scsidrminfo
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
scsidrminfo [2009/04/24 16:49] – created megadiscman | scsidrminfo [2009/04/24 21:59] – Add Leaf ID (type 3B) packet megadiscman | ||
---|---|---|---|
Line 3: | Line 3: | ||
===== Commands ===== | ===== Commands ===== | ||
- | Command A3: Write Crypto Stuff (Sony calls it "Send Key") | + | ==== Command A3: Write Crypto Stuff ==== |
+ | (Sony calls it "Send Key") | ||
< | < | ||
00: BYTE Command byte A3 | 00: BYTE Command byte A3 | ||
- | 01: BYTE unused, send as Zero (might contain LUN) | + | 01: BYTE unused (might contain LUN) |
02: DWORD Object Number | 02: DWORD Object Number | ||
- | 06: BYTE | + | 06: BYTE |
07: BYTE Magic Byte BD | 07: BYTE Magic Byte BD | ||
08: WORD Size of cryptographic data | 08: WORD Size of cryptographic data | ||
0A: BYTE key type | 0A: BYTE key type | ||
- | 0B: BYTE unused, send as Zero | + | 0B: BYTE unused |
</ | </ | ||
- | Command A4: Read Crypto Stuff (Sony calls it "Request | + | ==== Command A4: Read Crypto Stuff ==== |
+ | (Sony calls it "Report | ||
< | < | ||
Line 22: | Line 24: | ||
01: BYTE unused, send as Zero (might contain LUN) | 01: BYTE unused, send as Zero (might contain LUN) | ||
02: DWORD Object Number | 02: DWORD Object Number | ||
- | 06: BYTE unsused, send as Zero | + | 06: BYTE unsused |
07: BYTE Magic Byte BD | 07: BYTE Magic Byte BD | ||
08: WORD Size of cryptographic data | 08: WORD Size of cryptographic data | ||
0A: BYTE key type | 0A: BYTE key type | ||
- | 0B: BYTE unused, | + | 0B: BYTE unused |
+ | </ | ||
+ | |||
+ | ===== Data formats ===== | ||
+ | even key types imply data transfer to device (using A3 command), whereas odd key types imply data transfer from device (using A4 command) | ||
+ | |||
+ | Generally, all unused fields are sent as zero. | ||
+ | |||
+ | ==== Key type 30: Authentication Token 1 ==== | ||
+ | This data packet is sent from the Host to the HiMD device | ||
+ | < | ||
+ | 00: WORD Length, must be 0012 | ||
+ | 02: WORD unsused | ||
+ | 04: BYTES 8 bytes "Leaf ID of Host" | ||
+ | 0C: BYTES 8 bytes "Nonce from Host" | ||
+ | </ | ||
+ | |||
+ | ==== Key type 31: Authentication Token 2 ==== | ||
+ | This data packet is sent from the HiMD device to the Host, the expected length is 43C (i.e. header + 64 keys?) | ||
+ | < | ||
+ | 00: DWORD unknown, maybe length in first WORD | ||
+ | 04: BYTES 16 bytes "Disc ID" | ||
+ | 14: BYTES 8 bytes "MAC from Device" | ||
+ | 1C: BYTES 8 bytes "Leaf ID of Device" | ||
+ | 24: BYTES 8 bytes "Nonce from Device" | ||
+ | 2C: BYTES The "local EKB of the Device" | ||
+ | </ | ||
+ | |||
+ | ==== Key type 32: Authentication Token 3 ==== | ||
+ | This data packet is sent from the Host to the HiMD device | ||
+ | < | ||
+ | 00: WORD Length, must be 41A | ||
+ | 02: WORD unused | ||
+ | 04: BYTES 8 bytes "MAC from Host" | ||
+ | 0C: BYTES The "local EKB of the Host" | ||
+ | </ | ||
+ | |||
+ | ==== Key type 33: ICV from device ==== | ||
+ | This data packet is sent from the HiMD device to the Host (expected length 404) | ||
+ | While this packet is never explained in the HiMD Transfer Tool for MAC, it looks suspiciously like the | ||
+ | next one, just the other transfer direction. | ||
+ | < | ||
+ | 00: DWORD unknown, length? | ||
+ | 04: BYTE unknown, but used | ||
+ | 05: BYTE bit flags. Bits 6,7: encryption type (0=plain, 2=des ecb, 3=des cbc) | ||
+ | | ||
+ | | ||
+ | 06: WORD length of following data | ||
+ | 08: DWORD unknown, but used | ||
+ | 0C: BYTES data, length from field 6. | ||
+ | </ | ||
+ | |||
+ | ==== Key type 34: ICV data to device ==== | ||
+ | This data packet is sent from the Host to the HiMD device | ||
+ | < | ||
+ | 00: WORD length (must be 404) | ||
+ | 02: WORD unused | ||
+ | 04: BYTE ICV slot number (must be between 0 and 31) | ||
+ | 05: BYTE bit flags, same bits used as in Type 33 | ||
+ | 06: WORD length of ICV data | ||
+ | 08: WORD Revision | ||
+ | 0A: WORD unknown, but used | ||
+ | 0C: BYTES ICV data | ||
+ | XX: BYTES 8 Bytes MAC | ||
+ | </ | ||
+ | |||
+ | ==== Key type 38: secure clock ==== | ||
+ | This data packet is sent to the device | ||
+ | < | ||
+ | 00: BYTE unused | ||
+ | 01: BYTE constant 0 | ||
+ | 02: WORD unused | ||
+ | 04: BYTE unused | ||
+ | 05: BYTE constant 20 | ||
+ | 06: BYTE unused | ||
+ | 07: BYTE constant 8 | ||
+ | 08: DWORD unused | ||
+ | 0C: BYTE unused | ||
+ | 0D: BYTE Seconds | ||
+ | 0E: BYTE Minutes | ||
+ | 0F: BYTE Hour | ||
+ | 10: BYTE Day | ||
+ | 11: BYTE Month | ||
+ | 12: BYTE Year | ||
+ | 13: BYTE unused | ||
+ | 14: BYTES MAC | ||
+ | </ | ||
+ | |||
+ | ==== Key type 39: Unique ID ==== | ||
+ | This data packet is sent from the HiMD device to the host (expected length 192 bytes) | ||
+ | < | ||
+ | 00: DWORD unknown, maybe length in first two bytes | ||
+ | 04: WORD " | ||
+ | 06: BYTE Version | ||
+ | 07: BYTE Length | ||
+ | 08: BYTES Uid Data | ||
+ | </ | ||
+ | |||
+ | ==== Key type 3B: Leaf ID ==== | ||
+ | This data packet is sent from the HiMD device to the host | ||
+ | < | ||
+ | 00: WORD unknown, length? | ||
+ | 02: BYTES 8 Bytes leaf ID | ||
+ | </ | ||
+ | |||
+ | ==== Key type 3D: Disc ID ==== | ||
+ | < | ||
+ | 00: WORD unusused, length? | ||
+ | 02: BYTES 16 bytes disc ID | ||
</ | </ | ||
scsidrminfo.txt · Last modified: 2010/07/06 15:10 by megadiscman