Editing Non Volatile Storage
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
Same as PS3's NVS, used for storing tokens and flags. You can access it by using the function icc_nvs_read (or by ftp'ing the respective regions with root flags server).<br> | |||
Seems that a total of 7 regions(blocks) exist in 2 banks, main bank and backup bank <br> | |||
The kernel accesses only the 5th and the 2nd region, however it's possible to read the other 5 (also the entirety of it by reading /dev/sflash0s0x34 with BUF_SIZE 0x200 from ftp ).<br> | |||
Most, if not all, of the NVS regions can be accessed also in sflash, starting with offset 0x1C4000. | |||
= Mapping of the area (NVS service) = | |||
= | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
Line 25: | Line 10: | ||
! Bank # !! Block # !! Start Offset in /dev/sflash0s0x34 !! Start Offset in Sflash !! Size !! Notes | ! Bank # !! Block # !! Start Offset in /dev/sflash0s0x34 !! Start Offset in Sflash !! Size !! Notes | ||
|- | |- | ||
| 0 || 0 || 0 || 0x1C4000 || 0x3000 || | | 0 || 0 || 0 || 0x1C4000 || 0x3000 || does not match, probably one (sflash or nvs, likely sflash) updates data | ||
|- | |- | ||
| 0 || 1 || 0x3000 || 0x1C7000 || 0x1000 || | | 0 || 1 || 0x3000 || 0x1C7000 || 0x1000 || match | ||
|- | |- | ||
| 0 || 2 || 0x4000 || 0x1C8000 || 0x800 || | | 0 || 2 || 0x4000 || 0x1C8000 || 0x800 || match, console data region | ||
|- | |- | ||
| 0 || 3 || 0x4800 || 0x1C8800 || 0x800 || | | 0 || 3 || 0x4800 || 0x1C8800 || 0x800 || match, all ffs? | ||
|- | |- | ||
| 0 || 4 || 0x5000 || 0x1C9000 || 0x3000 || | | 0 || 4 || 0x5000 || 0x1C9000 || 0x3000 || match, tokens and flags region | ||
|- | |- | ||
| 1 || 0 || 0x8000 || 0x1CC000 || 0x3000 || | | 1 || 0 || 0x8000 || 0x1CC000 || 0x3000 || match, tokens and flags region (backup) | ||
|- | |- | ||
| 1 || 1 || 0xB000 || 0x1CF000 || 0x1000 || | | 1 || 1 || 0xB000 || 0x1CF000 || 0x1000 || match | ||
|} | |} | ||
= | = Mapping of the detailed area (NVS service) = | ||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
! Bank # !! Block # !! Start Offset in /dev/ | ! Bank # !! Block # !! Start Offset in /dev/sflash0s0x34 !! Start Offset in Sflash !! Size !! Notes | ||
|- | |- | ||
| 0 || 0 || 0 || 0x1C4000 || 0x8 || | | 0 || 0 || 0 || 0x1C4000 || 0x8 || Unknown (e.g 04 01 01 01 01 01 04 01) | ||
|- | |- | ||
| 0 || 0 || | | 0 || 0 || 0x20 || 0x1C4020 || 0x6 || Unknown (e.g 02 BC 60 A7 28 83 66) | ||
|- | |- | ||
| 0 || 0 || 0x4E || 0x1C404E || 0x2 || Unknown (e.g 25 16) | | 0 || 0 || 0x4E || 0x1C404E || 0x2 || Unknown (e.g 25 16) | ||
Line 104: | Line 87: | ||
| 0 || 0 || 0xFFE || 0x1C4FFE || 0x2 || | | 0 || 0 || 0xFFE || 0x1C4FFE || 0x2 || | ||
|- | |- | ||
| 0 || 0 || 0x1000 || 0x1C5000 || | | 0 || 0 || 0x1000 || 0x1C5000 || 0x64 || | ||
|- | |- | ||
| 0 || 0 || 0x1220 || 0x1C5220 || 0x18 || | | 0 || 0 || 0x1220 || 0x1C5220 || 0x18 || | ||
Line 192: | Line 151: | ||
| 0 || 0 || 0x2000 || 0x1C6000 || 0x8 || | | 0 || 0 || 0x2000 || 0x1C6000 || 0x8 || | ||
|- | |- | ||
| 0 || 1 || | | 0 || 1 || 0x3000 || 0x1C7000 || 0x40 || | ||
|- | |- | ||
| 0 || | | 0 || 1 || 0x3040 || 0x1C7040 || 0x10 || trsw_attach (e.g 1F FF 00 00 07 FF FF 07 FF FF 00 00 00 00 00 00) | ||
|- | |- | ||
| 0 || | | 0 || 1 || 0x30A0 || 0x1C70A0 || 0x2 || get_icc_max (e.g 20 9A) | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4000 || 0x1C8000 || 0x4C || Serial Number + model Type (CUH-XXXXX), see below | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4010 || 0x1C8010 || 0x10 || SOCUID | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4030 || 0x1C8030 || 0x11 || Used in 5.05, Unique Identifier of Console, hw_info (e.g 00TS4DB00K2180050) | ||
