SceSblGcAuthMgr: Difference between revisions
Line 58: | Line 58: | ||
! Address !! Size !! Description | ! Address !! Size !! Description | ||
|- | |- | ||
| 0x0000 || | | 0x0000 || 0x4BC4 || - | ||
|- | |||
| 0x4BC4 || 0x30 || temp buffer for storing parts of cmd56 packets | |||
|- | |||
| 0x4BF4 || 0x110C || - | |||
|} | |} | ||
Revision as of 23:24, 6 June 2017
Module
Known NIDs
Version | Name | World | Privilege | NID |
---|---|---|---|---|
1.69 | SceSblGcAuthMgr | Non-secure | Kernel | 0x4B777EBC |
3.60 | SceSblGcAuthMgr | ? | Kernel | 0xDB1A9016 |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69 | SceSblGcAuthMgrDrmBBForDriver | Non-secure | Kernel | 0x1926B182 |
3.60 | SceSblGcAuthMgrDrmBBForDriver | ? | Kernel | 0x1926B182 |
1.69 | SceSblGcAuthMgrPcactForDriver | Non-secure | Kernel | 0xB8600A5 |
1.69 | SceSblGcAuthMgrMlnpsnlForDriver | Non-secure | Kernel | 0x29ED0109 |
3.60 | SceSblGcAuthMgrMlnpsnlForDriver | ? | Kernel | 0x29ED0109 |
1.69 | SceSblGcAuthMgrAdhocBBForDriver | Non-secure | Kernel | 0x2EFA9203 |
1.69 | SceSblGcAuthMgrPkgForDriver | Non-secure | Kernel | 0x82FBA7D |
3.60 | SceSblGcAuthMgrPkgForDriver | ? | Kernel | 0x082FBA7D |
1.69 | SceSblGcAuthMgrSclkForDriver | Non-secure | Kernel | 0xF24F760D |
3.60 | SceSblGcAuthMgrSclkForDriver | ? | Kernel | 0xF24F760D |
1.69 | SceSblGcAuthMgrGcAuthForDriver | Non-secure | Kernel | 0xC6627F5E |
3.60 | SceSblGcAuthMgrGcAuthForDriver | ? | Kernel | 0xC6627F5E |
1.69 | SceSblGcAuthMgr | Non-secure | User | 0x7B13BCF7 |
3.60 | SceSblGcAuthMgr | ? | ? | 0x7B13BCF7 |
3.60 | SceSblGcAuthMgrPsmactForDriver | ? | Kernel | 0x1C53F37D |
3.60 | SceSblGcAuthMgrMsSaveBBForDriver | ? | Kernel | 0x5032E8D4 |
Data segment layout
Address | Size | Description |
---|---|---|
0x0000 | 0x4BC4 | - |
0x4BC4 | 0x30 | temp buffer for storing parts of cmd56 packets |
0x4BF4 | 0x110C | - |
SceSblGcAuthMgrDrmBBForDriver
verify_checksum
Version | NID |
---|---|
3.60 | 0x22FD5D23 |
This function verifies that last responce from the card (cmd56) is valid
For example it is called from sceAppMgrGameDataMount
int verify_checksum(char* in_data);
Here is reversed code:
char resp_buffer[0x14]; //static buffer with response data int verify_checksum(char* in_data) { char* ib = in_data; char* rb = resp_buffer; char* rbe = rb + 0x14; int crc = 0; while(rb != rbe) { crc = crc | ((*ib) ^ (*rb)); rb++; ib++; } if(crc == 0) return 0; else return 0x808A040A; }
This is a timing safe memcmp. Xyz (talk) 10:02, 1 May 2017 (UTC)
clear_sensitive_data
Version | NID |
---|---|
3.60 | 0x812B2B5C |
Clears some sensitive data.
Called after verify_checksum
int clear_sensitive_data(int* value);
clear_sensitive_data
Version | NID |
---|---|
3.60 | 0xBB451E83 |
Clears sensitive data that is left after cmd56 custom initialization.
This includes data generated by Kirk services 0x1C, 0x1F, 0x20 and packet6.
Called after initialize_sd_device
int clear_sensitive_data();
SceSblGcAuthMgrPcactForDriver
SceSblGcAuthMgrMlnpsnlForDriver
SceSblGcAuthMgrAdhocBBForDriver
SceSblGcAuthMgrPkgForDriver
SceSblGcAuthMgrSclkForDriver
SceSblGcAuthMgrGcAuthForDriver
initialize_sd_device
Version | NID |
---|---|
3.60 | 0x68781760 |
This is a wrapper function that starts initialization subroutine through run_execlusive
int initialize_sd_device(int sd_ctx_index);
SceSblGcAuthMgr
_sceSblGcAuthMgrPcactActivation
Version | NID |
---|---|
1.69 | 0x32E7CEA |
_sceSblGcAuthMgrGetMediaIdType01
Version | NID |
---|---|
1.69 | 0xAC64154 |
_sceSblGcAuthMgrAdhocBB224Auth1
Version | NID |
---|---|
1.69 | 0x307FD67C |
_sceSblGcAuthMgrPkgVry
Version | NID |
---|---|
1.69 | 0x3E168BC4 |
_sceSblGcAuthMgrAdhocBB224Auth5
Version | NID |
---|---|
1.69 | 0x459F5503 |
_sceSblGcAuthMgrAdhocBB224Init
Version | NID |
---|---|
1.69 | 0x5AB126A7 |
_sceSblGcAuthMgrAdhocBB224Auth4
Version | NID |
---|---|
1.69 | 0x5CCC216C |
_sceSblGcAuthMgrAdhocBB224Auth2
Version | NID |
---|---|
1.69 | 0x788C0517 |
_sceSblGcAuthMgrSclkSetData2
Version | NID |
---|---|
1.69 | 0x837D0FB6 |
_sceSblGcAuthMgrSclkGetData1
Version | NID |
---|---|
1.69 | 0x8A3AF1E8 |
_sceSblGcAuthMgrAdhocBB224Shutdown
Version | NID |
---|---|
1.69 | 0x8ECEACF9 |
_sceSblGcAuthMgrPcactGetChallenge
Version | NID |
---|---|
1.69 | 0x98153286 |
_sceSblGcAuthMgrAdhocBB224GetKeys
Version | NID |
---|---|
1.69 | 0xC236FB28 |
_sceSblGcAuthMgrAdhocBB224Auth3
Version | NID |
---|---|
1.69 | 0xD3F95259 |
gcauth_sm "KIRK" calls to F00D
The use of os0:sm/gcauthmgr_sm.self is to support the next generation of KIRK. It uses a similar input structure to the original KIRK on the PSP.
PSP support
4,7,0xC,0xD,0xE, 0x10, 0x11, 0x12 are the classic PSP KIRK Services supported by gcauth_sm.
New PSVita Codes
0x14-0x19, 0x1b-0x23 are the new KIRK Services supported by gcauth_sm.
0x14 is the 224bit ecdsa keypair gen. The only input is an empty buffer size (3*0x1C) it returns 3 values. Private key, Public X point, Public Y point. Each value is 0x1C bytes long.
0x16 is random 224bit generator. It will return 0x1C bytes of random data into the buffer. 0x17 -0x19 are the 224bit ecdsa versions of psp's 160bit 0x10-0x12