Module
Version |
World |
Privilege
|
3.60 |
Non-secure |
Kernel
|
Libraries
Known NIDs
Types
typedef struct spsfo_ctx {
SceUID mem_uid; // SceSblSpsfoMgr
void* mem_block_base;
uint32_t unk_8;
} spsfo_ctx;
typedef struct SceUtoken { // size is 0x800
char unk_data[0x800];
} SceUtoken;
typedef struct SceUtokenDecrypted { // size is 0x58
SceUInt64 program_authority_id;
SceSelfCapability capability;
SceSelfAttribute attribute; // the important utoken flags are at &attribute+8
SceUInt8 shared_secret_0[0x10];
} SceUtokenDecrypted;
Not exported
module_start
Calls 2 subroutines:
- init_qaftoken
- init_utoken
init utoken
Reads tm0:utoken.dat.
Calls utoken_sm.self service 2 to decrypt SceUtoken buffer. The output is a 0x58 bytes buffer.
SceSblPostSsMgrForDriver
sceSblSpsfoMgrOpenForDriver
Version |
NID
|
3.60 |
0xBDF18922
|
int sceSblSpsfoMgrOpenForDriver(const char *path, spsfo_ctx *result);
sceSblSpsfoMgrVerifyForDriver
Version |
NID
|
3.60 |
0x686B9461
|
Derived from _vshSblAuthMgrVerifySpsfo.
int sceSblSpsfoMgrVerifyForDriver(spsfo_ctx *ctx, int *res, int *size);
sceSblSpsfoMgrCloseForDriver
Version |
NID
|
3.60 |
0xAD3B0078
|
int sceSblSpsfoMgrCloseForDriver(spsfo_ctx *ctx);
sceSblLicMgrGetActivationKeyForDriver
Version |
NID
|
3.60 |
0xF7F1015B
|
typedef struct activation_key // size is 0x14
{
char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver
uint32_t vadd_hash; // result of vector add operation applied to open_psid
} activation_key;
int sceSblLicMgrGetActivationKeyForDriver(activation_key* key);
sceSblLicMgrActivateDevkitForDriver
Version |
NID
|
0.990-3.60 |
0x0298382B
|
int sceSblLicMgrActivateDevkitForDriver(char *afv_path);
sceSblLicMgrGetLicenseStatusForDriver
Version |
NID
|
3.60 |
0x15F37282
|
// Return value: -1 = not initialized, 0 = activated, 1 = expired, 2 = RTC backup battery failure
int sceSblLicMgrGetLicenseStatusForDriver(void);
sceSblLicMgrGetExpireDateForDriver
Version |
NID
|
1.03-3.60 |
0x4FF2682F
|
Get activation data expire date.
If sceSblAIMgrIsToolDVT1ForDriver, 30/10/2011 8:00:00.
If sceSblAIMgrIsToolRev4ForDriver or TEST, expire_date = 0xFFFFFFFF.
If sceSblAIMgrIsToolDVT2ForDriver, 30/6/2012 8:00:00.
If sceSblAIMgrIsDEXForDriver and product_sub_code = 0xA, 0xB or 0xC, 31/3/2012 14:59:00.
// If read_from_nvs is false, it reads expire_date from SceSblPostSsMgr memory, else it reads NVS and queries act_sm.
int sceSblLicMgrGetExpireDateForDriver(int *expire_date, SceBool read_from_nvs);
sceSblPmMgrSetProductModeForDriver
Version |
NID
|
0.990-3.60 |
0xADF92824
|
Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA.
- If enable = 0, it calls pm_set(5). The console exits Manufacturing Mode.
- If enable = 1, it calls pm_set(4). That console enters Manufacturing Mode.
int sceSblPmMgrSetProductModeForDriver(SceBool enable);
sceSblPmMgrSetSdModeOffForDriver
Version |
NID
|
1.03-3.60 |
0xFE92A318
|
Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA.
