SBORPS Random Fact 05
September 3rd, 2008 silverspringSCE make typo’s too.
In the sceRtc lib I noticed an export sceRtc_029CA3B3 that was mapped to the same function that the export sceRtcGetAccumulativeTime was mapped to. Researching some more I noticed that sceRtc_029CA3B3 had existed ever since 1.00 but sceRtcGetAccumulativeTime was only added in 1.50. They are both mapped to the same function. I then realised that the cause of this might be because of a misspelling of the original function and that sceRtcGetAccumulativeTime was the corrected version added in 1.50.
So then, how to crack this NID.
It is not easy to try to guess a misspelling. A per-letter bruteforce would’ve taken too long so I simply tried the most common typo’s and, after many many permutations, I eventually guessed correctly:
- 0x029CA3B3 sceRtcGetAccumlativeTime (it’s missing a ‘u’)
This is not the only typo either. More than once they have spelt “register” as “regitser”.
- 0xDB9D28DD scePowerUnregitserCallback
- 0xDFA8BAF8 scePowerUnregisterCallback
And problems obviously stemming from the fact that the programmers are Japanese:
- 0xB795D2ED sceNandCollectEcc
- 0x88CC9F72 sceNandCorrectEcc
You’ll also notice that the old misspelled entry still exists even though a corrected version was added. The reason for this is for compatibility. Older apps had used the original misspelled function so the NID couldn’t be changed. This is somewhat fixed now that kernel NID’s are randomised in newer firmwares. There will only be one entry for each function now that the NID isn’t derived from the name of the function.
So, sometimes when it seems that an NID is impossible to crack it may simply be because of a stupid SCE typo :p.