Secure Loader: Difference between revisions
Jump to navigation
Jump to search
CelesteBlue (talk | contribs) No edit summary |
|||
(24 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
SAMU | The PS4 Secure Loader is the Initial Program Loader running on the [[AMD SAMU]] processor. It is [[Codenames|codenamed]] as 80000001. The PS4 Secure Loader is likely the main loader of the [[Secure Kernel]] (80010001) and of the Kernel (80010002). | ||
= Header | See also the [https://www.psdevwiki.com/ps5/Secure_Loader PS5 Secure Loader]. | ||
= Structure = | |||
== Header == | |||
{| class="wikitable" | {| class="wikitable" | ||
Line 13: | Line 16: | ||
| 0x8 || 4 || Entry Point || Little Endian (0x100) | | 0x8 || 4 || Entry Point || Little Endian (0x100) | ||
|- | |- | ||
| 0xC || 4 || | | 0xC || 4 || Body Size || Little Endian (e.g 0x232D0) | ||
|- | |- | ||
| 0x10 || 0x10 || Padding || Zeroes | | 0x10 || 0x10 || Padding || Zeroes | ||
|- | |- | ||
| 0x20 || 0x20 || SHA256 of the decrypted | | 0x20 || 0x20 || SHA256 of the decrypted body || Verified from 0x280 to 0x23550 | ||
|- | |||
| 0x40 || 0xE0 || Padding || ASCII zeroes | |||
|- | |||
| 0x120 || 0x20 || Revision Nonce || (Likely) SHA256 of the IPL's revision, from this point onward, IPL is encrypted with two layers of AES-CBC crypto | |||
|- | |||
| 0x140 || 0x40 || MetaData || | |||
|- | |||
| 0x180 || 0x100 || RSA2048 Header Signature || Verified with RSA modulus from SAMU BootROM from 0 to 0x180 | |||
|- | |||
| 0x280 || 0x232D0 || Body || | |||
|- | |||
| 0x23550 || 0x100 || RSA Footer Signature || Verified from header + body (somewhere else, likely PUP SM Manager) | |||
|} | |||
== MetaData == | |||
{| class="wikitable" | |||
! Offset !! Size !! Description !! Notes | |||
|- | |||
| 0x0 || 0x20 || MetaData Body || Contains KeyRings | |||
|- | |||
| 0x20 || 0x20 || MetaData Digest || HMAC-SHA256 digest of (header plus metadata) | |||
|} | |||
== MetaData Body == | |||
{| class="wikitable" | |||
! Offset !! Size !! Description !! Notes | |||
|- | |||
| 0x0 || 0x20 || KeyRing 1 || | |||
|} | |||
= Revision Nonce Collection = | |||
{| class="wikitable" | |||
! Revision !! Hash !! Versions Supported !! Notes | |||
|- | |- | ||
| | | 0x4 || N.A || All || | ||
|- | |- | ||
| | | 0x23 || {{hex| 60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7}} || All || | ||
|- | |||
| 0x26 || {{hex| A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77}} || All || | |||
|- | |- | ||
| | | 0x27 || {{hex| 86 52 B2 B9 C7 5B DB C7 78 A2 9F 1C DE 20 38 7C CE 8D F7 44 5A 5F CC A1 A3 56 25 93 3E 0D 9B A1}} || All || Present in Internal Pro 3.70 | ||
|- | |- | ||
| | | 0x2D || {{hex| 7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE}} || All || | ||
|- | |- | ||
| | | 0x31 || {{hex| 56 14 59 FD 36 A1 DF A7 DE A6 13 46 D7 BF B6 69 E5 94 18 8D 4F F7 B5 2B BE C0 F8 16 E9 29 23 81}} || All || | ||
|- | |- | ||
| 0x32 || {{hex| 3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4}} || All || | |||
|} | |} |
Latest revision as of 12:44, 30 October 2024
The PS4 Secure Loader is the Initial Program Loader running on the AMD SAMU processor. It is codenamed as 80000001. The PS4 Secure Loader is likely the main loader of the Secure Kernel (80010001) and of the Kernel (80010002).
See also the PS5 Secure Loader.
Structure[edit | edit source]
Header[edit | edit source]
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 4 | Magic | 5E D7 9A 0B |
0x4 | 4 | Header Size | Little Endian (0x280) |
0x8 | 4 | Entry Point | Little Endian (0x100) |
0xC | 4 | Body Size | Little Endian (e.g 0x232D0) |
0x10 | 0x10 | Padding | Zeroes |
0x20 | 0x20 | SHA256 of the decrypted body | Verified from 0x280 to 0x23550 |
0x40 | 0xE0 | Padding | ASCII zeroes |
0x120 | 0x20 | Revision Nonce | (Likely) SHA256 of the IPL's revision, from this point onward, IPL is encrypted with two layers of AES-CBC crypto |
0x140 | 0x40 | MetaData | |
0x180 | 0x100 | RSA2048 Header Signature | Verified with RSA modulus from SAMU BootROM from 0 to 0x180 |
0x280 | 0x232D0 | Body | |
0x23550 | 0x100 | RSA Footer Signature | Verified from header + body (somewhere else, likely PUP SM Manager) |
MetaData[edit | edit source]
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 0x20 | MetaData Body | Contains KeyRings |
0x20 | 0x20 | MetaData Digest | HMAC-SHA256 digest of (header plus metadata) |
MetaData Body[edit | edit source]
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 0x20 | KeyRing 1 |
Revision Nonce Collection[edit | edit source]
Revision | Hash | Versions Supported | Notes |
---|---|---|---|
0x4 | N.A | All | |
0x23 | 60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7 |
All | |
0x26 | A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77 |
All | |
0x27 | 86 52 B2 B9 C7 5B DB C7 78 A2 9F 1C DE 20 38 7C CE 8D F7 44 5A 5F CC A1 A3 56 25 93 3E 0D 9B A1 |
All | Present in Internal Pro 3.70 |
0x2D | 7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE |
All | |
0x31 | 56 14 59 FD 36 A1 DF A7 DE A6 13 46 D7 BF B6 69 E5 94 18 8D 4F F7 B5 2B BE C0 F8 16 E9 29 23 81 |
All | |
0x32 | 3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4 |
All |