Changes

Jump to navigation Jump to search
revise some syscall descriptions
{{stub}}
There are 2 types of syscalls:
kernel:FFFF1F4C E1 A0 A2 CA MOV R10, R10,ASR#5 ; R10 = R10 >> 5
kernel:FFFF1F50 E2 0A A0 FF AND R10, R10, #0xFF ; R10 = R10 & 0xFF
kernel:FFFF1F54 E3 5A 00 7A CMP R10, #0x7A ; max index of syscall(can vary for each IOS)
kernel:FFFF1F58 CA 00 00 11 BGT return_to_caller
kernel:FFFF1F5C E1 A0 80 0D MOV R8, SP
kernel:FFFF1F64 E1 21 F0 0B MSR CPSR_c, R11 ; switch to system mode, disable irq & fiq
kernel:FFFF1F68 E5 98 80 44 LDR R8, [R8,#sp_register_save]
kernel:FFFF1F6C E5 9F B4 A0 LDR R11, =literal_2syscall_stack_arg_counts kernel:FFFF1F70 E7 9B B1 0A LDR R11, [R11,R10,LSL#2]; number of args on stack for this syscall
kernel:FFFF1F74 E0 8D D1 0B ADD SP, SP, R11,LSL#2 ; SP += R11[R10 << 2]
kernel:FFFF1F78 unknown_loop get_stack_arg ; CODE XREF: start+1F8C�j
kernel:FFFF1F78 E3 5B 00 00 CMP R11, #0
kernel:FFFF1F7C 0A 00 00 03 BEQ find_syscall_and_jump
kernel:FFFF1F80 E5 3D 90 04 LDR R9, [SP,#var_4-4]!; copy argument value
kernel:FFFF1F84 E5 28 90 04 STR R9, [R8,#-4]!
kernel:FFFF1F88 E2 4B B0 01 SUB R11, R11, #1
kernel:FFFF1F8C EA FF FF F9 B unknown_loopget_stack_arg
kernel:FFFF1F90 find_syscall_and_jump ; CODE XREF: start+1F7C�j
kernel:FFFF1F90 E1 A0 D0 08 MOV SP, R8
kernel:FFFF1FD0 E5 9D D0 00 LDR SP, [SP,#spsr_register_save]
kernel:FFFF1FD4 E5 8D E0 40 STR LR, [SP,#lr_register_save]
kernel:FFFF1FD8 E3 A0 E0 06 MOV LR, #6; STATE_FAULTED kernel:FFFF1FDC E5 8D E0 50 STR LR, [SP,#arg_50thread_state]; segfault, invalid instruction
kernel:FFFF1FE0 E2 8D D0 04 ADD SP, SP, #4
kernel:FFFF1FE4 E9 4D 7F FF STMFD SP, {R0-LR}^
(please feel free to contribute your own findings!)
Names starting with IOS_ are official names. The rest are only educated guesses. {|border=1class="wikitable"|+ List of syscalls in IOS
|-
! ID # !! Internal name !! Description !! Return value
|-
| 0 || u32 thread_createint IOS_CreateThread( u32 (*proc)(void* arg), u8 priorityvoid* arg, u32* stackstack_top, u32 stacksize, void* argint priority, BOOL autostartdetached) || Creates a thread (in paused state) || Returns New threadidor error (negative value)
|-
| 1 || thread_joinint JoinThread(int threadid, u32 *returned_value) || Waits for a thread to finish executing || 0 on success
|-
| 2 || thread_cancelint CancelThread( u32 int threadid, u32 ? return_value )|| Ends a thread, called automatically when proc returns || 0 on success
|-
| 3 || get_tidint IOS_GetThreadId() || Get the current thread's ID || Current threadid
|-
| 4 || get_pidint GetProcessId() || Get the current process's ID || Current processid
|-
| 5 || thread_continueint IOS_StartThread(int threadid) || Resume the specified thread || 0 on success
|-
| 6 || thread_stopint SuspendThread( u32 int threadid )|| Suspend the specified thread || 0 on success
|-
| 7 || thread_yieldint YieldThread(void) || Yield execution to any higher priority threads || 0 on success
|-
| 8 || thread_get_priorityint IOS_GetThreadPriority(int threadid) || Get the priority of the specified thread || thread's priority or error (negative value)
|-
| 9 || thread_set_priorityint IOS_SetThreadPriority(int threadid, int priority) || Set the priority of the specified thread || 0 on success
|-
