional data size (generated with Kirk 1C)
|-
|-
| 0x2F|| 0x30 || - || data (generated with Kirk 1C)
| 0x2F|| 0x30 || - || data (generated with Kirk 1C)
Line 196: Line 271:
|}
|}


=== packet 10 ===
=== packet 10 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x05 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x03 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
|-
|}
|}


=== packet 11 ===
=== packet 11 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 226: Line 309:
|}
|}


=== packet 12 ===
=== packet 12 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x23 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x05 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x02 || 0x00 || initialization state
|-
|-
|}
|}


=== packet 13 ===
=== packet 13 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 258: Line 351:
|}
|}


=== packet 14 ===
=== packet 14 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x07 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x43 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x40 || - || packet 14 data
|-
|-
|}
|}


=== packet 15 ===
=== packet 15 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 280: Line 383:
| 0x28|| 0x04 || 0x43 || response size
| 0x28|| 0x04 || 0x43 || response size
|-
|-
| 0x2C|| 0x01 || - || command ? (generated with Kirk 1E)
| 0x2C|| 0x01 || 0xB1 || command ? (generated with Kirk 1E)
|-
|-
| 0x2D|| 0x01 || - || unknown (generated with Kirk 1E)
| 0x2D|| 0x01 || 0x00 || unknown (generated with Kirk 1E)
|-
|-
| 0x2E|| 0x01 || - || additional data size (generated with Kirk 1E)
| 0x2E|| 0x01 || 0x33 || additional data size (generated with Kirk 1E)
|-
|-
| 0x2F|| 0x30 || - || data (generated with Kirk 1E)
| 0x2F|| 0x30 || - || data (generated with Kirk 1E)
Line 290: Line 393:
|}
|}


=== packet 16 ===
=== packet 16 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x11 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x43 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x40 || - || packet 16 data
|-
|-
|}
|}


=== packet 17 ===
=== packet 17 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 312: Line 425:
| 0x28|| 0x04 || 0x43 || response size
| 0x28|| 0x04 || 0x43 || response size
|-
|-
| 0x2C|| 0x01 || - || command ? (generated with Kirk 1E)
| 0x2C|| 0x01 || 0xB1 || command ? (generated with Kirk 1E)
|-
|-
| 0x2D|| 0x01 || - || unknown (generated with Kirk 1E)
| 0x2D|| 0x01 || 0x00 || unknown (generated with Kirk 1E)
|-
|-
| 0x2E|| 0x01 || - || additional data size (generated with Kirk 1E)
| 0x2E|| 0x01 || 0x33 || additional data size (generated with Kirk 1E)
|-
|-
| 0x2F|| 0x30 || - || data (generated with Kirk 1E)
| 0x2F|| 0x30 || - || data (generated with Kirk 1E)
Line 322: Line 435:
|}
|}


=== packet 18 ===
=== packet 18 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x11 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x43 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x40 || - || packet 18 data
|-
|-
|}
|}


=== packet 19 ===
=== packet 19 (cmd56 request)===


{| class="wikitable"
{| class="wikitable"
Line 354: Line 477:
|}
|}


=== packet 20 ===
=== packet 20 (cmd56 response)===


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Value !! Description
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x19 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x53 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x50 || - || packet 20 data
|-
|-
|}
|}

Latest revision as of 17:12, 20 January 2024

Game card is a standard MMC card. Pinout is different, however it complies with MMC card.

There are two types of gc, one for retail and one for QA.

Gamecard pinout.png

Partitions

Game card can be accessed with SceSdif module. It has the following partitions:

code type name desc
0x9 exfat gro0 Game Card
0xD raw Some data

Card initialization

Card initialization consists of two steps:

  • Standard MMC initialization.
  • Custom CMD56 initialization.

CMD56 is a command that is used to transfer vendor specific data from host to card and back to host.

Second step is crucial and is required to be done before host tries to read any data from the card for example with CMD17.

Standard MMC initialization

This step is performed by SceSdif.

Part1: Card identification (SD, MMC, SDIO)

  • 40 00 00 00 00 95 - CMD0 - GO_IDLE_STATE
  • 48 00 00 01 AA 87 - CMD8 - SEND_IF_COND
  • 45 00 00 00 00 5B - CMD5 - IO_SEND_OP_COND
  • 77 00 00 00 00 65 - CMD55 - APP_CMD

Part2: Card initialization

  • 40 00 00 00 00 95 - CMD0 - GO_IDLE_STATE
  • 41 40 FF 80 00 0B - CMD1 - SEND_OP_COND
  • 42 00 00 00 00 4D - CMD2 - ALL_SEND_CID
  • 43 00 01 00 00 7F - CMD3 - SET_RELATIVE_ADDR
  • 49 00 01 00 00 F1 - CMD9 - SEND_CSD
  • 47 00 01 00 00 DD - CMD7 - SELECT_CARD
  • 46 03 AF 01 00 43 - CMD6 - SWITCH (ERASE_GROUP_DEF)
  • 48 00 00 00 00 C3 - CMD8 - SEND_EXT_CSD
  • 50 00 00 02 00 15 - CMD16 - SET_BLOCKLEN
  • 46 03 B9 01 00 2F - CMD6 - SWITCH (HS_TIMING)
  • 46 03 B7 01 00 2D - CMD6 - SWITCH (BUS_WIDTH 4)

Custom CMD56 initialization

CMD56 initialization is performed by SceSblGcAuthMgr.

