SceSblPostSsMgr: Difference between revisions
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) |
||
Line 556: | Line 556: | ||
== SceSblFwLoaderForDriver == | == SceSblFwLoaderForDriver == | ||
This library was moved to [[SceSblFwLoader#SceSblFwLoaderForDriver]] on FW | This library was moved to [[SceSblFwLoader#SceSblFwLoaderForDriver]] on FW 1.800.071. | ||
== SceSblPmMgr == | == SceSblPmMgr == |
Revision as of 00:40, 14 January 2023
Module
Version | World | Privilege |
---|---|---|
3.60 | Non-secure | Kernel |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.03-3.60 | SceSblPostSsMgrForDriver | Non-secure | Kernel | 0x2254E1B2 |
0.990-1.692 | SceZlibForDriver | Non-secure | Kernel | not present. Was present in SceSysmem#SceZlibForDriver. |
1.80-3.60 | SceZlibForDriver | Non-secure | Kernel | 0xE241534E |
0.990 | SceSblFwLoaderForDriver | Non-secure | Kernel | not present. Was present in SceSblFwLoader#SceSblFwLoaderForDriver. |
3.60 | SceSblFwLoaderForDriver | Non-secure | Kernel | 0x6FE424E4 |
1.03-3.60 | SceSblPmMgr | Non-secure | User | 0xA9CE5795 |
1.03-3.60 | SceSblRtcMgr | Non-secure | User | 0x44C5F209 |
1.03-3.60 | SceSblLicMgr | Non-secure | User | 0x62083C72 |
1.03-3.60 | SceSblUtMgr | Non-secure | User | 0x000DF81A |
1.03 | SceSblSpsfoMgr | Non-secure | User | 0x7959298B |
Types
typedef struct spsfo_ctx { SceUID mem_uid; // SceSblSpsfoMgr void* mem_block_base; uint32_t unk_8; } spsfo_ctx; typedef struct SceUtoken { // size is 0x800 char unk_data[0x800]; } SceUtoken; typedef struct SceUtokenDecrypted { // size is 0x58 SceUInt64 program_authority_id; SceSelfCapability capability; SceSelfAttribute attribute; // the important utoken flags are at &attribute+8 SceUInt8 shared_secret_0[0x10]; } SceUtokenDecrypted;
Not exported
module_start
Calls 2 subroutines:
- init_qaftoken
- init_utoken
init utoken
Reads tm0:utoken.dat.
Calls utoken_sm.self service 2 to decrypt SceUtoken buffer. The output is a 0x58 bytes buffer.
SceSblPostSsMgrForDriver
sceSblSpsfoMgrOpenForDriver
Version | NID |
---|---|
3.60 | 0xBDF18922 |
int sceSblSpsfoMgrOpenForDriver(const char *path, spsfo_ctx *result);
sceSblSpsfoMgrVerifyForDriver
Version | NID |
---|---|
3.60 | 0x686B9461 |
Derived from _vshSblAuthMgrVerifySpsfo.
int sceSblSpsfoMgrVerifyForDriver(spsfo_ctx *ctx, int *res, int *size);
sceSblSpsfoMgrCloseForDriver
Version | NID |
---|---|
3.60 | 0xAD3B0078 |
int sceSblSpsfoMgrCloseForDriver(spsfo_ctx *ctx);
sceSblLicMgrGetActivationKeyForDriver
Version | NID |
---|---|
3.60 | 0xF7F1015B |
typedef struct activation_key // size is 0x14 { char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver uint32_t vadd_hash; // result of vector add operation applied to open_psid } activation_key; int sceSblLicMgrGetActivationKeyForDriver(activation_key* key);
sceSblLicMgrActivateDevkitForDriver
Version | NID |
---|---|
0.990-3.60 | 0x0298382B |
int sceSblLicMgrActivateDevkitForDriver(char *afv_path);
sceSblLicMgrGetLicenseStatusForDriver
Version | NID |
---|---|
3.60 | 0x15F37282 |
// Return value: -1 = not initialized, 0 = activated, 1 = expired, 2 = RTC backup battery failure int sceSblLicMgrGetLicenseStatusForDriver(void);
sceSblLicMgrGetExpireDateForDriver
Version | NID |
---|---|
1.03-3.60 | 0x4FF2682F |
Get activation data expire date.
