Difference between revisions of "SceSblPostSsMgr"

From Vita Development Wiki
Jump to navigation Jump to search
Line 334: Line 334:
 
   if (!is_utoken_flags_set_in_mem)
 
   if (!is_utoken_flags_set_in_mem)
 
     return 0;
 
     return 0;
   if (sceSblACMgrGetSelfAuthInfoForKernel(pid, &authid))
+
   if (sceSblACMgrGetProcessSelfAuthInfoForKernel(pid, &authid))
 
     return 0;
 
     return 0;
 
   return authid == utoken_flags_or_authid_in_mem;
 
   return authid == utoken_flags_or_authid_in_mem;

Revision as of 17:24, 28 December 2019

Module

Known NIDs

Version Name World Privilege NID
3.60 SceSblPostSsMgr Non-secure Kernel 0xB6C941F2

Libraries

Known NIDs

Version Name World Visibility NID
1.03-3.60 SceSblPostSsMgrForDriver Non-secure Kernel 0x2254E1B2
3.60 SceZlibForDriver Non-secure Kernel 0xE241534E
3.60 SceSblFwLoaderForDriver Non-secure Kernel 0x6FE424E4
1.03-3.60 SceSblPmMgr Non-secure User 0xA9CE5795
1.03-3.60 SceSblRtcMgr Non-secure User 0x44C5F209
1.03-3.60 SceSblLicMgr Non-secure User 0x62083C72
1.03-3.60 SceSblUtMgr Non-secure User 0x000DF81A
1.03 SceSblSpsfoMgr Non-secure User 0x7959298B

Types

typedef struct spsfo_ctx
{
  SceUID mem_uid; // SceSblSpsfoMgr
  void* mem_block_base;
  uint32_t unk_8;
} spsfo_ctx;

typedef struct SceUtoken // size is 0x800
{
  char unk_data[0x800];
} SceUtoken;

typedef struct SceUtokenDecrypted // size is 0x58
{
  char unk_data[0x30];
  char utoken_flags[0x8];
  char unk_data_2[0x20];
} SceUtokenDecrypted;

Not exported

module_start

Calls 2 subroutines:

  • init_qaftoken
  • init_utoken

init utoken

Reads tm0:utoken.dat.

Calls utoken_sm.self service 2 to decrypt SceUtoken buffer. The output is a 0x58 bytes buffer.

SceSblPostSsMgrForDriver

sceSblSpsfoMgrOpenForDriver

Version NID
3.60 0xBDF18922 
int sceSblSpsfoMgrOpenForDriver(char *path, spsfo_ctx *result);

sceSblSpsfoMgrVerifyForDriver

Version NID
3.60 0x686B9461

Derived from _vshSblAuthMgrVerifySpsfo. 

int sceSblSpsfoMgrVerifyForDriver(spsfo_ctx *ctx, int *res, int *size);

sceSblSpsfoMgrCloseForDriver

Version NID
3.60 0xAD3B0078 
int sceSblSpsfoMgrCloseForDriver(spsfo_ctx *ctx);

sceSblLicMgrGetActivationKeyForDriver

Version NID
3.60 0xF7F1015B 
typedef struct activation_key // size is 0x14
{
   char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver
   uint32_t vadd_hash; // result of vector add operation applied to open_psid
} activation_key;

int sceSblLicMgrGetActivationKeyForDriver(activation_key* key);

sceSblLicMgrActivateDevkitForDriver

Version NID
0.990-3.60 0x0298382B 
int sceSblLicMgrActivateDevkitForDriver(char *afv_path);

sceSblLicMgrGetLicenseStatusForDriver

Version NID
3.60 0x15F37282 
// values: -1 = not initialized, 0 = activated, 1 = expired, 2 = RTC backup battery failure
int sceSblLicMgrGetLicenseStatusForDriver(void);

sceSblLicMgrGetExpireDateForDriver

Version NID
1.03-3.60 0x4FF2682F

Get activation data expire date.

If sceSblAIMgrIsToolRev3ForDriver, 30/10/2011 8:00:00.

If sceSblAIMgrIsToolRev5ForDriver, 30/6/2012 8:00:00.

If sceSblAIMgrIsNonCEXForDriver and product_sub_code = 0xA, 0xB or 0xC, 31/3/2012 14:59:00. 

