Difference between revisions of "SceSblSsMgr"
CelesteBlue (talk | contribs) |
|||
(41 intermediate revisions by 2 users not shown) | |||
Line 33: | Line 33: | ||
| 1.69-3.60 || [[SceSblSsMgr#SceSblAimgr|SceSblAimgr]] || Non-secure || User || 0xD473F968 | | 1.69-3.60 || [[SceSblSsMgr#SceSblAimgr|SceSblAimgr]] || Non-secure || User || 0xD473F968 | ||
|} | |} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Types == | == Types == | ||
=== SceKitActivationData === | === SceKitActivationData === | ||
+ | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Offset !! Size !! Description | ! Offset !! Size !! Description | ||
|- | |- | ||
− | | | + | | 0x00 || 0x4 || Magic "act\0" |
|- | |- | ||
− | | | + | | 0x04 || 0x4 || Format version |
|- | |- | ||
− | | | + | | 0x08 || 0x4 || Issue number (increment each activation, prevent rollback) |
|- | |- | ||
− | | | + | | 0x0C || 0x4 || Start validity time unix timestamp |
|- | |- | ||
− | | | + | | 0x10 || 0x4 || End validity time unix timestamp |
|- | |- | ||
− | | | + | | 0x14 || 0x10 || Activation key |
|- | |- | ||
− | | | + | | 0x24 || 0x1C || Unused |
|- | |- | ||
− | | | + | | 0x40 || 0x40 || Encrypted Token (First 0x30 bytes of SceKitActivationData then 0x10 byte CMAC) |
|} | |} | ||
<source lang="C"> | <source lang="C"> | ||
− | typedef struct SceKitActivationDataToken // size is 0x40 bytes | + | typedef struct SceConsoleId { |
− | + | uint16_t unk; // {0, 0} | |
− | char magic[4]; // "act\n" | + | uint16_t company_code; // {0, 1} |
+ | uint16_t product_code; | ||
+ | uint16_t product_sub_code; | ||
+ | uint8_t chassis_check; | ||
+ | uint8_t unknown[7]; | ||
+ | } SceConsoleId; | ||
+ | |||
+ | typedef struct SceOpenPsId { | ||
+ | uint8_t open_psid[0x10]; | ||
+ | } SceOpenPsId; | ||
+ | |||
+ | typedef struct ScePsCode { | ||
+ | uint16_t company_code; // {0, 1} | ||
+ | uint16_t product_code; | ||
+ | uint16_t product_sub_code; | ||
+ | uint16_t factory_code; // = chassis_check >> 2; | ||
+ | } ScePsCode; | ||
+ | |||
+ | typedef struct Sce SceVisibleId { | ||
+ | char visible_id[0x20]; | ||
+ | } SceVisibleId; | ||
+ | |||
+ | typedef enum SceSblSsNvsData { | ||
+ | SCE_SBL_SS_NVS_DATA_UNK_4A4 = 0, // offset 0x4A4, size 4 | ||
+ | SCE_SBL_SS_NVS_DATA_UNK_500 = 1, // offset 0x500, size 1 | ||
+ | SCE_SBL_SS_NVS_DATA_UNK_482 = 2, // offset 0x482, size 1 | ||
+ | SCE_SBL_SS_NVS_DATA_UNK_4E0 = 3, // offset 0x4E0, size 0x20 | ||
+ | SCE_SBL_SS_NVS_DATA_UNK_483 = 4, // offset 0x483, size 1 | ||
+ | SCE_SBL_SS_NVS_DATA_UNK_486 = 5 // offset 0x486, size 1 | ||
+ | } SceSblSsNvsData; | ||
+ | |||
+ | typedef struct SceKitActivationDataToken { // size is 0x40 bytes | ||
+ | char magic[4]; // "act\n" | ||
uint32_t issue_no; | uint32_t issue_no; | ||
uint32_t format_version; | uint32_t format_version; | ||
Line 104: | Line 105: | ||
// This is what embeds the tm0:activation/act.dat file | // This is what embeds the tm0:activation/act.dat file | ||
− | typedef struct SceKitActivationData // size is 0x80 bytes | + | typedef struct SceKitActivationData { // size is 0x80 bytes |
− | |||
char magic[4]; // "act\n" | char magic[4]; // "act\n" | ||
uint32_t issue_no; | uint32_t issue_no; | ||
Line 115: | Line 115: | ||
char encrypted_token[0x40]; | char encrypted_token[0x40]; | ||
} SceKitActivationData; | } SceKitActivationData; | ||
+ | |||
+ | typedef struct SceQafToken { // size is 0x80 bytes | ||
+ | SceUInt32 qaf_version; | ||
+ | SceUInt32 unk_4; | ||
+ | char qaf_name[0x10]; // "NO_FLAGS" by default | ||
+ | char unk_18[8]; | ||
+ | char consoleid[0x10]; | ||
+ | char qa_flags[0x10]; | ||
+ | char unk_40[0x30]; | ||
+ | char cmac[0x10]; // AES256CMAC of SceQafToken with zeroed CMAC field | ||
+ | } SceQafToken; | ||
+ | |||
+ | typedef struct ScePortabilityData { // size is 0x24 | ||
+ | SceSize msg_size; // max size is 0x20 | ||
+ | uint8_t msg[0x20]; | ||
+ | } ScePortabilityData; | ||
+ | |||
+ | // Used by run_encdec_cmd, itself called by sceSblDmac5EncDec for example. | ||
+ | typedef struct dmac_op_ctx { | ||
+ | dmac_op_ctx_heap *ctx_heap_addr; | ||
+ | uint keyring_key_count; // if keyring_key_count < 0x100, keyring_key_count is used as DKey | ||
+ | uint unk_8; | ||
+ | SceUID dmac_opid; // used with sceKernelDmaOpFreeForDriver | ||
+ | char iv[0x28]; // iv_size can be 0, 8, 0x10 or 0x28 depending on cmd itself depending on key_size | ||
+ | } dmac_op_ctx; | ||
+ | |||
+ | typedef struct dmac_op_ctx_heap { // size is 0x40 on FW 0.990 | ||
+ | uint cmd; | ||
+ | uint unk_4; // 0x100 | ||
+ | uint unk_8; // 0 if unk_flag = 0, 0x3ffff else | ||
+ | uint dmac5_op; | ||
+ | char reserved[0x30]; | ||
+ | } dmac_op_ctx_heap; | ||
</source> | </source> | ||
Line 128: | Line 161: | ||
Previous name was sceSblSsMgrGetSysconDataForKernel and sceSblSsMgrNvsReadDataForKernel. | Previous name was sceSblSsMgrGetSysconDataForKernel and sceSblSsMgrNvsReadDataForKernel. | ||
+ | |||
+ | Calls [[SceSyscon#sceSysconNvsReadDataForDriver|sceSysconNvsReadDataForDriver]]. | ||
+ | |||
+ | Trying to read at offset 0-0x3FF: error 0x8025023C (cannot read SNVS using this function, need to use new protocols, to be documented). | ||
+ | |||
+ | Trying to read at offset > 0xB5F: error 0x80250001 (out of range). | ||
<source lang="C">int sceSblNvsReadDataForKernel(int offset, char *buffer, int size);</source> | <source lang="C">int sceSblNvsReadDataForKernel(int offset, char *buffer, int size);</source> | ||
Line 140: | Line 179: | ||
Previous name was sceSblSsMgrSetSysconDataForKernel and sceSblSsMgrNvsWriteDataForKernel. | Previous name was sceSblSsMgrSetSysconDataForKernel and sceSblSsMgrNvsWriteDataForKernel. | ||
+ | |||
+ | Calls [[SceSyscon#sceSysconNvsWriteDataForDriver|sceSysconNvsWriteDataForDriver]]. | ||
<source lang="C">int sceSblNvsWriteDataForKernel(int offset, char *buffer, int size);</source> | <source lang="C">int sceSblNvsWriteDataForKernel(int offset, char *buffer, int size);</source> | ||
Line 160: | Line 201: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0.990 || 0x281FD75A | + | | 0.931-0.990 || 0x281FD75A |
|} | |} | ||
+ | |||
+ | <source lang="C">int sceSblQafManagerGetQafTokenForKernel(SceQafToken *pToken);</source> | ||
=== sceSblQafManagerSetQafTokenForKernel === | === sceSblQafManagerSetQafTokenForKernel === | ||
Line 168: | Line 211: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0. | + | | 0.931-0.990 || 0x8E9447A1 |
|} | |} | ||
+ | |||
+ | <source lang="C">int sceSblQafManagerSetQafTokenForKernel(SceQafToken *pToken);</source> | ||
=== get_qaf_token === | === get_qaf_token === | ||
Line 198: | Line 243: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0.990 || 0xD45155C6 | + | | 0.931-0.990 || 0xD45155C6 |
|} | |} | ||
Line 205: | Line 250: | ||
<source lang="C"> | <source lang="C"> | ||
uint32_t ret; | uint32_t ret; | ||
− | char | + | char qaf_token[0x80]; |
− | memset(& | + | memset(&qaf_token, 0xFF, 0x80); |
SceKernelSuspendForDriver_4DF40893(0); | SceKernelSuspendForDriver_4DF40893(0); | ||
− | ret = sceSblNvsWriteDataForKernel(0x400, & | + | ret = sceSblNvsWriteDataForKernel(0x400, &qaf_token, 0x80); |
− | if ( !ret ) // if | + | if (!ret) // if qaf_token successfully written, set a flag at 0x480 |
− | ret = sceSblNvsWriteDataForKernel(0x480, | + | ret = sceSblNvsWriteDataForKernel(0x480, 1, 1); |
SceKernelSuspendForDriver_2BB92967(0); | SceKernelSuspendForDriver_2BB92967(0); | ||
return ret; | return ret; | ||
Line 253: | Line 298: | ||
Cryptographic functions in this module typically have 3 variations: | Cryptographic functions in this module typically have 3 variations: | ||
# Use <code>key</code> - meaning that the key that you provide is used directly for encryption/decryption. | # Use <code>key</code> - meaning that the key that you provide is used directly for encryption/decryption. | ||
− | # Use <code>slot_id</code> - meaning that you have to use [[SceSblAuthMgr#sceSblAuthMgrSetDmac5KeyForKernel|sceSblAuthMgrSetDmac5KeyForKernel]] function to set the key into a specific slot. | + | # Use <code>slot_id</code> - meaning that you have to use [[SceSblAuthMgr#sceSblAuthMgrSetDmac5KeyForKernel|sceSblAuthMgrSetDmac5KeyForKernel]] function to set the key into a specific slot. In this case you select a key from F00D by <code>key_id</code>. It will be encrypted by F00D and placed into the slot selected by <code>slot_id</code>. |
