SceSblSsSmComm is a kernel module that is primarily responsible for calling SM functions.
Module
Version |
World |
Privilege
|
0.931.010-3.740.011 |
Non-secure |
Kernel
|
Libraries
Known NIDs
Types
/* example of spawner_self_auth_info
char data[0x90] =
{
0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // KBL program-authority-id
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00, // KBL capability
0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00, // KBL attribute
0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, // KBL shared secret
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
}; */
typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931.010-3.740.011
SceUInt64 program_authority_id;
uint8_t padding[8];
uint8_t capability[0x20];
uint8_t attribute[0x20];
SceSharedSecret shared_secret; // current hypothesis of SceSharedSecret is full (0x40 bytes) shared_secret overwritten with klicensee at offset 0x10
} SceSelfAuthInfo;
typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931.010-3.740.011 (as its name indicates)
SceUInt32 unk_0;
SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
SceSelfAuthInfo spawned_self_auth_info; // set by secure_kernel in response SceSblSmCommContext130
SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
SceUInt32 unk_0x12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == 1, then set unk_0x12C to 1, else set to 10, ?mistook with media_type?
} SceSblSmCommContext130;
SceSblSmCommForKernel
sceSblSmCommCallFunc_ForKernel
Version |
NID
|
0.931.010 |
0x4960DF9E
|
1.692.000-3.740.011 |
not present
|
This function is just a 4-argument wrapper for #sceSblSmCommCallFuncForKernel.
typedef struct sceSblSmCommCallFunc_Param {
void *pData;
SceSize dataSize;
} sceSblSmCommCallFunc_Param;
int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);
sceSblSmCommStopCommForKernel
Version |
NID
|
0.931.010 |
0xC35FB95A
|
1.692.000-3.740.011 |
not present
|
int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);
sceSblSmCommStartSmForKernel
Version |
NID
|
0.931.010 |
0x7863A0CC
|
1.692.000-1.810.021 |
not present
|
3.600.011-3.740.011 |
0x7863A0CC
|
Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will suspend the low one.
The following conditions must be met in order for this function to be called successfully:
- In kernel thread.
- In kernel context.
Calling a function without satisfying the conditions freezes the system.
int sceSblSmCommStartSmForKernel(SceBool priority, const char *sm_self_path, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);
sceSblSmCommStartSm_ForKernel
Version |
NID
|
0.931.010-1.800.071 |
0x992BB9DB
|
3.600.011-3.740.011 |
not present
|
int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);
sceSblSmCommStartSmFromDataForKernel
Version |
NID
|
0.931.010-1.800.071 |
not present
|
3.600.011-3.740.011 |
0x039C73B1
|
int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const void *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);
sceSblSmCommCallFuncForKernel
Version |
NID
|
0.931.010-3.740.011 |
0xDB9FC204
|
int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);
sceSblSmCommStopSmForKernel
Version |
NID
|
0.931.010-3.740.011 |
0x0631F8ED
|
This function calls sceSblSmCommCallFuncForKernel with -1 (0xFFFFFFFF)
as func_id
and then calls sceSblSmSchedProxyWaitForKernel.
int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);
SceSblSsSmComm
This library is present up to and including System Software version 1.692.000, then removed since System Software version 1.800.071 for security reasons.
sceSblSmCommStartSm
Version |
NID
|
0.931.010 |
0x7863A0CC
|
1.692.000-3.740.011 |
not present
|
Alias for #sceSblSmCommStartSmForKernel.
sceSblSmCommCallFunc_
Version |
NID
|
0.931.010 |
0x4960DF9E
|
1.692.000-3.740.011 |
0x4960DF9E
|
Alias for #sceSblSmCommCallFunc_ForKernel.
sceSblSmCommStopComm
Version |
NID
|
0.931.010 |
0xC35FB95A
|
1.692.000-3.740.011 |
not present
|
Alias for #sceSblSmCommStopCommForKernel.
sceSblSmCommStartSm_
Version |
NID
|
0.931.010-1.692.000 |
0x992BB9DB
|
1.800.071-3.740.011 |
not present
|
Alias for #sceSblSmCommStartSm_ForKernel.
sceSblSmCommCallFunc
Version |
NID
|
0.931.010-1.692.000 |
0xDB9FC204
|
1.800.071-3.740.011 |
not present
|
Alias for #sceSblSmCommCallFuncForKernel.
sceSblSmCommStopSm
Version |
NID
|
0.931.010-1.692.000 |
0x0631F8ED
|
1.800.071-3.740.011 |
not present
|
Alias for #sceSblSmCommStopSmForKernel.