// if read_from_nvs is false, it reads expire_date from SceSblPostSsMgr memory.
int sceSblLicMgrGetExpireDateForDriver(int *expire_date, int read_from_nvs);

sceSblPmMgrSetProductModeForDriver

Version NID
0.990-3.60 0xADF92824

executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA 

int sceSblPmMgrSetProductModeForDriver(int product_mode);

sceSblPmMgrSetProductModeUnkForDriver

Version NID
1.03-3.60 0xFE92A318

Executes pm_sm.self commands 2, 3, 4, 5, 6, 7, 8, 9, 0xA. 

int sceSblPmMgrSetProductModeUnkForDriver(int product_mode);

sceSblPmMgrGetProductModeFromNVSForDriver

Version NID
0.990-3.60 0x4663C195

Executes pm_sm.self command 1. 

int sceSblPmMgrGetProductModeFromNVSForDriver(int *product_mode);

sceSblPmMgrAuthEtoIForDriver

Version NID
0.990-3.60 0x19B63D65

Returns jig_auth(12). Returns an integer on success.

jig_auth:

  • On 0.990: executes pm_sm_sd.self commands 3 (gen_req_hello), 4 (gen_challenge), 5 (check_response), 6 (gen_req_result), 7 (check_result).
  • On 1.03-3.60: executes pm_sm_sd.self commands 9, 0xA.
int sceSblPmMgrAuthEtoIForDriver(void);

sceSblPostSsMgrDecryptSealedkeyForDriver

Version NID
3.60 0x33275F95

data is 0x50 bytes of data from sealedkey

this function:

verifies pfsSKKey header

decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver

verifies hmac256 value in HMAC Value

decrypts Encrypted key into dst_secret 

//data - size 0x50
//dst_secret - size 0x10
int sceSblPostSsMgrDecryptSealedkeyForDriver(char* data, char* dst_secret);

sceSblPostSsMgrEncryptSealedkeyForDriver

Version NID
3.60 0x08525D8D

data is 0x50 bytes of data like in sealedkey

this function:

writes pfsSKKey header

decrypts aes_key(pfsSKKey__EncKey) and hmac_key(pfsSKKey__Secret) using sceSblSsEncryptWithPortabilityForDriver

randomly generates 0x10 bytes of IV with sceSblRngPseudoRandomNumberForDriver

randomly generates 0x10 bytes of secret with sceSblRngPseudoRandomNumberForDriver

encrypts the secret into Encrypted key

calculates hmac256 value into HMAC Value 

// dest_data - size 0x50
int sceSblPostSsMgrEncryptSealedkeyForDriver (char* dest_data);

sceSblPostSsMgrVerifyKeystoneForDriver

Version NID
3.60 0xDDA6FA6D

This function verifies magic in the header and HMAC of the keystone file 

int sceSblPostSsMgrVerifyKeystoneForDriver(char* data, int version);

sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver

Version NID
3.60 0xF86F1452

This function calls sceSblPostSsMgrVerifyKeystoneForDriver. Then also verifies HMAC of passcode. 

int sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver(char* keystone_data, char* passcode);

sceSblPostSsMgrDebugEncryptKeystoneForDriver

Version NID
3.60 0x42474C8B 
int sceSblPostSsMgrDebugEncryptKeystoneForDriver(char* src_secret, char* dest_data);

sceSblPostSsMgrDebugDecryptKeystoneForDriver

Version NID
3.60 0xCC5AA5A5 
int sceSblPostSsMgrDebugDecryptKeystoneForDriver(char* keystone_data, char* dst_secret);

sceSblUtMgrIsUtokenProgramForDriver

Version NID
1.03-3.60 0x128FB35A

pseudo-code: 

bool sceSblUtMgrIsUtokenProgramForDriver(SceUID pid) {
  SceUInt64 authid;

  if (!is_utoken_flags_set_in_mem)
    return 0;
  if (sceSblACMgrGetProcessSelfAuthInfoForKernel(pid, &authid))
    return 0;
  return authid == utoken_flags_or_authid_in_mem;
}
int sceSblUtMgrIsUtokenProgramForDriver(SceUID pid);

sceSblUtMgrUpdateUtokenForDriver

Version NID
1.03-3.60 0xC2E58CE3

Executes utoken_sm command 1 to verify buffer, then writes the 0x800 bytes buffer to tm0:utoken/utoken.dat. 

