Editing SC Communication
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
[[Category:Software]] | |||
=Introduction= | =Introduction= | ||
Line 15: | Line 16: | ||
! Offset (from start of address space) !! Size !! Description | ! Offset (from start of address space) !! Size !! Description | ||
|- | |- | ||
|0xC000 || 0xFF0 || Syscon packet send area | |0xC000 || 0xFF0 || Syscon packet send area | ||
|- | |- | ||
|0xCFF0 || 0x4 || Syscon packet | |0xCFF0 || 0x4 || Syscon sent packet counter | ||
|- | |- | ||
|0xCFF4 || 0x4 || Syscon packet | |0xCFF4 || 0x4 || Syscon sent packet acknowledge counter | ||
|- | |- | ||
|0xD000 || 0xFF0 || | |0xD000 || 0xFF0 || Syscon packet receive area | ||
|- | |- | ||
|0xDFF0 || 0x4 || | |0xDFF0 || 0x4 || Syscon received packet counter | ||
|- | |- | ||
|0xDFF4 || 0x4 || | |0xDFF4 || 0x4 || Syscon received packet acknowledge counter | ||
|- | |- | ||
|0xE100 || 0x4 || Tells syscon there is a packet to be received | |0xE100 || 0x4 || Tells syscon there is a packet to be received | ||
Line 36: | Line 37: | ||
=Syscon Services= | =Syscon Services= | ||
* To be completed... | * To be completed... | ||
{| class="wikitable FCK__ShowTableBorders" | {| class="wikitable FCK__ShowTableBorders" | ||
Line 67: | Line 43: | ||
! Service ID !! Description | ! Service ID !! Description | ||
|- | |- | ||
| | | 0x13 || Power Service - Controls system power and related info. | ||
|- | |- | ||
| | | 0x14 || NVS Service - Used for eeprom read/write. (Non-Volatile Storage?) | ||
|- | |- | ||
| | | 0x16 || LED Service - Controls the lights on the console. | ||
|- | |- | ||
| | | 0x18 || Livelock(?) Service - Checks for permission to use other services. | ||
|- | |- | ||
| | | 0x20 || Syscon Debug Output(?) - Used to send a string to syscon. | ||
|- | |- | ||
| | | 0x1F || Authenticated Services. | ||
|- | |- | ||
| 0xFF || Syscon Init (Seen in lv0ldr init sequence to syscon: http://www.ps3devwiki.com/wiki/User_talk:JuanNadie) | |||
| 0xFF || Syscon Init (Seen in lv0ldr init sequence to syscon: | |||
|} | |} | ||
Line 121: | Line 67: | ||
! What? !! Description || Data || Notes | ! What? !! Description || Data || Notes | ||
|- | |- | ||
| AUTH1 || AUTH1 Header || 0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0x20, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x30, 0x00, 0x30 || | | AUTH1 || AUTH1 Header || 0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0x20, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x30, 0x00, 0x30 || | ||
|- | |- | ||
| AUTH2 || AUTH2 Header || 0x1F, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x21, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x30, 0x00, 0x30 || | | AUTH2 || AUTH2 Header || 0x1F, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x21, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x30, 0x00, 0x30 || | ||
|- | |- | ||
| Debug Output || Sends string to Syscon TTY || 0x20, 0x01, 0x00, 0x07, 0x00, 0x00, 0x80, 0x28, 0x00, 0x00, 0x00, 0x00<br>|| Start message with 0x00. Will print as much as packet length. | | Debug Output || Sends string to Syscon TTY || 0x20, 0x01, 0x00, 0x07, 0x00, 0x00, 0x80, 0x28, 0x00, 0x00, 0x00, 0x00<br>|| Start message with 0x00. Will print as much as packet length. | ||
Line 136: | Line 82: | ||
|- | |- | ||
| Panic || || 0x13, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x80, 0x21, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x04, 0x00, 0x04,<br>0x11, 0x00, 0x00, 0x03|| Shuts down, beeps, and kills power LED until power button pressed, or power removed. | | Panic || || 0x13, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x80, 0x21, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x04, 0x00, 0x04,<br>0x11, 0x00, 0x00, 0x03|| Shuts down, beeps, and kills power LED until power button pressed, or power removed. | ||
|} | |} | ||
Line 167: | Line 108: | ||
struct secure_payload_header { | struct secure_payload_header { | ||
u8 session_id; | u8 session_id; | ||
u8 seq_service_id; //service_ID (Unsecure uses 0xFF, AUTH1 = 0x02, AUTH2 = 0x03, | u8 seq_service_id; //service_ID (Unsecure uses 0xFF, AUTH1 = 0x02, AUTH2 = 0x03, READ/WRITE = 0x04) | ||
u8 packet_type; //0xFF for BE->SC, 0x00 for SC->BE (if success) | u8 packet_type; //0xFF for BE->SC, 0x00 for SC->BE (if success) | ||
u8 magic[0x2]; //0xAD1A | u8 magic[0x2]; //0xAD1A | ||
Line 282: | Line 223: | ||
== Step 4 - Profit? == | == Step 4 - Profit? == | ||
You are now authenticated with syscon, and can use privileged commands. Just use the session_key calculated from the AUTH2 reply to encrypt/decrypt responses. | You are now authenticated with syscon, and can use privileged commands. Just use the session_key calculated from the AUTH2 reply to encrypt/decrypt responses. | ||