SceSblSsMgr: Difference between revisions
Line 764: | Line 764: | ||
| 3.60 || 0xb8b298fd | | 3.60 || 0xb8b298fd | ||
|} | |} | ||
executes F00D aimgr_sm.self [[F00D_Commands#0x5_2|command 0x5]] | |||
derived from <code>_vshSblSsCreatePassPhrase</code> | derived from <code>_vshSblSsCreatePassPhrase</code> |
Revision as of 00:17, 24 September 2017
Module
Known NIDs
Version | Name | World | Privilege | NID |
---|---|---|---|---|
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xFDDD93FA |
3.60 | SceSblSsMgr | ? | Kernel | 0x4E913538 |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69 | SceSblSsMgrForKernel | Non-secure | Kernel | 0x74580D9F |
1.69 | SceSblSsMgrForDriver | Non-secure | Kernel | 0x61E9428D |
3.60 | SceSblSsMgrForDriver | ? | Kernel | 0x61E9428D |
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xEC86E4B0 |
1.69 | SceSblQafMgr | Non-secure | User | 0x756B7E89 |
1.69 | SceSblRng | Non-secure | User | 0x1843F124 |
1.69 | SceSblDmac5Mgr | Non-secure | User | 0x437366A2 |
1.69 | SceSblAimgr | Non-secure | User | 0xD473F968 |
SceSblSsMgrForKernel
sceSblSsMgrGetSysconDataForKernel
Version | NID |
---|---|
3.60 | 0xC2EC8F5A |
for example gets 0x20 bytes of data for act_sm.self command 0x4 call.
this is done by passing offset 0x520 as first argument.
int SceSblSsMgrGetSysconDataForKernel(int offset, char *buffer, int size);
sceSblSsMgrGetBootTypeIndicatorBit2ForKernel
Version | NID |
---|---|
3.60 | 0x516ecc08 |
directly calls scePmGetBootTypeIndicatorBit2
int sceSblSsMgrGetBootTypeIndicatorBit2ForKernel(char* result);
SceSblSsMgrForDriver
Cryptographic functions in this module typically have 3 variations
- Use
key
- meaning that the key that you provide is used directly for encryption/decryption - Use
slot_id
- meaning that you have to use sceSblAuthMgrSetDmac5Key function to set the key in specific slot.
Note that in this case your select a key from F00D by key_id. It will be encrypted by F00D and placed into slot selected by slot_id.
- Use
key_id
- meaning that call to sceSblAuthMgrSetDmac5Key will happend internally.
In this case key from F00D is selected by key_id and encrypted by F00D. It is then placed into one of the slots. Default range is 0xC-0x17.
sceSblSsMgrGetRandomNumberForDriver
Version | NID |
---|---|
3.60 | 0x4F9BFBE5 |
int sceSblSsMgrGetRandomNumberForDriver(char* result, int size);
sceSblSsMgrGetRandomDataForDriver
Version | NID |
---|---|
3.60 | 0xAC57F4F0 |
Generates random data of length 0x40 by executing Dmac5 command 0x04
used in SceKrm, SceSblGcAuthMgr
int sceSblSsMgrGetRandomDataForDriver(char* dest);
sceSblSsMgrGetRandomDataCropForDriver
Version | NID |
---|---|
3.60 | 0x4DD1B2E5 |
Generates random data of length 0x40 by executing Dmac5 command 0x04
Data is then cropped to fit the size in outputBuffer.
