Non Volatile Storage: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
Line 211: Line 211:
| 0 || 4 || 0x1000 || 0x1CA000 || 0x300 || wrappNvsRead, or regMgrNvsRead
| 0 || 4 || 0x1000 || 0x1CA000 || 0x300 || wrappNvsRead, or regMgrNvsRead
|-
|-
| 0 || 4 || 0x100E || 0x1CA00E || 0x1 || {{Regions}}
| 0 || 4 || 0x100E || 0x1CA00E || 0x1 || [[:Regions]]
|-
|-
| 0 || 4 || 0x1040 || 0x1CA040 || 0x1 || Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept)
| 0 || 4 || 0x1040 || 0x1CA040 || 0x1 || Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept)

Revision as of 02:51, 27 June 2022

Same as PS3's NVS, used for storing tokens and flags. You can access it by using the function icc_nvs_read (or by ftp'ing the respective regions with root flags server).
Seems that a total of 7 regions(blocks) exist in 2 banks, main bank and backup bank
The kernel accesses only the 5th and the 2nd region, however it's possible to read the other 5 (also the entirety of it by reading /dev/sflash0s0x34 with BUF_SIZE 0x200 from ftp ).
Most, if not all, of the NVS regions can be accessed also in sflash, starting with offset 0x1C4000.

Mapping of the area (NVS service)

Bank # Block # Start Offset in /dev/sflash0s0x34 Start Offset in Sflash Size Notes
0 0 0 0x1C4000 0x3000 does not match, probably one (sflash or nvs, likely sflash) updates data
0 1 0x3000 0x1C7000 0x1000 match
0 2 0x4000 0x1C8000 0x800 match, console data region
0 3 0x4800 0x1C8800 0x800 match, all ffs?
0 4 0x5000 0x1C9000 0x3000 match, tokens and flags region
1 0 0x8000 0x1CC000 0x3000 match, tokens and flags region (backup)
1 1 0xB000 0x1CF000 0x1000 match

Mapping of the detailed area (NVS service)