|- | |- | ||
| 0 || | | 0 || 2 || 0x4041 || 0x1C8041 || 0x1F || Used in later firmwares, Unique Identifier of Console, hw_model (e.g DUT-DBW00JK-S0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ) | ||
|- | |- | ||
| 0 || | | 0 || 2 || 0x4060 || 0x1C8060 || 0x58 || | ||
|- | |- | ||
| 0 || | | 0 || 2 || 0x40C0 || 0x1C80C0 || 0xD || | ||
|- | |- | ||
| 0 || | | 0 || 2 || 0x4100 || 0x1C8100 || 0x20 || (e.g 00 02 F4 C1 64 E6 83 41 0C D0 8D 91 38 56 50 AE 15 3E 60 9E 70 16 17 1A 1C 18 26 25 1B 1B F5 F7) | ||
|- | |- | ||
| 0 || | | 0 || 2 || 0x47D0 || 0x1C87D0 || 0x10 || all zeroes usually (e.g 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00) | ||
|- | |- | ||
| 0 || | | 0 || 2 || 0x47F0 || 0x1C87F0 || 0x1 || (e.g 01) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5000 || 0x1C9000 || 0x20 || dipswitch flags, see below | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5000 || 0x1C9000 || 0x1 || SCE_REGMGR_ENT_KEY_DEVENV_TOOL_boot_param (FE Development Mode) (FB Assist Mode) (FF Release Mode) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5003 || 0x1C9003 || 0x1 || Memory Budget (0xFF Normal, 0xFE Large) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5005 || 0x1C9005 || 0x1 || Slow HDD Mode (0xFE ON) (0xFF OFF) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x500B || 0x1C900B || 0x1 || Unknown (0x87 on proto devkit) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5010 || 0x1C9010 || 0x1 || vsh_4K Mode (0xFE ON) (0xFF OFF) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x501F || 0x1C901F || 0x1 || ??? (e.g 7F) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5020 || 0x1C9020 || 0x1 || init_safe_mode flag (e.g F1) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5021 || 0x1C9021 || 0x1 || sysctl_machdep_cavern_dvt1_init_update | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5030 || 0x1C9030 || 0x1 || trsw_probe (01 for [ WLAN mode : FT ], else [ WLAN mode : OFF ]) also bt_sdio_probe and trs_probe | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5038 || 0x1C9038 || 0x1 || ethernet related (gbe) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5050 || 0x1C9050 || 0x1 || is_extra_clock_available_rtc_status | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5060 || 0x1C9060 || 0x4 || sdk version (e.g 00 00 50 02 (2.50 ) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5068 || 0x1C9068 || 0x4 || sdk version (e.g 00 00 05 05 (5.05 ) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5070 || 0x1C9070 || 0x4 || manu_mode related (sdk version?) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5074 || 0x1C9074 || 0x4 || Unknown (e.g. 84 72 4E 57) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x507C || 0x1C907C || 0x4 || manu_mode related (sdk version?) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5080 || 0x1C9080 || varies (0x68-0x6C) || acf token <- checked by sceSblDevActVerifyCheckExpire | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5100 || 0x1C9100 || 0x100 || sce_cam_error_put | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5200 || 0x1C9200 || varies (0x40-0x60) || scrambled/obfuscated eap hdd key <- checked by g_crypt_deferred_init, also checked by read_idstorage | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5300 || 0x1C9300 || 0x30 || sam/liverpool flags (fun stuff here) (SEE BELOW) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5301 || 0x1C9301 || 1 || unknown (01 = enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5310 || 0x1C9310 || 1 || sam_memtest (01 = enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5311 || 0x1C9311 || 1 || unknown (01 = enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5312 || 0x1C9312 || 1 || sam_rngtest (01 = enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x531F || 0x1C931F || 1 || UART boot param (setting this to 1 enables UART output on boot) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5320 || 0x1C9320 || 1 || lvp_configure_get_gddr5clk (0x14 = 500Mhz) (whatever value is here is multiplied by 0x19 to get final value) (0xED max value, 1725Mhz) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5322 || 0x1C9322 || 1 || lvp_configure_tccds | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5323 || 0x1C9323 || 1 || sam_boot_flags (anything other than FF for enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5329 || 0x1C9329 || 1 || related to lvp_config | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5400 || 0x1C9400 || 0x800 || dev/qaf/utkn region (tokens, signatures here) (SEE BELOW) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5400 || 0x1C9400 || 0x210 || token ??? | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5650 || 0x1C9650 || 0x290 || qafutkn_ioctl | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5900 || 0x1C9900 || 0x100 || acf signature | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5A00 || 0x1C9A00 || 0x190 || token ??? | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5C00 || 0x1C9C00 || 0x3C || HDD Info (e.g GHTSH ST4501019A6E08 613081DJ0124FZD129SN) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5C3C || 0x1C9C3C || 0x04 || Unknown (e.g 05 C6 0A 00) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5C40 || 0x1C9C40 || 0x130 || setPupExpirationStatus | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6000 || 0x1CA000 || 0x300 || wrappNvsRead, or regMgrNvsRead | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x600E || 0x1CA00E || 0x1 || Unknown (Not Regions) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6040 || 0x1CA040 || 0x1 || Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6300 || 0x1CA300 || 0x300 || wrappNvsRead, or regMgrNvsRead | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6600 || 0x1CA600 || 0x20 || Modes (See Below) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6600 || 0x1CA600 || 0x1 || SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_idu_mode (0x01 Enabled 0x00 or 0xFF Disabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6601 || 0x1CA601 || 0X1 || SCE_REGMGR_ENT_KEY_SYSTEM_update_mode (0xFF or 0x00 disabled) (0x10, 0x20, 0x30, 0x31, 0x32, 0x50 enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6602 || 0x1CA602 || 0x1 || SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_show_mode (0x01 Enabled 0x00 Disabled) (Testkit Only!) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6603 || 0x1CA603 || 0x1 || SCE_REGMGR_ENT_KEY_REGISTRY_recover | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6604 || 0x1CA604 || 0x4 || SCE_REGMGR_ENT_KEY_SYSTEM_soft_version (deprecated) (devkit only?) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6609 || 0x1CA609 || 0x1 || SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_arcade_mode | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x7C00 || 0x1CBC00 || 0x20 || manu mode (all zeroes for enabled, all ffs for disabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x7C40 || 0x1CBC40 || 0x20 || | ||
|- | |- | ||
| | | 0 || 4 || 0x7CC0 || 0x1CBCC0 || 0x20 || srtc_modevent | ||
|- | |- | ||
| | | ? || ? || ??? || 0x1CC31F || 1 || UART boot param (setting this to 1 enables UART output on boot) | ||
|- | |- | ||
| | | ? || ? || ??? || 0x1CF000 || 1 || ?? FF disabled 00 enabled | ||
|- | |- | ||
|} | |} |