Changes

Jump to navigation Jump to search
110 bytes added ,  18:35, 12 April 2020
no edit summary
Line 41: Line 41:  
This is a special SELF that is found in the boot [[SLB2]] partition. The raw (encrypted) SELF is found in secure world memory (placed there by an early bootloader). It is used to decrypt SELFs for ARM. The SELF header is passed into a page aligned buffer and a [[F00D Commands#Physical Address List|paddr list]] is generated from it.
 
This is a special SELF that is found in the boot [[SLB2]] partition. The raw (encrypted) SELF is found in secure world memory (placed there by an early bootloader). It is used to decrypt SELFs for ARM. The SELF header is passed into a page aligned buffer and a [[F00D Commands#Physical Address List|paddr list]] is generated from it.
   −
=== 0x10001 sceSblAuthMgrAuthHeaderForKernel ===
+
=== 0x10001 - sceSblAuthMgrAuthHeader ===
    
Used by [[SceSblAuthMgr#sceSblAuthMgrAuthHeaderForKernel|sceSblAuthMgrAuthHeaderForKernel]].
 
Used by [[SceSblAuthMgr#sceSblAuthMgrAuthHeaderForKernel|sceSblAuthMgrAuthHeaderForKernel]].
Line 57: Line 57:  
|}
 
|}
   −
=== 0x20001 sceSblAuthMgrSetupAuthSegmentForKernel ===
+
=== 0x20001 - sceSblAuthMgrSetupAuthSegment ===
    
Used by [[SceSblAuthMgr#sceSblAuthMgrSetupAuthSegmentForKernel|sceSblAuthMgrSetupAuthSegmentForKernel]].
 
Used by [[SceSblAuthMgr#sceSblAuthMgrSetupAuthSegmentForKernel|sceSblAuthMgrSetupAuthSegmentForKernel]].
Line 75: Line 75:  
|}
 
|}
   −
=== 0x30001 sceSblAuthMgrLoadBlockForKernel ===
+
=== 0x30001 - sceSblAuthMgrLoadBlock ===
    
Used by [[SceSblAuthMgr#sceSblAuthMgrAuthSegmentForKernel|sceSblAuthMgrAuthSegmentForKernel]].
 
Used by [[SceSblAuthMgr#sceSblAuthMgrAuthSegmentForKernel|sceSblAuthMgrAuthSegmentForKernel]].
Line 94: Line 94:  
|}
 
|}
   −
=== 0x40001 sceSblAuthMgrGetEKcForDriver ===
+
=== 0x40001 - sceSblAuthMgrGetEKc ===
    
Decrypts provided buffer in ECB mode using one of three keys (NPDRM keys ?).
 
Decrypts provided buffer in ECB mode using one of three keys (NPDRM keys ?).
   −
Used by [[SceSblAuthMgr#sceSblAuthMgrGetEKcForDriver|sceSblAuthMgrGetEKcForDriver]] for getting klicensee?
+
Used by [[SceSblAuthMgr#sceSblAuthMgrGetEKcForDriver|sceSblAuthMgrGetEKcForDriver]] for getting klicensee.
    
{| class="wikitable"
 
{| class="wikitable"
Line 116: Line 116:  
|}
 
|}
   −
=== 0x50001 sceSblAuthMgrSetDmac5KeyForKernel ===
+
=== 0x50001 - sceSblAuthMgrSetDmac5Key ===
    
Used by [[SceSblAuthMgr#sceSblAuthMgrSetDmac5KeyForKernel|sceSblAuthMgrSetDmac5KeyForKernel]] to set key for decryption.
 
Used by [[SceSblAuthMgr#sceSblAuthMgrSetDmac5KeyForKernel|sceSblAuthMgrSetDmac5KeyForKernel]] to set key for decryption.
Line 138: Line 138:  
|}
 
|}
   −
=== 0x60001 sceSblAuthMgrClearDmac5KeyForKernel ===
+
=== 0x60001 - sceSblAuthMgrClearDmac5Key ===
    
Used by [[SceSblAuthMgr#sceSblAuthMgrClearDmac5KeyForKernel|sceSblAuthMgrClearDmac5KeyForKernel]] for clearing the Dmac5 Key.
 
