Module
Known NIDs
Version |
Name |
World |
Privilege |
NID
|
3.60 |
SceSblPostSsMgr |
Non-secure |
Kernel |
0xB6C941F2
|
Libraries
Known NIDs
Types
typedef struct spsfo_ctx {
SceUID mem_uid; // SceSblSpsfoMgr
void* mem_block_base;
uint32_t unk_8;
} spsfo_ctx;
typedef struct SceUtoken { // size is 0x800
char unk_data[0x800];
} SceUtoken;
/* Reversed by PrincessOfSleeping. To be checked. */
typedef struct SceUtokenDecrypted { // size is 0x58
uint64_t program_authority_id;
SceSelfCapability capability;
SceSelfAttribute attribute; // the important utoken flags are at &attribute+8
char unk_0x48[0x10]; // ?maybe idps?
} SceUtokenDecrypted;
Not exported
module_start
Calls 2 subroutines:
- init_qaftoken
- init_utoken
init utoken
Reads tm0:utoken.dat.
Calls utoken_sm.self service 2 to decrypt SceUtoken buffer. The output is a 0x58 bytes buffer.
SceSblPostSsMgrForDriver
sceSblSpsfoMgrOpenForDriver
Version |
NID
|
3.60 |
0xBDF18922
|
int sceSblSpsfoMgrOpenForDriver(const char *path, spsfo_ctx *result);
sceSblSpsfoMgrVerifyForDriver
Version |
NID
|
3.60 |
0x686B9461
|
Derived from _vshSblAuthMgrVerifySpsfo.
int sceSblSpsfoMgrVerifyForDriver(spsfo_ctx *ctx, int *res, int *size);
sceSblSpsfoMgrCloseForDriver
Version |
NID
|
3.60 |
0xAD3B0078
|
int sceSblSpsfoMgrCloseForDriver(spsfo_ctx *ctx);
sceSblLicMgrGetActivationKeyForDriver
Version |
NID
|
3.60 |
0xF7F1015B
|
typedef struct activation_key // size is 0x14
{
char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver
uint32_t vadd_hash; // result of vector add operation applied to open_psid
} activation_key;
int sceSblLicMgrGetActivationKeyForDriver(activation_key* key);
sceSblLicMgrActivateDevkitForDriver
Version |
NID
|
0.990-3.60 |
0x0298382B
|
int sceSblLicMgrActivateDevkitForDriver(char *afv_path);
sceSblLicMgrGetLicenseStatusForDriver
Version |
NID
|
3.60 |
0x15F37282
|
// values: -1 = not initialized, 0 = activated, 1 = expired, 2 = RTC backup battery failure
int sceSblLicMgrGetLicenseStatusForDriver(void);
sceSblLicMgrGetExpireDateForDriver
Version |
NID
|
1.03-3.60 |
0x4FF2682F
|
Get activation data expire date.
If sceSblAIMgrIsToolRev3ForDriver, 30/10/2011 8:00:00.
If sceSblAIMgrIsToolRev5ForDriver, 30/6/2012 8:00:00.
If sceSblAIMgrIsNonCEXForDriver and product_sub_code = 0xA, 0xB or 0xC, 31/3/2012 14:59:00.
// if read_from_nvs is false, it reads expire_date from SceSblPostSsMgr memory.
int sceSblLicMgrGetExpireDateForDriver(int *expire_date, int read_from_nvs);
sceSblPmMgrSetProductModeForDriver
Version |
NID
|
0.990-3.60 |
0xADF92824
|
Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA.
If productMode = 0 (normal mode), it calls pm_set(4, use_new_ernie_protocol).
If productMode = 1 (Manufacturing mode), it calls pm_set(4, use_new_ernie_protocol).
int sceSblPmMgrSetProductModeForDriver(SceUInt32 productMode);
sceSblPmMgrSetSdModeOffForDriver
Version |
NID
|
1.03-3.60 |
0xFE92A318
|
Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA.
int sceSblPmMgrSetSdModeOffForDriver(int product_mode);
sceSblPmMgrGetProductModeFromNVSForDriver
Version |
NID
|
0.990-3.60 |
0x4663C195
|
Executes pm_sm.self command 1.
int sceSblPmMgrGetProductModeFromNVSForDriver(SceUInt8 *pProductMode);
sceSblPmMgrAuthEtoIForDriver
Version |
NID
|
0.990-3.60 |
0x19B63D65
|
Returns jig_auth(12). Returns an integer on success.
jig_auth:
- On 0.990: executes pm_sm_sd.self commands 3 (gen_req_hello), 4 (gen_challenge), 5 (check_response), 6 (gen_req_result), 7 (check_result).
