Editing Flash:cvtrm

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 10: Line 10:
* [[Talk:Flash#VTRM]]
* [[Talk:Flash#VTRM]]
* [[Hypervisor Reverse Engineering#VTRM]]
* [[Hypervisor Reverse Engineering#VTRM]]
* [[Fixing DRL and CRL Hashes]]
* [[SC Manager#0x9000 - SC Manager]]
* [[SC Manager#0x9000 - SC Manager]]
* [[Talk:System Controller Firmware]]
* [[Talk:System Controller Firmware]]
Line 16: Line 15:
* [[PARAM.PFD]]
* [[PARAM.PFD]]
* [[Ps3vuart-tools#ps3dm]]
* [[Ps3vuart-tools#ps3dm]]
* [[Per Console Keys#cVTRM]]
* [[Fixing DRL and CRL Hashes]]
* [[RSOD Fix]]
* [[RSOD Fix]]


=Structure=
=Structure=


==NOR VTRM Structure==
==NOR Flash==
{| class="wikitable"
{| class="wikitable"
|-
|-
Line 48: Line 47:
|}
|}


==NAND VTRM Structure==
==NAND Flash==
 
Overview: A good way to understand the structure is to think in how the vtrm is created, there are 3 main processes where are written the 'magic_vtrm' sections (colored in black in the examples), in general lines can be said the 'magic_vtrm' sections are created "from bottom to top". This explain doesnt includes the processes needed to create the first 'magic_vtrm' section
 
At some point that should be considered the "initial state" is performed an "erase" command from 0xEC000 up to 0xF0000 (0x200 blocks are filled with 0xFF's). After that the first 2 blocks are reserved (from 0xEC000 up to 0xEC400). The creation process starts at the third block (at offset 0xEC0400), this section where is used for first time the 'magic_vtrm' can be considered the most "inner" vtrm, or the most older in the creation process
 
After that 'inner' vtrm is created (how is created is out of the explain) then the creation process returns to the first block (the area that was reserved before from 0xEC000 up to 0xEC400), most of the steps made to create this area consists in copying and indexing other areas of the 'inner' vtrm
 
So now the creation process is going to build the first 2 blocks... but the first 0x10 bytes of the first block (from 0xEC0000 up to 0xEC0010) are ignored at this point, the reason why are not created yet is because is not posible to know the amount of bytes that are going to be copyed below it in the next steps (now is going to start a process of copypasting at offset 0xEC0010)
 
This is when starts a process that im going to label the 'copypaste' that starts at offset 0xEC0010 and does three things, first it creates a value of 0x8 bytes (colored in green in the examples) with an offset that points to the 'inner' vtrm, then another value of 0x8 bytes (colored in green in the examples) that indicates how many bytes are going to be copypasted, then the bytes are copypasted below
 
This copypaste is made 3 times. The first one copypastes the VTRM header (the bytes from 0xEC0400 up to 0xEC0428 are copypasted to 0xEC0020 up to 0xEC0048). The second copypastes one of the encrypted data areas (the bytes from 0xEC2980 up to 0xEC29E0 are copypasted to 0xEC0058 up to EC00B8), for some reason i dont get now it "jumps" 0x40 bytes, and then it does another copypaste that works a bit different
 
In the third copypaste, the value that indicates the offset points to the 'exception' hash inside the '''hash_table''' (bytes from 0xEFE68C up to 0xEFE6A0 are copypasted to 0xEC0108 up to 0xEC011C), but instead of copying the 'exception' hash it copypastes the default hash value
 
At this point the creation process is near completed, the only thing left is to fill the 0x10 bytes at the beginning in the first vtrm block (at 0xEC0000), this small area is going to work as the entry point when reading the whole vtrm, and this is when is written the 'magic_scei' that is unique (is the only value from this blocks in common between NAND and NOR), the other thing that indicates this area (with the value 0xA8) is the length of the areas that has been copypasted below (but only the sum of the first two copypastes, for some reason the third copypaste is not included in this sum, also the position where the third copypaste happens is a bit weird i dont get why that position, is because the 0x40 gap but that gap makes no sense, the point is the gap is there and is related with the reason why the third copypaste to not be included in this sum)
 
