SceNpDrm: Difference between revisions
Devnoname120 (talk | contribs) (Swapped Module <-> Library, see revision 1.1 under "Revision History" of "Vita SDK specifications" (https://wiki.henkaku.xyz/vita/File:Vita_SDK_specifications.pdf)) |
|||
| Line 1: | Line 1: | ||
== | == Module == | ||
=== Known NIDs === | === Known NIDs === | ||
| Line 9: | Line 9: | ||
|} | |} | ||
== | == Libraries == | ||
=== Known NIDs === | === Known NIDs === | ||
| Line 140: | Line 140: | ||
Search for immediate 0x80870003, there should be two matches. Replace both with "MOV Reg, #0". On 1.60 the locations are 0x810035fe and 0x81004856. | Search for immediate 0x80870003, there should be two matches. Replace both with "MOV Reg, #0". On 1.60 the locations are 0x810035fe and 0x81004856. | ||
[[Category: | [[Category:Modules]] | ||
[[Category:Kernel]] | [[Category:Kernel]] | ||
Revision as of 00:00, 9 November 2016
Module
Known NIDs
| Version | Name | World | Privilege | NID |
|---|---|---|---|---|
| 1.69 | SceNpDrm | Non-secure | Kernel | 0xACCB4845 |
Libraries
Known NIDs
| Version | Name | World | Visibility | NID |
|---|---|---|---|---|
| 1.69 | SceNpDrm | Non-secure | User | 0xF2799B1B |
| 1.69 | SceNpDrmForDriver | Non-secure | Kernel | 0xD84DC44A |
| 1.69 | SceNpDrmPackage | Non-secure | User | 0x88514DB2 |
SceNpDrm
_sceNpDrmCheckDrmReset
| Version | NID |
|---|---|
| 1.69 | 0x4458812B |
_sceNpDrmRemoveActData
| Version | NID |
|---|---|
| 1.69 | 0x507D06A6 |
_sceNpDrmGetRifName
| Version | NID |
|---|---|
| 1.69 | 0xB8C5DA7C |
_sceNpDrmGetRifNameForInstall
| Version | NID |
|---|---|
| 1.69 | 0xD312424D |
_sceNpDrmGetRifInfo
| Version | NID |
|---|---|
| 1.69 | 0xE8343660 |
_sceNpDrmGetFixedRifName
| Version | NID |
|---|---|
| 1.69 | 0xE935B0FC |
_sceNpDrmCheckActData
| Version | NID |
|---|---|
| 1.69 | 0xFEEBCD62 |
SceNpDrmForDriver
SceNpDrmPackage
_sceNpDrmPackageTransform
| Version | NID |
|---|---|
| 1.69 | 0x567DCA1 |
_sceNpDrmPackageInstallFinished
| Version | NID |
|---|---|
| 1.69 | 0x6896EAF2 |
_sceNpDrmPackageCheck
| Version | NID |
|---|---|
| 1.69 | 0xA1D885FA |
sceNpDrmPackageIsGameExist
| Version | NID |
|---|---|
| 1.69 | 0xB9337914 |
_sceNpDrmPackageInstallStarted
| Version | NID |
|---|---|
| 1.69 | 0xCEC18DA4 |
_sceNpDrmPackageDecrypt
| Version | NID |
|---|---|
| 1.69 | 0xD6F05ACC |
sceNpDrmPackageInstallOngoing
| Version | NID |
|---|---|
| 1.69 | 0xED0471FE |
Package integrity checks
Disable hash/signature verification
To find the function responsible for package verification search for immediate 0x7F504B47 ('.PKG'). Inside it does a lot of stuff including determining the function that will do signature checks. Find the condition that looks like if ( (v62 & 7) == 3 ); below you will see the assignment check_func = &off_81009CFC;. To bypass signature checks you need to patch two functions located at this offset and offset+4, making them behave as "return 1" is enough. For reference, on 1.60 the functions are sub_81000310 and sub_81000AA4. sub_81000310 is the only function in this module that calls SceSblGcAuthMgrPkgForDriver_E459A9A8_imp.
Note that on 1.60 this module sometimes is loaded at different addresses between reboots.
Allow debug packages to be installed
Find the function that calls SceSblAIMgrForDriver_D78B04A2; patch it to always return 1. On 1.60 it's at 0x81002d64.
Search for immediate 0x80870003, there should be two matches. Replace both with "MOV Reg, #0". On 1.60 the locations are 0x810035fe and 0x81004856.