Secure Loader: Difference between revisions
Jump to navigation
Jump to search
Line 19: | Line 19: | ||
| 0x20 || 0x20 || SHA256 of the decrypted payload || Verified from 0x280 to 0x23550 | | 0x20 || 0x20 || SHA256 of the decrypted payload || Verified from 0x280 to 0x23550 | ||
|- | |- | ||
| 0x40 || 0x100 || Padding || Ascii Zeroes | | 0x40 || 0x100 || Padding || Ascii Zeroes, from this point onward, SAM IPL is encrypted with two layers of CBC crypto | ||
|- | |- | ||
| 0x140 || 0x40 || Metadata || | | 0x140 || 0x40 || Metadata || |
Revision as of 21:07, 16 July 2021
SAMU IPL, codenamed as 80000001, is the main loader of the Secure Kernel (80010001)
The header contained in it contains the following information:
Header Info
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 4 | Magic | 5E D7 9A 0B |
0x4 | 4 | Header Size | Little Endian (0x280) |
0x8 | 4 | Entry Point | Little Endian (0x100) |
0xC | 4 | Payload Size | Little Endian (e.g 0x232D0) |
0x10 | 0x10 | Padding | Zeroes |
0x20 | 0x20 | SHA256 of the decrypted payload | Verified from 0x280 to 0x23550 |
0x40 | 0x100 | Padding | Ascii Zeroes, from this point onward, SAM IPL is encrypted with two layers of CBC crypto |
0x140 | 0x40 | Metadata | |
0x180 | 0x100 | RSA Header Signature | Verified with rsa modulus from SAMU BootROM from 0 to 0x180 |
0x280 | 0x232D0 | Payload | |
0x23550 | 0x100 | RSA Footer Signature | Verified from header + body (somewhere else, likely PUP SM Manager) |
MetaData Info
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 0x20 | MetaData Body | Contains Keyslot Keys |
0x20 | 0x20 | HDR + MetaData SHA256HMAC | SHA256 of hdr plus metadata (HMAC) |
MetaData Body
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 0x20 | KeySlot 1 |