Difference between revisions of "SceSblSsSmComm"

From Vita Development Wiki
Jump to navigation Jump to search
 
(47 intermediate revisions by 4 users not shown)
Line 1: Line 1:
SceSblSsSmComm is a kernel module that is primary responsible for sending F00D commands.
+
SceSblSsSmComm is a kernel module that is primarily responsible for calling [[SM]] functions.
  
 
== Module ==
 
== Module ==
  
=== Known NIDs ===
 
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
! Version !! Name !! World !! Privilege !! NID
+
! Version !! World !! Privilege
 
|-
 
|-
| 1.69 || SceSblSsSmComm || Non-secure || Kernel || 0xA6A2A041
+
| 0.931-3.60 || Non-secure || Kernel
|-
 
| 3.60 || SceSblSsSmComm || ? || Kernel || 0xBB4B5D92
 
 
|}
 
|}
  
Line 21: Line 18:
 
! Version !! Name !! World !! Visibility !! NID
 
! Version !! Name !! World !! Visibility !! NID
 
|-
 
|-
| 1.69 || [[SceSblSsSmComm#SceSblSmCommForKernel|SceSblSmCommForKernel]] || Non-secure || Kernel || 0xCD3C89B6
+
| 0.931-3.60 || [[SceSblSsSmComm#SceSblSmCommForKernel|SceSblSmCommForKernel]] || Non-secure || Kernel || 0xCD3C89B6
|-
 
| 3.60 || [[SceSblSsSmComm#SceSblSmCommForKernel|SceSblSmCommForKernel]] || ? || Kernel || 0xCD3C89B6
 
 
|-
 
|-
| 1.69 || [[SceSblSsSmComm#SceSblSsSmComm|SceSblSsSmComm]] || Non-secure || User || 0xD8DC7847
+
| 0.931-1.69 || [[SceSblSsSmComm#SceSblSsSmComm|SceSblSsSmComm]] || Non-secure || User || 0xD8DC7847
 
|}
 
|}
  
== SceSblSmCommForKernel ==
+
== Types ==
 
 
=== sceSblSmCommStopSm ===
 
{| class="wikitable"
 
|-
 
! Version !! NID
 
|-
 
| 1.69 || 0x0631F8ED
 
|-
 
| 3.60 || 0x0631F8ED
 
|-
 
|}
 
 
 
<source lang="c">
 
typedef struct sm_comm_pair
 
{
 
    uint32_t unk_0;
 
    uint32_t unk_4;
 
}sm_comm_pair;
 
 
 
int sceSblSmCommStopSm(int id, sm_comm_pair* res);
 
</source>
 
 
 
=== sceSblSmCommStartSm1 ===
 
{| class="wikitable"
 
|-
 
! Version !! NID
 
|-
 
| 1.69 || 0x992BB9DB
 
|-
 
| 3.60 || 0x039C73B1
 
|}
 
  
<source lang="c">
+
<source lang = "C">
char hardcoded_data[0x90] =  
+
/* example of spawner_self_auth_info
 +
char data[0x90] =
 
{
 
{
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28,
+
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // KBL program-authority-id
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00,
+
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00, // KBL capability
 
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
 
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00,
+
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00, // KBL attribute
 
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
 
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
 
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
 +
  0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, // KBL shared secret
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
Line 81: Line 47:
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
 
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
+
}; */
};
+
 
 +
// this struct is used in FW 0.931 secure_kernel.xxx
 +
typedef struct unk_0x30 { // size is 0x30 on FW 0.931
 +
  SceSize size; // Size of this structure
 +
  SceUInt32 maybe_self_type_or_success; // always 1 in 0.931 secure_kernel.xxx
 +
  SceUInt64 program_sceversion;
 +
  char digest[0x20]; // SHA256 of the ELF
 +
} unk_0x30;
 +
 
 +
typedef struct SceSharedSecret { // size is 0x40 on FWs 0.931-3.73
 +
  uint8_t shared_secret_0[0x10];
 +
  uint8_t klicensee[0x10];
 +
  uint8_t shared_secret_2[0x10];
 +
  uint32_t shared_secret_3_0; // ex: 0x10
 +
  uint32_t shared_secret_3_1;
 +
  uint32_t shared_secret_3_2;
 +
   uint32_t shared_secret_3_3;
 +
} SceSharedSecret;
  
typedef struct sm_comm_ctx_130
+
typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931-3.73
{
+
   SceUInt64 program_authority_id;
   uint32_t unk_0;
+
   uint8_t padding[8];
   uint32_t unk_4; // 2
+
   uint8_t capability[0x20];
   char data0[0x90]; //hardcoded data
+
   uint8_t attribute[0x20];
   char data1[0x90];
+
   SceSharedSecret secret;
   uint32_t unk_128; // 2
+
} SceSelfAuthInfo;
  uint32_t unk_12C;  
 
