From Vita Development Wiki
Jump to navigation
Jump to search
Key Ring Slots 0xE0058000
Slot |
Mode |
Protection |
Per-console |
Description
|
0 |
3 |
0x0442 |
? |
?
|
1 |
1 |
0x0442 |
? |
?
|
2-7 |
1 |
0x0040 |
? |
?
|
8 |
3 |
0x0081 |
Yes. |
enp per-console key
|
9 |
1 |
0x0080 |
? |
?
|
0xA-0xF |
3 |
0x0080 |
? |
?
|
0x10 |
1 |
0x0502 |
? |
supports decryption only
|
0x11-0x1F |
1 |
0x0100 |
? |
?
|
0x20 |
3 |
0x0200 |
? |
?
|
0x21-0x24 |
1 |
0x061F |
? |
supports encryption and decryption
|
0x25-0x2F |
1 |
0x0200 |
? |
?
|
0x30-0x34 |
1 |
0x041F |
? |
?
|
0x35-0x7F |
1 |
0x0000 |
? |
?
|
0x80-0xFF |
0 |
0x0000 |
? |
?
|
0x100 |
1 |
0x041F |
? |
?
|
0x101-0x17F |
1 |
0x0000 |
? |
?
|
0x180-0x1FF |
0 |
0x0000 |
? |
?
|
0x200-0x203 |
3 |
0x0000 |
? |
?
|
0x204-0x205 |
3 |
0x006F |
? |
?
|
0x206-0x20D |
3 |
0x00A0 |
? |
?
|
0x20E-0x20F |
3 |
0x0010 |
? |
Maybe per-console emmc crypto keys?
|
0x210-0x211 |
3 |
0x0000 |
? |
?
|
0x212-0x213 |
3 |
0x001F |
? |
?
|
0x214-0x215 |
3 |
0x0000 |
? |
?
|
0x216 |
3 |
0x001F |
? |
?
|
0x217 |
3 |
0x0000 |
? |
?
|
0x218-0x2FF |
0 |
0x0000 |
? |
?
|
0x300-0x33F |
3 |
0x0000 |
? |
?
|
0x340 |
3 |
0x012F |
? |
Used to decrypt keys into the 0x10 key slot
|
0x341-0x343 |
3 |
0x0120 |
? |
?
|
0x344 |
3 |
0x0220 |
? |
?
|
0x345-0x348 |
3 |
0x022F |
? |
Used to decrypt keys into one of the 0x21-0x24 key slot
|
0x349-0x353 |
3 |
0x0220 |
? |
?
|
0x354-0x3FF |
3 |
0x0000 |
? |
?
|
0x400-0x47F |
1 |
0x0000 |
? |
?
|
0x480-0x4FF |
0 |
0x0000 |
? |
?
|
0x500 |
1 |
0x1800 |
? |
?
|
0x501 |
7 |
0x1000 |
? |
Downgrade protection? Set to 4 on 1.692, 0 on 1.05.
|
0x502-0x504 |
3 |
0x1800 |
Yes |
?
|
0x505 |
1 |
0x0000 |
? |
?
|
0x506 |
3 |
0x1800 |
? |
?
|
0x507 |
3 |
0x1800 |
No |
?
|
0x508 |
3 |
0x1800 |
No |
Revocation related. Set to 0x1060D on 1.692, 0x1010A on 1.05, 0x0100010B on 1.50
|
0x509 |
3 |
0x1800 |
Yes |
IDPS of unit
|
0x50A |
3 |
0x1800 |
? |
Byte15bit0,byte14bit0,byte14bit1,byte11bit4: Revocation related. Byte13bit0: Enable F00D debug prints.
|
0x50B |
3 |
0x1800 |
? |
?
|
0x50C |
3 |
0x1800 |
No |
Flags. Set to 1 on 1.692 and newer, 0 on older
|
0x50D |
3 |
0x1800 |
Yes |
Per Console Root Key
|
0x50E |
3 |
0x1800 |
Yes |
Current firmware version.
|
0x50F |
3 |
0x1800 |
Yes |
Factory firmware version.
|
0x510 |
3 |
0x1800 |
Yes |
?
|
0x511 |
3 |
0x1800 |
Yes |
Unique per boot session id
|
0x512 |
7 |
0x1800 |
Yes |
Tick count?
|
0x513 |
3 |
0x1800 |
No |
DRAM size. Set to 0x20000000 on retail, 0x40000000 on devkit.
|
0x514 |
3 |
0x1800 |
No? |
F00d-cmd F01 AES-256-CMAC key. Protected on 1.05.
|
0x515 |
3 |
0x1800 |
No? |
F00d-cmd F01 AES-256-CBC key. Protected on 1.05.
|
0x516 |
3 |
0x1800 |
? |
F00d-cmd F01 writes (u32)1 here when exporting the infoblk. Next time main() executes this flag is cleared.
|
0x517 |
3 |
0x1800 |
|
When initializing the EEPROM, this is zeroed if 0x50D has bit8 clear (on 1.692).
|
0x518 |
3 |
0x1800 |
No |
Another current FW version (3.60+?)
|
0x519 |
3 |
0x1800 |
No |
00s
|
0x51A |
3 |
0x1800 |
Yes |
Randomized 0x20 byte key unique every boot/reboot/resume used for kernel coredump encryption
|
0x51B |
3 |
0x1800 |
No |
Some kind of model info 0x406000 on retail and 0x416000 on devkit
|
0x51C-0x57F |
1 |
0x0000 |
? |
?
|
0x580-0x5FF |
0 |
0x0000 |
? |
?
|
0x600-0x602 |
3 |
0x1000 |
Yes |
?
|
0x603 |
3 |
0x1000 |
No |
?
|
0x604 |
3 |
0x1000 |
No |
?
|
0x605-0x607 |
3 |
0x0000 |
? |
?
|
0x608-0x6FF |
0 |
0x0000 |
? |
?
|
0x700-0x7FF |
3 |
0x0000 |
? |
?
|