Non Volatile Storage: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
Line 155: Line 155:
| 0 || 1 || 0x3040 || 0x1C7040 || 0x10 || trsw_attach (e.g 1F FF 00 00 07 FF FF 07 FF FF 00 00 00 00 00 00)
| 0 || 1 || 0x3040 || 0x1C7040 || 0x10 || trsw_attach (e.g 1F FF 00 00 07 FF FF 07 FF FF 00 00 00 00 00 00)
|-
|-
| 0 || 1 || 0x30A0 || 0x1C70A0 || 0x2 || get_icc_max
| 0 || 1 || 0x30A0 || 0x1C70A0 || 0x2 || get_icc_max (e.g 20 9A)
|-
|-
| 0 || 2 || 0x4000 || 0x1C8000 || 0x4C || Serial Number + model Type (CUH-XXXXX), see below
| 0 || 2 || 0x4000 || 0x1C8000 || 0x4C || Serial Number + model Type (CUH-XXXXX), see below

Revision as of 16:07, 16 March 2023

Same as PS3's NVS, used for storing tokens and flags. You can access it by using the function icc_nvs_read (or by ftp'ing the respective regions with root flags server).
Seems that a total of 7 regions(blocks) exist in 2 banks, main bank and backup bank
The kernel accesses only the 5th and the 2nd region, however it's possible to read the other 5 (also the entirety of it by reading /dev/sflash0s0x34 with BUF_SIZE 0x200 from ftp ).
Most, if not all, of the NVS regions can be accessed also in sflash, starting with offset 0x1C4000.

Mapping of the area (NVS service)

Bank # Block # Start Offset in /dev/sflash0s0x34 Start Offset in Sflash Size Notes
0 0 0 0x1C4000 0x3000 does not match, probably one (sflash or nvs, likely sflash) updates data
0 1 0x3000 0x1C7000 0x1000 match
0 2 0x4000 0x1C8000 0x800 match, console data region
0 3 0x4800 0x1C8800 0x800 match, all ffs?
0 4 0x5000 0x1C9000 0x3000 match, tokens and flags region
1 0 0x8000 0x1CC000 0x3000 match, tokens and flags region (backup)
1 1 0xB000 0x1CF000 0x1000 match

Mapping of the detailed area (NVS service)

