Editing Game Card

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
The PSVita GameCard (cartridges) were reversed by 2 teams: '''Cobra BlackFin Team''' and '''motoharu'''.
A lot of Rumors have flyed around the Vitas Game Card. Some of them could be proven wrong with the work of '''motoharu''' which he released on Github and is available for everyone. One of thoes said rumors was about the GameCards pinout, which is also linked right down under here.
 


== Pinout ==
== Pinout ==
{| class="wikitable sortable" style="text-align: center;border:3px dotted #123AAA;"
{| class="wikitable sortable" style="text-align: center;border:3px dotted #123AAA;"
|-
|-
Line 31: Line 29:
|-
|-
| 10 || GND || Ground
| 10 || GND || Ground
|-
|}
|}


== HW Reversing ==
== HW Reversing ==
 
'''motoharus''' write up is simple to massive and to detailed to retype everything here. Instead we'll link to his [https://github.com/motoharu-gosuto/psvcd '''github''']. We'll also fork his work. So if the site is someday down, call us and we'll fix it.
'''motoharu's''' write up is simple and massive and too much detailed to retype everything here. Instead we'll link to his [https://github.com/motoharu-gosuto/psvcd '''github''']. We'll also fork his work so if the site is someday down, call us and we'll fix it.
 
 
Game card is a standard MMC card. Pinout is different, however it complies with MMC card.
 
[[File:Gamecard_pinout.png]]
 
== Partitions ==
 
Game card can embed 1 or 2 partitions mounted as gro0: and optionally grw0:.
 
gro0: is Read-Only whilst grw0: is Read-Write.
 
 
Game card can be accessed with [[SceSdif|SceSdif]] module. It has the following [[Partitions|partitions]]:
 
{| class="wikitable"
|-
! code !! type !! name !! desc
|-
| 0x9 || exfat || gro0 || Game Card
|-
| 0xD || raw || || Some data
|}
 
== Card initialization ==
 
Card initialization consists of two steps:
*Standard MMC initialization.
*Custom CMD56 initialization.
 
CMD56 is a command that is used to transfer vendor specific data from host to card and back to host.
 
Second step is crucial and is required to be done before host tries to read any data from the card for example with CMD17.
 
== Standard MMC initialization ==
 
This step is performed by SceSdif.
 
Part1: Card identification (SD, MMC, SDIO)
* 40 00 00 00 00 95 - CMD0 - GO_IDLE_STATE
* 48 00 00 01 AA 87 - CMD8 - SEND_IF_COND
* 45 00 00 00 00 5B - CMD5 - IO_SEND_OP_COND
* 77 00 00 00 00 65 - CMD55 - APP_CMD
 
Part2: Card initialization
* 40 00 00 00 00 95 - CMD0 - GO_IDLE_STATE
* 41 40 FF 80 00 0B - CMD1 - SEND_OP_COND
* 42 00 00 00 00 4D - CMD2 - ALL_SEND_CID
* 43 00 01 00 00 7F - CMD3 - SET_RELATIVE_ADDR
* 49 00 01 00 00 F1 - CMD9 - SEND_CSD
* 47 00 01 00 00 DD - CMD7 - SELECT_CARD
* 46 03 AF 01 00 43 - CMD6 - SWITCH (ERASE_GROUP_DEF)
* 48 00 00 00 00 C3 - CMD8 - SEND_EXT_CSD
* 50 00 00 02 00 15 - CMD16 - SET_BLOCKLEN
* 46 03 B9 01 00 2F - CMD6 - SWITCH (HS_TIMING)
* 46 03 B7 01 00 2D - CMD6 - SWITCH (BUS_WIDTH 4)
 
== Custom CMD56 initialization ==
 
This step is performed by [[SceSblGcAuthMgr|SceSblGcAuthMgr]].
 
[[SceSblGcAuthMgr|SceSblGcAuthMgr]] uses [[SceSblSsSmComm|SceSblSsSmComm]] API to send [[F00D_Commands#0x1000B|F00D Commands]] to call Kirk services 1B-20.
Game card can be accessed with [[SceSdif|device index]] 1
 
Initialization consists of 20 packets total.
There are 10 request and 10 response packets.
Each packet is sent or received with CMD56.
 
* 78 00 00 00 00 25 - CMD56 (REQUEST)
* 78 00 00 00 01 37 - CMD56 (RESPONSE)
 
 
char key0[0x20] =
{
    0xDD, 0x10, 0x25, 0x44, 0x15, 0x23, 0xFD, 0xC0,
    0xF9, 0xE9, 0x15, 0x26, 0xDC, 0x2A, 0xE0, 0x84,
    0xA9, 0x03, 0xA2, 0x97, 0xD4, 0xBB, 0xF8, 0x52,
    0xD3, 0xD4, 0x94, 0x2C, 0x89, 0x03, 0xCC, 0x77,
};
 
 
=== packet 1 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x31 || response code
|-
| 0x24|| 0x04 || 0x03 || additional data size
|-
| 0x28|| 0x04 || 0x13 || response size
|-
| 0x2C|| 0x01 || 0xC4 || command ?
|-
| 0x2D|| 0x01 || 0x00 || unknown
|-
| 0x2E|| 0x01 || 0x03 || additional data size
|-
|}
 
=== packet 2 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x31 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x13 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x10 || 0x00 || packet 2 data
|-
|}
 
=== packet 3 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x23 || response code
|-
| 0x24|| 0x04 || 0x03 || additional data size
|-
| 0x28|| 0x04 || 0x05 || response size
|-
| 0x2C|| 0x01 || 0xC2 || command ?
|-
| 0x2D|| 0x01 || 0x00 || unknown
|-
| 0x2E|| 0x01 || 0x03 || additional data size
|-
|}
 
