SC Manager: Difference between revisions

• SC Manager cannot be accessed directly by using DM unfortunately (DM discards all requests) but it's used by other services that are accessable through DM
• E.g. Update_Manager services "Read EEPROM" and "Write EEPROM" send requests to SC Manager services "Read EEPROM" and "Write EEPROM"
• SC Manager runs sc_iso.self
• With full HV rights you could patch Dispatcher Manager and enable access to SC Manager from GameOS.

 note: inside ss_server2.fself

0x9000 - SC Manager[edit | edit source]

0x9001 - SC Get SRH[edit | edit source]

struct ss_sc_mgr_get_srh
{
    u8 field0[20];
    u8 res1[4];
    u8 field18[20];
    u8 res2[4];
};

0x9003 - SC Encrypt[edit | edit source]

• There are 5 different types/kinds of encryption: 1 - 5.

struct ss_sc_mgr_encrypt
{
    u32 type;               /* 1 - 5 */
    u8 res[4];
    u8 field8[16];
    u8 field18[16];
    u64 field28;
};

0x9004 - SC Decrypt[edit | edit source]

• There are 5 different types/kinds of decryption: 1 - 5.
• Virtual TRM Decrypt Master (0x200E) service uses e.g. decryption type 4.

0x9006 - SC Get Region Data[edit | edit source]

• This service expects an ID. The valid range of ID is 0 - 15.
• E.g. Update Manager uses this service to retrieve hash and version of some SELFs and firmwares, e.g. lv0 and lv1.

struct ss_sc_mgr_get_region_data
{
    u64 id;
    u64 data_size;    /* max 0x30 bytes */
    u8 data[0];
};

Update Package Type - ID Mapping Table[edit | edit source]

0x9007 - SC Set Region Data[edit | edit source]

• This service expects an ID. The valid range of ID is 0 - 15.
• E.g. Update Manager uses this service to store hash and version of some SELFs and firmwares, e.g. lv0 and lv1.

struct ss_sc_mgr_set_region_data
{
    u64 id;
    u64 data_size;    /* max 0x30 bytes */
    u8 data[0];
};

0x900B - SC Read EPROM[edit | edit source]

• There are 2 ways to access SC EPROM: NVS Service and Device Access Service.
• NVS Service uses Block ID and Block Offset.
• Not all EPROM offsets can be accessed through SC Manager.

struct ss_sc_mgr_read_eprom
{
    u32 offset;
    u8 res1[4];
    u32 nread;               /* max 0x100 bytes */
    u8 res2[4];
    u64 buf_size;
    u8 buf[0];
    /* here follows buf */
};

EPROM Offset - Block ID and Block Offset Mapping Table (NVS Service)[edit | edit source]

0x900C - SC Write EPROM[edit | edit source]

struct ss_sc_mgr_write_eprom
{
    u32 offset;
    u8 res1[4];
    u32 nwrite;
    u8 res2[4];
    u64 buf_size;
    u8 buf[0];
    /* here follows buf */
};

0x900E - SC Get Status[edit | edit source]

Here is what the service returned on my fat PS3:

0x00 0x00 0x00 0x03 0x00 0x00 0x00 0x00 0xC0 0x00 0x00 0xFF 0x00 0x00 0x00 0x00

So, version is 0x00000003 and mode is 0xC00000FF.

struct ss_sc_mgr_get_sc_status
{
    u32 version;
    u8 res1[4];
    u32 mode;
    u8 res2[4];
};

mode[3] == 0xFF (SC_INIT_FLAG_NON_PRODUCT_MODE)
clrlwi mode, 24 != 0 (SC_INIT_FLAG_NEED_PERSONALIZE)

0x9011 - SC Binary Patch[edit | edit source]

• This service is used by Update Manager to send a new SC firmware version to SYSCON.

SC Isolation DMA Buffer Header[edit | edit source]

struct sc_iso_header
{
    u32 seqno;
    u32 mbmsg;
    u32 cmd;
    u32 cmd_size;
    u8 cmd_data[0];
};

