scsidrminfo
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revisionLast revisionBoth sides next revision | ||
| scsidrminfo [2009/04/24 16:49] – created megadiscman | scsidrminfo [2010/07/06 15:10] – megadiscman | ||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ===== Commands ===== | ===== Commands ===== | ||
| - | Command A3: Write Crypto Stuff (Sony calls it "Send Key") | + | ==== Command A3: Write Crypto Stuff ==== |
| + | (This is officially | ||
| < | < | ||
| 00: BYTE Command byte A3 | 00: BYTE Command byte A3 | ||
| - | 01: BYTE unused, send as Zero (might contain LUN) | + | 01: BYTE unused (might contain LUN) |
| 02: DWORD Object Number | 02: DWORD Object Number | ||
| - | 06: BYTE | + | 06: BYTE |
| - | 07: BYTE | + | 07: BYTE |
| 08: WORD Size of cryptographic data | 08: WORD Size of cryptographic data | ||
| 0A: BYTE key type | 0A: BYTE key type | ||
| - | 0B: BYTE unused, send as Zero | + | 0B: BYTE unused |
| </ | </ | ||
| - | Command A4: Read Crypto Stuff (Sony calls it "Request | + | ==== Command A4: Read Crypto Stuff ==== |
| + | (This is officially | ||
| < | < | ||
| Line 22: | Line 24: | ||
| 01: BYTE unused, send as Zero (might contain LUN) | 01: BYTE unused, send as Zero (might contain LUN) | ||
| 02: DWORD Object Number | 02: DWORD Object Number | ||
| - | 06: BYTE unsused, send as Zero | + | 06: BYTE unsused |
| - | 07: BYTE | + | 07: BYTE |
| 08: WORD Size of cryptographic data | 08: WORD Size of cryptographic data | ||
| 0A: BYTE key type | 0A: BYTE key type | ||
| - | 0B: BYTE unused, | + | 0B: BYTE unused |
| + | </ | ||
| + | |||
| + | ===== Data formats ===== | ||
| + | even key types imply data transfer to device (using A3 command), whereas odd key types imply data transfer from device (using A4 command) | ||
| + | |||
| + | Generally, all unused fields are sent as zero. | ||
| + | |||
| + | ==== Key type 30: Authentication Token 1 ==== | ||
| + | This data packet is sent from the Host to the HiMD device | ||
| + | < | ||
| + | 00: WORD Length, must be 0012 | ||
| + | 02: WORD unsused | ||
| + | 04: BYTES 8 bytes "Leaf ID of Host" | ||
| + | 0C: BYTES 8 bytes "Nonce from Host" | ||
| + | </ | ||
| + | |||
| + | ==== Key type 31: Authentication Token 2 ==== | ||
| + | This data packet is sent from the HiMD device to the Host, the expected length is 43C (i.e. header + 64 keys?) | ||
| + | < | ||
| + | 00: DWORD unknown, maybe length in first WORD | ||
| + | 04: BYTES 16 bytes "Disc ID" | ||
| + | 14: BYTES 8 bytes "MAC from Device" | ||
| + | 1C: BYTES 8 bytes "Leaf ID of Device" | ||
| + | 24: BYTES 8 bytes "Nonce from Device" | ||
| + | 2C: BYTES The "local EKB of the Device" | ||
| + | </ | ||
| + | |||
| + | ==== Key type 32: Authentication Token 3 ==== | ||
| + | This data packet is sent from the Host to the HiMD device | ||
| + | < | ||
| + | 00: WORD Length, must be 41A | ||
| + | 02: WORD unused | ||
| + | 04: BYTES 8 bytes "MAC from Host" | ||
| + | 0C: BYTES The "local EKB of the Host" | ||
| + | </ | ||
| + | |||
| + | ==== Key type 33: ICV from device ==== | ||
| + | This data packet is sent from the HiMD device to the Host (expected length 404) | ||
| + | While this packet is never explained in the HiMD Transfer Tool for MAC, it looks suspiciously like the | ||
| + | next one, just the other transfer direction. | ||
| + | < | ||
| + | 00: DWORD unknown, length? | ||
| + | 04: BYTE unknown, must be zero | ||
| + | 05: BYTE bit flags. Bits 6,7: encryption type (0=plain, 2=des ecb, 3=des cbc) | ||
| + | | ||
| + | | ||
| + | 06: WORD length of following data | ||
| + | 08: DWORD generation number | ||
| + | 0C: BYTES data, length from field 6. | ||
| + | ..: BYTES MAC, only present if MAC bit is set. NOT included in length | ||
| + | </ | ||
| + | |||
| + | ==== Key type 34: ICV data to device ==== | ||
| + | This data packet is sent from the Host to the HiMD device | ||
| + | < | ||
| + | 00: WORD length (must be 404) | ||
| + | 02: WORD unused | ||
| + | 04: BYTE ICV slot number (must be between 0 and 31) | ||
| + | 05: BYTE bit flags, same bits used as in Type 33 | ||
| + | 06: WORD length of ICV data | ||
| + | 08: WORD Revision | ||
| + | 0A: WORD unknown, but used | ||
| + | 0C: BYTES ICV data | ||
| + | XX: BYTES 8 Bytes MAC | ||
| + | </ | ||
| + | |||
| + | ==== Key type 38: secure clock ==== | ||
| + | This data packet is sent to the device | ||
| + | < | ||
| + | 00: BYTE unused | ||
| + | 01: BYTE constant 0 | ||
| + | 02: WORD unused | ||
| + | 04: BYTE unused | ||
| + | 05: BYTE constant 20 | ||
| + | 06: BYTE unused | ||
| + | 07: BYTE constant 8 | ||
| + | 08: DWORD unused | ||
| + | 0C: BYTE unused | ||
| + | 0D: BYTE Seconds | ||
| + | 0E: BYTE Minutes | ||
| + | 0F: BYTE Hour | ||
| + | 10: BYTE Day | ||
| + | 11: BYTE Month | ||
| + | 12: BYTE Year | ||
| + | 13: BYTE unused | ||
| + | 14: BYTES MAC | ||
| + | </ | ||
| + | |||
| + | ==== Key type 39: Unique ID ==== | ||
| + | This data packet is sent from the HiMD device to the host (expected length 192 bytes) | ||
| + | < | ||
| + | 00: DWORD unknown, maybe length in first two bytes | ||
| + | 04: WORD " | ||
| + | 06: BYTE Version | ||
| + | 07: BYTE Length | ||
| + | 08: BYTES Uid Data | ||
| + | </ | ||
| + | |||
| + | ==== Key type 3B: Leaf ID ==== | ||
| + | This data packet is sent from the HiMD device to the host | ||
| + | < | ||
| + | 00: WORD unknown, length? | ||
| + | 02: BYTES 8 Bytes leaf ID | ||
| + | </ | ||
| + | |||
| + | ==== Key type 3D: Disc ID ==== | ||
| + | < | ||
| + | 00: WORD unknown, length? | ||
| + | 02: BYTES 16 bytes disc ID | ||
| </ | </ | ||
scsidrminfo.txt · Last modified: 2010/07/06 15:10 by megadiscman