Non Volatile Storage

From PS4 Developer wiki
Revision as of 14:15, 24 August 2021 by Zecoxao (talk | contribs) (Mapping of the detailed area (NVS service))
Jump to: navigation, search

Same as PS3's NVS, used for storing tokens and flags. You can access it by using the function icc_nvs_read (or by ftp'ing the respective regions with root flags server).
Seems that a total of 7 regions(blocks) exist in 2 banks, main bank and backup bank
The kernel accesses only the 5th and the 2nd region, however it's possible to read the other 5 (also the entirety of it by reading /dev/sflash0s0x34 with BUF_SIZE 0x200 from ftp ).
Most, if not all, of the NVS regions can be accessed also in sflash, starting with offset 0x1C4000.

Mapping of the area (NVS service)

Bank # Block # Start Offset in /dev/sflash0s0x34 Start Offset in Sflash Size Notes
0 0 0 0x1C4000 0x3000 does not match, probably one (sflash or nvs, likely sflash) updates data
0 1 0x3000 0x1C7000 0x1000 match
0 2 0x4000 0x1C8000 0x800 match, console data region
0 3 0x4800 0x1C8800 0x800 match, all ffs?
0 4 0x5000 0x1C9000 0x3000 match, tokens and flags region
1 0 0x8000 0x1CC000 0x3000 match, tokens and flags region (backup)
1 1 0xB000 0x1CF000 0x1000 match

Mapping of the detailed area (NVS service)

Bank # Block # Start Offset Start Offset in Sflash Size Notes
0 0 0 0x1C4000 0x8
0 0 0x20 0x1C4020 0x6
0 0 0x50 0x1C4050 0x1
0 0 0x60 0x1C4060 0x5
0 0 0x76 0x1C4076 0x1
0 0 0x7A 0x1C407A 0x6
0 0 0x80 0x1C4080 0x1
0 0 0x96 0x1C4096 0x3
0 0 0x9A 0x1C409A 0x2
0 0 0xAC 0x1C40AC 0x4
0 0 0x7FE 0x1C47FE 0x2
0 0 0x801 0x1C4801 0x1
0 0 0x810 0x1C4810 0x12
0 0 0x84C 0x1C484C 0x2
0 0 0x854 0x1C4854 0x2
0 0 0x870 0x1C4870 0xC
0 0 0x8A0 0x1C48A0 0x1C
0 0 0xFFE 0x1C4FFE 0x2
0 0 0x1000 0x1C5000 0x64
0 0 0x1220 0x1C5220 0x18
0 0 0x1240 0x1C5240 0x18
0 0 0x1260 0x1C5260 0x18
0 0 0x1280 0x1C5280 0x18
0 0 0x12A0 0x1C52A0 0x18
0 0 0x12C0 0x1C52C0 0x18
0 0 0x12E0 0x1C52E0 0x18
0 0 0x1300 0x1C5300 0x18
0 0 0x1320 0x1C5320 0x18
0 0 0x1340 0x1C5340 0x18
0 0 0x1360 0x1C5360 0x18
0 0 0x1380 0x1C5380 0x18
0 0 0x13A0 0x1C53A0 0x18
0 0 0x13C0 0x1C53C0 0x18
0 0 0x13E0 0x1C53E0 0x18
0 0 0x1400 0x1C5400 0x18
0 0 0x1420 0x1C5420 0x18
0 0 0x1440 0x1C5440 0x18
0 0 0x1460 0x1C5460 0x18
0 0 0x1480 0x1C5480 0x18
0 0 0x14A0 0x1C54A0 0x18
0 0 0x14C0 0x1C54C0 0x18
0 0 0x14E0 0x1C54E0 0x18
0 0 0x1500 0x1C5500 0x18
0 0 0x1520 0x1C5520 0x18
0 0 0x1540 0x1C5540 0x18
0 0 0x1560 0x1C5560 0x18
0 0 0x1580 0x1C5580 0x18
0 0 0x15A0 0x1C55A0 0x18
0 0 0x15C0 0x1C55C0 0x18
0 0 0x2000 0x1C6000 0x8
0 1 0 0x1C7000 0x50
0 2 0 0x1C8000 0x4C Serial Number + model Type (CUH-XXXXX)
0 2 0x60 0x1C8060 0x58
0 2 0xC0 0x1C80C0 0xD
0 2 0x100 0x1C8100 0x20
0 2 0x7D0 0x1C87D0 0x10
0 2 0x7F0 0x1C87F0 0x1
0 4 0 0x1C9000 0x1 Boot Parameter (FE Development Mode) (FB Assist Mode) (FF Release Mode)
0 4 3 0x1C9003 0x1 Memory Budget (0xFF Normal, 0xFE Large)
0 4 5 0x1C9005 0x1 Slow HDD Mode (0xFE ON) (0xFF OFF)
0 4 0x20 0x1C9020 0x1 init_safe_mode flag
0 4 0x60 0x1C9060 0x4 smi_version
0 4 0x80 0x1C9070 varies (0x68-0x6C) acf token <- checked by sceSblDevActVerifyCheckExpire
0 4 0x100 0x1C9100 0x100
0 4 0x200 0x1C9200 varies (0x40-0x60) scrambled/obfuscated eap hdd key <- checked by g_crypt_deferred_init
0 4 0x301 0x1C9301 1 unknown (01 = enabled)
0 4 0x311 0x1C9311 1 unknown (01 = enabled)
0 4 0x31F 0x1C931F 1 UART boot param? (setting this to 1 enables UART output on boot)
0 4 0x900 0x1C9900 0x100 acf signature
0 4 0xC00 0x1C9C00 0x170
0 4 0x1000 0x1CA000 0x300
0 4 0x1040 0x1CA040 0x1 Circle Button Behaviour (0x01 is Circle Go Back) (0x00 is Circle Accept)
0 4 0x1300 0x1CA300 0x300
0 4 0x1600 0x1CA600 0x1 IDU Mode (0x01 Enabled 0x00 Disabled)
0 4 0x1601 0x1CA601 0x1F checked by regMgrNvsSpInit
0 4 0x2C00 0x1CBC00 0x20
0 4 0x2C40 0x1CBC40 0x20
1 0 0x31F 0x1CC31F 1 unknown (01 = enabled)