Undocumented SPU Channels
Jump to navigation
Jump to search
Channels 64, 72 and 73[edit | edit source]
Used for storing the version.
Reading/writing the data:
void read_ch73(u32 skip, u32 *buf, u32 len)
{
u32 i;
spu_wrch(64, 0x10000);
for(i = 0; i < skip; i++)
spu_rdch(73);
for(i = 0; i < len; i++)
buf[i] = spu_rdch(73);
}
void write_ch72(u32 skip, u32 *buf, u32 len)
{
u32 i:
spu_wrch(64, 0x10000);
for(i = 0; i < skip; i++)
spu_wrch(72, spu_rdch(73));
for(i = 0; i < len; i++)
spu_wrch(72, buf[i]);
}
lv1ldr writes the version:
s64 lv1ldr_main(...)
{
//...
u64 ldr_ver = 0x0003004100000000;
write_ch72(0, &ldr_ver, 2);
//...
}
Other isolated binaries check the version:
s64 check_version(u64 ldr_ver)
{
u64 stored_ver;
read_ch73(0, &stored_ver, 2);
//...
}
s64 load_isoself(...)
{
ldr_ver = 0x0003004100000000;
if(check_version(ldr_ver) != 0)
return 0x30;
//...
}
Seems lv1ldr 3.60+ storing root scramble key with its version to this buffer:
example for version 3.66: version: 00 03 00 66 00 00 00 00 00 00 00 00 rootkey: 86 51 28 F7 45 84 59 47 A0 CE finalbuf: 86 03 51 66 28 F7 45 84 59 47 A0 CE
Channels 69, 70, and 71[edit | edit source]
Performance monitor related. Described in rpcs3 source code. Link
SPU_Set_Bkmk_Tag = 69, // Causes an event that can be logged in the performance monitor logic if enabled in the SPU.
// ps2_netemu VU1 and PS2-SPU2 spe programs write something to that channel.
SPU_PM_Start_Ev = 70, // Starts the performance monitor event if enabled
SPU_PM_Stop_Ev = 71, // Stops the performance monitor event if enabled
spu_rdchcnt() returns 1 for all of them.
Channel 74[edit | edit source]
Returns random data. Mostly used as a seed to feed a FIPS 186 PRNG with it.
Official name is CH_RNG
Sample data (256 MB): https://mega.co.nz/#!gNc0hQrR!4rC-Stz5yqi7yqvp6OWOQcxB_XhlrOadoE_fE5fyDxE
A bitmap generated from RNG samples:
