Non Volatile Storage: Difference between revisions
Jump to navigation
Jump to search
Line 214: | Line 214: | ||
|- | |- | ||
| 0 || 4 || 0x1300 || 0x1CA300 || 0x300 || wrappNvsRead, or regMgrNvsRead | | 0 || 4 || 0x1300 || 0x1CA300 || 0x300 || wrappNvsRead, or regMgrNvsRead | ||
|- | |||
| 0 || 4 || 0x1600 || 0x1CA600 || 0x10? || Modes (See Below) | |||
|- | |- | ||
| 0 || 4 || 0x1600 || 0x1CA600 || 0x1 || IDU Mode (0x01 Enabled 0x00 Disabled) | | 0 || 4 || 0x1600 || 0x1CA600 || 0x1 || IDU Mode (0x01 Enabled 0x00 Disabled) | ||
|- | |||
| 0 || 4 || 0x1602 || 0x1CA602 || 0x1 || Exhibition Mode (0x01 Enabled 0x00 Disabled) | |||
|- | |- | ||
| 0 || 4 || 0x1601 || 0x1CA601 || 0x1F || checked by regMgrNvsSpInit | | 0 || 4 || 0x1601 || 0x1CA601 || 0x1F || checked by regMgrNvsSpInit |
Revision as of 01:05, 25 May 2022
Same as PS3's NVS, used for storing tokens and flags. You can access it by using the function icc_nvs_read (or by ftp'ing the respective regions with root flags server).
Seems that a total of 7 regions(blocks) exist in 2 banks, main bank and backup bank
The kernel accesses only the 5th and the 2nd region, however it's possible to read the other 5 (also the entirety of it by reading /dev/sflash0s0x34 with BUF_SIZE 0x200 from ftp ).
Most, if not all, of the NVS regions can be accessed also in sflash, starting with offset 0x1C4000.
Mapping of the area (NVS service)
Bank # | Block # | Start Offset in /dev/sflash0s0x34 | Start Offset in Sflash | Size | Notes |
---|---|---|---|---|---|
0 | 0 | 0 | 0x1C4000 | 0x3000 | does not match, probably one (sflash or nvs, likely sflash) updates data |
0 | 1 | 0x3000 | 0x1C7000 | 0x1000 | match |
0 | 2 | 0x4000 | 0x1C8000 | 0x800 | match, console data region |
0 | 3 | 0x4800 | 0x1C8800 | 0x800 | match, all ffs? |
0 | 4 | 0x5000 | 0x1C9000 | 0x3000 | match, tokens and flags region |
1 | 0 | 0x8000 | 0x1CC000 | 0x3000 | match, tokens and flags region (backup) |
1 | 1 | 0xB000 | 0x1CF000 | 0x1000 | match |
Mapping of the detailed area (NVS service)
Bank # | Block # | Start Offset | Start Offset in Sflash | Size | Notes |
---|---|---|---|---|---|
0 | 0 | 0 | 0x1C4000 | 0x8 | |
0 | 0 | 0x20 | 0x1C4020 | 0x6 | |
0 | 0 | 0x50 | 0x1C4050 | 0x1 | |
0 | 0 | 0x60 | 0x1C4060 | 0x5 | |
0 | 0 | 0x76 | 0x1C4076 | 0x1 | |
0 | 0 | 0x7A | 0x1C407A | 0x6 | |
0 | 0 | 0x80 | 0x1C4080 | 0x1 | |
0 | 0 | 0x96 | 0x1C4096 | 0x3 | |
