Game Card: Difference between revisions
Line 186: | Line 186: | ||
| 0x28|| 0x04 || 0x03 || response size | | 0x28|| 0x04 || 0x03 || response size | ||
|- | |- | ||
| 0x2C|| 0x01 || - || command ? | | 0x2C|| 0x01 || - || command ? (generated with Kirk 1C) | ||
|- | |- | ||
| 0x2D|| 0x01 || - || unknown | | 0x2D|| 0x01 || - || unknown (generated with Kirk 1C) | ||
|- | |- | ||
| 0x2E|| 0x01 || - || additional data size | | 0x2E|| 0x01 || - || additional data size (generated with Kirk 1C) | ||
|- | |- | ||
| 0x2F|| 0x01 || - || data generated with Kirk 1C | | 0x2F|| 0x01 || - || data (generated with Kirk 1C) | ||
|- | |- | ||
|} | |} |
Revision as of 16:39, 23 January 2017
Game card is a standard MMC card. Pinout is different, however it complies with MMC card.
Card initialization
Card initialization consists of two steps:
- Standard MMC initialization.
- Custom CMD56 initialization.
CMD56 is a command that is used to transfer vendor specific data from host to card and back to host.
Second step is crucial and is required to be done before host tries to read any data from the card for example with CMD17.
Standard MMC initialization
This step is performed by SceSdif.
Part1: Card identification (SD, MMC, SDIO)
- 40 00 00 00 00 95 - CMD0 - GO_IDLE_STATE
- 48 00 00 01 AA 87 - CMD8 - SEND_IF_COND
- 45 00 00 00 00 5B - CMD5 - IO_SEND_OP_COND
- 77 00 00 00 00 65 - CMD55 - APP_CMD
Part2: Card initialization
- 40 00 00 00 00 95 - CMD0 - GO_IDLE_STATE
- 41 40 FF 80 00 0B - CMD1 - SEND_OP_COND
- 42 00 00 00 00 4D - CMD2 - ALL_SEND_CID
- 43 00 01 00 00 7F - CMD3 - SET_RELATIVE_ADDR
- 49 00 01 00 00 F1 - CMD9 - SEND_CSD
- 47 00 01 00 00 DD - CMD7 - SELECT_CARD
- 46 03 AF 01 00 43 - CMD6 - SWITCH (ERASE_GROUP_DEF)
- 48 00 00 00 00 C3 - CMD8 - SEND_EXT_CSD
- 50 00 00 02 00 15 - CMD16 - SET_BLOCKLEN
- 46 03 B9 01 00 2F - CMD6 - SWITCH (HS_TIMING)
- 46 03 B7 01 00 2D - CMD6 - SWITCH (BUS_WIDTH 4)
Custom CMD56 initialization
This step is performed by SceSblGcAuthMgr.
SceSblGcAuthMgr uses SceSblSsSmComm API to send F00D Commands to call Kirk services 1B-20. Game card can be accessed with device index 1
Initialization consists of 20 packets total. There are 10 request and 10 response packets. Each packet is sent or received with CMD56.
packet 1
Offset | Size | Value | Description |
---|---|---|---|
0x00 | 0x20 | - | key0 |
0x20 | 0x04 | 0x31 | response code |
0x24 | 0x04 | 0x03 | additional data size |
0x28 | 0x04 | 0x13 | response size |
0x2C | 0x01 | 0xC4 | command ? |
0x2D | 0x01 | 0x00 | unknown |
0x2E | 0x01 | 0x03 | additional data size |
packet 2
Offset | Size | Value | Description |
---|
packet 3
Offset | Size | Value | Description |
---|---|---|---|
0x00 | 0x20 | - | key0 |
0x20 | 0x04 | 0x23 | response code |
0x24 | 0x04 | 0x03 | additional data size |
0x28 | 0x04 | 0x05 | response size |
0x2C | 0x01 | 0xC2 | command ? |
0x2D | 0x01 | 0x00 | unknown |
0x2E | 0x01 | 0x03 | additional data size |
packet 4
Offset | Size | Value | Description |
---|
packet 5
Offset | Size | Value | Description |
---|---|---|---|
0x00 | 0x20 | - | key0 |
0x20 | 0x04 | 0x02 | response code |
0x24 | 0x04 | 0x03 | additional data size |
0x28 | 0x04 | 0x2B | response size |
0x2C | 0x01 | 0xA1 | command ? |
0x2D | 0x01 | 0x00 | unknown |
0x2E | 0x01 | 0x03 | additional data size |
packet 6
Offset | Size | Value | Description |
---|
packet 7
Offset | Size | Value | Description |
---|---|---|---|
0x00 | 0x20 | - | key0 |
0x20 | 0x04 | 0x03 | response code |
0x24 | 0x04 | 0x15 | additional data size |
0x28 | 0x04 | 0x23 | response size |
0x2C | 0x01 | 0xA2 | command ? |
0x2D | 0x01 | 0x00 | unknown |
0x2E | 0x01 | 0x15 | additional data size |
0x2F | 0x02 | 0x01 | gc parameter (packet 6) |
0x31 | 0x10 | - | generated chunk (random?) |
packet 8
Offset | Size | Value | Description |
---|
packet 9
Offset | Size | Value | Description |
---|---|---|---|
0x00 | 0x20 | - | key0 |
0x20 | 0x04 | 0x05 | response code |
0x24 | 0x04 | 0x33 | additional data size |
0x28 | 0x04 | 0x03 | response size |
0x2C | 0x01 | - | command ? (generated with Kirk 1C) |
0x2D | 0x01 | - | unknown (generated with Kirk 1C) |
0x2E | 0x01 | - | additional data size (generated with Kirk 1C) |
0x2F | 0x01 | - | data (generated with Kirk 1C) |
packet 10
Offset | Size | Value | Description |
---|
packet 11
Offset | Size | Value | Description |
---|
packet 12
Offset | Size | Value | Description |
---|
packet 13
Offset | Size | Value | Description |
---|
packet 14
Offset | Size | Value | Description |
---|
packet 15
Offset | Size | Value | Description |
---|
packet 16
Offset | Size | Value | Description |
---|
packet 17
Offset | Size | Value | Description |
---|
packet 18
Offset | Size | Value | Description |
---|
packet 19
Offset | Size | Value | Description |
---|
packet 20
Offset | Size | Value | Description |
---|