Difference between revisions of "SceSblSsMgr"
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) |
||
Line 1,529: | Line 1,529: | ||
<source lang="C">int sceSblDmac5EncDec(void *args, int command);</source> | <source lang="C">int sceSblDmac5EncDec(void *args, int command);</source> | ||
+ | |||
+ | === sceSblDmac5EncDecNP === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.940 || 0x30702CC7 | ||
+ | |} | ||
=== sceSblDmac5HmacKeyGen === | === sceSblDmac5HmacKeyGen === |
Revision as of 23:55, 18 February 2019
Module
Known NIDs
Version | Name | World | Privilege | NID |
---|---|---|---|---|
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xFDDD93FA |
3.60 | SceSblSsMgr | Non-secure | Kernel | 0x4E913538 |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69-3.60 | SceSblSsMgrForKernel | Non-secure | Kernel | 0x74580D9F |
1.69-3.60 | SceSblSsMgrForDriver | Non-secure | Kernel | 0x61E9428D |
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xEC86E4B0 |
1.69-3.60 | SceSblQafMgr | Non-secure | User | 0x756B7E89 |
1.69-3.60 | SceSblRng | Non-secure | User | 0x1843F124 |
1.69-3.60 | SceSblDmac5Mgr | Non-secure | User | 0x437366A2 |
1.69-3.60 | SceSblAimgr | Non-secure | User | 0xD473F968 |
NVS Areas
Offset | Size | Comment | Used by |
---|---|---|---|
0 | 0x20 | embeds ProductMode | "sceSblQafManagerSetFlag" (sub_81001610 on 0.990) |
0x2A0 | 0x20 | Qa Flag Version | "sceSblQafManagerSetQaFlagVersion" on 0.940 |
0x400 | 0x80 | Qaf Token | first 0x18 is QafName |
0x480 | 1 | Qaf Token not set flag | Set to 1 by default when Qaf Token is not set (FFed). |
0x4A0 | 1 | Update Mode | sceSblUsGetUpdateModeForUser, sceSblUsSetUpdateModeForUser. |
0x520 | 0x20 | DevKit Activation data including: expire_date, issue_no | 0x10 bytes of data followed by 0x10 bytes of AES256CMAC hash of data.
Embeds issue_no at ?0x4? and expire_date at 0x8?. |
0x5A0 | 0x100 | Qaf Token RSA signature | Not present on 0.990. Present on 3.60. Maybe added on 1.80. |
SceSblSsMgrForKernel
sceSblNvsReadDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xC2EC8F5A |
Previous name was sceSblSsMgrGetSysconDataForKernel and sceSblSsMgrNvsReadDataForKernel.
For example gets 0x20 bytes of data for act_sm.self command 0x4 call.
This is done by passing offset 0x520 as first argument.
int sceSblNvsReadDataForKernel(int offset, char *buffer, int size);
sceSblNvsWriteDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE29E161C |
Previous name was sceSblSsMgrSetSysconDataForKernel and sceSblSsMgrNvsWriteDataForKernel.
int sceSblNvsWriteDataForKernel(int offset, char *buffer, int size);
return_ffffffff
Version | NID |
---|---|
0.990-3.60 | 0x516ECC08 |
From 0.990 to 3.60, all it does is return -1; // 0xFFFFFFFF.
