WiiUBrew

Changes

Hardware/SEEPROM (view source)

Revision as of 23:08, 19 December 2016

928 bytes added ,  23:08, 19 December 2016
More SEEPROM stuff
Line 10: Line 10:  
! Description
 
! Description
 
|-
 
|-
| 0x000 (0x00 * 2) || 0x12 bytes || Empty.
+
| 0x000 (0x00 * 2) || 0x12 bytes || Empty
 
|-
 
|-
| 0x012 (0x09 * 2) || 0x08 bytes || SEEPROM PRNG seed.
+
| 0x012 (0x09 * 2) || 0x08 bytes || SEEPROM RNG seed
  Incremented every time IOS-CRYPTO starts.  
+
  This seed is incremented every time IOS-CRYPTO starts.  
  Used with the OTP's RNG key and the OTP's RNG seed to setup IOSU's PRNG.
+
  It is also combined with the OTP's RNG key and the OTP's RNG seed to setup the IOS-CRYPTO RNG functions.
 
|-
 
|-
| 0x01A (0x0D * 2) || 0x06 bytes || Empty.
+
| 0x01A (0x0D * 2) || 0x06 bytes || Empty
 
|-
 
|-
| 0x020 (0x10 * 2) || 0x04 bytes || PPC PVR (0x70010201).
+
| 0x020 (0x10 * 2) || 0x04 bytes || PPC PVR  
 +
Should always be 0x70010201.
 
|-
 
|-
| 0x024 (0x12 * 2) || 0x06 bytes || ASCII tag.
+
| 0x024 (0x12 * 2) || 0x06 bytes || SEEPROM version name string
 
|-
 
|-
| 0x02A (0x15 * 2) || 0x06 bytes || Unknown.
+
| 0x02A (0x15 * 2) || 0x02 bytes || SEEPROM version code
 
|-
 
|-
| 0x030 (0x18 * 2) || 0x08 bytes || OTP tag.
+
| 0x02C (0x16 * 2) || 0x02 bytes || OTP version code
 
|-
 
|-
| 0x038 (0x1C * 2) || 0x04 bytes || BC struct's CRC32.
+
| 0x02E (0x17 * 2) || 0x02 bytes || OTP revision code
 
|-
 
|-
| 0x03C (0x1E * 2) || 0x02 bytes || BC struct's size.
+
| 0x030 (0x18 * 2) || 0x08 bytes || OTP version name string
 
|-
 
|-
| 0x03E (0x1F * 2) || 0x02 bytes || BC library version.
+
| 0x038 (0x1C * 2) || 0x04 bytes || BC struct's CRC32
 
|-
 
|-
| 0x040 (0x20 * 2) || 0x02 bytes || BC author.
+
| 0x03C (0x1E * 2) || 0x02 bytes || BC struct's size
 
|-
 
|-
| 0x042 (0x21 * 2) || 0x02 bytes || BC boardType.
+
| 0x03E (0x1F * 2) || 0x02 bytes || BC library version
 
|-
 
|-
| 0x044 (0x22 * 2) || 0x02 bytes || BC boardRevision.
+
| 0x040 (0x20 * 2) || 0x02 bytes || BC author
 
|-
 
|-
| 0x046 (0x23 * 2) || 0x02 bytes || BC bootSource.
+
| 0x042 (0x21 * 2) || 0x02 bytes || BC boardType
 
|-
 
|-
| 0x048 (0x24 * 2) || 0x02 bytes || BC ddr3Size.
+
| 0x044 (0x22 * 2) || 0x02 bytes || BC boardRevision
 
|-
 
|-
| 0x04A (0x25 * 2) || 0x02 bytes || BC ddr3Speed.
+
| 0x046 (0x23 * 2) || 0x02 bytes || BC bootSource
 
|-
 
|-
| 0x04C (0x26 * 2) || 0x02 bytes || BC ppcClockMultiplier.
+
| 0x048 (0x24 * 2) || 0x02 bytes || BC ddr3Size
 
|-
 
|-
| 0x04E (0x27 * 2) || 0x02 bytes || BC iopClockMultiplier.
+
| 0x04A (0x25 * 2) || 0x02 bytes || BC ddr3Speed
 
|-
 
|-
| 0x050 (0x28 * 2) || 0x02 bytes || BC video1080p.
+
| 0x04C (0x26 * 2) || 0x02 bytes || BC ppcClockMultiplier
 
|-
 
|-
| 0x052 (0x29 * 2) || 0x02 bytes || BC ddr3Vendor.
+
| 0x04E (0x27 * 2) || 0x02 bytes || BC iopClockMultiplier
 
|-
 
|-
| 0x054 (0x2A * 2) || 0x02 bytes || BC movPassiveReset.
+
| 0x050 (0x28 * 2) || 0x02 bytes || BC video1080p
 
