Difference between revisions of "SceSblSsMgr"
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) |
||
(21 intermediate revisions by the same user not shown) | |||
Line 43: | Line 43: | ||
| 0x2A0 || 0x20 || Qa Flag Version || | | 0x2A0 || 0x20 || Qa Flag Version || | ||
|- | |- | ||
− | | 0x400 || 0x80 || Qaf Token || | + | | 0x400 || 0x80 || Qaf Token || |
|- | |- | ||
− | | 0x480 || 1 || | + | | 0x480 || 1 || Qaf Token not set flag || Set to 1 by default when Token is not set (FFed). |
+ | |- | ||
+ | | 0x5A0 || 0x100 || Qaf Token signature ?RSA? || Not present on 0.990. Present on 3.60. | ||
|} | |} | ||
== SceSblSsMgrForKernel == | == SceSblSsMgrForKernel == | ||
− | === | + | === sceSblNvsReadDataForKernel === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || 0xC2EC8F5A | + | | 0.990-3.60 || 0xC2EC8F5A |
|} | |} | ||
− | Previous name was sceSblSsMgrGetSysconDataForKernel | + | Previous name was sceSblSsMgrGetSysconDataForKernel and sceSblSsMgrNvsReadDataForKernel. |
For example gets 0x20 bytes of data for [[F00D_Commands#0x4 | act_sm.self command 0x4]] call. | For example gets 0x20 bytes of data for [[F00D_Commands#0x4 | act_sm.self command 0x4]] call. | ||
Line 64: | Line 66: | ||
This is done by passing offset 0x520 as first argument. | This is done by passing offset 0x520 as first argument. | ||
− | <source lang="C">int | + | <source lang="C">int sceSblNvsReadDataForKernel(int offset, char *buffer, int size);</source> |
− | === | + | === sceSblNvsWriteDataForKernel === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || 0xE29E161C | + | | 0.990-3.60 || 0xE29E161C |
|} | |} | ||
− | Previous name was sceSblSsMgrSetSysconDataForKernel | + | Previous name was sceSblSsMgrSetSysconDataForKernel and sceSblSsMgrNvsWriteDataForKernel. |
− | <source lang="C">int | + | <source lang="C">int sceSblNvsWriteDataForKernel(int offset, char *buffer, int size);</source> |
=== return_ffffffff === | === return_ffffffff === | ||
Line 83: | Line 85: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0.990-3.60 || | + | | 0.990-3.60 || 0x516ECC08 |
|} | |} | ||
Line 106: | Line 108: | ||
|} | |} | ||
− | === | + | === sceSblQafManagerClearQafTokenForKernel === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 114: | Line 116: | ||
|} | |} | ||
− | <source lang="C">int | + | <source lang="C">int sceSblQafManagerClearQafTokenForKernel(void);</source> |
<source lang="C"> | <source lang="C"> | ||
Line 129: | Line 131: | ||
</source> | </source> | ||
− | === | + | === sceSblQafManagerGetQAFlagsForKernel === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || 0x83D254FF | + | | 0.990-3.60 || 0x83D254FF |
|} | |} | ||
− | <source lang="C">int | + | <source lang="C">int sceSblQafManagerGetQAFlagsForKernel(char buffer[0x10]);</source> |
=== sceSblQafManagerGetQafNameForKernel === | === sceSblQafManagerGetQafNameForKernel === | ||
Line 144: | Line 146: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || 0xE2DD0378 | + | | 0.990-3.60 || 0xE2DD0378 |
|} | |} | ||
− | |||
− | |||
<source lang="C"> | <source lang="C"> | ||
− | + | if ( byte_81008725 & 2 ) { | |
− | + | char string = "qaf_workaround"; | |
− | memcpy(buffer, buf, 0x18); | + | memcpy(buffer, string, max_len); |
+ | } else { | ||
+ | sceSblNvsReadDataForKernel(0x480, flag, 1); | ||
+ | if (flag) { | ||
+ | sceSblNvsReadDataForKernel(0x400, buf, 0x80); | ||
+ | memcpy(buffer, buf, 0x18); | ||
+ | } | ||
+ | } | ||
</source> | </source> | ||
Line 161: | Line 168: | ||
Cryptographic functions in this module typically have 3 variations: | Cryptographic functions in this module typically have 3 variations: | ||
# Use <code>key</code> - meaning that the key that you provide is used directly for encryption/decryption. | # Use <code>key</code> - meaning that the key that you provide is used directly for encryption/decryption. | ||
− | # Use <code>slot_id</code> - meaning that you have to use [[SceSblAuthMgr# | + | # Use <code>slot_id</code> - meaning that you have to use [[SceSblAuthMgr#sceSblAuthMgrSetDmac5KeyForKernel|sceSblAuthMgrSetDmac5KeyForKernel]] function to set the key into a specific slot. |
#* Note that in this case you select a key from F00D by <code>key_id</code>. It will be encrypted by F00D and placed into the slot selected by <code>slot_id</code>. | #* Note that in this case you select a key from F00D by <code>key_id</code>. It will be encrypted by F00D and placed into the slot selected by <code>slot_id</code>. | ||
− | # Use <code>key_id</code> - meaning that the call to [[SceSblAuthMgr# | + | # Use <code>key_id</code> - meaning that the call to [[SceSblAuthMgr#sceSblAuthMgrSetDmac5KeyForKernel|sceSblAuthMgrSetDmac5KeyForKernel]] will happen internally. |