If sceSblAIMgrIsToolDVT1ForDriver, 30/10/2011 8:00:00.
If sceSblAIMgrIsToolRev4ForDriver or TEST, expire_date = 0xFFFFFFFF.
If sceSblAIMgrIsToolDVT2ForDriver, 30/6/2012 8:00:00.
If sceSblAIMgrIsDEXForDriver and product_sub_code = 0xA, 0xB or 0xC, 31/3/2012 14:59:00.
// If read_from_nvs is false, it reads expire_date from SceSblPostSsMgr memory, else it reads NVS and queries act_sm. int sceSblLicMgrGetExpireDateForDriver(int *expire_date, SceBool read_from_nvs);
sceSblPmMgrSetProductModeForDriver
Version | NID |
---|---|
0.990-3.60 | 0xADF92824 |
Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA.
- If enable = 0, it calls pm_set(5). The console exits Manufacturing Mode.
- If enable = 1, it calls pm_set(4). That console enters Manufacturing Mode.
int sceSblPmMgrSetProductModeForDriver(SceBool enable);
sceSblPmMgrSetSdModeOffForDriver
Version | NID |
---|---|
1.03-3.60 | 0xFE92A318 |
Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA.
If productMode != 0 (normal mode), it calls pm_set(7, use_new_ernie_protocol).
int sceSblPmMgrSetSdModeOffForDriver(SceUInt32 productMode);
sceSblPmMgrGetProductModeFromNVSForDriver
Version | NID |
---|---|
0.990-3.60 | 0x4663C195 |
Executes pm_sm.self command 1.
int sceSblPmMgrGetProductModeFromNVSForDriver(SceUInt8 *pProductMode);
sceSblPmMgrAuthEtoIForDriver
Version | NID |
---|---|
0.990-3.60 | 0x19B63D65 |
Returns jig_auth(12). Returns an integer on success.
jig_auth:
- On 0.990: executes pm_sm_sd.self commands 3 (gen_req_hello), 4 (gen_challenge), 5 (check_response), 6 (gen_req_result), 7 (check_result).
- On 1.03-3.60: executes pm_sm_sd.self commands 9, 0xA.
int sceSblPmMgrAuthEtoIForDriver(void);
sceSblPostSsMgrDecryptSealedkeyForDriver
Version | NID |
---|---|
3.60 | 0x33275F95 |
data
is 0x50 bytes of data from sealedkey
this function:
verifies pfsSKKey header
decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver
verifies hmac256 value in HMAC Value
decrypts Encrypted key
into dst_secret
//data - size 0x50 //dst_secret - size 0x10 int sceSblPostSsMgrDecryptSealedkeyForDriver(char* data, char* dst_secret);
sceSblPostSsMgrEncryptSealedkeyForDriver
Version | NID |
---|---|
3.60 | 0x08525D8D |
data
is 0x50 bytes of data like in sealedkey
this function:
writes pfsSKKey header
decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver
randomly generates 0x10 bytes of IV with sceSblRngPseudoRandomNumberForDriver
randomly generates 0x10 bytes of secret with sceSblRngPseudoRandomNumberForDriver
encrypts the secret into Encrypted key
calculates hmac256 value into HMAC Value
// dest_data - size 0x50 int sceSblPostSsMgrEncryptSealedkeyForDriver (char* dest_data);
sceSblPostSsMgrVerifyKeystoneForDriver
Version | NID |
---|---|
3.60 | 0xDDA6FA6D |
This function verifies magic in the header and HMAC of the keystone file
int sceSblPostSsMgrVerifyKeystoneForDriver(char* data, int version);
sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver
Version | NID |
---|---|
3.60 | 0xF86F1452 |
This function calls sceSblPostSsMgrVerifyKeystoneForDriver. Then also verifies HMAC of passcode.
int sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver(char* keystone_data, char* passcode);
sceSblPostSsMgrDebugEncryptKeystoneForDriver
Version | NID |
---|---|
3.60 | 0x42474C8B |
int sceSblPostSsMgrDebugEncryptKeystoneForDriver(char* src_secret, char* dest_data);
sceSblPostSsMgrDebugDecryptKeystoneForDriver
Version | NID |
---|---|
3.60 | 0xCC5AA5A5 |
int sceSblPostSsMgrDebugDecryptKeystoneForDriver(char* keystone_data, char* dst_secret);
sceSblPostSsMgrGenerateAppKeyForDriver
Version | NID |
---|---|
3.60 | 0x2646DE64 |
int sceSblPostSsMgrGenerateAppKeyForDriver(void *in, void *out);
sceSblUtMgrIsAllowComTestForDriver
Version | NID |
---|---|
1.03-3.60 | 0x128FB35A |
Temp name was sceSblUtMgrIsUtokenProgramForDriver.
pseudo-code:
SceBool sceSblUtMgrIsAllowComTestForDriver(SceUID pid) { SceBool ret; SceUInt32 stack_cookie; SceUInt32 ret2; SceUInt32 paid[2]; if (g_has_com_test_flag == 0 || sceSblACMgrGetPaidForKernel(pid, &paid) != 0) ret = false; else ret = g_ut_paid_hi == paid[1] && g_ut_paid_low == paid[0]; if (stack_cookie != 0) __stack_chk_fail(); return ret; }
SceBool sceSblUtMgrIsAllowComTestForDriver(SceUID pid);
sceSblUtMgrUpdateUtokenForDriver
Version | NID |
---|---|
1.03-3.60 | 0xC2E58CE3 |
Executes utoken_sm command 1 to verify buffer, then writes the 0x800 bytes buffer to tm0:utoken/utoken.dat.
// size = 0x800 int sceSblUtMgrExecuteUtokenSmCommand1ForDriver(char* buf, SceSize size);
sceSblUtMgrResetUtokenFileForDriver
Version | NID |
---|---|
3.60 | 0x1FF699DD |
Writes blank 0x800 bytes to tm0:utoken/utoken.dat or removes it.
Exported to usermode by sceSblUtMgrResetUtokenFile.
int sceSblUtMgrResetUtokenFileForDriver(void);
sceSblUtMgrHasComTestFlagForDriver
Version | NID |
---|---|
1.03-3.60 | 0x7ACCAA50 |
Derived from vshSblUtMgrHasComTestFlag.
int sceSblUtMgrHasComTestFlagForDriver(void);
sceSblUtMgrHasStoreFlagForDriver
Version | NID |
---|---|
1.03-3.60 | 0x9D2E2D39 |
Derived from vshSblUtMgrHasStoreFlag.
int sceSblUtMgrHasStoreFlagForDriver(void);
sceSblUtMgrHasNpTestFlagForDriver
Version | NID |
---|---|
1.03-3.60 | 0x9FD835B0 |
Derived from vshSblUtMgrHasNpTestFlag.
int sceSblUtMgrHasNpTestFlagForDriver(void);
sceSblUtMgrHasUNK1FlagForDriver
Version | NID |
---|---|
1.03-3.60 | 0x22599675 |
int sceSblUtMgrHasUNK1FlagForDriver(void);
sceSblUtMgrHasUNK2FlagForDriver
Version | NID |
---|---|
1.03-3.60 | 0x9B49C249 |
int sceSblUtMgrHasUNK2FlagForDriver(void);
sceSblUtMgrHasUNK3FlagForDriver
Version | NID |
---|---|
1.03-3.60 | 0x1923D80D |
int sceSblUtMgrHasUNK3FlagForDriver(void);
sceSblUtMgrHasUNK4FlagForDriver
Version | NID |
---|---|
3.60 | 0xC93C0A0D |
int sceSblUtMgrHasUNK4FlagForDriver(void);
sceSblUtMgrGetTrilithiumBufferForDriver
Version | NID |
---|---|
3.60 | 0xABDD68CD |
int sceSblUtMgrGetTrilithiumBufferForDriver(SceUtokenDecrypted *buffer);
sceSblRtcMgrSetCpRtcForDriver
Version | NID |
---|---|
3.60 | 0x3F9BDEDF |
Set RTC in DevKit CP.
int sceSblRtcMgrSetCpRtcForDriver(int rtc);
sceSblRtcMgrGetCpRtcPhysicalForDriver
Version | NID |
---|---|
1.03-3.60 | 0x942010A0 |
int sceSblRtcMgrGetCpRtcPhysicalForDriver(int *rtc);
sceSblRtcMgrGetCpRtcLogicalForDriver
Version | NID |
---|---|
1.03-3.60 | 0xDE5150FE |
int sceSblRtcMgrGetCpRtcLogicalForDriver(int *rtc);
SceSblPostSsMgrForDriver_D8A2D465
Version | NID |
---|---|
3.60 | 0xD8A2D465 |
Related to Activation file.