Used by [[SceSblAuthMgr#sceSblAuthMgrClearDmac5KeyForKernel|sceSblAuthMgrClearDmac5KeyForKernel]] for clearing the Dmac5 Key.
Line 144: Line 144:  
This function writes zeroes into dmac5 keyring.
 
This function writes zeroes into dmac5 keyring.
   −
=== 0x70001 sceSblAuthMgrDecBindDataForDriver ===
+
=== 0x70001 - sceSblAuthMgrDecBindDataForDriver ===
    
Used by [[SceSblAuthMgr#sceSblAuthMgrDecBindDataForDriver|sceSblAuthMgrDecBindDataForDriver]] and [[SceNpDrm]] for gamecard binding data used in conjunction with the RIF license file on the gamecard for deriving the klicensee.
 
Used by [[SceSblAuthMgr#sceSblAuthMgrDecBindDataForDriver|sceSblAuthMgrDecBindDataForDriver]] and [[SceNpDrm]] for gamecard binding data used in conjunction with the RIF license file on the gamecard for deriving the klicensee.
   −
=== 0x80001 sceSblAuthMgrVerifySpsfoForDriver ===
+
=== 0x80001 - sceSblAuthMgrVerifySpsfo ===
    
Used by [[SceSblAuthMgr#sceSblAuthMgrVerifySpsfoForDriver|sceSblAuthMgrVerifySpsfoForDriver]].
 
Used by [[SceSblAuthMgr#sceSblAuthMgrVerifySpsfoForDriver|sceSblAuthMgrVerifySpsfoForDriver]].
Line 154: Line 154:  
== act_sm.self ==
 
== act_sm.self ==
   −
=== 0x1 check_activation_code_1 ===
+
=== 0x1 - check_activation_code_1 ===
    
Only on pre 2.10.
 
Only on pre 2.10.
Line 169: Line 169:  
|}
 
|}
   −
=== 0x2 check_activation_code_2 ===
+
=== 0x2 - check_activation_code_2 ===
    
Only on pre 2.10.
 
Only on pre 2.10.
Line 184: Line 184:  
|}
 
|}
   −
=== 0x4 check_cmac ===
+
=== 0x4 - check_cmac ===
    
Verify ?NVS? activation data. Maybe checks CMAC.
 
Verify ?NVS? activation data. Maybe checks CMAC.
Line 195: Line 195:  
|}
 
|}
   −
=== 0x5 gen_act_cmac ===
+
=== 0x5 - gen_act_cmac ===
    
Only on pre 2.10.
 
Only on pre 2.10.
Line 231: Line 231:  
|}
 
|}
   −
=== 0xA gen_activation_with_sig ===
+
=== 0xA - gen_activation_with_sig ===
    
Introduced in 2.10.
 
Introduced in 2.10.
Line 252: Line 252:  
|}
 
|}
   −
=== 0xB check_activation_with_sig ===
+
=== 0xB - check_activation_with_sig ===
    
Introduced in 2.10.
 
Introduced in 2.10.
Line 279: Line 279:  
== aimgr_sm.self ==
 
== aimgr_sm.self ==
   −
=== 0x1 ConsoleId ===
+
=== 0x1 - GetConsoleId ===
    
Returns the console's [[ConsoleId]].
 
Returns the console's [[ConsoleId]].
Line 285: Line 285:  
Used in [[SceSblSsMgr#sceSblAimgrGetConsoleIdForDriver|sceSblAimgrGetConsoleIdForDriver]].
 
Used in [[SceSblSsMgr#sceSblAimgrGetConsoleIdForDriver|sceSblAimgrGetConsoleIdForDriver]].
   −
=== 0x2 OpenPsId ===
+
=== 0x2 - GetOpenPsId ===
    
Returns the console's [[OpenPsId]].
 
Returns the console's [[OpenPsId]].
Line 291: Line 291:  
Used in [[SceSblSsMgr#sceSblAimgrGetOpenPsIdForDriver|sceSblAimgrGetOpenPsIdForDriver]].
 
Used in [[SceSblSsMgr#sceSblAimgrGetOpenPsIdForDriver|sceSblAimgrGetOpenPsIdForDriver]].
   −
=== 0x3 VisibleId ===
+
=== 0x3 - GetVisibleId ===
    
Returns the console's [[VisibleId]].
 
