Non Volatile Storage: Difference between revisions
Jump to navigation
Jump to search
| Line 228: | Line 228: | ||
|- | |- | ||
| 0 || 4 || 0x5322 || 0x1C9322 || 1 || lvp_configure_tccds | | 0 || 4 || 0x5322 || 0x1C9322 || 1 || lvp_configure_tccds | ||
|- | |||
| 0 || 4 || 0x5323 || 0x1C9323 || 1 || sam_boot_flags (anything other than FF for enabled) | |||
|- | |- | ||
| 0 || 4 || 0x5329 || 0x1C9329 || 1 || related to lvp_config | | 0 || 4 || 0x5329 || 0x1C9329 || 1 || related to lvp_config | ||
Revision as of 12:13, 24 June 2023
Same as PS3's NVS, used for storing tokens and flags. You can access it by using the function icc_nvs_read (or by ftp'ing the respective regions with root flags server).
Seems that a total of 7 regions(blocks) exist in 2 banks, main bank and backup bank
The kernel accesses only the 5th and the 2nd region, however it's possible to read the other 5 (also the entirety of it by reading /dev/sflash0s0x34 with BUF_SIZE 0x200 from ftp ).
Most, if not all, of the NVS regions can be accessed also in sflash, starting with offset 0x1C4000.
Mapping of the area (NVS service)
| Bank # | Block # | Start Offset in /dev/sflash0s0x34 | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 0 | 0 | 0 | 0x1C4000 | 0x3000 | does not match, probably one (sflash or nvs, likely sflash) updates data |
| 0 | 1 | 0x3000 | 0x1C7000 | 0x1000 | match |
| 0 | 2 | 0x4000 | 0x1C8000 | 0x800 | match, console data region |
| 0 | 3 | 0x4800 | 0x1C8800 | 0x800 | match, all ffs? |
| 0 | 4 | 0x5000 | 0x1C9000 | 0x3000 | match, tokens and flags region |
| 1 | 0 | 0x8000 | 0x1CC000 | 0x3000 | match, tokens and flags region (backup) |
| 1 | 1 | 0xB000 | 0x1CF000 | 0x1000 | match |
Mapping of the detailed area (NVS service)
| Bank # | Block # | Start Offset in /dev/sflash0s0x34 | Start Offset in Sflash | Size | Notes |
|---|---|---|---|---|---|
| 0 | 0 | 0 | 0x1C4000 | 0x8 | Unknown (e.g 04 01 01 01 01 01 04 01) |
| 0 | 0 | 0x20 | 0x1C4020 | 0x6 | Unknown (e.g 02 BC 60 A7 28 83 66) |
| 0 | 0 | 0x4E | 0x1C404E | 0x2 | Unknown (e.g 25 16) |
| 0 | 0 | 0x50 | 0x1C4050 | 0x5 | Unknown (e.g 12 FF 00 00 00) |
| 0 | 0 | 0x60 | 0x1C4060 | 0x5 | Unknown (e.g 04 02 01 01 02) |
| 0 | 0 | 0x73 | 0x1C4073 | 0x1 | Unknown (e.g 01) |
| 0 | 0 | 0x76 | 0x1C4076 | 0x1 | Unknown (e.g 01) |
| 0 | 0 | 0x7A | 0x1C407A | 0x6 | Unknown (e.g 00 00 00 00 00 38) |
| 0 | 0 | 0x80 | 0x1C4080 | 0x1 | Unknown (e.g. 00) |
| 0 | 0 | 0x82 | 0x1C4082 | 0x3 | Unknown (e.g. 01 01 01) |
