Secure Loader: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
Line 58: Line 58:
! Hash !! Versions Supported !! Notes
! Hash !! Versions Supported !! Notes
|-
|-
| {{hex| 60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7}} || ???2.50-5.05??? || Revision 0x23
| {{hex| 60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7}} || All || Revision 0x23
|-  
|-  
| {{hex| A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77}} || ???5.05??? || Revision 0x26
| {{hex| A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77}} || All  || Revision 0x26
|-
|-
| {{hex| 86 52 B2 B9 C7 5B DB C7 78 A2 9F 1C DE 20 38 7C CE 8D F7 44 5A 5F CC A1 A3 56 25 93 3E 0D 9B A1}} || ???5.05??? || Revision 0x27
| {{hex| 86 52 B2 B9 C7 5B DB C7 78 A2 9F 1C DE 20 38 7C CE 8D F7 44 5A 5F CC A1 A3 56 25 93 3E 0D 9B A1}} || All  || Revision 0x27
|-
|-
| {{hex| 7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE}} || ???5.01-5.05??? || Revision 0x2D
| {{hex| 7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE}} || All  || Revision 0x2D
|-
|-
| {{hex| 56 14 59 FD 36 A1 DF A7 DE A6 13 46 D7 BF B6 69 E5 94 18 8D 4F F7 B5 2B BE C0 F8 16 E9 29 23 81}} || ???? || Revision 0x31
| {{hex| 56 14 59 FD 36 A1 DF A7 DE A6 13 46 D7 BF B6 69 E5 94 18 8D 4F F7 B5 2B BE C0 F8 16 E9 29 23 81}} || All  || Revision 0x31
|-
|-
| {{hex| 3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4}} || ???? || Revision 0x32
| {{hex| 3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4}} || All  || Revision 0x32
|-
|-
|}
|}

Revision as of 20:12, 13 June 2023

SAMU IPL, codenamed as 80000001, is the main loader of the Secure Kernel (80010001)
The header contained in it contains the following information:

Header Info

Offset Size Description Notes
0x0 4 Magic 5E D7 9A 0B
0x4 4 Header Size Little Endian (0x280)
0x8 4 Entry Point Little Endian (0x100)
0xC 4 Payload Size Little Endian (e.g 0x232D0)
0x10 0x10 Padding Zeroes
0x20 0x20 SHA256 of the decrypted payload Verified from 0x280 to 0x23550
0x40 0xE0 Padding Ascii Zeroes
0x120 0x20 Revision Nonce (Likely) SHA256 of the IPL's revision, from this point onward, SAM IPL is encrypted with two layers of CBC crypto
0x140 0x40 Metadata
0x180 0x100 RSA Header Signature Verified with rsa modulus from SAMU BootROM from 0 to 0x180
0x280 0x232D0 Payload
0x23550 0x100 RSA Footer Signature Verified from header + body (somewhere else, likely PUP SM Manager)

MetaData Info

Offset Size Description Notes
0x0 0x20 MetaData Body Contains Keyslot Keys
0x20 0x20 HDR + MetaData SHA256HMAC SHA256 of hdr plus metadata (HMAC)

MetaData Body

Offset Size Description Notes
0x0 0x20 KeySlot 1

Revision Nonce Collection

Hash Versions Supported Notes
60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7 All Revision 0x23
A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77 All Revision 0x26
86 52 B2 B9 C7 5B DB C7 78 A2 9F 1C DE 20 38 7C CE 8D F7 44 5A 5F CC A1 A3 56 25 93 3E 0D 9B A1 All Revision 0x27
7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE All Revision 0x2D
56 14 59 FD 36 A1 DF A7 DE A6 13 46 D7 BF B6 69 E5 94 18 8D 4F F7 B5 2B BE C0 F8 16 E9 29 23 81 All Revision 0x31
3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4 All Revision 0x32
Retrieved from "http://www.psdevwiki.com/ps4/index.php?title=Secure_Loader&oldid=291032"