Returns the console's [[VisibleId]].
Line 297: Line 297:  
Used in [[SceSblSsMgr#sceSblAimgrGetVisibleIdForDriver|sceSblAimgrGetVisibleIdForDriver]].
 
Used in [[SceSblSsMgr#sceSblAimgrGetVisibleIdForDriver|sceSblAimgrGetVisibleIdForDriver]].
   −
=== 0x4 PsCode ===
+
=== 0x4 - GetPsCode ===
    
Returns the console's [[PsCode]].
 
Returns the console's [[PsCode]].
Line 303: Line 303:  
Used in [[SceSblSsMgr#sceSblAimgrGetPscode2ForDriver|sceSblAimgrGetPscode2ForDriver]].
 
Used in [[SceSblSsMgr#sceSblAimgrGetPscode2ForDriver|sceSblAimgrGetPscode2ForDriver]].
   −
=== 0x5 PassPhrase ===
+
=== 0x5 - GetPassPhrase ===
    
Used in [[SceSblSsMgr#sceSblSsCreatePassPhraseForDriver|sceSblSsCreatePassPhraseForDriver]].
 
Used in [[SceSblSsMgr#sceSblSsCreatePassPhraseForDriver|sceSblSsCreatePassPhraseForDriver]].
Line 394: Line 394:  
This seems to be used to do some kind of key derivation. May also be used as a general purpose encryption engine.
 
This seems to be used to do some kind of key derivation. May also be used as a general purpose encryption engine.
   −
=== 0x1000A EncryptWithPortability ===
+
=== 0x1000A - EncryptWithPortability ===
    
Encrypt data. Actually it always returns <code>0x800F1725</code>, so it does nothing and is never used.
 
Encrypt data. Actually it always returns <code>0x800F1725</code>, so it does nothing and is never used.
Line 415: Line 415:  
|}
 
|}
   −
=== 0x2000A DecryptWithPortability ===
+
=== 0x2000A - DecryptWithPortability ===
    
Used by [[SceSblSsMgr#sceSblSsDecryptWithPortabilityForDriver|sceSblSsDecryptWithPortabilityForDriver]].
 
Used by [[SceSblSsMgr#sceSblSsDecryptWithPortabilityForDriver|sceSblSsDecryptWithPortabilityForDriver]].
Line 470: Line 470:  
Supported GC commands and structures
 
Supported GC commands and structures
   −
==== 0x4 kirk_encrypt ====
+
==== 0x4 - kirk_encrypt ====
 +
 
 
Original PSP Kirk 4 service for encrypting data.
 
Original PSP Kirk 4 service for encrypting data.
   Line 489: Line 490:  
seed is aes cbc encrypted with key to produce resulting key.
 
seed is aes cbc encrypted with key to produce resulting key.
   −
==== 0x7 kirk_decrypt ====
+
==== 0x7 - kirk_decrypt ====
 +
 
 
Original PSP Kirk 7 service for decrypting data
 
Original PSP Kirk 7 service for decrypting data
   Line 510: Line 512:  
seed is aes cbc encrypted with key to produce resulting key.
 
seed is aes cbc encrypted with key to produce resulting key.
   −
==== 0xC kirk_ecc160_generate_keys ====
+
==== 0xC - kirk_ecc160_generate_keys ====
 +
 
 
Original PSP Kirk 0xC service for Generating a 160bit ECC private/public keypair. Call with an empty buffer of length 0x3C. The structure below is the return structure.
 
Original PSP Kirk 0xC service for Generating a 160bit ECC private/public keypair. Call with an empty buffer of length 0x3C. The structure below is the return structure.
   Line 536: Line 539:  
|}
 
|}
   −
==== 0xD kirk_ecc160_multiply ====
+
==== 0xD - kirk_ecc160_multiply ====
 +
 
 
Original PSP Kirk 0xD service for multiplying a 160bit ECC curve point with a value. Call with a multiplier, x and y point value.
 
Original PSP Kirk 0xD service for multiplying a 160bit ECC curve point with a value. Call with a multiplier, x and y point value.
   Line 563: Line 567:  
|}
 
|}
   −
==== 0xE kirk_ecc160_generate_random ====
+
==== 0xE - kirk_ecc160_generate_random ====
 +
 
 
Original PSP Kirk 0xE service for 160bit Random number generation. Call with an empty buffer, the result structure is below.
 