| a || s32 message_queue_createint IOS_CreateMessageQueue(void u32 *ptr, int u32 n_msgs) || Create a queue at ptr, for n_msgs messages || The queue ID
|-
| b || message_queue_destroyint IOS_DestroyMessageQueue(int queueid) || Destroy a message queue)|| 0 on success
|-
| c || message_queue_sendint IOS_SendMessage(int queueid, u32 message, u32 flags) || Add a message to the end queue || 0 on success
|-
| d || message_queue_send_nowint IOS_JamMessage(int queueid, u32 message, u32 flags) || Add a message to the front of a queue || 0 on success
|-
| e || message_queue_receiveint IOS_ReceiveMessage(int queuequeueid, void u32 *message, int u32 flags)|| Fetch a message from the front of a queue || 0 on success
|-
| f || RegisterEventHandlerint IOS_HandleEvent(int device, int queuequeueid, int message)|| Register queueid as a handler for interrupts generated by device (sends message to queueid when device's interrupt is triggered) || 0 on success
|-
| 10 || int UnregisterEventHandler(int device) || Unregister handler for device || 0 on success
|-
| 11 || int IOS_CreateTimer(int timetime_us, int wtfrepeat_time_us, int message_queuequeueid, int u32 message) || Create a timer that sends a messageto a queue after the elapsed period(s) || timerid or error (negative value)
|-
| 12 || int IOS_RestartTimer(int timerid, int time_us, int repeat_time_us) || Restart a timer using the specified period(s) || 0 on success
|-
| 13 || int IOS_StopTimer(int timerid) || Pauses the specified timer || 0 on success
|-
| 14 || int IOS_DestroyTimer(int timerid) || Destroys the specified timer || 0 on success
|-
| 15 || timer_nowu32 time_now() || Fetch the current value of starlet's timer || The current value of the [[Hardware/Starlet_Timer|HW_TIMER]] register
|-
| 16 || heap_createint IOS_CreateHeap(void *ptr, int size) || Create a new heap at ptr of size bytes || heapid or error (negative value)
|-
| 17 || heap_destroyint IOS_DestroyHeap(int heapid) || Destroy the specified heap)|| 0 on success
|-
| 18 || heap_allocvoid* IOS_Alloc(int heapheapid, int u32 size)|| Allocate size bytes from the specified heap || pointer to memory
|-
| 19 || heap_alloc_alignedvoid* AllocAligned(int heapheapid, int u32 size, int u32 align)|| Allocate size bytes from the specified heap with the requested alignment || pointer to aligned memory
|-
| 1a || heap_freeint IOS_Free(int heapid, void *ptr)|| Release allocated memory back to the heap || 0 on success
|-
| 1b || BOOL device_registerbool IOS_RegisterResourceManager(const char* device, u32 messagequeueint queueid) || Registers device to the device tree, so it can be opened (from Starlet and PPC) || Returns 0 on success, else error
|-
| 1c || s32 device_openint IOS_Open(const char* device, int mode) || Similar to IOS_Open on PPC, except now internal to the IOS system || Returns an fdor error (negative)
|-
| 1d || s32 device_closeint IOS_Close(s32 int fd)|| Close a previously opened fd || 0 on success
|-
| 1e || s32 device_readint IOS_Read(s32 int fd, void *buf, s32 u32 len)|| Read len bytes from fd into buf || The number of bytes read or error
|-
| 1f || s32 device_writeint IOS_Write(s32 int fd, const void *buf, s32 u32 len)|| Write len bytes to fd from buf || The number of bytes written or error
|-
