NSKBL
NSKBL is a program that performs emmc setup, base kernel module loading, etc. during PSVita boot.
Module
The non-secure kernel bootloader contains an embedded and likely stripped version of SceSysmem, SceKernelModulemgr, SceSblSmschedProxy, SceExcpmgr, SceKernelIntrMgr, SceSblAuthMgr, SceProcessmgr (maybe), SceSdif, SceIofilemgr (Simple version?), and some other core drivers.
How to debug NSKBL
NSKBL supports sd0: for debugging.
sysroot->boot_type_indicator_1:0x40000 is required.
types
/* Many ptrs are NSKBL heap relationships */
typedef struct SceNskblSysrootInfo {
SceUID unk_0x00; // ex:0x10089
int unk_0x04;
void *unk_0x08;
void *unk_0x0C;
void *unk_0x10;
void *unk_0x14;
void *unk_0x18;
void *unk_0x1C;
void *unk_0x20;
void *unk_0x24;
void *unk_0x28;
void *unk_0x2C;
SceUID unk_0x30; // ex:0x1000B
const void *unk_0x34; // mapped paddr in vaddr
const void *unk_0x38; // mapped paddr in vaddr
void *unk_0x3C;
int unk_0x40; // ex:0x80000000
int unk_0x44; // ex:0x20000000
void *unk_0x48;
void *unk_0x4C;
void *unk_0x50;
void *unk_0x54;
void *unk_0x58;
void *unk_0x5C;
void *unk_0x60;
void *unk_0x64;
void *unk_0x68;
void *unk_0x6C;
void *unk_0x70;
void *unk_0x74;
void *unk_0x78;
void *unk_0x7C;
void *unk_0x80;
void *unk_0x84;
void *unk_0x88;
void *unk_0x8C;
void *unk_0x90;
void *unk_0x94;
void *unk_0x98;
uint32_t magic; // 0x19442EA8
int unk_0xA0; // ex:0x1000
int unk_0xA4; // ex:0x1000
int unk_0xA8; // ex:0x40000
int unk_0xAC; // ex:0x200000
int unk_0xB0; // ex:7
int unk_0xB4;
int unk_0xB8; // ex:0x80
sysbase360_t *sysbase;
void *unk_0xC0;
void *unk_0xC4;
// more...?
} SceNskblSysrootInfo; // 3.60
SceNskblSysrootInfo *nskbl_sysroot_info = (SceNskblSysrootInfo *)(0x51000000 + 0x138980); // 3.60
Libraries
Known NIDs
| Version | Name | World | Visibility | NID |
|---|---|---|---|---|
| 3.60 | SceKblForKernel | Non-secure | Kernel | 0xD0FC2991 |
SceKblForKernel
sceKblPutcharForKernel
| Version | NID |
|---|---|
| 3.60 | 0x08E9FAEB |
In 3.60 this function is at 0x510172BD
int sceKblPutcharForKernel(void *args, char c);
sceKblPrintfForKernel
| Version | NID |
|---|---|
| 3.60 | 0x13A5ABEF |
In 3.60 this function is at 0x510137A9
int sceKblPrintfForKernel(const char *fmt, ...);
sceKblSysrootProcessmgrStart2
| Version | NID |
|---|---|
| 3.60 | 0x161D6FCC |
Similar to SceKblForKernel_0x1DB28F02
In 3.60 this function is at 0x510123DD
int sceKblSysrootProcessmgrStart2(void);
SceKblForKernel_0x1DB28F02
| Version | NID |
|---|---|
| 3.60 | 0x1DB28F02 |
Maybe call a thread related function, and if it fails, do a panic call.
In 3.60 this function is at 0x510123A1.
sceKblFreeFileSystemCtx
| Version | NID |
|---|---|
| 3.60 | 0x261F2747 |
In 3.60 this function is at 0x51001321.
int sceKblFreeFileSystemCtx(void);
SceKblForKernel_0x314AA770
| Version | NID |
|---|---|
| 3.60 | 0x314AA770 |
same to SceSysrootForKernel_AE55B7CC
In 3.60 this function is at 0x510124FD.
void SceKblForKernel_0x314AA770(void);
sceKblIsCEXForKernel
| Version | NID |
|---|---|
| 3.60 | 0x8A416887 |
In 3.60 this function is at 0x510171B5.
int sceKblIsCEXForKernel(void);
sceKblIsCEXJpFatForKernel
| Version | NID |
|---|---|
| 3.60 | 0xC3DDDE15 |
In 3.60 this function is at 0x51017175.
int sceKblIsCEXJpFatForKernel(void);
sceKblIsDEXForKernel
| Version | NID |
|---|---|
| 3.60 | 0x5945F065 |
In 3.60 this function is at 0x51017159.
int sceKblIsDEXForKernel(void);
sceKblIsToolForKernel
| Version | NID |
|---|---|
| 3.60 | 0xB6C9ACF1 |
In 3.60 this function is at 0x51017139.
