Editing IOCTL

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
In computing, ioctl (an abbreviation of input/output control) is a system call for device-specific input/output operations and other operations which cannot be expressed by regular file semantics. It takes a parameter specifying a request code; the effect of a call depends completely on the request code. Request codes are often device-specific. For instance, a CD-ROM device driver which can instruct a physical device to eject a disc would provide an ioctl request code to do so. Device-independent request codes are sometimes used to give usermode access to kernel functions which are only used by core system software or still under development.
See also [https://en.wikipedia.org/wiki/Ioctl wikipedia page about IOCTL].
See also [[Devices]] and [https://www.psdevwiki.com/ps5/IOCTL PS5 IOCTL]s.
= Description =
= Description =


Line 31: Line 25:
</pre>
</pre>


= List of IOCTL by kernel device =
= List =


== npdrm ==
* Thanks to SocraticBliss for the names.
 
<pre>
C0404E03 npdrm_decrypt_isolated_rif
C0404E02 npdrm_decrypt_disc_rif
C0404E01 npdrm_decrypt_kds_rif
</pre>
 
== sbl ==


=== pup_update / sc_fw_update ===
=== pup_update / sc_fw_update ===
Line 51: Line 37:
C0184404 decrypt_pup_segment
C0184404 decrypt_pup_segment
C0284405 decrypt_pup_segment_block
C0284405 decrypt_pup_segment_block
80014406 set_partion_updated ?typo for partition?
80014406 set_partion_updated
20004407 switch_bank
20004407 switch_bank
C0104408 ?unknown name?
C0284409 decrypt_pup_header_with_response
C0284409 decrypt_pup_header_with_response
C010440A generate_challenge
C010440A generate_challenge
Line 61: Line 46:
</pre>
</pre>


=== crepo ===
=== dmem ===


<pre>
<pre>
400C4302 sceSblCryptReleaseContext
C0288001 allocate_direct_memory
C00C4303 crepo_get_sign_crypt_handle
80108002 release_direct_memory
C00C4304 crepo_get_encdec_cryp_handle
80188003 set_direct_memory_type
C0208004 get_direct_memory_type
2000800B clear_game_direct_memory
C018800E (suspend/resume)_direct_memory_release
C018800F protect_direct_memory
C0288010 allocate_direct_memory_for_mini_app
C0288011 allocate_main_direct_memory
80288012 direct_memory_query
80108015 checked_release_direct_memory
</pre>
</pre>


=== sealedkey / devact / idata ===
=== dipsw_dev ===


<pre>
<pre>
40845301 sceSblSsGenerateSealedKey
20008800 sceKernelInitializeDipsw
C0845302 sceSblSsDecryptSealedKey
80028801 sceKernelSetDipsw
40105303 sceSblDevActSetStatus
80028802 sceKernelUnsetDipsw
C0205364 sceSblIdataGetCprm
C0088803 sceKernelCheckDipsw
C0205365 sceSblIdataGetHddKey
80108804 sceKernelReadDipswData
C0205366 sceSblIdataGetEapHddKey
80108805 sceKernelWriteDipswData
C0205367 sceSblIdataGetCprm
40048806 sceKernelCheckDipsw
C0205368 sceSblIdataGetChallenge
C0205369 sceSblIdataVeriResponse
C020536A manu_mode_sm_start
C020536B sceSblIdataGetManuMode
C020536C sceSblIdataSetManuMode
C020536D manu_mode_sm_exit
C020536E isSpecialWake
</pre>
 
