Difference between revisions of "SceSblAuthMgr"

From Vita Development Wiki
Jump to navigation Jump to search
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
Secure Boot Loader Authentication Manager
 +
 
== Module ==
 
== Module ==
  
=== Known NIDs ===
 
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
! Version !! Name !! World !! Privilege !! NID
+
! Version !! World !! Privilege
 
|-
 
|-
| 1.69 || SceSblAuthMgr || Non-secure || Kernel || 0xEA5DFC93
+
| 1.69-3.60 || Non-secure || Kernel
|-
 
| 3.57 || SceSblAuthMgr || Non-secure || Kernel || 0xA1BFE33C
 
|-
 
| 3.60 || SceSblAuthMgr || Non-secure || Kernel || 0x1773372D
 
 
|}
 
|}
  
Line 37: Line 34:
 
|}
 
|}
  
Previous name was sceSblAuthMgrInvokeSMForKernel, sceSblAuthMgrSmStartForKernel
+
Temp name was sceSblAuthMgrInvokeSMForKernel, sceSblAuthMgrSmStartForKernel.
  
 
<source lang="C">
 
<source lang="C">
// if initialization is successful - ctx will be initialized to 1
+
// If initialization is successful - pHandle will be initialized to 1
int sceSblAuthMgrOpenForKernel(int* ctx);
+
int sceSblAuthMgrOpenForKernel(int *pHandle);
 
</source>
 
</source>
  
Line 51: Line 48:
 
|}
 
|}
  
Previous name was sceSblAuthMgrStopSMForKernel, sceSblAuthMgrSmStopForKernel
+
Temp name was sceSblAuthMgrStopSMForKernel, sceSblAuthMgrSmStopForKernel.
  
Issues [[F00D_Commands#Request_Buffer|F00D command -1]]
+
Issues [[F00D_Commands#Request_Buffer|kprx_auth_sm command -1]].
  
 
<source lang="C">
 
<source lang="C">
// ctx - obtained with sceSblAuthMgrOpenForKernel. ctx must equal 1 for successful deinit.
+
// handle - obtained with sceSblAuthMgrOpenForKernel. handle must equal 1 for successful deinit.
int sceSblAuthMgrCloseForKernel(int ctx);
+
int sceSblAuthMgrCloseForKernel(int handle);
 
</source>
 
</source>
  
Line 66: Line 63:
 
| 0.931-0.990 || 0xCAA38DF7
 
| 0.931-0.990 || 0xCAA38DF7
 
|}
 
|}
 +
 +
Creates SceSblAuthMgrZlibHeap.
  
 
<source lang="C">int sceSblAuthMgrStartForKernel(void);</source>
 
<source lang="C">int sceSblAuthMgrStartForKernel(void);</source>
Line 76: Line 75:
 
|}
 
|}
  
Delete SceSblAuthMgrZlibHeap.
+
Deletes SceSblAuthMgrZlibHeap.
  
 
<source lang="C">int sceSblAuthMgrStopForKernel(void);</source>
 
<source lang="C">int sceSblAuthMgrStopForKernel(void);</source>
Line 87: Line 86:
 
|}
 
|}
  
Issues [[F00D_Commands#0x10001|F00D command 0x10001]]
+
Issues [[F00D_Commands#0x10001_-_sceSblAuthMgrAuthHeader|kprx_auth_sm command 0x10001]]
  
<code>SceSblSmCommContext130</code> type is defined in [[SceKernelModulemgr#Types|SceKernelModulemgr]].
+
<code>SceSblSmCommContext130</code> type is defined in [[SceSblSsSmComm#Types|SceSblSsSmComm]].
  
Read caller SELF Info using sceKernelGetSelfAuthInfoForKernel then writes it to context_130->caller_self_auth_info.
+
?Read caller SELF Info using sceKernelGetSelfAuthInfoForKernel? then writes it to context_130->caller_self_auth_info.
  
 
Calls smc_137 and smc_134 that interact with F00D. F00D set context_130->called_self_auth_info.
 
Calls smc_137 and smc_134 that interact with F00D. F00D set context_130->called_self_auth_info.
  
 
<source lang="C">
 
<source lang="C">
//ctx - obtained with sceSblAuthMgrOpenForKernel
+
// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrAuthHeaderForKernel(int ctx, char *self_header_addr, int self_header_size, SceSblSmCommContext130 *context_130);
+
int sceSblAuthMgrAuthHeaderForKernel(int handle, const void *pSelfHeader, SceSize SelfHeaderSize, SceSblSmCommContext130 *ctx130);
 
</source>
 
</source>
  
Line 109: Line 108:
 
Temp name was sceSblAuthMgrLoadSelfSegmentForKernel, sceSblAuthMgrLoadSegmentForKernel.
 