#* In this case the key from F00D is also selected by <code>key_id</code> and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17. | #* In this case the key from F00D is also selected by <code>key_id</code> and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17. | ||
Line 190: | Line 197: | ||
<source lang="c">int sceSblSsMgrGetRandomDataForDriver(char* dest);</source> | <source lang="c">int sceSblSsMgrGetRandomDataForDriver(char* dest);</source> | ||
− | === | + | === sceSblDmac5RndForDriver === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 197: | Line 204: | ||
| 3.60 || 0x4DD1B2E5 | | 3.60 || 0x4DD1B2E5 | ||
|} | |} | ||
+ | |||
+ | Temp name was sceSblSsMgrGetRandomDataCropForDriver. | ||
Generates random data of length 0x40 by executing [[Dmac5|Dmac5]] command 0x04 | Generates random data of length 0x40 by executing [[Dmac5|Dmac5]] command 0x04 | ||
Line 202: | Line 211: | ||
Data is then cropped to fit the size in outputBuffer. | Data is then cropped to fit the size in outputBuffer. | ||
− | + | Used by [[SceMsif]] | |
− | <source lang="c">int | + | <source lang="c">int sceSblDmac5RndForDriver(char* outputBuffer, int size, int unk);</source> |
=== sceSblSsMgrAESECBEncryptForDriver === | === sceSblSsMgrAESECBEncryptForDriver === | ||
Line 701: | Line 710: | ||
//key_size - 0x80 / 0xC0 / 0x100 (size in bits) | //key_size - 0x80 / 0xC0 / 0x100 (size in bits) | ||
//iv = 0 | //iv = 0 | ||
− | //key_id - 0 - used with | + | //key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForKernel. uses slot_id range 0x0C-0x17 internally |
//mask_enable = 1 | //mask_enable = 1 | ||
//command_bit = 0 / 0x400 / 0x800 / 0xC00 | //command_bit = 0 / 0x400 / 0x800 / 0xC00 | ||
Line 737: | Line 746: | ||
|} | |} | ||
− | Executes [[Dmac5|Dmac5]] commands related to | + | Executes [[Dmac5|Dmac5]] commands related to hash functions |
used by [[SceNpDrm]] | used by [[SceNpDrm]] | ||
Line 745: | Line 754: | ||
</source> | </source> | ||
− | === | + | === sceSblSsEncryptWithPortabilityForDriver === |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 0.990-3.60 || 0x21EC51F6 |
|} | |} | ||
Line 799: | Line 773: | ||
}; | }; | ||
− | int | + | int sceSblSsEncryptWithPortabilityForDriver(int key_id, char *iv, size_data_pair *src, size_data_pair *dst); |
</source> | </source> | ||
− | === | + | === sceSblSsDecryptWithPortabilityForDriver === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 0.990-3.60 || 0x934DB6B5 |
|} | |} | ||
Line 829: | Line 803: | ||
} ScePortabilityOutputData; | } ScePortabilityOutputData; | ||
− | int | + | int sceSblSsDecryptWithPortabilityForDriver(int key_type, char *iv, ScePortabilityInputData* enc, ScePortabilityOutputData* plain); |
+ | </source> | ||
+ | |||
+ | === sceSblSsGetNvsDataForDriver === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 3.60 || 0xFDD6D5DE | ||
+ | |} | ||
+ | |||
+ | derived from <code>_vshSblSsGetNvsData</code> | ||
+ | |||
+ | uses syscon function to get the data | ||
+ | |||
+ | <source lang="C"> | ||
+ | //index - max index is 5 | ||
+ | //input - max size is 0x20 | ||
+ | int sceSblSsGetNvsDataForDriver(int index, char *output, int size); | ||
</source> | </source> | ||
− | === | + | === sceSblSsSetNvsDataForDriver === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 3.60 || 0x249ADB07 |
|} | |} | ||
+ | |||
+ | derived from <code>_vshSblSsSetNvsData</code> | ||
+ | |||
+ | uses syscon function to set the data | ||
+ | |||
+ | <source lang="C"> | ||
+ | //index - max index is 5 | ||
+ | //input - max size is 0x20 | ||
+ | int sceSblSsSetNvsDataForDriver(int index, char *input, int size); | ||
+ | </source> | ||
+ | |||
+ | === sceSblAimgrGetVisibleIdForDriver === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.990-3.60 || 0x04843835 | ||
+ | |} | ||
+ | |||
+ | Temp name was sceSblSsMgrGetVisibleIdForDriver. | ||
In old firmwares this function was named <code>sceSblSsMgrGetFuseIdForDriver</code>. | In old firmwares this function was named <code>sceSblSsMgrGetFuseIdForDriver</code>. | ||
− | + | Derived from <code>_vshSblAimgrGetVisibleId</code>. | |
Executes F00D aimgr_sm.self [[F00D_Commands#0x3|command 0x3]]. | Executes F00D aimgr_sm.self [[F00D_Commands#0x3|command 0x3]]. | ||
Line 851: | Line 863: | ||
} VisibleId; | } VisibleId; | ||
− | int | + | int sceSblAimgrGetVisibleIdForDriver(VisibleId* visible_id); |
</source> | </source> | ||
− | === | + | === sceSblAimgrGetConsoleIdForDriver === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 0.990-3.60 || 0xFC6CDD68 |
|} | |} | ||
− | + | Temp name was sceSblSsMgrGetConsoleIdForDriver. | |
+ | |||
+ | This function obtains Console Id by executing aimgr_sm.self [[F00D_Commands#0x1|F00D command 0x1]] | ||
− | + | <source lang="c"> | |
+ | typedef struct ConsoleId { // size 0x10 | ||
+ | char magic[4]; // {0, 0, 0, 1} | ||
