SceSblPostSsMgr

From Vita Development Wiki
Jump to navigation Jump to search

Module

Version World Privilege
3.60 Non-secure Kernel

Libraries

Known NIDs

Version Name World Visibility NID
1.03-3.60 SceSblPostSsMgrForDriver Non-secure Kernel 0x2254E1B2
3.60 SceZlibForDriver Non-secure Kernel 0xE241534E
3.60 SceSblFwLoaderForDriver Non-secure Kernel 0x6FE424E4
1.03-3.60 SceSblPmMgr Non-secure User 0xA9CE5795
1.03-3.60 SceSblRtcMgr Non-secure User 0x44C5F209
1.03-3.60 SceSblLicMgr Non-secure User 0x62083C72
1.03-3.60 SceSblUtMgr Non-secure User 0x000DF81A
1.03 SceSblSpsfoMgr Non-secure User 0x7959298B

Types

typedef struct spsfo_ctx {
  SceUID mem_uid; // SceSblSpsfoMgr
  void* mem_block_base;
  uint32_t unk_8;
} spsfo_ctx;

typedef struct SceUtoken { // size is 0x800
  char unk_data[0x800];
} SceUtoken;

/* Reversed by PrincessOfSleeping. To be checked. */
typedef struct SceUtokenDecrypted { // size is 0x58
    uint64_t program_authority_id;
    SceSelfCapability capability;
    SceSelfAttribute attribute; // the important utoken flags are at &attribute+8
    char unk_0x48[0x10]; // ?maybe idps?
} SceUtokenDecrypted;

Not exported

module_start

Calls 2 subroutines:

  • init_qaftoken
  • init_utoken

init utoken

Reads tm0:utoken.dat.

Calls utoken_sm.self service 2 to decrypt SceUtoken buffer. The output is a 0x58 bytes buffer.

SceSblPostSsMgrForDriver

sceSblSpsfoMgrOpenForDriver

Version NID
3.60 0xBDF18922
int sceSblSpsfoMgrOpenForDriver(const char *path, spsfo_ctx *result);

sceSblSpsfoMgrVerifyForDriver

Version NID
3.60 0x686B9461

Derived from _vshSblAuthMgrVerifySpsfo.

int sceSblSpsfoMgrVerifyForDriver(spsfo_ctx *ctx, int *res, int *size);

sceSblSpsfoMgrCloseForDriver

Version NID
3.60 0xAD3B0078
int sceSblSpsfoMgrCloseForDriver(spsfo_ctx *ctx);

sceSblLicMgrGetActivationKeyForDriver

Version NID
3.60 0xF7F1015B
typedef struct activation_key // size is 0x14
{
   char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver
   uint32_t vadd_hash; // result of vector add operation applied to open_psid
} activation_key;

int sceSblLicMgrGetActivationKeyForDriver(activation_key* key);

sceSblLicMgrActivateDevkitForDriver

Version NID
0.990-3.60 0x0298382B
int sceSblLicMgrActivateDevkitForDriver(char *afv_path);

sceSblLicMgrGetLicenseStatusForDriver

Version NID
3.60 0x15F37282
// Return: -1 = not initialized, 0 = activated, 1 = expired, 2 = RTC backup battery failure
int sceSblLicMgrGetLicenseStatusForDriver(void);

sceSblLicMgrGetExpireDateForDriver

Version NID
1.03-3.60 0x4FF2682F

Get activation data expire date.

If sceSblAIMgrIsToolDVT1ForDriver, 30/10/2011 8:00:00.

If sceSblAIMgrIsToolRev4ForDriver or TEST, expire_date = 0xFFFFFFFF.

If sceSblAIMgrIsToolDVT2ForDriver, 30/6/2012 8:00:00.

If sceSblAIMgrIsDEXForDriver and product_sub_code = 0xA, 0xB or 0xC, 31/3/2012 14:59:00.

// If read_from_nvs is false, it reads expire_date from SceSblPostSsMgr memory, else it reads NVS and queries act_sm.
int sceSblLicMgrGetExpireDateForDriver(int *expire_date, SceBool read_from_nvs);

sceSblPmMgrSetProductModeForDriver

Version NID
0.990-3.60 0xADF92824

Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA.

  • If enable = 0, it calls pm_set(5). The console exits Manufacturing Mode.
  • If enable = 1, it calls pm_set(4). That console enters Manufacturing Mode.
int sceSblPmMgrSetProductModeForDriver(SceBool enable);

sceSblPmMgrSetSdModeOffForDriver

Version NID
1.03-3.60 0xFE92A318

Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA.