// size = 0x800
int sceSblUtMgrExecuteUtokenSmCommand1ForDriver(char* buf, SceSize size);

sceSblUtMgrResetUtokenFileForDriver

Version NID
3.60 0x1FF699DD

Writes 0x800 blank tm0:utoken/utoken.dat or removes it.

Exported to userland by sceSblUtMgrResetUtokenFile. 

int sceSblUtMgrResetUtokenFileForDriver(void);

sceSblUtMgrHasComTestFlagForDriver

Version NID
1.03-3.60 0x7ACCAA50

Derived from vshSblUtMgrHasComTestFlag. 

int sceSblUtMgrHasComTestFlagForDriver(void);

sceSblUtMgrHasStoreFlagForDriver

Version NID
1.03-3.60 0x9D2E2D39

Derived from vshSblUtMgrHasStoreFlag. 

int sceSblUtMgrHasStoreFlagForDriver(void);

sceSblUtMgrHasNpTestFlagForDriver

Version NID
1.03-3.60 0x9FD835B0

Derived from vshSblUtMgrHasNpTestFlag. 

int sceSblUtMgrHasNpTestFlagForDriver(void);

sceSblUtMgrHasUNK1FlagForDriver

Version NID
1.03-3.60 0x22599675 
int sceSblUtMgrHasUNK1FlagForDriver(void);

sceSblUtMgrHasUNK2FlagForDriver

Version NID
1.03-3.60 0x9B49C249 
int sceSblUtMgrHasUNK2FlagForDriver(void);

sceSblUtMgrHasUNK3FlagForDriver

Version NID
1.03-3.60 0x1923D80D 
int sceSblUtMgrHasUNK3FlagForDriver(void);

sceSblUtMgrGetTrilithiumBufferForDriver

Version NID
3.60 0xABDD68CD 
int sceSblUtMgrGetTrilithiumBufferForDriver(SceUtokenDecrypted *buffer);

sceSblRtcMgrSetCpRtcForDriver

Version NID
3.60 0x3F9BDEDF

Set RTC in DevKit CP. 

int sceSblRtcMgrSetCpRtcForDriver(int rtc);

sceSblRtcMgrGetCpRtcPhysicalForDriver

Version NID
1.03-3.60 0x942010A0 
int sceSblRtcMgrGetCpRtcPhysicalForDriver(int *rtc);

sceSblRtcMgrGetCpRtcLogicalForDriver

Version NID
1.03-3.60 0xDE5150FE 
int sceSblRtcMgrGetCpRtcLogicalForDriver(int *rtc);

