SceMsif: Difference between revisions
Jump to navigation
Jump to search
(→Types) |
(→Types) |
||
Line 129: | Line 129: | ||
SceInt64 wide_time; //0x208 - some time set in different functions | SceInt64 wide_time; //0x208 - some time set in different functions | ||
void* | void* SceMsif_memblock_0x18000_paddr; // 0x210 - physical address of SceMsif_memblock_0x18000 | ||
uint32_t unk_214; | uint32_t unk_214; |
Revision as of 15:29, 12 August 2017
Module
Known NIDs
Version | Name | World | Privilege | NID |
---|---|---|---|---|
1.69 | SceMsif | Non-secure | Kernel | 0xFA979E8E |
3.60 | SceMsif | ? | Kernel | 0x3305A0FE |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69 | SceMsifForDriver | Non-secure | Kernel | 0xB706084A |
3.60 | SceMsifForDriver | ? | Kernel | 0xB706084A |
Types
struct f1_args { void *subctx_paddr; int unk_4; int unk_8; }f1_args; typedef struct SceMsif_fptr_table { int (*fun_1)(SceMsif_subctx *subctx, int num, int mode, f1_args *args); int (*read_sectors)(SceMsif_subctx *subctx, int sector, int nSectors, void *buffer); int (*write_sectors)(SceMsif_subctx *subctx, int sector, int nSectors, void *buffer); int (*get_card_string)(SceMsif_subctx *subctx, void *dst_30); int (*fun_5)(SceMsif_subctx *subctx, int unk1); int (*fun_6)(SceMsif_subctx *subctx, int device_init_flag); int (*msif_sbl_auth)(SceMsif_subctx *subctx, int num); int (*fun_8)(SceMsif_subctx *subctx); int (*fun_9)(SceMsif_subctx *subctx); int (*fun_10)(SceMsif_subctx *subctx); int (*fun_11)(SceMsif_subctx *subctx); } SceMsif_fptr_table; typedef struct msif_init_ctx //size is unknown { uint32_t index; // 0x0 some index or number 0, 1, 2, 3, 4, 5 //... SceMsif_subctx* sub_ctx; // 0x38 //... }msif_init_ctx; //this structure should be located at SceMsif_memblock1_base + 0x30 //so it is mapped to 0xE0900000 typedef struct SceMsifRegs_30 // size is unknown { uint32_t unk_0; uint32_t unk_4; uint32_t evid_bits_8; //... } SceMsifRegs_30; typedef struct SceMsif_subctx // size is probably 0xC40 { uint32_t unk_0; //.... SceMsifRegs_30* unk_C00; //.... uint32_t unk_C10; //bits //.... }SceMsif_subctx; typedef struct SceMsif_ctx //size is 0x440 { void* SceMsif_regs_vaddr; // 0x0 SceUID SceMsif_regs_uid; // 0x4 - size 0x1000 - mapped to 0xE0900000 uint32_t unk_8; // = 0 SceUID SceMsif_evid; // 0xC fast_mutex SceMsif_fast_mutex; //0x10 - size is 0x40 SceUID SceMsif_memblock_0x18000_id; // 0x50 uint32_t unk_54; uint32_t intr_mutex; // 0x58 = 0 - used for suspend resume intr uint8_t unk_5C; uint8_t slow_mode_state; //5D = 0/1 uint8_t system_time_0; // timewide byte uint8_t system_time_1; // timewide byte void* range_60; //some range that is invalidated uint32_t range_len_64; //length of the range uint32_t size_180; // 0x68 - size of data in unk_180 buffer uint32_t size_1C0; // 0x6C - size of data in unk_1C0 buffer void* unk180_paddr; // 0x70 - physical address of unk_180 void* unk_1C0_paddr; // 0x74 - physical address of unk_1C0 void* SceMsif_memblock_0x18000_vaddr; // 0x78 - size 0x18000 (0xC0 sectors of size 0x200) SceMsif_subctx* subctx; // 0x7C offset (840) addr_pair paddr_list_80[4]; uint8_t unk_A0[0xE0]; uint8_t unk_180[0x40]; // probably some buffer for accessing device. size confirmed. uint8_t unk_1C0[0x40]; // probably some buffer