If productMode != 0 (normal mode), it calls pm_set(7, use_new_ernie_protocol).

int sceSblPmMgrSetSdModeOffForDriver(SceUInt32 productMode);

sceSblPmMgrGetProductModeFromNVSForDriver

Version NID
0.990-3.60 0x4663C195

Executes pm_sm.self command 1.

int sceSblPmMgrGetProductModeFromNVSForDriver(SceUInt8 *pProductMode);

sceSblPmMgrAuthEtoIForDriver

Version NID
0.990-3.60 0x19B63D65

Returns jig_auth(12). Returns an integer on success.

jig_auth:

  • On 0.990: executes pm_sm_sd.self commands 3 (gen_req_hello), 4 (gen_challenge), 5 (check_response), 6 (gen_req_result), 7 (check_result).
  • On 1.03-3.60: executes pm_sm_sd.self commands 9, 0xA.
int sceSblPmMgrAuthEtoIForDriver(void);

sceSblPostSsMgrDecryptSealedkeyForDriver

Version NID
3.60 0x33275F95

data is 0x50 bytes of data from sealedkey

this function:

verifies pfsSKKey header

decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver

verifies hmac256 value in HMAC Value

decrypts Encrypted key into dst_secret

//data - size 0x50
//dst_secret - size 0x10
int sceSblPostSsMgrDecryptSealedkeyForDriver(char* data, char* dst_secret);

sceSblPostSsMgrEncryptSealedkeyForDriver

Version NID
3.60 0x08525D8D

data is 0x50 bytes of data like in sealedkey

this function:

writes pfsSKKey header

decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver

randomly generates 0x10 bytes of IV with sceSblRngPseudoRandomNumberForDriver

randomly generates 0x10 bytes of secret with sceSblRngPseudoRandomNumberForDriver

encrypts the secret into Encrypted key

calculates hmac256 value into HMAC Value

// dest_data - size 0x50
int sceSblPostSsMgrEncryptSealedkeyForDriver (char* dest_data);

sceSblPostSsMgrVerifyKeystoneForDriver

Version NID
3.60 0xDDA6FA6D

This function verifies magic in the header and HMAC of the keystone file

int sceSblPostSsMgrVerifyKeystoneForDriver(char* data, int version);

sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver

Version NID
3.60 0xF86F1452

This function calls sceSblPostSsMgrVerifyKeystoneForDriver. Then also verifies HMAC of passcode.

int sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver(char* keystone_data, char* passcode);

sceSblPostSsMgrDebugEncryptKeystoneForDriver

Version NID
3.60 0x42474C8B
int sceSblPostSsMgrDebugEncryptKeystoneForDriver(char* src_secret, char* dest_data);

sceSblPostSsMgrDebugDecryptKeystoneForDriver

Version NID
3.60 0xCC5AA5A5
int sceSblPostSsMgrDebugDecryptKeystoneForDriver(char* keystone_data, char* dst_secret);

sceSblPostSsMgrGenerateAppKeyForDriver

Version NID
3.60 0x2646DE64
int sceSblPostSsMgrGenerateAppKeyForDriver(void *in, void *out);

sceSblUtMgrIsAllowComTestForDriver

Version NID
1.03-3.60 0x128FB35A

Temp name was sceSblUtMgrIsUtokenProgramForDriver.

pseudo-code:

SceBool sceSblUtMgrIsAllowComTestForDriver(SceUID pid) {
  SceBool ret;
  SceUInt32 stack_cookie;
  SceUInt32 ret2;
  SceUInt32 auth_id [2];
  
  if (g_has_com_test_flag == 0 || sceSblACMgrGetProcessProgramAuthIdForKernel(pid, &auth_id) != 0)
    ret = false;
  else
    ret = g_ut_auth_id_hi == auth_id[1] && g_ut_auth_id_low == auth_id[0];
  if (stack_cookie != 0)
    __stack_chk_fail();
  return ret;
}
SceBool sceSblUtMgrIsAllowComTestForDriver(SceUID pid);

sceSblUtMgrUpdateUtokenForDriver

Version NID
1.03-3.60 0xC2E58CE3

Executes utoken_sm command 1 to verify buffer, then writes the 0x800 bytes buffer to tm0:utoken/utoken.dat.