+ | char product_code[2]; | ||
+ | char product_sub_code[2]; | ||
+ | char chassis_check; | ||
+ | char unknown[7]; | ||
+ | } ConsoleId; | ||
− | + | int sceSblAimgrGetConsoleIdForDriver(ConsoleId* console_id); | |
− | |||
− | |||
− | int | ||
</source> | </source> | ||
− | === | + | === sceSblAimgrGetOpenPsIdForDriver === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 0.990-3.60 || 0xA5B5D269 |
|} | |} | ||
− | + | Temp name was sceSblSsMgrGetOpenPsIdForDriver. | |
+ | |||
+ | This function returns information from a static buffer that is initialized on module_start. | ||
− | + | Read OpenPsId from sysroot_buffer+0x70 using [[SceSysmem#sceSysrootGetSysrootBufferForKernel|sceSysrootGetSysrootBufferForKernel]]. | |
<source lang="C"> | <source lang="C"> | ||
− | + | typedef struct OpenPsId { | |
− | + | char open_psid[0x10]; | |
− | int | + | } OpenPsId; |
+ | |||
+ | int sceSblAimgrGetOpenPsIdForDriver(OpenPsId *open_psid); | ||
</source> | </source> | ||
− | === | + | === sceSblAimgrGetPscodeForDriver === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || 0xE0DC2587 | + | | 0.990-3.60 || 0xE0DC2587 |
|} | |} | ||
− | + | Temp name was sceSblSsMgrGetPscodeForDriver. | |
+ | |||
+ | Derived from <code>_vshSblAimgrGetPscode</code>. | ||
This function returns information from a static buffer that is initialized on module_start. | This function returns information from a static buffer that is initialized on module_start. | ||
Line 907: | Line 931: | ||
typedef struct PsCode { | typedef struct PsCode { | ||
char magic[2]; // {0, 1} | char magic[2]; // {0, 1} | ||
− | char | + | char product_code[2]; |
− | char | + | char product_sub_code[2]; |
− | uint16_t chassis; // chassis = | + | uint16_t chassis; // chassis = chassis_check >> 2; |
} PsCode; | } PsCode; | ||
− | int | + | int sceSblAimgrGetPscodeForDriver(PsCode *pscode); |
</source> | </source> | ||
− | === | + | === sceSblAimgrGetPscode2ForDriver === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 3.60 || 0x9A9676D0 |
|} | |} | ||
+ | |||
+ | Temp name was sceSblSsMgrGetPscode2ForDriver. | ||
Executes F00D aimgr_sm.self [[F00D_Commands#0x4_2|command 0x4]]. | Executes F00D aimgr_sm.self [[F00D_Commands#0x4_2|command 0x4]]. | ||
Line 935: | Line 961: | ||
} PsCode; | } PsCode; | ||
− | int | + | int sceSblAimgrGetPscode2ForDriver(uint64_t* result); |
</source> | </source> | ||
− | === | + | === sceSblSsCreatePassPhraseForDriver === |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 3.60 || 0xB8B298FD |
|} | |} | ||
Line 952: | Line 978: | ||
<source lang="C"> | <source lang="C"> | ||
//input is of size 0x18 | //input is of size 0x18 | ||
− | int | + | int sceSblSsCreatePassPhraseForDriver(char *input, char *output); |
</source> | </source> | ||
Line 960: | Line 986: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 3.60 || 0xE0B13BA7 |
|} | |} | ||
Line 970: | Line 996: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 3.60 || 0xC38D0CEA |
|} | |} | ||
Line 980: | Line 1,006: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || | + | | 3.60 || 0xCD98CC92 |
|} | |} | ||
Line 990: | Line 1,016: | ||
This library exists on 1.69 but doesn't exist on 3.60. | This library exists on 1.69 but doesn't exist on 3.60. | ||
+ | |||
+ | === sceSblSsInfraAllocatePARangeVector === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.990 || 0x8C2822A9 | ||
+ | |} | ||
+ | |||
+ | === SceSblSsMgr_FAD42134 === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.990 || 0xFAD42134 | ||
+ | |} | ||
== SceSblQafMgr == | == SceSblQafMgr == | ||
Line 996: | Line 1,038: | ||
typedef struct SceQafToken | typedef struct SceQafToken | ||
{ | { | ||
− | char data[ | + | char data[0x80]; |
+ | char sig[0x100]; // not present on 0.990 | ||
}; | }; | ||
</source> | </source> | ||
Line 1,005: | Line 1,048: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0xB6BAE81D |
− | |||
− | |||
|} | |} | ||
Line 1,029: | Line 1,070: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0x56A16392 |
− | |||
− | |||
|} | |} | ||
Line 1,053: | Line 1,092: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0xD542583F |
− | |||
− | |||
|} | |} | ||
Line 1,071: | Line 1,108: | ||
<source lang="C"> | <source lang="C"> | ||
− | int | + | int ret; |
− | int | + | int ret2; |
− | int | + | int ret3; |
− | signed int result; | + | signed int result; |
− | char | + | char flag; |
− | char | + | char data[0x80]; |
− | char | + | char sig[0x100]; |
− | |||
− | + | memset(data, (char)0xFF, 0x180); | |
− | memset( | ||
SceKernelSuspendForDriver_4DF40893_0(0); | SceKernelSuspendForDriver_4DF40893_0(0); | ||
− | + | ret = sceSblNvsWriteDataForKernel(0x400, data, 0x80); | |
− | if ( | + | if ( ret ) |
{ | { | ||
SceKernelSuspendForDriver_4DF40893(0); | SceKernelSuspendForDriver_4DF40893(0); | ||
