WiiBrew

Changes

/dev/di (view source)

Revision as of 21:51, 4 November 2019

1,863 bytes added ,  21:51, 4 November 2019
IOCtlVs 0x90/0x91/0x92 are in *one* version of the DI driver, Jun 8 2007 18:17:09, found in e.g. IOS30 (I'll write up more about versions once I'm done researching it)
Line 90: Line 90:  
{| class="wikitable"
 
{| class="wikitable"
 
  |+ Vector
 
  |+ Vector
 +
! Index
 
  ! Name
 
  ! Name
 
  ! Direction
 
  ! Direction
Line 95: Line 96:  
  ! Alignment
 
  ! Alignment
 
  |-
 
  |-
 +
| 0
 
  | Command
 
  | Command
 
  | In
 
  | In
Line 100: Line 102:  
  | 4
 
  | 4
 
  |-
 
  |-
 +
| 1
 
  | [[Ticket]] (optional)
 
  | [[Ticket]] (optional)
 
  | In
 
  | In
Line 105: Line 108:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 2
 
  | [[Certificate chain|Shared certs]] (optional)
 
  | [[Certificate chain|Shared certs]] (optional)
 
  | In
 
  | In
Line 110: Line 114:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 3
 
  | [[TMD]]
 
  | [[TMD]]
 
  | Out
 
  | Out
Line 115: Line 120:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 4
 
  | ES Error
 
  | ES Error
 
  | Out
 
  | Out
Line 158: Line 164:  
=== <s>0x90 DVDLowGetNoDiscOpenPartitionParams</s> ===
 
=== <s>0x90 DVDLowGetNoDiscOpenPartitionParams</s> ===
   โˆ’
<strong>Dummied out</strong>; always returns 0x80.  However, still usable as an Ioctl (which is probably unintended).  System menu 4.3U (among other titles) still has a PPC-side implementation (815504c4) but this is not used (the higher-level function that calls it is gone due to not being referenced). This does allow determination of the inputs, though:
+
<strong>Dummied out on all current IOS versions</strong>; always returns 0x80.  However, still usable as an Ioctl (which is probably unintended).  System menu 4.3U (among other titles) still has a PPC-side implementation (815504c4) but this is not used (the higher-level function that calls it is gone due to not being referenced).
    
{| class="wikitable"
 
{| class="wikitable"
 
  |+ Vector
 
  |+ Vector
 +
! Index
 
  ! Name
 
  ! Name
 
  ! Direction
 
  ! Direction
Line 167: Line 174:  
  ! Alignment
 
  ! Alignment
 
  |-
 
  |-
 +
| 0
 
  | Command
 
  | Command
 
  | In
 
  | In
Line 172: Line 180:  
  | 4
 
  | 4
 
  |-
 
  |-
 +
| 1
 
  | [[TMD]] size pointer
 
  | [[TMD]] size pointer
 
  | In
 
  | In
 
  | 4
 
  | 4
โˆ’
  | 32
+
  | 4 (32 on PPC side)
 
  |-
 
  |-
 +
| 2
 
  | [[Certificate chain|Shared certs]] size pointer
 
  | [[Certificate chain|Shared certs]] size pointer
 
  | In
 
  | In
 
  | 4
 
  | 4
โˆ’
  | 32
+
  | 4 (32 on PPC side)
 
  |-
 
  |-
 +
| 3
 
  | [[Ticket]]
 
  | [[Ticket]]
 
  | Out
 
  | Out
Line 187: Line 198:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 4
 
  | TMD size pointer (again; aliases with previous pointer)
 
  | TMD size pointer (again; aliases with previous pointer)
 
  | Out
 
  | Out
 
  | 4
 
  | 4
โˆ’
  | 32
+
  | 4 (32 on PPC side)
 
  |-
 
  |-
 +
| 5
 
  | [[TMD]]
 
  | [[TMD]]
 
  | Out
 
  | Out
โˆ’
  | TMD size, from before
+
  | TMD size, from before, must match the value of the above pointer (it dereferences the out pointer, not the in pointer)
 
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 6
 
  | Shared certs size pointer (again; aliases with the previous pointer)
 
  | Shared certs size pointer (again; aliases with the previous pointer)
 
  | Out
 
  | Out
 
  | 4
 
  | 4
โˆ’
  | 32
+
  | 4 (32 on PPC side)
 
  |-
 
  |-
 +
| 7
 
  | Shared certs
 
  | Shared certs
 
  | Out
 
  | Out
โˆ’
  | Shared certs size, from before
+
  | Shared certs size, from before, must match the value of the above pointer (again, it dereferences the out pointer and not the in pointer)
 
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 8
 
  | Partition data offset pointer
 
  | Partition data offset pointer
 
  | Out
 
  | Out
 
  | 4
 
  | 4
โˆ’
  | 32
+
  | 4 (32 on PPC side)
 
  |-
 
  |-
 +
| 9
 
  | H3 hashes
 
  | H3 hashes
 
  | Out
 
  | Out
Line 218: Line 235:  
  |}
 
  |}
   โˆ’
Presumably, the ioctlv would have validated size and alignment, and then filled in additional parameters on the command before passing it on to the shared logic that it is still accessible via the ioctlv.
+
After validating sizes and alignments, the params field of the command is set to a stack-allocated structure:
 +
 