int sceKblIsToolForKernel(void);
sceKblIsTestForKernel
| Version | NID |
|---|---|
| 3.60 | 0x943E7537 |
In 3.60 this function is at 0x5101711D.
int sceKblIsTestForKernel(void);
sceKblLoadModuleForKernel
| Version | NID |
|---|---|
| 3.60 | 0x6D7A1F18 |
In 3.60 this function is at 0x51001551.
typedef struct SceModuleLoadList {
const char *filename;
} __attribute__((packed)) SceModuleLoadList;
int sceKblLoadModuleForKernel(const SceModuleLoadList *list, SceUID *uid, int count, int some_flag);
sceKblStartModuleForKernel
| Version | NID |
|---|---|
| 3.60 | 0x9A92436E |
In 3.60 this function is at 0x51001571
int sceKblStartModuleForKernel(SceUID *uid_list, int count, SceSize args, void *argp);
sceKblPrintfLevelForKernel
| Version | NID |
|---|---|
| 3.60 | 0x752E7EEC |
similar to sceKernelPrintfLevelForDriver.
In 3.60 this function is at 0x51013841.
SceKblForKernel_0x79241ACF
| Version | NID |
|---|---|
| 3.60 | 0x79241ACF |
Related to initialization?
In 3.60 this function is at 0x51001345.
int SceKblForKernel_0x79241ACF(void);
SceKblForKernel_0x807B4437
| Version | NID |
|---|---|
| 3.60 | 0x807B4437 |
same to SceSysrootForKernel_8E4B61F1
In 3.60 this function is at 0x510124E5.
void SceKblForKernel_0x807B4437(int a1);
sceKblIsVITAForKernel
| Version | NID |
|---|---|
| 3.60 | 0x838466E9 |
In 3.60 this function is at 0x51017299.
int sceKblIsVITAForKernel(void);
sceKblIsDolceForKernel
| Version | NID |
|---|---|
| 3.60 | 0xA7BD4417 |
In 3.60 this function is at 0x510172A1.
int sceKblIsDolceForKernel(void);
sceKblIsGenuineDolceForKernel
| Version | NID |
|---|---|
| 3.60 | 0xB6D00D6D |
In 3.60 this function is at 0x510171E5.
int sceKblIsGenuineDolceForKernel(void);
sceDebugGetPutcharHandler
| Version | NID |
|---|---|
| 3.60 | 0x9B868276 |
In 3.60 this function is at 0x51013765.
void *sceDebugGetPutcharHandler(void);
SceKblForKernel_0x9F4F3F98 (set some state?)
| Version | NID |
|---|---|
| 3.60 | 0x9F4F3F98 |
set some state?
related to sceKblStartModuleForKernel
In 3.60 this function is at 0x51001561.
int SceKblForKernel_9F4F3F98(void);
sceKblGetCpuIdForKernel
| Version | NID |
|---|---|
| 3.60 | 0xB506A10E |
In 3.60 this function is at 0x510147C9.
int sceKblGetCpuIdForKernel(void);
sceKblGetMinimumLogLevel
| Version | NID |
|---|---|
| 3.60 | 0xC011935A |
In 3.60 this function is at 0x51013921.
int sceKblGetMinimumLogLevel(void);
SceKblForKernel_0xC7B77991
| Version | NID |
|---|---|
| 3.60 | 0xC7B77991 |
?same to sceKernelSysrootIofilemgrStartForKernel?
In 3.60 this function is at 0x5101297D.
sceKblCheckDipswForKernel
| Version | NID |
|---|---|
| 3.60 | 0xC8F4DE71 |
In 3.60 this function is at 0x51015851.
int sceKblCheckDipswForKernel(int bit);
sceKblIsAllowKernelDebugForKernel
| Version | NID |
|---|---|
| 3.60 | 0xCE94F329 |
same to sceQafMgrIsAllowKernelDebugForDriver
In 3.60 this function is at 0x51016FD1
int sceKblIsAllowKernelDebugForKernel(void);
sceKblGetHardwareFlagsForKernel
| Version | NID |
|---|---|
| 3.60 | 0xD3A516D5 |
get some device flags function
In 3.60 this function is at 0x510128AD
typedef struct SceSysrootHardwareFlags {
uint32_t data[4];
} __attribute__((packed)) SceSysrootHardwareFlags;
int sceKblGetHardwareFlagsForKernel(SceSysrootHardwareFlags *data);
sceKblCpuSwitchInterruptsForKernel
| Version | NID |
|---|---|
| 3.60 | 0xDDB3A1A8 |
In 3.60 this function is at 0x51003554.
void sceKblCpuSwitchInterruptsForKernel(void);
sceKblInitDeviceForKernel
| Version | NID |
|---|---|
| 3.60 | 0xF7AF8690 |
some device init function
In 3.60 this function is at 0x5100124D.
int sceKblInitDeviceForKernel(void);