Original PSP Kirk 0xE service for 160bit Random number generation. Call with an empty buffer, the result structure is below.
   Line 575: Line 580:  
|}
 
|}
   −
==== 0x10 kirk_ecc160_sign ====
+
==== 0x10 - kirk_ecc160_sign ====
 +
 
 
Original PSP Kirk 0x10 service for 160bit ECC signing.
 
Original PSP Kirk 0x10 service for 160bit ECC signing.
   Line 610: Line 616:  
|}
 
|}
   −
==== 0x11 kirk_ecc160_verify ====
+
==== 0x11 - kirk_ecc160_verify ====
    
Original PSP Kirk 0x11 service for 160bit ECC signature verification. Call with the below structure, then function will return pass or fail.
 
Original PSP Kirk 0x11 service for 160bit ECC signature verification. Call with the below structure, then function will return pass or fail.
Line 634: Line 640:  
No output.
 
No output.
   −
==== 0x12 verify_cmac_signature ====
+
==== 0x12 - verify_cmac_signature ====
    
This function checks that CMAC of <code>Message</code> equals <code>Encrypted CMAC value</code>.
 
This function checks that CMAC of <code>Message</code> equals <code>Encrypted CMAC value</code>.
Line 655: Line 661:  
|}
 
|}
   −
==== 0x14 kirk_ecc224_generate_keys ====
+
==== 0x14 - kirk_ecc224_generate_keys ====
 +
 
 
New Vita Kirk 0x14 service for Generating a 224bit ECC private/public keypair. Call with an empty buffer of length 0x54. The structure below is the return structure.
 
New Vita Kirk 0x14 service for Generating a 224bit ECC private/public keypair. Call with an empty buffer of length 0x54. The structure below is the return structure.
   Line 681: Line 688:  
|}
 
|}
   −
==== 0x15 kirk_ecc224_multiply ====
+
==== 0x15 - kirk_ecc224_multiply ====
 +
 
 
New Vita Kirk 0x15 service for multiplying a 224bit ECC curve point with a value. Call with a multiplier, x and y point value.
 
New Vita Kirk 0x15 service for multiplying a 224bit ECC curve point with a value. Call with a multiplier, x and y point value.
   Line 708: Line 716:  
|}
 
|}
   −
==== 0x16 kirk_ecc224_generate_random ====
+
==== 0x16 - kirk_ecc224_generate_random ====
 +
 
 
New Vita Kirk 0x16 service for 224bit Random number generation. Call with an empty buffer, the result structure is below.
 
New Vita Kirk 0x16 service for 224bit Random number generation. Call with an empty buffer, the result structure is below.
   Line 720: Line 729:  
|}
 
|}
   −
==== 0x17 kirk_ecc224_sign ====
+
==== 0x17 - kirk_ecc224_sign ====
 +
 
 
New Vita Kirk 0x17 service for 224bit ECC signing.
 
New Vita Kirk 0x17 service for 224bit ECC signing.
   Line 755: Line 765:  
|}
 
|}
   −
==== 0x18 kirk_ecc224_verify ====
+
==== 0x18 - kirk_ecc224_verify ====
 +
 
 
New Vita Kirk 0x18 service for 224bit ECDSA signature verification. Call with the below structure, then function will return pass or fail.
 
New Vita Kirk 0x18 service for 224bit ECDSA signature verification. Call with the below structure, then function will return pass or fail.
   Line 773: Line 784:  
| 0x70|| 0x1C || ECC Signature S component
 
| 0x70|| 0x1C || ECC Signature S component
 
|-
 
|-
   
|}
 
|}
   −
==== 0x19 verify_cmac_signature ====
+
==== 0x19 - verify_cmac_signature ====
    
This function checks that CMAC of <code>Message</code> equals <code>Encrypted CMAC value</code>.
 
This function checks that CMAC of <code>Message</code> equals <code>Encrypted CMAC value</code>.
Line 799: Line 809:  
|}
 
|}
   −
==== 0x1B check_gc_authenticity ====
+
==== 0x1B - check_gc_authenticity ====
 +
 
 
New Vita Kirk 0x1B service. This service is related to SceSdif and is used by SceSblGcAuthMgr.
 
New Vita Kirk 0x1B service. This service is related to SceSdif and is used by SceSblGcAuthMgr.
 