- On 1.03-3.60: executes pm_sm_sd.self commands 9, 0xA.
int sceSblPmMgrAuthEtoIForDriver(void);
sceSblPostSsMgrDecryptSealedkeyForDriver
Version |
NID
|
3.60 |
0x33275F95
|
data
is 0x50 bytes of data from sealedkey
this function:
verifies pfsSKKey header
decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver
verifies hmac256 value in HMAC Value
decrypts Encrypted key
into dst_secret
//data - size 0x50
//dst_secret - size 0x10
int sceSblPostSsMgrDecryptSealedkeyForDriver(char* data, char* dst_secret);
sceSblPostSsMgrEncryptSealedkeyForDriver
Version |
NID
|
3.60 |
0x08525D8D
|
data
is 0x50 bytes of data like in sealedkey
this function:
writes pfsSKKey header
decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver
randomly generates 0x10 bytes of IV with sceSblRngPseudoRandomNumberForDriver
randomly generates 0x10 bytes of secret with sceSblRngPseudoRandomNumberForDriver
encrypts the secret into Encrypted key
calculates hmac256 value into HMAC Value
// dest_data - size 0x50
int sceSblPostSsMgrEncryptSealedkeyForDriver (char* dest_data);
sceSblPostSsMgrVerifyKeystoneForDriver
Version |
NID
|
3.60 |
0xDDA6FA6D
|
This function verifies magic in the header and HMAC of the keystone file
int sceSblPostSsMgrVerifyKeystoneForDriver(char* data, int version);
sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver
Version |
NID
|
3.60 |
0xF86F1452
|
This function calls sceSblPostSsMgrVerifyKeystoneForDriver. Then also verifies HMAC of passcode.
int sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver(char* keystone_data, char* passcode);
sceSblPostSsMgrDebugEncryptKeystoneForDriver
Version |
NID
|
3.60 |
0x42474C8B
|
int sceSblPostSsMgrDebugEncryptKeystoneForDriver(char* src_secret, char* dest_data);
sceSblPostSsMgrDebugDecryptKeystoneForDriver
Version |
NID
|
3.60 |
0xCC5AA5A5
|
int sceSblPostSsMgrDebugDecryptKeystoneForDriver(char* keystone_data, char* dst_secret);
sceSblPostSsMgrGenerateAppKeyForDriver
Version |
NID
|
3.60 |
0x2646DE64
|
int sceSblPostSsMgrGenerateAppKeyForDriver(void *in, void *out);
sceSblUtMgrIsUtokenProgramForDriver
Version |
NID
|
1.03-3.60 |
0x128FB35A
|
pseudo-code:
bool sceSblUtMgrIsUtokenProgramForDriver(SceUID pid) {
SceUInt64 authid;
if (!is_utoken_flags_set_in_mem)
return 0;
if (sceSblACMgrGetProcessSelfAuthInfoForKernel(pid, &authid))
return 0;
return authid == utoken_flags_or_authid_in_mem;
}
int sceSblUtMgrIsUtokenProgramForDriver(SceUID pid);
sceSblUtMgrUpdateUtokenForDriver
Version |
NID
|
1.03-3.60 |
0xC2E58CE3
|
Executes utoken_sm command 1 to verify buffer, then writes the 0x800 bytes buffer to tm0:utoken/utoken.dat.
// size = 0x800
int sceSblUtMgrExecuteUtokenSmCommand1ForDriver(char* buf, SceSize size);
sceSblUtMgrResetUtokenFileForDriver
Version |
NID
|
3.60 |
0x1FF699DD
|
Writes 0x800 blank tm0:utoken/utoken.dat or removes it.