− | result = | + | result = ret; |
} | } | ||
else | else | ||
{ | { | ||
− | + | ret2 = sceSblNvsWriteDataForKernel(0x5A0, sig, 0x100); | |
− | if ( | + | if ( ret2 ) |
{ | { | ||
SceKernelSuspendForDriver_4DF40893(0); | SceKernelSuspendForDriver_4DF40893(0); | ||
− | result = | + | result = ret2; |
} | } | ||
else | else | ||
{ | { | ||
− | + | flag = 1; | |
− | + | ret3 = sceSblNvsWriteDataForKernel(0x480, &flag, 1); | |
SceKernelSuspendForDriver_4DF40893(0); | SceKernelSuspendForDriver_4DF40893(0); | ||
− | result = | + | result = ret3; |
} | } | ||
} | } | ||
Line 1,115: | Line 1,150: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0x0F7EA8C2 |
− | |||
− | |||
|} | |} | ||
Line 1,134: | Line 1,167: | ||
<source lang="C"> | <source lang="C"> | ||
memset(buf, 0, 0x180); | memset(buf, 0, 0x180); | ||
− | + | sceSblNvsReadDataForKernel(0x480, buf, 1); | |
− | + | sceSblNvsReadDataForKernel(0x400, buf, 0x80); | |
memcpy(buffer, buf, 0x18); | memcpy(buffer, buf, 0x18); | ||
− | + | sceSblNvsReadDataForKernel(0x5A0, buf, 0x100); | |
// if all functions returned success | // if all functions returned success | ||
sceSblQafManagerGetQafNameForKernel(buf2, len); | sceSblQafManagerGetQafNameForKernel(buf2, len); | ||
Line 1,162: | Line 1,195: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0xC456212D |
− | |||
− | |||
|} | |} | ||
Line 1,176: | Line 1,207: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0x66843305 |
− | |||
− | |||
|} | |} | ||
Line 1,190: | Line 1,219: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0x11D30766 |
− | |||
− | |||
|} | |} | ||
Line 1,204: | Line 1,231: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0x63F29BA0 |
− | |||
− | |||
|} | |} | ||
Line 1,218: | Line 1,243: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0xA9EBCBAC |
− | |||
− | |||
|} | |} | ||
Line 1,249: | Line 1,272: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0xB5621615 |
− | |||
− | |||
|} | |} | ||
Line 1,263: | Line 1,284: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0xD22A8731 |
− | |||
− | |||
|} | |} | ||
Line 1,277: | Line 1,296: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0xF45AA706 |
− | |||
− | |||
|} | |} | ||
Line 1,362: | Line 1,379: | ||
|} | |} | ||
− | This function is also | + | This function is also named <code>sceSblDmac5AesCbcDecKeyGen</code> or <code>sceSblDmac5AesCbcEncKeyGen</code> in <code>SceGameDataPlugin</code> |
<source lang="C"> | <source lang="C"> | ||
Line 1,399: | Line 1,416: | ||
|} | |} | ||
− | This function | + | This function is named <code>sceSblDmac5HmacKeyGen</code> in SceSysLibTrace but is also called <code>sceSblDmac5Sha256HmacKeyGen</code> in <code>SceGameDataPlugin</code>. |
<source lang="C"> | <source lang="C"> | ||
Line 1,416: | Line 1,433: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 1.69 | + | | 1.69-3.60 || 0x6E283E2E |
− | |||
− | |||
|} | |} | ||
Revision as of 22:47, 18 January 2019
Module
Known NIDs
Version | Name | World | Privilege | NID |
---|---|---|---|---|
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xFDDD93FA |
3.60 | SceSblSsMgr | Non-secure | Kernel | 0x4E913538 |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69-3.60 | SceSblSsMgrForKernel | Non-secure | Kernel | 0x74580D9F |
1.69-3.60 | SceSblSsMgrForDriver | Non-secure | Kernel | 0x61E9428D |
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xEC86E4B0 |
1.69-3.60 | SceSblQafMgr | Non-secure | User | 0x756B7E89 |
1.69-3.60 | SceSblRng | Non-secure | User | 0x1843F124 |
1.69-3.60 | SceSblDmac5Mgr | Non-secure | User | 0x437366A2 |
1.69-3.60 | SceSblAimgr | Non-secure | User | 0xD473F968 |
NVS Areas
Offset | Size | Comment | Used by |
---|---|---|---|
0 | 0x20 | qaf nvs mgmt area | sceSblQafManagerSetFlag (sub_81001610 on 0.990) |
0x2A0 | 0x20 | Qa Flag Version | |
0x400 | 0x80 | Qaf Token | |
0x480 | 1 | Qaf Token not set flag | Set to 1 by default when Token is not set (FFed). |
0x5A0 | 0x100 | Qaf Token signature ?RSA? | Not present on 0.990. Present on 3.60. |
SceSblSsMgrForKernel
sceSblNvsReadDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xC2EC8F5A |
Previous name was sceSblSsMgrGetSysconDataForKernel and sceSblSsMgrNvsReadDataForKernel.
For example gets 0x20 bytes of data for act_sm.self command 0x4 call.
This is done by passing offset 0x520 as first argument.
int sceSblNvsReadDataForKernel(int offset, char *buffer, int size);
sceSblNvsWriteDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE29E161C |
Previous name was sceSblSsMgrSetSysconDataForKernel and sceSblSsMgrNvsWriteDataForKernel.
int sceSblNvsWriteDataForKernel(int offset, char *buffer, int size);
return_ffffffff
Version | NID |
---|---|
0.990-3.60 | 0x516ECC08 |
From 0.990 to 3.60, all it does is return -1; // 0xFFFFFFFF.