This service is part of SD MMC CMD56 custom initialization protocol.
 
This service is part of SD MMC CMD56 custom initialization protocol.
Line 805: Line 816:     
- packet 7 should contain challenge0 for the card that can be encrypted (by card) with key_id and master_key.
 
- packet 7 should contain challenge0 for the card that can be encrypted (by card) with key_id and master_key.
      
- packet 8 should contain encrypted message which can be decrypted (by vita) with key_id and master_key.  
 
- packet 8 should contain encrypted message which can be decrypted (by vita) with key_id and master_key.  
Line 814: Line 824:     
- this way we know that card knows how to properly encrypt.
 
- this way we know that card knows how to properly encrypt.
      
- kirk service 1B will decrypt packet 8 with key_id and master_key
 
- kirk service 1B will decrypt packet 8 with key_id and master_key
Line 832: Line 841:  
|}
 
|}
   −
==== 0x1C generate_vita_authenticity_proof ====
+
==== 0x1C - generate_vita_authenticity_proof ====
 +
 
 
New Vita Kirk 0x1C service. This service is related to SceSdif and is used by SceSblGcAuthMgr. This service is part of SD MMC CMD56 custom initialization protocol.  
 
New Vita Kirk 0x1C service. This service is related to SceSdif and is used by SceSblGcAuthMgr. This service is part of SD MMC CMD56 custom initialization protocol.  
 
This is a data generation service. Size of request is 0x40. Size of response is 0x33.
 
This is a data generation service. Size of request is 0x40. Size of response is 0x33.
Line 845: Line 855:     
- then packet 9 will be encrypted with key_id and master_key
 
- then packet 9 will be encrypted with key_id and master_key
      
- packet 9 should contain encrypted message which can be decrypted (by card) with key_id and master_key.  
 
- packet 9 should contain encrypted message which can be decrypted (by card) with key_id and master_key.  
Line 879: Line 888:  
|}
 
|}
   −
==== 0x1D challenge_handshake ====
+
==== 0x1D - challenge_handshake ====
 +
 
 
New Vita Kirk 0x1D service. This service is related to SceSdif and is used by SceSblGcAuthMgr.  
 
New Vita Kirk 0x1D service. This service is related to SceSdif and is used by SceSblGcAuthMgr.  
 
This service is part of SD MMC CMD56 custom initialization protocol. This is a data validation service with no response. Size of request is 0xA3.
 
This service is part of SD MMC CMD56 custom initialization protocol. This is a data validation service with no response. Size of request is 0xA3.
Line 885: Line 895:  
- packet 13 should contain challenge1 for the card that can be encrypted (by card) with key_id and master_key.
 
- packet 13 should contain challenge1 for the card that can be encrypted (by card) with key_id and master_key.
   −
- packet 14 should contain challenge1 and master_key that are encrypted (by card) with key_id and master_key
+
- packet 14 should contain challenge1 and master_key that are encrypted (by card) with key_id and master_key.
 
     −
- kirk service 1D will decrypt secondary_key0 from packet 9 with key_id and master_key
+
- kirk service 0x1D will decrypt secondary_key0 from packet 9 with key_id and master_key
    
- then it will decrypt packet 14
 
- then it will decrypt packet 14
Line 910: Line 919:  
|}
 
|}
   −
==== 0x1E generate_packets_15_17_with_cmac_signature ====
+
==== 0x1E - generate_packets_15_17_with_cmac_signature ====
 +
 
 
New Vita Kirk 0x1E service. This service is related to SceSdif and is used by SceSblGcAuthMgr. This service is part of SD MMC CMD56 custom initialization protocol. This is a data generation service. Size of request is 0x51. Size of response is 0x33.
 
New Vita Kirk 0x1E service. This service is related to SceSdif and is used by SceSblGcAuthMgr. This service is part of SD MMC CMD56 custom initialization protocol. This is a data generation service. Size of request is 0x51. Size of response is 0x33.
   Line 957: Line 967:  
|}
 
|}
   −
==== 0x1F decrypt_packet_16 ====
+
==== 0x1F - decrypt_packet_16 ====
 +
 
 
New Vita Kirk 0x1F service. This service is related to SceSdif and is used by SceSblGcAuthMgr. This service is part of SD MMC CMD56 custom initialization protocol. This is a data validation service. Size of request is 0xB3. Size of response is 0x20.
 