0 | 0 | 0x9A | 0x1C409A | 0x2 | |
0 | 0 | 0xAC | 0x1C40AC | 0x4 | |
0 | 0 | 0x7FE | 0x1C47FE | 0x2 | |
0 | 0 | 0x801 | 0x1C4801 | 0x1 | |
0 | 0 | 0x810 | 0x1C4810 | 0x12 | |
0 | 0 | 0x84C | 0x1C484C | 0x2 | |
0 | 0 | 0x854 | 0x1C4854 | 0x2 | |
0 | 0 | 0x870 | 0x1C4870 | 0xC | |
0 | 0 | 0x8A0 | 0x1C48A0 | 0x1C | |
0 | 0 | 0xFFE | 0x1C4FFE | 0x2 | |
0 | 0 | 0x1000 | 0x1C5000 | 0x64 | |
0 | 0 | 0x1220 | 0x1C5220 | 0x18 | |
0 | 0 | 0x1240 | 0x1C5240 | 0x18 | |
0 | 0 | 0x1260 | 0x1C5260 | 0x18 | |
0 | 0 | 0x1280 | 0x1C5280 | 0x18 | |
0 | 0 | 0x12A0 | 0x1C52A0 | 0x18 | |
0 | 0 | 0x12C0 | 0x1C52C0 | 0x18 | |
0 | 0 | 0x12E0 | 0x1C52E0 | 0x18 | |
0 | 0 | 0x1300 | 0x1C5300 | 0x18 | |
0 | 0 | 0x1320 | 0x1C5320 | 0x18 | |
0 | 0 | 0x1340 | 0x1C5340 | 0x18 | |
0 | 0 | 0x1360 | 0x1C5360 | 0x18 | |
0 | 0 | 0x1380 | 0x1C5380 | 0x18 | |
0 | 0 | 0x13A0 | 0x1C53A0 | 0x18 | |
0 | 0 | 0x13C0 | 0x1C53C0 | 0x18 | |
0 | 0 | 0x13E0 | 0x1C53E0 | 0x18 | |
0 | 0 | 0x1400 | 0x1C5400 | 0x18 | |
0 | 0 | 0x1420 | 0x1C5420 | 0x18 | |
0 | 0 | 0x1440 | 0x1C5440 | 0x18 | |
0 | 0 | 0x1460 | 0x1C5460 | 0x18 | |
0 | 0 | 0x1480 | 0x1C5480 | 0x18 | |
0 | 0 | 0x14A0 | 0x1C54A0 | 0x18 | |
0 | 0 | 0x14C0 | 0x1C54C0 | 0x18 | |
0 | 0 | 0x14E0 | 0x1C54E0 | 0x18 | |
0 | 0 | 0x1500 | 0x1C5500 | 0x18 | |
0 | 0 | 0x1520 | 0x1C5520 | 0x18 | |
0 | 0 | 0x1540 | 0x1C5540 | 0x18 | |
0 | 0 | 0x1560 | 0x1C5560 | 0x18 | |
0 | 0 | 0x1580 | 0x1C5580 | 0x18 | |
0 | 0 | 0x15A0 | 0x1C55A0 | 0x18 | |
0 | 0 | 0x15C0 | 0x1C55C0 | 0x18 | |
0 | 0 | 0x2000 | 0x1C6000 | 0x8 | |
0 | 1 | 0 | 0x1C7000 | 0x40 | |
0 | 1 | 0x40 | 0x1C7040 | 0x10 | trsw_attach |
0 | 1 | 0xA0 | 0x1C70A0 | 0x2 | get_icc_max |
0 | 2 | 0 | 0x1C8000 | 0x4C | Serial Number + model Type (CUH-XXXXX), see below |
0 | 2 | 0x10 | 0x1C8010 | 0x10 | SOCUID |
0 | 2 | 0x30 | 0x1C8030 | 0x11 | Used in 5.05, Unique Identifier of Console, hw_info |
0 | 2 | 0x41 | 0x1C8041 | 0x1F | Used in later firmwares, Unique Identifier of Console, hw_model |
0 | 2 | 0x60 | 0x1C8060 | 0x58 | |
0 | 2 | 0xC0 | 0x1C80C0 | 0xD | |
0 | 2 | 0x100 | 0x1C8100 | 0x20 | |
0 | 2 | 0x7D0 | 0x1C87D0 | 0x10 | |
0 | 2 | 0x7F0 | 0x1C87F0 | 0x1 | |
0 | 4 | 0 | 0x1C9000 | 0x20 | dipswitch flags, see below |
0 | 4 | 0 | 0x1C9000 | 0x1 | Boot Parameter (FE Development Mode) (FB Assist Mode) (FF Release Mode) |
0 | 4 | 3 | 0x1C9003 | 0x1 | Memory Budget (0xFF Normal, 0xFE Large) |