// size = 0x800
int sceSblUtMgrExecuteUtokenSmCommand1ForDriver(char* buf, SceSize size);

sceSblUtMgrResetUtokenFileForDriver

Version NID
3.60 0x1FF699DD

Writes 0x800 blank tm0:utoken/utoken.dat or removes it.

Exported to userland by sceSblUtMgrResetUtokenFile.

int sceSblUtMgrResetUtokenFileForDriver(void);

sceSblUtMgrHasComTestFlagForDriver

Version NID
1.03-3.60 0x7ACCAA50

Derived from vshSblUtMgrHasComTestFlag.

int sceSblUtMgrHasComTestFlagForDriver(void);

sceSblUtMgrHasStoreFlagForDriver

Version NID
1.03-3.60 0x9D2E2D39

Derived from vshSblUtMgrHasStoreFlag.

int sceSblUtMgrHasStoreFlagForDriver(void);

sceSblUtMgrHasNpTestFlagForDriver

Version NID
1.03-3.60 0x9FD835B0

Derived from vshSblUtMgrHasNpTestFlag.

int sceSblUtMgrHasNpTestFlagForDriver(void);

sceSblUtMgrHasUNK1FlagForDriver

Version NID
1.03-3.60 0x22599675
int sceSblUtMgrHasUNK1FlagForDriver(void);

sceSblUtMgrHasUNK2FlagForDriver

Version NID
1.03-3.60 0x9B49C249
int sceSblUtMgrHasUNK2FlagForDriver(void);

sceSblUtMgrHasUNK3FlagForDriver

Version NID
1.03-3.60 0x1923D80D
int sceSblUtMgrHasUNK3FlagForDriver(void);

sceSblUtMgrGetTrilithiumBufferForDriver

Version NID
3.60 0xABDD68CD
int sceSblUtMgrGetTrilithiumBufferForDriver(SceUtokenDecrypted *buffer);

sceSblRtcMgrSetCpRtcForDriver

Version NID
3.60 0x3F9BDEDF

Set RTC in DevKit CP.

int sceSblRtcMgrSetCpRtcForDriver(int rtc);

sceSblRtcMgrGetCpRtcPhysicalForDriver

Version NID
1.03-3.60 0x942010A0
int sceSblRtcMgrGetCpRtcPhysicalForDriver(int *rtc);

sceSblRtcMgrGetCpRtcLogicalForDriver

Version NID
1.03-3.60 0xDE5150FE
int sceSblRtcMgrGetCpRtcLogicalForDriver(int *rtc);

SceSblPostSsMgrForDriver_D8A2D465

Version NID
3.60 0xD8A2D465

Related to Activation file.

Returns true if a1 and a2 are identical to some values in memory.

SceBool SceSblPostSsMgrForDriver_D8A2D465(int a1, int a2);

SceSblPostSsMgrForDriver_2C463AF1

Version NID
3.60 0x2C463AF1

Used just before SceSblPostSsMgrForDriver_CB5436BD.

int SceSblPostSsMgrForDriver_2C463AF1(int maybe_keyset, SceSize size, void *buf);

SceSblPostSsMgrForDriver_CB5436BD

Version NID
3.60 0xCB5436BD

Transforms? coredump key.

int SceSblPostSsMgrForDriver_CB5436BD(int maybe_keyset, SceSize size, void *buf);