| 20 || s32 device_seekint IOS_Seek(s32 int fd, s32 whereint offset, s32 whenceint origin)|| Seek to offset relative to origin || The new absolute offset or error
|-
| 21 || s32 device_ioctlint IOS_Ioctl(s32 int fd, u32 request, void *input_buffer, u32 input_buffer_len, void *output_buffer, u32 output_buffer_len)|| Perform the requested IOCTL || Return value from IOCTL
|-
| 22 || s32 device_ioctlvint IOS_Ioctlv(s32 int fd, u32 request, u32 bytes_invector_count_in, u32 bytes_outvector_count_out, [[IOS/struct iovecResource request|struct iovecIOVector]] *vector)|| Perform the requested IOCTL || Return value from IOCTL
|-
| 23 || s32 device_open_asyncint IOS_OpenAsync(const char* device, int mode, void int queueid, IOSRequest *callbackmessage)|| Async implementation of IOS_Open || 0 on success, ipcmessage is sent to the queue with the command's return value
|-
| 24 || s32 device_close_asyncint IOS_CloseAsync(s32 int fd, void int queueid, IOSRequest *callbackmessage)|| Async implementation of IOS_Close || 0 on success
|-
| 25 || s32 device_read_asyncint IOS_ReadAsync(s32 int fd, void *buf, s32 u32 len, void int queueid, IOSRequest *callbackmessage)|| Async implementation of IOS_Read
|-
| 26 || s32 device_write_asyncint IOS_WriteAsync(s32 int fd, const void *buf, s32 u32 len, void int queueid, IOSRequest *callbackmessage)|| Async implementation of IOS_Write
|-
| 27 || s32 device_seek_asyncint IOS_SeekAsync(s32 int fd, s32 whereint offset int origin, s32 whenceint queueid, void IOSRequest *callbackmessage)|| Async implementation of IOS_Seek
|-
| 28 || s32 device_ioctl_asyncint IOS_IoctlAsync(s32 int fd, u32 request, void *input_buffer, u32 input_buffer_len, void *output_buffer, u32 output_buffer_len, void int queueid, IOSRequest *callbackmessage) || Async implementation of IOS_Ioctl
|-
| 29 || s32 device_ioctlv_asyncint IOS_IoctlvAsync(s32 int fd, u32 request, u32 bytes_invector_count_in, u32 bytes_outvector_count_out, [[IOS/struct iovecResource_request|struct iovecIOVector]] *vector, void int queueid, IOSRequest *callbackmessage)|| Async implementation of IOS_Ioctlv
|-
| 2a || int void IOS_ResourceReply( [[IOS/resource request|struct ios_resource_requestconst IOSRequest]] *request, int retval) || return from a cmd on a [[IOS|resource]]
|-
| 2b || SetUIDIOSError SetUid(u32 pid, u32 uid) || Set the UID for a process (PID <= 0x13). This can only be used from the kernel or ES. || IPC_SUCCESS on success, IPC_EACCES (permission denied if current PID > 0x1) or IPC_EINVAL (invalid PID)
|-
| 2c || get_hmac_queue_for_pidu32 GetUid() || Get the UID for the active process (based on the thread PID). || UID (u32)
|-
| 2d || SetGIDIOSError SetGid(u32 pid, u16 gid) || Set the GID for a process (PID <= 0x13). This can only be used from the kernel or ES. || IPC_SUCCESS on success, IPC_EACCES (permission denied if current PID > 0x1) or IPC_EINVAL (invalid PID)
|-
| 2e || lookup_GID_maybeu16 GetGid() || Get the GID for the active process (based on the thread PID). || GID (u16)
|-
| 2f || cc_ahbMemFlushint ahbMemFlush(int ahb_dev)
|-
| 30 || syscall_ahbMemFlush_wrapper
|-
| 31 || software_IRQ_31 int enable_irq_iop() || seems to enable Enables [[Hardware/Hollywood IRQs|hardware interrupts ]] for device nr 31([[Hardware/IPC|IPC (Starlet)]]) (can only be used from the kernel or ES) || 0 on success, -4 for no permission.