New Vita Kirk 0x1F service. This service is related to SceSdif and is used by SceSblGcAuthMgr. This service is part of SD MMC CMD56 custom initialization protocol. This is a data validation service. Size of request is 0xB3. Size of response is 0x20.
   Line 1,002: Line 1,013:  
|}
 
|}
   −
==== 0x20 get_klicensee_keys_with_rif_cmac_signature ====
+
==== 0x20 - get_klicensee_keys_with_rif_cmac_signature ====
 +
 
 
New Vita Kirk 0x20 service. This service is related to SceSdif and is used by SceSblGcAuthMgr. This service is part of SD MMC CMD56 custom initialization protocol. This is a data generation service. Size of request is 0x116. Size of response is 0x34.
 
New Vita Kirk 0x20 service. This service is related to SceSdif and is used by SceSblGcAuthMgr. This service is part of SD MMC CMD56 custom initialization protocol. This is a data generation service. Size of request is 0x116. Size of response is 0x34.
   Line 1,037: Line 1,049:  
|}
 
|}
   −
==== 0x21 kirk_ecc160_sign ====
+
==== 0x21 - kirk_ecc160_sign ====
 +
 
 
New Vita Kirk 0x21 service for 160bit ECC signing.  
 
New Vita Kirk 0x21 service for 160bit ECC signing.  
   Line 1,072: Line 1,085:  
|}
 
|}
   −
==== 0x22 kirk_ecc224_sign_sceebootpbp ====
+
==== 0x22 - kirk_ecc224_sign_sceebootpbp ====
 +
 
 
New Vita Kirk 0x22 service for 224bit ECC signing.  
 
New Vita Kirk 0x22 service for 224bit ECC signing.  
   Line 1,109: Line 1,123:  
|}
 
|}
   −
==== 0x23 generate_cmac_signature ====
+
==== 0x23 - generate_cmac_signature ====
 +
 
 
New Vita Kirk 0x23 service.
 
New Vita Kirk 0x23 service.
   Line 1,138: Line 1,153:  
Services 9 and 0xA appeared on 1.03 (maybe 1.00). They are not present on 0.990 and earlier.
 
Services 9 and 0xA appeared on 1.03 (maybe 1.00). They are not present on 0.990 and earlier.
   −
=== 0x1 get_product_mode ===
+
=== 0x1 - get_product_mode ===
    
Used by sceSblPmMgrGetProductModeFromNVS.
 
Used by sceSblPmMgrGetProductModeFromNVS.
Line 1,156: Line 1,171:  
|}
 
|}
   −
=== 0x2 set_product_mode ===
+
=== 0x2 - set_product_mode ===
    
Used by sceSblPmMgrSetProductMode.
 
Used by sceSblPmMgrSetProductMode.
Line 1,174: Line 1,189:  
|}
 
|}
   −
=== 0x3 gen_req_hello ===
+
=== 0x3 - gen_req_hello ===
    
Input: 0x30 bytes buffer.
 
Input: 0x30 bytes buffer.
Line 1,190: Line 1,205:  
|}
 
|}
   −
=== 0x4 gen_challenge ===
+
=== 0x4 - gen_challenge ===
    
Input: 0x30 bytes buffer.
 
Input: 0x30 bytes buffer.
Line 1,204: Line 1,219:  
|}
 
|}
   −
=== 0x5 check_response ===
+
=== 0x5 - check_response ===
    
Input: 0x30 bytes buffer.
 
Input: 0x30 bytes buffer.
Line 1,220: Line 1,235:  
|}
 
|}
   −
=== 0x6 gen_req_result ===
+
=== 0x6 - gen_req_result ===
    
Input: 0x30 bytes buffer.
 
Input: 0x30 bytes buffer.
Line 1,234: Line 1,249:  
|}
 
|}
   −
=== 0x7 check_result ===
+
=== 0x7 - check_result ===
    
Input: 0x30 bytes buffer.
 
Input: 0x30 bytes buffer.
Line 1,270: Line 1,285:  
|}
 
|}
   −
=== 0x9 gen_jig_message ===
+
=== 0x9 - gen_jig_message ===
    
Only on 1.03+.
 
