Game Card

From Vita Development Wiki
Revision as of 16:46, 23 January 2017 by Motoharu (talk | contribs) (→‎packet 9)
Jump to navigation Jump to search

Game card is a standard MMC card. Pinout is different, however it complies with MMC card.

Gamecard pinout.png


Card initialization

Card initialization consists of two steps:

  • Standard MMC initialization.
  • Custom CMD56 initialization.

CMD56 is a command that is used to transfer vendor specific data from host to card and back to host.

Second step is crucial and is required to be done before host tries to read any data from the card for example with CMD17.

Standard MMC initialization

This step is performed by SceSdif.

Part1: Card identification (SD, MMC, SDIO)

  • 40 00 00 00 00 95 - CMD0 - GO_IDLE_STATE
  • 48 00 00 01 AA 87 - CMD8 - SEND_IF_COND
  • 45 00 00 00 00 5B - CMD5 - IO_SEND_OP_COND
  • 77 00 00 00 00 65 - CMD55 - APP_CMD

Part2: Card initialization

  • 40 00 00 00 00 95 - CMD0 - GO_IDLE_STATE
  • 41 40 FF 80 00 0B - CMD1 - SEND_OP_COND
  • 42 00 00 00 00 4D - CMD2 - ALL_SEND_CID
  • 43 00 01 00 00 7F - CMD3 - SET_RELATIVE_ADDR
  • 49 00 01 00 00 F1 - CMD9 - SEND_CSD
  • 47 00 01 00 00 DD - CMD7 - SELECT_CARD
  • 46 03 AF 01 00 43 - CMD6 - SWITCH (ERASE_GROUP_DEF)
  • 48 00 00 00 00 C3 - CMD8 - SEND_EXT_CSD
  • 50 00 00 02 00 15 - CMD16 - SET_BLOCKLEN
  • 46 03 B9 01 00 2F - CMD6 - SWITCH (HS_TIMING)
  • 46 03 B7 01 00 2D - CMD6 - SWITCH (BUS_WIDTH 4)

Custom CMD56 initialization

This step is performed by SceSblGcAuthMgr.

SceSblGcAuthMgr uses SceSblSsSmComm API to send F00D Commands to call Kirk services 1B-20. Game card can be accessed with device index 1

Initialization consists of 20 packets total. There are 10 request and 10 response packets. Each packet is sent or received with CMD56.

packet 1

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x31 response code
0x24 0x04 0x03 additional data size
0x28 0x04 0x13 response size
0x2C 0x01 0xC4 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x03 additional data size

packet 2

Offset Size Value Description

packet 3

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x23 response code
0x24 0x04 0x03 additional data size
0x28 0x04 0x05 response size
0x2C 0x01 0xC2 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x03 additional data size

packet 4

Offset Size Value Description

packet 5

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x02 response code
0x24 0x04 0x03 additional data size
0x28 0x04 0x2B response size
0x2C 0x01 0xA1 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x03 additional data size

packet 6

Offset Size Value Description

packet 7

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x03 response code
0x24 0x04 0x15 additional data size
0x28 0x04 0x23 response size
0x2C 0x01 0xA2 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x15 additional data size
0x2F 0x02 0x01 gc parameter (packet 6)
0x31 0x10 - generated chunk (random?)

packet 8

Offset Size Value Description

packet 9

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x05 response code
0x24 0x04 0x33 additional data size
0x28 0x04 0x03 response size
0x2C 0x01 - command ? (generated with Kirk 1C)
0x2D 0x01 - unknown (generated with Kirk 1C)
0x2E 0x01 - additional data size (generated with Kirk 1C)
0x2F 0x30 - data (generated with Kirk 1C)

packet 10

Offset Size Value Description

packet 11

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x23 response code
0x24 0x04 0x03 additional data size
0x28 0x04 0x05 response size
0x2C 0x01 0xC2 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x03 additional data size

packet 12

Offset Size Value Description

packet 13

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x07 response code
0x24 0x04 0x13 additional data size
0x28 0x04 0x43 response size
0x2C 0x01 0xA4 command ?
0x2D 0x01 0x00 unknown
0x2E 0x01 0x13 additional data size
0x2F 0x10 - generated chunk (random?)

packet 14

Offset Size Value Description

packet 15

Offset Size Value Description
0x00 0x20 - key0
0x20 0x04 0x11 response code
0x24 0x04 0x33 additional data size
0x28 0x04 0x43 response size
0x2C 0x01 - command ? (generated with Kirk 1E)
0x2D 0x01 - unknown (generated with Kirk 1E)
0x2E 0x01 - additional data size (generated with Kirk 1E)
0x2F 0x30 - data (generated with Kirk 1E)

packet 16

Offset Size Value Description

packet 17

Offset Size Value Description

packet 18

Offset Size Value Description

packet 19

Offset Size Value Description

packet 20

Offset Size Value Description
Retrieved from "http://wiki.henkaku.xyz/vita/index.php?title=Game_Card&oldid=2404"