----
The offsets used to make the copypastes in the first 2 blocks are absolute, this means is needed to start counting from outside of the vtrm, actually from the start of flash. When looking at a flash dump from inside a hexeditor, or here in wiki examples what we see is the whole flash data, but this view is not the logical map. The flash region starts at the [[Flash:Flashregion_Table | Flashregion Table]], at the absolute offset 0x40200
 
*For this reason is needed to add + 0x40200 to the offsets that appears inside vtrm to know where are pointing
**0xE80200 + 0x40200 = 0xEC0400 (inner VTRM start offset)
**0xE82780 + 0x40200 = 0xEC2980 (prototype encrypted data ofset)
**0xEBE48C + 0x40200 = 0xEFE68C (exception in the hast_table)


==Notes, speculation, brainstorming==
==Notes, speculation, brainstorming==
Trying to identify the encrypted data blocks based on the [[Authority ID]] and its position
*the start offset of some unknown areas can be find by searching for 0x1070. Is the start of an area of 8 bytes lenght (2+3+3) that probably are the offset or sizes of the next areas (and probably in blocks of 512 bytes). Some examples  (ctrl+f in webbrower to search for them in the page)
 
**10 70 00 00 02 00 00 01
*First auth ID (lpar auth id)
**10 70 00 00 39 00 00 01
** 10 70 00 00 02 00 00 01
**10 70 00 00 03 00 00 02
*** PS3_LPAR (a.k.a. GameOS access)
**10 70 00 05 FF 00 00 01
** 04 00 00 00 02 00 00 05
**04 00 00 00 02 00 00 05 (this one doesnt starts with 0x1070 as explained above, but seems to have the same purpose)
*** related with the PSN account ???
 
*Second auth ID (program auth id)
** 10 70 00 05 FF 00 00 01
*** /dev_flash/vsh/'''vsh.self'''
*** is copypasted from the inner vtrm to the vtrm on top, in both NAND and NOR
** 10 70 00 00 39 00 00 01
*** /dev_flash/bdplayer/'''bdp_bdmv.self'''
*** contains the hashes of '''DRL''' and '''CRL'''
*** is copyed and re-encrypted from the inner vtrm to the vtrm on top, only in NOR
** 10 70 00 00 03 00 00 02
*** /dev_flash/vsh/module/'''mgvideo.self'''
 
=LPAR Auth ID and Program Auth ID=
*VSH
**0x0400000002000005 - ???
**0x10700005FF000001 - vsh.self
*BDP
**0x1070000002000001 - LPAR 2
**0x1070000039000001 - bdp_bdmv.self
*VP
**0x1070000002000001 - LPAR 2
**0x1070000003000002 - mgvideo.self
 
http://www.psdevwiki.com/ps3/index.php?title=Fixing_DRL_and_CRL_Hashes&diff=13954&oldid=13803


=VTRM hashes and how to generate them=
=VTRM hashes and how to generate them=
Line 122: Line 72:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F  
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F  
   