int return_ffffffff(void);
sceSblQafManagerGetQafTokenForKernel
Version | NID |
---|---|
0.990 | 0x281FD75A |
sceSblQafManagerSetQafTokenForKernel
Version | NID |
---|---|
0.940-0.990 | 0x8E9447A1 |
get_qaf_token
Version | NID |
---|---|
1.03 | 0x228A6653 |
SceQafToken *temp_token = token;
sceSblNvsReadDataForKernel(0x480, flag, 1);
if (!flag) {
nvs_read(0x400, temp_token, 0x80);
ret = exec_qaf_sm(temp_token, 0);
}
return ret;
int get_qaf_token(SceQafToken *token)
sceSblQafManagerClearQafTokenForKernel
Version | NID |
---|---|
0.990 | 0xD45155C6 |
int sceSblQafManagerClearQafTokenForKernel(void);
uint32_t ret;
char buffer[0x80];
memset(&buffer, 0xFF, 0x80);
SceKernelSuspendForDriver_4DF40893(0);
ret = sceSblNvsWriteDataForKernel(0x400, &buffer, 0x80);
if ( !ret ) // if buffer successfully written, set a flag at 0x480
ret = sceSblNvsWriteDataForKernel(0x480, (char)1, 1);
SceKernelSuspendForDriver_2BB92967(0);
return ret;
sceSblQafManagerGetQAFlagsForKernel
Version | NID |
---|---|
0.990-3.60 | 0x83D254FF |
int sceSblQafManagerGetQAFlagsForKernel(char buffer[0x10]);
sceSblQafManagerGetQafNameForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE2DD0378 |
if ( byte_81008725 & 2 ) {
char workaround_string = "qaf_workaround";
memcpy(buffer, workaround_string, max_len);
} else {
sceSblNvsReadDataForKernel(0x480, flag, 1);
if (flag) {
sceSblNvsReadDataForKernel(0x400, buf, 0x80);
memcpy(buffer, buf, 0x18);
}
}
int sceSblQafManagerGetQafNameForKernel(char *buffer, unsigned int max_len);
SceSblSsMgrForDriver
Cryptographic functions in this module typically have 3 variations:
- Use
key
- meaning that the key that you provide is used directly for encryption/decryption. - Use
slot_id
- meaning that you have to use sceSblAuthMgrSetDmac5KeyForKernel function to set the key into a specific slot.- Note that in this case you select a key from F00D by
key_id
. It will be encrypted by F00D and placed into the slot selected byslot_id
.
- Note that in this case you select a key from F00D by
- Use
key_id
- meaning that the call to sceSblAuthMgrSetDmac5KeyForKernel will happen internally.- In this case the key from F00D is also selected by
key_id
and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17.
- In this case the key from F00D is also selected by
sceSblSsMgrGetRandomNumberForDriver
Version | NID |
---|---|
3.60 | 0x4F9BFBE5 |
int sceSblSsMgrGetRandomNumberForDriver(char* result, int size);
sceSblSsMgrGetRandomDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0xAC57F4F0 |
Generates random data of length 0x40 by executing Dmac5 command 0x04
used in SceKrm, SceSblGcAuthMgr
int sceSblSsMgrGetRandomDataForDriver(char* dest);
sceSblDmac5RndForDriver
Version | NID |
---|---|
3.60 | 0x4DD1B2E5 |
Temp name was sceSblSsMgrGetRandomDataCropForDriver.
Generates random data of length 0x40 by executing Dmac5 command 0x04
Data is then cropped to fit the size in outputBuffer.
Used by SceMsif
int sceSblDmac5RndForDriver(char* outputBuffer, int size, int unk);
sceSblDmac5AesEcbEncForDriver
Version | NID |
---|---|
0.990-3.60 | 0xC517770D |
Temp name was sceSblSsMgrAESECBEncryptForDriver.
Executes Dmac5 command 0x1.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// mask_enable = 1
int sceSblDmac5AesEcbEncForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);
sceSblDmac5AesEcbDecForDriver
Version | NID |
---|---|
0.990-3.60 | 0x7C978BE7 |
Temp name was sceSblSsMgrAESECBDecryptForDriver.
Executes Dmac5 command 0x2.
Used by ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// mask_enable = 1
int sceSblDmac5AesEcbDecForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);
sceSblSsMgrAESECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x01BE0374 |
Executes Dmac5 command 0x01
used in SceSblMgKeyMgr
//size - size of data in src
//slot_id - 0x1C, 0x1D, 0x1E, 0x1F
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrAESECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x8B4700CB |
Executes Dmac5 command 0x02
used by SceSblMgKeyMgr
//size - size of data in src
//slot_id - 0x1D, ?
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblDmac5AesEcbEncNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x0F7D28AF |
Temp name was sceSblSsMgrAESECBEncryptWithKeygenForDriver.
Executes Dmac5 command 0x1.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
int sceSblDmac5AesEcbEncNPForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);
sceSblDmac5AesEcbDecNPForDriver
Version | NID |
---|---|
3.60 | 0x197ACF6F |
Temp name was sceSblSsMgrAESECBDecryptWithKeygenForDriver.