− | + | # Use <code>key_id</code> - meaning that the call to [[SceSblAuthMgr#sceSblAuthMgrSetDmac5KeyForKernel|sceSblAuthMgrSetDmac5KeyForKernel]] will happen internally. In this case the key from F00D is also selected by <code>key_id</code> and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17. | |
− | # Use <code>key_id</code> - meaning that the call to [[SceSblAuthMgr#sceSblAuthMgrSetDmac5KeyForKernel|sceSblAuthMgrSetDmac5KeyForKernel]] will happen internally. | ||
− | |||
=== sceSblRngPseudoRandomNumberForDriver === | === sceSblRngPseudoRandomNumberForDriver === | ||
Line 286: | Line 329: | ||
<source lang="c">int sceSblRngGenuineRandomNumberForDriver(char* dest);</source> | <source lang="c">int sceSblRngGenuineRandomNumberForDriver(char* dest);</source> | ||
− | === sceSblDmac5RndForDriver === | + | === sceSblDmac5AllocOpForDriver === |
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.931 || 0x18A1BF77 | ||
+ | |- | ||
+ | | 3.60 || not present | ||
+ | |} | ||
+ | |||
+ | === sceSblDmac5FreeOpForDriver === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.931 || 0xEB462E80 | ||
+ | |- | ||
+ | | 3.60 || not present | ||
+ | |} | ||
+ | |||
+ | === sceSblDmac5DirectCryptForDriver === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 0.931 || 0x29BE9D99 | ||
+ | |- | ||
+ | | 3.60 || not present | ||
+ | |} | ||
+ | |||
+ | === sceSblDmac5RndForDriver === | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 296: | Line 369: | ||
Temp name was sceSblSsMgrGetRandomDataCropForDriver. | Temp name was sceSblSsMgrGetRandomDataCropForDriver. | ||
− | Generates random data of length by executing [[ | + | Generates random data of length by executing [[Dmac5]] command 0x4. |
− | Data is then cropped to fit the size in | + | Data is then cropped to fit the size in pOutputBuffer. |
− | Used | + | Used in [[SceMsif]]. |
− | <source lang="c">int sceSblDmac5RndForDriver(char* | + | <source lang="c">int sceSblDmac5RndForDriver(char* pOutputBuffer, int size, int unk);</source> |
=== sceSblDmac5AesEcbEncForDriver === | === sceSblDmac5AesEcbEncForDriver === | ||
Line 314: | Line 387: | ||
Temp name was sceSblSsMgrAESECBEncryptForDriver. | Temp name was sceSblSsMgrAESECBEncryptForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x1. |
Used in [[ScePfsMgr]]. | Used in [[ScePfsMgr]]. | ||
Line 323: | Line 396: | ||
// key_size - 128 / 192 / 256 (size in bits) | // key_size - 128 / 192 / 256 (size in bits) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesEcbEncForDriver( | + | int sceSblDmac5AesEcbEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int mask_enable); |
</source> | </source> | ||
Line 336: | Line 409: | ||
Temp name was sceSblSsMgrAESECBDecryptForDriver. | Temp name was sceSblSsMgrAESECBDecryptForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x2. |
− | Used | + | Used in [[ScePfsMgr]]. |
<source lang="c"> | <source lang="c"> | ||
Line 345: | Line 418: | ||
// key_size - 128 / 192 / 256 (size in bits) | // key_size - 128 / 192 / 256 (size in bits) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesEcbDecForDriver( | + | int sceSblDmac5AesEcbDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int mask_enable); |
</source> | </source> | ||
Line 358: | Line 431: | ||
Temp name was sceSblSsMgrAESECBEncryptWithKeygenForDriver. | Temp name was sceSblSsMgrAESECBEncryptWithKeygenForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x1. |
Used in [[ScePfsMgr]]. | Used in [[ScePfsMgr]]. | ||
Line 368: | Line 441: | ||
// key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally | // key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesEcbEncNPForDriver( | + | int sceSblDmac5AesEcbEncNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int key_id, int mask_enable); |
</source> | </source> | ||
Line 381: | Line 454: | ||
Temp name was sceSblSsMgrAESECBDecryptWithKeygenForDriver. | Temp name was sceSblSsMgrAESECBDecryptWithKeygenForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x2. |
no usages found | no usages found | ||
Line 391: | Line 464: | ||
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally | // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesEcbDecNPForDriver( | + | int sceSblDmac5AesEcbDecNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int key_id, int mask_enable); |
</source> | </source> | ||
Line 402: | Line 475: | ||
|} | |} | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x1. |
− | + | Used in [[SceSblMgKeyMgr]]. | |
<source lang="c"> | <source lang="c"> | ||
Line 411: | Line 484: | ||
// key_size - 0x80 / 0xC0 / 0x100 (size in bits) | // key_size - 0x80 / 0xC0 / 0x100 (size in bits) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesEcbEncWithKeyslotForDriver( | + | int sceSblDmac5AesEcbEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable); |
</source> | </source> | ||
Line 422: | Line 495: | ||
|} | |} | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x2. |
− | + | Used in [[SceSblMgKeyMgr]]. | |
<source lang="c"> | <source lang="c"> | ||
Line 431: | Line 504: | ||
// key_size - 128 / 192 / 256 (size in bits) | // key_size - 128 / 192 / 256 (size in bits) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesEcbDecWithKeyslotForDriver( | + | int sceSblDmac5AesEcbDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable); |
</source> | </source> | ||
Line 450: | Line 523: | ||
* for 192 - 3DES | * for 192 - 3DES | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x41. |
Used in [[SceSblMgKeyMgr]]. | Used in [[SceSblMgKeyMgr]]. | ||
Line 459: | Line 532: | ||
// key_size - 192 (size in bits) - other sizes also work | // key_size - 192 (size in bits) - other sizes also work | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5DesEcbEncWithKeyslotForDriver( | + | int sceSblDmac5DesEcbEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable); |
</source> | </source> | ||
Line 478: | Line 551: | ||
* for 192 - 3DES | * for 192 - 3DES | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x42. |
Used in [[SceSblMgKeyMgr]]. | Used in [[SceSblMgKeyMgr]]. | ||
Line 487: | Line 560: | ||
// key_size - 192 (size in bits) - other sizes also work | // key_size - 192 (size in bits) - other sizes also work | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5DesEcbDecWithKeyslotForDriver( | + | int sceSblDmac5DesEcbDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable); |
</source> | </source> | ||
Line 506: | Line 579: | ||
* for 0xC0 - 3DES | * for 0xC0 - 3DES | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x49. |
no usages found | no usages found | ||
Line 516: | Line 589: | ||
// iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?) | // iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5DesCbcEncWithKeyslotForDriver( | + | int sceSblDmac5DesCbcEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable); |
</source> | </source> | ||
Line 535: | Line 608: | ||
* for 0xC0 - 3DES | * for 0xC0 - 3DES | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x4A. |
no usages found | no usages found | ||
Line 545: | Line 618: | ||
// iv - length is 8 for DES | // iv - length is 8 for DES | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5DesCbcDecWithKeyslotForDriver( | + | int sceSblDmac5DesCbcDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable); |
</source> | </source> | ||
Line 558: | Line 631: | ||
Temp name was sceSblSsMgrAESCBCEncryptForDriver. | Temp name was sceSblSsMgrAESCBCEncryptForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x9. |
− | Used | + | Used in [[ScePfsMgr]]. |
<source lang="c"> | <source lang="c"> | ||
Line 568: | Line 641: | ||
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) | // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesCbcEncForDriver( | + | int sceSblDmac5AesCbcEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable); |