used by SceMsif
int sceSblSsMgrGetRandomDataCropForDriver(char* outputBuffer, int size, int unk);
sceSblSsMgrAESECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0xC517770D |
Executes Dmac5 command 0x1
used in ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //mask_enable = 1 int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);
sceSblSsMgrAESECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x7C978BE7 |
Executes Dmac5 command 0x02
used ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //mask_enable = 1 int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);
sceSblSsMgrAESECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x01BE0374 |
Executes Dmac5 command 0x01
used in SceSblMgKeyMgr
//size - size of data in src //slot_id - 0x1C, 0x1D, 0x1E, 0x1F //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //mask_enable = 1 int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrAESECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x8B4700CB |
Executes Dmac5 command 0x02
used by SceSblMgKeyMgr
//size - size of data in src //slot_id - 0x1D, ? //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //mask_enable = 1 int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrAESECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x0F7D28AF |
Executes Dmac5 command 0x01
used in ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);
sceSblSsMgrAESECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x197ACF6F |
Executes Dmac5 command 0x02
no usages found
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);
sceSblSsMgrDES64ECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x37DD5CBF |
Executes Dmac5 command 0x41
used in SceMsif, SceSblMgKeyMgr
//size - size of data in src //key_slot - 0x1C, ? //key_size - 0xC0 (size in bits) - other sizes also work. 192 is not the size for des! //mask_enable = 1 int sceSblSsMgrDES64ECBEncryptForDriver(char *src, char *dst, int size, int key_slot, int key_size, int mask_enable);
sceSblSsMgrDES64ECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x8EAFB18A |
Executes Dmac5 command 0x42
used in SceSblMgKeyMgr
//size - size of data in src //key_slot - 0x1C, ? //key_size - 0xC0 (size in bits) - other sizes also work. 192 is not the size for des! //mask_enable = 1 int sceSblSsMgrDES64ECBDecryptForDriver(char *src, char *dst, int size, int key_slot, int key_size, int mask_enable);
sceSblSsMgrDES64CBCEncryptForDriver
Version | NID |
---|---|
3.60 | 0x05B38698 |
Executes Dmac5 command 0x49
no usages found
//size - size of data in src //key_slot - 0x1D, ? //key_size - ? - does not matter ? //iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrDES64CBCEncryptForDriver(char *src, char *dst, int size, int key_slot, int key_size, char* iv, int mask_enable);
sceSblSsMgrDES64CBCDecryptForDriver
Version | NID |
---|---|
3.60 | 0x926BCCF0 |
Executes Dmac5 command 0x4A
no usages found
//size - size of data in src //key_slot - 0x1D, ? //key_size - ? - does not matter ? //iv - length is 8 for DES //mask_enable = 1 int sceSblSsMgrDES64CBCDecryptForDriver(char *src, char *dst, int size, int key_slot, int key_size, char* iv, int mask_enable);
sceSblSsMgrAESCBCEncryptForDriver
Version | NID |
---|---|
3.60 | 0xE6E1AD15 |
Executes Dmac5 command 0x09
used by ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrAESCBCEncryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCBCDecryptForDriver
Version | NID |
---|---|
3.60 | 0x121FA69F |
Executes Dmac5 command 0x0A
used by ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrAESCBCDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCBCEncryptForDriver
Version | NID |
---|---|
3.60 | 0x711C057A |
Executes Dmac5 command 0x09
used by ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 int sceSblSsMgrAESCBCEncryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);
sceSblSsMgrAESCBCDecryptForDriver
Version | NID |
---|---|
3.60 | 0x1901CB5E |
Executes Dmac5 command 0x0A
used by ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 int sceSblSsMgrAESCBCDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);
sceSblSsMgrAESCTREncryptForDriver
