Editing Flash:cvtrm


=Description=
Used by [[Hypervisor_Reverse_Engineering#VTRM|VTRM Services]], [[SC_Manager#0x9000_-_SC_Manager|0x9000 - SC Manager]], [[PARAM.PFD]] for Savegames, Trophy, DRL/CRL.

Corruption of this region leads to [[Boot_modi#RSOD|RSOD]] repairable with [[RSOD Fix]]

Size: 0x40000. Location NOR: 0xEC0000 - 0xEFFFFF

VTRM related pages:
* [[Talk:Flash#VTRM]]
* [[Hypervisor Reverse Engineering#VTRM]]
* [[SC Manager#0x9000 - SC Manager]]
* [[Talk:System Controller Firmware]]
* [[Iso module#Communicating w.2F sc iso.self]]
* [[PARAM.PFD]]
* [[Ps3vuart-tools#ps3dm]]
* [[Fixing DRL and CRL Hashes]]
* [[RSOD Fix]]

=Structure=

==NOR VTRM Structure==
{| class="wikitable"
|-
! Offset !! Size !! Example !! Description !! Notes
|-
| 0x00 || 0x08 (8 bytes) || 000000005654524D || '''magic''' || '''VTRM''' (in ASCII)
|-
| 0x08 || 0x08 (8 bytes) || 0000000000000004 || '''version''' || 
|-
| 0x10 || 0x14 (20 bytes) || 0D20534FEEE806E3E7AC57E1E9646CBFEDBE69E1 || '''sha 1 hash''' ||
|-
|}

{| class="wikitable"
|-
! Offset !! Size !! Example !! Description !! Notes
|-
| 0x24 || 0x4 (4 bytes) || 000000E0 (NOR)|| Unknown || 
|-
| 0x28 || 0x8 (8 bytes)|| 0000000000000209 (NOR) || ''X and Y tables reserved entries'' || '''521''' entries (NOR)
|-
| 0x30 || 0x8 (8 bytes)|| 0000000000000412 (NOR) || ''Protected files table reserved entries'' || '''1042''' entries (NOR)
|-
| 0x38 || 0x8 (8 bytes)|| 0000000000000002 (NOR) || ''Protected files table used entries'' || '''2''' entries (NOR)
|-
|}

==NAND VTRM Structure==

Overview: A good way to understand the structure is to think in how the vtrm is created, there are 3 main processes where are written the 'magic_vtrm' sections (colored in black in the examples), in general lines can be said the 'magic_vtrm' sections are created "from bottom to top". This explain doesnt includes the processes needed to create the first 'magic_vtrm' section

At some point that should be considered the "initial state" is performed an "erase" command from 0xEC000 up to 0xF0000 (0x200 blocks are filled with 0xFF's). After that the first 2 blocks are reserved (from 0xEC000 up to 0xEC400). The creation process starts at the third block (at offset 0xEC0400), this section where is used for first time the 'magic_vtrm' can be considered the most "inner" vtrm, or the most older in the creation process

After that 'inner' vtrm is created (how is created is out of the explain) then the creation process returns to the first block (the area that was reserved before from 0xEC000 up to 0xEC400), most of the steps made to create this area consists in copying and indexing other areas of the 'inner' vtrm

So now the creation process is going to build the first 2 blocks... but the first 0x10 bytes of the first block (from 0xEC0000 up to 0xEC0010) are ignored at this point, the reason why are not created yet is because is not posible to know the amount of bytes that are going to be copyed below it in the next steps (now is going to start a process of copypasting at offset 0xEC0010)

This is when starts a process that im going to label the 'copypaste' that starts at offset 0xEC0010 and does three things, first it creates a value of 0x8 bytes (colored in green in the examples) with an offset that points to the 'inner' vtrm, then another value of 0x8 bytes (colored in green in the examples) that indicates how many bytes are going to be copypasted, then the bytes are copypasted below

This copypaste is made 3 times. The first one copypastes the VTRM header (the bytes from 0xEC0400 up to 0xEC0428 are copypasted to 0xEC0020 up to 0xEC0048). The second copypastes one of the encrypted data areas (the bytes from 0xEC2980 up to 0xEC29E0 are copypasted to 0xEC0058 up to EC00B8), for some reason i dont get now it "jumps" 0x40 bytes, and then it does another copypaste that works a bit different

