Secure Loader: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 55: | Line 55: | ||
= Revision Nonce Collection = | = Revision Nonce Collection = | ||
{| class="wikitable" | |||
! Hash !! Versions Supported !! Notes | |||
|- | |||
| {hex| 7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE} || ???5.01-5.05??? || Needs more research | |||
|- | |||
} | |||
Revision as of 19:10, 13 June 2023
SAMU IPL, codenamed as 80000001, is the main loader of the Secure Kernel (80010001)
The header contained in it contains the following information:
Header Info
| Offset | Size | Description | Notes |
|---|---|---|---|
| 0x0 | 4 | Magic | 5E D7 9A 0B |
| 0x4 | 4 | Header Size | Little Endian (0x280) |
| 0x8 | 4 | Entry Point | Little Endian (0x100) |
| 0xC | 4 | Payload Size | Little Endian (e.g 0x232D0) |
| 0x10 | 0x10 | Padding | Zeroes |
| 0x20 | 0x20 | SHA256 of the decrypted payload | Verified from 0x280 to 0x23550 |
| 0x40 | 0xE0 | Padding | Ascii Zeroes |
| 0x120 | 0x20 | Revision Nonce | (Likely) SHA256 of the IPL's revision, from this point onward, SAM IPL is encrypted with two layers of CBC crypto |
| 0x140 | 0x40 | Metadata | |
| 0x180 | 0x100 | RSA Header Signature | Verified with rsa modulus from SAMU BootROM from 0 to 0x180 |
| 0x280 | 0x232D0 | Payload | |
| 0x23550 | 0x100 | RSA Footer Signature | Verified from header + body (somewhere else, likely PUP SM Manager) |
MetaData Info
| Offset | Size | Description | Notes |
|---|---|---|---|
| 0x0 | 0x20 | MetaData Body | Contains Keyslot Keys |
| 0x20 | 0x20 | HDR + MetaData SHA256HMAC | SHA256 of hdr plus metadata (HMAC) |
MetaData Body
| Offset | Size | Description | Notes |
|---|---|---|---|
| 0x0 | 0x20 | KeySlot 1 |
Revision Nonce Collection
}| Hash | Versions Supported | Notes |
|---|---|---|
| 7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE} | ???5.01-5.05??? | Needs more research |