0 | 4 | 5 | 0x1C9005 | 0x1 | Slow HDD Mode (0xFE ON) (0xFF OFF) |
0 | 4 | 0x10 | 0x1C9010 | 0x10 | devact_ioctl related, PassCode? |
0 | 4 | 0x20 | 0x1C9020 | 0x1 | init_safe_mode flag |
0 | 4 | 0x21 | 0x1C9021 | 0x1 | sysctl_machdep_cavern_dvt1_init_update |
0 | 4 | 0x30 | 0x1C9030 | 0x1 | trsw_probe (01 for [ WLAN mode : FT ], else [ WLAN mode : OFF ]) also bt_sdio_probe and trs_probe |
0 | 4 | 0x38 | 0x1C9038 | 0x1 | ethernet related (gbe) |
0 | 4 | 0x50 | 0x1C9050 | 0x1 | is_extra_clock_available_rtc_status |
0 | 4 | 0x66 | 0x1C9066 | 0x1 | ??? |
0 | 4 | 0x70 | 0x1C9070 | 0x4 | manu_mode related (sdk version?) |
0 | 4 | 0x70 | 0x1C9074 | 0x4 | manu_mode related (sdk version?) |
0 | 4 | 0x80 | 0x1C9080 | varies (0x68-0x6C) | acf token <- checked by sceSblDevActVerifyCheckExpire |
0 | 4 | 0x100 | 0x1C9100 | 0x100 | sce_cam_error_put |
0 | 4 | 0x200 | 0x1C9200 | varies (0x40-0x60) | scrambled/obfuscated eap hdd key <- checked by g_crypt_deferred_init, also checked by read_idstorage |
0 | 4 | 0x301 | 0x1C9301 | 1 | unknown (01 = enabled) |
0 | 4 | 0x311 | 0x1C9311 | 1 | unknown (01 = enabled) |
0 | 4 | 0x31F | 0x1C931F | 1 | UART boot param? (setting this to 1 enables UART output on boot) |
0 | 4 | 0x320 | 0x1C9320 | 1 | lvp_configure_get_gddr5clk |
0 | 4 | 0x322 | 0x1C9322 | 1 | lvp_configure_tccds |
0 | 4 | 0x329 | 0x1C9329 | 1 | related to lvp_config |
1 | 4 | 0x400 | 0x1C9400 | 0x210 | token ??? |
1 | 4 | 0x650 | 0x1C9650 | 0x290 | qafutkn_ioctl |
0 | 4 | 0x900 | 0x1C9900 | 0x100 | acf signature |
1 | 4 | 0xA00 | 0x1C9A00 | 0x190 | token ??? |
0 | 4 | 0xC40 | 0x1C9C40 | 0x130 | setPupExpirationStatus |
0 | 4 | 0x1000 | 0x1CA000 | 0x300 | wrappNvsRead, or regMgrNvsRead |
0 | 4 | 0x1040 | 0x1CA040 | 0x1 | Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept) |
0 | 4 | 0x1300 | 0x1CA300 | 0x300 | wrappNvsRead, or regMgrNvsRead |
0 | 4 | 0x1600 | 0x1CA600 | 0x10? | Modes (See Below) |
0 | 4 | 0x1600 | 0x1CA600 | 0x1 | IDU Mode (0x01 Enabled 0x00 Disabled) |
0 | 4 | 0x1602 | 0x1CA602 | 0x1 | Exhibition Mode (0x01 Enabled 0x00 Disabled) |
0 | 4 | 0x1601 | 0x1CA601 | 0x1F | checked by regMgrNvsSpInit |
0 | 4 | 0x2C00 | 0x1CBC00 | 0x20 | manu mode (all zeroes for enabled, all ffs for disabled) |
0 | 4 | 0x2C40 | 0x1CBC40 | 0x20 | |
0 | 4 | 0x2CC0 | 0x1CBCC0 | 0x20 | srtc_modevent |
? | ? | ??? | 0x1CC31F | 1 | unknown (01 = enabled) |