In the third copypaste, the value that indicates the offset points to the 'exception' hash inside the '''hash_table''' (bytes from 0xEFE68C up to 0xEFE6A0 are copypasted to 0xEC0108 up to 0xEC011C), but instead of copying the 'exception' hash it copypastes the default hash value

At this point the creation process is near completed, the only thing left is to fill the 0x10 bytes at the beginning in the first vtrm block (at 0xEC0000), this small area is going to work as the entry point when reading the whole vtrm, and this is when is written the 'magic_scei' that is unique (is the only value from this blocks in common between NAND and NOR), the other thing that indicates this area (with the value 0xA8) is the lenght of the areas that has been copypasted below (but only the sum of the first two copypastes, for some reason the third copypaste is not included in this sum, also the position where the third copypaste happens is a bit weird i dont get why that position, is because the 0x40 gap but that gap makes no sense, the point is the gap is there and is related with the reason why the third copypaste to not be included in this sum)

----
The offsets used to make the copypastes in the first 2 blocks are absolute, this means is needed to start counting from outside of the vtrm, actually from the start of flash. When looking at a flash dump from inside a hexeditor, or here in wiki examples what we see is the whole flash data, but this view is not the logical map. The flash region starts at the [[Flash:Flashregion_Table | Flashregion Table]], at the absolute offset 0x40200

*For this reason is needed to add + 0x40200 to the offsets that appears inside vtrm to know where are pointing
**0xE80200 + 0x40200 = 0xEC0400 (inner VTRM start offset)
**0xE82780 + 0x40200 = 0xEC2980 (prototype encrypted data ofset)
**0xEBE48C + 0x40200 = 0xEFE68C (exception in the hast_table)

==Notes, speculation, brainstorming==
*[[Authentication IDs]]
**10 70 00 00 02 00 00 01 <--- PS3_LPAR
**10 70 00 00 39 00 00 01 <--- /dev_flash/bdplayer/'''bdp_bdmv.self'''
**10 70 00 00 03 00 00 02 <--- /dev_flash/vsh/module/'''mgvideo.self'''
**10 70 00 05 FF 00 00 01 <--- /dev_flash/vsh/'''vsh.self'''
**04 00 00 00 02 00 00 05 <--- ???

=VTRM hashes and how to generate them=
repeated hash -> hmac sha1 using srk of an empty string ("")<br>
hidden hash -> hmac sha1 using srk of 0x58 bytes of empty encrypted data using keyseed_for_srk<br>
header hash -> hmac sha1 using srk of hmac sha1 using srk of header table without header (0x28 bytes) and signature table.<br>

==Extra hashes==
srh -> hash of signature table (big table with repeated hashes and hidden hash)

=Examples=

==NAND Example==
NAND: cvtrm (0xEC0000 - 0xEFFFFF)

 Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 
 
 00EC0000  <span style="background:#000000; color:#ffffff;">53 43 45 49</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 A8</span>  SCEIVTRM.......¨      <---- '''magic_scei''', '''magic_vtrm''', '''copypasted_total_used_len'''
 00EC0010  <span style="background:#33ff33;">00 00 00 00 00 E8 02 00</span> <span style="background:#33ff33;">00 00 00 00 00 00 00 28</span>  .....è.........(      <---- '''copypaste_offset''', '''copypaste_len'''
 00EC0020  <span style="background:#000000; color:#ffffff;">00 00 00 00</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 04</span>  ....VTRM........      <---- ''copyed'', ''copyed'', ''copyed''
 00EC0030  <span style="background:#cc00cc;">FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47</span>  þm.ÄúÕÎÛ“†ü¡2;qG      <---- ''copyed''
 00EC0040  <span style="background:#cc00cc;">3B A5 C6 F9</span> <span style="background:#cc00cc;">C0 00</span> <span style="background:#cc00cc;">B6 70</span> <span style="background:#33ff33;">00 00 00 00 00 E8 27 80</span>  ;¥ÆùÀ.¶p.....è'€      <---- ''copyed'', ''copyed'', ''copyed'', '''copypaste_offset'''
 00EC0050  <span style="background:#33ff33;">00 00 00 00 00 00 00 60</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 09 20</span>  .......`.......       <---- '''copypaste_len''', ''copyed''
 00EC0060  <span style="background:#ff5555;">04 00 00 00 02 00 00 05</span> <span style="background:#ff6666;">10 70 00 05 FF 00 00 01</span>  .........p..ÿ...      <---- ''copyed'', ''copyed''
 00EC0070  <span style="background:#ff7777; color:#99ffff;">0C 1C 05 9C AA B5 97 A5 9C D6 46 2D EA 22 46 BE</span>  ...œªµ—¥œÖF-ê"F¾      <---- ''copyed''
 00EC0080  <span style="background:#ff7777; color:#99ffff;">D1 84 A9 1E 34 5F E7 90 55 49 11 82 51 9D 4A 3F</span>  Ñ„©.4_ç.UI.‚Q.J?      <---- ''copyed''
 00EC0090  <span style="background:#ff7777; color:#99ffff;">EF 43 19 E8 4F 6A 5B FF DA 31 E9 F0 76 C8 B2 6B</span>  ïC.èOj[ÿÚ1éðvÈ²k      <---- ''copyed''
 00EC00A0  <span style="background:#ff7777; color:#99ffff;">0B A7 47 8E BE 42 28 9F 2B 88 73 0B A5 B6 F2 1D</span>  .§GŽ¾B(Ÿ+ˆs.¥¶ò.      <---- ''copyed''
 00EC00B0  <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 00</span> <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF</span>  ........ÿÿÿÿÿÿÿÿ      <---- ''copyed'', '''0x40_bytes_gap'''
  [...]    <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ      <---- '''0x40_bytes_gap'''
 00EC00F0  <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF</span> <span style="background:#33ff33;">00 00 00 00 00 EB E4 8C</span>  ÿÿÿÿÿÿÿÿ.....ëäŒ      <---- '''0x40_bytes_gap''', '''copypaste_offset'''
 00EC0100  <span style="background:#33ff33;">00 00 00 00 00 00 00 14</span> <span style="background:#99ffff;">39 17 52 0B 31 70 F5 05</span>  ........9.R.1põ.      <---- '''copypaste_len''', ''copyed''
 00EC0110  <span style="background:#99ffff;">02 5A C6 F8 81 F8 54 96 2F EF F3 81</span> <span style="background:#777777;">FF FF FF FF</span>  .ZÆø.øT–/ïó.ÿÿÿÿ      <---- ''copyed'', '''erased_bytes'''
  [...]    <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ      <---- '''erased_bytes''' <--- to fill up to 512 bytes or 0x400 (2 blocks)
 00EC0400  <span style="background:#000000; color:#ffffff;">00 00 00 00</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 04</span>  ....VTRM........      <---- '''magic_void''' + '''magic_vtrm''' + '''next_unknown_stuff_len''' ? <---- inner vtrm
 00EC0410  <span style="background:#cc00cc;">FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47</span>  þm.ÄúÕÎÛ“†ü¡2;qG      <---- '''SRH''' ? (secure root hash)
 00EC0420  <span style="background:#cc00cc;">3B A5 C6 F9</span> <span style="background:#cc00cc;">C0 00</span> <span style="background:#cc00cc;">B6 70</span> <span style="background:#7777ff;">00 00 00 00 00 00 04 90</span>  ;¥ÆùÀ.¶p........      <---- '''SRH''' ?, ''unknown'' (2 bytes), ''unknown'' (2 bytes), '''index_num''' = 0x490 (1168 in decimal)
 00EC0430  <span style="background:#7777ff;">00 00 00 00 00 00 09 20</span> <span style="background:#7777ff;">00 00 00 00 00 00 00 03</span>  ....... ........      <---- '''data_slots_total''', '''data_slots_used'''
 00EC0440  <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......       <---- '''index_table''' starts here (table_size = ???, entry_size = 0x8, entry_number = 0x490)
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......      
 00EC1930  <span style="background:#ffff66;">00 00 00 00 00 00 00 01</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ...............       <---- exception
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......      
 00EC21F0  <span style="background:#ffff66;">00 00 00 00 00 00 00 02</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ...............       <---- exception
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......      