| 0 | 0 | 0x91 | 0x1C4091 | 0x2 | Unknown (e.g 00 00) |
| 0 | 0 | 0x96 | 0x1C4096 | 0x3 | |
| 0 | 0 | 0x9A | 0x1C409A | 0x2 | Unknown (e.g 02 02) |
| 0 | 0 | 0x9E | 0x1C409E | 0x2 | Unknown (e.g 00 00) |
| 0 | 0 | 0xA0 | 0x1C40A0 | 0x3 | Unknown (e.g 01 01 01) |
| 0 | 0 | 0xAC | 0x1C40AC | 0x4 | |
| 0 | 0 | 0xC5 | 0x1C40C5 | 0x3 | Unknown (e.g AA AA AA) |
| 0 | 0 | 0x204 | 0x1C4204 | 0x1 | Unknown (e.g 00) |
| 0 | 0 | 0x20B | 0x1C420B | 0x1 | Unknown (e.g 00) |
| 0 | 0 | 0x210 | 0x1C4210 | 0x2 | Unknown (e.g 49 42) |
| 0 | 0 | 0x7FE | 0x1C47FE | 0x2 | Unknown (e.g AF 31) |
| 0 | 0 | 0x801 | 0x1C4801 | 0x1 | |
| 0 | 0 | 0x810 | 0x1C4810 | 0x12 | |
| 0 | 0 | 0x84C | 0x1C484C | 0x2 | |
| 0 | 0 | 0x854 | 0x1C4854 | 0x2 | |
| 0 | 0 | 0x870 | 0x1C4870 | 0xC | |
| 0 | 0 | 0x8A0 | 0x1C48A0 | 0x1C | |
| 0 | 0 | 0xFFE | 0x1C4FFE | 0x2 | |
| 0 | 0 | 0x1000 | 0x1C5000 | 0x64 | |
| 0 | 0 | 0x1220 | 0x1C5220 | 0x18 | |
| 0 | 0 | 0x1240 | 0x1C5240 | 0x18 | |
| 0 | 0 | 0x1260 | 0x1C5260 | 0x18 | |
| 0 | 0 | 0x1280 | 0x1C5280 | 0x18 | |
| 0 | 0 | 0x12A0 | 0x1C52A0 | 0x18 | |
| 0 | 0 | 0x12C0 | 0x1C52C0 | 0x18 | |
| 0 | 0 | 0x12E0 | 0x1C52E0 | 0x18 | |
| 0 | 0 | 0x1300 | 0x1C5300 | 0x18 | |
| 0 | 0 | 0x1320 | 0x1C5320 | 0x18 | |
| 0 | 0 | 0x1340 | 0x1C5340 | 0x18 | |
| 0 | 0 | 0x1360 | 0x1C5360 | 0x18 | |
| 0 | 0 | 0x1380 | 0x1C5380 | 0x18 | |
| 0 | 0 | 0x13A0 | 0x1C53A0 | 0x18 | |
| 0 | 0 | 0x13C0 | 0x1C53C0 | 0x18 | |
| 0 | 0 | 0x13E0 | 0x1C53E0 | 0x18 | |
| 0 | 0 | 0x1400 | 0x1C5400 | 0x18 | |
| 0 | 0 | 0x1420 | 0x1C5420 | 0x18 | |
| 0 | 0 | 0x1440 | 0x1C5440 | 0x18 | |
| 0 | 0 | 0x1460 | 0x1C5460 | 0x18 | |
| 0 | 0 | 0x1480 | 0x1C5480 | 0x18 | |
| 0 | 0 | 0x14A0 | 0x1C54A0 | 0x18 | |
| 0 | 0 | 0x14C0 | 0x1C54C0 | 0x18 | |
| 0 | 0 | 0x14E0 | 0x1C54E0 | 0x18 | |
| 0 | 0 | 0x1500 | 0x1C5500 | 0x18 | |
| 0 | 0 | 0x1520 | 0x1C5520 | 0x18 | |
| 0 | 0 | 0x1540 | 0x1C5540 | 0x18 | |
| 0 | 0 | 0x1560 | 0x1C5560 | 0x18 | |
| 0 | 0 | 0x1580 | 0x1C5580 | 0x18 | |
| 0 | 0 | 0x15A0 | 0x1C55A0 | 0x18 | |
| 0 | 0 | 0x15C0 | 0x1C55C0 | 0x18 | |
| 0 | 0 | 0x2000 | 0x1C6000 | 0x8 | |
| 0 | 1 | 0x3000 | 0x1C7000 | 0x40 | |
| 0 | 1 | 0x3040 | 0x1C7040 | 0x10 | trsw_attach (e.g 1F FF 00 00 07 FF FF 07 FF FF 00 00 00 00 00 00) |
| 0 | 1 | 0x30A0 | 0x1C70A0 | 0x2 | get_icc_max (e.g 20 9A) |
| 0 | 2 | 0x4000 | 0x1C8000 | 0x4C | Serial Number + model Type (CUH-XXXXX), see below |
| 0 | 2 | 0x4010 | 0x1C8010 | 0x10 | SOCUID |