|-
| 32 || software_irq_18 int enable_irq_di() || seems to enable Enables [[Hardware/Hollywood IRQs|hardware interrupts ]] for device nr 18([[Hardware/Drive Interface|DI]]) (can only be used from DI) || 0 on success, -4 for no permission
|-
| 33 || software_IRQ_7_or_8int enable_irq_sdhc(int id) || seems to enable Enables [[Hardware/Hollywood IRQs|hardware interrupts ]] for device nr 7 ([[Hardware/SD Host Controller|SDHC]] - must be SDI) if id==0, else device nr 8 (sdhc[[Hardware/802.11 Wireless|802.11 Wireless]] - must be WL)|| 0 on success, -4 for no permission
|-
| 34 || software_IRQint enable_irq(int id) || enables Enables [[Hardware/Hollywood IRQs|hardware interrupts ]] for the given device nr, with PID requirements (this is also used to syscalls 31 through 33): {| class="wikitable" ! id !! PID |- | 4 ([[Hardware/USB Host Controller|USB Host Controller]]) || 6 (EHCI) |- | 5 ([[Hardware/USB Host Controller|USB Host Controller]]) || 4 (OH0/OHCI0) |- | 6 ([[Hardware/USB Host Controller|USB Host Controller]]) || 5 (OH1) |- | 7 ([[Hardware/SD Host Controller|SD Host Controller]]) || 7 (SDI) |- | 8 ([[Hardware/802. id11 Wireless|802.11 Wireless]]) || 11 (WL) |- | 11 ([[Hardware/Hollywood GPIOs|Hollywood GPIOs]] (Starlet); check caller PIDalso updates POWER (1) in [[Hardware/Hollywood_GPIOs#HW_GPIO_INTFLAG|HW_GPIO_INTFLAG]]) || 14 (STM) |- | 17 (Reset button) || 14 (STM) |- | 18 ([[Hardware/Drive Interface|Drive Interface]]) || 3 (DI) |- | 31 ([[Hardware/IPC|IPC (Starlet)]]) || 0 (Kernel or ES) |}| 0 on success, -1 for unknown IRQ (not in that table), -4 for no permission
|-
| 35 || access_iobuf_pool(arg1) || no-op in IOS-35, arg1=0 || returns always 0
| 3d || int verify_iobuf([[IOS/IoBuffer|struct iobuf]] *iob) || verify if the argument points to an io buffer
|-
| 3e || syscall_3e|| Unknown; related to IO buffer functionality
|-
| 3f || void sync_before_readIOS_InvalidateDCache(u32 void *address, u32 size) || "sync_before_read" - Invalidates dcache, and something (probably related to flushing memory)
|-
| 40 || sync_after_writevoid IOS_FlushDCache(u32 const void *address, u32 size) || "sync_after_write" - Flushes dcache and does magic bullshit (aka magic AHB operations)
|-
| 41 || ppc_boot(const char *path) || Loads a .dol or .elf file into memory and bootstraps the PPC
|-
| 42 || <nowiki>[[noreturn]]</nowiki> IOSError ios_boot(const char* path, u32 flag, u32 version) || Suspends the IPC thread, loads a new IOS kernel from the NAND to 0x10100000 in IOS59), then calls <code>boot_new_ios_kernel(0x10100000, version)</code>. This can only be called from UID 0. || Doesn't return if the boot succeeded; otherwise, an error code is returned.