</source> | </source> | ||
Line 583: | Line 656: | ||
Temp name was sceSblSsMgrAESCBCDecryptForDriver. | Temp name was sceSblSsMgrAESCBCDecryptForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0xA. |
− | Used | + | Used in [[ScePfsMgr]]. |
<source lang="c"> | <source lang="c"> | ||
Line 593: | Line 666: | ||
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) | // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesCbcDecForDriver( | + | int sceSblDmac5AesCbcDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable); |
</source> | </source> | ||
Line 606: | Line 679: | ||
Temp name was sceSblSsMgrAESCBCEncryptWithKeygenForDriver. | Temp name was sceSblSsMgrAESCBCEncryptWithKeygenForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x9. |
− | Used | + | Used in [[ScePfsMgr]]. |
<source lang="c"> | <source lang="c"> | ||
Line 617: | Line 690: | ||
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally | // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesCbcEncNPForDriver( | + | int sceSblDmac5AesCbcEncNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable); |
</source> | </source> | ||
Line 630: | Line 703: | ||
Temp name was sceSblSsMgrAESCBCDecryptWithKeygenForDriver. | Temp name was sceSblSsMgrAESCBCDecryptWithKeygenForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0xA. |
− | Used | + | Used in [[ScePfsMgr]]. |
<source lang="c"> | <source lang="c"> | ||
Line 641: | Line 714: | ||
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally | // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesCbcDecNPForDriver( | + | int sceSblDmac5AesCbcDecNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable); |
</source> | </source> | ||
Line 649: | Line 722: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 3.60 || 0x82B5DCEF | + | | 1.50-3.60 || 0x82B5DCEF |
|} | |} | ||
Temp name was sceSblSsMgrAESCTREncryptForDriver. | Temp name was sceSblSsMgrAESCTREncryptForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x21. |
− | Used | + | Used in [[SceNpDrm]]. |
This function can also be used for decryption since CTR is symmetric function. | This function can also be used for decryption since CTR is symmetric function. | ||
Line 666: | Line 739: | ||
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) | // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesCtrEncForDriver( | + | int sceSblDmac5AesCtrEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable); |
</source> | </source> | ||
Line 679: | Line 752: | ||
Temp name was sceSblSsMgrAESCTRDecryptForDriver. | Temp name was sceSblSsMgrAESCTRDecryptForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x22. |
no usages found | no usages found | ||
Line 691: | Line 764: | ||
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) | // iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?) | ||
// mask_enable = 1 | // mask_enable = 1 | ||
− | int sceSblDmac5AesCtrDecForDriver( | + | int sceSblDmac5AesCtrDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable); |
</source> | </source> | ||
Line 702: | Line 775: | ||
|} | |} | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x3. |
− | Used | + | Used in [[ScePfsMgr]]. |
<source lang="c"> | <source lang="c"> | ||
Line 711: | Line 784: | ||
// mask_enable = 1 | // mask_enable = 1 | ||
// command_bit = 0 / 0x400 / 0x800 / 0xC00 | // command_bit = 0 / 0x400 / 0x800 / 0xC00 | ||
− | int sceSblSsMgrSha1ForDriver( | + | int sceSblSsMgrSha1ForDriver(const void *src, void *dst, SceSize size, void *iv, int mask_enable, int command_bit); |
</source> | </source> | ||
Line 724: | Line 797: | ||
Temp name was sceSblSsMgrHMACSHA1ForDriver. | Temp name was sceSblSsMgrHMACSHA1ForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x23. |
− | Used | + | Used in [[ScePfsMgr]]. |
Key size is always 256 bits. | Key size is always 256 bits. | ||
Line 735: | Line 808: | ||
// mask_enable = 1 | // mask_enable = 1 | ||
// command_bit = 0 / 0x400 / 0x800 / 0xC00 | // command_bit = 0 / 0x400 / 0x800 / 0xC00 | ||
− | int sceSblDmac5Sha1HmacTransformForDriver( | + | int sceSblDmac5Sha1HmacTransformForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int mask_enable, int command_bit); |
</source> | </source> | ||
Line 748: | Line 821: | ||
Temp name was sceSblSsMgrHMACSHA1WithKeygenForDriver. | Temp name was sceSblSsMgrHMACSHA1WithKeygenForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x23. |
no usages found | no usages found | ||
Line 761: | Line 834: | ||
// mask_enable = 1 | // mask_enable = 1 | ||
// command_bit = 0 / 0x400 / 0x800 / 0xC00 | // command_bit = 0 / 0x400 / 0x800 / 0xC00 | ||
− | int sceSblDmac5Sha1HmacNPForDriver( | + | int sceSblDmac5Sha1HmacNPForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int key_id, int mask_enable, int command_bit); |
</source> | </source> | ||
Line 774: | Line 847: | ||
Temp name was sceSblSsMgrHMACSHA256ForDriver. | Temp name was sceSblSsMgrHMACSHA256ForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x33. |
no usages found | no usages found | ||
Line 783: | Line 856: | ||
// mask_enable = 1 | // mask_enable = 1 | ||
// command_bit = 0 / 0x400 / 0x800 / 0xC00 | // command_bit = 0 / 0x400 / 0x800 / 0xC00 | ||
− | int sceSblDmac5Sha256HmacForDriver( | + | int sceSblDmac5Sha256HmacForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int mask_enable, int command_bit); |
</source> | </source> | ||
Line 796: | Line 869: | ||
Temp name was sceSblSsMgrAESCMACForDriver. | Temp name was sceSblSsMgrAESCMACForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x3B. |
Used in [[ScePfsMgr]]. | Used in [[ScePfsMgr]]. | ||
Line 807: | Line 880: | ||
// mask_enable = 1 | // mask_enable = 1 | ||
// command_bit = 0 / 0x400 / 0x800 / 0xC00 | // command_bit = 0 / 0x400 / 0x800 / 0xC00 | ||
− | int sceSblDmac5AesCmacForDriver( | + | int sceSblDmac5AesCmacForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable, int command_bit); |
</source> | </source> | ||
Line 820: | Line 893: | ||
Temp name was sceSblSsMgrAESCMACWithKeygenForDriver. | Temp name was sceSblSsMgrAESCMACWithKeygenForDriver. | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x3B. |
Used in [[ScePfsMgr]]. | Used in [[ScePfsMgr]]. | ||
Line 829: | Line 902: | ||
// key_size - 128 / 192 / 256 (size in bits) | // key_size - 128 / 192 / 256 (size in bits) | ||
// iv = 0 | // iv = 0 | ||
− | // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. | + | // key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. Uses slot_id range 0x0C-0x17 internally |
// mask_enable = 1 | // mask_enable = 1 | ||
// command_bit = 0 / 0x400 / 0x800 / 0xC00 | // command_bit = 0 / 0x400 / 0x800 / 0xC00 | ||
− | int sceSblDmac5AesCmacNPForDriver( | + | int sceSblDmac5AesCmacNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable, int command_bit); |
</source> | </source> | ||
Line 843: | Line 916: | ||
|} | |} | ||
− | Executes [[ | + | Executes [[Dmac5]] command 0x3B. |
no usages found | no usages found | ||
Line 854: | Line 927: | ||
// mask_enable = 1 | // mask_enable = 1 | ||
// command_bit = 0 / 0x400 / 0x800 / 0xC00 | // command_bit = 0 / 0x400 / 0x800 / 0xC00 | ||
− | int sceSblDmac5AesCmacWithKeyslotForDriver( | + | int sceSblDmac5AesCmacWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable, int command_bit); |
</source> | </source> | ||
Line 865: | Line 938: | ||
|} | |} | ||
− | Executes [[ | + | Executes [[Dmac5]] commands related to hash functions. |
− | Used | + | Used in [[SceNpDrm]]. |
− | <source lang="c"> | + | <source lang="c">int sceSblSsMgrExecuteDmac5HashCommandForDriver(const void *src, void *dst, SceSize size, void *iv, int mask_enable, int command, int command_bit);</source> |
− | int sceSblSsMgrExecuteDmac5HashCommandForDriver( | ||
− | </source> | ||
=== sceSblSsEncryptWithPortabilityForDriver === | === sceSblSsEncryptWithPortabilityForDriver === | ||
Line 878: | Line 949: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0. | + | | 0.931-3.60 || 0x21EC51F6 |
|} | |} | ||
