Revision as of 19:47, 13 June 2023

SAMU IPL, codenamed as 80000001, is the main loader of the Secure Kernel (80010001)
The header contained in it contains the following information:

Header Info

Offset	Size	Description	Notes
0x0	4	Magic	5E D7 9A 0B
0x4	4	Header Size	Little Endian (0x280)
0x8	4	Entry Point	Little Endian (0x100)
0xC	4	Payload Size	Little Endian (e.g 0x232D0)
0x10	0x10	Padding	Zeroes
0x20	0x20	SHA256 of the decrypted payload	Verified from 0x280 to 0x23550
0x40	0xE0	Padding	Ascii Zeroes
0x120	0x20	Revision Nonce	(Likely) SHA256 of the IPL's revision, from this point onward, SAM IPL is encrypted with two layers of CBC crypto
0x140	0x40	Metadata
0x180	0x100	RSA Header Signature	Verified with rsa modulus from SAMU BootROM from 0 to 0x180
0x280	0x232D0	Payload
0x23550	0x100	RSA Footer Signature	Verified from header + body (somewhere else, likely PUP SM Manager)

Offset	Size	Description	Notes
0x0	0x20	MetaData Body	Contains Keyslot Keys
0x20	0x20	HDR + MetaData SHA256HMAC	SHA256 of hdr plus metadata (HMAC)

Offset	Size	Description	Notes
0x0	0x20	KeySlot 1

Hash	Versions Supported	Notes
`7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE`	???5.01-5.05???	Revision 0x2D
`60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7`	???2.50-5.05???	Revision 0x23
`A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77`	???5.05???	Revision 0x26

@@ Line 62: / Line 62: @@
 | {{hex| 60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7}} || ???2.50-5.05??? || Revision 0x23
 |-
+| {{hex| A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77}} || ???5.05??? || Revision 0x26
+|-
 |}