Talk:Non Volatile Storage: Difference between revisions
CelesteBlue (talk | contribs) |
m (Text replacement - "<source lang" to "<syntaxhighlight lang") |
||
| Line 3: | Line 3: | ||
From kernel of PS4 System Software version 1.76. | From kernel of PS4 System Software version 1.76. | ||
< | <syntaxhighlight lang="C"> | ||
sceSblDevActVerifyCheckExpire: | sceSblDevActVerifyCheckExpire: | ||
icc_nvs_read(0LL, 4uLL, 0x80LL, 0x68uLL, &data_ptr); | icc_nvs_read(0LL, 4uLL, 0x80LL, 0x68uLL, &data_ptr); | ||
| Line 60: | Line 60: | ||
From kernel of PS4 System Software version 1.00 Tool (DevKit). | From kernel of PS4 System Software version 1.00 Tool (DevKit). | ||
< | <syntaxhighlight lang="C"> | ||
sce_cam_error_put: | sce_cam_error_put: | ||
| Line 126: | Line 126: | ||
* unk_FFFFFFFF836BC010 (0x70) <- decrypted eap_hdd_key ? | * unk_FFFFFFFF836BC010 (0x70) <- decrypted eap_hdd_key ? | ||
< | <syntaxhighlight lang="C"> | ||
v7 = icc_nvs_read(0LL, 4uLL, 0x200LL, v2, &enc_eap_key_); | v7 = icc_nvs_read(0LL, 4uLL, 0x200LL, v2, &enc_eap_key_); | ||
if ( v7 ) { | if ( v7 ) { | ||
Revision as of 07:06, 18 January 2025
Findings from Kernel by Z80
From kernel of PS4 System Software version 1.76.
<syntaxhighlight lang="C"> sceSblDevActVerifyCheckExpire: icc_nvs_read(0LL, 4uLL, 0x80LL, 0x68uLL, &data_ptr); icc_nvs_read(0LL, 4uLL, 0x900LL, 0x100uLL, &v12);
read_idstorage:??? icc_nvs_read(0LL, 4uLL, LOWORD(dword_FFFFFFFF82A484D4[v8]), v9, a2);
g_crypt_deferred_init: icc_nvs_read(0LL, 4uLL, 0x200LL, 0x40-0x60, &enc_eap_key_);
srtc_create_dev: icc_nvs_read(0LL, 4uLL, 0x2CC0LL(maybe0x2c00LL), 0x20uLL, &data_ptr[v18]);
wlan related TRSW wlan/bt power state/mode:??? icc_nvs_read(0LL, 4uLL, 0x30LL, 1uLL, &data_ptr)
sub_FFFFFFFF82751F70:wlan related TRSW??? icc_nvs_read(0LL, 1uLL, 0x40LL, 0x10uLL, (v2 + 1096))
regMgrNvsSpInit: icc_nvs_read(0LL, 4uLL, 0x1600LL, 0x20uLL, &qword_FFFFFFFF8346C520);
sub_FFFFFFFF826A9AC0: icc_nvs_read(0LL, 4uLL, 0x1000LL, 0x300uLL, PrivateStorageAddr1_ptr); icc_nvs_read(0LL, 4uLL, 0x1300LL, 0x300uLL, PrivateStorageAddr2_ptr);
get_extra_clock:aeolia_rtc_??? icc_nvs_read(0LL, 4uLL, 0x50LL, 1uLL, &off_FFFFFFFF83377C99)
iccnvs_kproc: icc_nvs_read(0LL, *(*(v6 + 2) + 0x20LL), *(v6 + 12), *(v6 + 16), *(v6 + 5))
sub_FFFFFFFF8262DC60:sysctl_machdep_cavern_dvt1_init_update: current_mode: ??? icc_nvs_read(0LL, 4uLL, 0x21LL, 1uLL, &data_ptr);
lvp_configure_tccds: icc_nvs_read(0LL, 4uLL, 0x322LL, 1uLL, &data_ptr);
manumode: icc_nvs_read(0LL, 4uLL, 0x2C00LL, 0x20uLL, &data_ptr);
init_safe_mode mode ??? icc_nvs_read(0LL, 4uLL, 0x20LL, 1uLL, &data_ptr)
sce_cam_error_log_read: icc_nvs_read(0LL, 4uLL, 0x100LL, 0x100uLL, &data_ptr);
sub_FFFFFFFF827D2F50:qafutkn ??? icc_nvs_read(1LL, 4uLL, 0x0a00LL, 0x190uLL, &data_ptr);
sub_FFFFFFFF827D8E30:??? icc_nvs_write(0LL, 4uLL, 0LL, 0x20uLL, &dipsw_FFFFFFFF836C0090); </source>
From kernel of PS4 System Software version 1.00 Tool (DevKit).