Only on 1.03+.
Line 1,286: Line 1,301:  
|}
 
|}
   −
=== 0xA check_jig_response ===
+
=== 0xA - check_jig_response ===
    
Only on 1.03+.
 
Only on 1.03+.
Line 1,314: Line 1,329:  
=== 0x3 ===
 
=== 0x3 ===
   −
=== 0x4 decrypt QAF version ===
+
=== 0x4 - decrypt QAF version ===
    
Input: 0x20 buffer read from NVS offset 0x2A0.
 
Input: 0x20 buffer read from NVS offset 0x2A0.
Line 1,331: Line 1,346:  
|}
 
|}
   −
=== 0x5 encrypt QAF version ===
+
=== 0x5 - encrypt QAF version ===
    
Input QAF version in this buffer of size 0x20:
 
Input QAF version in this buffer of size 0x20:
Line 1,348: Line 1,363:  
Output of size 0x20 is then written to NVS offset 0x2A0.
 
Output of size 0x20 is then written to NVS offset 0x2A0.
   −
=== 0x6 check_flag (decrypt) ===
+
=== 0x6 - check_flag (decrypt) ===
    
Input: 0x20 buffer read from NVS at offset 0.
 
Input: 0x20 buffer read from NVS at offset 0.
Line 1,356: Line 1,371:  
Output  
 
Output  
   −
=== 0x7 set_flag (encrypt) ===
+
=== 0x7 - set_flag (encrypt) ===
    
Input: 0x20 buffer.
 
Input: 0x20 buffer.
Line 1,405: Line 1,420:  
This is an extension of update_service_sm.self. It was added to support command 0xE0002.
 
This is an extension of update_service_sm.self. It was added to support command 0xE0002.
   −
=== 0xE0002 sceSblUsSmAuthSpkgWithKey2 ===
+
=== 0xE0002 - sceSblUsSmAuthSpkgWithKey2 ===
    
Used to decrypt downloaded lists (SPKGs). Same format as [[F00D Commands#0x40002|0x40002]].
 
Used to decrypt downloaded lists (SPKGs). Same format as [[F00D Commands#0x40002|0x40002]].
Line 1,420: Line 1,435:  
This is used by [[SceSblUpdateMgr]] to decrypt update packages extracted from [[PUP]] files. Both 0x40002 and 0x50002 reference buffers in the following way: an inner paddr list is generated for the buffer containing the data to encrypt/decrypt, then an outer paddr list is generated for the inner list. That means there's two levels of indirection in the paddr list.
 
This is used by [[SceSblUpdateMgr]] to decrypt update packages extracted from [[PUP]] files. Both 0x40002 and 0x50002 reference buffers in the following way: an inner paddr list is generated for the buffer containing the data to encrypt/decrypt, then an outer paddr list is generated for the inner list. That means there's two levels of indirection in the paddr list.
   −
=== 0x10002 sceSblUsSmAuthPupHeader ===
+
=== 0x10002 - sceSblUsSmAuthPupHeader ===
    
SCE_SBL_SM_COMM_FID_SM_AUTH_PUP_HEADER.
 
SCE_SBL_SM_COMM_FID_SM_AUTH_PUP_HEADER.
Line 1,430: Line 1,445:  
Input: PA vector of the PUP header including the PUP Hash (size: 0x80 + segment_num * 0x60 + 0x20)
 
Input: PA vector of the PUP header including the PUP Hash (size: 0x80 + segment_num * 0x60 + 0x20)
   −
=== 0x20002 sceSblUsSmAuthPupSegment ===
+
=== 0x20002 - sceSblUsSmAuthPupSegment ===
    
SCE_SBL_SM_COMM_FID_SM_AUTH_PUP_SEGMENT.
 
SCE_SBL_SM_COMM_FID_SM_AUTH_PUP_SEGMENT.
Line 1,438: Line 1,453:  
Input data size: 0xFF0.
 
Input data size: 0xFF0.
   −
=== 0x30002 sceSblUsSmAuthPupWatermark ===
+
=== 0x30002 - sceSblUsSmAuthPupWatermark ===
    
SCE_SBL_SM_COMM_FID_SM_AUTH_PUP_WM.
 