If productMode != 0 (normal mode), it calls pm_set(7, use_new_ernie_protocol).
int sceSblPmMgrSetSdModeOffForDriver(SceUInt32 productMode);
sceSblPmMgrGetProductModeFromNVSForDriver
Version |
NID
|
0.990-3.60 |
0x4663C195
|
Executes pm_sm.self command 1.
int sceSblPmMgrGetProductModeFromNVSForDriver(SceUInt8 *pProductMode);
sceSblPmMgrAuthEtoIForDriver
Version |
NID
|
0.990-3.60 |
0x19B63D65
|
Returns jig_auth(12). Returns an integer on success.
jig_auth:
- On 0.990: executes pm_sm_sd.self commands 3 (gen_req_hello), 4 (gen_challenge), 5 (check_response), 6 (gen_req_result), 7 (check_result).
- On 1.03-3.60: executes pm_sm_sd.self commands 9, 0xA.
int sceSblPmMgrAuthEtoIForDriver(void);
sceSblPostSsMgrDecryptSealedkeyForDriver
Version |
NID
|
3.60 |
0x33275F95
|
data
is 0x50 bytes of data from sealedkey
this function:
verifies pfsSKKey header
decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver
verifies hmac256 value in HMAC Value
decrypts Encrypted key
into dst_secret
//data - size 0x50
//dst_secret - size 0x10
int sceSblPostSsMgrDecryptSealedkeyForDriver(char* data, char* dst_secret);
sceSblPostSsMgrEncryptSealedkeyForDriver
Version |
NID
|
3.60 |
0x08525D8D
|
data
is 0x50 bytes of data like in sealedkey
this function:
writes pfsSKKey header
decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver
randomly generates 0x10 bytes of IV with sceSblRngPseudoRandomNumberForDriver
randomly generates 0x10 bytes of secret with sceSblRngPseudoRandomNumberForDriver
encrypts the secret into Encrypted key
calculates hmac256 value into HMAC Value
// dest_data - size 0x50
int sceSblPostSsMgrEncryptSealedkeyForDriver (char* dest_data);
sceSblPostSsMgrVerifyKeystoneForDriver
Version |
NID
|
3.60 |
0xDDA6FA6D
|
This function verifies magic in the header and HMAC of the keystone file
int sceSblPostSsMgrVerifyKeystoneForDriver(char* data, int version);
sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver
Version |
NID
|
3.60 |
0xF86F1452
|
This function calls sceSblPostSsMgrVerifyKeystoneForDriver. Then also verifies HMAC of passcode.
int sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver(char* keystone_data, char* passcode);
sceSblPostSsMgrDebugEncryptKeystoneForDriver
Version |
NID
|
3.60 |
0x42474C8B
|
int sceSblPostSsMgrDebugEncryptKeystoneForDriver(char* src_secret, char* dest_data);
sceSblPostSsMgrDebugDecryptKeystoneForDriver
Version |
NID
|
3.60 |
0xCC5AA5A5
|
int sceSblPostSsMgrDebugDecryptKeystoneForDriver(char* keystone_data, char* dst_secret);
sceSblPostSsMgrGenerateAppKeyForDriver
Version |
NID
|
3.60 |
0x2646DE64
|
int sceSblPostSsMgrGenerateAppKeyForDriver(void *in, void *out);
sceSblUtMgrIsAllowComTestForDriver
Version |
NID
|
1.03-3.60 |
0x128FB35A
|
Temp name was sceSblUtMgrIsUtokenProgramForDriver.
pseudo-code:
SceBool sceSblUtMgrIsAllowComTestForDriver(SceUID pid) {
SceBool ret;
SceUInt32 stack_cookie;
SceUInt32 ret2;
SceUInt32 paid[2];
if (g_has_com_test_flag == 0 || sceSblACMgrGetPaidForKernel(pid, &paid) != 0)
ret = false;
else
ret = g_ut_paid_hi == paid[1] && g_ut_paid_low == paid[0];
if (stack_cookie != 0)
__stack_chk_fail();
return ret;
}
SceBool sceSblUtMgrIsAllowComTestForDriver(SceUID pid);
sceSblUtMgrUpdateUtokenForDriver
Version |
NID
|
1.03-3.60 |
0xC2E58CE3
|
Executes utoken_sm command 1 to verify buffer, then writes the 0x800 bytes buffer to tm0:utoken/utoken.dat.
