Non Volatile Storage: Difference between revisions
Jump to navigation
Jump to search
| Line 131: | Line 131: | ||
| 0 || 0 || 0x2000 || 0x1C6000 || 0x8 || | | 0 || 0 || 0x2000 || 0x1C6000 || 0x8 || | ||
|- | |- | ||
| 0 || 1 || | | 0 || 1 || 0x3000 || 0x1C7000 || 0x40 || | ||
|- | |- | ||
| 0 || 1 || | | 0 || 1 || 0x3040 || 0x1C7040 || 0x10 || trsw_attach | ||
|- | |- | ||
| 0 || 1 || | | 0 || 1 || 0x30A0 || 0x1C70A0 || 0x2 || get_icc_max | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4000 || 0x1C8000 || 0x4C || Serial Number + model Type (CUH-XXXXX), see below | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4010 || 0x1C8010 || 0x10 || SOCUID | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4030 || 0x1C8030 || 0x11 || Used in 5.05, Unique Identifier of Console, hw_info | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4041 || 0x1C8041 || 0x1F || Used in later firmwares, Unique Identifier of Console, hw_model | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4060 || 0x1C8060 || 0x58 || | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x40C0 || 0x1C80C0 || 0xD || | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x4100 || 0x1C8100 || 0x20 || | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x47D0 || 0x1C87D0 || 0x10 || all zeroes usually | ||
|- | |- | ||
| 0 || 2 || | | 0 || 2 || 0x47F0 || 0x1C87F0 || 0x1 || | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5000 || 0x1C9000 || 0x20 || dipswitch flags, see below | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5000 || 0x1C9000 || 0x1 || SCE_REGMGR_ENT_KEY_DEVENV_TOOL_boot_param (FE Development Mode) (FB Assist Mode) (FF Release Mode) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5003 || 0x1C9003 || 0x1 || Memory Budget (0xFF Normal, 0xFE Large) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5005 || 0x1C9005 || 0x1 || Slow HDD Mode (0xFE ON) (0xFF OFF) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x500B || 0x1C900B || 0x1 || Unknown (0x87 on proto devkit) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5010 || 0x1C9010 || 0x1 || vsh_4K Mode (0xFE ON) (0xFF OFF) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5020 || 0x1C9020 || 0x1 || init_safe_mode flag | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5021 || 0x1C9021 || 0x1 || sysctl_machdep_cavern_dvt1_init_update | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5030 || 0x1C9030 || 0x1 || trsw_probe (01 for [ WLAN mode : FT ], else [ WLAN mode : OFF ]) also bt_sdio_probe and trs_probe | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5038 || 0x1C9038 || 0x1 || ethernet related (gbe) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5050 || 0x1C9050 || 0x1 || is_extra_clock_available_rtc_status | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5066 || 0x1C9066 || 0x1 || ??? | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5070 || 0x1C9070 || 0x4 || manu_mode related (sdk version?) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5074 || 0x1C9074 || 0x4 || manu_mode related (sdk version?) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5080 || 0x1C9080 || varies (0x68-0x6C) || acf token <- checked by sceSblDevActVerifyCheckExpire | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5100 || 0x1C9100 || 0x100 || sce_cam_error_put | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5200 || 0x1C9200 || varies (0x40-0x60) || scrambled/obfuscated eap hdd key <- checked by g_crypt_deferred_init, also checked by read_idstorage | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5301 || 0x1C9301 || 1 || unknown (01 = enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5311 || 0x1C9311 || 1 || unknown (01 = enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x531F || 0x1C931F || 1 || UART boot param? (setting this to 1 enables UART output on boot) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5320 || 0x1C9320 || 1 || lvp_configure_get_gddr5clk | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5322 || 0x1C9322 || 1 || lvp_configure_tccds | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5329 || 0x1C9329 || 1 || related to lvp_config | ||
|- | |- | ||
| | | 0 || 4 || 0x5400 || 0x1C9400 || 0x210 || token ??? | ||
|- | |- | ||
| | | 0 || 4 || 0x5650 || 0x1C9650 || 0x290 || qafutkn_ioctl | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5900 || 0x1C9900 || 0x100 || acf signature | ||
|- | |- | ||
| | | 0 || 4 || 0x5A00 || 0x1C9A00 || 0x190 || token ??? | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x5C40 || 0x1C9C40 || 0x130 || setPupExpirationStatus | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6000 || 0x1CA000 || 0x300 || wrappNvsRead, or regMgrNvsRead | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x600E || 0x1CA00E || 0x1 || Unknown (Not Regions) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6040 || 0x1CA040 || 0x1 || Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6300 || 0x1CA300 || 0x300 || wrappNvsRead, or regMgrNvsRead | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6600 || 0x1CA600 || 0x20 || Modes (See Below) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6600 || 0x1CA600 || 0x1 || SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_idu_mode (0x01 Enabled 0x00 or 0xFF Disabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6601 || 0x1CA601 || 0X1 || SCE_REGMGR_ENT_KEY_SYSTEM_update_mode (0xFF or 0x00 disabled) (0x10, 0x20, 0x30, 0x31, 0x32, 0x50 enabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6602 || 0x1CA602 || 0x1 || SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_show_mode (0x01 Enabled 0x00 Disabled) (Testkit Only!) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6603 || 0x1CA603 || 0x1 || SCE_REGMGR_ENT_KEY_REGISTRY_recover | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6604 || 0x1CA604 || 0x4 || SCE_REGMGR_ENT_KEY_SYSTEM_soft_version (deprecated) (devkit only?) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x6609 || 0x1CA609 || 0x1 || SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_arcade_mode | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x7C00 || 0x1CBC00 || 0x20 || manu mode (all zeroes for enabled, all ffs for disabled) | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x7C40 || 0x1CBC40 || 0x20 || | ||
|- | |- | ||
| 0 || 4 || | | 0 || 4 || 0x7CC0 || 0x1CBCC0 || 0x20 || srtc_modevent | ||
|- | |- | ||
| ? || ? || ??? || 0x1CC31F || 1 || unknown (01 = enabled) | | ? || ? || ??? || 0x1CC31F || 1 || unknown (01 = enabled) | ||
Revision as of 15:39, 16 March 2023
Same as PS3's NVS, used for storing tokens and flags. You can access it by using the function icc_nvs_read (or by ftp'ing the respective regions with root flags server).
Seems that a total of 7 regions(blocks) exist in 2 banks, main bank and backup bank
The kernel accesses only the 5th and the 2nd region, however it's possible to read the other 5 (also the entirety of it by reading /dev/sflash0s0x34 with BUF_SIZE 0x200 from ftp ).