   
  00EC0000  <span style="background:#000000; color:#ffffff;">53 43 45 49</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 A8</span>  SCEIVTRM.......¨     <---- '''magic_scei''', '''magic_vtrm''', '''copypasted_total_used_len'''
  00EC0000  <span style="background:#000000; color:#ffffff;">53 43 45 49</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 A8</span>  SCEIVTRM.......¨     <-- '''magic_scei''' + '''magic_vtrm''' + '''first_vtrm_len''' (includes the next 0xA8 bytes, up to the offset where starts the "erased" 0xFF's)
  00EC0010  <span style="background:#33ff33;">00 00 00 00 00 E8 02 00</span> <span style="background:#33ff33;">00 00 00 00 00 00 00 28</span>  .....è.........(     <---- '''copypaste_offset''', '''copypaste_len'''
  00EC0010  <span style="background:#33ff33;">00 00 00 00 00 E8 02 00</span> <span style="background:#33ff33;">00 00 00 00 00 00 00 28</span>  .....è.........(     <-- offset (00 00 00 00 00 E8 02 00) and '''first_vtrm_header_len''' = 0x28 (includes the next 0x28 bytes)
  00EC0020  <span style="background:#000000; color:#ffffff;">00 00 00 00</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 04</span>  ....VTRM........     <---- ''copyed'', ''copyed'', ''copyed''
  00EC0020  <span style="background:#000000; color:#ffffff;">00 00 00 00</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 04</span>  ....VTRM........     <-- VTRM section starts (first VTRM)
  00EC0030  <span style="background:#cc00cc;">FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47</span>  þm.ÄúÕÎÛ“†ü¡2;qG     <---- ''copyed''
  00EC0030  <span style="background:#dd00dd;">FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47</span>  þm.ÄúÕÎÛ“†ü¡2;qG     <-- 0x14 bytes hash, same value as 0xEC0410
  00EC0040  <span style="background:#cc00cc;">3B A5 C6 F9</span> <span style="background:#cc00cc;">C0 00</span> <span style="background:#cc00cc;">B6 70</span> <span style="background:#33ff33;">00 00 00 00 00 E8 27 80</span>  ;¥ÆùÀ.¶p.....è'€     <---- ''copyed'', ''copyed'', ''copyed'', '''copypaste_offset'''
  00EC0040  <span style="background:#dd00dd;">3B A5 C6 F9</span> <span style="background:#ff77ff;">C0</span> <span style="background:#ff77ff;">00</span> <span style="background:#ff77ff;">B6</span> <span style="background:#ff77ff;">70</span> <span style="background:#33ff33;">00 00 00 00 00 E8 27 80</span>  ;¥ÆùÀ.¶p.....è'€     <-- '''encrypted_table_offset''' = 0xE82780 ? and '''encrypted_slot_size''' = 0x60 ? (includes the next 0x60 bytes)
  00EC0050  <span style="background:#33ff33;">00 00 00 00 00 00 00 60</span> <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 09 20</span>  .......`.......       <---- '''copypaste_len''', ''copyed''
  00EC0050  <span style="background:#33ff33;">00 00 00 00 00 00 00 60</span> <span style="background:#ffcccc;">00 00 00 00 00 00 09 20</span>  .......`.......     <-- encrypted data related info, same 0x60 bytes at 0xEC2980
  00EC0060  <span style="background:#ff5555;">04 00 00 00 02 00 00 05</span> <span style="background:#ff6666;">10 70 00 05 FF 00 00 01</span> .........p..ÿ...      <---- ''copyed'', ''copyed''
  00EC0060  <span style="background:#ff8888;">04 00</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ffaaaa;">00 00 05</span> <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 05 FF</span> <span style="background:#ffaaaa;">00 00 01</span>  .........p..ÿ...
00EC0070  <span style="background:#ff7777; color:#99ffff;">0C 1C 05 9C AA B5 97 A5 9C D6 46 2D EA 22 46 BE</span> ...œªµ—¥œÖF-ê"F¾      <---- ''copyed''
00EC0070  <span style="background:#ff6666;">0C 1C 05 9C AA B5 97 A5 9C D6 46 2D EA 22 46 BE</span>  ...œªµ—¥œÖF-ê"F¾    <-- encrypted data
00EC0080  <span style="background:#ff7777; color:#99ffff;">D1 84 A9 1E 34 5F E7 90 55 49 11 82 51 9D 4A 3F</span>  Ñ„©.4_ç.UI.‚Q.J?      <---- ''copyed''
  00EC0080 <span style="background:#ff6666;">D1 84 A9 1E 34 5F E7 90 55 49 11 82 51 9D 4A 3F</span>  Ñ„©.4_ç.UI.‚Q.J?