}sm_comm_ctx_130;
 
  
int sceSblSmCommStartSm1(int priority, char* elf_data, int elf_size, int num1, sm_comm_ctx_130* ctx_130, int* id);
+
typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931-3.73 (as its name indicates)
 +
  SceUInt32 unk_0;
 +
  SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
 +
  SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
 +
  SceSelfAuthInfo spawned_self_auth_info; // set by SK in response SceSblSmCommContext130
 +
  SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
 +
  SceUInt32 unk_12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == true set unk_12C to 1, else set to 0xA
 +
} SceSblSmCommContext130;
 
</source>
 
</source>
  
=== sceSblSmCommStartSm2 ===
+
== SceSblSmCommForKernel ==
 +
 
 +
=== sceSblSmCommStopSmForKernel ===
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
 
! Version !! NID
 
! Version !! NID
 
|-
 
|-
| 3.60 || 0x7863A0CC
+
| 0.931-3.60 || 0x0631F8ED
 
|}
 
|}
  
<source lang="c">int sceSblSmCommStartSm2(int priority, char* elf_path, int num1, sm_comm_ctx_130* ctx_130, int* id);</source>
+
This function calls [[SceSblSsSmComm#sceSblSmCommCallFuncForKernel|sceSblSmCommCallFuncForKernel]] with <code>-1 (0xFFFFFFFF)</code> as <code>func_id</code> and then calls [[SceSblSmschedProxy#sceSblSmSchedProxyWaitForKernel|sceSblSmSchedProxyWaitForKernel]].
  
Priority is binary: 1 = low, 0 = high. Running a high priority SM module while a low priority one is currently running will [[F00D Processor|suspend]] it.
+
<source lang="c">int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);</source>
  
=== sceSblSmCommCallFunc ===
+
=== sceSblSmCommStartSmFromDataForKernel ===
 +
{| class="wikitable"
 +
|-
 +
! Version !! NID
 +
|-
 +
| 3.60 || 0x039C73B1
 +
|}
 +
 
 +
<source lang="c">int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const void *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);</source>
 +
 
 +
=== sceSblSmCommStartSmForKernel ===
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
 
! Version !! NID
 
! Version !! NID
 
|-
 
|-
| 1.69 || 0xDB9FC204
+
| 0.931-3.60 || 0x7863A0CC
 +
|}
 +
 
 +
Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will [[F00D Processor|suspend]] the low one.
 +
 
 +
The following conditions must be met in order for this function to be called successfully:
 +
- In kernel thread.
 +
- In kernel context.
 +
 
 +
Calling a function without satisfying the conditions freezes the system.
 +
 
 +
<source lang="c">int sceSblSmCommStartSmForKernel(SceBool priority, const char *sm_self_path, SceSblSmCommContext130* ctx_130, SceSmSchedRequestId *req_id);</source>
 +
 
 +
=== sceSblSmCommStartSm_ForKernel ===
 +
{| class="wikitable"
 +
|-
 +
! Version !! NID
 
|-
 
|-
| 3.60 || 0xDB9FC204
+
| 0.931-1.69 || 0x992BB9DB
 
|}
 
|}
  
sm_comm_context is described more [[F00D_Commands#0x1000B|here]]
+
<source lang="c">int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);</source>
  
f00d_resp comes from [[F00D_Commands#Request_Buffer|Request Buffer]] from offset 0x08
+
=== sceSblSmCommCallFuncForKernel ===
 +
{| class="wikitable"
 +
! Version !! NID
 +
|-
 +
| 0.931-3.60 || 0xDB9FC204
 +
|}
  
gc_param is generated by game card and has value 0x01
+
<source lang="c">int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);</source>
 +
 
 +
=== sceSblSmCommCallFunc_ForKernel ===
 +
{| class="wikitable"
 +
|-
 +
! Version !! NID
 +
|-
 +
| 0.931 || 0x4960DF9E
 +
|}
  