|-
| 43 || syscall_43<nowiki>[[noreturn]]</nowiki> void boot_new_ios_kernel(void* ios_binary_address, u32 new_version) || Sets the version at 0x3140 to <code>new_version</code> and the IPC buffer range ("DDR settings") to the legacy range ("12M"), before branching to the new kernel. This can only be called from UID 0. || -
|-
| 44 || int syscall_assert_di_reset assert_di_reset() || Clears bit 10 (DI) of 0xD800194 [[Hardware/Hollywood_Registers#HW_RESETS|HW_RESETS]] (can only be called from DI) || Returns 0 on success, -1 on error
|-
| 45 || int syscall_deassert_di_reset deassert_di_reset() || Enables bit 10 (DI) of 0xD800194 [[Hardware/Hollywood_Registers#HW_RESETS|HW_RESETS]] (can only be called from DI) || Returns 0 on success, -1 on error
|-
| 46 || BOOL syscall_check_di_reset bool check_di_reset() || Checks bit 10 (DI) of 0xD800194 [[Hardware/Hollywood_Registers#HW_RESETS|HW_RESETS]] (can only be called from DI) || Returns 1 on reset asserted, 0 on (deasserted or error)
|-
| 47 || GetSomeFlags void get_kernel_flavor(u32 *type, u16 *unk) || Depending on what is currently running (boot2/IOS) it The implementation of this syscall differs between "flavors" of kernel and returns different values some identifiers. || IOS: *The IOSv58 system menu kernel writes (u32*)r0type=0 3, *(u16*)r1unk=0).Boot2: *The boot2v04 kernel writes (u32*)r0type=3 *(u160, *unk_0)r1=0.
|-
| 48 || set_r0_1_r1_0void get_unk_flavor(u32 *type, u16 *unk) || Potentially vestigial. Probably related to syscall 0x47 above. || Always returns (*type=1, *unk=0).
|-
| 49 || u32 get_boot_vector() || Returns a pointer (?) depending on the SRAM mirror bit in [[Hardware/Hollywood_Registers#HW_MEMIRR|HW_MEMIRR]].|| Returns 0xffffff00 when the mirror bit is set.Returns 0x0d40ff00 when the mirror bit is unset.
|-
| 4a || GetHollywoodRevision
|-
| 4b || void kernel_debug_print(u32 flags) || Prints various debug info (depending on flags) from the kernel
|-
| 4c || int kernel_set_version(u32 version) || Stores version to 0x3140 (can only be called by ES) || 0 on success
|-
| 4d || u32 kernel_get_version() || Returns the current IOS version from 0x3140 (can only be called by ES) || IOS version or 0 on error
|-
| 4e || poke_E0_1int set_di_spinup(uint enable) || Sets or clears the DI_SPIN [[Hardware/Hollywood GPIOs|GPIO]]; if enable is 0 then the flag is set (disabling spinup); it is cleared otherwise. (Can only be called by DI) || 0 on success, -1 on error
|-
| 4f || void* virt_to_phys(void *ptr)|| Converts a virtual pointer to its physical equivalent
|-
| 50 || u32 init_videoint Set_DVDVideo(bool disable) || Enable/Disable DI DVD Video commands (intcan only be called from DI)|| 0 on success, -1 on error
|-
| 51 || syscall_51bool Check_DVDVideo() || Return status of DI DVD Video commands (can only be called from DI) || 1 if disabled, 0 if enabled or error
|-
| 52 || int syscall_52(bool value) || Sets bit 4 of [[Hardware/Hollywood_Registers#HW_EXICTRL|HW_EXICTRL]], clearing it if value is 0 and setting it otherwise. DI only seems to call it with false{{check}}. (Can only be called from DI)| 0 on success, -1 on error
|-
| 53 || bool syscall_53 () ||Checks bit 4 of [[Hardware/Hollywood_Registers#HW_EXICTRL| allows Broadway to access otherwise protected hardware HW_EXICTRL]] (e.g. SD, NAND,...) directly. can only be called from kernel contextDI) || 1 if bit 4 of [[Hardware/Hollywood_Registers#HW_EXICTRL|HW_EXICTRL]] is set, 0 if not set or error
|-
| 54 || syscall_54int set_ahbprot(u32 enable) || Enable/Disable PPC AHBPROT setting (can only be called from ES) || 0 on success, -1 on error
|-
| 55 || GetBUSClock || Returns either 162(GC) or 243(Wii)
|-
| 56 || int poke_gpios(u32 reg, u32 value) |-| 57 Set gpio reg to value (can only be called from STM) || syscall_57|-| 58 || call_poke_debug_port|-| 59 || create_key|-| 5a || destroy_key|0 on success, -| 5b || keyring_allocate_entry(int *index, char usage, char algorithm)1 on error
|-
| 5c 57 || keyring_deallocate_entryint write_ddr_reg(int indexu32 reg_idx, u16 val)|| Writes a 16-bit value to the specified Memory Controller register. Can only be called from the STM module. || Returns 0 on success, -1 on error.