00EC0090  <span style="background:#ff7777; color:#99ffff;">EF 43 19 E8 4F 6A 5B FF DA 31 E9 F0 76 C8 B2 6B</span>  ïC.èOj[ÿÚ1éðvȲk      <---- ''copyed''
  00EC0090 <span style="background:#ff6666;">EF 43 19 E8 4F 6A 5B FF DA 31 E9 F0 76 C8 B2 6B</span> ïC.èOj[ÿÚ1éðvȲk
  00EC00A0 <span style="background:#ff7777; color:#99ffff;">0B A7 47 8E BE 42 28 9F 2B 88 73 0B A5 B6 F2 1D</span>  .§GŽ¾B(Ÿ+ˆs.¥¶ò.     <---- ''copyed''
00EC00A0  <span style="background:#ff6666;">0B A7 47 8E BE 42 28 9F 2B 88 73 0B A5 B6 F2 1D</span>  .§GŽ¾B(Ÿ+ˆs.¥¶ò.
  00EC00B0 <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 00</span> <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF</span>  ........ÿÿÿÿÿÿÿÿ      <---- ''copyed'', '''0x40_bytes_gap'''
00EC00B0  <span style="background:#bb6666;">00 00 00 00 00 00 00 00</span> <span style="background:#bbbbbb;">FF FF FF FF FF FF FF FF</span> ........ÿÿÿÿÿÿÿÿ    <-- not-used slots for encrypted data ?
  [...]    <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ      <---- '''0x40_bytes_gap'''
  [...]    <span style="background:#bbbbbb;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00EC00F0  <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF</span> <span style="background:#33ff33;">00 00 00 00 00 EB E4 8C</span>  ÿÿÿÿÿÿÿÿ.....ë䌠     <---- '''0x40_bytes_gap''', '''copypaste_offset'''
00EC00F0  <span style="background:#bbbbbb;">FF FF FF FF FF FF FF FF</span> <span style="background:#33ff33;">00 00 00 00 00 EB E4 8C</span>  ÿÿÿÿÿÿÿÿ.....ë䌠   <-- '''hash_table_offset''' ? = 0xEBE48C and '''hash_size''' = 0x14 ? (includes the next 0x14 bytes)
00EC0100  <span style="background:#33ff33;">00 00 00 00 00 00 00 14</span> <span style="background:#99ffff;">39 17 52 0B 31 70 F5 05</span> ........9.R.1põ.      <---- '''copypaste_len''', ''copyed''
00EC0100  <span style="background:#33ff33;">00 00 00 00 00 00 00 14</span> <span style="background:#6666ff;">39 17 52 0B 31 70 F5 05</span>  ........9.R.1põ.    <-- 0x14 bytes hash, same than default on hashes table at 0xEF94C0
00EC0110  <span style="background:#99ffff;">02 5A C6 F8 81 F8 54 96 2F EF F3 81</span> <span style="background:#777777;">FF FF FF FF</span>  .ZÆø.øT–/ïó.ÿÿÿÿ      <---- ''copyed'', '''erased_bytes'''
00EC0110  <span style="background:#6666ff;">02 5A C6 F8 81 F8 54 96 2F EF F3 81</span> <span style="background:#777777;">FF FF FF FF</span>  .ZÆø.øT–/ïó.ÿÿÿÿ
  [...]    <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     <---- '''erased_bytes''' <--- to fill up to 512 bytes or 0x400 (2 blocks)
  [...]    <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ     <-- 0xFF's (erased bytes) to fill up to 512 bytes or 0x400 (1 block)
  00EC0400  <span style="background:#000000; color:#ffffff;">00 00 00 00</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 04</span>  ....VTRM........     <---- '''magic_void''' + '''magic_vtrm''' + '''next_unknown_stuff_len''' ? <---- inner vtrm
  00EC0400  <span style="background:#000000; color:#ffffff;">00 00 00 00</span> <span style="background:#000000; color:#ffffff;">56 54 52 4D</span> <span style="background:#000000; color:#ffffff;">00 00 00 00 00 00 00 04</span>  ....VTRM........     <-- VTRM section starts (second VTRM)
00EC0410  <span style="background:#cc00cc;">FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47</span>  þm.ÄúÕÎÛ“†ü¡2;qG     <---- '''SRH''' ? (secure root hash)
00EC0410  <span style="background:#dd00dd;">FE 6D 0B C4 FA D5 CE DB 93 86 FC A1 32 3B 71 47</span>  þm.ÄúÕÎÛ“†ü¡2;qG     <-- 0x14 bytes hash, same value as 0xEC0030
  00EC0420  <span style="background:#cc00cc;">3B A5 C6 F9</span> <span style="background:#cc00cc;">C0 00</span> <span style="background:#cc00cc;">B6 70</span> <span style="background:#7777ff;">00 00 00 00 00 00 04 90</span>  ;¥ÆùÀ.¶p........     <---- '''SRH''' ?, ''unknown'' (2 bytes), ''unknown'' (2 bytes), '''index_num''' = 0x490 (1168 in decimal)