SceSblPostSsMgrForDriver_D8A2D465

Version NID
3.60 0xD8A2D465

SceZlibForDriver

init

Version NID
0.940-3.60 0x723495A5 
         SceZlibForDriver_00561385: 0x00561385
         SceZlibForDriver_05F712FE: 0x05F712FE
         SceZlibForDriver_0BDDF66A: 0x0BDDF66A
         SceZlibForDriver_0FA805A3: 0x0FA805A3
         SceZlibForDriver_134E91EA: 0x134E91EA
         SceZlibForDriver_1C344E27: 0x1C344E27
         SceZlibForDriver_1E135CC1: 0x1E135CC1
         SceZlibForDriver_20A122F8: 0x20A122F8
         SceZlibForDriver_211D25F5: 0x211D25F5
         SceZlibForDriver_21A03034: 0x21A03034
         SceZlibForDriver_25F28DA7: 0x25F28DA7
         SceZlibForDriver_3252D28C: 0x3252D28C
         SceZlibForDriver_3370B9AD: 0x3370B9AD
         SceZlibForDriver_35E0108C: 0x35E0108C
         SceZlibForDriver_3B4466F4: 0x3B4466F4
         SceZlibForDriver_3F33F55F: 0x3F33F55F
         SceZlibForDriver_408311E8: 0x408311E8
         SceZlibForDriver_44DA19D2: 0x44DA19D2
         SceZlibForDriver_4C27A382: 0x4C27A382
         SceZlibForDriver_4CB63BCD: 0x4CB63BCD
         SceZlibForDriver_4EE6C080: 0x4EE6C080
         SceZlibForDriver_517BC5F7: 0x517BC5F7
         SceZlibForDriver_520CAA7F: 0x520CAA7F
         SceZlibForDriver_5377643A: 0x5377643A
         SceZlibForDriver_5492B3F2: 0x5492B3F2
         SceZlibForDriver_5A0078D6: 0x5A0078D6
         SceZlibForDriver_5B718E55: 0x5B718E55
         SceZlibForDriver_67A085C4: 0x67A085C4
         SceZlibForDriver_68CFEA45: 0x68CFEA45
         SceZlibForDriver_6ED5B677: 0x6ED5B677
         SceZlibForDriver_7048F14C: 0x7048F14C
         SceZlibForDriver_7993ADAB: 0x7993ADAB
         SceZlibForDriver_7B16DBD6: 0x7B16DBD6
         SceZlibForDriver_7C40CC39: 0x7C40CC39
         SceZlibForDriver_7E823337: 0x7E823337
         SceZlibForDriver_81D0667B: 0x81D0667B
         SceZlibForDriver_82167CD9: 0x82167CD9
         SceZlibForDriver_834CC4A2: 0x834CC4A2
         SceZlibForDriver_86FF6C8B: 0x86FF6C8B
         SceZlibForDriver_89A13883: 0x89A13883
         SceZlibForDriver_89B30588: 0x89B30588
         SceZlibForDriver_9030BAE4: 0x9030BAE4
         SceZlibForDriver_904AA7AE: 0x904AA7AE
         SceZlibForDriver_93168F72: 0x93168F72
         SceZlibForDriver_938F34FA: 0x938F34FA
         SceZlibForDriver_98619620: 0x98619620
         SceZlibForDriver_A1E7E8B3: 0xA1E7E8B3
         SceZlibForDriver_A5D70E95: 0xA5D70E95
         SceZlibForDriver_AC2F8437: 0xAC2F8437
         SceZlibForDriver_AD23EEBB: 0xAD23EEBB
         SceZlibForDriver_B03E109B: 0xB03E109B
         SceZlibForDriver_BC022D38: 0xBC022D38
         SceZlibForDriver_BE5CE88A: 0xBE5CE88A
         SceZlibForDriver_D4A85178: 0xD4A85178
         SceZlibForDriver_D9BDC778: 0xD9BDC778
         SceZlibForDriver_E0CE06C0: 0xE0CE06C0
         SceZlibForDriver_E2DF5A8B: 0xE2DF5A8B
         SceZlibForDriver_E323828B: 0xE323828B
         SceZlibForDriver_E4F34A68: 0xE4F34A68
         SceZlibForDriver_E6EB524C: 0xE6EB524C
         SceZlibForDriver_E859D60F: 0xE859D60F
         SceZlibForDriver_E94663DD: 0xE94663DD
         SceZlibForDriver_EEC6D267: 0xEEC6D267
         SceZlibForDriver_F2D8FC1A: 0xF2D8FC1A

SceSblFwLoaderForDriver

See SceSblFwLoader#SceSblFwLoaderForDriver.

SceSblPmMgr

sceSblPmMgrSetProductModeOffForUser

Version NID
3.60 0x41FE8A37

Calls internally sceSblPmMgrSetProductModeForDriver(0). 

int sceSblPmMgrSetProductModeOffForUser(void);

sceSblPmMgrGetProductModeForUser

Version NID
3.60 0x46EA9FDB

Returns 0 on success.

Gets sysroot_buffer using sceKernelGetSysrootBufferForDriver.

result = ((int *)(sysroot_buffer->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag 

int sceSblPmMgrGetProductModeForUser(int* result);

sceSblPmMgrGetProductModeFromNVS

Version NID
3.60 0x49CE0DDF

Calls sceSblPmMgrGetProductModeFromNVSForDriver.

sceSblPmMgrAuthEtoI

Version NID
0.990-3.60 0xBD38B141

Calls sceSblPmMgrAuthEtoIForDriver().

Returns an integer on success. 

int sceSblPmMgrAuthEtoI(void);

sceSblPmMgrGetCurrentMode

Version NID
3.60 0xDA4EDEBF

Returns 0 on success.

Gets sysroot_buffer using sceKernelSysrootGetKblParamForKernel.

result = ((int *)(sysroot_buffer->boot_type_indicator_1) >> 2) & 1; // manufacturing mode flag 

int sceSblPmMgrGetCurrentMode(int* result);

SceSblRtcMgr

sceSblRtcMgrGetCpRtcPhysicalForUser

Version NID
3.60 0x1614302B

sceSblRtcMgrSetCpActivationKey

Version NID
3.60 0x298AE544

sceSblRtcMgrSetCpRtcPhysicalAndKey

Version NID
3.60 0x3C0EEC69

sceSblRtcMgrSetCpRtcLogical

Version NID
3.60 0x9DFB118B

sceSblRtcMgrSetCpRtcPhysicalForUser

Version NID
3.60 0xA990BC44

sceSblRtcMgrGetCpRtcLogical

Version NID
3.60 0xDD44D726

sceSblRtcMgrGetCpSerialId

Version NID
3.60 0xE162A827

Calls sceDeci4pCpupGetCpSerialIdForDriver.

