Secure Loader: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
No edit summary
Line 55: Line 55:
= Revision Nonce Collection =
= Revision Nonce Collection =


* TODO
{| class="wikitable"
! Hash !! Versions Supported !! Notes
|-
| {hex| 7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE} || ???5.01-5.05??? || Needs more research
|-
}

Revision as of 19:10, 13 June 2023

SAMU IPL, codenamed as 80000001, is the main loader of the Secure Kernel (80010001)
The header contained in it contains the following information:

Header Info

Offset Size Description Notes
0x0 4 Magic 5E D7 9A 0B
0x4 4 Header Size Little Endian (0x280)
0x8 4 Entry Point Little Endian (0x100)
0xC 4 Payload Size Little Endian (e.g 0x232D0)
0x10 0x10 Padding Zeroes
0x20 0x20 SHA256 of the decrypted payload Verified from 0x280 to 0x23550
0x40 0xE0 Padding Ascii Zeroes
0x120 0x20 Revision Nonce (Likely) SHA256 of the IPL's revision, from this point onward, SAM IPL is encrypted with two layers of CBC crypto
0x140 0x40 Metadata
0x180 0x100 RSA Header Signature Verified with rsa modulus from SAMU BootROM from 0 to 0x180
0x280 0x232D0 Payload
0x23550 0x100 RSA Footer Signature Verified from header + body (somewhere else, likely PUP SM Manager)

MetaData Info

Offset Size Description Notes
0x0 0x20 MetaData Body Contains Keyslot Keys
0x20 0x20 HDR + MetaData SHA256HMAC SHA256 of hdr plus metadata (HMAC)

MetaData Body

Offset Size Description Notes
0x0 0x20 KeySlot 1

Revision Nonce Collection

}
Hash Versions Supported Notes
7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE} ???5.01-5.05??? Needs more research