int return_ffffffff(void);
sceSblQafManagerGetQafTokenForKernel
Version | NID |
---|---|
0.990 | 0x281FD75A |
sceSblQafManagerSetQafTokenForKernel
Version | NID |
---|---|
0.990 | 0x8E9447A1 |
sceSblQafManagerClearQafTokenForKernel
Version | NID |
---|---|
0.990 | 0xD45155C6 |
int sceSblQafManagerClearQafTokenForKernel(void);
uint32_t ret;
char buffer[0x80];
memset(&buffer, 0xFF, 0x80);
SceKernelSuspendForDriver_4DF40893(0);
ret = sceSblSsMgrNvsWriteDataForKernel(0x400, &buffer, 0x80);
if ( !ret ) // if buffer successfully written, set a flag at 0x480
ret = sceSblSsMgrNvsWriteDataForKernel(0x480, (char)1, 1);
SceKernelSuspendForDriver_2BB92967(0);
return ret;
sceSblQafManagerGetQAFlagsForKernel
Version | NID |
---|---|
0.990-3.60 | 0x83D254FF |
int sceSblQafManagerGetQAFlagsForKernel(char buffer[0x10]);
sceSblQafManagerGetQafNameForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE2DD0378 |
if ( byte_81008725 & 2 ) {
char string = "qaf_workaround";
memcpy(buffer, string, max_len);
} else {
sceSblNvsReadDataForKernel(0x480, flag, 1);
if (flag) {
sceSblNvsReadDataForKernel(0x400, buf, 0x80);
memcpy(buffer, buf, 0x18);
}
}
int sceSblQafManagerGetQafNameForKernel(char *buffer, unsigned int max_len);
SceSblSsMgrForDriver
Cryptographic functions in this module typically have 3 variations:
- Use
key
- meaning that the key that you provide is used directly for encryption/decryption. - Use
slot_id
- meaning that you have to use sceSblAuthMgrSetDmac5KeyForKernel function to set the key into a specific slot.- Note that in this case you select a key from F00D by
key_id
. It will be encrypted by F00D and placed into the slot selected byslot_id
.
- Note that in this case you select a key from F00D by
- Use
key_id
- meaning that the call to sceSblAuthMgrSetDmac5KeyForKernel will happen internally.- In this case the key from F00D is also selected by
key_id
and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17.
- In this case the key from F00D is also selected by
sceSblSsMgrGetRandomNumberForDriver
Version | NID |
---|---|
3.60 | 0x4F9BFBE5 |
int sceSblSsMgrGetRandomNumberForDriver(char* result, int size);
sceSblSsMgrGetRandomDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0xAC57F4F0 |
Generates random data of length 0x40 by executing Dmac5 command 0x04
used in SceKrm, SceSblGcAuthMgr
int sceSblSsMgrGetRandomDataForDriver(char* dest);
sceSblDmac5RndForDriver
Version | NID |
---|---|
3.60 | 0x4DD1B2E5 |
Temp name was sceSblSsMgrGetRandomDataCropForDriver.
Generates random data of length 0x40 by executing Dmac5 command 0x04
Data is then cropped to fit the size in outputBuffer.
Used by SceMsif
int sceSblDmac5RndForDriver(char* outputBuffer, int size, int unk);
sceSblSsMgrAESECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0xC517770D |
Executes Dmac5 command 0x1
used in ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);
sceSblSsMgrAESECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x7C978BE7 |
Executes Dmac5 command 0x02
used ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, char* key, int key_size, int mask_enable);
sceSblSsMgrAESECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x01BE0374 |
Executes Dmac5 command 0x01
used in SceSblMgKeyMgr
//size - size of data in src
//slot_id - 0x1C, 0x1D, 0x1E, 0x1F
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrAESECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x8B4700CB |
Executes Dmac5 command 0x02
used by SceSblMgKeyMgr
//size - size of data in src
//slot_id - 0x1D, ?
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//mask_enable = 1
int sceSblSsMgrAESECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrAESECBEncryptWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x0F7D28AF |
Executes Dmac5 command 0x01
used in ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
int sceSblSsMgrAESECBEncryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);
sceSblSsMgrAESECBDecryptWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x197ACF6F |
Executes Dmac5 command 0x02
no usages found
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
int sceSblSsMgrAESECBDecryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, int key_id, int mask_enable);
sceSblSsMgrDES64ECBEncryptForDriver
Version | NID |
---|---|
3.60 | 0x37DD5CBF |
This also implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x41
used in SceMsif, SceSblMgKeyMgr
//size - size of data in src
//slot_id - 0x1C, ?
//key_size - 0xC0 (size in bits) - other sizes also work
//mask_enable = 1
int sceSblSsMgrDES64ECBEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrDES64ECBDecryptForDriver
Version | NID |
---|---|
3.60 | 0x8EAFB18A |
This also implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x42
used in SceSblMgKeyMgr
//size - size of data in src
//slot_id - 0x1C, ?
//key_size - 0xC0 (size in bits) - other sizes also work
//mask_enable = 1
int sceSblSsMgrDES64ECBDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, int mask_enable);
sceSblSsMgrDES64CBCEncryptForDriver
Version | NID |
---|---|
3.60 | 0x05B38698 |
This also probably implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x49
no usages found
//size - size of data in src
//slot_id - 0x1D, ?
//key_size - ? - does not matter ?
//iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrDES64CBCEncryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, char* iv, int mask_enable);
sceSblSsMgrDES64CBCDecryptForDriver
Version | NID |
---|---|
3.60 | 0x926BCCF0 |
This also probably implements 3DES. Chosen function depends on key size.
for 0x40 - DES
for 0x80 - not tested. assuming 3DES with K1 = K3.
for 0xC0 - 3DES
Executes Dmac5 command 0x4A
no usages found
//size - size of data in src
//slot_id - 0x1D, ?
//key_size - ? - does not matter ?
