Appliance Information Manager: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
m (Text replacement - "playstationdev.wiki/psvitadevwiki" to "psdevwiki.com/vita") |
||
(32 intermediate revisions by 16 users not shown) | |||
Line 1: | Line 1: | ||
= Description = | |||
AIM (Appliance Info Manager) is a [[Hypervisor_Reverse_Engineering#Process_socket_services|Process socket service]] supported by the hypervisor (lv1).<br> | |||
It is used to retrieve the | It is used to retrieve the IDPS, Target ID, Open PSID and PS Code from the [[Flash:Encrypted_Individual_Data_-_eEID#EID0|EID0]] data that is passed in. | ||
internally loaded@ | Responsible is the isolated SPU module '''aim_spu_module.self''' from [[CoreOS]] / [[Flash#ros0|Flash]]. | ||
This service is accessible from GameOS via syscall 867 and requires 0x40 Root flag ([[Capability_Flags|Capability Flags]]) set in [[SELF - SPRX#Supplemental Header Table|Plaintext Capability Header]]. | |||
internally loaded@ss_server2.fself | |||
Function Id : 0x19000 | Function Id : 0x19000 | ||
Port: 0x24 | Port: 0x24 | ||
= 0x19000 - AIM = | |||
= 0x19000 - AIM | |||
{| class="wikitable FCK__ShowTableBorders" | {| class="wikitable FCK__ShowTableBorders" | ||
Line 18: | Line 18: | ||
! Packet ID | ! Packet ID | ||
! Description | ! Description | ||
! | ! Lv1 Parameter Usage | ||
! Lv2Syscall Parameter | |||
! notes | |||
|- | |- | ||
| 0x19002 | | 0x19002 | ||
| Get Device Type | | Get Device Type | ||
| | |||
| uint8_t out[0x10] | | uint8_t out[0x10] | ||
| | |||
|- | |- | ||
| 0x19003 | | 0x19003 | ||
| Get Device ID | | Get Device ID | ||
| | |||
| uint8_t out[0x10] | | uint8_t out[0x10] | ||
| | |||
|- | |- | ||
| 0x19004 | | 0x19004 | ||
| Get PS Code | | Get PS Code | ||
| | |||
| uint8_t out[0x8] | | uint8_t out[0x8] | ||
| | |||
|- | |- | ||
| 0x19005 | | 0x19005 | ||
| Get Open PS ID | | Get Open PS ID | ||
| | |||
| uint8_t out[0x10] | | uint8_t out[0x10] | ||
| | |||
|- | |- | ||
| 0x19006 | | 0x19006 | ||
| Unknown | | Unknown | ||
| | | | ||
| void | |||
| | |||
|} | |} | ||
== 0x19002 - Get Device Type == | == 0x19002 - Get Device Type == | ||
* | * Returns the console's [[Product Code]]. | ||
<pre> | <pre> | ||
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x85 | 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x85 | ||
</pre> | </pre> | ||
calling from GameOS: | |||
struct ss_aim_get_device_type | <source lang="c"> | ||
{ | struct ss_aim_get_device_type { | ||
u8 field0[16]; | u8 field0[16]; | ||
}; | }; | ||
int cellSsAimGetDeviceType(out:uint8[0x10]); | |||
</source> | |||
== 0x19003 - Get Device ID == | == 0x19003 - Get Device ID == | ||
* | * Returns the console's [[IDPS]]. | ||
<pre> | <pre> | ||
Line 65: | Line 78: | ||
</pre> | </pre> | ||
calling from GameOS: | |||
struct ss_aim_get_device_id | <source lang="c"> | ||
{ | struct ss_aim_get_device_id { | ||
u8 idps[16]; | u8 idps[16]; | ||
}; | }; | ||
int cellSsAimGetDeviceId(out:uint8[0x10]); | |||
</source> | |||
== 0x19004 - Get PS Code == | == 0x19004 - Get PS Code == | ||
* Returns the console's [[PSCode]]. See [https://psdevwiki.com/vita/index.php?title=PSCode]. | |||
calling from GameOS: | |||
<source lang="c"> | |||
struct ss_aim_get_ps_code { | |||
struct ss_aim_get_ps_code | |||
{ | |||
u8 field0[8]; | u8 field0[8]; | ||
}; | }; | ||
int cellSsAimGetPsCode(out:uint8[8]); | |||
</source> | |||
== 0x19005 - Get Open PS ID == | == 0x19005 - Get Open PS ID == | ||
* Returns the console's [[OpenPSID]]. | |||
struct ss_aim_get_open_ps_id | |||
{ | calling from GameOS: | ||
<source lang="c"> | |||
struct ss_aim_get_open_ps_id { | |||
u8 field0[16]; | u8 field0[16]; | ||
}; | }; | ||
== 0x19006 - | int cellSsAimGetOpenPsId(out:uint8[0x10]) | ||
</source> | |||