 
<source lang="c">
 
<source lang="c">
typedef struct sm_comm_context //size is 0x814
+
typedef struct sceSblSmCommCallFunc_Param {
{
+
    void *pData;
  int unk_0; // 1
+
    SceSize dataSize;
  int gc_command;  
+
} sceSblSmCommCallFunc_Param;
  char gc_buffer[0x800];
+
 
  int gc_param;
+
int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);
  int length;
 
  int unk_810; // 0
 
}sm_comm_context;
 
int sceSblSmCommCallFunc(int id, int command_id, int* f00d_resp, sm_comm_context* buffer, int size);
 
 
</source>
 
</source>
 +
 +
=== sceSblSmCommStopCommForKernel ===
 +
{| class="wikitable"
 +
|-
 +
! Version !! NID
 +
|-
 +
| 0.931 || 0xC35FB95A
 +
|}
 +
 +
<source lang="C">int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);</source>
  
 
== SceSblSsSmComm ==
 
== SceSblSsSmComm ==
 +
 +
This library is present on 1.69 but is not present on 3.60.
  
 
=== sceSblSmCommStopSm ===
 
=== sceSblSmCommStopSm ===
Line 145: Line 182:
 
! Version !! NID
 
! Version !! NID
 
|-
 
|-
| 1.69 || 0x631F8ED
+
| 0.931-1.69 || 0x0631F8ED
 +
|}
 +
 
 +
=== sceSblSmCommStartSm ===
 +
{| class="wikitable"
 +
|-
 +
! Version !! NID
 +
|-
 +
| 0.931 || 0x7863A0CC
 
|}
 
|}
 +
 
=== sceSblSmCommStartSm_ ===
 
=== sceSblSmCommStartSm_ ===
 
{| class="wikitable"
 
{| class="wikitable"
Line 152: Line 198:
 
! Version !! NID
 
! Version !! NID
 
|-
 
|-
| 1.69 || 0x992BB9DB
+
| 0.931-1.69 || 0x992BB9DB
 
|}
 
|}
 +
 
=== sceSblSmCommCallFunc ===
 
=== sceSblSmCommCallFunc ===
 +
{| class="wikitable"
 +
! Version !! NID
 +
|-
 +
| 0.931 || 0xDB9FC204
 +
|}
 +
 +
=== sceSblSmCommCallFunc_ ===
 
{| class="wikitable"
 
{| class="wikitable"
 
|-
 
|-
 
! Version !! NID
 
! Version !! NID
 
|-
 
|-
| 1.69 || 0xDB9FC204
+
| 0.931-1.69 || 0x4960DF9E
 
|}
 
|}
 +
 +
=== sceSblSmCommStopComm ===
 +
{| class="wikitable"
 +
|-
 +
! Version !! NID
 +
|-
 +
| 0.931 || 0xC35FB95A
 +
|}
 +
 +
 
[[Category:Modules]]
 
[[Category:Modules]]
 
[[Category:Kernel]]
 
[[Category:Kernel]]

Latest revision as of 07:19, 25 May 2021

SceSblSsSmComm is a kernel module that is primarily responsible for calling SM functions.

Module

Version World Privilege
0.931-3.60 Non-secure Kernel

Libraries

Known NIDs

Version Name World Visibility NID
0.931-3.60 SceSblSmCommForKernel Non-secure Kernel 0xCD3C89B6
0.931-1.69 SceSblSsSmComm Non-secure User 0xD8DC7847

Types

/* example of spawner_self_auth_info
char data[0x90] =
{
   0x01,0x00,0x00,0x00, 0x00,0x00,0x08,0x28, // KBL program-authority-id
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x00,0x00,0x00, 0xC0,0x00,0xF0,0x00, // KBL capability
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x80,0x09,0x80,0x03, 0x00,0x00,0xC3,0x00, // KBL attribute
   0x00,0x00,0x80,0x09, 0x80,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, // KBL shared secret
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
   0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,
}; */

