Editing Flash:cvtrm

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 64: Line 64:
In the third copypaste, the value that indicates the offset points to the 'exception' hash inside the '''hash_table''' (bytes from 0xEFE68C up to 0xEFE6A0 are copypasted to 0xEC0108 up to 0xEC011C), but instead of copying the 'exception' hash it copypastes the default hash value
In the third copypaste, the value that indicates the offset points to the 'exception' hash inside the '''hash_table''' (bytes from 0xEFE68C up to 0xEFE6A0 are copypasted to 0xEC0108 up to 0xEC011C), but instead of copying the 'exception' hash it copypastes the default hash value


At this point the creation process is near completed, the only thing left is to fill the 0x10 bytes at the beginning in the first vtrm block (at 0xEC0000), this small area is going to work as the entry point when reading the whole vtrm, and this is when is written the 'magic_scei' that is unique (is the only value from this blocks in common between NAND and NOR), the other thing that indicates this area (with the value 0xA8) is the length of the areas that has been copypasted below (but only the sum of the first two copypastes, for some reason the third copypaste is not included in this sum, also the position where the third copypaste happens is a bit weird i dont get why that position, is because the 0x40 gap but that gap makes no sense, the point is the gap is there and is related with the reason why the third copypaste to not be included in this sum)
At this point the creation process is near completed, the only thing left is to fill the 0x10 bytes at the beginning in the first vtrm block (at 0xEC0000), this small area is going to work as the entry point when reading the whole vtrm, and this is when is written the 'magic_scei' that is unique (is the only value from this blocks in common between NAND and NOR), the other thing that indicates this area (with the value 0xA8) is the lenght of the areas that has been copypasted below (but only the sum of the first two copypastes, for some reason the third copypaste is not included in this sum, also the position where the third copypaste happens is a bit weird i dont get why that position, is because the 0x40 gap but that gap makes no sense, the point is the gap is there and is related with the reason why the third copypaste to not be included in this sum)


----
----
Line 75: Line 75:


==Notes, speculation, brainstorming==
==Notes, speculation, brainstorming==
Trying to identify the encrypted data blocks based on the [[Authority ID]] and its position
Trying to identify the encrypted data blocks based on the [[Authentication IDs]] and its position


*First auth ID (lpar auth id)
*First auth ID (lpar auth id)
Line 94: Line 94:
*** /dev_flash/vsh/module/'''mgvideo.self'''
*** /dev_flash/vsh/module/'''mgvideo.self'''


=LPAR Auth ID and Program Auth ID=
*VSH
**0x0400000002000005 - ???
**0x10700005FF000001 - vsh.self
*BDP
**0x1070000002000001 - LPAR 2
**0x1070000039000001 - bdp_bdmv.self
*VP
**0x1070000002000001 - LPAR 2
**0x1070000003000002 - mgvideo.self


http://www.psdevwiki.com/ps3/index.php?title=Fixing_DRL_and_CRL_Hashes&diff=13954&oldid=13803
http://www.psdevwiki.com/ps3/index.php?title=Fixing_DRL_and_CRL_Hashes&diff=13954&oldid=13803
Line 229: Line 219:
   [...]    <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................
   [...]    <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span>  ................
  00EE5080  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 04 12</span>  ................    <---- '''data_table''' start (table_size = 0x186C0, entry_size = 0x60, entry_number = 0x412)
  00EE5080  <span style="background:#cccc66;">00 00 00 00 00 00 04 12</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 04 12</span>  ................    <---- '''data_table''' start (table_size = 0x186C0, entry_size = 0x60, entry_number = 0x412)
  00EE5090  <span style="background:#ff5555;">10 70 00 00 02 00 00 01</span> <span style="background:#ff6666;">10 70 00 00 39 00 00 01</span>  .p.......p..9...    <---- '''lpar_auth_id''', '''prog_auth_id'''
  00EE5090  <span style="background:#ff5555;">10 70 00 00 02 00 00 01</span> <span style="background:#ff6666;">10 70 00 00 39 00 00 01</span>  .p.......p..9...    <---- '''lpar_auth_id''' (PS3_LPAR), '''prog_auth_id''' (bdp_bdmv.self)
  00EE50A0  <span style="background:#ff7777; color:#99ffff;">D8 71 79 C4 C0 2B 74 A1 C9 50 AC 82 4D 94 4A D0</span>  ØqyÄÀ+t¡ÉP¬‚M”JÐ
  00EE50A0  <span style="background:#ff7777; color:#99ffff;">D8 71 79 C4 C0 2B 74 A1 C9 50 AC 82 4D 94 4A D0</span>  ØqyÄÀ+t¡ÉP¬‚M”JÐ
  00EE50B0  <span style="background:#ff7777; color:#99ffff;">63 85 24 87 7D 4D 0D E4 9A 29 E6 6F 4B FA B7 19</span>  c…$‡}M.äš)æoKú·.
  00EE50B0  <span style="background:#ff7777; color:#99ffff;">63 85 24 87 7D 4D 0D E4 9A 29 E6 6F 4B FA B7 19</span>  c…$‡}M.äš)æoKú·.
Line 235: Line 225:
  00EE50D0  <span style="background:#ff7777; color:#99ffff;">2A D2 D4 18 E7 2F BA 15 79 8E D9 C1 64 4A 6C 91</span>  *ÒÔ.ç/º.yŽÙÁdJl‘
  00EE50D0  <span style="background:#ff7777; color:#99ffff;">2A D2 D4 18 E7 2F BA 15 79 8E D9 C1 64 4A 6C 91</span>  *ÒÔ.ç/º.yŽÙÁdJl‘
  00EE50E0  <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 01</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 04 12</span>  ................
  00EE50E0  <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 01</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 04 12</span>  ................
  00EE50F0  <span style="background:#ff5555;">04 00 00 00 02 00 00 05</span> <span style="background:#ff6666;">10 70 00 05 FF 00 00 01</span>  .........p..ÿ...    <---- '''lpar_auth_id''', '''prog_auth_id'''
  00EE50F0  <span style="background:#ff5555;">04 00 00 00 02 00 00 05</span> <span style="background:#ff6666;">10 70 00 05 FF 00 00 01</span>  .........p..ÿ...    <---- '''lpar_auth_id''' (UNKNOWN_LPAR), '''prog_auth_id''' (vsh.self)
  00EE5100  <span style="background:#ff7777; color:#99ffff;">0C FF 20 DC A4 6A A1 D3 BC 36 82 17 C2 7B B5 5E</span>  .ÿ ܤj¡Ó¼6‚.Â{µ^
  00EE5100  <span style="background:#ff7777; color:#99ffff;">0C FF 20 DC A4 6A A1 D3 BC 36 82 17 C2 7B B5 5E</span>  .ÿ ܤj¡Ó¼6‚.Â{µ^
  00EE5110  <span style="background:#ff7777; color:#99ffff;">9B CD 6B 71 AB 41 06 2F 84 54 3F 6B AC E1 26 3E</span>  ›Íkq«A./„T?k¬á&>
  00EE5110  <span style="background:#ff7777; color:#99ffff;">9B CD 6B 71 AB 41 06 2F 84 54 3F 6B AC E1 26 3E</span>  ›Íkq«A./„T?k¬á&>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)