 +
struct nodiscopenparams {
 +
  undefined4 unused1;
 +
  ticket * ticket; // Set to vector[3].data
 +
  undefined4 unused2;
 +
  size_t tmdSize; // Set to *vector[4].data
 +
  tmd * tmd; // Set to vector[5].data
 +
  size_t sharedCertsSize; // Set to *vector[6].data
 +
  byte * sharedCerts; // Set to vector[7].data
 +
  off_t partitionDataOffset; // Set to partitionOffset + partition->dataOffset after working
 +
  h3buffer * h3Hashes; // set to vector[9].data
 +
}
 +
 
 +
After executing at a lower level (see [[#0x90 DVDLowGetNoDiscOpenPartitionParams ioctl|ยง0x90 DVDLowGetNoDiscOpenPartitionParams ioctl]]), tmdSize, sharedCertsSize, and partitionDataOffset are written back to vectors 4, 6, and 8 respectively.  (If an error occurs, all three are instead set to 0.)
    
{| class="wikitable"
 
{| class="wikitable"
Line 233: Line 264:  
  | off_t
 
  | off_t
 
  | Partition position (>> 2)
 
  | Partition position (>> 2)
โˆ’
  |- {{no2}}
+
  |- {{partial2}}
 
  | 8
 
  | 8
 
  | nodiscopenparams*
 
  | nodiscopenparams*
โˆ’
  | params (probably written by ioctlv, but unverifyable)
+
  | params
 
  |}
 
  |}
    
=== <s>0x91 DVDLowNoDiscOpenPartition</s> ===
 
=== <s>0x91 DVDLowNoDiscOpenPartition</s> ===
   โˆ’
<strong>Dummied out</strong>; always returns 0x80.  However, still usable as an Ioctl (which is probably unintended).
+
<strong>Dummied out on all current IOS versions</strong>; always returns 0x80.  However, still usable as an Ioctl (which is probably unintended).
    
Presumably, the ioctlv would have validated size and alignment, and then filled in additional parameters on the command before passing it on to the shared logic that it is still accessible via the ioctlv.  However, no PPC-side code exists so the exact ioctlv arguments are unknown.
 
Presumably, the ioctlv would have validated size and alignment, and then filled in additional parameters on the command before passing it on to the shared logic that it is still accessible via the ioctlv.  However, no PPC-side code exists so the exact ioctlv arguments are unknown.
 +
 +
{| class="wikitable"
 +
|+ Vector
 +
! Index
 +
! Name
 +
! Direction
 +
! Size
 +
! Alignment
 +
|-
 +
| 0
 +
| Command
 +
| In
 +
| 0x20
 +
| 4
 +
|-
 +
| 1
 +
| [[Ticket]]
 +
| In
 +
| 0x2a4
 +
| 32
 +
|-
 +
| 2
 +
| [[TMD]]
 +
| In
 +
| Not checked
 +
| 32
 +
|-
 +
| 3
 +
| [[Certificate chain|Shared certs]]
 +
| In
 +
| Not checked
 +
| 32
 +
|-
 +
| 4
 +
| H3 hashes
 +
| In
 +
| 0x18000
 +
| 32
 +
|-
 +
| 5
 +
| ES Error
 +
| Out
 +
| 4 (properly sized, unlike with regular open partition)
 +
| 4
 +
|}
 +
 +
After validating sizes and alignments, the params field of the command is set to a stack-allocated structure:
 +
 +
struct nodiscopenparams {
 +
  undefined4 unused1;
 +
  ticket * ticket; // Set to vector[1].data
 +
  undefined4 unused2;
 +
  size_t tmdSize; // Set to vector[2].size
 +
  tmd * tmd; // Set to vector[2].data
 +
  size_t sharedCertsSize; // Set to vector[3].size
 +
  byte * sharedCerts; // Set to vector[3].data
 +
  off_t partitionDataOffset; // Set by command
 +
  h3buffer * h3Hashes; // set to vector[4].data
 +
}
 +
    
{| class="wikitable"
 
{| class="wikitable"
Line 254: Line 345:  
  | u8
 
  | u8
 
  | Command (0x91)
 
  | Command (0x91)
โˆ’
  |- {{no2}}
+
|-
 +
| 4
 +
| off_t
 +
| Partition data offset
 +
  |- {{partial2}}
 
  | 4
 
  | 4
 
  | nodiscopenparams*
 
  | nodiscopenparams*
โˆ’
  | params (probably written by ioctlv, but unverifyable)
+
  | params
โˆ’
  |- {{no2}}
+
  |- {{partial2}}
 
  | 8
 
  | 8
 
  | u32 *
 
  | u32 *
โˆ’
  | ES error output (probably written by ioctlv, but unverifyable)
+
  | ES error output (vector[5].data)
 
  |}
 
  |}
    
=== <s>0x92 DVDLowGetNoDiscBufferSizes</s> ===
 
=== <s>0x92 DVDLowGetNoDiscBufferSizes</s> ===
   โˆ’
<strong>Dummied out</strong>; always returns 0x80.  However, still usable as an Ioctl (which is probably unintended).  System menu 4.3U (among other titles) still has a PPC-side implementation (815502b8) but this is not used (the higher-level function that calls it is gone due to not being referenced).  This does allow determination of the inputs, though:
+
<strong>Dummied out on all current IOS versions</strong>; always returns 0x80.  However, still usable as an Ioctl (which is probably unintended).  System menu 4.3U (among other titles) still has a PPC-side implementation (815502b8) but this is not used (the higher-level function that calls it is gone due to not being referenced).  This does allow determination of the inputs, though:
    