Version | NID |
---|---|
3.60 | 0x82B5DCEF |
Executes Dmac5 command 0x21
used by SceNpDrm
this function can also be used for decryption since CTR is symmetric function
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrAESCTREncryptForDriver (char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCTRDecryptForDriver
Version | NID |
---|---|
3.60 | 0x7D46768C |
Executes Dmac5 command 0x22
no usages found
this function can also be used for encryption since CTR is symmetric function
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) //mask_enable = 1 int sceSblSsMgrAESCTRDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrSHA1ForDriver
Version | NID |
---|---|
3.60 | 0xEB3AF9B5 |
Executes Dmac5 command 0x03
used by ScePfsMgr
key_size is always 0x100 bits
//size - size of data in src //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrSHA1ForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA1ForDriver
Version | NID |
---|---|
3.60 | 0x6704D985 |
Executes Dmac5 command 0x23
used by ScePfsMgr
key_size is always 0x100 bits
//size - size of data in src //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrHMACSHA1ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA1ForDriver
Version | NID |
---|---|
3.60 | 0x92E37656 |
Executes Dmac5 command 0x23
no usages found
key_size is always 0x100 bits
//size - size of data in src //key - length is always 0x20 //iv = 0 //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrHMACSHA1ForDriver(char *src, char *dst, int size, char *key, char *iv, int key_id, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA256ForDriver
Version | NID |
---|---|
3.60 | 0x79F38554 |
Executes Dmac5 command 0x33
no usages found
//size - size of data in src //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrHMACSHA256ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0x1B14658D |
Executes Dmac5 command 0x3B
used in ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0x83B058F5 |
Executes Dmac5 command 0x3B
used in ScePfsMgr
//size - size of data in src //key - length is 0x10 / 0x18 / 0x20 //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv = 0 //key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0xEA6ACB6D |
Executes Dmac5 command 0x3B
no usages found
//size - size of data in src //slot_id - 0x1D, ? //key_size - 0x80 / 0xC0 / 0x100 (size in bits) //iv = 0 //mask_enable = 1 //command_bit = 0 / 0x400 / 0x800 / 0xC00 int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, int slot_id, int key_size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrExecuteDmac5HashCommandForDriver
Version | NID |
---|---|
3.60 | 0x9641374E |
Executes Dmac5 commands related to hashe functions
used by SceNpDrm
int sceSblSsMgrExecuteDmac5HashCommandForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command, int command_bit);
sceSblSsMgrGetConsoleIdForDriver
Version | NID |
---|---|
3.60 | 0xFC6CDD68 |
This function obtains ConsoleId by executing aimgr_sm.self F00D command 0x1
//buffer is of size 0x10 int sceSblSsMgrGetConsoleIdForDriver(void* cid);
sceSblSsMgrGetOpenPsIdForDriver
Version | NID |
---|---|
3.60 | 0xA5B5D269 |
This function returns information from a static buffer that is initialized on module_start.
Data is obtained from sysroot buffer at offset 0x70.
Sysroot buffer pointer is obtained by calling ksceKernelGetSysrootBuffer
typedef struct SceKernelOpenPsId { char id[16]; } SceKernelOpenPsId; //buffer is of size 0x10 int sceSblSsMgrGetOpenPsIdForDriver(SceKernelOpenPsId *id);
dec_aes_key_msif
Version | NID |
---|---|
3.60 | 0x934db6b5 |
decrypts or derives aes key that is used in msif to decrypt static sha224 table
communication with F00D is done with command 0x2000A from encdec_w_portability_sm.self
typedef struct input_data //size is 0x24 { uint32_t size; uint8_t unk_4[0x20]; }input_data; typedef struct output_data //size is 0x24 { uint32_t size; uint8_t unk_4[0x10]; uint8_t aes_key_14[0x10]; }input_data; //arg1 - size is 0x10 int dec_aes_key_msif(int num, char* arg1, input_data* in, output_data* out);
sceSblSsMgrGetVisibleId
Version | NID |
---|---|
3.60 | 0x04843835 |
