Changes

Jump to navigation Jump to search

F00D Commands

1,016 bytes added, 16 January
SCE_SBL_SM_COMM_FID_SM_AUTH_SPKG.
Decrypt a SPKG package. Allocate a page aligned buffer and read the complete SPKG file into the buffer. The buffer is decrypted in place.
{| class="wikitable"
SCE_SBL_SM_COMM_FID_SM_SNVS_ENC_SECTORS.
The input is plain SNVS sectorsread from NVS.
Calculates a XTS Encrypt using the per console keys in keyring slot 0x502, and 0x503 for the tweak and decryption keys. Appears to be intended for up to 0x3E0 bytes in size, but the size in F00D packet +4 derives the XTS size and memcpy.
The result is XTS encrypted SNVS sectors.
Data size is 8 bytes + sectors size.
<source lang="C">
typedef struct data { // size is variable, at least 0x28 bytes
int sectors_index; // input: between 1 and 20 (SNVS sectors)
int sectors_count; // input
char sectors[0x20 * sectors_count]; // input: read from NVS.
<source lang="C">
typedef struct data { // size is variable, at least 0x28 bytes
int sectors_index; // input: between 1 and 20 (SNVS sectors)
int sectors_count; // input
char sectors[0x20 * sectors_count]; // input: read from NVS.
SCE_SBL_SM_COMM_FID_SM_SNVS_ENC_MGMT.
The input are the new status and flags, and the current mgmt_data Mgmt Data sector read from NVS at offset 0.
Calculates a XTS Decrypt using the per console keys in keyring slot 0x502, and 0x503 for the tweak and decryption keys. It then calculates an HMAC using the keyring 0x504 to check the block passed in. If ok, then it uses the seed 0xACA9B1AC to recalculate the block, generate a new hmac, and xts encrypt the block.
The result is a new mgmt_dataMgmt Data sector, which is to be written to NVS at offset 0.
Data size is 0x28 bytes.
int status; // input
char flags[4]; // input
char mgmt_datasector[0x20]; // input: read from NVS at offset 0. Likely to be 0x10 bytes of data followed by 0x10 bytes of HMAC.
} data;
</source>
SCE_SBL_SM_COMM_FID_SM_SNVS_DEC_MGMT.
The input is the current mgmt_data Mgmt Data sector read from NVS at offset 0.
Calculates a XTS Decrypt using the per console keys in keyring slot 0x502, and 0x503 for the tweak and decryption keys. It then calculates an HMAC using the keyring 0x504 to check the block passed in.
int status; // output
char flags[4]; // output
char mgmt_datasector[0x20]; // input: read from NVS at offset 0. Likely to be 0x10 bytes of data followed by 0x10 bytes of HMAC.
} data;
</source>
Verify PUP Additional Signatures.
=== 0xB0002 sceSblUsSmSnvsEncryptDecryptSector ===
=== 0xC0002 GetSNVSFlagStatus special ===Added on FW 1.03. Usage similar to pm_sm command 8.
Used Data size is 0x88 bytes. <source lang="C">typedef struct data { // size is 0x88 uint mode; // 0 before read, 1 after read, 2 before write, 3 after write uint sector_index; // between 1 and 20 (SNVS sectors) char base_buf[0x20]; // input: full of 0xdeadbeef char inter_buf[0x30]; // output: used as input for nvs_read_special or nvs_write_special char final_buf[0x30]; // input: output of nvs_read_special or nvs_write_special} data;</source> Usage:* 1) sceSblSmCommCallFunc(id, 0xB0002, &f00d_resp, data, 0x88);For read:* 2) nvs_read_special(data + 0x28, 0x10, data + 0x58, 0x30)For write:* 2) nvs_write_special(data + 0x28, 0x30, data + 0x58, 0x10);* 3) sceSblSmCommCallFunc(id, 0xB0002, &f00d_resp, data, 0x88); === 0xC0002 sceSblUsSmSnvsEncryptDecryptMgmtData === Added on FW 1.03+. Usage similar to pm_sm command 8. Data size is 0x70 bytes.
<source lang="C">
typedef struct data { // Size is 0x70 bytes on FW 3.60
int unk_0mode; // ex: 0 for before read, 1 after read, 2 for before write, 3 after write int unk_4sector_count; // ex: always 0(Mgmt Data)
int status; // not set for read, set for write
int flags; // not set for read, set for write
* 2) nvs_write_special(data + 0x10, 0x30, nvs_out_buf, 0x10);
For read:
* 2) nvs_read_special(data + 0x10, 0x10, data + 0x100x40, 0x30);
* 3) sceSblSmCommCallFunc(id, 0xC0002, &f00d_resp, data, 0x70);
4,927

edits

Navigation menu