// size = 0x800
int sceSblUtMgrExecuteUtokenSmCommand1ForDriver(char* buf, SceSize size);
sceSblUtMgrResetUtokenFileForDriver
Version |
NID
|
3.60 |
0x1FF699DD
|
Writes blank 0x800 bytes to tm0:utoken/utoken.dat or removes it.
Exported to usermode by sceSblUtMgrResetUtokenFile.
int sceSblUtMgrResetUtokenFileForDriver(void);
sceSblUtMgrHasComTestFlagForDriver
Version |
NID
|
1.03-3.60 |
0x7ACCAA50
|
Derived from vshSblUtMgrHasComTestFlag.
int sceSblUtMgrHasComTestFlagForDriver(void);
sceSblUtMgrHasStoreFlagForDriver
Version |
NID
|
1.03-3.60 |
0x9D2E2D39
|
Derived from vshSblUtMgrHasStoreFlag.
int sceSblUtMgrHasStoreFlagForDriver(void);
sceSblUtMgrHasNpTestFlagForDriver
Version |
NID
|
1.03-3.60 |
0x9FD835B0
|
Derived from vshSblUtMgrHasNpTestFlag.
int sceSblUtMgrHasNpTestFlagForDriver(void);
sceSblUtMgrHasUNK1FlagForDriver
Version |
NID
|
1.03-3.60 |
0x22599675
|
int sceSblUtMgrHasUNK1FlagForDriver(void);
sceSblUtMgrHasUNK2FlagForDriver
Version |
NID
|
1.03-3.60 |
0x9B49C249
|
int sceSblUtMgrHasUNK2FlagForDriver(void);
sceSblUtMgrHasUNK3FlagForDriver
Version |
NID
|
1.03-3.60 |
0x1923D80D
|
int sceSblUtMgrHasUNK3FlagForDriver(void);
sceSblUtMgrHasUNK4FlagForDriver
Version |
NID
|
3.60 |
0xC93C0A0D
|
int sceSblUtMgrHasUNK4FlagForDriver(void);
sceSblUtMgrGetTrilithiumBufferForDriver
Version |
NID
|
3.60 |
0xABDD68CD
|
int sceSblUtMgrGetTrilithiumBufferForDriver(SceUtokenDecrypted *buffer);
sceSblRtcMgrSetCpRtcForDriver
Version |
NID
|
3.60 |
0x3F9BDEDF
|
Set RTC in DevKit CP.
int sceSblRtcMgrSetCpRtcForDriver(int rtc);
sceSblRtcMgrGetCpRtcPhysicalForDriver
Version |
NID
|
1.03-3.60 |
0x942010A0
|
int sceSblRtcMgrGetCpRtcPhysicalForDriver(int *rtc);
sceSblRtcMgrGetCpRtcLogicalForDriver
Version |
NID
|
1.03-3.60 |
0xDE5150FE
|
int sceSblRtcMgrGetCpRtcLogicalForDriver(int *rtc);
SceSblPostSsMgrForDriver_D8A2D465
Version |
NID
|
3.60 |
0xD8A2D465
|
Related to Activation file.
Returns true if a1 and a2 are identical to some values in memory.