//iv - length is 8 for DES
//mask_enable = 1
int sceSblSsMgrDES64CBCDecryptForDriver(char *src, char *dst, int size, int slot_id, int key_size, char* iv, int mask_enable);
sceSblSsMgrAESCBCEncryptForDriver
Version | NID |
---|---|
3.60 | 0xE6E1AD15 |
Executes Dmac5 command 0x09
used by ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCBCEncryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCBCDecryptForDriver
Version | NID |
---|---|
3.60 | 0x121FA69F |
Executes Dmac5 command 0x0A
used by ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCBCDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCBCEncryptWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x711C057A |
Executes Dmac5 command 0x09
used by ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
int sceSblSsMgrAESCBCEncryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);
sceSblSsMgrAESCBCDecryptWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x1901CB5E |
Executes Dmac5 command 0x0A
used by ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
int sceSblSsMgrAESCBCDecryptWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable);
sceSblSsMgrAESCTREncryptForDriver
Version | NID |
---|---|
3.60 | 0x82B5DCEF |
Executes Dmac5 command 0x21
used by SceNpDrm
this function can also be used for decryption since CTR is symmetric function
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCTREncryptForDriver (char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrAESCTRDecryptForDriver
Version | NID |
---|---|
3.60 | 0x7D46768C |
Executes Dmac5 command 0x22
no usages found
this function can also be used for encryption since CTR is symmetric function
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
//mask_enable = 1
int sceSblSsMgrAESCTRDecryptForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable);
sceSblSsMgrSHA1ForDriver
Version | NID |
---|---|
3.60 | 0xEB3AF9B5 |
Executes Dmac5 command 0x03
used by ScePfsMgr
key_size is always 0x100 bits
//size - size of data in src
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrSHA1ForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA1ForDriver
Version | NID |
---|---|
3.60 | 0x6704D985 |
Executes Dmac5 command 0x23
used by ScePfsMgr
key_size is always 0x100 bits
//size - size of data in src
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrHMACSHA1ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA1WithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x92E37656 |
Executes Dmac5 command 0x23
no usages found
key_size is always 0x100 bits
//size - size of data in src
//key - length is always 0x20
//iv = 0
//key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrHMACSHA1WithKeygenForDriver(char *src, char *dst, int size, char *key, char *iv, int key_id, int mask_enable, int command_bit);
sceSblSsMgrHMACSHA256ForDriver
Version | NID |
---|---|
3.60 | 0x79F38554 |
Executes Dmac5 command 0x33
no usages found
//size - size of data in src
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrHMACSHA256ForDriver(char *src, char *dst, int size, char *key, char *iv, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0x1B14658D |
Executes Dmac5 command 0x3B
used in ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrAESCMACWithKeygenForDriver
Version | NID |
---|---|
3.60 | 0x83B058F5 |
Executes Dmac5 command 0x3B
used in ScePfsMgr
//size - size of data in src
//key - length is 0x10 / 0x18 / 0x20
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv = 0
//key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForKernel. uses slot_id range 0x0C-0x17 internally
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACWithKeygenForDriver(char *src, char *dst, int size, char *key, int key_size, char *iv, int key_id, int mask_enable, int command_bit);
sceSblSsMgrAESCMACForDriver
Version | NID |
---|---|
3.60 | 0xEA6ACB6D |
Executes Dmac5 command 0x3B
no usages found
//size - size of data in src
//slot_id - 0x1D, ?
//key_size - 0x80 / 0xC0 / 0x100 (size in bits)
//iv = 0
//mask_enable = 1
//command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrAESCMACForDriver(char *src, char *dst, int size, int slot_id, int key_size, char *iv, int mask_enable, int command_bit);
sceSblSsMgrExecuteDmac5HashCommandForDriver
Version | NID |
---|---|
3.60 | 0x9641374E |
Executes Dmac5 commands related to hash functions
used by SceNpDrm
int sceSblSsMgrExecuteDmac5HashCommandForDriver(char *src, char *dst, int size, char *iv, int mask_enable, int command, int command_bit);
sceSblSsEncryptWithPortabilityForDriver
Version | NID |
---|---|
0.990-3.60 | 0x21EC51F6 |
derived from _vshSblSsEncryptWithPortability
strangely enough does not use communication with F00D through command 0x1000A from encdec_w_portability_sm.self
struct size_data_pair
{
int size;
char data[0x20];
};
int sceSblSsEncryptWithPortabilityForDriver(int key_id, char *iv, size_data_pair *src, size_data_pair *dst);
sceSblSsDecryptWithPortabilityForDriver
Version | NID |
---|---|
0.990-3.60 | 0x934DB6B5 |
derived from _vshSblSsDecryptWithPortability
Decrypts or derives AES key that is used in msif to decrypt static sha224 table.
Communication with F00D is done with command 0x2000A from encdec_w_portability_sm.self.
typedef struct ScePortabilityInputData // size of structure is 0x24
{
uint32_t enc_size; // max size is 0x20
uint8_t enc_msg[0x20];
} ScePortabilityInputData;
typedef struct ScePortabilityOutputData // size of structure is 0x24
{
uint32_t plain_size; // max size is 0x20
uint8_t plain_msg[0x20];
} ScePortabilityOutputData;
int sceSblSsDecryptWithPortabilityForDriver(int key_type, char *iv, ScePortabilityInputData* enc, ScePortabilityOutputData* plain);
sceSblSsGetNvsDataForDriver
Version | NID |
---|---|
3.60 | 0xFDD6D5DE |
derived from _vshSblSsGetNvsData
uses syscon function to get the data
//index - max index is 5
//input - max size is 0x20
int sceSblSsGetNvsDataForDriver(int index, char *output, int size);
sceSblSsSetNvsDataForDriver
Version | NID |
---|---|
3.60 | 0x249ADB07 |
derived from _vshSblSsSetNvsData
uses syscon function to set the data
//index - max index is 5
//input - max size is 0x20
int sceSblSsSetNvsDataForDriver(int index, char *input, int size);
sceSblAimgrGetVisibleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0x04843835 |
Temp name was sceSblSsMgrGetVisibleIdForDriver.
In old firmwares this function was named sceSblSsMgrGetFuseIdForDriver
.
Derived from _vshSblAimgrGetVisibleId
.
Executes F00D aimgr_sm.self command 0x3.
typedef struct VisibleId {
char visible_id[0x20];
} VisibleId;
int sceSblAimgrGetVisibleIdForDriver(VisibleId* visible_id);
sceSblAimgrGetConsoleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xFC6CDD68 |
Temp name was sceSblSsMgrGetConsoleIdForDriver.