 00EC24F0  <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 00</span>  ....... ........      <---- exception
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......      
 00EC28C0  <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 09 20</span> <span style="background:#ff5555;">10 70 00 00 02 00 00 01</span>  ....... .p......      <---- ''unknown'', '''lpar_auth_id''' <---- '''data_table''' starts here (table_size = ???, entry_size = 0x60, entry_number = 0x920)
 00EC28D0  <span style="background:#ff6666;">10 70 00 00 39 00 00 01</span> <span style="background:#ff7777; color:#99ffff;">22 66 39 B3 0E 7A 1C E7</span>  .p..9..."f9³.z.ç      <---- '''prog_auth_id''', '''encrypted_data'''
 00EC28E0  <span style="background:#ff7777; color:#99ffff;">68 85 F9 94 A8 30 BE C4 0B 85 D0 92 1E C0 8F 28</span>  h…ù”¨0¾Ä.…Ð’.À.(      <---- '''encrypted_data'''
 00EC28F0  <span style="background:#ff7777; color:#99ffff;">7F 70 ED 15 D6 22 06 24 D9 08 64 0B C0 D7 97 29</span>  .pí.Ö".$Ù.d.À×—)      <---- '''encrypted_data'''
 00EC2900  <span style="background:#ff7777; color:#99ffff;">BE A1 FE 91 D1 F2 D4 88 25 EF 24 86 E0 A3 CB 98</span>  ¾¡þ‘ÑòÔˆ%ï$†à£Ë˜      <---- '''encrypted_data'''
 00EC2910  <span style="background:#ff7777; color:#99ffff;">AF 17 6F B1 64 A0 56 E5</span> <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 01</span>  ¯.o±d Vå........      <---- '''encrypted_data''', ''unkown''
 00EC2920  <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 09 20</span> <span style="background:#ff5555;">10 70 00 00 02 00 00 01</span>  ....... .p......      <---- ''unkown'', '''lpar_auth_id'''
 00EC2930  <span style="background:#ff6666;">10 70 00 00 03 00 00 02</span> <span style="background:#ff7777; color:#99ffff;">F9 D9 6A 84 0C F2 D8 E7</span>  .p......ùÙj„.òØç      <---- '''prog_auth_id''', '''encrypted_data'''
 00EC2940  <span style="background:#ff7777; color:#99ffff;">D4 44 5C 3C DF D5 DF 0F B8 DC 3E 81 9A A4 71 8F</span>  ÔD\<ßÕß.¸Ü>.š¤q.      <---- '''encrypted_data'''
 00EC2950  <span style="background:#ff7777; color:#99ffff;">0A A8 8B 90 1B 2C A1 D1 66 84 AA EE 65 D1 46 9A</span>  .¨‹..,¡Ñf„ªîeÑFš      <---- '''encrypted_data'''
 00EC2960  <span style="background:#ff7777; color:#99ffff;">D7 38 83 F2 78 47 D1 8E E5 FA EB 39 CF 26 E8 25</span>  ×8ƒòxGÑŽåúë9Ï&è%      <---- '''encrypted_data'''
 00EC2970  <span style="background:#ff7777; color:#99ffff;">85 DE 3B C6 0B C3 45 D5</span> <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 00</span>  …Þ;Æ.ÃEÕ........      <---- '''encrypted_data''', ''unkown''
 00EC2980  <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 09 20</span> <span style="background:#ff5555;">04 00 00 00 02 00 00 05</span>  ....... ........      <---- ''unkown'', '''lpar_auth_id'''
 00EC2990  <span style="background:#ff6666;">10 70 00 05 FF 00 00 01</span> <span style="background:#ff7777; color:#99ffff;">0C 1C 05 9C AA B5 97 A5</span>  .p..ÿ......œªµ—¥      <---- '''prog_auth_id''', '''encrypted_data'''
 00EC29A0  <span style="background:#ff7777; color:#99ffff;">9C D6 46 2D EA 22 46 BE D1 84 A9 1E 34 5F E7 90</span>  œÖF-ê"F¾Ñ„©.4_ç.      <---- '''encrypted_data'''
 00EC29B0  <span style="background:#ff7777; color:#99ffff;">55 49 11 82 51 9D 4A 3F EF 43 19 E8 4F 6A 5B FF</span>  UI.‚Q.J?ïC.èOj[ÿ      <---- '''encrypted_data'''
 00EC29C0  <span style="background:#ff7777; color:#99ffff;">DA 31 E9 F0 76 C8 B2 6B 0B A7 47 8E BE 42 28 9F</span>  Ú1éðvÈ²k.§GŽ¾B(Ÿ      <---- '''encrypted_data'''
 00EC29D0  <span style="background:#ff7777; color:#99ffff;">2B 88 73 0B A5 B6 F2 1D</span> <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 00</span>  +ˆs.¥¶ò.........      <---- '''encrypted_data''', ''unkown''
  [...]    <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ      <---- free data slots starts here
 00EF94C0  <span style="background:#99ffff;">39 17 52 0B 31 70 F5 05 02 5A C6 F8 81 F8 54 96</span>  9.R.1põ..ZÆø.øT–      <---- '''signature_table start''' (table_size = ??? , entry_size = 0x14, entry_number = 490)
 00EF94D0  <span style="background:#99ffff;">2F EF F3 81</span>                                      /ïó.                  [...] '''signature_empty''' (repeated)
  [...]       the same hash repeated, with a exception                            [...] '''signature_dummy''' (exception) at 0xEFE68C-0xEFE6A0, position ??? (decimal), relative offset = 0x???
 00EFEFE0                                      <span style="background:#99ffff;">39 17 52 0B</span>              9.R.      [...] '''signature_empty''' (repeated)
 00EFEFF0  <span style="background:#99ffff;">31 70 F5 05 02 5A C6 F8 81 F8 54 96 2F EF F3 81</span>  1põ..ZÆø.øT–/ïó.      [...]
  [...]    <span style="background:#777777;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span>  ................      <---- 0x00's filled up to end of file (0x7800 blocks)
 00EFFFF0  <span style="background:#777777;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span>  ................