SceZlibForDriver

init

Version NID
0.940-3.60 0x723495A5
         SceZlibForDriver_00561385: 0x00561385
         SceZlibForDriver_05F712FE: 0x05F712FE
         SceZlibForDriver_0BDDF66A: 0x0BDDF66A
         SceZlibForDriver_0FA805A3: 0x0FA805A3
         SceZlibForDriver_134E91EA: 0x134E91EA
         SceZlibForDriver_1C344E27: 0x1C344E27
         SceZlibForDriver_1E135CC1: 0x1E135CC1
         SceZlibForDriver_20A122F8: 0x20A122F8
         SceZlibForDriver_211D25F5: 0x211D25F5
         SceZlibForDriver_21A03034: 0x21A03034
         SceZlibForDriver_25F28DA7: 0x25F28DA7
         SceZlibForDriver_3252D28C: 0x3252D28C
         SceZlibForDriver_3370B9AD: 0x3370B9AD
         SceZlibForDriver_35E0108C: 0x35E0108C
         SceZlibForDriver_3B4466F4: 0x3B4466F4
         SceZlibForDriver_3F33F55F: 0x3F33F55F
         SceZlibForDriver_408311E8: 0x408311E8
         SceZlibForDriver_44DA19D2: 0x44DA19D2
         SceZlibForDriver_4C27A382: 0x4C27A382
         SceZlibForDriver_4CB63BCD: 0x4CB63BCD
         SceZlibForDriver_4EE6C080: 0x4EE6C080
         SceZlibForDriver_517BC5F7: 0x517BC5F7
         SceZlibForDriver_520CAA7F: 0x520CAA7F
         SceZlibForDriver_5377643A: 0x5377643A
         SceZlibForDriver_5492B3F2: 0x5492B3F2
         SceZlibForDriver_5A0078D6: 0x5A0078D6
         SceZlibForDriver_5B718E55: 0x5B718E55
         SceZlibForDriver_67A085C4: 0x67A085C4
         SceZlibForDriver_68CFEA45: 0x68CFEA45
         SceZlibForDriver_6ED5B677: 0x6ED5B677
         SceZlibForDriver_7048F14C: 0x7048F14C
         SceZlibForDriver_7993ADAB: 0x7993ADAB
         SceZlibForDriver_7B16DBD6: 0x7B16DBD6
         SceZlibForDriver_7C40CC39: 0x7C40CC39
         SceZlibForDriver_7E823337: 0x7E823337
         SceZlibForDriver_81D0667B: 0x81D0667B
         SceZlibForDriver_82167CD9: 0x82167CD9
         SceZlibForDriver_834CC4A2: 0x834CC4A2
         SceZlibForDriver_86FF6C8B: 0x86FF6C8B
         SceZlibForDriver_89A13883: 0x89A13883
         SceZlibForDriver_89B30588: 0x89B30588
         SceZlibForDriver_9030BAE4: 0x9030BAE4
         SceZlibForDriver_904AA7AE: 0x904AA7AE
         SceZlibForDriver_93168F72: 0x93168F72
         SceZlibForDriver_938F34FA: 0x938F34FA
         SceZlibForDriver_98619620: 0x98619620
         SceZlibForDriver_A1E7E8B3: 0xA1E7E8B3
         SceZlibForDriver_A5D70E95: 0xA5D70E95
         SceZlibForDriver_AC2F8437: 0xAC2F8437
         SceZlibForDriver_AD23EEBB: 0xAD23EEBB
         SceZlibForDriver_B03E109B: 0xB03E109B
         SceZlibForDriver_BC022D38: 0xBC022D38
         SceZlibForDriver_BE5CE88A: 0xBE5CE88A
         SceZlibForDriver_D4A85178: 0xD4A85178
         SceZlibForDriver_D9BDC778: 0xD9BDC778
         SceZlibForDriver_E0CE06C0: 0xE0CE06C0
         SceZlibForDriver_E2DF5A8B: 0xE2DF5A8B
         SceZlibForDriver_E323828B: 0xE323828B
         SceZlibForDriver_E4F34A68: 0xE4F34A68
         SceZlibForDriver_E6EB524C: 0xE6EB524C
         SceZlibForDriver_E859D60F: 0xE859D60F
         SceZlibForDriver_E94663DD: 0xE94663DD
         SceZlibForDriver_EEC6D267: 0xEEC6D267
         SceZlibForDriver_F2D8FC1A: 0xF2D8FC1A

SceSblFwLoaderForDriver

See SceSblFwLoader#SceSblFwLoaderForDriver.

SceSblPmMgr

sceSblPmMgrSetProductModeOffForUser

Version NID
3.60 0x41FE8A37

Calls sceSblPmMgrSetProductModeForDriver(0).

int sceSblPmMgrSetProductModeOffForUser(void);

sceSblPmMgrGetProductModeForUser

Version NID
3.60 0x46EA9FDB

Returns 0 on success.

Gets kbl_param using sceKernelGetSysrootBufferForDriver.

result = ((int *)(kbl_param->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag

int sceSblPmMgrGetProductModeForUser(int* result);

sceSblPmMgrGetProductModeFromNVS

Version NID
3.60 0x49CE0DDF

Calls sceSblPmMgrGetProductModeFromNVSForDriver.

sceSblPmMgrAuthEtoI

Version NID
0.990-3.60 0xBD38B141

Calls sceSblPmMgrAuthEtoIForDriver().

Returns an integer on success.

int sceSblPmMgrAuthEtoI(void);

sceSblPmMgrGetCurrentMode

Version NID
3.60 0xDA4EDEBF

Returns 0 on success.