derived from <code>_vshSblSsEncryptWithPortability</code> | derived from <code>_vshSblSsEncryptWithPortability</code> | ||
− | + | Strangely it does not communicate with [[F00D_Commands#0x1000A|encdec_w_portability_sm command 0x1000A]]. That's because anyway this SM command is not implemented in release FWs. | |
− | <source lang="C"> | + | <source lang="C">int sceSblSsEncryptWithPortabilityForDriver(int key_id, void *iv, ScePortabilityData *plain, ScePortabilityData *enc);</source> |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | int sceSblSsEncryptWithPortabilityForDriver(int key_id, | ||
− | </source> | ||
=== sceSblSsDecryptWithPortabilityForDriver === | === sceSblSsDecryptWithPortabilityForDriver === | ||
Line 900: | Line 963: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0. | + | | 0.931-3.60 || 0x934DB6B5 |
|} | |} | ||
derived from <code>_vshSblSsDecryptWithPortability</code> | derived from <code>_vshSblSsDecryptWithPortability</code> | ||
− | + | For example, decrypts or derives AES key that is used in msif to decrypt static sha224 table. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | Executes F00D [[F00D_Commands#0x2000A_-_DecryptWithPortability|encdec_w_portability_sm command 0x2000A]]. | |
− | |||
− | |||
− | |||
− | |||
− | int sceSblSsDecryptWithPortabilityForDriver( | + | <source lang="C">int sceSblSsDecryptWithPortabilityForDriver(SceUInt32 key_type, void *iv, ScePortabilityData *enc, ScePortabilityData *plain);</source> |
− | </source> | ||
=== sceSblSsGetNvsDataForDriver === | === sceSblSsGetNvsDataForDriver === | ||
Line 935: | Line 984: | ||
derived from <code>_vshSblSsGetNvsData</code> | derived from <code>_vshSblSsGetNvsData</code> | ||
− | + | Calls [[SceSyscon#sceSysconNvsReadDataForDriver|sceSysconNvsReadDataForDriver]]. | |
<source lang="C"> | <source lang="C"> | ||
− | //index - | + | // index - 0-5 |
− | // | + | // pData - destination buffer |
− | int sceSblSsGetNvsDataForDriver( | + | // size - 2, 4, 8, 0x10, 0x20 |
+ | int sceSblSsGetNvsDataForDriver(SceSblSsNvsData index, void *pData, SceSize size); | ||
</source> | </source> | ||
Line 953: | Line 1,003: | ||
derived from <code>_vshSblSsSetNvsData</code> | derived from <code>_vshSblSsSetNvsData</code> | ||
− | + | Calls [[SceSyscon#sceSysconNvsWriteDataForDriver|sceSysconNvsWriteDataForDriver]]. | |
<source lang="C"> | <source lang="C"> | ||
− | //index - | + | // index - 0-5 |
− | // | + | // pData - source buffer |
− | int sceSblSsSetNvsDataForDriver( | + | // size - 2, 4, 8, 0x10, 0x20 |
+ | int sceSblSsSetNvsDataForDriver(SceSblSsNvsData index, void *pData, SceSize size); | ||
</source> | </source> | ||
Line 969: | Line 1,020: | ||
|} | |} | ||
− | Temp name was sceSblSsMgrGetVisibleIdForDriver | + | Temp name was sceSblSsMgrGetVisibleIdForDriver, sceSblSsMgrGetFuseIdForDriver. |
− | |||
− | |||
Derived from <code>_vshSblAimgrGetVisibleId</code>. | Derived from <code>_vshSblAimgrGetVisibleId</code>. | ||
− | Executes F00D | + | Executes F00D [[F00D_Commands#0x3_-_GetVisibleId|aimgr_sm command 0x3]]. |
− | <source lang="C"> | + | <source lang="C">int sceSblAimgrGetVisibleIdForDriver(SceVisibleId *pVisibleId);</source> |
− | |||
− | |||
− | |||
− | |||
− | int sceSblAimgrGetVisibleIdForDriver( | ||
− | </source> | ||
=== sceSblAimgrGetConsoleIdForDriver === | === sceSblAimgrGetConsoleIdForDriver === | ||
Line 995: | Line 1,038: | ||
Temp name was sceSblSsMgrGetConsoleIdForDriver. | Temp name was sceSblSsMgrGetConsoleIdForDriver. | ||
− | This function obtains Console Id by executing | + | This function obtains Console Id by executing F00D [[F00D_Commands#0x1_-_GetConsoleId|aimgr_sm command 0x1]]. |
+ | |||
+ | <source lang="c">int sceSblAimgrGetConsoleIdForDriver(SceConsoleId *pConsoleId);</source> | ||
− | + | === sceSblAimgrGetOpenPsIdForDriver === | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | === sceSblAimgrGetOpenPsIdForDriver === | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 1,022: | Line 1,054: | ||
This function returns information from a static buffer that is initialized on module_start. | This function returns information from a static buffer that is initialized on module_start. | ||
− | + | OpenPsId comes from kbl_param->openpsid using [[SceSysmem#sceKernelSysrootGetKblParamForKernel]]. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | int sceSblAimgrGetOpenPsIdForDriver( | + | <source lang="C">int sceSblAimgrGetOpenPsIdForDriver(SceOpenPsId *pOpenPsId);</source> |
− | </source> | ||
=== sceSblAimgrGetPscodeForDriver === | === sceSblAimgrGetPscodeForDriver === | ||
Line 1,046: | Line 1,072: | ||
This function returns information from a static buffer that is initialized on module_start. | This function returns information from a static buffer that is initialized on module_start. | ||
− | + | PsCode comes from kbl_param->pscode using [[SceSysmem#sceKernelSysrootGetKblParamForKernel]]. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | int sceSblAimgrGetPscodeForDriver( | + | <source lang="C">int sceSblAimgrGetPscodeForDriver(ScePsCode *pPsCode);</source> |
− | </source> | ||
=== sceSblAimgrGetPscode2ForDriver === | === sceSblAimgrGetPscode2ForDriver === | ||
Line 1,069: | Line 1,086: | ||
Temp name was sceSblSsMgrGetPscode2ForDriver. | Temp name was sceSblSsMgrGetPscode2ForDriver. | ||
− | + | Derived from <code>_vshSblAimgrGetPscode2</code> | |
− | + | Executes F00D [[F00D_Commands#0x4_-_GetPsCode|aimgr_sm command 0x4]]. | |
− | <source lang="C">int sceSblAimgrGetPscode2ForDriver( | + | <source lang="C">int sceSblAimgrGetPscode2ForDriver(ScePsCode *pPsCode);</source> |
=== sceSblSsCreatePassPhraseForDriver === | === sceSblSsCreatePassPhraseForDriver === | ||
Line 1,083: | Line 1,100: | ||
|} | |} | ||
− | + | Executes F00D [[F00D_Commands#0x5_-_CreatePassPhrase|aimgr_sm command 0x5]]. | |
derived from <code>_vshSblSsCreatePassPhrase</code> | derived from <code>_vshSblSsCreatePassPhrase</code> | ||
<source lang="C"> | <source lang="C"> | ||
− | //input is of size 0x18 | + | // input is of size 0x18 |
int sceSblSsCreatePassPhraseForDriver(char *input, char *output); | int sceSblSsCreatePassPhraseForDriver(char *input, char *output); | ||
</source> | </source> | ||
− | === sceSblSsInfraAllocatePARangeVectorForDriver === | + | === sceSblSsInfraAllocatePARangeVectorForDriver === |
− | {| class="wikitable" | + | {| class="wikitable" |
− | |- | + | |- |
− | ! Version !! NID | + | ! Version !! NID |
− | |- | + | |- |
− | | 3.60 || 0xE0B13BA7 | + | | 3.60 || 0xE0B13BA7 |
− | |} | + | |} |
+ | |||
+ | Does some initialization. | ||
+ | |||
+ | Used by [[SceSblUpdateMgr]]. | ||
+ | |||
+ | <source lang="C">int sceSblSsInfraAllocatePARangeVectorForDriver(void *buf, SceSize size, SceUID blockid, SceKernelPAVector *pPAV);</source> | ||
+ | |||
+ | === SceSblSsMgrForDriver_C38D0CEA === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 3.60 || 0xC38D0CEA | ||
+ | |} | ||
+ | |||
+ | Does some cleanup. | ||
+ | |||
+ | Used by [[SceSblUpdateMgr]]. | ||
+ | |||
+ | === sceSblSsMemsetForDriver === | ||
+ | {| class="wikitable" | ||
+ | |- | ||
+ | ! Version !! NID | ||
+ | |- | ||
+ | | 3.60 || 0xCD98CC92 | ||
+ | |} | ||
+ | |||
+ | Used by [[SceSblPostSsMgr]]. | ||
+ | |||
+ | <source lang="C">void sceSblSsMemsetForDriver(char* dest, char value, int size);</source> | ||
− | + | === sceSblRtcMgrSetCpRtc_1ForDriver === | |
− | |||
− | |||
− | |||
− | == | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | | + | | 0.931 || 0x2B259A82 |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|- | |- | ||
− | | 3.60 || | + | | 3.60 || not present |
|} | |} | ||
− | + | === sceSblRtcMgrSetCpRtc_2ForDriver === | |
− | |||
− | |||
− | |||
− | == | ||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
Line 1,181: | Line 1,212: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0.940 || 0x196C7FB2 | + | | 0.931-0.940 || 0x196C7FB2 |
|- | |- | ||
| 3.60 || moved to PostSsMgr | | 3.60 || moved to PostSsMgr | ||
Line 1,191: | Line 1,222: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0.940 || 0x33B706E1 | + | | 0.931-0.940 || 0x33B706E1 |