for accessing device. size confirmed. SceInt64 wide_time_intr_SceMsifSmshc; //0x200 - set in SceMsifSmshc interrupt handler SceInt64 wide_time; //0x208 - some time set in different functions void* SceMsif_memblock_0x18000_paddr; // 0x210 - physical address of SceMsif_memblock_0x18000 uint32_t unk_214; uint8_t sector_buffer[0x200]; // 0x218 - read buffer of size 0x200 - used to read MBR and execute other single sector read ops uint32_t unk_418; uint32_t unk_41C; uint32_t unk_420; uint32_t unk_424; SceUID SceMsifSleepCtrl_evid; // 428 SceUID SceMsifSleepCtrl_thid; // 42C - thread id uint32_t suspend_resume_curr_state; // 0x430 = 0 uint32_t suspend_resume_prev_state; // 0x434 = 0 uint32_t unk_438; uint32_t unk_43C; }SceMsif_ctx;
Data segment layout
Address | Size | Description |
---|---|---|
0x0000 | 0x4 | SceMsif_subctx* - pointer to offset 840 |
0x0004 | 0x4 | pointer to data at offset 0x18 |
0x0008 | 0x4 | unknown |
0x000C | 0x4 | unknown |
0x0010 | 0x4 | pointer to table SceMsif_fptr_table of 11 function pointers |
0x0014 | 0x4 | unknown |
0x0018 | 0x828 | unknown |
0x0840 | 0xC40 | SceMsif_subctx data |
0x1480 | 0x440 | SceMsif_ctx |
0x18C0 | 0x4 | SceMsif suspend callback id |
0x18C4 | 0x4 | unknown |
0x18C8 | 0x8 | UInt64 wide time |
0x18D0 | 0x8 | UInt64 probably time in ms |
0x18D8 | 0xE0 | decrypted data - array of 8 elements of size 0x1C (0x1C is probably size of sha224) |
0x19B8 | 0x4 | flag that shows that static sha224 table is decrypted |
0x19BC | 0x4 | F00D comm id (obtained with sceSblSmCommStartSm) |
SceMsifForDriver
module_start
Version | NID |
---|---|
3.60 | 0x935cd196 |
int module_start();
read_sector
Version | NID |
---|---|
3.60 | 0x58654AA3 |
int ms_read_sector(int sector, char* buffer, int nSectors);
write_sector
Version | NID |
---|---|
3.60 | 0x329035EF |
int ms_write_sector(int sector, char* buffer, int nSectors);
enable_slow_mode
Version | NID |
---|---|
3.60 | 0x4B751CE6 |
int ms_enable_slow_mode();
disable_slow_mode
Version | NID |
---|---|
3.60 | 0x75848756 |
int ms_disable_slow_mode();
get_slow_mode_state
Version | NID |
---|---|
3.60 | 0x491E25B5 |
int ms_get_slow_mode_state();
init1
Version | NID |
---|---|
3.60 | 0x4EA579EF |
part of functionality is same as get_sha224_digest_source
int ms_init1();
init2
Version | NID |
---|---|
3.60 | 0xD0307849 |
int ms_init2(msif_init_ctx* ctx);
init_mbr
Version | NID |
---|---|
3.60 | 0xF997286B |
int init_mbr();
get_time_from_SceMsifSmshc
Version | NID |
---|---|
3.60 | 0x855E1E38 |
returns wide time difference from last SceMsifSmshc interrupt
SceInt64 get_time_from_SceMsifSmshc();
ms_unk
Version | NID |
---|---|
3.60 | 0x0f86BEEA |
function writes some data to the memory card.
data is taken from memblock2
int ms_unk(int sector, int nSectors);
ms_unk
Version | NID |
---|---|
3.60 | 0x6EDE7DBA |
//flag is from sd_stor_device int ms_unk(int device_init_flag);
get_sha224_digest_source
Version | NID |
---|---|
3.60 | 0x718BDFDE |
gets data that is used to calculate sha224 digest
this digest is used to verify static table of sha224 digests
that is decrypted internally using keys that are derived from dec_aes_key_msif
this function is also used in SceMagicGate
//sha224_ds is of size 0x10 int get_sha224_digest_source(char* sha224_ds);