Bank # Block # Start Offset in /dev/sflash0s0x34 Start Offset in Sflash Size Notes
0 0 0 0x1C4000 0x8 Unknown (e.g 04 01 01 01 01 01 04 01)
0 0 0x20 0x1C4020 0x6 Unknown (e.g 02 BC 60 A7 28 83 66)
0 0 0x4E 0x1C404E 0x2 Unknown (e.g 25 16)
0 0 0x50 0x1C4050 0x5 Unknown (e.g 12 FF 00 00 00)
0 0 0x60 0x1C4060 0x5 Unknown (e.g 04 02 01 01 02)
0 0 0x73 0x1C4073 0x1 Unknown (e.g 01)
0 0 0x76 0x1C4076 0x1 Unknown (e.g 01)
0 0 0x7A 0x1C407A 0x6 Unknown (e.g 00 00 00 00 00 38)
0 0 0x80 0x1C4080 0x1 Unknown (e.g. 00)
0 0 0x82 0x1C4082 0x3 Unknown (e.g. 01 01 01)
0 0 0x91 0x1C4091 0x2 Unknown (e.g 00 00)
0 0 0x96 0x1C4096 0x3
0 0 0x9A 0x1C409A 0x2 Unknown (e.g 02 02)
0 0 0x9E 0x1C409E 0x2 Unknown (e.g 00 00)
0 0 0xA0 0x1C40A0 0x3 Unknown (e.g 01 01 01)
0 0 0xAC 0x1C40AC 0x4
0 0 0xC5 0x1C40C5 0x3 Unknown (e.g AA AA AA)
0 0 0x204 0x1C4204 0x1 Unknown (e.g 00)
0 0 0x20B 0x1C420B 0x1 Unknown (e.g 00)
0 0 0x210 0x1C4210 0x2 Unknown (e.g 49 42)
0 0 0x7FE 0x1C47FE 0x2 Unknown (e.g AF 31)
0 0 0x801 0x1C4801 0x1
0 0 0x810 0x1C4810 0x12
0 0 0x84C 0x1C484C 0x2
0 0 0x854 0x1C4854 0x2
0 0 0x870 0x1C4870 0xC
0 0 0x8A0 0x1C48A0 0x1C
0 0 0xFFE 0x1C4FFE 0x2
0 0 0x1000 0x1C5000 0x64
0 0 0x1220 0x1C5220 0x18
0 0 0x1240 0x1C5240 0x18
0 0 0x1260 0x1C5260 0x18
0 0 0x1280 0x1C5280 0x18
0 0 0x12A0 0x1C52A0 0x18
0 0 0x12C0 0x1C52C0 0x18
0 0 0x12E0 0x1C52E0 0x18
0 0 0x1300 0x1C5300 0x18
0 0 0x1320 0x1C5320 0x18
0 0 0x1340 0x1C5340 0x18
0 0 0x1360 0x1C5360 0x18
0 0 0x1380 0x1C5380 0x18
0 0 0x13A0 0x1C53A0 0x18
0 0 0x13C0 0x1C53C0 0x18
0 0 0x13E0 0x1C53E0 0x18
0 0 0x1400 0x1C5400 0x18
0 0 0x1420 0x1C5420 0x18
0 0 0x1440 0x1C5440 0x18
0 0 0x1460 0x1C5460 0x18
0 0 0x1480 0x1C5480 0x18
0 0 0x14A0 0x1C54A0 0x18
0 0 0x14C0 0x1C54C0 0x18
0 0 0x14E0 0x1C54E0 0x18
0 0 0x1500 0x1C5500 0x18
0 0 0x1520 0x1C5520 0x18
0 0 0x1540 0x1C5540 0x18
0 0 0x1560 0x1C5560 0x18
0 0 0x1580 0x1C5580 0x18
0 0 0x15A0 0x1C55A0 0x18
0 0 0x15C0 0x1C55C0 0x18
0 0 0x2000 0x1C6000 0x8
0 1 0x3000 0x1C7000 0x40
0 1 0x3040 0x1C7040 0x10 trsw_attach (e.g 1F FF 00 00 07 FF FF 07 FF FF 00 00 00 00 00 00)
0 1 0x30A0 0x1C70A0 0x2 get_icc_max (e.g 20 9A)
0 2 0x4000 0x1C8000 0x4C Serial Number + model Type (CUH-XXXXX), see below
0 2 0x4010 0x1C8010 0x10 SOCUID
0 2 0x4030 0x1C8030 0x11 Used in 5.05, Unique Identifier of Console, hw_info
0 2 0x4041 0x1C8041 0x1F Used in later firmwares, Unique Identifier of Console, hw_model
0 2 0x4060 0x1C8060 0x58
0 2 0x40C0 0x1C80C0 0xD
0 2 0x4100 0x1C8100 0x20
0 2 0x47D0 0x1C87D0 0x10 all zeroes usually
0 2 0x47F0 0x1C87F0 0x1
0 4 0x5000 0x1C9000 0x20 dipswitch flags, see below
0 4 0x5000 0x1C9000 0x1 SCE_REGMGR_ENT_KEY_DEVENV_TOOL_boot_param (FE Development Mode) (FB Assist Mode) (FF Release Mode)
0 4 0x5003 0x1C9003 0x1 Memory Budget (0xFF Normal, 0xFE Large)