|- | |- | ||
| 3.60 || moved to PostSsMgr | | 3.60 || moved to PostSsMgr | ||
|} | |} | ||
− | |||
− | |||
− | |||
− | |||
=== sceSblPmMgrAuthEtoIForDriver === | === sceSblPmMgrAuthEtoIForDriver === | ||
Line 1,205: | Line 1,232: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | 0.940 || 0xB241EA2B | + | | 0.931-0.940 || 0xB241EA2B |
|- | |- | ||
| 3.60 || moved to PostSsMgr | | 3.60 || moved to PostSsMgr | ||
Line 1,233: | Line 1,260: | ||
<source lang="C"> | <source lang="C"> | ||
− | typedef struct SceQafToken | + | typedef struct SceQafToken { |
− | { | ||
char data[0x80]; | char data[0x80]; | ||
− | char sig[0x100]; // | + | char sig[0x100]; // Not present on FW 0.990. Present on FW 3.60 |
− | }; | + | } SceQafToken; |
</source> | </source> | ||
Line 1,248: | Line 1,274: | ||
|} | |} | ||
− | On 3.60 returns 0x80010058. | + | On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS). |
<source lang="C">int sceSblQafMgrGetQafToken(SceQafToken *qaf_token);</source> | <source lang="C">int sceSblQafMgrGetQafToken(SceQafToken *qaf_token);</source> | ||
Line 1,270: | Line 1,296: | ||
|} | |} | ||
− | On 3.60 returns 0x80010058. | + | On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS). |
<source lang="C">int sceSblQafManagerSetQafTokenForUser(SceQafToken qaf_token);</source> | <source lang="C">int sceSblQafManagerSetQafTokenForUser(SceQafToken qaf_token);</source> | ||
Line 1,292: | Line 1,318: | ||
|} | |} | ||
− | On 3.60 returns 0x80010058. | + | On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS). |
<source lang="C">int sceSblQafManagerDeleteQafTokenForUser(void);</source> | <source lang="C">int sceSblQafManagerDeleteQafTokenForUser(void);</source> | ||
Line 1,316: | Line 1,342: | ||
SceKernelSuspendForDriver_4DF40893_0(0); | SceKernelSuspendForDriver_4DF40893_0(0); | ||
ret = sceSblNvsWriteDataForKernel(0x400, data, 0x80); | ret = sceSblNvsWriteDataForKernel(0x400, data, 0x80); | ||
− | if ( ret ) | + | if ( ret ) { |
− | |||
SceKernelSuspendForDriver_4DF40893(0); | SceKernelSuspendForDriver_4DF40893(0); | ||
result = ret; | result = ret; | ||
− | } | + | } else { |
− | |||
− | |||
ret2 = sceSblNvsWriteDataForKernel(0x5A0, sig, 0x100); | ret2 = sceSblNvsWriteDataForKernel(0x5A0, sig, 0x100); | ||
− | if ( ret2 ) | + | if ( ret2 ) { |
− | |||
SceKernelSuspendForDriver_4DF40893(0); | SceKernelSuspendForDriver_4DF40893(0); | ||
result = ret2; | result = ret2; | ||
− | } | + | } else { |
− | |||
− | |||
flag = 1; | flag = 1; | ||
ret3 = sceSblNvsWriteDataForKernel(0x480, &flag, 1); | ret3 = sceSblNvsWriteDataForKernel(0x480, &flag, 1); | ||
Line 1,602: | Line 1,622: | ||
! Version !! NID | ! Version !! NID | ||
|- | |- | ||
− | | | + | | 0.990-3.60 || 0xD0B1F759 |
|} | |} | ||
Line 1,643: | Line 1,663: | ||
|} | |} | ||
− | <source lang="C">int _sceKernelGetOpenPsId( | + | <source lang="C">int _sceKernelGetOpenPsId(SceOpenPsId *pOpenPsId);</source> |
[[Category:Modules]] | [[Category:Modules]] | ||
[[Category:Kernel]] | [[Category:Kernel]] |
Revision as of 02:13, 13 June 2020
Module
Known NIDs
Version | Name | World | Privilege | NID |
---|---|---|---|---|
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xFDDD93FA |
3.60 | SceSblSsMgr | Non-secure | Kernel | 0x4E913538 |
Libraries
Known NIDs
Version | Name | World | Visibility | NID |
---|---|---|---|---|
1.69-3.60 | SceSblSsMgrForKernel | Non-secure | Kernel | 0x74580D9F |
1.69-3.60 | SceSblSsMgrForDriver | Non-secure | Kernel | 0x61E9428D |
1.69 | SceSblSsMgr | Non-secure | Kernel | 0xEC86E4B0 |
1.69-3.60 | SceSblQafMgr | Non-secure | User | 0x756B7E89 |
1.69-3.60 | SceSblRng | Non-secure | User | 0x1843F124 |
1.69-3.60 | SceSblDmac5Mgr | Non-secure | User | 0x437366A2 |
1.69-3.60 | SceSblAimgr | Non-secure | User | 0xD473F968 |
Types
SceKitActivationData
Offset | Size | Description |
---|---|---|
0x00 | 0x4 | Magic "act\0" |
0x04 | 0x4 | Format version |
0x08 | 0x4 | Issue number (increment each activation, prevent rollback) |
0x0C | 0x4 | Start validity time unix timestamp |
0x10 | 0x4 | End validity time unix timestamp |
0x14 | 0x10 | Activation key |
0x24 | 0x1C | Unused |
0x40 | 0x40 | Encrypted Token (First 0x30 bytes of SceKitActivationData then 0x10 byte CMAC) |
typedef struct SceConsoleId {
uint16_t unk; // {0, 0}
uint16_t company_code; // {0, 1}
uint16_t product_code;
uint16_t product_sub_code;
uint8_t chassis_check;
uint8_t unknown[7];
} SceConsoleId;
typedef struct SceOpenPsId {
uint8_t open_psid[0x10];
} SceOpenPsId;
typedef struct ScePsCode {
uint16_t company_code; // {0, 1}
uint16_t product_code;
uint16_t product_sub_code;
uint16_t factory_code; // = chassis_check >> 2;
} ScePsCode;
typedef struct Sce SceVisibleId {
char visible_id[0x20];
} SceVisibleId;
typedef enum SceSblSsNvsData {
SCE_SBL_SS_NVS_DATA_UNK_4A4 = 0, // offset 0x4A4, size 4
SCE_SBL_SS_NVS_DATA_UNK_500 = 1, // offset 0x500, size 1
SCE_SBL_SS_NVS_DATA_UNK_482 = 2, // offset 0x482, size 1
SCE_SBL_SS_NVS_DATA_UNK_4E0 = 3, // offset 0x4E0, size 0x20
SCE_SBL_SS_NVS_DATA_UNK_483 = 4, // offset 0x483, size 1
SCE_SBL_SS_NVS_DATA_UNK_486 = 5 // offset 0x486, size 1
} SceSblSsNvsData;
typedef struct SceKitActivationDataToken { // size is 0x40 bytes
char magic[4]; // "act\n"
uint32_t issue_no;
uint32_t format_version;
uint32_t start_date;
uint32_t end_date;
char open_psid[0x10];
char padding[0xC];
char cmac[0x10];
} SceKitActivationDataToken;
// This is what embeds the tm0:activation/act.dat file
typedef struct SceKitActivationData { // size is 0x80 bytes
char magic[4]; // "act\n"
uint32_t issue_no;
uint32_t format_version;
uint32_t start_date;
uint32_t end_date;
char open_psid[0x10];
char padding[0x1C];
char encrypted_token[0x40];
} SceKitActivationData;
typedef struct SceQafToken { // size is 0x80 bytes
SceUInt32 qaf_version;
SceUInt32 unk_4;
char qaf_name[0x10]; // "NO_FLAGS" by default
char unk_18[8];
char consoleid[0x10];
char qa_flags[0x10];
char unk_40[0x30];
char cmac[0x10]; // AES256CMAC of SceQafToken with zeroed CMAC field
} SceQafToken;
typedef struct ScePortabilityData { // size is 0x24
SceSize msg_size; // max size is 0x20
uint8_t msg[0x20];
} ScePortabilityData;
// Used by run_encdec_cmd, itself called by sceSblDmac5EncDec for example.
typedef struct dmac_op_ctx {
dmac_op_ctx_heap *ctx_heap_addr;
uint keyring_key_count; // if keyring_key_count < 0x100, keyring_key_count is used as DKey
uint unk_8;
SceUID dmac_opid; // used with sceKernelDmaOpFreeForDriver
char iv[0x28]; // iv_size can be 0, 8, 0x10 or 0x28 depending on cmd itself depending on key_size
} dmac_op_ctx;
typedef struct dmac_op_ctx_heap { // size is 0x40 on FW 0.990
uint cmd;
uint unk_4; // 0x100
uint unk_8; // 0 if unk_flag = 0, 0x3ffff else
uint dmac5_op;
char reserved[0x30];
} dmac_op_ctx_heap;
SceSblSsMgrForKernel
sceSblNvsReadDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xC2EC8F5A |
Previous name was sceSblSsMgrGetSysconDataForKernel and sceSblSsMgrNvsReadDataForKernel.
Calls sceSysconNvsReadDataForDriver.
Trying to read at offset 0-0x3FF: error 0x8025023C (cannot read SNVS using this function, need to use new protocols, to be documented).
Trying to read at offset > 0xB5F: error 0x80250001 (out of range).
int sceSblNvsReadDataForKernel(int offset, char *buffer, int size);
sceSblNvsWriteDataForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE29E161C |
Previous name was sceSblSsMgrSetSysconDataForKernel and sceSblSsMgrNvsWriteDataForKernel.
Calls sceSysconNvsWriteDataForDriver.
int sceSblNvsWriteDataForKernel(int offset, char *buffer, int size);
return_ffffffff
Version | NID |
---|---|
0.990-3.60 | 0x516ECC08 |
From 0.990 to 3.60, all it does is return -1; // 0xFFFFFFFF.
int return_ffffffff(void);
sceSblQafManagerGetQafTokenForKernel
Version | NID |
---|---|
0.931-0.990 | 0x281FD75A |
int sceSblQafManagerGetQafTokenForKernel(SceQafToken *pToken);
sceSblQafManagerSetQafTokenForKernel
Version | NID |
---|---|
0.931-0.990 | 0x8E9447A1 |
int sceSblQafManagerSetQafTokenForKernel(SceQafToken *pToken);
get_qaf_token
Version | NID |
---|---|
1.03 | 0x228A6653 |
On 0.990, only returns -1.