SceBool SceSblPostSsMgrForDriver_D8A2D465(int a1, int a2);
SceSblPostSsMgrForDriver_2C463AF1
Version |
NID
|
3.60 |
0x2C463AF1
|
Used just before SceSblPostSsMgrForDriver_CB5436BD.
int SceSblPostSsMgrForDriver_2C463AF1(int maybe_keyset, SceSize size, void *buf);
SceSblPostSsMgrForDriver_CB5436BD
Version |
NID
|
3.60 |
0xCB5436BD
|
Transforms? coredump key.
int SceSblPostSsMgrForDriver_CB5436BD(int maybe_keyset, SceSize size, void *buf);
SceZlibForDriver
This library was moved from SceSysmem#SceZlibForDriver on FW 1.80.
SceSblFwLoaderForDriver
This library was moved to SceSblFwLoader#SceSblFwLoaderForDriver on FW 1.800.071.
SceSblPmMgr
sceSblPmMgrSetProductModeOffForUser
Version |
NID
|
3.60 |
0x41FE8A37
|
Calls sceSblPmMgrSetProductModeForDriver(0).
int sceSblPmMgrSetProductModeOffForUser(void);
sceSblPmMgrGetProductModeForUser
Version |
NID
|
3.60 |
0x46EA9FDB
|
Returns 0 on success.
Gets KBL Param using sceKernelSysrootGetKblParamForKernel.
result = ((int *)(pKblParam->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag
int sceSblPmMgrGetProductModeForUser(int* result);
sceSblPmMgrGetProductModeFromNVS
Version |
NID
|
3.60 |
0x49CE0DDF
|
Calls sceSblPmMgrGetProductModeFromNVSForDriver.
sceSblPmMgrAuthEtoI
Version |
NID
|
0.990-3.60 |
0xBD38B141
|
Calls sceSblPmMgrAuthEtoIForDriver().
Returns an integer on success.
int sceSblPmMgrAuthEtoI(void);
sceSblPmMgrGetCurrentMode
Version |
NID
|
3.60 |
0xDA4EDEBF
|
Returns 0 on success.
Gets KBL Param using sceKernelSysrootGetKblParamForKernel.
result = ((int *)(pKblParam->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag
int sceSblPmMgrGetCurrentMode(int* result);
SceSblRtcMgr
sceSblRtcMgrGetCpRtcPhysicalForUser
Version |
NID
|
3.60 |
0x1614302B
|
sceSblRtcMgrSetCpActivationKey
Version |
NID
|
3.60 |
0x298AE544
|
sceSblRtcMgrSetCpRtcPhysicalAndKey
Version |
NID
|
3.60 |
0x3C0EEC69
|
sceSblRtcMgrSetCpRtcLogical
Version |
NID
|
3.60 |
0x9DFB118B
|
sceSblRtcMgrSetCpRtcPhysicalForUser
Version |
NID
|
3.60 |
0xA990BC44
|
sceSblRtcMgrGetCpRtcLogical
Version |
NID
|
3.60 |
0xDD44D726
|
sceSblRtcMgrGetCpSerialId
Version |
NID
|
3.60 |
0xE162A827
|
Calls sceDeci4pCpupGetCpSerialIdForDriver.
SceSblLicMgr
Functions related to afv file.
sceSblLicMgrGetIssueNo
Version |
NID
|
3.60 |
0x0E0691A1
|
// if request_data_flag is 0 then some cached value is used
// if request_data_flag is 1 then data is requested from syscon
int sceSblLicMgrGetIssueNo(int *issue_number, int request_data_flag);
sceSblLicMgrGetLicenseStatus
Version |
NID
|
3.60 |
0x0EA6A30C
|
int sceSblLicMgrGetLicenseStatus();
sceSblLicMgrGetActivationKey
Version |
NID
|
3.60 |
0x2A437187
|
typedef struct activation_key // size is 0x14
{
char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver
uint32_t vadd_hash; // result of vector add operation applied to openPSID
} activation_key;
int sceSblLicMgrGetActivationKey(activation_key* key);
sceSblLicMgrActivateFromFs
Version |
NID
|
3.60 |
0x6E56EA0A
|
Activates from ux0:/data/activate/.
int sceSblLicMgrActivateFromFs(void);
sceSblLicMgrGetUsageTimeLimit
Version |
NID
|
3.60 |
0x774EBBA2
|
/*
* sceSblLicMgrGetUsageTimeLimit:
* 0x800f1326:
* DEX: "This testing kit is not activated."