|-
 
|-
| 0x056 (0x2B * 2) || 0x02 bytes || BC sysPllSpeed.
+
| 0x052 (0x29 * 2) || 0x02 bytes || BC ddr3Vendor
 
|-
 
|-
| 0x058 (0x2C * 2) || 0x02 bytes || BC sataDevice.
+
| 0x054 (0x2A * 2) || 0x02 bytes || BC movPassiveReset
 
|-
 
|-
| 0x05A (0x2D * 2) || 0x02 bytes || BC consoleType.
+
| 0x056 (0x2B * 2) || 0x02 bytes || BC sysPllSpeed
 
|-
 
|-
| 0x05C (0x2E * 2) || 0x04 bytes || BC devicePresence.
+
| 0x058 (0x2C * 2) || 0x02 bytes || BC sataDevice
 
|-
 
|-
| 0x060 (0x30 * 2) || 0x20 bytes || Reserved for BC ("BoardConfig") library.
+
| 0x05A (0x2D * 2) || 0x02 bytes || BC consoleType
 
|-
 
|-
| 0x080 (0x40 * 2) || 0x10 bytes || Wii U drive key.
+
| 0x05C (0x2E * 2) || 0x04 bytes || BC devicePresence
 
|-
 
|-
| 0x090 (0x48 * 2) || 0x10 bytes || Wii U factory key (cleared by IOS-MCP).
+
| 0x060 (0x30 * 2) || 0x20 bytes || Reserved for BC ("BoardConfig") library
 
|-
 
|-
| 0x0A0 (0x50 * 2) || 0x10 bytes || Wii U devkit key (?).
+
| 0x080 (0x40 * 2) || 0x10 bytes || Wii U drive key
 
|-
 
|-
| 0x0B0 (0x58 * 2) || 0x10 bytes || Wii U USB key seed.
+
| 0x090 (0x48 * 2) || 0x10 bytes || Wii U factory key
 +
This key is cleared by IOS-MCP at factory.
 +
|-
 +
| 0x0A0 (0x50 * 2) || 0x10 bytes || Wii U SHDD key
 +
|-
 +
| 0x0B0 (0x58 * 2) || 0x10 bytes || Wii U USB key seed
 
  This seed is encrypted with a key from OTP then used to set the /dev/crypto USB key.
 
  This seed is encrypted with a key from OTP then used to set the /dev/crypto USB key.
  The first 4 bytes of this key must match the last 4 bytes of a 0x10 seed stored in the OTP.
+
  The first 0x04 bytes of this key must match the Wii U NG ID.
 
|-
 
|-
| 0x0C0 (0x60 * 2) || 0x02 bytes || Drive key's status flag.
+
| 0x0C0 (0x60 * 2) || 0x02 bytes || Drive key's status flag
 
  If the flag is 0xFFFF, the drive key is set and encrypted with the Wii U SEEPROM key.
 
  If the flag is 0xFFFF, the drive key is set and encrypted with the Wii U SEEPROM key.
 
  If the flag is 0x0000, the drive key is set and in plain form.
 
  If the flag is 0x0000, the drive key is set and in plain form.
 
|-
 
|-
| 0x0C2 (0x61 * 2) || 0x02 bytes || USB key seed's status flag.
+
| 0x0C2 (0x61 * 2) || 0x02 bytes || USB key seed's status flag
 
|-
 
|-
| 0x0C4 (0x62 * 2) || 0x02 bytes || Devkit key's status flag.
+
| 0x0C4 (0x62 * 2) || 0x02 bytes || SHDD key's status flag
  If the flag is 0xFFFF, the devkit key is set and encrypted with a key from OTP.
+
  If the flag is 0xFFFF, the SHDD key is set and encrypted with a key from OTP.
  If the flag is 0x0000, the devkit key is not set.
+
  If the flag is 0x0000, the SHDD key is not set.
 
|-
 
|-
| 0x0C6 (0x63 * 2) || 0x6A bytes || Empty.
+
| 0x0C6 (0x63 * 2) || 0x6A bytes || Empty
 
|-
 
|-
| 0x130 (0x98 * 2) || 0x04 bytes || Unknown.
+
| 0x130 (0x98 * 2) || 0x04 bytes || Unknown
 
|-
 
|-
| 0x134 (0x9A * 2) || 0x04 bytes || Unknown.
+
| 0x134 (0x9A * 2) || 0x02 bytes || Unknown
 
|-
 
|-
| 0x138 (0x9C * 2) || 0x08 bytes || Unknown.
+
| 0x136 (0x9B * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x138 (0x9C * 2) || 0x08 bytes || Empty
 
|-
 
|-
 
| 0x140 (0xA0 * 2) || 0x04 bytes || slc:sys_prod.version
 
| 0x140 (0xA0 * 2) || 0x04 bytes || slc:sys_prod.version
Line 112: Line 120:  
| 0x170 (0xB8 * 2) || 0x10 bytes || slc:sys_prod.model_number
 
