From PS3 Developer wiki
Jump to navigation Jump to search

NID generation[edit | edit source]

A way to generate a few sort of NIDs was found in 0.945 PSVita armlibgen.exe, and in 3.00 PS3 ppu-lv2-prx-libgen.exe:

uint32_t nid = sha1(concat(name, suffix));

Suffixes can be found here, here and here.

PSP[edit | edit source]

PSP NIDs had no suffix until a certain System Software version around 3.50.

Since that version, the suffixes are unknown.

PS3[edit | edit source]

Regular exports[edit | edit source]

To calculate FNID value of exported/imported symbol from .PRX you need to take SHA-1 hash over concatenation of symbol's name and ps3_nid_suffix and then grab first 4 bytes from it and reverse these bytes (because of little-endian). Let's take, for example, _sys_sprintf:

 SHA1('_sys_sprintf' + '\x67\x59\x65\x99\x04\x25\x04\x90\x56\x64\x27\x49\x94\x89\x74\x1A') = FEEAF9A123D7D1A7619B40CD52500F9735A852A4
 FNID('_sys_sprintf') = swap_uint32(0xFEEAF9A1) = 0xA1F9EAFE.

For C++ functions you should use mangled representation of symbol's name. For example, mangled name of std::runtime_error::what() const is _ZNKSt13runtime_error4whatEv and FNID('_ZNKSt13runtime_error4whatEv') = 0x5333BDC9.

More complex example: FNID(mangle('std::basic_filebuf<wchar_t, std::char_traits<wchar_t> >::seekpos(std::fpos<std:: _Mbstatet>, std::_Iosb<int>::_Openmode)')) = FNID('_ZNSt13basic_filebufIwSt11char_traitsIwEE7seekposESt4fposISt9_MbstatetENSt5_IosbIiE9_OpenmodeE') = 0xB6A4D760

NONAME exports[edit | edit source]

For import stubs with no names, you must use SHA1 over concatenation of symbol's name and ps3_noname_nid_suffix as an ascii string. Some examples of noname imports are module_start, module_info, and module_stop. SHA1('module_info' + ps3_noname_nid_suffix) = 1630f4d70bf3df419db9d481983411fd3130482a = 0xD7F43016

PS Vita[edit | edit source]

Regular exports[edit | edit source]

Suffix is per-library. Some old PS Vita modules use suffixless NIDs.

NONAME exports[edit | edit source]

Suffix is known from PS Vita armlibgen.exe executable reverse-engineering.

NID generation code[edit | edit source]

Here is some code in C# with the example "sys_crash_dump_get_user_log_area":

 void main() { 
   byte[] input = GetBytes(BitConverter.ToString(Encoding.UTF8.GetBytes("sys_crash_dump_get_user_log_area")).Replace("-","") + "6759659904250490566427499489741A");
   Console.WriteLine(BitConverter.ToInt32( SHA1CryptoServiceProvider.Create().ComputeHash(input) ,0 ).ToString("X0"));

 byte[] GetBytes(string str) {
   byte[] bytes = new byte[str.Length / 2];
   for (int i = 0; i < str.Length; i += 2)
       bytes[i / 2] = byte.Parse(str.Substring(i, 2), System.Globalization.NumberStyles.HexNumber);
   return bytes;