SCE_SBL_SM_COMM_FID_SM_AUTH_PUP_WM.
Line 1,448: Line 1,463:  
Input data: a packet embedding at least two paddr (or PA vectors): PUP Watermark (0x1000 bytes) and PUP Hash (0x20 bytes).
 
Input data: a packet embedding at least two paddr (or PA vectors): PUP Watermark (0x1000 bytes) and PUP Hash (0x20 bytes).
   −
=== 0x40002 sceSblUsSmAuthSpkg ===
+
=== 0x40002 - sceSblUsSmAuthSpkg ===
    
SCE_SBL_SM_COMM_FID_SM_AUTH_SPKG.
 
SCE_SBL_SM_COMM_FID_SM_AUTH_SPKG.
Line 1,469: Line 1,484:  
|}
 
|}
   −
=== 0x50002 sceSblUsSmEncryptIndividualSLSK ===
+
=== 0x50002 - sceSblUsSmEncryptIndividualSLSK ===
    
SCE_SBL_SM_COMM_FID_SM_ENCIND_SLSK.
 
SCE_SBL_SM_COMM_FID_SM_ENCIND_SLSK.
Line 1,540: Line 1,555:  
</pre>
 
</pre>
   −
=== 0x60002 sceSblUsSmSnvsEncryptSectors ===
+
=== 0x60002 - sceSblUsSmSnvsEncryptSectors ===
    
SCE_SBL_SM_COMM_FID_SM_SNVS_ENC_SECTORS.
 
SCE_SBL_SM_COMM_FID_SM_SNVS_ENC_SECTORS.
Line 1,560: Line 1,575:  
</source>
 
</source>
   −
=== 0x70002 sceSblUsSmSnvsDecryptSectors ===
+
=== 0x70002 - sceSblUsSmSnvsDecryptSectors ===
    
SCE_SBL_SM_COMM_FID_SM_SNVS_DEC_SECTORS.
 
SCE_SBL_SM_COMM_FID_SM_SNVS_DEC_SECTORS.
Line 1,580: Line 1,595:  
</source>
 
</source>
   −
=== 0x80002 sceSblUsSmSnvsEncryptMgmtData ===
+
=== 0x80002 - sceSblUsSmSnvsEncryptMgmtData ===
    
SCE_SBL_SM_COMM_FID_SM_SNVS_ENC_MGMT.
 
SCE_SBL_SM_COMM_FID_SM_SNVS_ENC_MGMT.
Line 1,600: Line 1,615:  
</source>
 
</source>
   −
=== 0x90002 sceSblUsSmSnvsDecryptMgmtData ===
+
=== 0x90002 - sceSblUsSmSnvsDecryptMgmtData ===
    
SCE_SBL_SM_COMM_FID_SM_SNVS_DEC_MGMT.
 
SCE_SBL_SM_COMM_FID_SM_SNVS_DEC_MGMT.
Line 1,636: Line 1,651:  
</source>
 
</source>
   −
=== 0xA0002 sceSblUsSmAuthAdditionalSign ===
+
=== 0xA0002 - sceSblUsSmAuthAdditionalSign ===
    
SCE_SBL_SM_COMM_FID_SM_AUTH_PUP_AS.
 
SCE_SBL_SM_COMM_FID_SM_AUTH_PUP_AS.
Line 1,642: Line 1,657:  
Verify PUP Additional Signatures.
 
Verify PUP Additional Signatures.
   −
=== 0xB0002 sceSblUsSmSnvsEncryptDecryptSector ===
+
=== 0xB0002 - sceSblUsSmSnvsEncryptDecryptSector ===
    
Added on FW 1.03. Usage similar to pm_sm command 8.
 
Added on FW 1.03. Usage similar to pm_sm command 8.
Line 1,666: Line 1,681:  
* 3) sceSblSmCommCallFunc(id, 0xB0002, &f00d_resp, data, 0x88);
 
* 3) sceSblSmCommCallFunc(id, 0xB0002, &f00d_resp, data, 0x88);
   −
=== 0xC0002 sceSblUsSmSnvsEncryptDecryptMgmtData ===
+
=== 0xC0002 - sceSblUsSmSnvsEncryptDecryptMgmtData ===
    
Added on FW 1.03. Usage similar to pm_sm command 8.
 
Added on FW 1.03. Usage similar to pm_sm command 8.
5,761

edits

Navigation menu