Executes Dmac5 command 0x02
no usages found
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
int sceSblDmac5AesEcbDecNPForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);
sceSblSsMgrDES64ECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x37DD5CBF |
This also implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x41
used in SceMsif, SceSblMgKeyMgr
//size - size of data in src
//slot_id - 0x1C, ?
//key_size - 0xC0 (size in bits) - other sizes also work
//mask_enable = 1
int sceSblSsMgrDES64ECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrDES64ECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x8EAFB18A |
This also implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x42
used in SceSblMgKeyMgr
//size - size of data in src
//slot_id - 0x1C, ?
//key_size - 0xC0 (size in bits) - other sizes also work
//mask_enable = 1
int sceSblSsMgrDES64ECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrDES64CBCEncryptForDriver
Version | NID |
---|---|
3.60 | 0x05B38698 |
This also probably implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x49
no usages found
//size - size of data in src
//slot_id - 0x1D, ?
//key_size - ? - does not matter ?
//iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrDES64CBCEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, char* iv, int mask_enable);
sceSblSsMgrDES64CBCDecryptForDriver
Version | NID |
---|---|
3.60 | 0x926BCCF0 |
This also probably implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x4A
no usages found
//size - size of data in src
//slot_id - 0x1D, ?
//key_size - ? - does not matter ?
//iv - length is 8 for DES
//mask_enable = 1
int sceSblSsMgrDES64CBCDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, char* iv, int mask_enable);
sceSblDmac5AesCbcEncForDriver
Version | NID |
---|---|
0.990-3.60 | 0xE6E1AD15 |
Temp name was sceSblSsMgrAESCBCEncryptForDriver.
Executes Dmac5 command 0x9.
Used by ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (lenght in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// mask_enable = 1
int sceSblDmac5AesCbcEncForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblDmac5AEsCbcDecForDriver
Version | NID |
---|---|
0.990-3.60 | 0x121FA69F |
Temp name was sceSblSsMgrAESCBCDecryptForDriver.
Executes Dmac5 command 0xA.
Used by ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// mask_enable = 1
int sceSblDmac5AEsCbcDecForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblDmac5AesCbcEncNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x711C057A |
Temp name was sceSblSsMgrAESCBCEncryptWithKeygenForDriver.
Executes Dmac5 command 0x9.
Used by ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
int sceSblDmac5AesCbcEncNPForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);
sceSblDmac5AesCbcDecNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x1901CB5E |
Temp name was sceSblSsMgrAESCBCDecryptWithKeygenForDriver.
Executes Dmac5 command 0xA.
Used by ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
int sceSblDmac5AesCbcDecNPForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);
sceSblSsMgrAESCTREncryptForDriver
Version | NID |
---|---|
3.60 | 0x82B5DCEF |
Executes Dmac5 command 0x21
used by SceNpDrm
this function can also be used for decryption since CTR is symmetric function
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCTREncryptForDriver (char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCTRDecryptForDriver
Version | NID |
---|---|
3.60 | 0x7D46768C |
Executes Dmac5 command 0x22
no usages found
this function can also be used for encryption since CTR is symmetric function
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCTRDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrSHA1ForDriver
Version | NID |
---|---|
3.60 | 0xEB3AF9B5 |
Executes Dmac5 command 0x03
used by ScePfsMgr
key_size is always 0x100 bits
//size - size of data in src
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrSHA1ForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command_bit);
sceSblDmac5Sha1HmacTransformForDriver
Version | NID |
---|---|
0.990-3.60 | 0x6704D985 |
Temp name was sceSblSsMgrHMACSHA1ForDriver.
Executes Dmac5 command 0x23.
Used by ScePfsMgr.
Key size is always 0x100 bits.
// size - size of data in src
// iv = 0
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblDmac5Sha1HmacTransformForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA1WithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x92E37656 |
Executes Dmac5 command 0x23
no usages found
key_size is always 256 bits
// size - size of data in src
// key - length is always 0x20 bytes
// iv = 0
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrHMACSHA1WithKeygenForDriver(char *src, char *dst, int size, char *key, char *iv, int key_id, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA256ForDriver
Version | NID |
---|---|
3.60 | 0x79F38554 |
Executes Dmac5 command 0x33
no usages found
//size - size of data in src
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrHMACSHA256ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0x1B14658D |
Executes Dmac5 command 0x3B
used in ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrAESCMACWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x83B058F5 |
Executes Dmac5 command 0x3B.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv = 0
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0xEA6ACB6D |
Executes Dmac5 command 0x3B
no usages found
//size - size of data in src
//slot_id - 0x1D, ?