SceQafToken *temp_token = token;
sceSblNvsReadDataForKernel(0x480, flag, 1);
if (!flag) {
nvs_read(0x400, temp_token, 0x80);
ret = exec_qaf_sm(temp_token, 0);
}
return ret;
int get_qaf_token(SceQafToken *token)
sceSblQafManagerClearQafTokenForKernel
Version | NID |
---|---|
0.931-0.990 | 0xD45155C6 |
int sceSblQafManagerClearQafTokenForKernel(void);
uint32_t ret;
char qaf_token[0x80];
memset(&qaf_token, 0xFF, 0x80);
SceKernelSuspendForDriver_4DF40893(0);
ret = sceSblNvsWriteDataForKernel(0x400, &qaf_token, 0x80);
if (!ret) // if qaf_token successfully written, set a flag at 0x480
ret = sceSblNvsWriteDataForKernel(0x480, 1, 1);
SceKernelSuspendForDriver_2BB92967(0);
return ret;
sceSblQafManagerGetQAFlagsForKernel
Version | NID |
---|---|
0.990-3.60 | 0x83D254FF |
int sceSblQafManagerGetQAFlagsForKernel(char buffer[0x10]);
sceSblQafManagerGetQafNameForKernel
Version | NID |
---|---|
0.990-3.60 | 0xE2DD0378 |
if ( byte_81008725 & 2 ) {
char workaround_string = "qaf_workaround";
memcpy(buffer, workaround_string, max_len);
} else {
sceSblNvsReadDataForKernel(0x480, flag, 1);
if (flag) {
sceSblNvsReadDataForKernel(0x400, buf, 0x80);
memcpy(buffer, buf, 0x18);
}
}
int sceSblQafManagerGetQafNameForKernel(char *buffer, unsigned int max_len);
SceSblSsMgrForDriver
Cryptographic functions in this module typically have 3 variations:
- Use
key
- meaning that the key that you provide is used directly for encryption/decryption. - Use
slot_id
- meaning that you have to use sceSblAuthMgrSetDmac5KeyForKernel function to set the key into a specific slot. In this case you select a key from F00D bykey_id
. It will be encrypted by F00D and placed into the slot selected byslot_id
. - Use
key_id
- meaning that the call to sceSblAuthMgrSetDmac5KeyForKernel will happen internally. In this case the key from F00D is also selected bykey_id
and encrypted by F00D. It is then placed into one of the available slots. Default slot range is 0xC-0x17.
sceSblRngPseudoRandomNumberForDriver
Version | NID |
---|---|
3.60 | 0x4F9BFBE5 |
Temp name was sceSblSsMgrGetRandomNumberForDriver.
int sceSblRngPseudoRandomNumberForDriver(char* result, int size);
sceSblRngGenuineRandomNumberForDriver
Version | NID |
---|---|
0.990-3.60 | 0xAC57F4F0 |
Temp name was sceSblSsMgrGetRandomDataForDriver.
Generates random data of length 0x40 bytes by doing: sceSblDmac5RndForDriver(dest, 0x40, 1);
Used in SceKrm, SceSblGcAuthMgr.
int sceSblRngGenuineRandomNumberForDriver(char* dest);
sceSblDmac5AllocOpForDriver
Version | NID |
---|---|
0.931 | 0x18A1BF77 |
3.60 | not present |
sceSblDmac5FreeOpForDriver
Version | NID |
---|---|
0.931 | 0xEB462E80 |
3.60 | not present |
sceSblDmac5DirectCryptForDriver
Version | NID |
---|---|
0.931 | 0x29BE9D99 |
3.60 | not present |
sceSblDmac5RndForDriver
Version | NID |
---|---|
3.60 | 0x4DD1B2E5 |
Temp name was sceSblSsMgrGetRandomDataCropForDriver.
Generates random data of length by executing Dmac5 command 0x4.
Data is then cropped to fit the size in pOutputBuffer.
Used in SceMsif.
int sceSblDmac5RndForDriver(char* pOutputBuffer, int size, int unk);
sceSblDmac5AesEcbEncForDriver
Version | NID |
---|---|
0.990-3.60 | 0xC517770D |
Temp name was sceSblSsMgrAESECBEncryptForDriver.
Executes Dmac5 command 0x1.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// mask_enable = 1
int sceSblDmac5AesEcbEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int mask_enable);
sceSblDmac5AesEcbDecForDriver
Version | NID |
---|---|
0.990-3.60 | 0x7C978BE7 |
Temp name was sceSblSsMgrAESECBDecryptForDriver.
Executes Dmac5 command 0x2.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// mask_enable = 1
int sceSblDmac5AesEcbDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int mask_enable);
sceSblDmac5AesEcbEncNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x0F7D28AF |
Temp name was sceSblSsMgrAESECBEncryptWithKeygenForDriver.
Executes Dmac5 command 0x1.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// key_id - 0 - used with sceSblAuthMgrSetDmac5Key. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
int sceSblDmac5AesEcbEncNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int key_id, int mask_enable);
sceSblDmac5AesEcbDecNPForDriver
Version | NID |
---|---|
3.60 | 0x197ACF6F |
Temp name was sceSblSsMgrAESECBDecryptWithKeygenForDriver.
Executes Dmac5 command 0x2.
no usages found
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
int sceSblDmac5AesEcbDecNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, int key_id, int mask_enable);
sceSblDmac5AesEcbEncWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x01BE0374 |
Executes Dmac5 command 0x1.
Used in SceSblMgKeyMgr.
// size - size of data in src
// slot_id - 0x1C, 0x1D, 0x1E, 0x1F
// key_size - 0x80 / 0xC0 / 0x100 (size in bits)
// mask_enable = 1
int sceSblDmac5AesEcbEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable);
sceSblDmac5AesEcbDecWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x8B4700CB |
Executes Dmac5 command 0x2.
Used in SceSblMgKeyMgr.
// size - size of data in src
// slot_id - 0x1D, ?
// key_size - 128 / 192 / 256 (size in bits)
// mask_enable = 1
int sceSblDmac5AesEcbDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable);
sceSblDmac5DesEcbEncWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x37DD5CBF |
Temp name was sceSblSsMgrDES64ECBEncryptForDriver.
This also implements 3DES. Chosen function depends on key size.
- for 64 - DES
- for 128 - not tested. assuming 3DES with K1 = K3.
- for 192 - 3DES
Executes Dmac5 command 0x41.
Used in SceSblMgKeyMgr.
// size - size of data in src
// slot_id - 0x1C, ?
// key_size - 192 (size in bits) - other sizes also work
// mask_enable = 1
int sceSblDmac5DesEcbEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable);
sceSblDmac5DesEcbDecWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x8EAFB18A |
Temp name was sceSblSsMgrDES64ECBDecryptForDriver.
This also implements 3DES. Chosen function depends on key size.
- for 64 - DES
- for 128 - not tested. assuming 3DES with K1 = K3.
- for 192 - 3DES
Executes Dmac5 command 0x42.
Used in SceSblMgKeyMgr.
// size - size of data in src
// slot_id - 0x1C, ?
// key_size - 192 (size in bits) - other sizes also work
// mask_enable = 1
int sceSblDmac5DesEcbDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, int mask_enable);
sceSblDmac5DesCbcEncWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x05B38698 |
Temp name was sceSblSsMgrDES64CBCEncryptForDriver.
This also probably implements 3DES. Chosen function depends on key size.
- for 0x40 - DES
- for 0x80 - not tested. assuming 3DES with K1 = K3.
- for 0xC0 - 3DES
Executes Dmac5 command 0x49.
no usages found
// size - size of data in src
// slot_id - 0x1D, ?
// key_size - ? - does not matter ?
// iv - length is 8 for DES - will be updated after encryption (most likely for encrypting data in blocks?)
// mask_enable = 1
int sceSblDmac5DesCbcEncWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5DesCbcDecWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0x926BCCF0 |
Temp name was sceSblSsMgrDES64CBCDecryptForDriver.
This also probably implements 3DES. Chosen function depends on key size.
- for 0x40 - DES
- for 0x80 - not tested. assuming 3DES with K1 = K3.
- for 0xC0 - 3DES
Executes Dmac5 command 0x4A.
no usages found
// size - size of data in src
// slot_id - 0x1D, ?
// key_size - ? - does not matter ?
// iv - length is 8 for DES
// mask_enable = 1
int sceSblDmac5DesCbcDecWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5AesCbcEncForDriver
Version | NID |
---|---|
0.990-3.60 | 0xE6E1AD15 |
Temp name was sceSblSsMgrAESCBCEncryptForDriver.
Executes Dmac5 command 0x9.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (lenght in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// mask_enable = 1
int sceSblDmac5AesCbcEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5AesCbcDecForDriver
Version | NID |
---|---|
0.990-3.60 | 0x121FA69F |
SCE maybe made a typo: sceSblDmac5AEsCbcDecForDriver.
Temp name was sceSblSsMgrAESCBCDecryptForDriver.
Executes Dmac5 command 0xA.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// mask_enable = 1
int sceSblDmac5AesCbcDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5AesCbcEncNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x711C057A |
Temp name was sceSblSsMgrAESCBCEncryptWithKeygenForDriver.
Executes Dmac5 command 0x9.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
int sceSblDmac5AesCbcEncNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable);
sceSblDmac5AesCbcDecNPForDriver
Version | NID |
---|---|
0.990-3.60 | 0x1901CB5E |
Temp name was sceSblSsMgrAESCBCDecryptWithKeygenForDriver.
Executes Dmac5 command 0xA.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
int sceSblDmac5AesCbcDecNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable);
sceSblDmac5AesCtrEncForDriver
Version | NID |
---|---|
1.50-3.60 | 0x82B5DCEF |
Temp name was sceSblSsMgrAESCTREncryptForDriver.
Executes Dmac5 command 0x21.
Used in SceNpDrm.
This function can also be used for decryption since CTR is symmetric function.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// mask_enable = 1
int sceSblDmac5AesCtrEncForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5AesCtrDecForDriver
Version | NID |
---|---|
3.60 | 0x7D46768C |
Temp name was sceSblSsMgrAESCTRDecryptForDriver.
Executes Dmac5 command 0x22.
no usages found
this function can also be used for encryption since CTR is symmetric function
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20
// key_size - 128 / 192 / 256 (size in bits)
// iv - length is 0x10 for AES - will be updated after encryption (most likely for encrypting data in blocks?)
// mask_enable = 1
int sceSblDmac5AesCtrDecForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable);
sceSblDmac5Sha1ForDriver
Version | NID |
---|---|
3.60 | 0xEB3AF9B5 |
Executes Dmac5 command 0x3.
