Secure Loader: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| (17 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
SAMU | The PS4 Secure Loader is the SAMU Initial Program Loader. It is [[Codenames|codenamed]] as 80000001. The PS4 Secure Loader is likely the main loader of the [[Secure Kernel]] (80010001) and of the Kernel (80010002) . | ||
= Header | = Structure = | ||
== Header == | |||
{| class="wikitable" | {| class="wikitable" | ||
| Line 19: | Line 20: | ||
| 0x20 || 0x20 || SHA256 of the decrypted payload || Verified from 0x280 to 0x23550 | | 0x20 || 0x20 || SHA256 of the decrypted payload || Verified from 0x280 to 0x23550 | ||
|- | |- | ||
| 0x40 || | | 0x40 || 0xE0 || Padding || ASCII zeroes | ||
|- | |||
| 0x120 || 0x20 || Revision Nonce || (Likely) SHA256 of the SAM IPL's revision, from this point onward, SAM IPL is encrypted with two layers of AES-CBC crypto | |||
|- | |- | ||
| 0x140 || 0x40 || Metadata || | | 0x140 || 0x40 || Metadata || | ||
|- | |- | ||
| 0x180 || 0x100 || RSA Header Signature || Verified with | | 0x180 || 0x100 || RSA Header Signature || Verified with RSA modulus from SAMU BootROM from 0 to 0x180 | ||
|- | |- | ||
| 0x280 || 0x232D0 || Payload || | | 0x280 || 0x232D0 || Payload || | ||
|- | |- | ||
| 0x23550 || 0x100 || RSA Footer Signature || Verified from header + body (somewhere else, likely PUP SM Manager) | | 0x23550 || 0x100 || RSA Footer Signature || Verified from header + body (somewhere else, likely PUP SM Manager) | ||
|} | |} | ||
= MetaData | == MetaData == | ||
{| class="wikitable" | {| class="wikitable" | ||
! Offset !! Size !! Description !! Notes | ! Offset !! Size !! Description !! Notes | ||
|- | |- | ||
| 0x0 || 0x20 || MetaData Body || Contains | | 0x0 || 0x20 || MetaData Body || Contains KeyRings | ||
|- | |- | ||
| 0x20 || 0x20 || | | 0x20 || 0x20 || MetaData digest || HMAC-SHA256 digest of (header plus metadata) | ||
|} | |||
== MetaData Body == | |||
{| class="wikitable" | |||
! Offset !! Size !! Description !! Notes | |||
|- | |- | ||
| 0x0 || 0x20 || KeyRing 1 || | |||
|} | |} | ||
= | = Revision Nonce Collection = | ||
{| class="wikitable" | {| class="wikitable" | ||
! | ! Hash !! Versions Supported !! Notes | ||
|- | |||
| N.A || All || Revision 0x4 | |||
|- | |||
| {{hex| 60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7}} || All || Revision 0x23 | |||
|- | |||
| {{hex| A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77}} || All || Revision 0x26 | |||
|- | |||
| {{hex| 86 52 B2 B9 C7 5B DB C7 78 A2 9F 1C DE 20 38 7C CE 8D F7 44 5A 5F CC A1 A3 56 25 93 3E 0D 9B A1}} || All || Revision 0x27, Present in Internal Pro 3.70 | |||
|- | |||
| {{hex| 7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE}} || All || Revision 0x2D | |||
|- | |- | ||
| | | {{hex| 56 14 59 FD 36 A1 DF A7 DE A6 13 46 D7 BF B6 69 E5 94 18 8D 4F F7 B5 2B BE C0 F8 16 E9 29 23 81}} || All || Revision 0x31 | ||
|- | |- | ||
| {{hex| 3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4}} || All || Revision 0x32 | |||
|} | |} | ||
Latest revision as of 02:31, 21 July 2023
The PS4 Secure Loader is the SAMU Initial Program Loader. It is codenamed as 80000001. The PS4 Secure Loader is likely the main loader of the Secure Kernel (80010001) and of the Kernel (80010002) .
Structure[edit | edit source]
Header[edit | edit source]
| Offset | Size | Description | Notes |
|---|---|---|---|
| 0x0 | 4 | Magic | 5E D7 9A 0B |
| 0x4 | 4 | Header Size | Little Endian (0x280) |
| 0x8 | 4 | Entry Point | Little Endian (0x100) |
| 0xC | 4 | Payload Size | Little Endian (e.g 0x232D0) |
| 0x10 | 0x10 | Padding | Zeroes |
| 0x20 | 0x20 | SHA256 of the decrypted payload | Verified from 0x280 to 0x23550 |
| 0x40 | 0xE0 | Padding | ASCII zeroes |
| 0x120 | 0x20 | Revision Nonce | (Likely) SHA256 of the SAM IPL's revision, from this point onward, SAM IPL is encrypted with two layers of AES-CBC crypto |
| 0x140 | 0x40 | Metadata | |
| 0x180 | 0x100 | RSA Header Signature | Verified with RSA modulus from SAMU BootROM from 0 to 0x180 |
| 0x280 | 0x232D0 | Payload | |
| 0x23550 | 0x100 | RSA Footer Signature | Verified from header + body (somewhere else, likely PUP SM Manager) |
MetaData[edit | edit source]
| Offset | Size | Description | Notes |
|---|---|---|---|
| 0x0 | 0x20 | MetaData Body | Contains KeyRings |
| 0x20 | 0x20 | MetaData digest | HMAC-SHA256 digest of (header plus metadata) |
MetaData Body[edit | edit source]
| Offset | Size | Description | Notes |
|---|---|---|---|
| 0x0 | 0x20 | KeyRing 1 |
Revision Nonce Collection[edit | edit source]
| Hash | Versions Supported | Notes |
|---|---|---|
| N.A | All | Revision 0x4 |
60 CF 88 21 68 52 47 93 8B 6C 81 23 AE D2 A8 B0 B8 EF 9D 39 D9 AE B2 72 7A 0C 64 FD 81 01 18 E7 |
All | Revision 0x23 |
A5 26 93 8F 00 64 97 41 4F 3F 4E FE 25 EE F0 A3 0F 74 85 43 C9 5A 0A 3E 51 9B 08 BD 62 96 EA 77 |
All | Revision 0x26 |
86 52 B2 B9 C7 5B DB C7 78 A2 9F 1C DE 20 38 7C CE 8D F7 44 5A 5F CC A1 A3 56 25 93 3E 0D 9B A1 |
All | Revision 0x27, Present in Internal Pro 3.70 |
7A E1 C8 43 B3 7E 82 B2 56 56 FD 6A 2F 3B 01 5C 19 4A 40 0D FB 38 71 42 8B CB 6B D8 83 F6 FB FE |
All | Revision 0x2D |
56 14 59 FD 36 A1 DF A7 DE A6 13 46 D7 BF B6 69 E5 94 18 8D 4F F7 B5 2B BE C0 F8 16 E9 29 23 81 |
All | Revision 0x31 |
3B 52 5F 89 9F CA 97 C6 54 65 1F 8A A0 0E 3C 3D 60 14 EE F7 68 9F 54 E3 B9 78 51 A7 CA 32 A7 D4 |
All | Revision 0x32 |