This function obtains Console Id by executing aimgr_sm.self F00D command 0x1
typedef struct ConsoleId { // size 0x10
char magic[4]; // {0, 0, 0, 1}
char product_code[2];
char product_sub_code[2];
char chassis_check;
char unknown[7];
} ConsoleId;
int sceSblAimgrGetConsoleIdForDriver(ConsoleId* console_id);
sceSblAimgrGetOpenPsIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xA5B5D269 |
Temp name was sceSblSsMgrGetOpenPsIdForDriver.
This function returns information from a static buffer that is initialized on module_start.
Read OpenPsId from sysroot_buffer+0x70 using sceSysrootGetSysrootBufferForKernel.
typedef struct OpenPsId {
char open_psid[0x10];
} OpenPsId;
int sceSblAimgrGetOpenPsIdForDriver(OpenPsId *open_psid);
sceSblAimgrGetPscodeForDriver
Version | NID |
---|---|
0.990-3.60 | 0xE0DC2587 |
Temp name was sceSblSsMgrGetPscodeForDriver.
Derived from _vshSblAimgrGetPscode
.
This function returns information from a static buffer that is initialized on module_start.
Read PsCode from sysroot_buffer+0xA0 using sceSysrootGetSysrootBufferForKernel.
typedef struct PsCode {
char magic[2]; // {0, 1}
char product_code[2];
char product_sub_code[2];
uint16_t chassis; // chassis = chassis_check >> 2;
} PsCode;
int sceSblAimgrGetPscodeForDriver(PsCode *pscode);
sceSblAimgrGetPscode2ForDriver
Version | NID |
---|---|
3.60 | 0x9A9676D0 |
Temp name was sceSblSsMgrGetPscode2ForDriver.
Executes F00D aimgr_sm.self command 0x4.
derived from _vshSblAimgrGetPscode2
typedef struct PsCode {
char magic[2]; // {0, 1}
char target_id[2];
char model_revision[2];
uint16_t chassis; // chassis = ConsoleId.chassis_check >> 2;
} PsCode;
int sceSblAimgrGetPscode2ForDriver(uint64_t* result);
sceSblSsCreatePassPhraseForDriver
Version | NID |
---|---|
3.60 | 0xB8B298FD |
executes F00D aimgr_sm.self command 0x5
derived from _vshSblSsCreatePassPhrase
//input is of size 0x18
int sceSblSsCreatePassPhraseForDriver(char *input, char *output);
unk_e0b13ba7
Version | NID |
---|---|
3.60 | 0xE0B13BA7 |
Used by SceSblUpdateMgr - does some initialization
unk_c38d0cea
Version | NID |
---|---|
3.60 | 0xC38D0CEA |
Used by SceSblUpdateMgr - does some cleanup
sceSblSsMgrMemsetForDriver
Version | NID |
---|---|
3.60 | 0xCD98CC92 |
Used by SceSblPostSsMgr
void sceSblSsMgrMemsetForDriver(char* dest, char value, int size);
SceSblSsMgr
This library exists on 1.69 but doesn't exist on 3.60.
sceSblSsInfraAllocatePARangeVector
Version | NID |
---|---|
0.990 | 0x8C2822A9 |
SceSblSsMgr_FAD42134
Version | NID |
---|---|
0.990 | 0xFAD42134 |
SceSblQafMgr
typedef struct SceQafToken
{
char data[0x80];
char sig[0x100]; // not present on 0.990
};
sceSblQafMgrGetQafToken
Version | NID |
---|---|
1.69-3.60 | 0xB6BAE81D |
On 3.60 returns 0x80010058.
int sceSblQafMgrGetQafToken(SceQafToken *qaf_token);
sceSblQafMgrGetQafToken2
Version | NID |
---|---|
3.60 | 0xDFBA8569 |
int sceSblQafMgrGetQafToken2(SceQafToken *qaf_token);
sceSblQafManagerSetQafTokenForUser
Version | NID |
---|---|
1.69-3.60 | 0x56A16392 |
On 3.60 returns 0x80010058.
int sceSblQafManagerSetQafTokenForUser(SceQafToken qaf_token);
sceSblQafMgrSetQafToken2
Version | NID |
---|---|
3.60 | 0xF4B5C8A5 |
int sceSblQafMgrSetQafToken2(SceQafToken qaf_token);
sceSblQafManagerDeleteQafTokenForUser
Version | NID |
---|---|
1.69-3.60 | 0xD542583F |
On 3.60 returns 0x80010058.
int sceSblQafManagerDeleteQafTokenForUser(void);
sceSblQafMgrDeleteQafToken2
Version | NID |
---|---|
3.60 | 0x62E30BF4 |
int ret;
int ret2;
int ret3;
signed int result;
char flag;
char data[0x80];
char sig[0x100];
memset(data, (char)0xFF, 0x180);
SceKernelSuspendForDriver_4DF40893_0(0);
ret = sceSblNvsWriteDataForKernel(0x400, data, 0x80);
if ( ret )
{
SceKernelSuspendForDriver_4DF40893(0);
result = ret;
}
else
{
ret2 = sceSblNvsWriteDataForKernel(0x5A0, sig, 0x100);
if ( ret2 )
{
SceKernelSuspendForDriver_4DF40893(0);
result = ret2;
}
else
{
flag = 1;
ret3 = sceSblNvsWriteDataForKernel(0x480, &flag, 1);
SceKernelSuspendForDriver_4DF40893(0);
result = ret3;
}
}
return result;
int sceSblQafMgrDeleteQafToken2(void);
sceSblQafManagerGetQafNameForUser
Version | NID |
---|---|
1.69-3.60 | 0x0F7EA8C2 |
Wrapper to sceSblQafManagerGetQafNameForKernel.