|-
| 5d 58 || set_public_key void poke_debug_port(u8 value) || Set [[Hardware/Hollywood GPIOs|GPIO]] lines 16-23 (DEBUG0-7 arguments, the [[debug port]])to the provided value.
|-
| 5e 59 || crypto_syscall_5e (7 arguments)set_ipc_access_rights || Related to PPC IPC. Can only be called from the ES module. Called when bootstrapping PPC. || 0 on success, negative for error.
|-
| 5f 5a || keyring_set_keystore_datau32 load_module(const char *data, u32 *offset_0x0c, int indexpath) || sets the keystore data for Load an entry in the keyringARM ELF [IOS module] and start a new thread. if the second param is not NULL|| 0 on success, it sets it to the u32 at keyring_entry+0xcnegative for error
|-
| 60 5b || crypto_syscall_60IOSCError IOSC_CreateObject(u32* key_handle, IOSCObjectType type, IOSCObjectSubType subtype); || Create a new keyring entry. <code>key_handle</code> is updated with a key handle to use with other IOSC calls. || 0 on success, negative for error
|-
| 61 5c || get_keyidIOSCError IOSC_DeleteObject(int keyring_index_keyu32 key_handle) || Remove a keyring entry || 0 on success, int keyring_index_sig, int keyring_index_output)negative for error
|-
| 62 5d || crypto_syscall_62IOSCError IOSC_ImportSecretKey(IOSCSecretKeyHandle importedHandle, IOSCSecretKeyHandle verifyHandle, IOSCSecretKeyHandle decryptHandle, IOSCSecretKeySecurity flag, u8 * signbuffer, u8 * ivData, u8 * keybuffer); || Sets the contents of a key handle. This is commonly used to import a built-in key handle (such as the common key). || 0 on success, negative for error
|-
| 63 5e || get_key IOSCError IOSC_ExportSecretKey(IOSCSecretKeyHandle exportedHandle, IOSCSecretKeyHandle signHandle, IOSCSecretKeyHandle encryptHandle, IOSCSecretKeySecurity security_flag, u8 * signbuffer, u8 * ivData, u8 * keybuffer); || Used to get entries from the keyring. R0 is key index:|| 0 on success, negative for error
|-
|5f | |IOSCError IOSC_ImportPublicKey(u8 * publicKeyData, u8 * exponent, IOSCPublicKeyHandle publicKeyHandle); | | Sets the contents of a signature. The imported public key must match <code>publicKeyHandle</code>'s type. <code>exponent</code> is optional 4 bytes that can be attached || 0 ECC Private Keyon success, negative for error
|-
|60 | |IOSCError IOSC_ExportPublicKey(u8 * publicKeyData, u8 * exponent, IOSCPublicKeyHandle publicKeyHandle); | |Gets the contents of a signature | 1 Console ID| 0 on success, negative for error
|-
|61 | |IOSCError IOSC_ComputeSharedKey(IOSCSecretKeyHandle privateHandle, IOSCPublicKeyHandle publicHandle, IOSCSecretKeyHandle sharedHandle); | |Generates a new AES crypto key (<code>sharedHandle</code>) from an ecdh shared secret calculated from a sender's ECC key (<code>publicHandle</code>) and our own ECC key (<code>privateHandle</code>) | 2 NAND AES Key| 0 on success, negative for error
|-
|62 | |IOSCError IOSC_SetData(IOSCDataHandle dataHandle, u32 value); | || 3 NAND HMAC| 0 on success, negative for error
|-
|63 | |IOSCError IOSC_GetData(IOSCDataHandle dataHandle, u32 * value); | |Fetch 4 bytes of userdata from the key | 4 Common Key| 0 on success (userdata in data), negative for error
|-