==NOR Example==
NOR: cvtrm (0xEC0000 - 0xEFFFFF)

 Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
 00EC0000  <span style="background:#000000; color:#ffffff;">53 43 45 49</span> <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF</span>  SCEIÿÿÿÿÿÿÿÿÿÿÿÿ     <---- '''magic_scei''', '''erased_bytes'''
  [...]    <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     <---- '''erased_bytes'''
 00EC3FF0  <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     <---- '''erased_bytes''' <----- to fill up to 16384 bytes or 0x4000 (0x20 blocks)
 00EC4000  <span style="background:#000000; color:#ffffff;">00 00 00 00</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 04</span>  ....VTRM........     <---- ''copyed''
 00EC4010  <span style="background:#cc00cc;">0D 20 53 4F EE E8 06 E3 E7 AC 57 E1 E9 64 6C BF</span>  . SOîè.ãç¬Wáédl¿     <---- '''new_hash''' (0x14 bytes), is the hash of an area that contains the re-encrypted data
 00EC4020  <span style="background:#cc00cc;">ED BE 69 E1</span> <span style="background:#cc00cc;">00 00</span> <span style="background:#cc00cc;">00 E0</span> <span style="background:#7777ff;">00 00 00 00 00 00 02 09</span>  í¾iá...à........     <---- ''copyed''
 00EC4030  <span style="background:#7777ff;">00 00 00 00 00 00 04 12</span> <span style="background:#7777ff;">00 00 00 00 00 00 00 02</span>  ................     <---- ''copyed''
 00EC4040  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................     <---- ''copyed''
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................     <---- ''copyed''
 00EC45C0  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 01</span>  ................     <---- ''copyed''
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................     <---- ''copyed''
 00EC4670  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 00</span>  ................     <---- ''copyed''
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................     <---- ''copyed''
 00EC5080  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 04 12</span>  ................     <---- ''copyed''
 00EC5090  <span style="background:#ff5555;">10 70 00 00 02 00 00 01</span> <span style="background:#ff6666;">10 70 00 00 39 00 00 01</span>  .p.......p..9...     <---- ''copyed''
 00EC50A0  <span style="background:#ff7777; color:#99ffff;">D5 ED B4 4B 73 E2 79 5D CF E7 06 7F 4B 79 4C DC</span>  Õí´Ksây]Ïç..KyLÜ     <---- '''re-encrypted data''' ?
 00EC50B0  <span style="background:#ff7777; color:#99ffff;">71 D1 B8 F7 0A 3F CE 1B 09 8B 59 47 7A 1D 2C E4</span>  qÑ¸÷.?Î..‹YGz.,ä     <---- '''re-encrypted data''' ?
 00EC50C0  <span style="background:#ff7777; color:#99ffff;">69 B2 CF 18 8A B9 04 7E 29 71 A1 2D D8 71 54 01</span>  i²Ï.Š¹.~)q¡-ØqT.     <---- '''re-encrypted data''' ?
 00EC50D0  <span style="background:#ff7777; color:#99ffff;">5B D2 55 4F EB C4 41 41 80 A3 60 A7 75 DA D8 11</span>  [ÒUOëÄAA€£`§uÚØ.     <---- '''re-encrypted data''' ?
 00EC50E0  <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 01</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 04 12</span>  ................     <---- ''copyed''
 00EC50F0  <span style="background:#ff5555;">04 00 00 00 02 00 00 05</span> <span style="background:#ff6666;">10 70 00 05 FF 00 00 01</span>  .........p..ÿ...     <---- ''copyed''