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, int slot_id, int key_size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrExecuteDmac5HashCommandForDriver
Version | NID |
---|---|
3.60 | 0x9641374E |
Executes Dmac5 commands related to hash functions
used by SceNpDrm
int sceSblSsMgrExecuteDmac5HashCommandForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command, int command_bit);
sceSblSsEncryptWithPortabilityForDriver
Version | NID |
---|---|
0.990-3.60 | 0x21EC51F6 |
derived from _vshSblSsEncryptWithPortability
strangely enough does not use communication with F00D through command 0x1000A from encdec_w_portability_sm.self
struct size_data_pair
{
int size;
char data[0x20];
};
int sceSblSsEncryptWithPortabilityForDriver(int key_id, char *iv, size_data_pair *src, size_data_pair *dst);
sceSblSsDecryptWithPortabilityForDriver
Version | NID |
---|---|
0.990-3.60 | 0x934DB6B5 |
derived from _vshSblSsDecryptWithPortability
Decrypts or derives AES key that is used in msif to decrypt static sha224 table.
Communication with F00D is done with command 0x2000A from encdec_w_portability_sm.self.
typedef struct ScePortabilityInputData // size of structure is 0x24
{
uint32_t enc_size; // max size is 0x20
uint8_t enc_msg[0x20];
} ScePortabilityInputData;
typedef struct ScePortabilityOutputData // size of structure is 0x24
{
uint32_t plain_size; // max size is 0x20
uint8_t plain_msg[0x20];
} ScePortabilityOutputData;
int sceSblSsDecryptWithPortabilityForDriver(int key_type, char *iv, ScePortabilityInputData* enc, ScePortabilityOutputData* plain);
sceSblSsGetNvsDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0xFDD6D5DE |
derived from _vshSblSsGetNvsData
uses syscon function to get the data
//index - max index is 5
//input - max size is 0x20
int sceSblSsGetNvsDataForDriver(int index, char *output, int size);
sceSblSsSetNvsDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0x249ADB07 |
derived from _vshSblSsSetNvsData
uses syscon function to set the data
//index - max index is 5
//input - max size is 0x20
int sceSblSsSetNvsDataForDriver(int index, char *input, int size);
sceSblAimgrGetVisibleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0x04843835 |
Temp name was sceSblSsMgrGetVisibleIdForDriver.
In old firmwares this function was named sceSblSsMgrGetFuseIdForDriver
.
Derived from _vshSblAimgrGetVisibleId
.
Executes F00D aimgr_sm.self command 0x3.
typedef struct VisibleId {
char visible_id[0x20];
} VisibleId;
int sceSblAimgrGetVisibleIdForDriver(VisibleId* visible_id);
sceSblAimgrGetConsoleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xFC6CDD68 |
Temp name was sceSblSsMgrGetConsoleIdForDriver.
This function obtains Console Id by executing aimgr_sm.self F00D command 0x1
typedef struct ConsoleId { // size 0x10
char magic[4]; // {0, 0, 0, 1}
char product_code[2];
char product_sub_code[2];
char chassis_check;
char unknown[7];
} ConsoleId;
int sceSblAimgrGetConsoleIdForDriver(ConsoleId* console_id);
sceSblAimgrGetOpenPsIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xA5B5D269 |
Temp name was sceSblSsMgrGetOpenPsIdForDriver.
This function returns information from a static buffer that is initialized on module_start.
Read OpenPsId from sysroot_buffer+0x70 using sceSysrootGetSysrootBufferForKernel.
typedef struct OpenPsId {
char open_psid[0x10];
} OpenPsId;
int sceSblAimgrGetOpenPsIdForDriver(OpenPsId *open_psid);
sceSblAimgrGetPscodeForDriver
Version | NID |
---|---|
0.990-3.60 | 0xE0DC2587 |
Temp name was sceSblSsMgrGetPscodeForDriver.