Exported to userland by sceSblUtMgrResetUtokenFile.
int sceSblUtMgrResetUtokenFileForDriver(void);
sceSblUtMgrHasComTestFlagForDriver
Version |
NID
|
1.03-3.60 |
0x7ACCAA50
|
Derived from vshSblUtMgrHasComTestFlag.
int sceSblUtMgrHasComTestFlagForDriver(void);
sceSblUtMgrHasStoreFlagForDriver
Version |
NID
|
1.03-3.60 |
0x9D2E2D39
|
Derived from vshSblUtMgrHasStoreFlag.
int sceSblUtMgrHasStoreFlagForDriver(void);
sceSblUtMgrHasNpTestFlagForDriver
Version |
NID
|
1.03-3.60 |
0x9FD835B0
|
Derived from vshSblUtMgrHasNpTestFlag.
int sceSblUtMgrHasNpTestFlagForDriver(void);
sceSblUtMgrHasUNK1FlagForDriver
Version |
NID
|
1.03-3.60 |
0x22599675
|
int sceSblUtMgrHasUNK1FlagForDriver(void);
sceSblUtMgrHasUNK2FlagForDriver
Version |
NID
|
1.03-3.60 |
0x9B49C249
|
int sceSblUtMgrHasUNK2FlagForDriver(void);
sceSblUtMgrHasUNK3FlagForDriver
Version |
NID
|
1.03-3.60 |
0x1923D80D
|
int sceSblUtMgrHasUNK3FlagForDriver(void);
sceSblUtMgrGetTrilithiumBufferForDriver
Version |
NID
|
3.60 |
0xABDD68CD
|
int sceSblUtMgrGetTrilithiumBufferForDriver(SceUtokenDecrypted *buffer);
sceSblRtcMgrSetCpRtcForDriver
Version |
NID
|
3.60 |
0x3F9BDEDF
|
Set RTC in DevKit CP.
int sceSblRtcMgrSetCpRtcForDriver(int rtc);
sceSblRtcMgrGetCpRtcPhysicalForDriver
Version |
NID
|
1.03-3.60 |
0x942010A0
|
int sceSblRtcMgrGetCpRtcPhysicalForDriver(int *rtc);
sceSblRtcMgrGetCpRtcLogicalForDriver
Version |
NID
|
1.03-3.60 |
0xDE5150FE
|
int sceSblRtcMgrGetCpRtcLogicalForDriver(int *rtc);
SceSblPostSsMgrForDriver_D8A2D465
Version |
NID
|
3.60 |
0xD8A2D465
|
SceSblPostSsMgrForDriver_2C463AF1
Version |
NID
|
3.60 |
0x2C463AF1
|
Used just before SceSblPostSsMgrForDriver_CB5436BD.
int SceSblPostSsMgrForDriver_2C463AF1(int maybe_keyset, SceSize size, void *buf);
SceSblPostSsMgrForDriver_CB5436BD
Version |
NID
|
3.60 |
0xCB5436BD
|
Transforms? coredump key.
int SceSblPostSsMgrForDriver_CB5436BD(int maybe_keyset, SceSize size, void *buf);
SceZlibForDriver
init
Version |
NID
|
0.940-3.60 |
0x723495A5
|
SceZlibForDriver_00561385: 0x00561385
SceZlibForDriver_05F712FE: 0x05F712FE
SceZlibForDriver_0BDDF66A: 0x0BDDF66A
SceZlibForDriver_0FA805A3: 0x0FA805A3
SceZlibForDriver_134E91EA: 0x134E91EA
SceZlibForDriver_1C344E27: 0x1C344E27
SceZlibForDriver_1E135CC1: 0x1E135CC1
SceZlibForDriver_20A122F8: 0x20A122F8
SceZlibForDriver_211D25F5: 0x211D25F5
SceZlibForDriver_21A03034: 0x21A03034
SceZlibForDriver_25F28DA7: 0x25F28DA7
SceZlibForDriver_3252D28C: 0x3252D28C
SceZlibForDriver_3370B9AD: 0x3370B9AD
SceZlibForDriver_35E0108C: 0x35E0108C
SceZlibForDriver_3B4466F4: 0x3B4466F4
SceZlibForDriver_3F33F55F: 0x3F33F55F
SceZlibForDriver_408311E8: 0x408311E8
SceZlibForDriver_44DA19D2: 0x44DA19D2
SceZlibForDriver_4C27A382: 0x4C27A382
SceZlibForDriver_4CB63BCD: 0x4CB63BCD
SceZlibForDriver_4EE6C080: 0x4EE6C080
SceZlibForDriver_517BC5F7: 0x517BC5F7
SceZlibForDriver_520CAA7F: 0x520CAA7F
SceZlibForDriver_5377643A: 0x5377643A
SceZlibForDriver_5492B3F2: 0x5492B3F2
SceZlibForDriver_5A0078D6: 0x5A0078D6
SceZlibForDriver_5B718E55: 0x5B718E55