Most, if not all, of the NVS regions can be accessed also in sflash, starting with offset 0x1C4000.
Mapping of the area (NVS service)
| Bank # | Block # | Start Offset in /dev/sflash0s0x34 | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 0 | 0 | 0 | 0x1C4000 | 0x3000 | does not match, probably one (sflash or nvs, likely sflash) updates data |
| 0 | 1 | 0x3000 | 0x1C7000 | 0x1000 | match |
| 0 | 2 | 0x4000 | 0x1C8000 | 0x800 | match, console data region |
| 0 | 3 | 0x4800 | 0x1C8800 | 0x800 | match, all ffs? |
| 0 | 4 | 0x5000 | 0x1C9000 | 0x3000 | match, tokens and flags region |
| 1 | 0 | 0x8000 | 0x1CC000 | 0x3000 | match, tokens and flags region (backup) |
| 1 | 1 | 0xB000 | 0x1CF000 | 0x1000 | match |
Mapping of the detailed area (NVS service)
| Bank # | Block # | Start Offset | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 0 | 0 | 0 | 0x1C4000 | 0x8 | |
| 0 | 0 | 0x20 | 0x1C4020 | 0x6 | |
| 0 | 0 | 0x50 | 0x1C4050 | 0x1 | |
| 0 | 0 | 0x60 | 0x1C4060 | 0x5 | |
| 0 | 0 | 0x76 | 0x1C4076 | 0x1 | |
| 0 | 0 | 0x7A | 0x1C407A | 0x6 | |
| 0 | 0 | 0x80 | 0x1C4080 | 0x1 | |
| 0 | 0 | 0x96 | 0x1C4096 | 0x3 | |
| 0 | 0 | 0x9A | 0x1C409A | 0x2 | |
| 0 | 0 | 0xAC | 0x1C40AC | 0x4 | |
| 0 | 0 | 0x7FE | 0x1C47FE | 0x2 | |
| 0 | 0 | 0x801 | 0x1C4801 | 0x1 | |
| 0 | 0 | 0x810 | 0x1C4810 | 0x12 | |
| 0 | 0 | 0x84C | 0x1C484C | 0x2 | |
| 0 | 0 | 0x854 | 0x1C4854 | 0x2 | |
| 0 | 0 | 0x870 | 0x1C4870 | 0xC | |
| 0 | 0 | 0x8A0 | 0x1C48A0 | 0x1C | |
| 0 | 0 | 0xFFE | 0x1C4FFE | 0x2 | |
| 0 | 0 | 0x1000 | 0x1C5000 | 0x64 | |
| 0 | 0 | 0x1220 | 0x1C5220 | 0x18 | |
| 0 | 0 | 0x1240 | 0x1C5240 | 0x18 | |
| 0 | 0 | 0x1260 | 0x1C5260 | 0x18 | |
| 0 | 0 | 0x1280 | 0x1C5280 | 0x18 | |
| 0 | 0 | 0x12A0 | 0x1C52A0 | 0x18 | |
| 0 | 0 | 0x12C0 | 0x1C52C0 | 0x18 | |
| 0 | 0 | 0x12E0 | 0x1C52E0 | 0x18 | |
| 0 | 0 | 0x1300 | 0x1C5300 | 0x18 | |
| 0 | 0 | 0x1320 | 0x1C5320 | 0x18 | |
| 0 | 0 | 0x1340 | 0x1C5340 | 0x18 | |
| 0 | 0 | 0x1360 | 0x1C5360 | 0x18 | |
| 0 | 0 | 0x1380 | 0x1C5380 | 0x18 | |
| 0 | 0 | 0x13A0 | 0x1C53A0 | 0x18 | |
| 0 | 0 | 0x13C0 | 0x1C53C0 | 0x18 | |
| 0 | 0 | 0x13E0 | 0x1C53E0 | 0x18 | |
| 0 | 0 | 0x1400 | 0x1C5400 | 0x18 | |
| 0 | 0 | 0x1420 | 0x1C5420 | 0x18 | |
| 0 | 0 | 0x1440 | 0x1C5440 | 0x18 | |
| 0 | 0 | 0x1460 | 0x1C5460 | 0x18 | |
| 0 | 0 | 0x1480 | 0x1C5480 | 0x18 | |
| 0 | 0 | 0x14A0 | 0x1C54A0 | 0x18 | |
| 0 | 0 | 0x14C0 | 0x1C54C0 | 0x18 | |
| 0 | 0 | 0x14E0 | 0x1C54E0 | 0x18 | |
| 0 | 0 | 0x1500 | 0x1C5500 | 0x18 | |
| 0 | 0 | 0x1520 | 0x1C5520 | 0x18 | |
| 0 | 0 | 0x1540 | 0x1C5540 | 0x18 | |
| 0 | 0 | 0x1560 | 0x1C5560 | 0x18 | |
| 0 | 0 | 0x1580 | 0x1C5580 | 0x18 | |
| 0 | 0 | 0x15A0 | 0x1C55A0 | 0x18 | |
| 0 | 0 | 0x15C0 | 0x1C55C0 | 0x18 | |
| 0 | 0 | 0x2000 | 0x1C6000 | 0x8 | |
| 0 | 1 | 0x3000 | 0x1C7000 | 0x40 | |
| 0 | 1 | 0x3040 | 0x1C7040 | 0x10 | trsw_attach |
| 0 | 1 | 0x30A0 | 0x1C70A0 | 0x2 | get_icc_max |
| 0 | 2 | 0x4000 | 0x1C8000 | 0x4C | Serial Number + model Type (CUH-XXXXX), see below |
| 0 | 2 | 0x4010 | 0x1C8010 | 0x10 | SOCUID |
| 0 | 2 | 0x4030 | 0x1C8030 | 0x11 | Used in 5.05, Unique Identifier of Console, hw_info |
| 0 | 2 | 0x4041 | 0x1C8041 | 0x1F | Used in later firmwares, Unique Identifier of Console, hw_model |
| 0 | 2 | 0x4060 | 0x1C8060 | 0x58 | |
| 0 | 2 | 0x40C0 | 0x1C80C0 | 0xD | |
| 0 | 2 | 0x4100 | 0x1C8100 | 0x20 | |
| 0 | 2 | 0x47D0 | 0x1C87D0 | 0x10 | all zeroes usually |
| 0 | 2 | 0x47F0 | 0x1C87F0 | 0x1 | |
