Secure Loader: Difference between revisions
Jump to navigation
Jump to search
CelesteBlue (talk | contribs) No edit summary |
|||
Line 1: | Line 1: | ||
SAMU | The PS4 Secure Loader is the SAMU Initial Program Loader. It is [[Codenames|codenamed]] as 80000001. The PS4 Secure Loader is likely the main loader of the [[Secure Kernel]] (80010001). | ||
= Header | = Structure = | ||
== Header == | |||
{| class="wikitable" | {| class="wikitable" | ||
Line 19: | Line 20: | ||
| 0x20 || 0x20 || SHA256 of the decrypted payload || Verified from 0x280 to 0x23550 | | 0x20 || 0x20 || SHA256 of the decrypted payload || Verified from 0x280 to 0x23550 | ||
|- | |- | ||
| 0x40 || 0xE0 || Padding || | | 0x40 || 0xE0 || Padding || ASCII zeroes | ||
|- | |- | ||
| 0x120 || 0x20 || Revision Nonce || (Likely) SHA256 of the IPL's revision, from this point onward, SAM IPL is encrypted with two layers of CBC crypto | | 0x120 || 0x20 || Revision Nonce || (Likely) SHA256 of the SAM IPL's revision, from this point onward, SAM IPL is encrypted with two layers of AES-CBC crypto | ||
|- | |- | ||
| 0x140 || 0x40 || Metadata || | | 0x140 || 0x40 || Metadata || | ||
|- | |- | ||
| 0x180 || 0x100 || RSA Header Signature || Verified with | | 0x180 || 0x100 || RSA Header Signature || Verified with RSA modulus from SAMU BootROM from 0 to 0x180 | ||
|- | |- | ||
| 0x280 || 0x232D0 || Payload || | | 0x280 || 0x232D0 || Payload || | ||
|- | |- | ||
| 0x23550 || 0x100 || RSA Footer Signature || Verified from header + body (somewhere else, likely PUP SM Manager) | | 0x23550 || 0x100 || RSA Footer Signature || Verified from header + body (somewhere else, likely PUP SM Manager) | ||
|} | |} | ||
= MetaData | == MetaData == | ||
{| class="wikitable" | {| class="wikitable" | ||
! Offset !! Size !! Description !! Notes | ! Offset !! Size !! Description !! Notes | ||
|- | |- | ||
| 0x0 || 0x20 || MetaData Body || Contains | | 0x0 || 0x20 || MetaData Body || Contains KeyRings | ||
|- | |- | ||
| 0x20 || 0x20 || MetaData digest || HMAC-SHA256 digest of (header plus metadata) | |||
|} | |} | ||
= MetaData Body = | == MetaData Body == | ||
{| class="wikitable" | {| class="wikitable" | ||
! Offset !! Size !! Description !! Notes | ! Offset !! Size !! Description !! Notes | ||
|- | |- | ||
| 0x0 || 0x20 || | | 0x0 || 0x20 || KeyRing 1 || | ||
|} | |} | ||
Line 71: | Line 69: | ||
|- | |- | ||
| {{hex| 3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4}} || All || Revision 0x32 | | {{hex| 3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4}} || All || Revision 0x32 | ||
|} | |} |
Revision as of 01:23, 17 July 2023
The PS4 Secure Loader is the SAMU Initial Program Loader. It is codenamed as 80000001. The PS4 Secure Loader is likely the main loader of the Secure Kernel (80010001).
Structure
Header
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 4 | Magic | 5E D7 9A 0B |
0x4 | 4 | Header Size | Little Endian (0x280) |
0x8 | 4 | Entry Point | Little Endian (0x100) |
0xC | 4 | Payload Size | Little Endian (e.g 0x232D0) |
0x10 | 0x10 | Padding | Zeroes |
0x20 | 0x20 | SHA256 of the decrypted payload | Verified from 0x280 to 0x23550 |
0x40 | 0xE0 | Padding | ASCII zeroes |
0x120 | 0x20 | Revision Nonce | (Likely) SHA256 of the SAM IPL's revision, from this point onward, SAM IPL is encrypted with two layers of AES-CBC crypto |
0x140 | 0x40 | Metadata | |
0x180 | 0x100 | RSA Header Signature | Verified with RSA modulus from SAMU BootROM from 0 to 0x180 |
0x280 | 0x232D0 | Payload | |
0x23550 | 0x100 | RSA Footer Signature | Verified from header + body (somewhere else, likely PUP SM Manager) |
MetaData
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 0x20 | MetaData Body | Contains KeyRings |
0x20 | 0x20 | MetaData digest | HMAC-SHA256 digest of (header plus metadata) |
MetaData Body
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 0x20 | KeyRing 1 |
Revision Nonce Collection
Hash | Versions Supported | Notes |
---|---|---|
N.A | All | Revision 0x4 |
60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7 |
All | Revision 0x23 |
A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77 |
All | Revision 0x26 |
86 52 B2 B9 C7 5B DB C7 78 A2 9F 1C DE 20 38 7C CE 8D F7 44 5A 5F CC A1 A3 56 25 93 3E 0D 9B A1 |
All | Revision 0x27, Present in Internal Pro 3.70 |
7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE |
All | Revision 0x2D |
56 14 59 FD 36 A1 DF A7 DE A6 13 46 D7 BF B6 69 E5 94 18 8D 4F F7 B5 2B BE C0 F8 16 E9 29 23 81 |
All | Revision 0x31 |
3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4 |
All | Revision 0x32 |