=== encdec ===
 
<pre>
C0284501 sceSblSsDecryptWithPortability
</pre>
 
=== manu_mode_mgr ===
 
<pre>
C0205364 _sceSblIdataGetCprm
C0205365 _sceSblIdataGetHddKey
C0205366 _sceSblIdataGetEapHddKey
C0205367 _sceSblIdataGetCprm
C0205368 _sceSblIdataGetChallenge
C0205369 _sceSblIdataVeriResponse
C020536A manu_mode_sm_start
C020536B _sceSblIdataGetManuMode
C020536C _sceSblIdataSetManuMode
C020536D manu_mode_sm_exit
</pre>
</pre>
=== pfsctl ===
<pre>
80709101 pfs_format
80049102 pfs_sbram_clear_useflag
80389103 pfs_img_compaction
20009104 pfs_img_compaction_cancel
80289105 pfs_sbram_write_metadata
C0389106 pfs_img_clean
80389107 pfs_img_clean_cancel
C0309108 pfs_sbram_get_header
20009109 pfs_sbram_init
</pre>
=== pfs ===
<pre>
C03866A7 pfs_get_data_chunks
80089167
80209168 pfs_allocate_full_icv_cache
80089169 pfs_cmp_get_offset_aio
8080916A
</pre>
== av_control ==
=== av_control ===
<pre>
C0089A01 enable_crtc_ioctl
C0089A02 blank_crtc_ioctl
C0089A03 enable_display_data_request_ioctl
C0089A04 set_double_buff_cntl_ioctl
C0089A05 set_master_update_lock_ioctl
C0089A06 enable_dcfe_clock_ioctl
C0189A07 set_crtc_timing_ioctl
C0089A08 enable_crtc_prefetch_ioctl
C0089A09 set_early_control_ioctl
20009A0A cancel_vga_ioctl
C0049A0C setup_audiopll_ioctl
C0109A0D setup_pixelpll_ioctl
C0109A0E setup_dispclk_ioctl
C0189A0F dp_on_ioctl
C0189A10 dp_off_ioctl
C0089A13 set_pixel_encoding_ioctl
C0089A14 set_subsampling_mode_ioctl
C0089A15 set_truncation_depth_ioctl
C0109A16 set_fmt_spatial_dither_ioctl
C00C9A17 enable_fmt_crc_ioctl
C0109A18 get_fmt_crc_ioctl
C0109A19 set_clamp_ioctl
C0089A1A enable_fmt_truncate_ioctl
C0049A1B disable_fmt_truncate_ioctl
C0089A1C set_formatter_src_ioctl
C0089A1D set_truncation_mode_ioctl
C0089A1E enable_pti_ioctl
C0089A1F dvo_on_ioctl
20009A20 dvo_off_ioctl
</pre>
== bt ==
=== bt_dev ===
<pre>
C0106206 bt_reg_name_lookup
80206216 bt_audio_send_req
80206217 bt_audio_recv_req
20046204 sceBtStartInquiry
20046205 sceBtStopInquiry
80186201 get_registered_info
80186207 reply_pin_code
80106227 bt_get_jedi_vol_gain
80106228 bt_set_jedi_vol_gain
80106208 sceBtReplyUserConfirmation
8004622A sceBtStartMode
80086225
80086202 bt_reg_delete
80086203 sceBtGetConnectingInfo
8008620A sceBtStartConnect
8008620B sceBtStartDisconnect
80086213 bt_avctp_read_volume
8008621A
8008621D
20046226
</pre>
== hdmi ==


=== hdmi ===
=== hdmi ===
Line 221: Line 97:
C0048D20 sceHdmiCecSetStandyResult
C0048D20 sceHdmiCecSetStandyResult
</pre>
</pre>
== camera ==


=== luke ===
=== luke ===
?none?
== Unclassified ==
=== gbase ===
<pre>
C0044507 sceKernelSetBaseModeClock
C0044508 sceKernelSetGpuCu
C0044511 sceKernelSetMemoryPstate
40084516 sceKernelGetMemoryPstate
</pre>
=== dmem ===
<pre>
C0288001 allocate_direct_memory
80108002 release_direct_memory
80188003 set_direct_memory_type
C0208004 get_direct_memory_type
2000800B clear_game_direct_memory
C018800E (suspend/resume)_direct_memory_release
C018800F protect_direct_memory
C0288010 allocate_direct_memory_for_mini_app
C0288011 allocate_main_direct_memory
80288012 direct_memory_query
80108015 checked_release_direct_memory
</pre>
=== dbggc ===
<pre>
C0088500 gbase_read_register
C0088501 gbase_write_register
C0048502 gbase_dump_map
</pre>
=== twsi ===
<pre>
C0188601 read_twsi
C0188602 write_twsi
</pre>
=== metadbg ===
<pre>
C0888763 metadbg_call0
</pre>
=== dipsw_dev ===
<pre>
20008800 sceKernelInitializeDipsw
80028801 sceKernelSetDipsw
80028802 sceKernelUnsetDipsw
C0088803 sceKernelCheckDipsw
80108804 sceKernelReadDipswData
80108805 sceKernelWriteDipswData
40048806 sceKernelCheckDipsw
</pre>


=== icc_fan ===
=== icc_fan ===


<pre>
<pre>
C0168F01 eval_fan_id
C0048F04
C0068F06 get_fan_manual_duty
C0068F06 get_fan_manual_duty
C01C8F07
C01C8F08
C0148F09
</pre>
</pre>


=== icc_thermal ===
=== icc_thermal ===
=== pfs ===


<pre>
<pre>
C0169001
80709101 pfs_format
C0169002
80049102 pfs_sbram_clear_useflag
80389103 pfs_img_compaction
20009104 pfs_img_compaction_cancel
80289105 pfs_sbram_write_metadata
C0389106 pfs_img_clean
80389107 pfs_img_clean_cancel
C0309108 pfs_sbram_get_header
20009109 pfs_sbram_init
</pre>
</pre>