SceSblLicMgr

Functions related to afv file.

sceSblLicMgrGetIssueNo

Version NID
3.60 0x0E0691A1 
// if request_data_flag is 0 then some cached value is used
// if request_data_flag is 1 then data is requested from syscon
int sceSblLicMgrGetIssueNo(int *issue_number, int request_data_flag);

sceSblLicMgrGetLicenseStatus

Version NID
3.60 0x0EA6A30C 
int sceSblLicMgrGetLicenseStatus();

sceSblLicMgrGetActivationKey

Version NID
3.60 0x2A437187 
typedef struct activation_key // size is 0x14
{
   char open_psid[0x10]; // obtained with sceSblSsMgrGetOpenPsIdForDriver
   uint32_t vadd_hash; // result of vector add operation applied to openPSID
} activation_key;

int sceSblLicMgrGetActivationKey(activation_key* key);

sceSblLicMgrActivateFromFs

Version NID
3.60 0x6E56EA0A

Activates from ux0:/data/activate/. 

int sceSblLicMgrActivateFromFs(void);

sceSblLicMgrGetUsageTimeLimit

Version NID
3.60 0x774EBBA2 
int sceSblLicMgrGetUsageTimeLimit(int *time_limit);

Uses sceSblSsMgrGetQAFlagsForKernel.

sceSblLicMgrClearActivationData

Version NID
3.60 0x9B749D1D 
int sceSblLicMgrClearActivationData();

sceSblLicMgrGetExpireDate

Version NID
0.940-3.60 0xE9FA0FE5 
// if request_data_flag is 0 then some cached value is used
// if request_data_flag is 1 then data is requested from syscon
int sceSblLicMgrGetExpireDate(int *expire_date, int request_data_flag);

sceSblLicMgrActivateDevkit

Version NID
3.60 0xEB21DD39 
// afv_path is of size 0x100
int sceSblLicMgrActivateDevkit(char* afv_path);

SceSblUtMgr

sceSblUtMgrUpdateUtoken

Version NID
3.60 0xBDE74645

Calls sceSblUtMgrUpdateUtokenForDriver(buf, 0x800);. 

// size = 0x800
int sceSblUtMgrUpdateUtoken(char* buf, SceSize size);

sceSblUtMgrReadUtoken

Version NID
3.60 0xD2836E0D 
// size = 0x800
int sceSblUtMgrReadUtoken(char *buf, int SceSize size);

sceSblUtMgrResetUtokenFile

Version NID
3.60 0x1CD57182

Calls sceSblUtMgrResetUtokenFileForDriver. 

int sceSblUtMgrResetUtokenFile(void);

sceSblUtMgrGetCurrentSecureTick

Version NID
3.60 0xCFCB1355

Calls sceRtcGetCurrentSecureTickForDriver then uses sceKernelMemcpyKernelToUserForDriver. 

int sceSblUtMgrGetCurrentSecureTick(int* secure_tick);

sceSblUtMgrIsTrilithiumFlagEnabled

Version NID
3.60 0x04CA1311 
// size = sizeof("UT_TRILITHIUM_FLAG") = 18
int sceSblUtMgrIsTrilithiumFlagEnabled(char* buf, SceSize size);

buf takes value "UT_TRILITHIUM_FLAG" if a flag is enabled.

SceSblSpsfoMgr

sceSblSpsfoMgrOpen

Version NID
1.03 0x64B45B53 
int sceSblSpsfoMgrOpen(char *path, spsfo_ctx *result);

sceSblSpsfoMgrVerify

Version NID
1.03 0x517CAF25 
int sceSblSpsfoMgrVerify(spsfo_ctx *ctx, int *res, int *size);

sceSblSpsfoMgrClose

Version NID
1.03 0x3533B542 
int sceSblSpsfoMgrClose(spsfo_ctx *ctx);
Retrieved from "http://wiki.henkaku.xyz/vita/index.php?title=SceSblPostSsMgr&oldid=12696"