  00EC0420  <span style="background:#dd00dd;">3B A5 C6 F9</span> <span style="background:#ff77ff;">C0</span> <span style="background:#ff77ff;">00</span> <span style="background:#ff77ff;">B6</span> <span style="background:#ff77ff;">70</span> <span style="background:#33ff33;">00 00 00 00 00 00 04 90</span>  ;¥ÆùÀ.¶p........     <-- offset ? (00 00 00 00 00 00 04 90) and counter ? (00 00 00 00 00 00 09 20)
  00EC0430  <span style="background:#7777ff;">00 00 00 00 00 00 09 20</span> <span style="background:#7777ff;">00 00 00 00 00 00 00 03</span>  ....... ........     <---- '''data_slots_total''', '''data_slots_used'''
  00EC0430  <span style="background:#33ff33;">00 00 00 00 00 00 09 20</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 03</span>  ....... ........     <-- 0x8 bytes pattern exception !
00EC0440  <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......       <---- '''index_table''' starts here (table_size = ???, entry_size = 0x8, entry_number = 0x490)
  [...]    <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span>  ....... .......     <-- 0x8 bytes repetive pattern
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......       
00EC1930  <span style="background:#ffff66;">00 00 00 00 00 00 00 01</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span>  ...............      <-- 0x8 bytes pattern exception !
00EC1930  <span style="background:#ffff66;">00 00 00 00 00 00 00 01</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ...............      <---- exception
  [...]    <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span>  ....... .......     <-- 0x8 bytes repetive pattern
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......       
00EC21F0  <span style="background:#ffff66;">00 00 00 00 00 00 00 02</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span>  ...............      <-- 0x8 bytes pattern exception !
00EC21F0  <span style="background:#ffff66;">00 00 00 00 00 00 00 02</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ...............      <---- exception
  [...]    <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span>  ....... .......     <-- 0x8 bytes repetive pattern
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span>  ....... .......    
00EC24F0  <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 00</span>  ....... ........    <-- 0x8 bytes pattern exception !
00EC24F0  <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#ffff66;">00 00 00 00 00 00 00 00</span>  ....... ........      <---- exception
  [...]    <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span> <span style="background:#bbbb66;">00 00 00 00 00 00 09 20</span>  ....... .......      <-- 0x8 bytes repetive pattern
  [...]    <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> <span style="background:#cccc66;">00 00 00 00 00 00 09 20</span> ....... .......     
00EC28C0  <span style="background:#ffcccc;">00 00 00 00 00 00 09 20</span> <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ffaaaa;">00 00 01</span>  ....... .p......     <-- encrypted data related info
00EC28C0  <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 09 20</span> <span style="background:#ff5555;">10 70 00 00 02 00 00 01</span>  ....... .p......     <---- ''unknown'', '''lpar_auth_id''' <---- '''data_table''' starts here (table_size = ???, entry_size = 0x60, entry_number = 0x920)
00EC28D0  <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 00 39</span> <span style="background:#ffaaaa;">00 00 01</span> <span style="background:#ff6666;">22 66 39 B3 0E 7A 1C E7</span>  .p..9..."f9³.z.ç     <-- encrypted data
00EC28D0  <span style="background:#ff6666;">10 70 00 00 39 00 00 01</span> <span style="background:#ff7777; color:#99ffff;">22 66 39 B3 0E 7A 1C E7</span>  .p..9..."f9³.z.ç     <---- '''prog_auth_id''', '''encrypted_data'''
  00EC28E0  <span style="background:#ff6666;">68 85 F9 94 A8 30 BE C4 0B 85 D0 92 1E C0 8F 28</span>  h…ù”¨0¾Ä.…Ð’.À.(