// this struct is used in FW 0.931 secure_kernel.xxx
typedef struct unk_0x30 { // size is 0x30 on FW 0.931
   SceSize size; // Size of this structure
   SceUInt32 maybe_self_type_or_success; // always 1 in 0.931 secure_kernel.xxx
   SceUInt64 program_sceversion;
   char digest[0x20]; // SHA256 of the ELF
} unk_0x30;

typedef struct SceSharedSecret { // size is 0x40 on FWs 0.931-3.73
   uint8_t shared_secret_0[0x10];
   uint8_t klicensee[0x10];
   uint8_t shared_secret_2[0x10];
   uint32_t shared_secret_3_0; // ex: 0x10
   uint32_t shared_secret_3_1;
   uint32_t shared_secret_3_2;
   uint32_t shared_secret_3_3;
} SceSharedSecret;

typedef struct SceSelfAuthInfo { // size is 0x90 on FWs 0.931-3.73
   SceUInt64 program_authority_id;
   uint8_t padding[8];
   uint8_t capability[0x20];
   uint8_t attribute[0x20];
   SceSharedSecret secret;
} SceSelfAuthInfo;

typedef struct SceSblSmCommContext130 { // size is 0x130 on FWs 0.931-3.73 (as its name indicates)
   SceUInt32 unk_0;
   SceUInt32 self_type; // kernel = 0, user = 1, SM = 2, 0x10, 0x100, ?0x10001 main user process?
   SceSelfAuthInfo spawner_self_auth_info; // can be obtained with sceKernelGetSelfAuthInfoForKernel
   SceSelfAuthInfo spawned_self_auth_info; // set by SK in response SceSblSmCommContext130
   SceUInt32 media_type; // can be obtained with sceSblACMgrGetMediaTypeForKernel or sceIoGetMediaTypeForDriver
   SceUInt32 unk_12C; // if (kbl_param->boot_type_indicator_1????? & 0x40) == true set unk_12C to 1, else set to 0xA
} SceSblSmCommContext130;

SceSblSmCommForKernel

sceSblSmCommStopSmForKernel

Version NID
0.931-3.60 0x0631F8ED

This function calls sceSblSmCommCallFuncForKernel with -1 (0xFFFFFFFF) as func_id and then calls sceSblSmSchedProxyWaitForKernel.

int sceSblSmCommStopSmForKernel(SceSmSchedRequestId req_id, status_handler *pStatusHandler);

sceSblSmCommStartSmFromDataForKernel

Version NID
3.60 0x039C73B1
int sceSblSmCommStartSmFromDataForKernel(SceBool priority, const void *sm_self, SceSize sm_self_size, int cmd_id, SceSblSmCommContext130 *ctx_130, SceSmSchedRequestId *req_id);

sceSblSmCommStartSmForKernel

Version NID
0.931-3.60 0x7863A0CC

Priority is binary: 1 = low, 0 = high. Running a high priority SM while a low priority one is currently running will suspend the low one.

The following conditions must be met in order for this function to be called successfully: - In kernel thread. - In kernel context.

Calling a function without satisfying the conditions freezes the system.

int sceSblSmCommStartSmForKernel(SceBool priority, const char *sm_self_path, SceSblSmCommContext130* ctx_130, SceSmSchedRequestId *req_id);

sceSblSmCommStartSm_ForKernel

Version NID
0.931-1.69 0x992BB9DB
int sceSblSmCommStartSm_ForKernel(SceBool priority, const char *path, SceBool some_bool, int unk_a4, int unk_a5, int unk_a6, SceSblSmCommContext130 *pCtx, SceSmSchedRequestId *pReqId);

sceSblSmCommCallFuncForKernel

Version NID
0.931-3.60 0xDB9FC204
int sceSblSmCommCallFuncForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, void *pData, SceSize dataSize);

sceSblSmCommCallFunc_ForKernel

Version NID
0.931 0x4960DF9E
typedef struct sceSblSmCommCallFunc_Param {
    void *pData;
    SceSize dataSize;
} sceSblSmCommCallFunc_Param;

int sceSblSmCommCallFunc_ForKernel(SceSmSchedRequestId req_id, SceUInt32 func_id, SceUInt32 *pResponse, sceSblSmCommCallFunc_Param *pParam);

sceSblSmCommStopCommForKernel

Version NID
0.931 0xC35FB95A
int sceSblSmCommStopCommForKernel(SceSmSchedRequestId req_id);

SceSblSsSmComm

This library is present on 1.69 but is not present on 3.60.

sceSblSmCommStopSm

Version NID
0.931-1.69 0x0631F8ED

sceSblSmCommStartSm

Version NID
0.931 0x7863A0CC

sceSblSmCommStartSm_

Version NID
0.931-1.69 0x992BB9DB

sceSblSmCommCallFunc

Version NID
0.931 0xDB9FC204

sceSblSmCommCallFunc_

Version NID
0.931-1.69 0x4960DF9E

sceSblSmCommStopComm

Version NID
0.931 0xC35FB95A