Used in ScePfsMgr.
// size - size of data in src
// iv = 0
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblSsMgrSha1ForDriver(const void *src, void *dst, SceSize size, void *iv, int mask_enable, int command_bit);
sceSblDmac5Sha1HmacTransformForDriver
Version | NID |
---|---|
0.990-3.60 | 0x6704D985 |
Temp name was sceSblSsMgrHMACSHA1ForDriver.
Executes Dmac5 command 0x23.
Used in ScePfsMgr.
Key size is always 256 bits.
// size - size of data in src
// iv = 0
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblDmac5Sha1HmacTransformForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int mask_enable, int command_bit);
sceSblDmac5Sha1HmacNPForDriver
Version | NID |
---|---|
3.60 | 0x92E37656 |
Temp name was sceSblSsMgrHMACSHA1WithKeygenForDriver.
Executes Dmac5 command 0x23.
no usages found
key_size is always 256 bits
// size - size of data in src
// key - length is always 0x20 bytes
// iv = 0
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblDmac5Sha1HmacNPForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int key_id, int mask_enable, int command_bit);
sceSblDmac5Sha256HmacForDriver
Version | NID |
---|---|
3.60 | 0x79F38554 |
Temp name was sceSblSsMgrHMACSHA256ForDriver.
Executes Dmac5 command 0x33.
no usages found
// size - size of data in src
// iv = 0
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblDmac5Sha256HmacForDriver(const void *src, void *dst, SceSize size, const void *key, void *iv, int mask_enable, int command_bit);
sceSblDmac5AesCmacForDriver
Version | NID |
---|---|
0.990-3.60 | 0x1B14658D |
Temp name was sceSblSsMgrAESCMACForDriver.
Executes Dmac5 command 0x3B.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv = 0
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblDmac5AesCmacForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int mask_enable, int command_bit);
sceSblDmac5AesCmacNPForDriver
Version | NID |
---|---|
3.60 | 0x83B058F5 |
Temp name was sceSblSsMgrAESCMACWithKeygenForDriver.
Executes Dmac5 command 0x3B.
Used in ScePfsMgr.
// size - size of data in src
// key - length is 0x10 / 0x18 / 0x20 (length in bytes)
// key_size - 128 / 192 / 256 (size in bits)
// iv = 0
// key_id - 0 - used with sceSblAuthMgrSetDmac5KeyForDriver. Uses slot_id range 0x0C-0x17 internally
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblDmac5AesCmacNPForDriver(const void *src, void *dst, SceSize size, const void *key, SceSize key_size, void *iv, int key_id, int mask_enable, int command_bit);
sceSblDmac5AesCmacWithKeyslotForDriver
Version | NID |
---|---|
3.60 | 0xEA6ACB6D |
Executes Dmac5 command 0x3B.
no usages found
// size - size of data in src
// slot_id - 0x1D, ?
// key_size - 128 / 192 / 256 (size in bits)
// iv = 0
// mask_enable = 1
// command_bit = 0 / 0x400 / 0x800 / 0xC00
int sceSblDmac5AesCmacWithKeyslotForDriver(const void *src, void *dst, SceSize size, int slot_id, SceSize key_size, void *iv, int mask_enable, int command_bit);
sceSblSsMgrExecuteDmac5HashCommandForDriver
Version | NID |
---|---|
3.60 | 0x9641374E |
Executes Dmac5 commands related to hash functions.
Used in SceNpDrm.
int sceSblSsMgrExecuteDmac5HashCommandForDriver(const void *src, void *dst, SceSize size, void *iv, int mask_enable, int command, int command_bit);
sceSblSsEncryptWithPortabilityForDriver
Version | NID |
---|---|
0.931-3.60 | 0x21EC51F6 |
derived from _vshSblSsEncryptWithPortability
Strangely it does not communicate with encdec_w_portability_sm command 0x1000A. That's because anyway this SM command is not implemented in release FWs.
int sceSblSsEncryptWithPortabilityForDriver(int key_id, void *iv, ScePortabilityData *plain, ScePortabilityData *enc);
sceSblSsDecryptWithPortabilityForDriver
Version | NID |
---|---|
0.931-3.60 | 0x934DB6B5 |
derived from _vshSblSsDecryptWithPortability
For example, decrypts or derives AES key that is used in msif to decrypt static sha224 table.
Executes F00D encdec_w_portability_sm command 0x2000A.
int sceSblSsDecryptWithPortabilityForDriver(SceUInt32 key_type, void *iv, ScePortabilityData *enc, ScePortabilityData *plain);
sceSblSsGetNvsDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0xFDD6D5DE |
derived from _vshSblSsGetNvsData
Calls sceSysconNvsReadDataForDriver.
// index - 0-5
// pData - destination buffer
// size - 2, 4, 8, 0x10, 0x20
int sceSblSsGetNvsDataForDriver(SceSblSsNvsData index, void *pData, SceSize size);
sceSblSsSetNvsDataForDriver
Version | NID |
---|---|
0.990-3.60 | 0x249ADB07 |
derived from _vshSblSsSetNvsData
Calls sceSysconNvsWriteDataForDriver.
// index - 0-5
// pData - source buffer
// size - 2, 4, 8, 0x10, 0x20
int sceSblSsSetNvsDataForDriver(SceSblSsNvsData index, void *pData, SceSize size);
sceSblAimgrGetVisibleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0x04843835 |
Temp name was sceSblSsMgrGetVisibleIdForDriver, sceSblSsMgrGetFuseIdForDriver.
Derived from _vshSblAimgrGetVisibleId
.
Executes F00D aimgr_sm command 0x3.
int sceSblAimgrGetVisibleIdForDriver(SceVisibleId *pVisibleId);
sceSblAimgrGetConsoleIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xFC6CDD68 |
Temp name was sceSblSsMgrGetConsoleIdForDriver.
This function obtains Console Id by executing F00D aimgr_sm command 0x1.
int sceSblAimgrGetConsoleIdForDriver(SceConsoleId *pConsoleId);
sceSblAimgrGetOpenPsIdForDriver
Version | NID |
---|---|
0.990-3.60 | 0xA5B5D269 |
Temp name was sceSblSsMgrGetOpenPsIdForDriver.
This function returns information from a static buffer that is initialized on module_start.
OpenPsId comes from kbl_param->openpsid using SceSysmem#sceKernelSysrootGetKblParamForKernel.
int sceSblAimgrGetOpenPsIdForDriver(SceOpenPsId *pOpenPsId);
sceSblAimgrGetPscodeForDriver
Version | NID |
---|---|
0.990-3.60 | 0xE0DC2587 |
Temp name was sceSblSsMgrGetPscodeForDriver.
Derived from _vshSblAimgrGetPscode
.
This function returns information from a static buffer that is initialized on module_start.
PsCode comes from kbl_param->pscode using SceSysmem#sceKernelSysrootGetKblParamForKernel.
int sceSblAimgrGetPscodeForDriver(ScePsCode *pPsCode);
sceSblAimgrGetPscode2ForDriver
Version | NID |
---|---|
3.60 | 0x9A9676D0 |
Temp name was sceSblSsMgrGetPscode2ForDriver.
Derived from _vshSblAimgrGetPscode2
Executes F00D aimgr_sm command 0x4.
int sceSblAimgrGetPscode2ForDriver(ScePsCode *pPsCode);
sceSblSsCreatePassPhraseForDriver
Version | NID |
---|---|
3.60 | 0xB8B298FD |
Executes F00D aimgr_sm command 0x5.
derived from _vshSblSsCreatePassPhrase
// input is of size 0x18
int sceSblSsCreatePassPhraseForDriver(char *input, char *output);
sceSblSsInfraAllocatePARangeVectorForDriver
Version | NID |
---|---|
3.60 | 0xE0B13BA7 |
Does some initialization.
Used by SceSblUpdateMgr.
int sceSblSsInfraAllocatePARangeVectorForDriver(void *buf, SceSize size, SceUID blockid, SceKernelPAVector *pPAV);
SceSblSsMgrForDriver_C38D0CEA
Version | NID |
---|---|
3.60 | 0xC38D0CEA |
Does some cleanup.
Used by SceSblUpdateMgr.
sceSblSsMemsetForDriver
Version | NID |
---|---|
3.60 | 0xCD98CC92 |
Used by SceSblPostSsMgr.
void sceSblSsMemsetForDriver(char* dest, char value, int size);
sceSblRtcMgrSetCpRtc_1ForDriver
Version | NID |
---|---|
0.931 | 0x2B259A82 |
3.60 | not present |
sceSblRtcMgrSetCpRtc_2ForDriver
Version | NID |
---|---|
0.940 | 0xD8F6F110 |
3.60 | moved to PostSsMgr |
sceSblRtcMgrGetCpRtcPhysicalForDriver
Version | NID |
---|---|
0.940 | 0xC96622EC |
3.60 | moved to PostSsMgr |
sceSblRtcMgrGetCpRtcLogicalForDriver
Version | NID |
---|---|
0.940 | 0xAF56206D |
3.60 | moved to PostSsMgr |
sceSblLicGetActivationKeyForDriver
Version | NID |
---|---|
0.940 | 0xED4878A4 |
3.60 | moved to PostSsMgr |
sceSblLicMgrGetExpireDateForDriver
Version | NID |
---|---|
0.940 | 0xE840CD4E |
3.60 | moved to PostSsMgr |
sceSblPmMgrGetProductModeFromNVSForDriver
Version | NID |
---|---|
0.931-0.940 | 0x196C7FB2 |
3.60 | moved to PostSsMgr |
sceSblPmMgrSetProductModeForDriver
Version | NID |
---|---|
0.931-0.940 | 0x33B706E1 |
3.60 | moved to PostSsMgr |
sceSblPmMgrAuthEtoIForDriver
Version | NID |
---|---|
0.931-0.940 | 0xB241EA2B |
3.60 | moved to PostSsMgr |
SceSblSsMgr
This library exists on 1.69 but doesn't exist on 3.60.