int sceSblQafManagerGetQafNameForUser(char *buffer, unsigned int max_len);
sceSblQafManagerGetQafName2ForUser
Version | NID |
---|---|
3.60 | 0xF0CA8766 |
memset(buf, 0, 0x180);
sceSblNvsReadDataForKernel(0x480, buf, 1);
sceSblNvsReadDataForKernel(0x400, buf, 0x80);
memcpy(buffer, buf, 0x18);
sceSblNvsReadDataForKernel(0x5A0, buf, 0x100);
// if all functions returned success
sceSblQafManagerGetQafNameForKernel(buf2, len);
sceKernelMemcpyKernelToUserForDriver(buffer, buf2, len)) != 0 )
int sceSblQafManagerGetQafName2ForUser(char *buffer, unsigned int max_len);
sceSblQafMgrIsAllowMinimumDebugMenuDisplay
Version | NID |
---|---|
3.60 | 0xA156BBD2 |
return sysroot_buffer->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowMinimumDebugMenuDisplay(void);
sceSblQafMgrIsAllowLimitedDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0xC456212D |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowLimitedDebugMenuDisplay(void);
sceSblQafMgrIsAllowAllDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0x66843305 |
return (sysroot_buffer->qa_flags[0xC] >> 1) & 1;
int sceSblQafMgrIsAllowAllDebugMenuDisplay(void);
sceSblQafManagerIsAllowKernelDebugForUser
Version | NID |
---|---|
1.69-3.60 | 0x11D30766 |
return sysroot_buffer->qa_flags[0xD] & 1;
int sceSblQafManagerIsAllowKernelDebugForUser(void);
sceSblQafMgrIsAllowForceUpdate
Version | NID |
---|---|
1.69-3.60 | 0x63F29BA0 |
return (sysroot_buffer->qa_flags[0xF] >> 1) & 1;
int sceSblQafMgrIsAllowForceUpdate(void);
sceSblQafMgrIsAllowNpTest
Version | NID |
---|---|
1.69-3.60 | 0xA9EBCBAC |
if (sysroot_buffer->qa_flags[0xF] << 31)
return 1;
else
return sceSysrootUtMgrHasNpTestFlagForKernel(a1, a2, a3);
int sceSblQafMgrIsAllowNpTest(int a1, int a2, int a3);
sceSblQafMgrIsAllowNpFullTest
Version | NID |
---|---|
3.60 | 0x72168C6E |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowNpFullTest(void);
sceSblQafMgrIsAllowNonQAPup
Version | NID |
---|---|
1.69-3.60 | 0xB5621615 |
return sysroot_buffer->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowNonQAPup(void);
sceSblQafMgrIsAllowScreenShotAlways
Version | NID |
---|---|
1.69-3.60 | 0xD22A8731 |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowScreenShotAlways(void);
sceSblQafMgrIsAllowRemoteSysmoduleLoad
Version | NID |
---|---|
1.69-3.60 | 0xF45AA706 |
return (sysroot_buffer->qa_flags[0xD] >> 1) & 1;
int sceSblQafMgrIsAllowRemoteSysmoduleLoad(void);
SceSblRng
sceSblSsMgrGetRandomData
Version | NID |
---|---|
0.990 | 0xD1189305 |
Calls sceSblSsMgrGetRandomDataForDriver.
?_sceKernelGetRandomNumber_OLD?
Version | NID |
---|---|
0.990 | 0xD8BC42B8 |
_sceKernelGetRandomNumber
Version | NID |
---|---|
1.69-3.60 | 0xC37E818C |
int _sceKernelGetRandomNumber(int *out, int a2, char a3[8]);
SceSblDmac5Mgr
sceSblDmac5HashTransform
Version | NID |
---|---|
1.69-3.60 | 0x09EBC6EF |
This function can execute the following dmac5 commands:
- 0x3B: CMAC-AES (length 0x10)
- 0x03: SHA1 (length 0x14)
- 0x23: HMAC-SHA1 (length 0x14)
- 0x13: SHA256 (length 0x20)
- 0x33: HMAC-SHA256 (length 0x20)
typedef struct hash_trans_opt_t //size 0x18
{
char* src;
char* dst;
uint32_t size;
uint32_t unk_C; // = 0
uint32_t unk_10; // = 0
char* iv;
}hash_trans_opt_t;
// flags:
// 0x000
// 0x400
// 0x800
// 0xC00
int sceSblDmac5HashTransform(hash_trans_opt_t* ctx, int command, int flags);
sceSblDmac5EncDecKeyGen
Version | NID |
---|---|
1.69-3.60 | 0x5BF4F924 |
This function is also named sceSblDmac5AesCbcDecKeyGen
or sceSblDmac5AesCbcEncKeyGen
in SceGameDataPlugin
typedef struct keygen_ctx //size is 0x18
{
char *src;
char *dst;
int size;
char* key;
uint32_t key_size; // (int bits)
char* out; //hash ?
}keygen_ctx;
//command - 0xA (dmac5 command AES-192-CBC decrypt)
//command - 0x9 (dmac5 command AES-192-CBC encrypt)
int sceSblDmac5EncDecKeyGen(keygen_ctx* ctx, int key_id, int command);
sceSblDmac5EncDec
Version | NID |
---|---|
1.69-3.60 | 0xD0B1F759 |
int sceSblDmac5EncDec(void *args, int command);
sceSblDmac5HmacKeyGen
Version | NID |
---|---|
3.60 | 0xCCE57D33 |
This function is named sceSblDmac5HmacKeyGen
in SceSysLibTrace but is also called sceSblDmac5Sha256HmacKeyGen
in SceGameDataPlugin
.
// data is of size 0x18 (24 - 192 bits ?)
// unk1 - 0x20001
// command - 0x33 (dmac5 HMAC-SHA256 command)
// flags - 0x400, 0x800, 0xC00
int sceSblDmac5HmacKeyGen(char* data, int unk1, int command, int flags);
SceSblAimgr
_sceKernelGetOpenPsId
Version | NID |
---|---|
1.69-3.60 | 0x6E283E2E |
int _sceKernelGetOpenPsId(char open_psid[0x10]);