|64 | |IOSCError IOSC_GetKeySize(u32 * keySize, IOSCKeyHandle handle);| |Return the key size | 5 PRNG Seed (unused?)| 0 on success, negative for error
|-
|65 | |IOSCError IOSC_GetSignatureSize(u32 * signSize, int handle); | |Return the signature size | 6 SD Key| 0 on success, negative for error
|-
|66 | |int IOSC_GenerateHashAsync(u8 * context, u8 * inputData, u32 inputSize, u32 chainingFlag, u8 * hashData, int message_queue_id, IOSRequest* reply); | |Calculate SHA1 hash of <code>inputData</code>. An IPC reply is sent to the message queue on completion. | 7 Boot2 version| 0 on success
|-
|67 | |IOSCError IOSC_GenerateHash(u8 * context, u8 * inputData, u32 inputSize, u32 chainingFlag, u8 * hashData); | |Synchronous implementation of IOSC_GenerateHashAsync | 8 ?| 0 on success
|-
|68 | |int IOSC_EncryptAsync(IOSCSecretKeyHandle encryptHandle, u8 * ivData, u8 * inputData, u32 inputSize, u8 * outputData, int message_queue_id, IOSRequest* reply) | |AES-encrypt <code>inputSize</code> bytes from <code>inputData</code> using <code>encryptHandle</code> and <code>ivData</code> (which gets updated) and write to <code>outputData</code>. An IPC reply is sent to the message queue on completion. | 9 ?| 0 on success
|-
|69 | |IOSCError IOSC_Encrypt(IOSCSecretKeyHandle encryptHandle, u8 * ivData, u8 * inputData, u32 inputSize, u8 * outputData); | |Synchronous implementation of IOSC_EncryptAsync | 10 Filesystem metadata (SFFS) generation| 0 on success
|-
|6a | |int IOSC_DecryptAsync((IOSCSecretKeyHandle decryptHandle, u8 * ivData, u8 * inputData, u32 inputSize, u8 * outputData, int message_queue_id, IOSRequest* request); | |AES-decrypt <code>inputSize</code> bytes from <code>inputData</code> using <code>decryptHandle</code> and <code>ivData</code> (which gets updated) and write to <code>outputData</code>. An IPC reply is sent to the message queue on completion. | 11 "Korean Common Key"| 0 on success
|-
| 64 6b || sha_asyncIOSCError IOSC_Decrypt(IOSCSecretKeyHandle decryptHandle, u8 * ivData, u8 * inputData, u32 inputSize, u8 * outputData); || Synchronous implementation of IOSC_DecryptAsync || 0 on success
|-
| 65 6c || shaIOSCError IOSC_VerifyPublicKeySign(u8 * inputData, u32 inputSize, IOSCPublicKeyHandle publicHandle, u8 * signData); || || 0 on success
|-
| 66 6d || aes_async IOSCError IOSC_GenerateBlockMAC(7 argsu8 * context, u8 * inputData, u32 inputSize, u8 * customData, u32 customDataSize, IOSCSecretKeyHandle signerHandle, u32 chainingFlag, u8 * signData); || || 0 on success
|-
| 67 6e || aes IOSCError IOSC_GenerateBlockMACAsync(5 argsu8 * context, u8 * inputData, u32 inputSize, u8 * customData, u32 customDataSize, IOSCSecretKeyHandle signerHandle, u32 chainingFlag, u8 * signData, int message_queue_id, IOSRequest* reply); || Async version of IOSC_GenerateBlockMAC || 0 on success
|-
| 68 6f || crypto_syscall_68 IOSCError IOSC_ImportCertificate(7 argsu8 * certData, IOSCPublicKeyHandle signerHandle, IOSCPublicKeyHandle publicKeyHandle); || || 0 on success
|-
| 69 70 || crypto_syscall_69 IOSCError IOSC_GetDeviceCertificate(5 argsIOSCEccSignedCert * certificate); || Write 0x180 bytes of NG certificate to <code>certificate</code> || 0 on success