* Tool: "This development kit is not activated."
* 0x800f1329:
* "The backup battery has failed."
* 0x80251002:
* "Cannot check expiration date. Please set date via Internet."
* 0:
* Time_is_0:
* DEX: "This Testing Kit is expired. See DevKit/TestKit Activation User\'s Guide."
* Tool: "This Development Kit is expired. See DevKit/TestKit Activation User\'s Guide."
* else:
* DEX: "This testing kit expires in %2d day +%02d:%02d:%02d"
* Tool: "This development kit expires in %2d day +%02d:%02d:%02d"
*
* + "This testing kit expires in %2d day\n+%02d:%02d:%02d."
* + "This development kit expires in %2d day\n+%02d:%02d:%02d."
*/
int sceSblLicMgrGetUsageTimeLimit(SceUInt32 *time_limit);
Uses sceSblSsMgrGetQAFlagsForKernel.
sceSblLicMgrClearActivationData
Version |
NID
|
3.60 |
0x9B749D1D
|
int sceSblLicMgrClearActivationData();
sceSblLicMgrGetExpireDate
Version |
NID
|
0.940-3.60 |
0xE9FA0FE5
|
// if request_data_flag is 0 then some cached value is used
// if request_data_flag is 1 then data is requested from syscon
int sceSblLicMgrGetExpireDate(int *expire_date, int request_data_flag);
sceSblLicMgrActivateDevkit
Version |
NID
|
3.60 |
0xEB21DD39
|
// afv_path is of size 0x100
int sceSblLicMgrActivateDevkit(char* afv_path);
SceSblUtMgr
sceSblUtMgrUpdateUtoken
Version |
NID
|
3.60 |
0xBDE74645
|
Calls sceSblUtMgrUpdateUtokenForDriver(buf, 0x800);.
// size = 0x800
int sceSblUtMgrUpdateUtoken(char* buf, SceSize size);
sceSblUtMgrReadUtoken
Version |
NID
|
3.60 |
0xD2836E0D
|
// size = 0x800
int sceSblUtMgrReadUtoken(char *buf, int SceSize size);
sceSblUtMgrResetUtokenFile
Version |
NID
|
3.60 |
0x1CD57182
|
Calls sceSblUtMgrResetUtokenFileForDriver.
int sceSblUtMgrResetUtokenFile(void);
sceSblUtMgrGetCurrentSecureTick
Version |
NID
|
3.60 |
0xCFCB1355
|
Calls sceRtcGetCurrentSecureTickForDriver then uses sceKernelMemcpyKernelToUserForDriver.
int sceSblUtMgrGetCurrentSecureTick(int* secure_tick);
sceSblUtMgrGetUtName
Version |
NID
|
3.60 |
0x04CA1311
|
// name: buffer that will embed Utoken name if User Token for this app is valid
// size: max size is 0x18
int sceSblUtMgrGetUtName(char *name, SceSize size);
SceSblSpsfoMgr
sceSblSpsfoMgrOpen
Version |
NID
|
1.03 |
0x64B45B53
|
int sceSblSpsfoMgrOpen(char *path, spsfo_ctx *result);
sceSblSpsfoMgrVerify
Version |
NID
|
1.03 |
0x517CAF25
|
int sceSblSpsfoMgrVerify(spsfo_ctx *ctx, int *res, int *size);
sceSblSpsfoMgrClose
Version |
NID
|
1.03 |
0x3533B542
|
int sceSblSpsfoMgrClose(spsfo_ctx *ctx);