SceZlibForDriver_67A085C4: 0x67A085C4
SceZlibForDriver_68CFEA45: 0x68CFEA45
SceZlibForDriver_6ED5B677: 0x6ED5B677
SceZlibForDriver_7048F14C: 0x7048F14C
SceZlibForDriver_7993ADAB: 0x7993ADAB
SceZlibForDriver_7B16DBD6: 0x7B16DBD6
SceZlibForDriver_7C40CC39: 0x7C40CC39
SceZlibForDriver_7E823337: 0x7E823337
SceZlibForDriver_81D0667B: 0x81D0667B
SceZlibForDriver_82167CD9: 0x82167CD9
SceZlibForDriver_834CC4A2: 0x834CC4A2
SceZlibForDriver_86FF6C8B: 0x86FF6C8B
SceZlibForDriver_89A13883: 0x89A13883
SceZlibForDriver_89B30588: 0x89B30588
SceZlibForDriver_9030BAE4: 0x9030BAE4
SceZlibForDriver_904AA7AE: 0x904AA7AE
SceZlibForDriver_93168F72: 0x93168F72
SceZlibForDriver_938F34FA: 0x938F34FA
SceZlibForDriver_98619620: 0x98619620
SceZlibForDriver_A1E7E8B3: 0xA1E7E8B3
SceZlibForDriver_A5D70E95: 0xA5D70E95
SceZlibForDriver_AC2F8437: 0xAC2F8437
SceZlibForDriver_AD23EEBB: 0xAD23EEBB
SceZlibForDriver_B03E109B: 0xB03E109B
SceZlibForDriver_BC022D38: 0xBC022D38
SceZlibForDriver_BE5CE88A: 0xBE5CE88A
SceZlibForDriver_D4A85178: 0xD4A85178
SceZlibForDriver_D9BDC778: 0xD9BDC778
SceZlibForDriver_E0CE06C0: 0xE0CE06C0
SceZlibForDriver_E2DF5A8B: 0xE2DF5A8B
SceZlibForDriver_E323828B: 0xE323828B
SceZlibForDriver_E4F34A68: 0xE4F34A68
SceZlibForDriver_E6EB524C: 0xE6EB524C
SceZlibForDriver_E859D60F: 0xE859D60F
SceZlibForDriver_E94663DD: 0xE94663DD
SceZlibForDriver_EEC6D267: 0xEEC6D267
SceZlibForDriver_F2D8FC1A: 0xF2D8FC1A
SceSblFwLoaderForDriver
See SceSblFwLoader#SceSblFwLoaderForDriver.
SceSblPmMgr
sceSblPmMgrSetProductModeOffForUser
Version |
NID
|
3.60 |
0x41FE8A37
|
Calls sceSblPmMgrSetProductModeForDriver(0).
int sceSblPmMgrSetProductModeOffForUser(void);
sceSblPmMgrGetProductModeForUser
Version |
NID
|
3.60 |
0x46EA9FDB
|
Returns 0 on success.
Gets kbl_param using sceKernelGetSysrootBufferForDriver.
result = ((int *)(kbl_param->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag
int sceSblPmMgrGetProductModeForUser(int* result);
sceSblPmMgrGetProductModeFromNVS
Version |
NID
|
3.60 |
0x49CE0DDF
|
Calls sceSblPmMgrGetProductModeFromNVSForDriver.
sceSblPmMgrAuthEtoI
Version |
NID
|
0.990-3.60 |
0xBD38B141
|
Calls sceSblPmMgrAuthEtoIForDriver().
Returns an integer on success.
int sceSblPmMgrAuthEtoI(void);
sceSblPmMgrGetCurrentMode
Version |
NID
|
3.60 |
0xDA4EDEBF
|
Returns 0 on success.
Gets kbl_param using sceKernelSysrootGetKblParamForKernel.
result = ((int *)(kbl_param->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag
int sceSblPmMgrGetCurrentMode(int* result);
SceSblRtcMgr
sceSblRtcMgrGetCpRtcPhysicalForUser
Version |
NID
|
3.60 |
0x1614302B
|
sceSblRtcMgrSetCpActivationKey
Version |
NID
|
3.60 |
0x298AE544
|
sceSblRtcMgrSetCpRtcPhysicalAndKey
Version |
NID
|
3.60 |
0x3C0EEC69
|
sceSblRtcMgrSetCpRtcLogical
Version |
NID
|
3.60 |
0x9DFB118B
|
sceSblRtcMgrSetCpRtcPhysicalForUser
Version |
NID
|
3.60 |
0xA990BC44
|
sceSblRtcMgrGetCpRtcLogical
Version |
NID
|
3.60 |
0xDD44D726
|
sceSblRtcMgrGetCpSerialId
Version |
NID
|
3.60 |
0xE162A827
|
Calls sceDeci4pCpupGetCpSerialIdForDriver.