Line 311: Line 127:
C0029203 icc_configuration_get_cpu_info_bit
C0029203 icc_configuration_get_cpu_info_bit
80029204 icc_configuration_set_cpu_info_bit
80029204 icc_configuration_set_cpu_info_bit
20009205
20009205 icc_configuration_get_download_mode
80019206 icc_configuration_set_download_mode
80019206 icc_configuration_set_download_mode
40019207 icc_configuration_get_cp_mode
40019207 icc_configuration_get_cp_mode
80019208 icc_configuration_set_cp_mode
80019208 icc_configuration_set_cp_mode
</pre>
</pre>
=== uipc_control ===


=== icc_indicator ===
=== icc_indicator ===
Line 331: Line 149:
2000950A icc_indicator_set_dynamic_led_standby_boot
2000950A icc_indicator_set_dynamic_led_standby_boot
</pre>
</pre>
=== sce_exfatfs_vop ===


=== icc_nvs ===
=== icc_nvs ===
Line 347: Line 167:
C0109905 icc_power_get_operating_time
C0109905 icc_power_get_operating_time
20009906 icc_power_set_bootup_at_poweron
20009906 icc_power_set_bootup_at_poweron
</pre>
=== av_control ===
<pre>
C0089A01 enable_crtc_ioctl
C0089A02 blank_crtc_ioctl
C0089A03 enable_display_data_request_ioctl
C0089A04 set_double_buff_cntl_ioctl
C0089A05 set_master_update_lock_ioctl
C0089A06 enable_dcfe_clock_ioctl
C0189A07 set_crtc_timing_ioctl
C0089A08 enable_crtc_prefetch_ioctl
C0089A09 set_early_control_ioctl
20009A0A cancel_vga_ioctl
C0049A0C setup_audiopll_ioctl
C0109A0D setup_pixelpll_ioctl
C0109A0E setup_dispclk_ioctl
C0189A0F dp_on_ioctl
C0189A10 dp_off_ioctl
C0089A13 set_pixel_encoding_ioctl
C0089A14 set_subsampling_mode_ioctl
C0089A15 set_truncation_depth_ioctl
C0109A16 set_fmt_spatial_dither_ioctl
C00C9A17 enable_fmt_crc_ioctl
C0109A18 get_fmt_crc_ioctl
C0109A19 set_clamp_ioctl
C0089A1A enable_fmt_truncate_ioctl
C0049A1B disable_fmt_truncate_ioctl
C0089A1C set_formatter_src_ioctl
C0089A1D set_truncation_mode_ioctl
C0089A1E enable_pti_ioctl
C0089A1F dvo_on_ioctl
20009A20 dvo_off_ioctl
</pre>
</pre>


Line 367: Line 221:
40019C08 icc_device_power_get_bd_power_state
40019C08 icc_device_power_get_bd_power_state
</pre>
</pre>
=== uipc_control ===
?none?
=== sce_exfatfs_vop ===
?none?


=== sbi ===
=== sbi ===
Line 383: Line 229:
</pre>
</pre>


* Thanks to SocraticBliss for the names.
=== gbase ===
 
<pre>
C0044507 sceKernelSetBaseModeClock
C0044508 sceKernelSetGpuCu
C0044511 sceKernelSetMemoryPstate
40084516 sceKernelGetMemoryPstate
</pre>


= Finding the IOCTL handler address for a device in kernel =
=== idata ===


# Find a string of the device name in kernel.
<pre>
# There should be only two cross-references from function: make_dev and mutex_init. make_dev is the interesting one.
C0205364 sceSblIdataGetCprm
# The structure before the device string is what we want to look.
C0205365 sceSblIdataGetHddKey
# Follow the structure then go to the very last offset of the structure. It is the handler function in charge of IOCTLs for that device.
C0205366 sceSblIdataGetEapHddKey
C0205367 sceSblIdataGetCprm
C0205368 sceSblIdataGetChallenge
C0205369 sceSblIdataVeriResponse
C020536A manu_mode_sm_start
C020536B sceSblIdataGetManuMode
C020536C sceSblIdataSetManuMode
C020536D manu_mode_sm_exit
C020536E isSpecialWake
</pre>
</pre>


{{Reverse Engineering}}
{{Reverse Engineering}}
<noinclude>
<noinclude>[[Category:Main]]</noinclude>
[[Category:Main]]
</noinclude>
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)