SceSblGcAuthMgr

From Vita Development Wiki
Jump to navigation Jump to search

Module

Known NIDs

Version Name World Privilege NID
1.69 SceSblGcAuthMgr Non-secure Kernel 0x4B777EBC
3.60 SceSblGcAuthMgr ? Kernel 0xDB1A9016

Libraries

Known NIDs

Version Name World Visibility NID
1.69 SceSblGcAuthMgrDrmBBForDriver Non-secure Kernel 0x1926B182
3.60 SceSblGcAuthMgrDrmBBForDriver ? Kernel 0x1926B182
1.69 SceSblGcAuthMgrPcactForDriver Non-secure Kernel 0xB8600A5
1.69 SceSblGcAuthMgrMlnpsnlForDriver Non-secure Kernel 0x29ED0109
3.60 SceSblGcAuthMgrMlnpsnlForDriver ? Kernel 0x29ED0109
1.69 SceSblGcAuthMgrAdhocBBForDriver Non-secure Kernel 0x2EFA9203
1.69 SceSblGcAuthMgrPkgForDriver Non-secure Kernel 0x82FBA7D
3.60 SceSblGcAuthMgrPkgForDriver ? Kernel 0x082FBA7D
1.69 SceSblGcAuthMgrSclkForDriver Non-secure Kernel 0xF24F760D
3.60 SceSblGcAuthMgrSclkForDriver ? Kernel 0xF24F760D
1.69 SceSblGcAuthMgrGcAuthForDriver Non-secure Kernel 0xC6627F5E
3.60 SceSblGcAuthMgrGcAuthForDriver ? Kernel 0xC6627F5E
1.69 SceSblGcAuthMgr Non-secure User 0x7B13BCF7
3.60 SceSblGcAuthMgr ? ? 0x7B13BCF7
3.60 SceSblGcAuthMgrPsmactForDriver ? Kernel 0x1C53F37D
3.60 SceSblGcAuthMgrMsSaveBBForDriver ? Kernel 0x5032E8D4

SceSblGcAuthMgrDrmBBForDriver

verify_checksum

Version NID
3.60 0x22FD5D23

This function verifies that last responce from the card (cmd56) is valid

For example it is called from sceAppMgrGameDataMount

int verify_checksum(char* in_data);

Here is reversed code:


char resp_buffer[0x14]; //static buffer with response data

int verify_checksum(char* in_data)
{
   char* ib = input_buffer;
   char* rb = resp_buffer;
   char* rbe = rb + 0x14;
   
   int crc = 0;
   
   while(rb != rbe)
   {
       crc = crc | ((*ib) ^ (*rb));
       rb++;
       ib++;
   }
   
   if(crc == 0)
     return 0;
   else
     return 0x808A040A;
}

clear_sensitive_data

Version NID
3.60 0x812B2B5C

Clears some sensitive data.

Called after verify_checksum

int clear_sensitive_data(int* value);

clear_sensitive_data

Version NID
3.60 0xBB451E83

Clears sensitive data that is left after cmd56 custom initialization.

This includes data generated by Kirk services 0x1C, 0x1F, 0x20 and packet6.

Called after initialize_sd_device

int clear_sensitive_data();

SceSblGcAuthMgrPcactForDriver

SceSblGcAuthMgrMlnpsnlForDriver

SceSblGcAuthMgrAdhocBBForDriver

SceSblGcAuthMgrPkgForDriver

SceSblGcAuthMgrSclkForDriver

SceSblGcAuthMgrGcAuthForDriver

initialize_sd_device

Version NID
3.60 0x68781760

This is a wrapper function that starts initialization subroutine through run_execlusive

int initialize_sd_device(int sd_ctx_index);

SceSblGcAuthMgr

_sceSblGcAuthMgrPcactActivation

Version NID
1.69 0x32E7CEA

_sceSblGcAuthMgrGetMediaIdType01

Version NID
1.69 0xAC64154

_sceSblGcAuthMgrAdhocBB224Auth1

Version NID
1.69 0x307FD67C

_sceSblGcAuthMgrPkgVry

Version NID
1.69 0x3E168BC4

_sceSblGcAuthMgrAdhocBB224Auth5

Version NID
1.69 0x459F5503

_sceSblGcAuthMgrAdhocBB224Init

Version NID
1.69 0x5AB126A7

_sceSblGcAuthMgrAdhocBB224Auth4

Version NID
1.69 0x5CCC216C

_sceSblGcAuthMgrAdhocBB224Auth2

Version NID
1.69 0x788C0517

_sceSblGcAuthMgrSclkSetData2

Version NID
1.69 0x837D0FB6

_sceSblGcAuthMgrSclkGetData1

Version NID
1.69 0x8A3AF1E8

_sceSblGcAuthMgrAdhocBB224Shutdown

Version NID
1.69 0x8ECEACF9

_sceSblGcAuthMgrPcactGetChallenge

Version NID
1.69 0x98153286

_sceSblGcAuthMgrAdhocBB224GetKeys

Version NID
1.69 0xC236FB28

_sceSblGcAuthMgrAdhocBB224Auth3

Version NID
1.69 0xD3F95259

gcauth_sm "KIRK" calls to F00D

The use of os0:sm/gcauthmgr_sm.self is to support the next generation of KIRK. It uses a similar input structure to the original KIRK on the PSP.

PSP support

4,7,0xC,0xD,0xE, 0x10, 0x11, 0x12 are the classic PSP KIRK Services supported by gcauth_sm.

New PSVita Codes

0x14-0x19, 0x1b-0x23 are the new KIRK Services supported by gcauth_sm.

0x14 is the 224bit ecdsa keypair gen. The only input is an empty buffer size (3*0x1C) it returns 3 values. Private key, Public X point, Public Y point. Each value is 0x1C bytes long.

0x16 is random 224bit generator. It will return 0x1C bytes of random data into the buffer. 0x17 -0x19 are the 224bit ecdsa versions of psp's 160bit 0x10-0x12