Description

AIM (Appliance Info Manager) is a Process socket service supported by the hypervisor (lv1).

It is used to retrieve the IDPS, Target ID, Open PSID and PS Code from the EID0 data that is passed in.

Responsible is the isolated SPU module aim_spu_module.self from CoreOS / Flash.

This service is accessible from GameOS via syscall 867 and requires 0x40 Root flag (Capability Flags) set in Plaintext Capability Header.

internally loaded@ss_server2.fself
Function Id : 0x19000
Port:	      0x24

0x19000 - AIM

0x19002 - Get Device Type

• Returns the console's Product Code.

0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x85

calling from GameOS:

struct ss_aim_get_device_type {
    u8 field0[16];
};

int cellSsAimGetDeviceType(out:uint8[0x10]);

0x19003 - Get Device ID

• Returns the console's IDPS.

0x00 0x00 0x00 0x01 0x00 0x89 0x00 0x0B 0x14 0x00 0xEF 0xDD 0xCA 0x25 0x52 0x66  .....‰....ïÝÊ%Rf

calling from GameOS:

struct ss_aim_get_device_id {
    u8 idps[16];
};

int cellSsAimGetDeviceId(out:uint8[0x10]);

0x19004 - Get PS Code

• Returns the console's PSCode. See [1].

calling from GameOS:

struct ss_aim_get_ps_code {
    u8 field0[8];
};

int cellSsAimGetPsCode(out:uint8[8]);

0x19005 - Get Open PS ID

• Returns the console's OpenPSID.

calling from GameOS:

struct ss_aim_get_open_ps_id {
    u8 field0[16];
};

int cellSsAimGetOpenPsId(out:uint8[0x10])

I would be interested to know your prices Hope to hear back from you soon. If you have any deals for bulk purchases please add them in the quotation Warm regards,

Reverse Engineering in Lv1

Function Id: 0x19000
Port:	      0x24
Process:      5

If you want to check out about it or get more things documented, consider looking at for example:

• coolstuff\hvdump315_reversing\proc_5\code_seg.idb
• coolstuff\hvdump341_reversing\proc_5\code_seg.idb
• coolstuff\hvdump355_reversing\proc_5\code_seg.idb

See also SPU_Isolated_Modules_Reverse_Engineering#aim_spu_module.

v e Reverse engineering General Bluedisk EID0 reDRM · Boot Order · Boot Memory Type · Bugs & Vulnerabilities · Dumping Bootldr · Dumping Metldr · Files on the PS3 · KaKaRoTo_Kind_of_´Jailbreak´ · PS3Cobra Payload Reverse Engineering · PS3UserCheat · QA Flagging · ReDRM / Piracy dongles · Revoke List · RSOD Fix‎ · rtcalarm.dat · Whitelisting · VTRM Hypervisor Hypervisor Reverse Engineering · Repository Nodes Services Appliance Information Manager · AV Manager · Dispatcher Manager · Factory Data Manager · Indi Info Manager · SB Manager · SC Manager · Secure LPAR Loader · Secure Profile Loader · Secure RTC Manager · Security Policy Manager · Storage Manager · Update Manager · Updater Frontend · USB Dongle Authenticator · User Token Manager · Virtual TRM Manager Plugin Interfaces ap_plugin · audioplayer_plugin · audiop_plugin_dummy · audiop_plugin_mini · auth_plugin · autodownload_plugin · autoupdateconf_plugin · avc_plugin · avc_util · avc2_game_plugin · avc2_game_video_plugin · avc2_text_plugin · bdp_disccheck_plugin · bdp_plugin · bdp_storage_plugin · campaign_plugin · category_setting_plugin · comboplay_plugin · custom_render_plugin · data_copy_plugin · deviceconf_plugin · dlna_plugin · download_plugin · dtcpip_util · edy_plugin · esehttp · eseibrd · eseidle · eselock · eula_cddb_plugin · eula_hcopy_plugin · eula_net_plugin · explore_plugin · explore_plugin_ft · explore_plugin_game · explore_plugin_np · filecopy_plugin · friendim_plugin · friendml_plugin · friendtrophy_plugin · game_ext_plugin · game_indicator_plugin · game_plugin · gamedata_plugin · gamelib_plugin · gameupdate_plugin · hknw_plugin · idle_plugin · impose_plugin · kensaku_plugin · msgdialog_plugin · mtpinitiator_plugin · musicbrowser_plugin · nas_plugin · netconf_plugin · newstore_plugin · np_eula_plugin · np_matching_plugin · np_multisignin_plugin · np_sns_plugin · npsignin_plugin · np_trophy_ingame · np_trophy_plugin · osk · oskfullkeypanel · oskpanel · pesm_plugin · photo_network_sharing_plugin · photolist_plugin · photoviewer_plugin · playlist_plugin · poweroff_plugin · premo_plugin · premo_game_plugin · print_plugin · profile_plugin · ps3_savedata_plugin · ps3_savedata_plugin_game · ps3_savedata_plugin_psp · rec_plugin · regcam_plugin · remotedownload_plugin · sacd_plugin · scenefolder_plugin · screenshot_plugin · software_update_plugin · soundvisualizer_plugin · strviewer_plugin · sysconf_plugin · system_plugin · thumthum_plugin · upload_util · user_info_plugin · user_plugin · videodownloader_plugin · videoeditor_plugin · videoplayer_util · videoplayer_plugin · vmc_savedata_plugin · wboard_plugin · webbrowser_plugin · webbrowser_service · webrender_plugin · xai_plugin · xmb_ingame · xmb_plugin Emulation PS1 Emulation · PS2 Emulation · PSP Emulation Extended features Printer support · Remote Play · String Viewer · Web Browser · XMB In-game background music · PS3 and PSVita Cross Functions · Widgets · Life with PlayStation · PlayView · XMB Manuals Online Consoleban · Environments · Online Connections · PSN · PSN Handshake Signup · X-I-5-Ticket Hardware SC SC Communication · SC EEPROM · Remarry Syscon · Syscon Thermal Configs · Syscon SPI CELL Cell Configuration Ring · CELL Reset Exploit · CellBE Hardware Implementation Registers · Unlocking the 8th SPE · SPU Isolated Modules Reverse Engineering · SPU LS Overflow Exploit RAM XDR Configuration · Rambus Registers SB ENCDEC Device Reverse Engineering HDD HDD Encryption BD Bluray disc · Basic Bluray disc authentication procedure · BD Drive Reverse Engineering · Disc Identification/Serialization Data · ODE · Remarry Bluray Drive Tools IDA pro disassembler and debugger · CCAPI · 0x000EAEB0 · Ps3.xml · Nids.txt · Nids all.txt · Unknown nids.txt · Fnids.idh Strings files emer_init · aim spu module‎ · lv1‎ · hdd_copy · eurus_fw · lv0 · factory data mngr dumps lv2 dump (Rebug 4.46) · lv1 dump (Rebug 4.46) · bootldr dump (2.70) · Network Loading of lv1ldr and above executables Reference Archaic · Drk_notes · Canaries Keys & Seeds Keys · Per Console Keys · Fail Keys · Seeds · ECDSA binaries · AES binaries · DES binaries · Cryptography Tricks