NID’s – SCE trickery & fake names
In a previous post http://my.malloc.us/silverspring/2008/02/18/sborps-random-fact-01/ I wrote about SCE using fake names for their functions especially for their crypto libraries.
Here is another classic example, from the sceChnnlsv lib – the savegame encryption library (chnnlsv is also a meaningless jumble of letters just like the names of the other crypt libs):
- 0xe7833020 sceSdSetIndex
- 0xf21a1fca sceSdRemoveValue
- 0xc4c494f8 sceSdGetLastIndex
- 0xabfdfc8b sceSdCreateList
- 0x850a7fa1 sceSdSetMember
- 0x21be78b4 sceChnnlsv_21BE78B4 (not yet cracked)
The names have nothing to do with what the actual functions do and actually should be named something like this:
- sceSdSetIndex – sceSdCipherInit
- sceSdRemoveValue – sceSdCipherUpdate
- sceSdGetLastIndex – sceSdCipherFinal
- sceSdCreateList – sceSdMacInit
- sceSdSetMember – sceSdMacUpdate
- sceChnnlsv_21BE78B4 – sceSdMacFinal
The sceChnnlsv lib is already in the PSPSDK and the prototypes worked out. Now we have the correct names for them; however they are intentionally fake (I suspect in the SCESDK they may use more meaningful names in their code which their toolchain later converts to these fake names that you see in the exports table).
Almost every crypto lib uses fake function names. Which is why the nids for them are so much more difficult to crack. There are several crypto libs still with completely unknown names: sceMcctrl, sceMemab, sceMemlmd, sceMesgLed, sceSemawm.
Leave a Reply