Module
Known NIDs
| Version |
Name |
World |
Privilege |
NID
|
| 1.69 |
SceMsif |
Non-secure |
Kernel |
0xFA979E8E
|
| 3.60 |
SceMsif |
? |
Kernel |
0x3305A0FE
|
Libraries
Known NIDs
Types
typedef struct SceMsif_ctx //size is 0x440
{
void* SceMsif_memblock1_base; // 0x0
SceUID SceMsif_memblock1_id; // 0x4 - size 0x1000 - mapped to 0xE0900000
uint32_t unk_8; // = 0
SceUID SceMsif_evid; // 0xC
fast_mutex SceMsif_fast_mutex; //0x10 - size is 0x40
SceUID SceMsif_memblock2_id; // 0x50
uint32_t unk_54;
uint32_t unk_58; // = 0 - used for suspend resume intr
uint8_t unk_5C;
uint8_t unk_5D;
uint8_t unk_5E; // timewide byte
uint8_t unk_5F; // timewide byte
uint32_t unk_60;
uint32_t unk_64;
uint32_t unk_68;
uint32_t unk_6C;
void* paddr_70; // 0x70 - physical address of unk_180
void* paddr_74; // 0x74 - physical address of unk_1C0
void* SceMsif_memblock2_base; // 0x78 - size 0x18000
void* unk_7C; // = 0xB9E840 (840)
addr_pair paddr_list_80[4];
uint8_t unk_A0[0xE0];
uint8_t unk_180[0x40]; // buffer for accessing device (invalidate range). size confirmed.
uint8_t unk_1C0[0x50]; // buffer for accessing device (invalidate range). size confirmed.
void* paddr_210; // 0x210 - physical address of SceMsif_memblock2_base
uint8_t unk_214[0x214];
SceUID SceMsifSleepCtrl_evid; // 428
SceUID SceMsifSleepCtrl_thid; // 42C - thread id
uint32_t unk_430; // = 0
uint32_t unk_434; // = 0
uint32_t unk_438;
uint32_t unk_43C;
}SceMsif_ctx;
Data segment layout
| Address |
Size |
Description
|
| 0x0000 |
0x4 |
SceMsif_subctx*
|
| 0x0004 |
0x4 |
pointer to data at offset 0x18
|
| 0x0008 |
0x4 |
unknown
|
| 0x000C |
0x4 |
unknown
|
| 0x0010 |
0x4 |
pointer to table of 11 function pointers
|
| 0x0014 |
0x146C |
unknown
|
| 0x1480 |
0x440 |
SceMsif_ctx
|
| 0x18C0 |
0x4 |
SceMsif suspend callback id
|
| 0x18C4 |
0x4 |
unknown
|
| 0x18C8 |
0x8 |
UInt64 wide time
|
| 0x18D0 |
0x8 |
UInt64 probably time in ms
|
| 0x18D8 |
0xE0 |
decrypted data - array of 8 elements of size 0x1C (0x1C is probably size of sha224)
|
| 0x19B8 |
0x4 |
flag that shows that static sha224 table is decrypted
|
| 0x19BC |
0x4 |
F00D comm id (obtained with sceSblSmCommStartSm)
|
SceMsifForDriver
module_start
| Version |
NID
|
| 3.60 |
0x935cd196
|
int module_start();
read_sector
| Version |
NID
|
| 3.60 |
0x58654AA3
|
int ms_read_sector(int sector, char* buffer, int nSectors);
write_sector
| Version |
NID
|
| 3.60 |
0x329035EF
|
int ms_write_sector(int sector, char* buffer, int nSectors);
enable_slow_mode
| Version |
NID
|
| 3.60 |
0x4B751CE6
|
int ms_enable_slow_mode();
disable_slow_mode
| Version |
NID
|
| 3.60 |
0x75848756
|
int ms_disable_slow_mode();
get_slow_mode_state
| Version |
NID
|
| 3.60 |
0x491E25B5
|
int ms_get_slow_mode_state();
init1
| Version |
NID
|
| 3.60 |
0x4EA579EF
|
part of functionality is same as get_sha224_digest_source
int ms_init1();
init2
| Version |
NID
|
| 3.60 |
0xD0307849
|
int ms_init2(void* unk0_40);
init_mbr
| Version |
NID
|
| 3.60 |
0xF997286B
|
int init_mbr();
ms_substract_pair
| Version |
NID
|
| 3.60 |
0x855E1E38
|
//returns wide time difference from last SceMsifSmshc interrupt
SceInt64 get_time_from_SceMsifSmshc();
ms_unk
| Version |
NID
|
| 3.60 |
0x0f86BEEA
|
int ms_unk(int unk0, int unk1);
ms_unk
| Version |
NID
|
| 3.60 |
0x6EDE7DBA
|
int ms_unk(int unk0);
get_sha224_digest_source
| Version |
NID
|
| 3.60 |
0x718BDFDE
|
gets data that is used to calculate sha224 digest
this digest is used to verify static table of sha224 digests
that is decrypted internally using keys that are derived from dec_aes_key_msif
//sha224_ds is of size 0x10
int get_sha224_digest_source(char* sha224_ds);