Editing SC Communication
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 15: | Line 15: | ||
! Offset (from start of address space) !! Size !! Description | ! Offset (from start of address space) !! Size !! Description | ||
|- | |- | ||
|0xC000 || 0xFF0 || Syscon packet send area | |0xC000 || 0xFF0 || Syscon packet send area | ||
|- | |- | ||
|0xCFF0 || 0x4 || Syscon packet | |0xCFF0 || 0x4 || Syscon sent packet counter | ||
|- | |- | ||
|0xCFF4 || 0x4 || Syscon packet | |0xCFF4 || 0x4 || Syscon sent packet acknowledge counter | ||
|- | |- | ||
|0xD000 || 0xFF0 || | |0xD000 || 0xFF0 || Syscon packet receive area | ||
|- | |- | ||
|0xDFF0 || 0x4 || | |0xDFF0 || 0x4 || Syscon received packet counter | ||
|- | |- | ||
|0xDFF4 || 0x4 || | |0xDFF4 || 0x4 || Syscon received packet acknowledge counter | ||
|- | |- | ||
|0xE100 || 0x4 || Tells syscon there is a packet to be received | |0xE100 || 0x4 || Tells syscon there is a packet to be received | ||
Line 36: | Line 36: | ||
=Syscon Services= | =Syscon Services= | ||
* To be completed... | * To be completed... | ||
{| class="wikitable FCK__ShowTableBorders" | {| class="wikitable FCK__ShowTableBorders" | ||
Line 67: | Line 42: | ||
! Service ID !! Description | ! Service ID !! Description | ||
|- | |- | ||
| 0x10 || PS2 PCI Bus Power On/Off | |||
| 0x10 || | |||
|- | |- | ||
| | | 0x11 || | ||
|- | |- | ||
| | | 0x12 || Configuration? | ||
|- | |- | ||
| | | 0x13 || Power Service - Controls system power and related info. RTC too. | ||
|- | |- | ||
| | | 0x14 || NVS Service - Used for eeprom read/write. (Non-Volatile Storage?) | ||
|- | |- | ||
| | | 0x16 || LED / Buzzer Service - Controls the lights on the console and the ring buzzer. | ||
|- | |- | ||
| | | 0x18 || Livelock(?) Service - Checks for permission to use other services. | ||
|- | |- | ||
| | | 0x20 || Syscon Debug Output(?) - Used to send a string to syscon. | ||
|- | |- | ||
| | | 0x2D || | ||
|- | |- | ||
| | | 0x30 || A/V Service. | ||
|- | |- | ||
| | | 0x1F || Authenticated Services. | ||
|- | |- | ||
| 0xFF || Syscon Init (Seen in lv0ldr init sequence to syscon: | | 0xFF || Syscon Init (Seen in lv0ldr init sequence to syscon: http://www.ps3devwiki.com/wiki/User_talk:JuanNadie) | ||
|} | |} | ||
Line 121: | Line 76: | ||
! What? !! Description || Data || Notes | ! What? !! Description || Data || Notes | ||
|- | |- | ||
| AUTH1 || AUTH1 Header || 0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0x20, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x30, 0x00, 0x30 || | | AUTH1 || AUTH1 Header || 0x1F, 0x01, 0x00, 0x00, 0x00, 0x00, 0x80, 0x20, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x30, 0x00, 0x30 || | ||
|- | |- | ||
| AUTH2 || AUTH2 Header || 0x1F, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x21, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x30, 0x00, 0x30 || | | AUTH2 || AUTH2 Header || 0x1F, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x21, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x30, 0x00, 0x30 || | ||
|- | |- | ||
| Debug Output || Sends string to Syscon TTY || 0x20, 0x01, 0x00, 0x07, 0x00, 0x00, 0x80, 0x28, 0x00, 0x00, 0x00, 0x00<br>|| Start message with 0x00. Will print as much as packet length. | | Debug Output || Sends string to Syscon TTY || 0x20, 0x01, 0x00, 0x07, 0x00, 0x00, 0x80, 0x28, 0x00, 0x00, 0x00, 0x00<br>|| Start message with 0x00. Will print as much as packet length. | ||
Line 136: | Line 91: | ||
|- | |- | ||
| Panic || || 0x13, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x80, 0x21, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x04, 0x00, 0x04,<br>0x11, 0x00, 0x00, 0x03|| Shuts down, beeps, and kills power LED until power button pressed, or power removed. | | Panic || || 0x13, 0x01, 0x00, 0x0D, 0x00, 0x00, 0x80, 0x21, 0x00, 0x00, 0x00, 0x00,<br>0x00, 0x04, 0x00, 0x04,<br>0x11, 0x00, 0x00, 0x03|| Shuts down, beeps, and kills power LED until power button pressed, or power removed. | ||
|} | |} | ||
Line 167: | Line 117: | ||
struct secure_payload_header { | struct secure_payload_header { | ||
u8 session_id; | u8 session_id; | ||
u8 seq_service_id; //service_ID (Unsecure uses 0xFF, AUTH1 = 0x02, AUTH2 = 0x03, | u8 seq_service_id; //service_ID (Unsecure uses 0xFF, AUTH1 = 0x02, AUTH2 = 0x03, READ/WRITE = 0x04) | ||
u8 packet_type; //0xFF for BE->SC, 0x00 for SC->BE (if success) | u8 packet_type; //0xFF for BE->SC, 0x00 for SC->BE (if success) | ||
u8 magic[0x2]; //0xAD1A | u8 magic[0x2]; //0xAD1A | ||
Line 283: | Line 233: | ||
You are now authenticated with syscon, and can use privileged commands. Just use the session_key calculated from the AUTH2 reply to encrypt/decrypt responses. | You are now authenticated with syscon, and can use privileged commands. Just use the session_key calculated from the AUTH2 reply to encrypt/decrypt responses. | ||
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> | {{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> |