 00EC5100  <span style="background:#ff7777; color:#99ffff;">0C FF 20 DC A4 6A A1 D3 BC 36 82 17 C2 7B B5 5E</span>  .ÿ Ü¤j¡Ó¼6‚.Â{µ^     <---- ''copyed''
 00EC5110  <span style="background:#ff7777; color:#99ffff;">9B CD 6B 71 AB 41 06 2F 84 54 3F 6B AC E1 26 3E</span>  ›Íkq«A./„T?k¬á&>     <---- ''copyed''
 00EC5120  <span style="background:#ff7777; color:#99ffff;">A6 5A F4 AA E6 08 53 E0 71 A4 7D 43 2D 54 D4 F8</span>  ¦Zôªæ.Sàq¤}C-TÔø     <---- ''copyed''
 00EC5130  <span style="background:#ff7777; color:#99ffff;">5A 21 9B E6 D9 82 6B DB 1C 08 A1 F1 21 E0 F7 A4</span>  Z!›æÙ‚kÛ..¡ñ!à÷¤     <---- ''copyed''
 00EC5140  <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 00</span> <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF</span>  ........ÿÿÿÿÿÿÿÿ     <---- ''copyed''
 00EC5150  <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     <---- ''copyed''
  [...]    <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     <---- ''copyed''
 00EDD740  <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF</span> <span style="background:#99ffff;">EF 73 1D 7F 83 F3 DB 0F</span>  ÿÿÿÿÿÿÿÿïs..ƒóÛ.     <---- ''copyed''
 00EDD750  <span style="background:#99ffff;">E1 69 26 44 E7 23 5C 88 C7 7C 9B 81</span>              ái&Dç#\ˆÇ|›.         <---- ''copyed''
  [...]       the same hash repeated, with a exception                           <---- ''copyed''
 00EDFFE0                          <span style="background:#99ffff;">EF 73 1D 7F 83 F3 DB 0F</span>          ïs..ƒóÛ.     <---- ''copyed''
 00EDFFF0  <span style="background:#99ffff;">E1 69 26 44 E7 23 5C 88 C7 7C 9B 81</span> <span style="background:#777777;">FF FF FF FF</span>  ái&Dç#\ˆÇ|›.ÿÿÿÿ     <---- ''copyed''
  [...]    <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     <---- '''erased_bytes'''
 00EE3FF0  <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     <---- '''erased_bytes''' <----- to fill up to 131072 bytes or 0x20000 (0x100 blocks)
 00EE4000  <span style="background:#000000; color:#ffffff;">00 00 00 00</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 04</span>  ....VTRM........     <---- '''magic_void''', '''magic_vtrm''', '''next_unknown_stuff_len'''
 00EE4010  <span style="background:#cc00cc;">93 66 A8 50 90 4F 4E 9E FC AA 0C 0C 90 8B 96 DD</span>  “f¨P.ONžüª...‹–Ý     <---- '''SRH''' ? (secure root hash)
 00EE4020  <span style="background:#cc00cc;">0E 14 91 99</span> <span style="background:#cc00cc;">00 00</span> <span style="background:#cc00cc;">00 E0</span> <span style="background:#7777ff;">00 00 00 00 00 00 02 09</span>  ..‘™...à........     <---- 0xE0 = number of blocks ?
 00EE4030  <span style="background:#7777ff;">00 00 00 00 00 00 04 12</span> <span style="background:#7777ff;">00 00 00 00 00 00 00 02</span>  ................
 00EE4040  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................     <---- '''index_table''' start (table_size = 0x1048, entry_size = 0x8, entry_number = 0x209)
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................
 00EE45C0  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 01</span>  ................     <---- exception at position 178 (decimal), relative offset 0x588
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................
 00EE4670  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 00</span>  ................     <---- exception at position 200 (decimal), relative offset 0x638