| 0 | 2 | 0x4030 | 0x1C8030 | 0x11 | Used in 5.05, Unique Identifier of Console, hw_info (e.g 00TS4DB00K2180050) |
| 0 | 2 | 0x4041 | 0x1C8041 | 0x1F | Used in later firmwares, Unique Identifier of Console, hw_model (e.g DUT-DBW00JK-S0ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ) |
| 0 | 2 | 0x4060 | 0x1C8060 | 0x58 | |
| 0 | 2 | 0x40C0 | 0x1C80C0 | 0xD | |
| 0 | 2 | 0x4100 | 0x1C8100 | 0x20 | (e.g 00 02 F4 C1 64 E6 83 41 0C D0 8D 91 38 56 50 AE 15 3E 60 9E 70 16 17 1A 1C 18 26 25 1B 1B F5 F7) |
| 0 | 2 | 0x47D0 | 0x1C87D0 | 0x10 | all zeroes usually (e.g 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 00) |
| 0 | 2 | 0x47F0 | 0x1C87F0 | 0x1 | (e.g 01) |
| 0 | 4 | 0x5000 | 0x1C9000 | 0x20 | dipswitch flags, see below |
| 0 | 4 | 0x5000 | 0x1C9000 | 0x1 | SCE_REGMGR_ENT_KEY_DEVENV_TOOL_boot_param (FE Development Mode) (FB Assist Mode) (FF Release Mode) |
| 0 | 4 | 0x5003 | 0x1C9003 | 0x1 | Memory Budget (0xFF Normal, 0xFE Large) |
| 0 | 4 | 0x5005 | 0x1C9005 | 0x1 | Slow HDD Mode (0xFE ON) (0xFF OFF) |
| 0 | 4 | 0x500B | 0x1C900B | 0x1 | Unknown (0x87 on proto devkit) |
| 0 | 4 | 0x5010 | 0x1C9010 | 0x1 | vsh_4K Mode (0xFE ON) (0xFF OFF) |
| 0 | 4 | 0x501F | 0x1C901F | 0x1 | ??? (e.g 7F) |
| 0 | 4 | 0x5020 | 0x1C9020 | 0x1 | init_safe_mode flag (e.g F1) |
| 0 | 4 | 0x5021 | 0x1C9021 | 0x1 | sysctl_machdep_cavern_dvt1_init_update |
| 0 | 4 | 0x5030 | 0x1C9030 | 0x1 | trsw_probe (01 for [ WLAN mode : FT ], else [ WLAN mode : OFF ]) also bt_sdio_probe and trs_probe |
| 0 | 4 | 0x5038 | 0x1C9038 | 0x1 | ethernet related (gbe) |
| 0 | 4 | 0x5050 | 0x1C9050 | 0x1 | is_extra_clock_available_rtc_status |
| 0 | 4 | 0x5060 | 0x1C9060 | 0x4 | sdk version (e.g 00 00 50 02 (2.50 ) |
| 0 | 4 | 0x5068 | 0x1C9068 | 0x4 | sdk version (e.g 00 00 05 05 (5.05 ) |
| 0 | 4 | 0x5070 | 0x1C9070 | 0x4 | manu_mode related (sdk version?) |
| 0 | 4 | 0x5074 | 0x1C9074 | 0x4 | Unknown (e.g. 84 72 4E 57) |
| 0 | 4 | 0x507C | 0x1C907C | 0x4 | manu_mode related (sdk version?) |
| 0 | 4 | 0x5080 | 0x1C9080 | varies (0x68-0x6C) | acf token <- checked by sceSblDevActVerifyCheckExpire |
| 0 | 4 | 0x5100 | 0x1C9100 | 0x100 | sce_cam_error_put |
| 0 | 4 | 0x5200 | 0x1C9200 | varies (0x40-0x60) | scrambled/obfuscated eap hdd key <- checked by g_crypt_deferred_init, also checked by read_idstorage |
| 0 | 4 | 0x5301 | 0x1C9301 | 1 | unknown (01 = enabled) |
| 0 | 4 | 0x5310 | 0x1C9310 | 1 | sam_memtest (01 = enabled) |