Derived from _vshSblAimgrGetPscode
.
This function returns information from a static buffer that is initialized on module_start.
Read PsCode from sysroot_buffer+0xA0 using sceSysrootGetSysrootBufferForKernel.
typedef struct PsCode {
char magic[2]; // {0, 1}
char product_code[2];
char product_sub_code[2];
uint16_t chassis; // chassis = chassis_check >> 2;
} PsCode;
int sceSblAimgrGetPscodeForDriver(PsCode *pscode);
sceSblAimgrGetPscode2ForDriver
Version | NID |
---|---|
3.60 | 0x9A9676D0 |
Temp name was sceSblSsMgrGetPscode2ForDriver.
Executes F00D aimgr_sm.self command 0x4.
derived from _vshSblAimgrGetPscode2
int sceSblAimgrGetPscode2ForDriver(PsCode *pscode);
sceSblSsCreatePassPhraseForDriver
Version | NID |
---|---|
3.60 | 0xB8B298FD |
executes F00D aimgr_sm.self command 0x5
derived from _vshSblSsCreatePassPhrase
//input is of size 0x18
int sceSblSsCreatePassPhraseForDriver(char *input, char *output);
sceSblSsInfraAllocatePARangeVectorForDriver
Version | NID |
---|---|
3.60 | 0xE0B13BA7 |
Used by SceSblUpdateMgr - does some initialization
int sceSblSsInfraAllocatePARangeVectorForDriver(void *buf, int size, SceUID blockid, SceKernelPaddrList *list);
unk_c38d0cea
Version | NID |
---|---|
3.60 | 0xC38D0CEA |
Used by SceSblUpdateMgr - does some cleanup
sceSblSsMgrMemsetForDriver
Version | NID |
---|---|
3.60 | 0xCD98CC92 |
Used by SceSblPostSsMgr
void sceSblSsMgrMemsetForDriver(char* dest, char value, int size);
sceSblRtcMgrSetCpRtcForDriver
Version | NID |
---|---|
0.940 | 0xD8F6F110 |
3.60 | moved to PostSsMgr |
sceSblRtcMgrGetCpRtcPhysicalForDriver
Version | NID |
---|---|
0.940 | 0xC96622EC |
3.60 | moved to PostSsMgr |
sceSblRtcMgrGetCpRtcLogicalForDriver
Version | NID |
---|---|
0.940 | 0xAF56206D |
3.60 | moved to PostSsMgr |
sceSblLicGetActivationKeyForDriver
Version | NID |
---|---|
0.940 | 0xED4878A4 |
3.60 | moved to PostSsMgr |
sceSblLicMgrGetExpireDateForDriver
Version | NID |
---|---|
0.940 | 0xE840CD4E |
3.60 | moved to PostSsMgr |
sceSblPmMgrGetProductModeFromNVSForDriver
Version | NID |
---|---|
0.940 | 0x196C7FB2 |
3.60 | moved to PostSsMgr |
sceSblPmMgrSetProductModeForDriver
Version | NID |
---|---|
0.940 | 0x33B706E1 |
3.60 | moved to PostSsMgr |
Know values: set 1 then reboot.
void sceSblPmMgrSetProductModeForDriver(int product_mode);
sceSblPmMgrAuthEtoIForDriver
Version | NID |
---|---|
0.940 | 0xB241EA2B |
3.60 | moved to PostSsMgr |
SceSblSsMgr
This library exists on 1.69 but doesn't exist on 3.60.
sceSblSsInfraAllocatePARangeVector
Version | NID |
---|---|
0.990 | 0x8C2822A9 |
SceSblSsMgr_FAD42134
Version | NID |
---|---|
0.990 | 0xFAD42134 |
SceSblQafMgr
typedef struct SceQafToken
{
char data[0x80];
char sig[0x100]; // not present on 0.990
};
sceSblQafMgrGetQafToken
Version | NID |
---|---|
1.69-3.60 | 0xB6BAE81D |
On 3.60 returns 0x80010058.
