Module
Known NIDs
Version |
Name |
World |
Privilege |
NID
|
1.69 |
SceSblGcAuthMgr |
Non-secure |
Kernel |
0x4B777EBC
|
3.60 |
SceSblGcAuthMgr |
? |
Kernel |
0xDB1A9016
|
Libraries
Known NIDs
Data segment layout
Address |
Size |
Description
|
0x0000 |
0x4BC4 |
-
|
0x4BC4 |
0x30 |
temp buffer for storing parts of cmd56 packets
|
0x4BF4 |
0x200 |
cmd56 request buffer
|
0x4DF4 |
0xF10 |
|
SceSblGcAuthMgrDrmBBForDriver
verify_checksum
Version |
NID
|
3.60 |
0x22FD5D23
|
This function verifies that last responce from the card (cmd56) is valid
For example it is called from sceAppMgrGameDataMount
int verify_checksum(char* in_data);
Here is reversed code:
char resp_buffer[0x14]; //static buffer with response data
int verify_checksum(char* in_data)
{
char* ib = in_data;
char* rb = resp_buffer;
char* rbe = rb + 0x14;
int crc = 0;
while(rb != rbe)
{
crc = crc | ((*ib) ^ (*rb));
rb++;
ib++;
}
if(crc == 0)
return 0;
else
return 0x808A040A;
}
This is a timing safe memcmp. Xyz (talk) 10:02, 1 May 2017 (UTC)
clear_sensitive_data
Version |
NID
|
3.60 |
0x812B2B5C
|
Clears some sensitive data.
Called after verify_checksum
int clear_sensitive_data(int* value);
clear_sensitive_data
Version |
NID
|
3.60 |
0xBB451E83
|
Clears sensitive data that is left after cmd56 custom initialization.
This includes data generated by Kirk services 0x1C, 0x1F, 0x20 and packet6.
Called after initialize_sd_device
int clear_sensitive_data();
SceSblGcAuthMgrPcactForDriver
SceSblGcAuthMgrMlnpsnlForDriver
SceSblGcAuthMgrAdhocBBForDriver
SceSblGcAuthMgrPkgForDriver
SceSblGcAuthMgrSclkForDriver
SceSblGcAuthMgrGcAuthForDriver
initialize_sd_device
Version |
NID
|
3.60 |
0x68781760
|
This is a wrapper function that starts initialization subroutine through run_execlusive
int initialize_sd_device(int sd_ctx_index);
SceSblGcAuthMgr
_sceSblGcAuthMgrPcactActivation
Version |
NID
|
1.69 |
0x32E7CEA
|
_sceSblGcAuthMgrGetMediaIdType01
Version |
NID
|
1.69 |
0xAC64154
|
_sceSblGcAuthMgrAdhocBB224Auth1
Version |
NID
|
1.69 |
0x307FD67C
|
_sceSblGcAuthMgrPkgVry
Version |
NID
|
1.69 |
0x3E168BC4
|
_sceSblGcAuthMgrAdhocBB224Auth5
Version |
NID
|
1.69 |
0x459F5503
|
_sceSblGcAuthMgrAdhocBB224Init
Version |
NID
|
1.69 |
0x5AB126A7
|
_sceSblGcAuthMgrAdhocBB224Auth4
Version |
NID
|
1.69 |
0x5CCC216C
|
_sceSblGcAuthMgrAdhocBB224Auth2
Version |
NID
|
1.69 |
0x788C0517
|
_sceSblGcAuthMgrSclkSetData2
Version |
NID
|
1.69 |
0x837D0FB6
|
_sceSblGcAuthMgrSclkGetData1
Version |
NID
|
1.69 |
0x8A3AF1E8
|
_sceSblGcAuthMgrAdhocBB224Shutdown
Version |
NID
|
1.69 |
0x8ECEACF9
|
_sceSblGcAuthMgrPcactGetChallenge
Version |
NID
|
1.69 |
0x98153286
|
_sceSblGcAuthMgrAdhocBB224GetKeys
Version |
NID
|
1.69 |
0xC236FB28
|
_sceSblGcAuthMgrAdhocBB224Auth3
Version |
NID
|
1.69 |
0xD3F95259
|
gcauth_sm "KIRK" calls to F00D
The use of os0:sm/gcauthmgr_sm.self is to support the next generation of KIRK. It uses a similar input structure to the original KIRK on the PSP.
PSP support
4,7,0xC,0xD,0xE, 0x10, 0x11, 0x12 are the classic PSP KIRK Services supported by gcauth_sm.
New PSVita Codes
0x14-0x19, 0x1b-0x23 are the new KIRK Services supported by gcauth_sm.
0x14 is the 224bit ecdsa keypair gen. The only input is an empty buffer size (3*0x1C) it returns 3 values. Private key, Public X point, Public Y point. Each value is 0x1C bytes long.
0x16 is random 224bit generator. It will return 0x1C bytes of random data into the buffer.
0x17 -0x19 are the 224bit ecdsa versions of psp's 160bit 0x10-0x12