{| class="wikitable"
 
{| class="wikitable"
 
  |+ Vector
 
  |+ Vector
 +
! Index
 
  ! Name
 
  ! Name
 
  ! Direction
 
  ! Direction
Line 275: Line 371:  
  ! Alignment
 
  ! Alignment
 
  |-
 
  |-
 +
| 0
 
  | Command
 
  | Command
 
  | In
 
  | In
Line 280: Line 377:  
  | 4
 
  | 4
 
  |-
 
  |-
 +
| 1
 
  | [[TMD]] size pointer
 
  | [[TMD]] size pointer
 
  | Out
 
  | Out
 
  | 4
 
  | 4
โˆ’
  | 32
+
  | 4 (32 on ppc side)
 
  |-
 
  |-
 +
| 2
 
  | [[Certificate chain|Shared certs]] size pointer
 
  | [[Certificate chain|Shared certs]] size pointer
 
  | Out
 
  | Out
 
  | 4
 
  | 4
โˆ’
  | 32
+
  | 4 (32 on ppc side)
 
  |}
 
  |}
   โˆ’
Presumably, the ioctlv would have validated size and alignment, and then filled in additional parameters on the command before passing it on to the shared logic that it is still accessible via the ioctlv.
+
Both pointers must be non-zero.  The ioctlv fills in additional parameters on the command.
    
{| class="wikitable"
 
{| class="wikitable"
Line 306: Line 405:  
  | off_t
 
  | off_t
 
  | Partition position (>> 2)
 
  | Partition position (>> 2)
โˆ’
  |- {{no2}}
+
  |- {{partial2}}
 
  | 8
 
  | 8
 
  | u32 *
 
  | u32 *
โˆ’
  | TMD Size out (probably written by ioctlv, but unverifyable)
+
  | TMD Size out
โˆ’
  |- {{no2}}
+
  |- {{partial2}}
 
  | 12
 
  | 12
 
  | u32 *
 
  | u32 *
โˆ’
  | Cert Chain Size Out (probably written by ioctlv, but unverifyable)
+
  | Cert Chain Size Out
 
  |}
 
  |}
   Line 326: Line 425:  
{| class="wikitable"
 
{| class="wikitable"
 
  |+ Vector
 
  |+ Vector
 +
! Index
 
  ! Name
 
  ! Name
 
  ! Direction
 
  ! Direction
Line 331: Line 431:  
  ! Alignment
 
  ! Alignment
 
  |-
 
  |-
 +
| 0
 
  | Command
 
  | Command
 
  | In
 
  | In
Line 336: Line 437:  
  | 4
 
  | 4
 
  |-
 
  |-
 +
| 1
 
  | [[Ticket]] (optional)
 
  | [[Ticket]] (optional)
 
  | In
 
  | In
Line 341: Line 443:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 2
 
  | [[TMD]] (required)
 
  | [[TMD]] (required)
 
  | In
 
  | In
Line 346: Line 449:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 3
 
  | [[Certificate chain|Shared certs]] (optional)
 
  | [[Certificate chain|Shared certs]] (optional)
 
  | In
 
  | In
Line 351: Line 455:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 4
 
  | ES Error
 
  | ES Error
 
  | Out
 
  | Out
Line 402: Line 507:  
{| class="wikitable"
 
{| class="wikitable"
 
  |+ Vector
 
  |+ Vector
 +
! Index
 
  ! Name
 
  ! Name
 
  ! Direction
 
  ! Direction
Line 407: Line 513:  
  ! Alignment
 
  ! Alignment
 
  |-
 
  |-
 +
| 0
 
  | Command
 
  | Command
 
  | In
 
  | In
Line 412: Line 519:  
  | 4
 
  | 4
 
  |-
 
  |-
 +
| 1
 
  | Ticket View (optional)
 
  | Ticket View (optional)
 
  | In
 
  | In
Line 417: Line 525:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 2
 
  | [[TMD]] (required)
 
  | [[TMD]] (required)
 
  | In
 
  | In
Line 422: Line 531:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 3
 
  | [[Certificate chain|Shared certs]] (optional)
 
  | [[Certificate chain|Shared certs]] (optional)
 
  | In
 
  | In
Line 427: Line 537:  
  | 32
 
  | 32
 
  |-
 
  |-
 +
| 4
 
  | ES Error
 
  | ES Error
 
  | Out
 
  | Out
Pokechu22
303

edits

Retrieved from "https://wiibrew.org/wiki/Special:MobileDiff/108003"