int sceSblQafMgrGetQafToken(SceQafToken *qaf_token);
sceSblQafMgrGetQafToken2
Version | NID |
---|---|
3.60 | 0xDFBA8569 |
int sceSblQafMgrGetQafToken2(SceQafToken *qaf_token);
sceSblQafManagerSetQafTokenForUser
Version | NID |
---|---|
1.69-3.60 | 0x56A16392 |
On 3.60 returns 0x80010058.
int sceSblQafManagerSetQafTokenForUser(SceQafToken qaf_token);
sceSblQafMgrSetQafToken2
Version | NID |
---|---|
3.60 | 0xF4B5C8A5 |
int sceSblQafMgrSetQafToken2(SceQafToken qaf_token);
sceSblQafManagerDeleteQafTokenForUser
Version | NID |
---|---|
0.940-3.60 | 0xD542583F |
On 3.60 returns 0x80010058.
int sceSblQafManagerDeleteQafTokenForUser(void);
sceSblQafMgrDeleteQafToken2
Version | NID |
---|---|
3.60 | 0x62E30BF4 |
int ret;
int ret2;
int ret3;
signed int result;
char flag;
char data[0x80];
char sig[0x100];
memset(data, (char)0xFF, 0x180);
SceKernelSuspendForDriver_4DF40893_0(0);
ret = sceSblNvsWriteDataForKernel(0x400, data, 0x80);
if ( ret )
{
SceKernelSuspendForDriver_4DF40893(0);
result = ret;
}
else
{
ret2 = sceSblNvsWriteDataForKernel(0x5A0, sig, 0x100);
if ( ret2 )
{
SceKernelSuspendForDriver_4DF40893(0);
result = ret2;
}
else
{
flag = 1;
ret3 = sceSblNvsWriteDataForKernel(0x480, &flag, 1);
SceKernelSuspendForDriver_4DF40893(0);
result = ret3;
}
}
return result;
int sceSblQafMgrDeleteQafToken2(void);
sceSblQafManagerGetQafNameForUser
Version | NID |
---|---|
0.940-3.60 | 0x0F7EA8C2 |
Wrapper to sceSblQafManagerGetQafNameForKernel.
int sceSblQafManagerGetQafNameForUser(char *buffer, unsigned int max_len);
sceSblQafManagerGetQafName2ForUser
Version | NID |
---|---|
3.60 | 0xF0CA8766 |
memset(buf, 0, 0x180);
sceSblNvsReadDataForKernel(0x480, buf, 1);
sceSblNvsReadDataForKernel(0x400, buf, 0x80);
memcpy(buffer, buf, 0x18);
sceSblNvsReadDataForKernel(0x5A0, buf, 0x100);
// if all functions returned success
sceSblQafManagerGetQafNameForKernel(buf2, len);
sceKernelMemcpyKernelToUserForDriver(buffer, buf2, len)) != 0 )
int sceSblQafManagerGetQafName2ForUser(char *buffer, unsigned int max_len);
sceSblQafMgrIsAllowMinimumDebugMenuDisplay
Version | NID |
---|---|
3.60 | 0xA156BBD2 |
return sysroot_buffer->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowMinimumDebugMenuDisplay(void);
sceSblQafMgrIsAllowLimitedDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0xC456212D |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowLimitedDebugMenuDisplay(void);
sceSblQafMgrIsAllowAllDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0x66843305 |
return (sysroot_buffer->qa_flags[0xC] >> 1) & 1;
int sceSblQafMgrIsAllowAllDebugMenuDisplay(void);
sceSblQafManagerIsAllowKernelDebugForUser
Version | NID |
---|---|
0.940-3.60 | 0x11D30766 |
return sysroot_buffer->qa_flags[0xD] & 1;
int sceSblQafManagerIsAllowKernelDebugForUser(void);
sceSblQafMgrIsAllowForceUpdate
Version | NID |
---|---|
1.69-3.60 | 0x63F29BA0 |
return (sysroot_buffer->qa_flags[0xF] >> 1) & 1;
int sceSblQafMgrIsAllowForceUpdate(void);
sceSblQafMgrIsAllowNpTest
Version | NID |
---|---|
1.69-3.60 | 0xA9EBCBAC |
if (sysroot_buffer->qa_flags[0xF] << 31)
return 1;
else
return sceSysrootUtMgrHasNpTestFlagForKernel(a1, a2, a3);
int sceSblQafMgrIsAllowNpTest(int a1, int a2, int a3);
sceSblQafMgrIsAllowNpFullTest
Version | NID |
---|---|
3.60 | 0x72168C6E |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowNpFullTest(void);
sceSblQafMgrIsAllowNonQAPup
Version | NID |
---|---|
1.69-3.60 | 0xB5621615 |
return sysroot_buffer->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowNonQAPup(void);
sceSblQafMgrIsAllowScreenShotAlways
Version | NID |
---|---|
1.69-3.60 | 0xD22A8731 |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowScreenShotAlways(void);
sceSblQafMgrIsAllowRemoteSysmoduleLoad
Version | NID |
---|---|
0.940-3.60 | 0xF45AA706 |
return (sysroot_buffer->qa_flags[0xD] >> 1) & 1;
int sceSblQafMgrIsAllowRemoteSysmoduleLoad(void);
SceSblRng
sceSblRngGenuineRandomNumber
Version | NID |
---|---|
0.940-0.990 | 0xD1189305 |
Temp name was sceSblSsMgrGetRandomData.