== 0x19006 - unkonwn == | |||
* | * Usage found in bdp_BDVD for example... with 1 param (= 0) | ||
* | * Seems to be handled by lv2_kernel, not AIM itself. | ||
* It looks up for qa-flag (if flagged, sets token seed to an lv2 internal buffer), fself flag & device_id. | |||
calling from GameOS: | |||
<source lang="C"> | |||
int syscall(867, 0x19006); | |||
</source> | |||
*note: this packet id doesnt need another parameter | |||
= Reverse Engineering in Lv1 = | = Reverse Engineering in Lv1 = | ||
Function Id : 0x19000 | Function Id: 0x19000 | ||
Port: 0x24 | Port: 0x24 | ||
Process: 5 | Process: 5 | ||
If you want to check out about it or get more things documented | If you want to check out about it or get more things documented, consider looking at for example: | ||
consider looking at for example: | |||
* coolstuff\hvdump315_reversing\proc_5\code_seg.idb | * coolstuff\hvdump315_reversing\proc_5\code_seg.idb | ||
* coolstuff\hvdump341_reversing\proc_5\code_seg.idb | * coolstuff\hvdump341_reversing\proc_5\code_seg.idb | ||
* coolstuff\hvdump355_reversing\proc_5\code_seg.idb | * coolstuff\hvdump355_reversing\proc_5\code_seg.idb | ||
See also [[SPU_Isolated_Modules_Reverse_Engineering#aim_spu_module]]. | |||
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> | {{Reverse engineering}} | ||
<noinclude>[[Category:Main]]</noinclude> |
Latest revision as of 06:28, 12 April 2023
Description
AIM (Appliance Info Manager) is a Process socket service supported by the hypervisor (lv1).
It is used to retrieve the IDPS, Target ID, Open PSID and PS Code from the EID0 data that is passed in.
Responsible is the isolated SPU module aim_spu_module.self from CoreOS / Flash.
This service is accessible from GameOS via syscall 867 and requires 0x40 Root flag (Capability Flags) set in Plaintext Capability Header.
internally loaded@ss_server2.fself Function Id : 0x19000 Port: 0x24
0x19000 - AIM
Packet ID | Description | Lv1 Parameter Usage | Lv2Syscall Parameter | notes |
---|---|---|---|---|
0x19002 | Get Device Type | uint8_t out[0x10] | ||
0x19003 | Get Device ID | uint8_t out[0x10] | ||
0x19004 | Get PS Code | uint8_t out[0x8] | ||
0x19005 | Get Open PS ID | uint8_t out[0x10] | ||
0x19006 | Unknown | void |
0x19002 - Get Device Type
- Returns the console's Product Code.
0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x85
calling from GameOS:
struct ss_aim_get_device_type {
u8 field0[16];
};
int cellSsAimGetDeviceType(out:uint8[0x10]);
0x19003 - Get Device ID
- Returns the console's IDPS.
0x00 0x00 0x00 0x01 0x00 0x89 0x00 0x0B 0x14 0x00 0xEF 0xDD 0xCA 0x25 0x52 0x66 .....‰....ïÝÊ%Rf
calling from GameOS:
struct ss_aim_get_device_id {
u8 idps[16];
};
int cellSsAimGetDeviceId(out:uint8[0x10]);
0x19004 - Get PS Code
calling from GameOS:
struct ss_aim_get_ps_code {
u8 field0[8];
};
int cellSsAimGetPsCode(out:uint8[8]);
0x19005 - Get Open PS ID
- Returns the console's OpenPSID.
calling from GameOS:
struct ss_aim_get_open_ps_id {
u8 field0[16];
};
int cellSsAimGetOpenPsId(out:uint8[0x10])
0x19006 - unkonwn
- Usage found in bdp_BDVD for example... with 1 param (= 0)
- Seems to be handled by lv2_kernel, not AIM itself.
- It looks up for qa-flag (if flagged, sets token seed to an lv2 internal buffer), fself flag & device_id.
calling from GameOS:
int syscall(867, 0x19006);
- note: this packet id doesnt need another parameter
Reverse Engineering in Lv1
Function Id: 0x19000 Port: 0x24 Process: 5
If you want to check out about it or get more things documented, consider looking at for example:
- coolstuff\hvdump315_reversing\proc_5\code_seg.idb
- coolstuff\hvdump341_reversing\proc_5\code_seg.idb
- coolstuff\hvdump355_reversing\proc_5\code_seg.idb
See also SPU_Isolated_Modules_Reverse_Engineering#aim_spu_module.