| 0 | 4 | 0x5000 | 0x1C9000 | 0x20 | dipswitch flags, see below |
| 0 | 4 | 0x5000 | 0x1C9000 | 0x1 | SCE_REGMGR_ENT_KEY_DEVENV_TOOL_boot_param (FE Development Mode) (FB Assist Mode) (FF Release Mode) |
| 0 | 4 | 0x5003 | 0x1C9003 | 0x1 | Memory Budget (0xFF Normal, 0xFE Large) |
| 0 | 4 | 0x5005 | 0x1C9005 | 0x1 | Slow HDD Mode (0xFE ON) (0xFF OFF) |
| 0 | 4 | 0x500B | 0x1C900B | 0x1 | Unknown (0x87 on proto devkit) |
| 0 | 4 | 0x5010 | 0x1C9010 | 0x1 | vsh_4K Mode (0xFE ON) (0xFF OFF) |
| 0 | 4 | 0x5020 | 0x1C9020 | 0x1 | init_safe_mode flag |
| 0 | 4 | 0x5021 | 0x1C9021 | 0x1 | sysctl_machdep_cavern_dvt1_init_update |
| 0 | 4 | 0x5030 | 0x1C9030 | 0x1 | trsw_probe (01 for [ WLAN mode : FT ], else [ WLAN mode : OFF ]) also bt_sdio_probe and trs_probe |
| 0 | 4 | 0x5038 | 0x1C9038 | 0x1 | ethernet related (gbe) |
| 0 | 4 | 0x5050 | 0x1C9050 | 0x1 | is_extra_clock_available_rtc_status |
| 0 | 4 | 0x5066 | 0x1C9066 | 0x1 | ??? |
| 0 | 4 | 0x5070 | 0x1C9070 | 0x4 | manu_mode related (sdk version?) |
| 0 | 4 | 0x5074 | 0x1C9074 | 0x4 | manu_mode related (sdk version?) |
| 0 | 4 | 0x5080 | 0x1C9080 | varies (0x68-0x6C) | acf token <- checked by sceSblDevActVerifyCheckExpire |
| 0 | 4 | 0x5100 | 0x1C9100 | 0x100 | sce_cam_error_put |
| 0 | 4 | 0x5200 | 0x1C9200 | varies (0x40-0x60) | scrambled/obfuscated eap hdd key <- checked by g_crypt_deferred_init, also checked by read_idstorage |
| 0 | 4 | 0x5301 | 0x1C9301 | 1 | unknown (01 = enabled) |
| 0 | 4 | 0x5311 | 0x1C9311 | 1 | unknown (01 = enabled) |
| 0 | 4 | 0x531F | 0x1C931F | 1 | UART boot param? (setting this to 1 enables UART output on boot) |
| 0 | 4 | 0x5320 | 0x1C9320 | 1 | lvp_configure_get_gddr5clk |
| 0 | 4 | 0x5322 | 0x1C9322 | 1 | lvp_configure_tccds |
| 0 | 4 | 0x5329 | 0x1C9329 | 1 | related to lvp_config |
| 0 | 4 | 0x5400 | 0x1C9400 | 0x210 | token ??? |
| 0 | 4 | 0x5650 | 0x1C9650 | 0x290 | qafutkn_ioctl |
| 0 | 4 | 0x5900 | 0x1C9900 | 0x100 | acf signature |
| 0 | 4 | 0x5A00 | 0x1C9A00 | 0x190 | token ??? |
| 0 | 4 | 0x5C40 | 0x1C9C40 | 0x130 | setPupExpirationStatus |
| 0 | 4 | 0x6000 | 0x1CA000 | 0x300 | wrappNvsRead, or regMgrNvsRead |
| 0 | 4 | 0x600E | 0x1CA00E | 0x1 | Unknown (Not Regions) |
| 0 | 4 | 0x6040 | 0x1CA040 | 0x1 | Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept) |
| 0 | 4 | 0x6300 | 0x1CA300 | 0x300 | wrappNvsRead, or regMgrNvsRead |
| 0 | 4 | 0x6600 | 0x1CA600 | 0x20 | Modes (See Below) |
| 0 | 4 | 0x6600 | 0x1CA600 | 0x1 | SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_idu_mode (0x01 Enabled 0x00 or 0xFF Disabled) |
| 0 | 4 | 0x6601 | 0x1CA601 | 0X1 | SCE_REGMGR_ENT_KEY_SYSTEM_update_mode (0xFF or 0x00 disabled) (0x10, 0x20, 0x30, 0x31, 0x32, 0x50 enabled) |
| 0 | 4 | 0x6602 | 0x1CA602 | 0x1 | SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_show_mode (0x01 Enabled 0x00 Disabled) (Testkit Only!) |
| 0 | 4 | 0x6603 | 0x1CA603 | 0x1 | SCE_REGMGR_ENT_KEY_REGISTRY_recover |
| 0 | 4 | 0x6604 | 0x1CA604 | 0x4 | SCE_REGMGR_ENT_KEY_SYSTEM_soft_version (deprecated) (devkit only?) |
| 0 | 4 | 0x6609 | 0x1CA609 | 0x1 | SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_arcade_mode |
| 0 | 4 | 0x7C00 | 0x1CBC00 | 0x20 | manu mode (all zeroes for enabled, all ffs for disabled) |
| 0 | 4 | 0x7C40 | 0x1CBC40 | 0x20 | |
| 0 | 4 | 0x7CC0 | 0x1CBCC0 | 0x20 | srtc_modevent |
| ? | ? | ??? | 0x1CC31F | 1 | unknown (01 = enabled) |
| ? | ? | ??? | 0x1CF000 | 1 | ?? FF disabled 00 enabled |