  00EC28E0  <span style="background:#ff7777; color:#99ffff;">68 85 F9 94 A8 30 BE C4 0B 85 D0 92 1E C0 8F 28</span>  h…ù”¨0¾Ä.…Ð’.À.(     <---- '''encrypted_data'''
  00EC28F0  <span style="background:#ff6666;">7F 70 ED 15 D6 22 06 24 D9 08 64 0B C0 D7 97 29</span>  .pí.Ö".$Ù.d.À×—)
  00EC28F0  <span style="background:#ff7777; color:#99ffff;">7F 70 ED 15 D6 22 06 24 D9 08 64 0B C0 D7 97 29</span>  .pí.Ö".$Ù.d.À×—)     <---- '''encrypted_data'''
  00EC2900  <span style="background:#ff6666;">BE A1 FE 91 D1 F2 D4 88 25 EF 24 86 E0 A3 CB 98</span>  ¾¡þ‘ÑòÔˆ%ï$†à£Ë˜
  00EC2900  <span style="background:#ff7777; color:#99ffff;">BE A1 FE 91 D1 F2 D4 88 25 EF 24 86 E0 A3 CB 98</span>  ¾¡þ‘ÑòÔˆ%ï$†à£Ë˜     <---- '''encrypted_data'''
00EC2910  <span style="background:#ff6666;">AF 17 6F B1 64 A0 56 E5</span> <span style="background:#bb6666;">00 00 00 00 00 00 00 01</span>  ¯.o±d Vå........
00EC2910  <span style="background:#ff7777; color:#99ffff;">AF 17 6F B1 64 A0 56 E5</span> <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 01</span>  ¯.o±d Vå........     <---- '''encrypted_data''', ''unkown''
00EC2920  <span style="background:#ffcccc;">00 00 00 00 00 00 09 20</span> <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ffaaaa;">00 00 01</span>  ....... .p......     <-- encrypted data related info
00EC2920  <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 09 20</span> <span style="background:#ff5555;">10 70 00 00 02 00 00 01</span> ....... .p......     <---- ''unkown'', '''lpar_auth_id'''
  00EC2930  <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 00 03</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ff6666;">F9 D9 6A 84 0C F2 D8 E7</span>  .p......ùÙj„.òØç     <-- encrypted data
  00EC2930  <span style="background:#ff6666;">10 70 00 00 03 00 00 02</span> <span style="background:#ff7777; color:#99ffff;">F9 D9 6A 84 0C F2 D8 E7</span> .p......ùÙj„.òØç     <---- '''prog_auth_id''', '''encrypted_data'''
  00EC2940  <span style="background:#ff6666;">D4 44 5C 3C DF D5 DF 0F B8 DC 3E 81 9A A4 71 8F</span>  ÔD\<ßÕß.¸Ü>.š¤q.
  00EC2940  <span style="background:#ff7777; color:#99ffff;">D4 44 5C 3C DF D5 DF 0F B8 DC 3E 81 9A A4 71 8F</span>  ÔD\<ßÕß.¸Ü>.š¤q.     <---- '''encrypted_data'''
  00EC2950  <span style="background:#ff6666;">0A A8 8B 90 1B 2C A1 D1 66 84 AA EE 65 D1 46 9A</span>  .¨‹..,¡Ñf„ªîeÑFš
  00EC2950  <span style="background:#ff7777; color:#99ffff;">0A A8 8B 90 1B 2C A1 D1 66 84 AA EE 65 D1 46 9A</span>  .¨‹..,¡Ñf„ªîeÑFš     <---- '''encrypted_data'''
  00EC2960  <span style="background:#ff6666;">D7 38 83 F2 78 47 D1 8E E5 FA EB 39 CF 26 E8 25</span>  ×8ƒòxGÑŽåúë9Ï&è%
  00EC2960  <span style="background:#ff7777; color:#99ffff;">D7 38 83 F2 78 47 D1 8E E5 FA EB 39 CF 26 E8 25</span>  ×8ƒòxGÑŽåúë9Ï&è%     <---- '''encrypted_data'''
  00EC2970  <span style="background:#ff6666;">85 DE 3B C6 0B C3 45 D5</span> <span style="background:#bb6666;">00 00 00 00 00 00 00 00</span>  …Þ;Æ.ÃEÕ........
  00EC2970  <span style="background:#ff7777; color:#99ffff;">85 DE 3B C6 0B C3 45 D5</span> <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 00</span>  …Þ;Æ.ÃEÕ........     <---- '''encrypted_data''', ''unkown''
  00EC2980  <span style="background:#ffcccc;">00 00 00 00 00 00 09 20</span> <span style="background:#ff8888;">04 00</span> <span style="background:#ffaaaa;">00 00 02</span> <span style="background:#ffaaaa;">00 00 05</span>  ....... ........     <-- encrypted data related info, same 0x60 bytes at 0xEC0058
  00EC2980  <span style="background:#ff0000; color:#ffff66;">00 00 00 00 00 00 09 20</span> <span style="background:#ff5555;">04 00 00 00 02 00 00 05</span>  ....... ........     <---- ''unkown'', '''lpar_auth_id'''
  00EC2990  <span style="background:#ff8888;">10 70</span> <span style="background:#ffaaaa;">00 05 FF</span> <span style="background:#ffaaaa;">00 00 01</span> <span style="background:#ff6666;">0C 1C 05 9C AA B5 97 A5</span>  .p..ÿ......œªµ—¥     <-- encrypted data