Returns true if a1 and a2 are identical to some values in memory.
SceBool SceSblPostSsMgrForDriver_D8A2D465(int a1, int a2);
SceSblPostSsMgrForDriver_2C463AF1
Version | NID |
---|---|
3.60 | 0x2C463AF1 |
Used just before SceSblPostSsMgrForDriver_CB5436BD.
int SceSblPostSsMgrForDriver_2C463AF1(int maybe_keyset, SceSize size, void *buf);
SceSblPostSsMgrForDriver_CB5436BD
Version | NID |
---|---|
3.60 | 0xCB5436BD |
Transforms? coredump key.
int SceSblPostSsMgrForDriver_CB5436BD(int maybe_keyset, SceSize size, void *buf);
SceZlibForDriver
This library was moved from SceSysmem#SceZlibForDriver on FW 1.80.
SceSblFwLoaderForDriver
This library was moved to SceSblFwLoader#SceSblFwLoaderForDriver on FW 1.800.071.
SceSblPmMgr
sceSblPmMgrSetProductModeOffForUser
Version | NID |
---|---|
3.60 | 0x41FE8A37 |
Calls sceSblPmMgrSetProductModeForDriver(0).
int sceSblPmMgrSetProductModeOffForUser(void);
sceSblPmMgrGetProductModeForUser
Version | NID |
---|---|
3.60 | 0x46EA9FDB |
Returns 0 on success.
Gets KBL Param using sceKernelSysrootGetKblParamForKernel.
result = ((int *)(pKblParam->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag
int sceSblPmMgrGetProductModeForUser(int* result);
sceSblPmMgrGetProductModeFromNVS
Version | NID |
---|---|
3.60 | 0x49CE0DDF |
Calls sceSblPmMgrGetProductModeFromNVSForDriver.
sceSblPmMgrAuthEtoI
Version | NID |
---|---|
0.990-3.60 | 0xBD38B141 |
Calls sceSblPmMgrAuthEtoIForDriver().
Returns an integer on success.
int sceSblPmMgrAuthEtoI(void);
sceSblPmMgrGetCurrentMode
Version | NID |
---|---|
3.60 | 0xDA4EDEBF |
Returns 0 on success.
Gets KBL Param using sceKernelSysrootGetKblParamForKernel.
result = ((int *)(pKblParam->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag
int sceSblPmMgrGetCurrentMode(int* result);
SceSblRtcMgr
sceSblRtcMgrGetCpRtcPhysicalForUser
Version | NID |
---|---|
3.60 | 0x1614302B |
sceSblRtcMgrSetCpActivationKey
Version | NID |
---|---|
3.60 | 0x298AE544 |
sceSblRtcMgrSetCpRtcPhysicalAndKey
Version | NID |
---|---|
3.60 | 0x3C0EEC69 |
sceSblRtcMgrSetCpRtcLogical
Version | NID |
---|---|
3.60 | 0x9DFB118B |
sceSblRtcMgrSetCpRtcPhysicalForUser
Version | NID |
---|---|
3.60 | 0xA990BC44 |
sceSblRtcMgrGetCpRtcLogical
Version | NID |
---|---|
3.60 | 0xDD44D726 |
sceSblRtcMgrGetCpSerialId
Version | NID |
---|---|
3.60 | 0xE162A827 |
Calls sceDeci4pCpupGetCpSerialIdForDriver.