v e Reverse engineering General Bluedisk EID0 reDRM · Boot Order · Boot Memory Type · Bugs & Vulnerabilities · Dumping Bootldr · Dumping Metldr · Files on the PS3 · KaKaRoTo_Kind_of_´Jailbreak´ · PS3Cobra Payload Reverse Engineering · PS3UserCheat · QA Flagging · ReDRM / Piracy dongles · Revoke List · RSOD Fix‎ · rtcalarm.dat · Whitelisting · VTRM Hypervisor Hypervisor Reverse Engineering · Repository Nodes · RSX LV1 Info Services Appliance Information Manager · AV Manager · Dispatcher Manager · Factory Data Manager · Indi Info Manager · SB Manager · SC Manager · Secure LPAR Loader · Secure Profile Loader · Secure RTC Manager · Security Policy Manager · Storage Manager · Update Manager · Updater Frontend · USB Dongle Authenticator · User Token Manager · Virtual TRM Manager Plugin Interfaces ap_plugin · audioplayer_plugin · audiop_plugin_dummy · audiop_plugin_mini · auth_plugin · autodownload_plugin · autoupdateconf_plugin · avc_plugin · avc_util · avc2_game_plugin · avc2_game_video_plugin · avc2_text_plugin · bdp_disccheck_plugin · bdp_plugin · bdp_storage_plugin · campaign_plugin · category_setting_plugin · comboplay_plugin · custom_render_plugin · data_copy_plugin · deviceconf_plugin · dlna_plugin · download_plugin · dtcpip_util · edy_plugin · esehttp · eseibrd · eseidle · eselock · eula_cddb_plugin · eula_hcopy_plugin · eula_net_plugin · explore_plugin · explore_plugin_ft · explore_plugin_game · explore_plugin_np · filecopy_plugin · friendim_plugin · friendml_plugin · friendtrophy_plugin · game_ext_plugin · game_indicator_plugin · game_plugin · gamedata_plugin · gamelib_plugin · gameupdate_plugin · hknw_plugin · idle_plugin · impose_plugin · kensaku_plugin · msgdialog_plugin · mtpinitiator_plugin · musicbrowser_plugin · nas_plugin · netconf_plugin · newstore_plugin · np_eula_plugin · np_matching_plugin · np_multisignin_plugin · np_sns_plugin · npsignin_plugin · np_trophy_ingame · np_trophy_plugin · osk · oskfullkeypanel · oskpanel · pesm_plugin · photo_network_sharing_plugin · photolist_plugin · photoviewer_plugin · playlist_plugin · poweroff_plugin · premo_plugin · premo_game_plugin · print_plugin · profile_plugin · ps3_savedata_plugin · ps3_savedata_plugin_game · ps3_savedata_plugin_psp · rec_plugin · regcam_plugin · remotedownload_plugin · sacd_plugin · scenefolder_plugin · screenshot_plugin · software_update_plugin · soundvisualizer_plugin · strviewer_plugin · sysconf_plugin · system_plugin · thumthum_plugin · upload_util · user_info_plugin · user_plugin · videodownloader_plugin · videoeditor_plugin · videoplayer_util · videoplayer_plugin · vmc_savedata_plugin · wboard_plugin · webbrowser_plugin · webbrowser_service · webrender_plugin · xai_plugin · xmb_ingame · xmb_plugin Emulation PS1 Emulation · PS2 Emulation · PSP Emulation Extended features Printer support · Remote Play · String Viewer · Web Browser · XMB In-game background music · PS3 and PSVita Cross Functions · Widgets · Life with PlayStation · PlayView · XMB Manuals Online Consoleban · Environments · Online Connections · PSN · PSN Handshake Signup · X-I-5-Ticket Hardware SC SC Communication · SC EEPROM · Remarry Syscon · Syscon Thermal Configs · Syscon SPI CELL Cell Configuration Ring · CELL Reset Exploit · CellBE Hardware Implementation Registers · Unlocking the 8th SPE · SPU Isolated Modules Reverse Engineering · SPU LS Overflow Exploit RAM XDR Configuration · Rambus Registers SB ENCDEC Device Reverse Engineering HDD HDD Encryption BD Bluray disc · Basic Bluray disc authentication procedure · BD Drive Reverse Engineering · Disc Identification/Serialization Data · ODE · Remarry Bluray Drive Tools IDA pro disassembler and debugger · CCAPI · 0x000EAEB0 · Ps3.xml · Nids.txt · Nids all.txt · Unknown nids.txt · Fnids.idh Strings files emer_init · aim spu module‎ · lv1‎ · hdd_copy · eurus_fw · lv0 · factory data mngr dumps lv2 dump (Rebug 4.46) · lv1 dump (Rebug 4.46) · bootldr dump (2.70) · Network Loading of lv1ldr and above executables Reference Archaic · Drk_notes · Canaries Keys & Seeds Keys · Per Console Keys · Fail Keys · Seeds · ECDSA binaries · AES binaries · DES binaries · Cryptography Tricks