<syntaxhighlight lang="C"> sce_cam_error_put:
icc_nvs_read(0, 4u, 0x100, 0x100u, (__int64)v31); icc_nvs_write(0LL, 4LL, 0x1FCLL, 4LL, &v29); v18 = sce_device_error_log; icc_nvs_write(0LL, 4LL, (unsigned __int16)(0x28 * (v18 % 6) + 0x100), 0x28LL, v32);
get_init_safe_mode:
icc_nvs_read(0, 4u, 0x20, 1u, (__int64)&v5) )
start_init:
if ( (unsigned int)icc_nvs_read(0, 4u, 0x20, 1u, (__int64)&v51) ) LABEL_43:
panic((unsigned int)"failed to retrieve init_safe_mode", 4, v0, v1, v2, v3);
if ( (unsigned int)icc_nvs_read(0, 4u, 0x20, 1u, (__int64)&v51) )
goto LABEL_43;
if ( v51 == 0xFF )
printf((unsigned int)"Falling back to orbis_diag...\n", 4, v0, v1, v2, v3);
else
printf((unsigned int)"%s is not found. trying next...\n", v52[0], v0, v1, v2, v3);
goto LABEL_36;
sysctl_kern_init_safe_mode:
if ( (unsigned int)icc_nvs_read(0, 4u, 0x20, 1u, (__int64)&v13) )
panic((unsigned int)"failed to retrieve init_safe_mode", 4, v5, v6, v7, v8);
sysctl_manumode:
result = icc_nvs_read(0, 4u, 0x2C00, 0x20u, (__int64)v8);
if ( !(_DWORD)result )
{
if ( !(unsigned int)memcmp(v8, &sysctl_manumode_manu_mode_0xff, 0x20LL) )
result = icc_nvs_write(1LL, 4LL, 0x2C00LL, 0x20LL, &sysctl_manumode_manu_mode_0x00);
if ( !(_DWORD)result )
{
bzero(v8, 32LL);
result = icc_nvs_read(0, 4u, 0x2C00, 0x20u, (__int64)v8);
if ( !(_DWORD)result )
return 5 * (unsigned int)((unsigned int)memcmp(v8, &sysctl_manumode_manu_mode_0x00, 0x20LL) != 0);
lvp_configure_tccds:
if ( (unsigned int)(a1 - 2) < 4 || !a1 || (result = 0x16LL, a1 == 0xFF) )
{
v2 = icc_nvs_read(0, 4u, 0x322, 1u, (__int64)&v3);
result = 5LL;
if ( !v2 )
{
result = 0LL;
if ( v3 != (_BYTE)a1 )
return 5 * (unsigned int)((unsigned int)icc_nvs_write(0LL, 4LL, 0x322LL, 1LL, &v4) != 0);
</source>
About EAP Hdd Key
- sceSblGetEAPInternalPartitionKey((__int64)&unk_FFFFFFFF836C0000, &unk_FFFFFFFF836BC010, a2, a3, v7) )
- seems to contain 2 buffers
- unk_FFFFFFFF836C0000 (0x70) <- encrypted eap_hdd_key ?
- unk_FFFFFFFF836BC010 (0x70) <- decrypted eap_hdd_key ?
<syntaxhighlight lang="C">
v7 = icc_nvs_read(0LL, 4uLL, 0x200LL, v2, &enc_eap_key_);
if ( v7 ) {
v12 = v7;
printf("icc_nvs_read failed: %d\n", v7, v8, v9, v10, v11, v19);
panic("eap key not available", v12, v13, v14, v15, v16, v20);
}
printf("g_crypt_deferred_init: calling CCP\n", 4LL, v8, v9, v10, v11, v19);
v12 = &eap_key_;
if ( sceSblGetEAPInternalPartitionKey(&enc_eap_key_, &eap_key_) )
</source>
From EMC
| Index | Offset in NVS | Offset in sflash0 | Size | Unknown ?read? | Has backup ?write? | Backup address | ?Backup address 2? | Notes |
|---|---|---|---|---|---|---|---|---|
| 0 | 0 | 0x1C4000 | 0x1000 | 1 | 0 | 0 | 0 | Per-console fixed data |
| 1 | 0x1000 | 0x1C5000 | 0x1000 | 1 | 1 | 0x1CE000 | 0x1CF000 | Logs (including statistics) |
| 2 | 0x2000 | 0x1C6000 | 0x1000 | 1 | 0 | 0 | 0 | Unknown area |
| 3 | 0x3000 | 0x1C7000 | 0x1000 | 1 | 0 | 0 | 0 | pd region |
| 4 | 0x4000 | 0x1C8000 | 0x800 | 1 | 0 | 0 | 0 | ds region |
| 5 | 0x4800 | 0x1C8800 | 0x800 | 1 | 0 | 0 | 0 | cs region |
| 6 | 0x5000 | 0x1C9000 | 0x3000 | 1 | 0 | 0 | 0 | os region |