SceSblLicMgr
Functions related to afv file.
sceSblLicMgrGetIssueNo
Version | NID |
---|---|
3.60 | 0x0E0691A1 |
// if request_data_flag is 0 then some cached value is used // if request_data_flag is 1 then data is requested from syscon int sceSblLicMgrGetIssueNo(int *issue_number, int request_data_flag);
sceSblLicMgrGetLicenseStatus
Version | NID |
---|---|
3.60 | 0x0EA6A30C |
int sceSblLicMgrGetLicenseStatus();
sceSblLicMgrGetActivationKey
Version | NID |
---|---|
3.60 | 0x2A437187 |
typedef struct activation_key // size is 0x14 { char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver uint32_t vadd_hash; // result of vector add operation applied to openPSID } activation_key; int sceSblLicMgrGetActivationKey(activation_key* key);
sceSblLicMgrActivateFromFs
Version | NID |
---|---|
3.60 | 0x6E56EA0A |
Activates from ux0:/data/activate/.
int sceSblLicMgrActivateFromFs(void);
sceSblLicMgrGetUsageTimeLimit
Version | NID |
---|---|
3.60 | 0x774EBBA2 |
/* * sceSblLicMgrGetUsageTimeLimit: * 0x800f1326: * DEX: "This testing kit is not activated." * Tool: "This development kit is not activated." * 0x800f1329: * "The backup battery has failed." * 0x80251002: * "Cannot check expiration date. Please set date via Internet." * 0: * Time_is_0: * DEX: "This Testing Kit is expired. See DevKit/TestKit Activation User\'s Guide." * Tool: "This Development Kit is expired. See DevKit/TestKit Activation User\'s Guide." * else: * DEX: "This testing kit expires in %2d day +%02d:%02d:%02d" * Tool: "This development kit expires in %2d day +%02d:%02d:%02d" * * + "This testing kit expires in %2d day\n+%02d:%02d:%02d." * + "This development kit expires in %2d day\n+%02d:%02d:%02d." */ int sceSblLicMgrGetUsageTimeLimit(SceUInt32 *time_limit);
Uses sceSblSsMgrGetQAFlagsForKernel.
sceSblLicMgrClearActivationData
Version | NID |
---|---|
3.60 | 0x9B749D1D |
int sceSblLicMgrClearActivationData();
sceSblLicMgrGetExpireDate
Version | NID |
---|---|
0.940-3.60 | 0xE9FA0FE5 |
// if request_data_flag is 0 then some cached value is used // if request_data_flag is 1 then data is requested from syscon int sceSblLicMgrGetExpireDate(int *expire_date, int request_data_flag);
sceSblLicMgrActivateDevkit
Version | NID |
---|---|
3.60 | 0xEB21DD39 |
// afv_path is of size 0x100 int sceSblLicMgrActivateDevkit(char* afv_path);
SceSblUtMgr
sceSblUtMgrUpdateUtoken
Version | NID |
---|---|
3.60 | 0xBDE74645 |
Calls sceSblUtMgrUpdateUtokenForDriver(buf, 0x800);.
// size = 0x800 int sceSblUtMgrUpdateUtoken(char* buf, SceSize size);
sceSblUtMgrReadUtoken
Version | NID |
---|---|
3.60 | 0xD2836E0D |
// size = 0x800 int sceSblUtMgrReadUtoken(char *buf, int SceSize size);
sceSblUtMgrResetUtokenFile
Version | NID |
---|---|
3.60 | 0x1CD57182 |
Calls sceSblUtMgrResetUtokenFileForDriver.
int sceSblUtMgrResetUtokenFile(void);
sceSblUtMgrGetCurrentSecureTick
Version | NID |
---|---|
3.60 | 0xCFCB1355 |
Calls sceRtcGetCurrentSecureTickForDriver then uses sceKernelMemcpyKernelToUserForDriver.
int sceSblUtMgrGetCurrentSecureTick(int* secure_tick);
sceSblUtMgrGetUtName
Version | NID |
---|---|
3.60 | 0x04CA1311 |
// name: buffer that will embed Utoken name if User Token for this app is valid // size: max size is 0x18 int sceSblUtMgrGetUtName(char *name, SceSize size);
SceSblSpsfoMgr
sceSblSpsfoMgrOpen
Version | NID |
---|---|
1.03 | 0x64B45B53 |
int sceSblSpsfoMgrOpen(char *path, spsfo_ctx *result);
sceSblSpsfoMgrVerify
Version | NID |
---|---|
1.03 | 0x517CAF25 |
int sceSblSpsfoMgrVerify(spsfo_ctx *ctx, int *res, int *size);
sceSblSpsfoMgrClose
Version | NID |
---|---|
1.03 | 0x3533B542 |
int sceSblSpsfoMgrClose(spsfo_ctx *ctx);