Capability Flags: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
m (Text replacement - "https://playstationhax.xyz" to "https://web.archive.org/web/*/https://playstationhax.xyz")
Line 7: Line 7:
== Plaintext Capability ==
== Plaintext Capability ==


Temp name was Control Flags. Official name is plaintext_capability.
Official name is plaintext_capability as well as Control Flags according to 0.80 lv2 -> Control Flags might be something else then???.


It is widely used by PS3 lv2.
It is widely used by PS3 lv2.

Revision as of 20:46, 30 June 2023

This is a 32-byte buffer that specifies if a SELF has more or less capabilities.

Capability is stored either as plaintext in SELF Supplemental Header (SELF and PS3 only) or encrypted in the Certified File Optional Header.

PS3

Plaintext Capability

Official name is plaintext_capability as well as Control Flags according to 0.80 lv2 -> Control Flags might be something else then???.

It is widely used by PS3 lv2.

Examples

Long Value Short Notation Type Whitelisting
0000000000000000000000000000000000000000000000000000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 lv1::PLAINTEXT_CAPABILITY_DEFAULT Yes
0000000000000000000000000000000000000000000000000000000000000000 00 00 00 00 00 00 00 00 00 00 00 00 lv2::PLAINTEXT_CAPABILITY_DEFAULT Yes
0000000000000000000000000000000000000000000000000000000000000003 00 00 00 00 00 00 00 00 00 00 00 03 ? Yes
4000000000000000000000000000000000000000000000000000000000000000 40 00 00 00 00 00 00 00 00 00 00 00 Root Flags Yes
4000000000000000000000000000000000000000000000000000000000000002 40 00 00 00 00 00 00 00 00 00 00 02 Root Flags + debug_mode_capability flags (vsh) Yes
4000000000000000000000000000000000000000000000000000000000000004 40 00 00 00 00 00 00 00 00 00 00 04 Root flags + product_mode_capability flags Yes

Structure

struct { // Size is 0x20 bytes
  uint32_t ctrl_flag1; // 0x80000000(all?), 0x40000000(root), 0x20000000(dbg), 0x00000000(normal?)
  uint32_t unknown2;
  uint32_t unknown3;
  uint32_t unknown4;
  uint32_t unknown5;
  uint32_t unknown6;
  uint32_t unknown7; // ex: 0, 8, 9, 0xC
  uint32_t unknown8; // ex: 0(normal_mode), 1, 2(debug_mode), 4(product_mode)
} plaintext_capability;

Encrypted Capability

Examples

Long Value Short Notation Type Whitelisting
00000000000000000000000000000000000000000000001B0000000100000000 00 00 00 00 00 00 00 1B 00 00 00 01 00 00 00 00 ? No
00000000000000000000000000000000000000000000001B0000000100100000 00 00 00 00 00 00 00 1B 00 00 00 01 00 10 00 00 ? Yes
0000000000000000000000000000000000000000000000380000000100002000 00 00 00 00 00 00 00 38 00 00 00 01 00 00 20 00 ? Yes
00000000000000000000000000000000000000000000003B0000000000002000 00 00 00 00 00 00 00 3B 00 00 00 00 00 00 20 00 ? Yes
00000000000000000000000000000000000000000000003B0000000000020000 00 00 00 00 00 00 00 3B 00 00 00 00 00 02 00 00 BluRay Unknown
00000000000000000000000000000000000000000000003B0000000100000000 00 00 00 00 00 00 00 3B 00 00 00 01 00 00 00 00 ? Yes
00000000000000000000000000000000000000000000003B0000000100002000 00 00 00 00 00 00 00 3B 00 00 00 01 00 00 20 00 HDDGame Yes
00000000000000000000000000000000000000000000003B0000000100040000 00 00 00 00 00 00 00 3B 00 00 00 01 00 04 00 00 DiscGame Yes
00000000000000000000000000000000000000000000007B0000000100000000 00 00 00 00 00 00 00 7B 00 00 00 01 00 00 00 00 lv1 Yes
00000000000000000000000000000000000000000000007B0000000100000000 00 00 00 00 00 00 00 7B 00 00 00 01 00 00 00 00 lv2_kernel Yes
00000000000000000000000000000000000000000000007B0000000100116000 00 00 00 00 00 00 00 7B 00 00 00 01 00 11 60 00 ? Yes

Structure

appldr

0x17 = 0x78

xsetting

0x17 = 0x3B
0x1B = 0x01
0x1D = 0x02

ps3swu

0x17 = 0x7B
0x1B = 0x01
0x1D = 0x11
0x1E = 0x60

lv2

0x17 = 0x7B
0x1B = 0x01

lv1

0x17 = 0x7B
0x1B = 0x01

libfs

0x17 = 0x7B
0x1B = 0x01

icolaunch

0x17 = 0x3B
0x1B = 0x01
0x1D = 0x04

hddcopy

0x17 = 0x7B
0x1B = 0x01
0x1D = 0x08

flowers

0x17 = 0x3B
0x1B = 0x01
0x1E = 0x20

fdm_spu

0x17 = 0x38

emu_drm

0x17 = 0x3B
0x1D = 0x02

bdj

0x0F = 0x01 //qa-bdp type1
0x17 = 0x27
0x1D = 0x02

swagner

0x0F = 0x02 //qa-bdp type2
0x17 = 0x3F
0x1D = 0x02

0x0C = 0x00000001 / 0x00000002 // qa_bdp_type_flags
0x14 = 0x00000038 / 0x0000003B / 0x00000078 / 0x0000007B / 0x00000027
0x18 = 0x00000001
0x1C = 0x00002000 / 0x00020000 / 0x00040000 / 0x00080000 / 0x00116000

0x14:

#define CAP_FLAG_REFTOOL 0x08 // DEH
#define CAP_FLAG_DEBUG   0x10 // DEX
#define CAP_FLAG_RETAIL  0x20 // CEX
#define CAP_FLAG_SYSDBG  0x40 // ARCADE

Some more cap flags from appldr 3.56 whitelist:

https://web.archive.org/web/20161126102609/http://pastie.org/3090973

https://web.archive.org/web/20161126102716/http://pastie.org/3090976

PSVita

Plaintext Capability

PSVita does not use plaintext capability.

Encrypted Capability

See [1].