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................
 00EE5080  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 04 12</span>  ................     <---- '''data_table''' start (table_size = 0x186C0, entry_size = 0x60, entry_number = 0x412)
 00EE5090  <span style="background:#ff5555;">10 70 00 00 02 00 00 01</span> <span style="background:#ff6666;">10 70 00 00 39 00 00 01</span>  .p.......p..9...     <---- '''lpar_auth_id''' (PS3_LPAR), '''prog_auth_id''' (bdp_bdmv.self)
 00EE50A0  <span style="background:#ff7777; color:#99ffff;">D8 71 79 C4 C0 2B 74 A1 C9 50 AC 82 4D 94 4A D0</span>  ØqyÄÀ+t¡ÉP¬‚M”JÐ
 00EE50B0  <span style="background:#ff7777; color:#99ffff;">63 85 24 87 7D 4D 0D E4 9A 29 E6 6F 4B FA B7 19</span>  c…$‡}M.äš)æoKú·.
 00EE50C0  <span style="background:#ff7777; color:#99ffff;">53 F2 E7 DA 64 F5 31 61 FC EC 44 41 A5 AC 10 C2</span>  SòçÚdõ1aüìDA¥¬.Â
 00EE50D0  <span style="background:#ff7777; color:#99ffff;">2A D2 D4 18 E7 2F BA 15 79 8E D9 C1 64 4A 6C 91</span>  *ÒÔ.ç/º.yŽÙÁdJl‘
 00EE50E0  <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 01</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 04 12</span>  ................
 00EE50F0  <span style="background:#ff5555;">04 00 00 00 02 00 00 05</span> <span style="background:#ff6666;">10 70 00 05 FF 00 00 01</span>  .........p..ÿ...     <---- '''lpar_auth_id''' (UNKNOWN_LPAR), '''prog_auth_id''' (vsh.self)
 00EE5100  <span style="background:#ff7777; color:#99ffff;">0C FF 20 DC A4 6A A1 D3 BC 36 82 17 C2 7B B5 5E</span>  .ÿ Ü¤j¡Ó¼6‚.Â{µ^
 00EE5110  <span style="background:#ff7777; color:#99ffff;">9B CD 6B 71 AB 41 06 2F 84 54 3F 6B AC E1 26 3E</span>  ›Íkq«A./„T?k¬á&>
 00EE5120  <span style="background:#ff7777; color:#99ffff;">A6 5A F4 AA E6 08 53 E0 71 A4 7D 43 2D 54 D4 F8</span>  ¦Zôªæ.Sàq¤}C-TÔø
 00EE5130  <span style="background:#ff7777; color:#99ffff;">5A 21 9B E6 D9 82 6B DB 1C 08 A1 F1 21 E0 F7 A4</span>  Z!›æÙ‚kÛ..¡ñ!à÷¤
 00EE5140  <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 00</span> <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF</span>  ........ÿÿÿÿÿÿÿÿ     <---- free data slots start 
 00EE5150  <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
  [...]    <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
 00EFD740  <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF</span> <span style="background:#99ffff;">EF 73 1D 7F 83 F3 DB 0F</span>  ÿÿÿÿÿÿÿÿïs..ƒóÛ.     <---- '''signature_table''' start (table_size = 0x28B4, entry_size = 0x14, entry_number = 0x209)
 00EFD750  <span style="background:#99ffff;">E1 69 26 44 E7 23 5C 88 C7 7C 9B 81</span>              ái&Dç#\ˆÇ|›.         [...] '''signature_empty''' (repeated)
  [...]       the same hash repeated, with a exception                           [...] '''signature_dummy''' (exception) at 0xEFE6D4-0xEFE6E7, position 200 (decimal), relative offset = 0xF8C
 00EFFFE0                          <span style="background:#99ffff;">EF 73 1D 7F 83 F3 DB 0F</span>          ïs..ƒóÛ.     [...] '''signature_empty''' (repeated)
 00EFFFF0  <span style="background:#99ffff;">E1 69 26 44 E7 23 5C 88 C7 7C 9B 81</span> <span style="background:#777777;">FF FF FF FF</span>  ái&Dç#\ˆÇ|›.ÿÿÿÿ     <---- '''erased_bytes''' <----- to fill up to 114688 bytes or 0x1C000 (0xE0 blocks)

{{Flash}}
<noinclude>[[Category:Main]]</noinclude>