executes F00D aimgr_sm.self command 0x3
derived from _vshSblAimgrGetVisibleId
previously was named sceSblSsMgrGetFuseIdForDriver
//data is of size 0x20 int sceSblSsMgrGetVisibleId(void* result);
sceSblSsMgrEncryptWithPortabilityForDriver
Version | NID |
---|---|
3.60 | 0x21ec51f6 |
derived from _vshSblSsEncryptWithPortability
struct size_data_pair { int size; char data[0x20]; }; int sceSblSsMgrEncryptWithPortabilityForDriver(int num, void *ptr, size_data_pair *src, size_data_pair *dst);
unk_249adb07
Version | NID |
---|---|
3.60 | 0x249adb07 |
int unk_249adb07(int unk0, int unk1, int unk2);
sceSblSsMgrGetPscode2ForDriver
Version | NID |
---|---|
3.60 | 0x9a9676d0 |
executes F00D aimgr_sm.self command 0x4
derived from _vshSblAimgrGetPscode2
//size of result is 0x8 int sceSblSsMgrGetPscode2ForDriver(uint64_t* result);
sceSblSsMgrCreatePassPhraseForDriver
Version | NID |
---|---|
3.60 | 0xb8b298fd |
executes F00D aimgr_sm.self command 0x5
derived from _vshSblSsCreatePassPhrase
//input is of size 0x18 int sceSblSsMgrCreatePassPhraseForDriver(char *input, char *output);
unk_c38d0cea
Version | NID |
---|---|
3.60 | 0xc38d0cea |
unk_cd98cc92
Version | NID |
---|---|
3.60 | 0xcd98cc92 |
unk_e0b13ba7
Version | NID |
---|---|
3.60 | 0xe0b13ba7 |
unk_e0dc2587
Version | NID |
---|---|
3.60 | 0xe0dc2587 |
unk_fdd6d5de
Version | NID |
---|---|
3.60 | 0xfdd6d5de |
SceSblSsMgr
SceSblQafMgr
sceSblQafManagerGetQafNameForUser
Version | NID |
---|---|
1.69 | 0xF7EA8C2 |
sceSblQafManagerIsAllowKernelDebugForUser
Version | NID |
---|---|
1.69 | 0x11D30766 |
sceSblQafManagerSetQafTokenForUser
Version | NID |
---|---|
1.69 | 0x56A16392 |
sceSblQafMgrIsAllowForceUpdate
Version | NID |
---|---|
1.69 | 0x63F29BA0 |
sceSblQafMgrIsAllowAllDebugMenuDisplay
Version | NID |
---|---|
1.69 | 0x66843305 |
sceSblQafMgrIsAllowNpTest
Version | NID |
---|---|
1.69 | 0xA9EBCBAC |
sceSblQafMgrIsAllowNonQAPup
Version | NID |
---|---|
1.69 | 0xB5621615 |
sceSblQafMgrGetQafToken
Version | NID |
---|---|
1.69 | 0xB6BAE81D |
sceSblQafMgrIsAllowLimitedDebugMenuDisplay
Version | NID |
---|---|
1.69 | 0xC456212D |
sceSblQafMgrIsAllowScreenShotAlways
Version | NID |
---|---|
1.69 | 0xD22A8731 |
sceSblQafManagerDeleteQafTokenForUser
Version | NID |
---|---|
1.69 | 0xD542583F |
sceSblQafMgrIsAllowRemoteSysmoduleLoad
Version | NID |
---|---|
1.69 | 0xF45AA706 |
SceSblRng
_sceKernelGetRandomNumber
Version | NID |
---|---|
1.69 | 0xC37E818C |
SceSblDmac5Mgr
sceSblDmac5HashTransform
Version | NID |
---|---|
1.69 | 0x09EBC6EF |
3.60 | 0x09EBC6EF |
This function can execute the following dmac5 commands:
- 0x3B: CMAC-AES (length 0x10)
- 0x3: SHA1 (length 0x14)
- 0x23: HMAC-SHA1 (length 0x14)
- 0x13: SHA256 (length 0x20)
- 0x33: HMAC-SHA256 (length 0x20)
typedef struct hash_trans_opt_t //size 0x18 { char* src; char* dst; uint32_t size; uint32_t unk_C; // = 0 uint32_t unk_10; // = 0 char* iv; }hash_trans_opt_t; // flags: // 0x000 // 0x400 // 0x800 // 0xC00 int sceSblDmac5HashTransform (hash_trans_opt_t* ctx, int command, int flags);
sceSblDmac5EncDecKeyGen
Version | NID |
---|---|
1.69 | 0x5BF4F924 |
3.60 | 0x5BF4F924 |
This function is also called sceSblDmac5AesCbcDecKeyGen
or sceSblDmac5AesCbcEncKeyGen
in SceGameDataPlugin
typedef struct keygen_ctx //size is 0x18 { char *src; char *dst; int size; char* key; uint32_t key_size; // (int bits) char* out; //hash ? }keygen_ctx; //command - 0xA (dmac5 command AES-192-CBC decrypt) //command - 0x9 (dmac5 command AES-192-CBC encrypt) int sceSblDmac5EncDecKeyGen(keygen_ctx* ctx, int key_id, int command);
sceSblDmac5EncDec
Version | NID |
---|---|
1.69 | 0xD0B1F759 |
3.60 | 0xD0B1F759 |
int sceSblDmac5EncDec(void *args, int command);
sceSblDmac5HmacKeyGen
Version | NID |
---|---|
3.60 | 0xCCE57D33 |
This function is also called sceSblDmac5Sha256HmacKeyGen
in SceGameDataPlugin
//data is of size 0x18 (24 - 192 bits ?) //unk1 - 0x20001 //command - 0x33 (dmac5 HMAC-SHA256 command) //flags - 0x400, 0x800, 0xC00 int sceSblDmac5HmacKeyGen(char* data, int unk1, int command, int flags);
SceSblAimgr
_sceKernelGetOpenPsId
Version | NID |
---|---|
1.69 | 0x6E283E2E |