  00EC2990  <span style="background:#ff6666;">10 70 00 05 FF 00 00 01</span> <span style="background:#ff7777; color:#99ffff;">0C 1C 05 9C AA B5 97 A5</span>  .p..ÿ......œªµ—¥     <---- '''prog_auth_id''', '''encrypted_data'''
00EC29A0  <span style="background:#ff6666;">9C D6 46 2D EA 22 46 BE D1 84 A9 1E 34 5F E7 90</span>  œÖF-ê"F¾Ñ„©.4_ç.
00EC29A0  <span style="background:#ff7777; color:#99ffff;">9C D6 46 2D EA 22 46 BE D1 84 A9 1E 34 5F E7 90</span>  œÖF-ê"F¾Ñ„©.4_ç.     <---- '''encrypted_data'''
  00EC29B0  <span style="background:#ff6666;">55 49 11 82 51 9D 4A 3F EF 43 19 E8 4F 6A 5B FF</span>  UI.‚Q.J?ïC.èOj[ÿ
  00EC29B0  <span style="background:#ff7777; color:#99ffff;">55 49 11 82 51 9D 4A 3F EF 43 19 E8 4F 6A 5B FF</span>  UI.‚Q.J?ïC.èOj[ÿ     <---- '''encrypted_data'''
00EC29C0  <span style="background:#ff6666;">DA 31 E9 F0 76 C8 B2 6B 0B A7 47 8E BE 42 28 9F</span>  Ú1éðvȲk.§GŽ¾B(Ÿ
00EC29C0  <span style="background:#ff7777; color:#99ffff;">DA 31 E9 F0 76 C8 B2 6B 0B A7 47 8E BE 42 28 9F</span>  Ú1éðvȲk.§GŽ¾B(Ÿ     <---- '''encrypted_data'''
  00EC29D0  <span style="background:#ff6666;">2B 88 73 0B A5 B6 F2 1D</span> <span style="background:#bb6666;">00 00 00 00 00 00 00 00</span>  +ˆs.¥¶ò.........
  00EC29D0  <span style="background:#ff7777; color:#99ffff;">2B 88 73 0B A5 B6 F2 1D</span> <span style="background:#ff9999; color:#ffff66;">00 00 00 00 00 00 00 00</span>  +ˆs.¥¶ò.........     <---- '''encrypted_data''', ''unkown''
   [...]    <span style="background:#bbbbbb;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ      <-- not-used slots for encrypted data ?
   [...]    <span style="background:#aaaaaa;">FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF</span>  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ      <---- free data slots starts here
  00EF94C0  <span style="background:#6666ff;">39 17 52 0B 31 70 F5 05 02 5A C6 F8 81 F8 54 96</span>  9.R.1põ..ZÆø.øT–      <-- 0x14 bytes lenght hashes table start, default is same than 0xEC0108
  00EF94C0  <span style="background:#99ffff;">39 17 52 0B 31 70 F5 05 02 5A C6 F8 81 F8 54 96</span>  9.R.1põ..ZÆø.øT–      <---- '''signature_table start''' (table_size = ??? , entry_size = 0x14, entry_number = 490)
00EF94D0  <span style="background:#6666ff;">2F EF F3 81</span>                                      /ïó.
00EF94D0  <span style="background:#99ffff;">2F EF F3 81</span>                                      /ïó.                 [...] '''signature_empty''' (repeated)
   [...]     the same hash repeated, with some exceptions                          <--
   [...]       the same hash repeated, with a exception                            [...] '''signature_dummy''' (exception) at 0xEFE68C-0xEFE6A0, position ??? (decimal), relative offset = 0x???
00EFEFE0                                      <span style="background:#6666ff;">39 17 52 0B</span>              9.R.
00EFEFE0                                      <span style="background:#99ffff;">39 17 52 0B</span>              9.R.     [...] '''signature_empty''' (repeated)
  00EFEFF0  <span style="background:#6666ff;">31 70 F5 05 02 5A C6 F8 81 F8 54 96 2F EF F3 81</span>  1põ..ZÆø.øT–/ïó.      <-- 0x14 bytes lenght hashes table end
  00EFEFF0  <span style="background:#99ffff;">31 70 F5 05 02 5A C6 F8 81 F8 54 96 2F EF F3 81</span>  1põ..ZÆø.øT–/ïó.      [...]
   [...]    <span style="background:#777777;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span>  ................      <-- 0x00's filled up to end of file (0x7800 blocks)
   [...]    <span style="background:#777777;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span>  ................     
  00EFFFF0  <span style="background:#777777;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span>  ................
  00EFFFF0  <span style="background:#777777;">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00</span>  ................     <---- 0x00's filled up to end of file (0x1FE blocks)