| 0 | 4 | 0x5311 | 0x1C9311 | 1 | unknown (01 = enabled) |
| 0 | 4 | 0x5312 | 0x1C9312 | 1 | sam_rngtest (01 = enabled) |
| 0 | 4 | 0x531F | 0x1C931F | 1 | UART boot param (setting this to 1 enables UART output on boot) |
| 0 | 4 | 0x5320 | 0x1C9320 | 1 | lvp_configure_get_gddr5clk (0x14 = 500Mhz) (whatever value is here is multiplied by 0x19 to get final value) (0xED max value, 1725Mhz) |
| 0 | 4 | 0x5322 | 0x1C9322 | 1 | lvp_configure_tccds |
| 0 | 4 | 0x5323 | 0x1C9323 | 1 | sam_boot_flags (anything other than FF for enabled) |
| 0 | 4 | 0x5329 | 0x1C9329 | 1 | related to lvp_config |
| 0 | 4 | 0x5400 | 0x1C9400 | 0x210 | token ??? |
| 0 | 4 | 0x5650 | 0x1C9650 | 0x290 | qafutkn_ioctl |
| 0 | 4 | 0x5900 | 0x1C9900 | 0x100 | acf signature |
| 0 | 4 | 0x5A00 | 0x1C9A00 | 0x190 | token ??? |
| 0 | 4 | 0x5C00 | 0x1C9C00 | 0x3C | HDD Info (e.g GHTSH ST4501019A6E08 613081DJ0124FZD129SN) |
| 0 | 4 | 0x5C3C | 0x1C9C3C | 0x04 | Unknown (e.g 05 C6 0A 00) |
| 0 | 4 | 0x5C40 | 0x1C9C40 | 0x130 | setPupExpirationStatus |
| 0 | 4 | 0x6000 | 0x1CA000 | 0x300 | wrappNvsRead, or regMgrNvsRead |
| 0 | 4 | 0x600E | 0x1CA00E | 0x1 | Unknown (Not Regions) |
| 0 | 4 | 0x6040 | 0x1CA040 | 0x1 | Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept) |
| 0 | 4 | 0x6300 | 0x1CA300 | 0x300 | wrappNvsRead, or regMgrNvsRead |
| 0 | 4 | 0x6600 | 0x1CA600 | 0x20 | Modes (See Below) |
| 0 | 4 | 0x6600 | 0x1CA600 | 0x1 | SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_idu_mode (0x01 Enabled 0x00 or 0xFF Disabled) |
| 0 | 4 | 0x6601 | 0x1CA601 | 0X1 | SCE_REGMGR_ENT_KEY_SYSTEM_update_mode (0xFF or 0x00 disabled) (0x10, 0x20, 0x30, 0x31, 0x32, 0x50 enabled) |
| 0 | 4 | 0x6602 | 0x1CA602 | 0x1 | SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_show_mode (0x01 Enabled 0x00 Disabled) (Testkit Only!) |
| 0 | 4 | 0x6603 | 0x1CA603 | 0x1 | SCE_REGMGR_ENT_KEY_REGISTRY_recover |
| 0 | 4 | 0x6604 | 0x1CA604 | 0x4 | SCE_REGMGR_ENT_KEY_SYSTEM_soft_version (deprecated) (devkit only?) |
| 0 | 4 | 0x6609 | 0x1CA609 | 0x1 | SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_arcade_mode |
| 0 | 4 | 0x7C00 | 0x1CBC00 | 0x20 | manu mode (all zeroes for enabled, all ffs for disabled) |
| 0 | 4 | 0x7C40 | 0x1CBC40 | 0x20 | |
| 0 | 4 | 0x7CC0 | 0x1CBCC0 | 0x20 | srtc_modevent |
| ? | ? | ??? | 0x1CC31F | 1 | UART boot param (setting this to 1 enables UART output on boot) |
| ? | ? | ??? | 0x1CF000 | 1 | ?? FF disabled 00 enabled |