SceSblGcAuthMgr: Difference between revisions
Jump to navigation
Jump to search
| Line 83: | Line 83: | ||
== SceSblGcAuthMgrDrmBBForDriver == | == SceSblGcAuthMgrDrmBBForDriver == | ||
=== | === memcmp_5018_fast === | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| Line 91: | Line 91: | ||
|} | |} | ||
This function verifies that last responce from the card (cmd56) | This function verifies that last 0x14 bytes of last responce from the game card (cmd56) are valid | ||
For example it is called from <code>sceAppMgrGameDataMount</code> | For example it is called from <code>sceAppMgrGameDataMount</code> | ||
<source lang="c">int | <source lang="c">int memcmp_5018_fast(char* in_data);</source> | ||
</source> | |||
This is a timing safe memcmp. [[User:Xyz|Xyz]] ([[User talk:Xyz|talk]]) 10:02, 1 May 2017 (UTC) | This is a timing safe memcmp. [[User:Xyz|Xyz]] ([[User talk:Xyz|talk]]) 10:02, 1 May 2017 (UTC) | ||
Revision as of 01:55, 7 June 2017
Module
Known NIDs
| Version | Name | World | Privilege | NID |
|---|---|---|---|---|
| 1.69 | SceSblGcAuthMgr | Non-secure | Kernel | 0x4B777EBC |
| 3.60 | SceSblGcAuthMgr | ? | Kernel | 0xDB1A9016 |
Libraries
Known NIDs
| Version | Name | World | Visibility | NID |
|---|---|---|---|---|
| 1.69 | SceSblGcAuthMgrDrmBBForDriver | Non-secure | Kernel | 0x1926B182 |
| 3.60 | SceSblGcAuthMgrDrmBBForDriver | ? | Kernel | 0x1926B182 |
| 1.69 | SceSblGcAuthMgrPcactForDriver | Non-secure | Kernel | 0xB8600A5 |
| 1.69 | SceSblGcAuthMgrMlnpsnlForDriver | Non-secure | Kernel | 0x29ED0109 |
| 3.60 | SceSblGcAuthMgrMlnpsnlForDriver | ? | Kernel | 0x29ED0109 |
| 1.69 | SceSblGcAuthMgrAdhocBBForDriver | Non-secure | Kernel | 0x2EFA9203 |
| 1.69 | SceSblGcAuthMgrPkgForDriver | Non-secure | Kernel | 0x82FBA7D |
| 3.60 | SceSblGcAuthMgrPkgForDriver | ? | Kernel | 0x082FBA7D |
| 1.69 | SceSblGcAuthMgrSclkForDriver | Non-secure | Kernel | 0xF24F760D |
| 3.60 | SceSblGcAuthMgrSclkForDriver | ? | Kernel | 0xF24F760D |
| 1.69 | SceSblGcAuthMgrGcAuthForDriver | Non-secure | Kernel | 0xC6627F5E |
| 3.60 | SceSblGcAuthMgrGcAuthForDriver | ? | Kernel | 0xC6627F5E |
| 1.69 | SceSblGcAuthMgr | Non-secure | User | 0x7B13BCF7 |
| 3.60 | SceSblGcAuthMgr | ? | ? | 0x7B13BCF7 |
| 3.60 | SceSblGcAuthMgrPsmactForDriver | ? | Kernel | 0x1C53F37D |
| 3.60 | SceSblGcAuthMgrMsSaveBBForDriver | ? | Kernel | 0x5032E8D4 |
Data segment layout
| Address | Size | Description |
|---|---|---|
| 0x0000 | 0x4BC4 | unknown |
| 0x4BC4 | 0x30 | temp buffer for storing parts of cmd56 packets |
| 0x4BF4 | 0x200 | cmd56 request buffer |
| 0x4DF4 | 0x04 | packet6 gc parameter |
| 0x4DF8 | 0x200 | temp buffer for initializing cm56 req packets |
| 0x4FF8 | 0x20 | temp buffer for storing parts of cmd56 packets |
| 0x5018 | 0x34 | one of kirk responses |
| 0x504C | 0x200 | cmd56 response buffer 1 |
| 0x524C | 0x200 | cmd56 response buffer 2 |
| 0x544C | 0x20 | one of kirk responses |
| 0x546C | 0x898 | unknown |
SceSblGcAuthMgrDrmBBForDriver
memcmp_5018_fast
| Version | NID |
|---|---|
| 3.60 | 0x22FD5D23 |
This function verifies that last 0x14 bytes of last responce from the game card (cmd56) are valid
For example it is called from sceAppMgrGameDataMount
int memcmp_5018_fast(char* in_data);
This is a timing safe memcmp. Xyz (talk) 10:02, 1 May 2017 (UTC)
clear_sensitive_data
| Version | NID |
|---|---|
| 3.60 | 0x812B2B5C |
Clears some sensitive data.
Called after verify_checksum
int clear_sensitive_data(int* value);
clear_sensitive_data
| Version | NID |
|---|---|
| 3.60 | 0xBB451E83 |
Clears sensitive data that is left after cmd56 custom initialization.
This includes data generated by Kirk services 0x1C, 0x1F, 0x20 and packet6.
Called after initialize_sd_device
int clear_sensitive_data();
get_5018_data
| Version | NID |
|---|---|
| 3.60 | 0xBB70DDC0 |
This function copies first 0x20 bytes of the buffer to destination.
int get_5018_data(char* dest);
SceSblGcAuthMgrPcactForDriver
SceSblGcAuthMgrMlnpsnlForDriver
SceSblGcAuthMgrAdhocBBForDriver
SceSblGcAuthMgrPkgForDriver
SceSblGcAuthMgrSclkForDriver
SceSblGcAuthMgrGcAuthForDriver
initialize_sd_device
| Version | NID |
|---|---|
| 3.60 | 0x68781760 |
This is a wrapper function that starts initialization subroutine through run_execlusive
int initialize_sd_device(int sd_ctx_index);
SceSblGcAuthMgr
_sceSblGcAuthMgrPcactActivation
| Version | NID |
|---|---|
| 1.69 | 0x32E7CEA |
_sceSblGcAuthMgrGetMediaIdType01
| Version | NID |
|---|---|
| 1.69 | 0xAC64154 |
_sceSblGcAuthMgrAdhocBB224Auth1
| Version | NID |
|---|---|
| 1.69 | 0x307FD67C |
_sceSblGcAuthMgrPkgVry
| Version | NID |
|---|---|
| 1.69 | 0x3E168BC4 |
_sceSblGcAuthMgrAdhocBB224Auth5
| Version | NID |
|---|---|
| 1.69 | 0x459F5503 |
_sceSblGcAuthMgrAdhocBB224Init
| Version | NID |
|---|---|
| 1.69 | 0x5AB126A7 |
_sceSblGcAuthMgrAdhocBB224Auth4
| Version | NID |
|---|---|
| 1.69 | 0x5CCC216C |
_sceSblGcAuthMgrAdhocBB224Auth2
| Version | NID |
|---|---|
| 1.69 | 0x788C0517 |
_sceSblGcAuthMgrSclkSetData2
| Version | NID |
|---|---|
| 1.69 | 0x837D0FB6 |
_sceSblGcAuthMgrSclkGetData1
| Version | NID |
|---|---|
| 1.69 | 0x8A3AF1E8 |
_sceSblGcAuthMgrAdhocBB224Shutdown
| Version | NID |
|---|---|
| 1.69 | 0x8ECEACF9 |
_sceSblGcAuthMgrPcactGetChallenge
| Version | NID |
|---|---|
| 1.69 | 0x98153286 |
_sceSblGcAuthMgrAdhocBB224GetKeys
| Version | NID |
|---|---|
| 1.69 | 0xC236FB28 |
_sceSblGcAuthMgrAdhocBB224Auth3
| Version | NID |
|---|---|
| 1.69 | 0xD3F95259 |
gcauth_sm "KIRK" calls to F00D
The use of os0:sm/gcauthmgr_sm.self is to support the next generation of KIRK. It uses a similar input structure to the original KIRK on the PSP.
PSP support
4,7,0xC,0xD,0xE, 0x10, 0x11, 0x12 are the classic PSP KIRK Services supported by gcauth_sm.
New PSVita Codes
0x14-0x19, 0x1b-0x23 are the new KIRK Services supported by gcauth_sm.
0x14 is the 224bit ecdsa keypair gen. The only input is an empty buffer size (3*0x1C) it returns 3 values. Private key, Public X point, Public Y point. Each value is 0x1C bytes long.
0x16 is random 224bit generator. It will return 0x1C bytes of random data into the buffer. 0x17 -0x19 are the 224bit ecdsa versions of psp's 160bit 0x10-0x12