==NOR Example==
==NOR Example==
Line 183: Line 132:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
   
00EC0000  <span style="background:#000000; color:#ffffff;">53 43 45 49</span> <span style="background:#777777;">FF FF FF FF FF FF FF FF FF FF FF FF</span>  SCEIÿÿÿÿÿÿÿÿÿÿÿÿ    <---- '
00EC0000  53 43 45 49 FF FF FF FF FF FF FF FF FF FF FF FF  SCEIÿÿÿÿÿÿÿÿÿÿÿÿ
00EC0010  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
...
00EC3FF0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00EC4000  00 00 00 00 56 54 52 4D 00 00 00 00 00 00 00 04  ....VTRM........
00EC4010  0D 20 53 4F EE E8 06 E3 E7 AC 57 E1 E9 64 6C BF  . SOîè.ãç¬Wáédl¿
00EC4020  ED BE 69 E1 00 00 00 E0 00 00 00 00 00 00 02 09  í¾iá...à........
00EC4030  00 00 00 00 00 00 04 12 00 00 00 00 00 00 00 02  ................
00EC4040  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC4050  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC4060  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC4070  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC4080  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC4090  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC40A0  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC40B0  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC40C0  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC40D0  00 00 00 00 00 00 04 12 00 00 00 00 00 00 04 12  ................
00EC40E0  00 00 00 00 00 00 04 12 00 00


{{Flash}}
{{Flash}}
<noinclude>[[Category:Main]]</noinclude>
<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/Flash:cvtrm"