sceSblSsInfraAllocatePARangeVector
Version | NID |
---|---|
0.990 | 0x8C2822A9 |
SceSblSsMgr_FAD42134
Version | NID |
---|---|
0.990 | 0xFAD42134 |
SceSblQafMgr
typedef struct SceQafToken {
char data[0x80];
char sig[0x100]; // Not present on FW 0.990. Present on FW 3.60
} SceQafToken;
sceSblQafMgrGetQafToken
Version | NID |
---|---|
1.69-3.60 | 0xB6BAE81D |
On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS).
int sceSblQafMgrGetQafToken(SceQafToken *qaf_token);
sceSblQafMgrGetQafToken2
Version | NID |
---|---|
3.60 | 0xDFBA8569 |
int sceSblQafMgrGetQafToken2(SceQafToken *qaf_token);
sceSblQafManagerSetQafTokenForUser
Version | NID |
---|---|
1.69-3.60 | 0x56A16392 |
On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS).
int sceSblQafManagerSetQafTokenForUser(SceQafToken qaf_token);
sceSblQafMgrSetQafToken2
Version | NID |
---|---|
3.60 | 0xF4B5C8A5 |
int sceSblQafMgrSetQafToken2(SceQafToken qaf_token);
sceSblQafManagerDeleteQafTokenForUser
Version | NID |
---|---|
0.940-3.60 | 0xD542583F |
On 3.60 returns 0x80010058 (SCE_ERROR_ERRNO_ENOSYS).
int sceSblQafManagerDeleteQafTokenForUser(void);
sceSblQafMgrDeleteQafToken2
Version | NID |
---|---|
3.60 | 0x62E30BF4 |
int ret;
int ret2;
int ret3;
signed int result;
char flag;
char data[0x80];
char sig[0x100];
memset(data, (char)0xFF, 0x180);
SceKernelSuspendForDriver_4DF40893_0(0);
ret = sceSblNvsWriteDataForKernel(0x400, data, 0x80);
if ( ret ) {
SceKernelSuspendForDriver_4DF40893(0);
result = ret;
} else {
ret2 = sceSblNvsWriteDataForKernel(0x5A0, sig, 0x100);
if ( ret2 ) {
SceKernelSuspendForDriver_4DF40893(0);
result = ret2;
} else {
flag = 1;
ret3 = sceSblNvsWriteDataForKernel(0x480, &flag, 1);
SceKernelSuspendForDriver_4DF40893(0);
result = ret3;
}
}
return result;
int sceSblQafMgrDeleteQafToken2(void);
sceSblQafManagerGetQafNameForUser
Version | NID |
---|---|
0.940-3.60 | 0x0F7EA8C2 |
Wrapper to sceSblQafManagerGetQafNameForKernel.
int sceSblQafManagerGetQafNameForUser(char *buffer, unsigned int max_len);
sceSblQafManagerGetQafName2ForUser
Version | NID |
---|---|
3.60 | 0xF0CA8766 |
memset(buf, 0, 0x180);
sceSblNvsReadDataForKernel(0x480, buf, 1);
sceSblNvsReadDataForKernel(0x400, buf, 0x80);
memcpy(buffer, buf, 0x18);
sceSblNvsReadDataForKernel(0x5A0, buf, 0x100);
// if all functions returned success
sceSblQafManagerGetQafNameForKernel(buf2, len);
sceKernelMemcpyKernelToUserForDriver(buffer, buf2, len)) != 0 )
int sceSblQafManagerGetQafName2ForUser(char *buffer, unsigned int max_len);
sceSblQafMgrIsAllowMinimumDebugMenuDisplay
Version | NID |
---|---|
3.60 | 0xA156BBD2 |
return sysroot_buffer->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowMinimumDebugMenuDisplay(void);
sceSblQafMgrIsAllowLimitedDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0xC456212D |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowLimitedDebugMenuDisplay(void);
sceSblQafMgrIsAllowAllDebugMenuDisplay
Version | NID |
---|---|
1.69-3.60 | 0x66843305 |
return (sysroot_buffer->qa_flags[0xC] >> 1) & 1;
int sceSblQafMgrIsAllowAllDebugMenuDisplay(void);
sceSblQafManagerIsAllowKernelDebugForUser
Version | NID |
---|---|
0.940-3.60 | 0x11D30766 |
return sysroot_buffer->qa_flags[0xD] & 1;
int sceSblQafManagerIsAllowKernelDebugForUser(void);
sceSblQafMgrIsAllowForceUpdate
Version | NID |
---|---|
1.69-3.60 | 0x63F29BA0 |
return (sysroot_buffer->qa_flags[0xF] >> 1) & 1;
int sceSblQafMgrIsAllowForceUpdate(void);
sceSblQafMgrIsAllowNpTest
Version | NID |
---|---|
1.69-3.60 | 0xA9EBCBAC |
if (sysroot_buffer->qa_flags[0xF] << 31)
return 1;
else
return sceSysrootUtMgrHasNpTestFlagForKernel(a1, a2, a3);
int sceSblQafMgrIsAllowNpTest(int a1, int a2, int a3);
sceSblQafMgrIsAllowNpFullTest
Version | NID |
---|---|
3.60 | 0x72168C6E |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowNpFullTest(void);
sceSblQafMgrIsAllowNonQAPup
Version | NID |
---|---|
1.69-3.60 | 0xB5621615 |
return sysroot_buffer->qa_flags[0xF] & 1;
int sceSblQafMgrIsAllowNonQAPup(void);
sceSblQafMgrIsAllowScreenShotAlways
Version | NID |
---|---|
1.69-3.60 | 0xD22A8731 |
return (sysroot_buffer->qa_flags[6] >> 1) & 1;
int sceSblQafMgrIsAllowScreenShotAlways(void);
sceSblQafMgrIsAllowRemoteSysmoduleLoad
Version | NID |
---|---|
0.940-3.60 | 0xF45AA706 |
return (sysroot_buffer->qa_flags[0xD] >> 1) & 1;
int sceSblQafMgrIsAllowRemoteSysmoduleLoad(void);
SceSblRng
sceSblRngGenuineRandomNumber
Version | NID |
---|---|
0.940-0.990 | 0xD1189305 |
Temp name was sceSblSsMgrGetRandomData.
Calls sceSblRngGenuineRandomNumberForDriver.
sceSblRngPseudoRandomNumber
Version | NID |
---|---|
0.940-0.990 | 0xD8BC42B8 |
_sceKernelGetRandomNumber
Version | NID |
---|---|
1.69-3.60 | 0xC37E818C |
int _sceKernelGetRandomNumber(int *out, int a2, char a3[8]);
SceSblDmac5Mgr
sceSblDmac5HashTransform
Version | NID |
---|---|
1.69-3.60 | 0x09EBC6EF |
This function can execute the following dmac5 commands:
- 0x3B: CMAC-AES (length 0x10)
- 0x03: SHA1 (length 0x14)
- 0x23: HMAC-SHA1 (length 0x14)
- 0x13: SHA256 (length 0x20)
- 0x33: HMAC-SHA256 (length 0x20)
typedef struct hash_trans_opt_t //size 0x18
{
char* src;
char* dst;
uint32_t size;
uint32_t unk_C; // = 0
uint32_t unk_10; // = 0
char* iv;
} hash_trans_opt_t;
// flags:
// 0x000
// 0x400
// 0x800
// 0xC00
int sceSblDmac5HashTransform(hash_trans_opt_t* ctx, int command, int flags);
sceSblDmac5EncDecKeyGen
Version | NID |
---|---|
1.69-3.60 | 0x5BF4F924 |
This function is also named sceSblDmac5AesCbcDecKeyGen
or sceSblDmac5AesCbcEncKeyGen
in SceGameDataPlugin
typedef struct keygen_ctx //size is 0x18
{
char *src;
char *dst;
int size;
char* key;
uint32_t key_size; // (int bits)
char* out; //hash ?
} keygen_ctx;
// command - 0xA (dmac5 command AES-192-CBC decrypt)
// command - 0x9 (dmac5 command AES-192-CBC encrypt)
int sceSblDmac5EncDecKeyGen(keygen_ctx* ctx, int key_id, int command);
sceSblDmac5EncDec
Version | NID |
---|---|
0.990-3.60 | 0xD0B1F759 |
int sceSblDmac5EncDec(void *args, int command);
sceSblDmac5EncDecNP
Version | NID |
---|---|
0.940 | 0x30702CC7 |
sceSblDmac5HmacKeyGen
Version | NID |
---|---|
3.60 | 0xCCE57D33 |
This function is named sceSblDmac5HmacKeyGen
in SceSysLibTrace but is also called sceSblDmac5Sha256HmacKeyGen
in SceGameDataPlugin
.
// data is of size 0x18 (24 - 192 bits ?)
// unk1 - 0x20001
// command - 0x33 (dmac5 HMAC-SHA256 command)
// flags - 0x400, 0x800, 0xC00
int sceSblDmac5HmacKeyGen(char* data, int unk1, int command, int flags);
SceSblAimgr
_sceKernelGetOpenPsId
Version | NID |
---|---|
1.69-3.60 | 0x6E283E2E |
int _sceKernelGetOpenPsId(SceOpenPsId *pOpenPsId);