Editing SC Communication
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
[[Category:Software]] | |||
=Introduction= | =Introduction= | ||
* The following information was reverse engineered from | * The following information was reverse engineered from lv0ldr, lv0, lv1, and sc_iso.self. | ||
* Big thanks to graf_chokolo for a large part of the basis of this page, and to Jestero for Syscon Authentication info! | * Big thanks to graf_chokolo for a large part of the basis of this page, and to Jestero for Syscon Authentication info! | ||
Line 15: | Line 16: | ||
! Offset (from start of address space) !! Size !! Description | ! Offset (from start of address space) !! Size !! Description | ||
|- | |- | ||
|0xC000 || 0xFF0 || Syscon packet send area | |0xC000 || 0xFF0 || Syscon packet send area | ||
|- | |- | ||
|0xCFF0 || 0x4 || Syscon packet | |0xCFF0 || 0x4 || Syscon sent packet counter | ||
|- | |- | ||
|0xCFF4 || 0x4 || Syscon packet | |0xCFF4 || 0x4 || Syscon sent packet acknowledge counter | ||
|- | |- | ||
|0xD000 || 0xFF0 || | |0xD000 || 0xFF0 || Syscon packet receive area | ||
|- | |- | ||
|0xDFF0 || 0x4 || | |0xDFF0 || 0x4 || Syscon received packet counter | ||
|- | |- | ||
|0xDFF4 || 0x4 || | |0xDFF4 || 0x4 || Syscon received packet acknowledge counter | ||
|- | |- | ||
|0xE100 || 0x4 || Tells syscon there is a packet to be received | |0xE100 || 0x4 || Tells syscon there is a packet to be received | ||
Line 36: | Line 37: | ||
=Syscon Services= | =Syscon Services= | ||
* To be completed... | * To be completed... | ||
{| class="wikitable FCK__ShowTableBorders" | {| class="wikitable FCK__ShowTableBorders" | ||
Line 67: | Line 43: | ||
! Service ID !! Description | ! Service ID !! Description | ||
|- | |- | ||
| 0x14 || NVS Service - Used for eeprom read/write (Non-Volatile Storage?) | |||
| 0x14 || NVS Service - Used for eeprom read/write | |||
|- | |- | ||
| | | 0x18 || Livelock(?) Service - Checks for permission to use other services | ||
|- | |- | ||
| 0x1F || | | 0x1F || Authenticated Services | ||
|- | |- | ||
| 0xFF || Syscon Init (Seen in lv0ldr init sequence to syscon: http://www.ps3devwiki.com/wiki/User_talk:JuanNadie) | |||
| 0xFF || Syscon Init (Seen in lv0ldr init sequence to syscon: | |||
|} | |} | ||
=Syscon Packet Headers= | =Syscon Packet Headers= | ||
* Some useful packet headers... | * Some useful packet headers... | ||
{| class="wikitable FCK__ShowTableBorders" | {| class="wikitable FCK__ShowTableBorders" | ||
|- | |- | ||
! What? !! Description || Data | ! What? !! Description || Data | ||
|- | |- | ||
| AUTH1 || AUTH1 Header || 0x1F,0x01,0x00,0x00,0x00,0x00,0x80,0x20,0x00,0x00,0x00,0x00,0x00,0x30,0x00,0x30 | |||
|} | |} | ||
Line 167: | Line 86: | ||
struct secure_payload_header { | struct secure_payload_header { | ||
u8 session_id; | u8 session_id; | ||
u8 seq_service_id; //service_ID (Unsecure uses 0xFF, AUTH1 = 0x02, AUTH2 = 0x03, | u8 seq_service_id; //service_ID (Unsecure uses 0xFF, AUTH1 = 0x02, AUTH2 = 0x03, READ/WRITE = 0x04) | ||
u8 packet_type; //0xFF for BE->SC, 0x00 for SC->BE (if success) | u8 packet_type; //0xFF for BE->SC, 0x00 for SC->BE (if success) | ||
u8 magic[0x2]; //0xAD1A | u8 magic[0x2]; //0xAD1A | ||
Line 176: | Line 95: | ||
=== Step 3b - AUTH 1 to SC === | === Step 3b - AUTH 1 to SC === | ||
<pre> | <pre> | ||
u8 auth1_pkt_header[] = {0x1f,0x01,0x00,0x00,0x00,0x00,0x80,0x20,0x00,0x00,0x00,0x00,0x00,0x30,0x00,0x30}; | |||
uint8_t random_shit[0x10]; | uint8_t random_shit[0x10]; | ||
auth_key_1_0x01 = enc_key_seeds + (session_id * (0x10*2)); | auth_key_1_0x01 = enc_key_seeds + (session_id * (0x10*2)); | ||
Line 186: | Line 106: | ||
aes128cbc_enc(auth_key_1_0x01, zero_iv, random_shit, 0x10, secure_payload_buf + 0x10); | aes128cbc_enc(auth_key_1_0x01, zero_iv, random_shit, 0x10, secure_payload_buf + 0x10); | ||
//Create secure header/footer | //Create secure header/footer | ||
// create header: 5 bytes + random stuff (0xb) | // create header: 5 bytes + random stuff (0xb) | ||
Line 205: | Line 124: | ||
memcpy(sc_packet, auth1_pkt_header, 0x10); | memcpy(sc_packet, auth1_pkt_header, 0x10); | ||
//Send packet. | //Send packet. | ||
</pre> | </pre> | ||