=== packet 4 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x23 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x05 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x02 || 0xFF00 || initialization state
|-
|}
 
=== packet 5 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x02 || response code
|-
| 0x24|| 0x04 || 0x03 || additional data size
|-
| 0x28|| 0x04 || 0x2B || response size
|-
| 0x2C|| 0x01 || 0xA1 || command ?
|-
| 0x2D|| 0x01 || 0x00 || unknown
|-
| 0x2E|| 0x01 || 0x03 || additional data size
|-
|}
 
=== packet 6 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x02 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x2B || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x02 || 0xE000 || unknown
|-
| 0x0D|| 0x02 || 0x01 || gc parameter
|-
| 0x0F|| 0x02 || 0x02 || unknown
|-
| 0x11|| 0x02 || 0x03 || unknown
|-
| 0x13|| 0x20 || - || packet 6 data
|-
|}
 
=== packet 7 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x03 || response code
|-
| 0x24|| 0x04 || 0x15 || additional data size
|-
| 0x28|| 0x04 || 0x23 || response size
|-
| 0x2C|| 0x01 || 0xA2 || command ?
|-
| 0x2D|| 0x01 || 0x00 || unknown
|-
| 0x2E|| 0x01 || 0x15 || additional data size
|-
| 0x2F|| 0x02 || 0x01 || gc parameter (packet 6)
|-
| 0x31|| 0x10 || - || generated chunk (random?)
|-
|}
 
=== packet 8 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x03|| response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x23 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x20 || - || packet 8 data
|-
|}
 
=== packet 9 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x05 || response code
|-
| 0x24|| 0x04 || 0x33 || additional data size
|-
| 0x28|| 0x04 || 0x03 || response size
|-
| 0x2C|| 0x01 || 0xA3 || command ? (generated with Kirk 1C)
|-
| 0x2D|| 0x01 || 0x00 || unknown (generated with Kirk 1C)
|-
| 0x2E|| 0x01 || 0x33 || additional data size (generated with Kirk 1C)
|-
| 0x2F|| 0x30 || - || data (generated with Kirk 1C)
|-
|}
 
=== packet 10 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x05 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x03 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
|}
 
=== packet 11 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x23 || response code
|-
| 0x24|| 0x04 || 0x03 || additional data size
|-
| 0x28|| 0x04 || 0x05 || response size
|-
| 0x2C|| 0x01 || 0xC2 || command ?
|-
| 0x2D|| 0x01 || 0x00 || unknown
|-
| 0x2E|| 0x01 || 0x03 || additional data size
|-
|}
 
=== packet 12 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x23 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x05 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x02 || 0x00 || initialization state
|-
|}
 
=== packet 13 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x07 || response code
|-
| 0x24|| 0x04 || 0x13 || additional data size
|-
| 0x28|| 0x04 || 0x43 || response size
|-
| 0x2C|| 0x01 || 0xA4 || command ?
|-
| 0x2D|| 0x01 || 0x00 || unknown
|-
| 0x2E|| 0x01 || 0x13 || additional data size
|-
| 0x2F|| 0x10 || - || generated chunk (random?)
|-
|}
 
=== packet 14 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x07 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x43 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x40 || - || packet 14 data
|-
|}
 
=== packet 15 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x11 || response code
|-
| 0x24|| 0x04 || 0x33 || additional data size
|-
| 0x28|| 0x04 || 0x43 || response size
|-
| 0x2C|| 0x01 || 0xB1 || command ? (generated with Kirk 1E)
|-
| 0x2D|| 0x01 || 0x00 || unknown (generated with Kirk 1E)
|-
| 0x2E|| 0x01 || 0x33 || additional data size (generated with Kirk 1E)
|-
| 0x2F|| 0x30 || - || data (generated with Kirk 1E)
|-
|}
 
=== packet 16 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x11 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x43 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x40 || - || packet 16 data
|-
|}
 
=== packet 17 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x11 || response code
|-
| 0x24|| 0x04 || 0x33 || additional data size
|-
| 0x28|| 0x04 || 0x43 || response size
|-
| 0x2C|| 0x01 || 0xB1 || command ? (generated with Kirk 1E)
|-
| 0x2D|| 0x01 || 0x00 || unknown (generated with Kirk 1E)
|-
| 0x2E|| 0x01 || 0x33 || additional data size (generated with Kirk 1E)
|-
| 0x2F|| 0x30 || - || data (generated with Kirk 1E)
|-
|}
 
=== packet 18 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x11 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x43 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x40 || - || packet 18 data
|-
|}
 
=== packet 19 (cmd56 request) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x20 || - || key0
|-
| 0x20|| 0x04 || 0x19 || response code
|-
| 0x24|| 0x04 || 0x13 || additional data size
|-
| 0x28|| 0x04 || 0x53 || response size
|-
| 0x2C|| 0x01 || 0xC1 || command ?
|-
| 0x2D|| 0x01 || 0x00 || unknown
|-
| 0x2E|| 0x01 || 0x13 || additional data size
|-
| 0x2F|| 0x10 || - || generated chunk (random?)
|-
|}
 
=== packet 20 (cmd56 response) ===
 
{| class="wikitable"
|-
! Offset !! Size !! Value !! Description
|-
| 0x00|| 0x04 || 0x19 || response code
|-
| 0x04|| 0x04 || 0x00 || unknown
|-
| 0x08|| 0x02 || 0x53 || size of response
|-
| 0x0A|| 0x01 || 0x00 || error code
|-
| 0x0B|| 0x50 || - || packet 20 data
|-
|}
Please note that all contributions to Vita Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see Vita Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/vita/Game_Card"