SceMsif

From Vita Development Wiki
Jump to navigation Jump to search

Module

Known NIDs

Version Name World Privilege NID
1.69 SceMsif Non-secure Kernel 0xFA979E8E
3.60 SceMsif ? Kernel 0x3305A0FE

Libraries

Known NIDs

Version Name World Visibility NID
1.69 SceMsifForDriver Non-secure Kernel 0xB706084A
3.60 SceMsifForDriver ? Kernel 0xB706084A

Types


typedef struct SceMsif_ctx //size is 0x440
{
   void* SceMsif_memblock1_base; // 0x0
   SceUID SceMsif_memblock1_id; // 0x4 - size 0x1000 - mapped to 0xE0900000
   uint32_t unk_8; // = 0
   SceUID SceMsif_evid; // 0xC
   
   fast_mutex SceMsif_fast_mutex; //0x10 - size is 0x40
   
   SceUID SceMsif_memblock2_id; // 0x50
   uint32_t unk_54;
   uint32_t unk_58; // = 0 - used for suspend resume intr
   
   uint8_t unk_5C;
   uint8_t unk_5D;
   uint8_t unk_5E; // timewide byte
   uint8_t unk_5F; // timewide byte
   
   uint32_t unk_60;
   uint32_t unk_64;
   uint32_t unk_68;
   uint32_t unk_6C;
   
   void* paddr_70; // 0x70 - physical address of unk_180
   void* paddr_74; // 0x74 - physical address of unk_1C0
   void* SceMsif_memblock2_base; // 0x78 - size 0x18000
   void* unk_7C; // = 0xB9E840 (840)
   
   addr_pair paddr_list_80[4];

   uint8_t unk_A0[0xE0];
   
   uint8_t unk_180[0x40]; // buffer for accessing device (invalidate range). size confirmed.
   
   uint8_t unk_1C0[0x50]; // buffer for accessing device (invalidate range). size confirmed.
   
   void* paddr_210; // 0x210 - physical address of SceMsif_memblock2_base
   
   uint8_t unk_214[0x214];
   
   SceUID SceMsifSleepCtrl_evid; // 428
   SceUID SceMsifSleepCtrl_thid; // 42C - thread id
   
   uint32_t unk_430; // = 0
   uint32_t unk_434; // = 0
   uint32_t unk_438;
   uint32_t unk_43C;

}SceMsif_ctx;

Data segment layout

Address Size Description
0x0000 0x4 SceMsif_subctx*
0x0004 0x4 pointer to data at offset 0x18
0x0008 0x4 unknown
0x000C 0x4 unknown
0x0010 0x4 pointer to table of 11 function pointers
0x0014 0x146C unknown
0x1480 0x440 SceMsif_ctx
0x18C0 0x4 SceMsif suspend callback id
0x18C4 0x4 unknown
0x18C8 0x8 UInt64 wide time
0x18D0 0x8 UInt64 probably time in ms
0x18D8 0xE0 decrypted data - array of 8 elements of size 0x1C (0x1C is probably size of sha224)
0x19B8 0x4 flag that shows that static sha224 table is decrypted
0x19BC 0x4 F00D comm id (obtained with sceSblSmCommStartSm)

SceMsifForDriver

module_start

Version NID
3.60 0x935cd196
int module_start();

read_sector

Version NID
3.60 0x58654AA3
int ms_read_sector(int sector, char* buffer, int nSectors);

write_sector

Version NID
3.60 0x329035EF
int ms_write_sector(int sector, char* buffer, int nSectors);

enable_slow_mode

Version NID
3.60 0x4B751CE6
int ms_enable_slow_mode();

disable_slow_mode

Version NID
3.60 0x75848756
int ms_disable_slow_mode();

get_slow_mode_state

Version NID
3.60 0x491E25B5
int ms_get_slow_mode_state();

init1

Version NID
3.60 0x4EA579EF

part of functionality is same as get_sha224_digest_source

int ms_init1();

init2

Version NID
3.60 0xD0307849
int ms_init2(void* unk0_40);

init_mbr

Version NID
3.60 0xF997286B
int init_mbr();

ms_substract_pair

Version NID
3.60 0x855E1E38

//returns wide time difference from last SceMsifSmshc interrupt

SceInt64 get_time_from_SceMsifSmshc();

ms_unk

Version NID
3.60 0x0f86BEEA
int ms_unk(int unk0, int unk1);

ms_unk

Version NID
3.60 0x6EDE7DBA
int ms_unk(int unk0);

get_sha224_digest_source

Version NID
3.60 0x718BDFDE

gets data that is used to calculate sha224 digest

this digest is used to verify static table of sha224 digests

that is decrypted internally using keys that are derived from dec_aes_key_msif

//sha224_ds is of size 0x10
int get_sha224_digest_source(char* sha224_ds);