Bank # Block # Start Offset Start Offset in Sflash Size Notes
0 0 0 0x1C4000 0x8
0 0 0x20 0x1C4020 0x6
0 0 0x50 0x1C4050 0x1
0 0 0x60 0x1C4060 0x5
0 0 0x76 0x1C4076 0x1
0 0 0x7A 0x1C407A 0x6
0 0 0x80 0x1C4080 0x1
0 0 0x96 0x1C4096 0x3
0 0 0x9A 0x1C409A 0x2
0 0 0xAC 0x1C40AC 0x4
0 0 0x7FE 0x1C47FE 0x2
0 0 0x801 0x1C4801 0x1
0 0 0x810 0x1C4810 0x12
0 0 0x84C 0x1C484C 0x2
0 0 0x854 0x1C4854 0x2
0 0 0x870 0x1C4870 0xC
0 0 0x8A0 0x1C48A0 0x1C
0 0 0xFFE 0x1C4FFE 0x2
0 0 0x1000 0x1C5000 0x64
0 0 0x1220 0x1C5220 0x18
0 0 0x1240 0x1C5240 0x18
0 0 0x1260 0x1C5260 0x18
0 0 0x1280 0x1C5280 0x18
0 0 0x12A0 0x1C52A0 0x18
0 0 0x12C0 0x1C52C0 0x18
0 0 0x12E0 0x1C52E0 0x18
0 0 0x1300 0x1C5300 0x18
0 0 0x1320 0x1C5320 0x18
0 0 0x1340 0x1C5340 0x18
0 0 0x1360 0x1C5360 0x18
0 0 0x1380 0x1C5380 0x18
0 0 0x13A0 0x1C53A0 0x18
0 0 0x13C0 0x1C53C0 0x18
0 0 0x13E0 0x1C53E0 0x18
0 0 0x1400 0x1C5400 0x18
0 0 0x1420 0x1C5420 0x18
0 0 0x1440 0x1C5440 0x18
0 0 0x1460 0x1C5460 0x18
0 0 0x1480 0x1C5480 0x18
0 0 0x14A0 0x1C54A0 0x18
0 0 0x14C0 0x1C54C0 0x18
0 0 0x14E0 0x1C54E0 0x18
0 0 0x1500 0x1C5500 0x18
0 0 0x1520 0x1C5520 0x18
0 0 0x1540 0x1C5540 0x18
0 0 0x1560 0x1C5560 0x18
0 0 0x1580 0x1C5580 0x18
0 0 0x15A0 0x1C55A0 0x18
0 0 0x15C0 0x1C55C0 0x18
0 0 0x2000 0x1C6000 0x8
0 1 0 0x1C7000 0x40
0 1 0x40 0x1C7040 0x10 trsw_attach
0 1 0xA0 0x1C70A0 0x2 get_icc_max
0 2 0 0x1C8000 0x4C Serial Number + model Type (CUH-XXXXX), see below
0 2 0x10 0x1C8010 0x10 SOCUID
0 2 0x30 0x1C8030 0x11 Used in 5.05, Unique Identifier of Console, hw_info
0 2 0x41 0x1C8041 0x1F Used in later firmwares, Unique Identifier of Console, hw_model
0 2 0x60 0x1C8060 0x58
0 2 0xC0 0x1C80C0 0xD
0 2 0x100 0x1C8100 0x20
0 2 0x7D0 0x1C87D0 0x10
0 2 0x7F0 0x1C87F0 0x1
0 4 0 0x1C9000 0x20 dipswitch flags, see below
0 4 0 0x1C9000 0x1 SCE_REGMGR_ENT_KEY_DEVENV_TOOL_boot_param (FE Development Mode) (FB Assist Mode) (FF Release Mode)
0 4 3 0x1C9003 0x1 Memory Budget (0xFF Normal, 0xFE Large)
0 4 5 0x1C9005 0x1 Slow HDD Mode (0xFE ON) (0xFF OFF)
0 4 0x10 0x1C9010 0x1 vsh_4K Mode (0xFE ON) (0xFF OFF)
0 4 0x20 0x1C9020 0x1 init_safe_mode flag
0 4 0x21 0x1C9021 0x1 sysctl_machdep_cavern_dvt1_init_update
0 4 0x30 0x1C9030 0x1 trsw_probe (01 for [ WLAN mode : FT ], else [ WLAN mode : OFF ]) also bt_sdio_probe and trs_probe
0 4 0x38 0x1C9038 0x1 ethernet related (gbe)
0 4 0x50 0x1C9050 0x1 is_extra_clock_available_rtc_status
0 4 0x66 0x1C9066 0x1 ???
0 4 0x70 0x1C9070 0x4 manu_mode related (sdk version?)
0 4 0x70 0x1C9074 0x4 manu_mode related (sdk version?)
0 4 0x80 0x1C9080 varies (0x68-0x6C) acf token <- checked by sceSblDevActVerifyCheckExpire
0 4 0x100 0x1C9100 0x100 sce_cam_error_put
0 4 0x200 0x1C9200 varies (0x40-0x60) scrambled/obfuscated eap hdd key <- checked by g_crypt_deferred_init, also checked by read_idstorage
0 4 0x301 0x1C9301 1 unknown (01 = enabled)
0 4 0x311 0x1C9311 1 unknown (01 = enabled)
0 4 0x31F 0x1C931F 1 UART boot param? (setting this to 1 enables UART output on boot)
0 4 0x320 0x1C9320 1 lvp_configure_get_gddr5clk
0 4 0x322 0x1C9322 1 lvp_configure_tccds
0 4 0x329 0x1C9329 1 related to lvp_config
1 4 0x400 0x1C9400 0x210 token ???
1 4 0x650 0x1C9650 0x290 qafutkn_ioctl
0 4 0x900 0x1C9900 0x100 acf signature
1 4 0xA00 0x1C9A00 0x190 token ???
0 4 0xC40 0x1C9C40 0x130 setPupExpirationStatus
0 4 0x1000 0x1CA000 0x300 wrappNvsRead, or regMgrNvsRead
0 4 0x100E 0x1CA00E 0x1 Regions
0 4 0x1040 0x1CA040 0x1 Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept)
0 4 0x1300 0x1CA300 0x300 wrappNvsRead, or regMgrNvsRead
0 4 0x1600 0x1CA600 0x20 Modes (See Below)
0 4 0x1600 0x1CA600 0x1 SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_idu_mode (0x01 Enabled 0x00 or 0xFF Disabled)
0 4 0x1601 0x1CA601 0X1 SCE_REGMGR_ENT_KEY_SYSTEM_update_mode (0xFF or 0x00 disabled) (0x10, 0x20, 0x30, 0x31, 0x32, 0x50 enabled)
0 4 0x1602 0x1CA602 0x1 SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_show_mode (0x01 Enabled 0x00 Disabled) (Testkit Only!)
0 4 0x1603 0x1CA603 0x1 SCE_REGMGR_ENT_KEY_REGISTRY_recover
0 4 0x1604 0x1CA604 0x4 SCE_REGMGR_ENT_KEY_SYSTEM_soft_version (deprecated) (devkit only?)
0 4 0x1609 0x1CA609 0x1 SCE_REGMGR_ENT_KEY_SYSTEM_SPECIFIC_arcade_mode
0 4 0x2C00 0x1CBC00 0x20 manu mode (all zeroes for enabled, all ffs for disabled)
0 4 0x2C40 0x1CBC40 0x20
0 4 0x2CC0 0x1CBCC0 0x20 srtc_modevent
? ? ??? 0x1CC31F 1 unknown (01 = enabled)
? ? ??? 0x1CF000 1 Multiple Instalations with Same Title ID FF enabled 00 disabled