|-
| 6a 71 || crypto_syscall_6a IOSCError IOSC_SetOwnership(7 argsu32 handle, u32 users); || Allow the PIDs set in mask to use this key || 0 on success
|-
| 6b 72 || aes_decryptIOSCError IOSC_GetOwnership(int keyidu32 handle, void u32 *iv, void *in, int len, void *outusers); || Get a mask of the PIDs allowed to use this key || 0 on success
|-
| 6c 73 || hmac_asyncIOSCError IOSC_GenerateRand(u8 * randBytes, u32 numBytes); || Write size bytes of random data to data || 0 on success
|-
| 6d 74 || crypto_syscall_6d IOSCError IOSC_GenerateKey(8 argsIOSCKeyHandle handle); || Sets contents of <code>handle</code> to random data
|-
| 6e 75 || get_ng_cert IOSCError IOSC_GeneratePublicKeySign(10 argsu8 * hash, u32 hashLength, IOSCSecretKeyHandle signerHandle, u8 * eccSignature); || Makes an ECC signature || 0 on success
|-
| 6f 76 || key_set_permission_maskIOSCError IOSC_GenerateCertificate(IOSCSecretKeyHandle privateHandle, IOSCCertName certname, IOSCEccSignedCert * certificate); || || 0 on success
|-
| 70 77 || crypto_syscall_70IOSCError IOSC_CheckDiHashes(u8 * destAddr, u8 * diskRdBuf, u32 h1Index, u32 h2Index, u8 * h3Ptr); || can only be called from DI || 0 on success, negative on error
|-
| 71 78 || crypto_syscall_71syscall_78_set(void *buf, u32 len) || Related to thread priorities? Can only be called from ES. || Returns 0 on success, negative on error
|-
| 72 79 || crypto_syscall_72syscall_79_get(void *buf, u32 len) || Related to thread priorities? Can only be called from ES. || Returns negative on error.
|-
| 73 7a || crypto_syscall_73syscall_7a
|-
| 74 7b || crypto_syscall_74syscall_7b
|-
| 75 7c || crypto_syscall_75|-| 76 || crypto_syscall_76|-| 77 || ?|-| 78 || ?|-| 79 || ?|-| 7A || ?syscall_7c
|}
|-
| 4 || write(const char *string) || Prints a null-terminated debug message. || none.
|}
 
== IOSC built-in key handles ==
The above crypto commands use key/crypto object handles. These handles can be either from IOSC_CreateObject(which can then be initialized with IOSC_ImportSecretKey in the case of AES), or a built-in handle. The available built-in handles/ids are listed below.
 
Names starting with IOSC are official names which were found in the GPLed parts of IOS.
 
{|border=1 class="wikitable"
|+ List of built-in key handles in IOS
|-
! ID !! Internal name !! Description
|-
| 0 || IOSC_DEV_SIGNING_KEY_HANDLE || ECC-233 private key (source: xyzzy)
|-
| 1 || IOSC_DEV_ID_HANDLE || Console ID
|-
| 2 || IOSC_FS_ENC_HANDLE || NAND AES-128 key
|-
| 3 || IOSC_FS_MAC_HANDLE || NAND HMAC
|-
| 4 || IOSC_COMMON_ENC_HANDLE || Common key
|-
| 5 || IOSC_BACKUP_ENC_HANDLE || PRNG seed (source: xyzzy)
|-
| 6 || IOSC_APP_ENC_HANDLE || SD AES-128 key (source: xyzzy)
|-
| 7 || IOSC_BOOTOSVER_HANDLE || boot2 version (4 bytes, updated by ES_ImportBoot with the low 32 bits from the TMD IOS title ID field)
|-
| 8 || IOSC_CACRLVER_HANDLE || Unknown - Appears to be unused
|-
| 9 || IOSC_SIGNERCRLVER_HANDLE || Unknown - Appears to be unused
|-
| 10 || IOSC_FSVER_HANDLE || Unknown - Used in the FS driver - [[Hardware/SEEPROM|SEEPROM]] NAND generation?
|-
| 11 || IOSC_COMMON2_ENC_HANDLE || Korean common key
|-
|}

Navigation menu