Gets kbl_param using sceKernelSysrootGetKblParamForKernel.

result = ((int *)(kbl_param->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag

int sceSblPmMgrGetCurrentMode(int* result);

SceSblRtcMgr

sceSblRtcMgrGetCpRtcPhysicalForUser

Version NID
3.60 0x1614302B

sceSblRtcMgrSetCpActivationKey

Version NID
3.60 0x298AE544

sceSblRtcMgrSetCpRtcPhysicalAndKey

Version NID
3.60 0x3C0EEC69

sceSblRtcMgrSetCpRtcLogical

Version NID
3.60 0x9DFB118B

sceSblRtcMgrSetCpRtcPhysicalForUser

Version NID
3.60 0xA990BC44

sceSblRtcMgrGetCpRtcLogical

Version NID
3.60 0xDD44D726

sceSblRtcMgrGetCpSerialId

Version NID
3.60 0xE162A827

Calls sceDeci4pCpupGetCpSerialIdForDriver.

SceSblLicMgr

Functions related to afv file.

sceSblLicMgrGetIssueNo

Version NID
3.60 0x0E0691A1
// if request_data_flag is 0 then some cached value is used
// if request_data_flag is 1 then data is requested from syscon
int sceSblLicMgrGetIssueNo(int *issue_number, int request_data_flag);

sceSblLicMgrGetLicenseStatus

Version NID
3.60 0x0EA6A30C
int sceSblLicMgrGetLicenseStatus();

sceSblLicMgrGetActivationKey

Version NID
3.60 0x2A437187
typedef struct activation_key // size is 0x14
{
   char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver
   uint32_t vadd_hash; // result of vector add operation applied to openPSID
} activation_key;

int sceSblLicMgrGetActivationKey(activation_key* key);

sceSblLicMgrActivateFromFs

Version NID
3.60 0x6E56EA0A

Activates from ux0:/data/activate/.

int sceSblLicMgrActivateFromFs(void);

sceSblLicMgrGetUsageTimeLimit

Version NID
3.60 0x774EBBA2
int sceSblLicMgrGetUsageTimeLimit(int *time_limit);

Uses sceSblSsMgrGetQAFlagsForKernel.

sceSblLicMgrClearActivationData

Version NID
3.60 0x9B749D1D
int sceSblLicMgrClearActivationData();

sceSblLicMgrGetExpireDate

Version NID
0.940-3.60 0xE9FA0FE5
// if request_data_flag is 0 then some cached value is used
// if request_data_flag is 1 then data is requested from syscon
int sceSblLicMgrGetExpireDate(int *expire_date, int request_data_flag);

sceSblLicMgrActivateDevkit

Version NID
3.60 0xEB21DD39
// afv_path is of size 0x100
int sceSblLicMgrActivateDevkit(char* afv_path);

SceSblUtMgr

sceSblUtMgrUpdateUtoken

Version NID
3.60 0xBDE74645

Calls sceSblUtMgrUpdateUtokenForDriver(buf, 0x800);.

// size = 0x800
int sceSblUtMgrUpdateUtoken(char* buf, SceSize size);

sceSblUtMgrReadUtoken

Version NID
3.60 0xD2836E0D
// size = 0x800
int sceSblUtMgrReadUtoken(char *buf, int SceSize size);

sceSblUtMgrResetUtokenFile

Version NID
3.60 0x1CD57182

Calls sceSblUtMgrResetUtokenFileForDriver.

int sceSblUtMgrResetUtokenFile(void);

sceSblUtMgrGetCurrentSecureTick

Version NID
3.60 0xCFCB1355

Calls sceRtcGetCurrentSecureTickForDriver then uses sceKernelMemcpyKernelToUserForDriver.

int sceSblUtMgrGetCurrentSecureTick(int* secure_tick);

sceSblUtMgrGetUtName

Version NID
3.60 0x04CA1311
// name: buffer that will embed Utoken name if User Token for this app is valid
// size: max size is 0x18
int sceSblUtMgrGetUtName(char *name, SceSize size);

SceSblSpsfoMgr

sceSblSpsfoMgrOpen

Version NID
1.03 0x64B45B53
int sceSblSpsfoMgrOpen(char *path, spsfo_ctx *result);

sceSblSpsfoMgrVerify

Version NID
1.03 0x517CAF25
int sceSblSpsfoMgrVerify(spsfo_ctx *ctx, int *res, int *size);

sceSblSpsfoMgrClose

Version NID
1.03 0x3533B542
int sceSblSpsfoMgrClose(spsfo_ctx *ctx);