SceSblGcAuthMgr uses SceSblSsSmComm API to call gcauthmgr_sm function 0x1000B that is a wrapper for Kirk services 0x1B-0x20.

Game card can be accessed with SceSdif device index 1.

Initialization consists of 20 packets total. There are 10 request and 10 response packets. Each packet is sent or received with CMD56.

  • 78 00 00 00 00 25 - CMD56 (REQUEST)
  • 78 00 00 00 01 37 - CMD56 (RESPONSE)
char key0[0x20] =
{
    0xDD, 0x10, 0x25, 0x44, 0x15, 0x23, 0xFD, 0xC0, 
    0xF9, 0xE9, 0x15, 0x26, 0xDC, 0x2A, 0xE0, 0x84,
    0xA9, 0x03, 0xA2, 0x97, 0xD4, 0xBB, 0xF8, 0x52,
    0xD3, 0xD4, 0x94, 0x2C, 0x89, 0x03, 0xCC, 0x77,
};

packet 1 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x31 response code
0x24 0x04 0x03 additional data size
0x28 0x04 0x13 response size
0x2C 0x01 0xC4 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x03 additional data size

packet 2 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x31 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x13 size of response
0x0A 0x01 0x00 error code
0x0B 0x10 0x00 packet 2 data

packet 3 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x23 response code
0x24 0x04 0x03 additional data size
0x28 0x04 0x05 response size
0x2C 0x01 0xC2 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x03 additional data size

packet 4 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x23 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x05 size of response
0x0A 0x01 0x00 error code
0x0B 0x02 0xFF00 initialization state

packet 5 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x02 response code
0x24 0x04 0x03 additional data size
0x28 0x04 0x2B response size
0x2C 0x01 0xA1 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x03 additional data size

packet 6 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x02 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x2B size of response
0x0A 0x01 0x00 error code
0x0B 0x02 0xE000 unknown
0x0D 0x02 0x01 gc parameter
0x0F 0x02 0x02 unknown
0x11 0x02 0x03 unknown
0x13 0x20 - packet 6 data

packet 7 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x03 response code
0x24 0x04 0x15 additional data size
0x28 0x04 0x23 response size
0x2C 0x01 0xA2 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x15 additional data size
0x2F 0x02 0x01 gc parameter (packet 6)
0x31 0x10 - generated chunk (random?)

packet 8 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x03 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x23 size of response
0x0A 0x01 0x00 error code
0x0B 0x20 - packet 8 data

packet 9 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x05 response code
0x24 0x04 0x33 additional data size
0x28 0x04 0x03 response size
0x2C 0x01 0xA3 command ? (generated with Kirk 1C)
0x2D 0x01 0x00 unknown (generated with Kirk 1C)
0x2E 0x01 0x33 additional data size (generated with Kirk 1C)
0x2F 0x30 - data (generated with Kirk 1C)

packet 10 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x05 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x03 size of response
0x0A 0x01 0x00 error code

packet 11 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x23 response code
0x24 0x04 0x03 additional data size
0x28 0x04 0x05 response size
0x2C 0x01 0xC2 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x03 additional data size

packet 12 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x23 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x05 size of response
0x0A 0x01 0x00 error code
0x0B 0x02 0x00 initialization state

packet 13 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x07 response code
0x24 0x04 0x13 additional data size
0x28 0x04 0x43 response size
0x2C 0x01 0xA4 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x13 additional data size
0x2F 0x10 - generated chunk (random?)

packet 14 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x07 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x43 size of response
0x0A 0x01 0x00 error code
0x0B 0x40 - packet 14 data

packet 15 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x11 response code
0x24 0x04 0x33 additional data size
0x28 0x04 0x43 response size
0x2C 0x01 0xB1 command ? (generated with Kirk 1E)
0x2D 0x01 0x00 unknown (generated with Kirk 1E)
0x2E 0x01 0x33 additional data size (generated with Kirk 1E)
0x2F 0x30 - data (generated with Kirk 1E)

packet 16 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x11 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x43 size of response
0x0A 0x01 0x00 error code
0x0B 0x40 - packet 16 data

packet 17 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x11 response code
0x24 0x04 0x33 additional data size
0x28 0x04 0x43 response size
0x2C 0x01 0xB1 command ? (generated with Kirk 1E)
0x2D 0x01 0x00 unknown (generated with Kirk 1E)
0x2E 0x01 0x33 additional data size (generated with Kirk 1E)
0x2F 0x30 - data (generated with Kirk 1E)

packet 18 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x11 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x43 size of response
0x0A 0x01 0x00 error code
0x0B 0x40 - packet 18 data

packet 19 (cmd56 request)

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x19 response code
0x24 0x04 0x13 additional data size
0x28 0x04 0x53 response size
0x2C 0x01 0xC1 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x13 additional data size
0x2F 0x10 - generated chunk (random?)

packet 20 (cmd56 response)

Offset Size Value Description
0x00 0x04 0x19 response code
0x04 0x04 0x00 unknown
0x08 0x02 0x53 size of response
0x0A 0x01 0x00 error code
0x0B 0x50 - packet 20 data