Second Loader

From Vita Development Wiki
Revision as of 21:58, 20 June 2018 by Xyz (talk | contribs)
Jump to navigation Jump to search

eeprom protection

On 0.995 and 3.60 the following lines are protected after starting arm: 0x0-0x7F, 0x140-0x17F, 0x200-0x203, 0x206-0x20D, 0x344-0x353, 0x400-0x47F, 0x502-0x57F, 0x700-0x77F

The protection it sets is 0x1C1F (so f00d read disabled).

Bypassing version checks

memeprom line 0x50B offset 0x4 bit 1 set = ignore version mismatch errors. This line itself is set from SNVS 0xD2 block 0. Alternatively set version to 0xDEADBEEF to skip.

Session key/coredump encryption

0x20 random bytes are generated and written to keyslot 0x51A. Then, the buffer is encrypted with aes128-cbc using coredump_key and coredump_iv. The result is copied to sysroot buffer +0x100 (0x1F000200)

Retrieved from "http://wiki.henkaku.xyz/vita/index.php?title=Second_Loader&oldid=9603"