SceSblGcAuthMgr: Difference between revisions
No edit summary |
|||
| Line 53: | Line 53: | ||
== Data segment layout == | == Data segment layout == | ||
{| class="wikitable" | |||
|- | |||
! Address !! Size !! Description | |||
|- | |||
| 0x0000 || 0x5D04 || - | |||
|} | |||
== SceSblGcAuthMgrDrmBBForDriver == | == SceSblGcAuthMgrDrmBBForDriver == | ||
Revision as of 23:22, 6 June 2017
Module
Known NIDs
| Version | Name | World | Privilege | NID |
|---|---|---|---|---|
| 1.69 | SceSblGcAuthMgr | Non-secure | Kernel | 0x4B777EBC |
| 3.60 | SceSblGcAuthMgr | ? | Kernel | 0xDB1A9016 |
Libraries
Known NIDs
| Version | Name | World | Visibility | NID |
|---|---|---|---|---|
| 1.69 | SceSblGcAuthMgrDrmBBForDriver | Non-secure | Kernel | 0x1926B182 |
| 3.60 | SceSblGcAuthMgrDrmBBForDriver | ? | Kernel | 0x1926B182 |
| 1.69 | SceSblGcAuthMgrPcactForDriver | Non-secure | Kernel | 0xB8600A5 |
| 1.69 | SceSblGcAuthMgrMlnpsnlForDriver | Non-secure | Kernel | 0x29ED0109 |
| 3.60 | SceSblGcAuthMgrMlnpsnlForDriver | ? | Kernel | 0x29ED0109 |
| 1.69 | SceSblGcAuthMgrAdhocBBForDriver | Non-secure | Kernel | 0x2EFA9203 |
| 1.69 | SceSblGcAuthMgrPkgForDriver | Non-secure | Kernel | 0x82FBA7D |
| 3.60 | SceSblGcAuthMgrPkgForDriver | ? | Kernel | 0x082FBA7D |
| 1.69 | SceSblGcAuthMgrSclkForDriver | Non-secure | Kernel | 0xF24F760D |
| 3.60 | SceSblGcAuthMgrSclkForDriver | ? | Kernel | 0xF24F760D |
| 1.69 | SceSblGcAuthMgrGcAuthForDriver | Non-secure | Kernel | 0xC6627F5E |
| 3.60 | SceSblGcAuthMgrGcAuthForDriver | ? | Kernel | 0xC6627F5E |
| 1.69 | SceSblGcAuthMgr | Non-secure | User | 0x7B13BCF7 |
| 3.60 | SceSblGcAuthMgr | ? | ? | 0x7B13BCF7 |
| 3.60 | SceSblGcAuthMgrPsmactForDriver | ? | Kernel | 0x1C53F37D |
| 3.60 | SceSblGcAuthMgrMsSaveBBForDriver | ? | Kernel | 0x5032E8D4 |
Data segment layout
| Address | Size | Description |
|---|---|---|
| 0x0000 | 0x5D04 | - |
SceSblGcAuthMgrDrmBBForDriver
verify_checksum
| Version | NID |
|---|---|
| 3.60 | 0x22FD5D23 |
This function verifies that last responce from the card (cmd56) is valid
For example it is called from sceAppMgrGameDataMount
int verify_checksum(char* in_data);
Here is reversed code:
char resp_buffer[0x14]; //static buffer with response data
int verify_checksum(char* in_data)
{
char* ib = in_data;
char* rb = resp_buffer;
char* rbe = rb + 0x14;
int crc = 0;
while(rb != rbe)
{
crc = crc | ((*ib) ^ (*rb));
rb++;
ib++;
}
if(crc == 0)
return 0;
else
return 0x808A040A;
}
This is a timing safe memcmp. Xyz (talk) 10:02, 1 May 2017 (UTC)
clear_sensitive_data
| Version | NID |
|---|---|
| 3.60 | 0x812B2B5C |
Clears some sensitive data.
Called after verify_checksum
int clear_sensitive_data(int* value);
clear_sensitive_data
| Version | NID |
|---|---|
| 3.60 | 0xBB451E83 |
Clears sensitive data that is left after cmd56 custom initialization.
This includes data generated by Kirk services 0x1C, 0x1F, 0x20 and packet6.
Called after initialize_sd_device
int clear_sensitive_data();
SceSblGcAuthMgrPcactForDriver
SceSblGcAuthMgrMlnpsnlForDriver
SceSblGcAuthMgrAdhocBBForDriver
SceSblGcAuthMgrPkgForDriver
SceSblGcAuthMgrSclkForDriver
SceSblGcAuthMgrGcAuthForDriver
initialize_sd_device
| Version | NID |
|---|---|
| 3.60 | 0x68781760 |
This is a wrapper function that starts initialization subroutine through run_execlusive
int initialize_sd_device(int sd_ctx_index);
SceSblGcAuthMgr
_sceSblGcAuthMgrPcactActivation
| Version | NID |
|---|---|
| 1.69 | 0x32E7CEA |
_sceSblGcAuthMgrGetMediaIdType01
| Version | NID |
|---|---|
| 1.69 | 0xAC64154 |
_sceSblGcAuthMgrAdhocBB224Auth1
| Version | NID |
|---|---|
| 1.69 | 0x307FD67C |
_sceSblGcAuthMgrPkgVry
| Version | NID |
|---|---|
| 1.69 | 0x3E168BC4 |
_sceSblGcAuthMgrAdhocBB224Auth5
| Version | NID |
|---|---|
| 1.69 | 0x459F5503 |
_sceSblGcAuthMgrAdhocBB224Init
| Version | NID |
|---|---|
| 1.69 | 0x5AB126A7 |
_sceSblGcAuthMgrAdhocBB224Auth4
| Version | NID |
|---|---|
| 1.69 | 0x5CCC216C |
_sceSblGcAuthMgrAdhocBB224Auth2
| Version | NID |
|---|---|
| 1.69 | 0x788C0517 |
_sceSblGcAuthMgrSclkSetData2
| Version | NID |
|---|---|
| 1.69 | 0x837D0FB6 |
_sceSblGcAuthMgrSclkGetData1
| Version | NID |
|---|---|
| 1.69 | 0x8A3AF1E8 |
_sceSblGcAuthMgrAdhocBB224Shutdown
| Version | NID |
|---|---|
| 1.69 | 0x8ECEACF9 |
_sceSblGcAuthMgrPcactGetChallenge
| Version | NID |
|---|---|
| 1.69 | 0x98153286 |
_sceSblGcAuthMgrAdhocBB224GetKeys
| Version | NID |
|---|---|
| 1.69 | 0xC236FB28 |
_sceSblGcAuthMgrAdhocBB224Auth3
| Version | NID |
|---|---|
| 1.69 | 0xD3F95259 |
gcauth_sm "KIRK" calls to F00D
The use of os0:sm/gcauthmgr_sm.self is to support the next generation of KIRK. It uses a similar input structure to the original KIRK on the PSP.
PSP support
4,7,0xC,0xD,0xE, 0x10, 0x11, 0x12 are the classic PSP KIRK Services supported by gcauth_sm.
New PSVita Codes
0x14-0x19, 0x1b-0x23 are the new KIRK Services supported by gcauth_sm.
0x14 is the 224bit ecdsa keypair gen. The only input is an empty buffer size (3*0x1C) it returns 3 values. Private key, Public X point, Public Y point. Each value is 0x1C bytes long.
0x16 is random 224bit generator. It will return 0x1C bytes of random data into the buffer. 0x17 -0x19 are the 224bit ecdsa versions of psp's 160bit 0x10-0x12