Difference between revisions of "SceSblSsSmComm"

Revision as of 13:32, 10 March 2023

SceSblSsSmComm is a kernel module that is primarily responsible for calling SM functions.

Module

Version	World	Privilege
0.931.010-3.740.011	Non-secure	Kernel

Libraries

Known NIDs

Version	Name	World	Visibility	NID
0.931.010-3.740.011	SceSblSmCommForKernel	Non-secure	Kernel	0xCD3C89B6
0.931.010-1.692.000	SceSblSsSmComm	Non-secure	User	0xD8DC7847
1.800.071-3.740.011	SceSblSsSmComm	Non-secure	User	not present

Types

/* example of spawner_self_auth_info
char data[0x90] =
{
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // KBL program-authority-id
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00, // KBL capability
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00, // KBL attribute
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, // KBL shared secret
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
}; */

typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931.010-3.740.011
   SceUInt64 program_authority_id;
   uint8_t padding[8];
   uint8_t capability[0x20];
   uint8_t attribute[0x20];
   SceSharedSecret shared_secret; // current hypothesis of SceSharedSecret is full (0x40 bytes) shared_secret overwritten with klicensee at offset 0x10
} SceSelfAuthInfo;

typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931.010-3.740.011 (as its name indicates)
   SceUInt32 unk_0;
   SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
   SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
   SceSelfAuthInfo spawned_self_auth_info; // set by secure_kernel in response SceSblSmCommContext130
   SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
   SceUInt32 unk_0x12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == 1, then set unk_0x12C to 1, else set to 10, ?mistook with media_type?
} SceSblSmCommContext130;

SceSblSmCommForKernel

sceSblSmCommCallFunc_ForKernel

Version	NID
0.931.010	0x4960DF9E
1.692.000-3.740.011	not present

This function is just a 4-argument wrapper for #sceSblSmCommCallFuncForKernel.

typedef struct sceSblSmCommCallFunc_Param {
    void *pData;
    SceSize dataSize;
} sceSblSmCommCallFunc_Param;

int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);

sceSblSmCommStopCommForKernel

Version	NID
0.931.010	0xC35FB95A
1.692.000-3.740.011	not present

int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);

sceSblSmCommStartSmForKernel

Version	NID
0.931.010	0x7863A0CC
1.692.000-1.810.021	not present
3.600.011-3.740.011	0x7863A0CC

Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will suspend the low one.

The following conditions must be met in order for this function to be called successfully: - In kernel thread. - In kernel context.

Calling a function without satisfying the conditions freezes the system.

int sceSblSmCommStartSmForKernel(SceBool priority, const char *sm_self_path, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);

sceSblSmCommStartSm_ForKernel

Version	NID
0.931.010-1.800.071	0x992BB9DB
3.600.011-3.740.011	not present

int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);

sceSblSmCommStartSmFromDataForKernel

Version	NID
0.931.010-1.800.071	not present
3.600.011-3.740.011	0x039C73B1

int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const void *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);

sceSblSmCommCallFuncForKernel

Version	NID
0.931.010-3.740.011	0xDB9FC204

int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);

sceSblSmCommStopSmForKernel

Version	NID
0.931.010-3.740.011	0x0631F8ED

This function calls sceSblSmCommCallFuncForKernel with -1 (0xFFFFFFFF) as func_id and then calls sceSblSmSchedProxyWaitForKernel.

int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);

SceSblSsSmComm

This library is present up to and including System Software version 1.692.000, then removed since System Software version 1.800.071 for security reasons.

sceSblSmCommStartSm

Version	NID
0.931.010	0x7863A0CC
1.692.000-3.740.011	not present

Alias for #sceSblSmCommStartSmForKernel.

sceSblSmCommCallFunc_

Version	NID
0.931.010	0x4960DF9E
1.692.000-3.740.011	0x4960DF9E

Alias for #sceSblSmCommCallFunc_ForKernel.

sceSblSmCommStopComm

Version	NID
0.931.010	0xC35FB95A
1.692.000-3.740.011	not present

Alias for #sceSblSmCommStopCommForKernel.

sceSblSmCommStartSm_

Version	NID
0.931.010-1.692.000	0x992BB9DB
1.800.071-3.740.011	not present

Alias for #sceSblSmCommStartSm_ForKernel.

sceSblSmCommCallFunc

Version	NID
0.931.010-1.692.000	0xDB9FC204
1.800.071-3.740.011	not present

Alias for #sceSblSmCommCallFuncForKernel.

sceSblSmCommStopSm

Version	NID
0.931.010-1.692.000	0x0631F8ED
1.800.071-3.740.011	not present

Alias for #sceSblSmCommStopSmForKernel.