Temp name was sceSblAuthMgrLoadSelfSegmentForKernel, sceSblAuthMgrLoadSegmentForKernel.
  
Issues [[F00D_Commands#0x20001|F00D command 0x20001]]
+
Issues [[F00D_Commands#0x20001_-_sceSblAuthMgrSetupAuthSegment|kprx_auth_sm command 0x20001]].
  
 
<source lang="C">
 
<source lang="C">
// ctx - obtained with sceSblAuthMgrOpenForKernel
+
// handle - obtained with sceSblAuthMgrOpenForKernel
  
 
0.931-1.50
 
0.931-1.50
int sceSblAuthMgrSetupAuthSegmentForKernel(int ctx, int segment_number, int segment_size, void output_buffer, int program_size);
+
int sceSblAuthMgrSetupAuthSegmentForKernel(int handle, int segment_number, int segment_size, void *output_buffer, SceSize program_size);
  
 
3.60
 
3.60
int sceSblAuthMgrSetupAuthSegmentForKernel(int ctx, int segment_number);
+
int sceSblAuthMgrSetupAuthSegmentForKernel(int handle, int segment_number);
 
</source>
 
</source>
  
Line 130: Line 129:
 
Temp name was sceSblAuthMgrLoadSelfBlockForKernel, sceSblAuthMgrLoadBlockForKernel.
 
Temp name was sceSblAuthMgrLoadSelfBlockForKernel, sceSblAuthMgrLoadBlockForKernel.
  
Issues [[F00D_Commands#0x30001|F00D command 0x30001]]
+
Issues [[F00D_Commands#0x30001_-_sceSblAuthMgrLoadBlock|kprx_auth_sm command 0x30001]]
  
 
<source lang="C">
 
<source lang="C">
// ctx - obtained with sceSblAuthMgrOpenForKernel
+
// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrAuthSegmentForKernel(int ctx, void *buffer, int len);
+
int sceSblAuthMgrAuthSegmentForKernel(int handle, void *buffer, SceSize len);
 
</source>
 
</source>
  
Line 145: Line 144:
  
 
<source lang="C">
 
<source lang="C">
// ctx - obtained with sceSblAuthMgrOpenForKernel
+
// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrLoadSegmentInternalForKernel(int ctx, int a2, unsigned int a3);
+
int sceSblAuthMgrLoadSegmentInternalForKernel(int handle, int a2, unsigned int a3);
 
</source>
 
</source>
  
Line 156: Line 155:
 
|}
 
|}
  
Issues [[F00D_Commands#0x50001_sceSblAuthMgrSetDmac5KeyForKernel|F00D command 0x50001]]
+
Issues [[F00D_Commands#0x50001_-_sceSblAuthMgrSetDmac5KeyForKernel|kprx_auth_sm command 0x50001]].
  
 
<source lang="C">
 
<source lang="C">
 
// key_size - in bytes
 
// key_size - in bytes
int sceSblAuthMgrSetDmac5KeyForKernel(char *key, int key_size, int slot_id, int key_id);
+
int sceSblAuthMgrSetDmac5KeyForKernel(const void *key, SceSize key_size, int slot_id, int key_id);
 
</source>
 
</source>
  
Line 170: Line 169:
 
|}
 
|}
  
Issues [[F00D_Commands#0x60001_sceSblAuthMgrClearDmac5KeyForKernel|F00D command 0x60001]]
+
Issues [[F00D_Commands#0x60001_-_sceSblAuthMgrClearDmac5KeyForKernel|kprx_auth_sm command 0x60001]].
  
 
<source lang="C">int sceSblAuthMgrClearDmac5KeyForKernel(int unk0, int unk1);</source>
 
<source lang="C">int sceSblAuthMgrClearDmac5KeyForKernel(int unk0, int unk1);</source>
Line 207: Line 206:
 
EKc means Encrypted Klicense (also called Key License).
 
EKc means Encrypted Klicense (also called Key License).
  
Issues [[F00D_Commands#0x40001_sceSblAuthMgrGetEKcForDriver|F00D command 0x40001]]
+
Issues [[F00D_Commands#0x40001_-_sceSblAuthMgrGetEKcForDriver|kprx_auth_sm command 0x40001]].
  
