Memory Card: Difference between revisions
Jump to navigation
Jump to search
Cfwprophet (talk | contribs) |
Cfwprophet (talk | contribs) No edit summary |
||
Line 13: | Line 13: | ||
| 3 || VCC || Voltage | | 3 || VCC || Voltage | ||
|- | |- | ||
| 4 || | | 4 || D3 || Data 2 | ||
|- | |- | ||
| 5 || | | 5 || D2 || Data 3 | ||
|- | |- | ||
| 6 || D1 || Data 1 | | 6 || D1 || Data 1 | ||
Line 27: | Line 27: | ||
|} | |} | ||
pinouts by [https://twitter.com/Asdron_/status/ | pinouts by [https://twitter.com/Asdron_/status/781948076281954304 Asdron] also confirmed by [https://twitter.com/Asdron_/status/781948076281954304 RichDevX] | ||
About Pin 1: "it's an input pin on the host controller (pulled up high), and the pin on the card is grounded" (source [https://twitter.com/RichDevX/status/779282383132626945 RichDevX]) | About Pin 1: "it's an input pin on the host controller (pulled up high), and the pin on the card is grounded" (source [https://twitter.com/RichDevX/status/779282383132626945 RichDevX]) | ||
Line 56: | Line 56: | ||
* [https://twitter.com/RichDevX/status/781307476700491777 Looks like we found a match, that wasn't too hard :P http://crccalc.com/ (CRC-16/BUYPASS)] [https://pbs.twimg.com/media/CtfCyNEXYAAMEPP.jpg picture] | * [https://twitter.com/RichDevX/status/781307476700491777 Looks like we found a match, that wasn't too hard :P http://crccalc.com/ (CRC-16/BUYPASS)] [https://pbs.twimg.com/media/CtfCyNEXYAAMEPP.jpg picture] | ||
* [https://twitter.com/RichDevX/status/781948956666396672 It's game time, all your commands are belong to us ^_^] [https://pbs.twimg.com/media/CtoKK_NXYAAkafs.jpg picture] |
Revision as of 00:48, 1 October 2016
Pinout
don't try to take it apart like this
Pin | Signal | Description |
---|---|---|
1 | INS | Detection Pin |
2 | SCLK | Serial Clock |
3 | VCC | Voltage |
4 | D3 | Data 2 |
5 | D2 | Data 3 |
6 | D1 | Data 1 |
7 | D0 | Data 0 |
8 | BS | Bus State |
9 | VSS | Ground |
pinouts by Asdron also confirmed by RichDevX
About Pin 1: "it's an input pin on the host controller (pulled up high), and the pin on the card is grounded" (source RichDevX)
Soft Reversing
The OS driver for the Memory Card can be found here:
os0:kd/magicgate.skprx
But this will require a kernel exploit source to be able to dump this kernel driver and reverse / analyze it for future purpose which is right now not possible to do the lack of the source code for HENkaku.
HW Reversing
(by RichDevX)
- Waveform of the memory card, planning to release the source code for the simple logic analyzer soon. PulseView is awesome :D picture
- Hmm, although it appears to be based on memory stick pro, looks like they may be using a different command set picture
- Here's the famous serial to parallel transition command (was it designed to look like a transformer E core on purpose? ^_^) picture
@RichDevX I don't know what is that picture... But seems good. Right? @ACViperPro it's just a graphical representation of two separate sessions of 1s and 0s ^_^ (binary state of digital signals). as for the significance, the sessions are exactly the same. there's also a lot of whitespace which is a good indication :P.
@RichDevX i'm totally noob but, quoting @yifanlu.. "Some.. packets are constant.. others--partially change after each time you turn on Vita". @RichDevX "This is most likely related to some encryption mechanism." Encrypting the handshake is not much different from encrypting all! xD. @Danyfenix69 we can deal with challenge/response handshakes, session encryption would require much more work