Editing Spock
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
| Latest revision | Your text | ||
| Line 5: | Line 5: | ||
You can more or less access Spock through Lepton's ram (there is some hidden test mode on Lepton allowing you to do this). Mathieulh will tell more on this later if he ever get the time to clean up those sources. | You can more or less access Spock through Lepton's ram (there is some hidden test mode on Lepton allowing you to do this). Mathieulh will tell more on this later if he ever get the time to clean up those sources. | ||
= | = Structure = | ||
<pre> | <pre> | ||
0xBDF00010 = CMD Number | |||
0xBDF00010 = | |||
sceUmdMan_driver_1b1bf9fd = sceUmdExecRead10Cmd | |||
sceUmdMan_driver_1b1bf9fd = sceUmdExecRead10Cmd | |||
</pre> | </pre> | ||
| Line 34: | Line 18: | ||
SPOCK Operations: | SPOCK Operations: | ||
0x01: Init1 | 0x01: Init1 | ||
0x02: | 0x02: Init2 | ||
0x03: Step1 | 0x03: Step1 | ||
0x04: Step2 | 0x04: Step2 | ||
| Line 40: | Line 24: | ||
0x06: | 0x06: | ||
0x07: | 0x07: | ||
0x08: Decrypt UMD master key | 0x08: Decrypt UMD master key | ||
0x09: Decrypt IDStorage UMD leaves | 0x09: Decrypt IDStorage UMD leaves | ||
0x0A: Decrypt UMD Disc Sector | 0x0A: Decrypt UMD Disc Sector | ||
0x0B: Reset SPOCK | 0x0B: Reset SPOCK | ||
0x0C: | 0x0C: | ||
</pre> | </pre> | ||
| Line 50: | Line 34: | ||
== Command 1 (Init 1) == | == Command 1 (Init 1) == | ||
== Command 2 (Init 2) == | |||
== Command 2 ( | |||
== Command 3 (Step 1) == | == Command 3 (Step 1) == | ||
| Line 67: | Line 46: | ||
== Command 7 == | == Command 7 == | ||
== Command 8 (Decrypt UMD master key | == Command 8 (Decrypt UMD master key) == | ||
== Command 9 (Decrypt IDStorage UMD leaves) == | |||
Spock command 9 key is used to decrypt UMD leaves stored in [[IDStorage]]. Those leaves are then used in Spock command 8 to decrypt the UMD master key (per disc key). Then this key is used in Spock command 10 to decrypt the UMD raw sectors. Each different PSP region seems to have its own set of UMD keys. | Spock command 9 key is used to decrypt UMD leaves stored in [[IDStorage]]. Those leaves are then used in Spock command 8 to decrypt the UMD master key (per disc key). Then this key is used in Spock command 10 to decrypt the UMD raw sectors. Each different PSP region seems to have its own set of UMD keys. | ||
| Line 101: | Line 62: | ||
== Command 11 (0xB) (Reset Spock) == | == Command 11 (0xB) (Reset Spock) == | ||
== Command 12 (0xC) ( | == Command 12 (0xC) (Read RAW UMD Sectors?) == | ||
* Seems to exist only on KICHO DENCHO PSP firmware and devkit firmware, inside UMDMAN.prx | * Seems to exist only on KICHO DENCHO PSP firmware and devkit firmware, inside UMDMAN.prx | ||
| Line 107: | Line 68: | ||
= Where are spock commands used = | = Where are spock commands used = | ||
* Commands 8 and 0xA are used on psp retail firmware, as well as testkit firmware | |||
* Commands 8 and 0xA are used on psp retail firmware, as well as testkit firmware | * Commands 1, 2, 3, 4, 5, 8, 9, 0xA and 0xB are used on AV test tool firmware | ||
* Commands 1, 2, 3, 4, 5, 8, 9, 0xA and 0xB are used on AV test tool firmware | |||
* Commands 1, 2, 3, 4, 5, 8, 9, 0xA, 0xB and 0xC are used on Kicho Dencho firmware, which is a special factory firmware. | * Commands 1, 2, 3, 4, 5, 8, 9, 0xA, 0xB and 0xC are used on Kicho Dencho firmware, which is a special factory firmware. | ||
* Commands 1, 2, 3, 4, 5, 8, 9, 0xA, 0xB and 0xC are used on devkit firmware as well. | * Commands 1, 2, 3, 4, 5, 8, 9, 0xA, 0xB and 0xC are used on devkit firmware as well. | ||
* Usage of these commands can always be found in UMDMAN.prx | * Usage of these commands can always be found in UMDMAN.prx | ||