<source lang="C">int sceSblAuthMgrGetEKcForDriver(void* data, int size, int key_id);</source>
+
<source lang="C">int sceSblAuthMgrGetEKcForDriver(void *data, SceSize size, int key_id);</source>
  
 
=== sceSblAuthMgrDecBindDataForDriver ===
 
=== sceSblAuthMgrDecBindDataForDriver ===
Line 218: Line 217:
 
|}
 
|}
  
Issues [[F00D_Commands#0x70001_sceSblAuthMgrDecBindDataForDriver|F00D command 0x70001]]
+
Issues [[F00D_Commands#0x70001_-_sceSblAuthMgrDecBindDataForDriver|kprx_auth_sm command 0x70001]].
  
 
<source lang="C">
 
<source lang="C">
Line 233: Line 232:
 
|}
 
|}
  
Used by [[SceSblPostSsMgr#sceSblSpsfoMgrVerifyForDriver|sceSblSpsfoMgrVerifyForDriver]]
+
Used by [[SceSblPostSsMgr#sceSblSpsfoMgrVerifyForDriver|sceSblSpsfoMgrVerifyForDriver]].
 +
 
 +
Issues [[F00D_Commands#0x80001_-_sceSblAuthMgrVerifySpsfo|kprx_auth_sm command 0x80001]].
  
Issues [[F00D_Commands#0x80001|F00D command 0x80001]].
+
Spsfo (signed param.sfo) file is located in game cartridge at path gro0:gc/param.sfo. It can also be loaded from host0: on DevKit. It has 3 parts: CF header and certification, plain SceSpsfoHeader and plain SFO (maybe reduced).
 +
 
 +
<source lang="C">
 +
typedef struct SceSpsfoHeader { // size is 0x200 usually
 +
    int version;                  // ex: 1
 +
    SceSize size;                // header size
 +
    uint64_t system_version;      // ex: 0x0330000000000110
 +
    char titleid[0x20];
 +
    uint64_t parent_authority_id; // ex: 0x2800000000000030
 +
    uint64_t process_authority_id;
 +
    char reserved[0x1C0];
 +
} SceSpsfoHeader;
 +
 
 +
Note : SceSpsfoHeader and spsfo_ctx may be different
 +
</source>
  
 
<source lang="C">int sceSblAuthMgrVerifySpsfoForDriver(spsfo_ctx *ctx);</source>
 
<source lang="C">int sceSblAuthMgrVerifySpsfoForDriver(spsfo_ctx *ctx);</source>

Revision as of 01:01, 30 September 2020

Secure Boot Loader Authentication Manager

Module

Version World Privilege
1.69-3.60 Non-secure Kernel

Libraries

Known NIDs

Version Name World Visibility NID
1.69-3.60 SceSblAuthMgrForKernel Non-secure Kernel 0x7ABF5135
1.69-3.60 SceSblAuthMgrForDriver Non-secure Kernel 0x4EB2B1BB

SceSblAuthMgrForKernel

These functions are used for SELF decryption.

sceSblAuthMgrOpenForKernel

Version NID
0.931-3.60 0xA9CD2A09

Temp name was sceSblAuthMgrInvokeSMForKernel, sceSblAuthMgrSmStartForKernel. 

// If initialization is successful - pHandle will be initialized to 1
int sceSblAuthMgrOpenForKernel(int *pHandle);

sceSblAuthMgrCloseForKernel

Version NID
0.931-3.60 0x026ACBAD

Temp name was sceSblAuthMgrStopSMForKernel, sceSblAuthMgrSmStopForKernel.

Issues kprx_auth_sm command -1. 

// handle - obtained with sceSblAuthMgrOpenForKernel. handle must equal 1 for successful deinit.
int sceSblAuthMgrCloseForKernel(int handle);

sceSblAuthMgrStartForKernel

Version NID
0.931-0.990 0xCAA38DF7

Creates SceSblAuthMgrZlibHeap. 

int sceSblAuthMgrStartForKernel(void);

sceSblAuthMgrStopForKernel

Version NID
0.931-0.990 0x6C1F5048

Deletes SceSblAuthMgrZlibHeap. 

int sceSblAuthMgrStopForKernel(void);

sceSblAuthMgrAuthHeaderForKernel

Version NID
0.931-3.60 0xF3411881

Issues kprx_auth_sm command 0x10001

SceSblSmCommContext130 type is defined in SceSblSsSmComm.

?Read caller SELF Info using sceKernelGetSelfAuthInfoForKernel? then writes it to context_130->caller_self_auth_info.