0 4 0x5005 0x1C9005 0x1 Slow HDD Mode (0xFE ON) (0xFF OFF)
0 4 0x500B 0x1C900B 0x1 Unknown (0x87 on proto devkit)
0 4 0x5010 0x1C9010 0x1 vsh_4K Mode (0xFE ON) (0xFF OFF)
0 4 0x5020 0x1C9020 0x1 init_safe_mode flag
0 4 0x5021 0x1C9021 0x1 sysctl_machdep_cavern_dvt1_init_update
0 4 0x5030 0x1C9030 0x1 trsw_probe (01 for [ WLAN mode : FT ], else [ WLAN mode : OFF ]) also bt_sdio_probe and trs_probe
0 4 0x5038 0x1C9038 0x1 ethernet related (gbe)
0 4 0x5050 0x1C9050 0x1 is_extra_clock_available_rtc_status
0 4 0x5064 0x1C9064 0x4 sdk version?
0 4 0x5070 0x1C9070 0x4 manu_mode related (sdk version?)
0 4 0x5074 0x1C9074 0x4 Unknown (e.g. 84 72 4E 57)
0 4 0x507C 0x1C907C 0x4 manu_mode related (sdk version?)
0 4 0x5080 0x1C9080 varies (0x68-0x6C) acf token <- checked by sceSblDevActVerifyCheckExpire
0 4 0x5100 0x1C9100 0x100 sce_cam_error_put
0 4 0x5200 0x1C9200 varies (0x40-0x60) scrambled/obfuscated eap hdd key <- checked by g_crypt_deferred_init, also checked by read_idstorage
0 4 0x5301 0x1C9301 1 unknown (01 = enabled)
0 4 0x5311 0x1C9311 1 unknown (01 = enabled)
0 4 0x531F 0x1C931F 1 UART boot param? (setting this to 1 enables UART output on boot)
0 4 0x5320 0x1C9320 1 lvp_configure_get_gddr5clk
0 4 0x5322 0x1C9322 1 lvp_configure_tccds
0 4 0x5329 0x1C9329 1 related to lvp_config
0 4 0x5400 0x1C9400 0x210 token ???
0 4 0x5650 0x1C9650 0x290 qafutkn_ioctl
0 4 0x5900 0x1C9900 0x100 acf signature
0 4 0x5A00 0x1C9A00 0x190 token ???
0 4 0x5C00 0x1C9C00 0x3C HDD Info (e.g GHTSH ST4501019A6E08 613081DJ0124FZD129SN)
0 4 0x5C3C 0x1C9C3C 0x04 Unknown (e.g 05 C6 0A 00)
0 4 0x5C40 0x1C9C40 0x130 setPupExpirationStatus
0 4 0x6000 0x1CA000 0x300 wrappNvsRead, or regMgrNvsRead
0 4 0x600E 0x1CA00E 0x1 Unknown (Not Regions)
0 4 0x6040 0x1CA040 0x1 Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept)
0 4 0x6300 0x1CA300 0x300 wrappNvsRead, or regMgrNvsRead
0 4 0x6600 0x1CA600 0x20 Modes (See Below)
0 4 0x6600 0x1CA600 0x1 SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_idu_mode (0x01 Enabled 0x00 or 0xFF Disabled)
0 4 0x6601 0x1CA601 0X1 SCE_REGMGR_ENT_KEY_SYSTEM_update_mode (0xFF or 0x00 disabled) (0x10, 0x20, 0x30, 0x31, 0x32, 0x50 enabled)
0 4 0x6602 0x1CA602 0x1 SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_show_mode (0x01 Enabled 0x00 Disabled) (Testkit Only!)
0 4 0x6603 0x1CA603 0x1 SCE_REGMGR_ENT_KEY_REGISTRY_recover
0 4 0x6604 0x1CA604 0x4 SCE_REGMGR_ENT_KEY_SYSTEM_soft_version (deprecated) (devkit only?)
0 4 0x6609 0x1CA609 0x1 SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_arcade_mode
0 4 0x7C00 0x1CBC00 0x20 manu mode (all zeroes for enabled, all ffs for disabled)
0 4 0x7C40 0x1CBC40 0x20
0 4 0x7CC0 0x1CBCC0 0x20 srtc_modevent
? ? ??? 0x1CC31F 1 unknown (01 = enabled)
? ? ??? 0x1CF000 1 ?? FF disabled 00 enabled