Calls sceSblSsMgrGetRandomDataForDriver.
sceSblRngPseudoRandomNumber
Version | NID |
---|---|
0.940-0.990 | 0xD8BC42B8 |
_sceKernelGetRandomNumber
Version | NID |
---|---|
1.69-3.60 | 0xC37E818C |
int _sceKernelGetRandomNumber(int *out, int a2, char a3[8]);
SceSblDmac5Mgr
sceSblDmac5HashTransform
Version | NID |
---|---|
1.69-3.60 | 0x09EBC6EF |
This function can execute the following dmac5 commands:
- 0x3B: CMAC-AES (length 0x10)
- 0x03: SHA1 (length 0x14)
- 0x23: HMAC-SHA1 (length 0x14)
- 0x13: SHA256 (length 0x20)
- 0x33: HMAC-SHA256 (length 0x20)
typedef struct hash_trans_opt_t //size 0x18
{
char* src;
char* dst;
uint32_t size;
uint32_t unk_C; // = 0
uint32_t unk_10; // = 0
char* iv;
}hash_trans_opt_t;
// flags:
// 0x000
// 0x400
// 0x800
// 0xC00
int sceSblDmac5HashTransform(hash_trans_opt_t* ctx, int command, int flags);
sceSblDmac5EncDecKeyGen
Version | NID |
---|---|
1.69-3.60 | 0x5BF4F924 |
This function is also named sceSblDmac5AesCbcDecKeyGen
or sceSblDmac5AesCbcEncKeyGen
in SceGameDataPlugin
typedef struct keygen_ctx //size is 0x18
{
char *src;
char *dst;
int size;
char* key;
uint32_t key_size; // (int bits)
char* out; //hash ?
}keygen_ctx;
//command - 0xA (dmac5 command AES-192-CBC decrypt)
//command - 0x9 (dmac5 command AES-192-CBC encrypt)
int sceSblDmac5EncDecKeyGen(keygen_ctx* ctx, int key_id, int command);
sceSblDmac5EncDec
Version | NID |
---|---|
1.69-3.60 | 0xD0B1F759 |
int sceSblDmac5EncDec(void *args, int command);
sceSblDmac5EncDecNP
Version | NID |
---|---|
0.940 | 0x30702CC7 |
sceSblDmac5HmacKeyGen
Version | NID |
---|---|
3.60 | 0xCCE57D33 |
This function is named sceSblDmac5HmacKeyGen
in SceSysLibTrace but is also called sceSblDmac5Sha256HmacKeyGen
in SceGameDataPlugin
.
// data is of size 0x18 (24 - 192 bits ?)
// unk1 - 0x20001
// command - 0x33 (dmac5 HMAC-SHA256 command)
// flags - 0x400, 0x800, 0xC00
int sceSblDmac5HmacKeyGen(char* data, int unk1, int command, int flags);
SceSblAimgr
_sceKernelGetOpenPsId
Version | NID |
---|---|
1.69-3.60 | 0x6E283E2E |
int _sceKernelGetOpenPsId(char open_psid[0x10]);