Calls smc_137 and smc_134 that interact with F00D. F00D set context_130->called_self_auth_info. 

// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrAuthHeaderForKernel(int handle, const void *pSelfHeader, SceSize SelfHeaderSize, SceSblSmCommContext130 *ctx130);

sceSblAuthMgrSetupAuthSegmentForKernel

Version NID
0.931-3.60 0x89CCDA2C

Temp name was sceSblAuthMgrLoadSelfSegmentForKernel, sceSblAuthMgrLoadSegmentForKernel.

Issues kprx_auth_sm command 0x20001. 

// handle - obtained with sceSblAuthMgrOpenForKernel

0.931-1.50
int sceSblAuthMgrSetupAuthSegmentForKernel(int handle, int segment_number, int segment_size, void *output_buffer, SceSize program_size);

3.60
int sceSblAuthMgrSetupAuthSegmentForKernel(int handle, int segment_number);

sceSblAuthMgrAuthSegmentForKernel

Version NID
0.931-3.60 0xBC422443

Temp name was sceSblAuthMgrLoadSelfBlockForKernel, sceSblAuthMgrLoadBlockForKernel.

Issues kprx_auth_sm command 0x30001 

// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrAuthSegmentForKernel(int handle, void *buffer, SceSize len);

sceSblAuthMgrLoadSegmentInternalForKernel

Version NID
0.990 0x15248FB4 
// handle - obtained with sceSblAuthMgrOpenForKernel
int sceSblAuthMgrLoadSegmentInternalForKernel(int handle, int a2, unsigned int a3);

sceSblAuthMgrSetDmac5KeyForKernel

Version NID
1.05-3.60 0x122ACDEA

Issues kprx_auth_sm command 0x50001. 

// key_size - in bytes
int sceSblAuthMgrSetDmac5KeyForKernel(const void *key, SceSize key_size, int slot_id, int key_id);

sceSblAuthMgrClearDmac5KeyForKernel

Version NID
0.990-3.60 0xF2BB723E

Issues kprx_auth_sm command 0x60001. 

int sceSblAuthMgrClearDmac5KeyForKernel(int unk0, int unk1);

SceSblAuthMgrForKernel_2A83A012

Version NID
3.60 0x2A83A012

Returns 0. May be an old function kept for compatibility. 

int SceSblAuthMgrForKernel_2A83A012(void);

sceSblAuthMgrCompareSwVersionForKernel

Version NID
3.60 0xABAB8466

Aligns version on 12 bits then compares to the hardcoded current firmware version (example: 0x03600000 on FW 3.60). 

int sceSblAuthMgrCompareSwVersionForKernel(int version);

SceSblAuthMgrForDriver

sceSblAuthMgrGetEKcForDriver

Version NID
0.990-3.60 0x868B9E9A

EKc means Encrypted Klicense (also called Key License).

Issues kprx_auth_sm command 0x40001. 

int sceSblAuthMgrGetEKcForDriver(void *data, SceSize size, int key_id);

sceSblAuthMgrDecBindDataForDriver

Version NID
1.05-3.60 0x41DAEA12

Issues kprx_auth_sm command 0x70001. 

// request should contain pair of keys and rif data

int sceSblAuthMgrDecBindDataForDriver(char* klicensee, int klicensee_len, char* request, int request_len, int zero);

sceSblAuthMgrVerifySpsfoForDriver

Version NID
1.03-3.60 0x24C4CE64

Used by sceSblSpsfoMgrVerifyForDriver.

Issues kprx_auth_sm command 0x80001.

Spsfo (signed param.sfo) file is located in game cartridge at path gro0:gc/param.sfo. It can also be loaded from host0: on DevKit. It has 3 parts: CF header and certification, plain SceSpsfoHeader and plain SFO (maybe reduced). 

typedef struct SceSpsfoHeader { // size is 0x200 usually
    int version;                  // ex: 1
    SceSize size;                 // header size
    uint64_t system_version;      // ex: 0x0330000000000110
    char titleid[0x20];
    uint64_t parent_authority_id; // ex: 0x2800000000000030
    uint64_t process_authority_id;
    char reserved[0x1C0];
} SceSpsfoHeader;

Note : SceSpsfoHeader and spsfo_ctx may be different
int sceSblAuthMgrVerifySpsfoForDriver(spsfo_ctx *ctx);
Retrieved from "http://wiki.henkaku.xyz/vita/index.php?title=SceSblAuthMgr&oldid=14874"