SceSblLicMgr
Functions related to afv file.
sceSblLicMgrGetIssueNo
Version |
NID
|
3.60 |
0x0E0691A1
|
// if request_data_flag is 0 then some cached value is used
// if request_data_flag is 1 then data is requested from syscon
int sceSblLicMgrGetIssueNo(int *issue_number, int request_data_flag);
sceSblLicMgrGetLicenseStatus
Version |
NID
|
3.60 |
0x0EA6A30C
|
int sceSblLicMgrGetLicenseStatus();
sceSblLicMgrGetActivationKey
Version |
NID
|
3.60 |
0x2A437187
|
typedef struct activation_key // size is 0x14
{
char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver
uint32_t vadd_hash; // result of vector add operation applied to openPSID
} activation_key;
int sceSblLicMgrGetActivationKey(activation_key* key);
sceSblLicMgrActivateFromFs
Version |
NID
|
3.60 |
0x6E56EA0A
|
Activates from ux0:/data/activate/.
int sceSblLicMgrActivateFromFs(void);
sceSblLicMgrGetUsageTimeLimit
Version |
NID
|
3.60 |
0x774EBBA2
|
int sceSblLicMgrGetUsageTimeLimit(int *time_limit);
Uses sceSblSsMgrGetQAFlagsForKernel.
sceSblLicMgrClearActivationData
Version |
NID
|
3.60 |
0x9B749D1D
|
int sceSblLicMgrClearActivationData();
sceSblLicMgrGetExpireDate
Version |
NID
|
0.940-3.60 |
0xE9FA0FE5
|
// if request_data_flag is 0 then some cached value is used
// if request_data_flag is 1 then data is requested from syscon
int sceSblLicMgrGetExpireDate(int *expire_date, int request_data_flag);
sceSblLicMgrActivateDevkit
Version |
NID
|
3.60 |
0xEB21DD39
|
// afv_path is of size 0x100
int sceSblLicMgrActivateDevkit(char* afv_path);
SceSblUtMgr
sceSblUtMgrUpdateUtoken
Version |
NID
|
3.60 |
0xBDE74645
|
Calls sceSblUtMgrUpdateUtokenForDriver(buf, 0x800);.
// size = 0x800
int sceSblUtMgrUpdateUtoken(char* buf, SceSize size);
sceSblUtMgrReadUtoken
Version |
NID
|
3.60 |
0xD2836E0D
|
// size = 0x800
int sceSblUtMgrReadUtoken(char *buf, int SceSize size);
sceSblUtMgrResetUtokenFile
Version |
NID
|
3.60 |
0x1CD57182
|
Calls sceSblUtMgrResetUtokenFileForDriver.
int sceSblUtMgrResetUtokenFile(void);
sceSblUtMgrGetCurrentSecureTick
Version |
NID
|
3.60 |
0xCFCB1355
|
Calls sceRtcGetCurrentSecureTickForDriver then uses sceKernelMemcpyKernelToUserForDriver.
int sceSblUtMgrGetCurrentSecureTick(int* secure_tick);
sceSblUtMgrIsTrilithiumFlagEnabled
Version |
NID
|
3.60 |
0x04CA1311
|
// size = sizeof("UT_TRILITHIUM_FLAG") = 18
int sceSblUtMgrIsTrilithiumFlagEnabled(char* buf, SceSize size);
buf takes value "UT_TRILITHIUM_FLAG" if a flag is enabled.
SceSblSpsfoMgr
sceSblSpsfoMgrOpen
Version |
NID
|
1.03 |
0x64B45B53
|
int sceSblSpsfoMgrOpen(char *path, spsfo_ctx *result);
sceSblSpsfoMgrVerify
Version |
NID
|
1.03 |
0x517CAF25
|
int sceSblSpsfoMgrVerify(spsfo_ctx *ctx, int *res, int *size);
sceSblSpsfoMgrClose
Version |
NID
|
1.03 |
0x3533B542
|
int sceSblSpsfoMgrClose(spsfo_ctx *ctx);