SceSblGcAuthMgr: Difference between revisions

Revision as of 13:00, 19 June 2017

Module

Known NIDs

Version	Name	World	Privilege	NID
1.69	SceSblGcAuthMgr	Non-secure	Kernel	0x4B777EBC
3.60	SceSblGcAuthMgr	?	Kernel	0xDB1A9016

Libraries

Known NIDs

Version	Name	World	Visibility	NID
1.69	SceSblGcAuthMgrDrmBBForDriver	Non-secure	Kernel	0x1926B182
3.60	SceSblGcAuthMgrDrmBBForDriver	?	Kernel	0x1926B182
1.69	SceSblGcAuthMgrPcactForDriver	Non-secure	Kernel	0xB8600A5
1.69	SceSblGcAuthMgrMlnpsnlForDriver	Non-secure	Kernel	0x29ED0109
3.60	SceSblGcAuthMgrMlnpsnlForDriver	?	Kernel	0x29ED0109
1.69	SceSblGcAuthMgrAdhocBBForDriver	Non-secure	Kernel	0x2EFA9203
1.69	SceSblGcAuthMgrPkgForDriver	Non-secure	Kernel	0x82FBA7D
3.60	SceSblGcAuthMgrPkgForDriver	?	Kernel	0x082FBA7D
1.69	SceSblGcAuthMgrSclkForDriver	Non-secure	Kernel	0xF24F760D
3.60	SceSblGcAuthMgrSclkForDriver	?	Kernel	0xF24F760D
1.69	SceSblGcAuthMgrGcAuthForDriver	Non-secure	Kernel	0xC6627F5E
3.60	SceSblGcAuthMgrGcAuthForDriver	?	Kernel	0xC6627F5E
1.69	SceSblGcAuthMgr	Non-secure	User	0x7B13BCF7
3.60	SceSblGcAuthMgr	?	?	0x7B13BCF7
3.60	SceSblGcAuthMgrPsmactForDriver	?	Kernel	0x1C53F37D
3.60	SceSblGcAuthMgrMsSaveBBForDriver	?	Kernel	0x5032E8D4

Data segment layout

Address	Size	Description
0x0000	0x4BC4	unknown
0x4BC4	0x30	temp buffer for storing parts of cmd56 packets
0x4BF4	0x200	cmd56 request buffer
0x4DF4	0x04	packet6 gc parameter
0x4DF8	0x200	temp buffer for initializing cm56 req packets
0x4FF8	0x20	temp buffer for storing parts of cmd56 packets
0x5018	0x34	one of kirk responses
0x504C	0x200	cmd56 response buffer 1
0x524C	0x200	cmd56 response buffer 2
0x544C	0x20	one of kirk responses
0x546C	0x898	unknown

SceSblGcAuthMgrDrmBBForDriver

command 0x1000B 0x11

Version	NID
3.60	0x4cea150c

Original PSP Kirk 0x11 service for 160bit ECC signature verification.

command 0x1000B 0x18

Version	NID
3.60	0x4b506be7

Almost certainly a 224bit version of 0x11

command 0x1000B 0x21

Version	NID
3.60	0x30a0b441

command 0x1000B 0x22

Version	NID
3.60	0x050dc6df

command 0x1000B 0x4

Version	NID
3.60	0x500f5157

Original PSP Kirk 4 service for encrypting data

command 0x1000B 0x4

Version	NID
3.60	0x6ef3c9db

Original PSP Kirk 4 service for encrypting data

command 0x1000B 0x4

Version	NID
3.60	0x7f98e4e2

Original PSP Kirk 4 service for encrypting data

command 0x1000B 0x4

Version	NID
3.60	0xe950be32

Original PSP Kirk 4 service for encrypting data

command 0x1000B 0x7

Version	NID
3.60	0x3c25f9fa

Original PSP Kirk 7 service for decrypting data

command 0x1000B 0x7

Version	NID
3.60	0xb13577e2

Original PSP Kirk 7 service for decrypting data

command 0x1000B 0x7

Version	NID
3.60	0xc0f37f18

Original PSP Kirk 7 service for decrypting data

command 0x1000B 0x4 0x7

Version	NID
3.60	0x4fe89adb

Original PSP Kirk Enc and Dec

int unk_4fe89adb(int unk0, int unk1, int unk2, int unk3, int arg_0);

clear_context

Version	NID
3.60	0x48d7784e

typedef struct ctx_48d7784e //size is 0x28
{
   uint32_t unk_0;
   char unk_4[0x10];
   char unk_14[0x10];
   uint32_t unk_24;
}ctx_48d7784e;

int clear_context(ctx_48d7784e *ctx, int idx);

clear_context

Version	NID
3.60	0x6e6d2b89

typedef struct ctx_6e6d2b89 //size is 0x18
{
   uint32_t unk_0;
   uint32_t unk_4;
   char unk_8[0x10];
}ctx_6e6d2b89;

int clear_context(ctx_6e6d2b89 *ctx);

enc_dec

Version	NID
3.60	0x4c5de1aa

includes both aes and psp kirk 1000B 4 and 7

int enc_dec(void* data, void* dec_rif_key, int unk2, void* unk3);

error

Version	NID
3.60	0x535b87bc

returns error 0x808A040A

get_5018_data

Version	NID
3.60	0xBB70DDC0

This function copies first 0x20 bytes of the buffer of size 0x34 to destination.

Buffer is obtained with KIRK command 0x20

int get_5018_data(char* dest);

memcmp_5018_fast

Version	NID
3.60	0x22FD5D23

This function verifies that last 0x14 bytes of last responce of size 0x34 from the game card (cmd56) are valid

For example it is called from sceAppMgrGameDataMount

int memcmp_5018_fast(char* in_data);

This is a timing safe memcmp. Xyz (talk) 10:02, 1 May 2017 (UTC)

clear_sensitive_data

Version	NID
3.60	0x812B2B5C

Clears some sensitive data.

Called after verify_checksum

int clear_sensitive_data(int unk, int* value);

clear_sensitive_data

Version	NID
3.60	0xBB451E83

Clears sensitive data that is left after cmd56 custom initialization.

This includes data generated by Kirk services 0x1C, 0x1F, 0x20 and packet6.

Buffer offsets are 0x4BC4, 0x4FF8, 0x5018, 0x544C.

Called after initialize_sd_device

int clear_sensitive_data();

SceSblGcAuthMgrPcactForDriver

SceSblGcAuthMgrMlnpsnlForDriver

SceSblGcAuthMgrAdhocBBForDriver

SceSblGcAuthMgrPkgForDriver

SceSblGcAuthMgrSclkForDriver

SceSblGcAuthMgrGcAuthForDriver

cmd56_handshake

Version	NID
3.60	0x68781760

This is a wrapper function that starts initialization subroutine through run_execlusive

int cmd56_handshake(int sd_ctx_index);