| 0x170 (0xB8 * 2) || 0x10 bytes || slc:sys_prod.model_number
 
|-
 
|-
| 0x180 (0xC0 * 2) || 0x04 bytes || Unknown.
+
| 0x180 (0xC0 * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x182 (0xC1 * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x184 (0xC2 * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x186 (0xC3 * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x188 (0xC4 * 2) || 0x02 bytes || Production date (year)
 +
|-
 +
| 0x18A (0xC5 * 2) || 0x02 bytes || Production date (month and day)
 +
|-
 +
| 0x18C (0xC6 * 2) || 0x02 bytes || Production date (hour and minute)
 +
|-
 +
| 0x18E (0xC7 * 2) || 0x04 bytes || CRC32 of the last 0x0E bytes
 +
|-
 +
| 0x192 (0xC9 * 2) || 0x02 bytes || 0xAA55 marker
 +
|-
 +
| 0x194 (0xCA * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x196 (0xCB * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x198 (0xCC * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x19A (0xCD * 2) || 0x04 bytes || Empty
 +
|-
 +
| 0x19E (0xCF * 2) || 0x04 bytes || Unknown
 +
|-
 +
| 0x1A2 (0xD1 * 2) || 0x02 bytes || 0xBB66 marker
 +
|-
 +
| 0x1A4 (0xD2 * 2) || 0x02 bytes || Unknown
 +
|-
 +
| 0x1A6 (0xD3 * 2) || 0x02 bytes || Unknown
 
|-
 
|-
| 0x184 (0xC2 * 2) || 0x0C bytes || Unknown.
+
| 0x1A8 (0xD4 * 2) || 0x08 bytes || Unknown string
 
|-
 
|-
| 0x190 (0xC8 * 2) || 0x10 bytes || Unknown.
+
| 0x1B0 (0xD8 * 2) || 0x02 bytes || Unknown
 
|-
 
|-
| 0x1A0 (0xD0 * 2) || 0x08 bytes || Unknown.
+
| 0x1B2 (0xD9 * 2) || 0x02 bytes || Unknown
 
|-
 
|-
| 0x1A8 (0xD4 * 2) || 0x08 bytes || ASCII tag.
+
| 0x1B4 (0xDA * 2) || 0x08 bytes || Empty
 
|-
 
|-
| 0x1B0 (0xD8 * 2) || 0x10 bytes || Unknown.
+
| 0x1BC (0xDE * 2) || 0x04 bytes || Unknown
 
|-
 
|-
| 0x1C0 (0xE0 * 2) || 0x10 bytes || Boot parameters (encrypted with Wii U SEEPROM key).
+
| 0x1C0 (0xE0 * 2) || 0x10 bytes || Boot parameters (encrypted with Wii U SEEPROM key)
 
  Structure containing parameters for boot0:
 
  Structure containing parameters for boot0:
   - 0x1C0 to 0x1C2 (0x02 bytes): Control flags (clock config + SMC delay?):
+
   - 0x1C0 to 0x1C2 (0x02 bytes): CPU control flags.
                                  -> bits 0-9 set the cpu speed in MHz used for various IO delay calculations.
+
    -> Bits 0-9 set the CPU speed in MHz used for various IO delay calculations.
                                  -> bits 10-14 set an io delay length before asking SMC if an SD boot has been requested.
+
    -> Bits 10-14 set a delay before asking SMC if the SD boot combo has been pressed.
                                  -> bit 15, if set, causes 0x3 to be written to LT_IOP2X and waits for interrupt (presumably after clock increased)
+
    -> Bit 15, if set, causes 0x3 to be written to LT_IOP2X (increasing the ARM CPU clock multiplier) and waits for an interrupt.
 
+
   - 0x1C2 to 0x1C4 (0x02 bytes): NAND and SD control flags.
   - 0x1C2 to 0x1C4 (0x02 bytes): Control flags (NAND config):
+
    -> Bit 13 tells boot0 to overwrite NAND_BANK with the supplied value.
                                  -> bit 13 tells boot0 to overwrite NAND_BANK with the supplied value.
+
    -> Bit 14 tells boot0 to overwrite NAND_CONFIG with the supplied value.
                                  -> bit 14 tells boot0 to overwrite NAND_CONFIG with the supplied value.
+
    -> Bit 15 tells boot0 to ignore NAND errors.
 
   - 0x1C4 to 0x1C8 (0x04 bytes): Value to overwrite NAND_CONFIG (optional).
 
   - 0x1C4 to 0x1C8 (0x04 bytes): Value to overwrite NAND_CONFIG (optional).
 
   - 0x1C8 to 0x1CC (0x04 bytes): Value to overwrite NAND_BANK (optional).
 
   - 0x1C8 to 0x1CC (0x04 bytes): Value to overwrite NAND_BANK (optional).
 
   - 0x1CC to 0x1D0 (0x04 bytes): CRC32 of data from 0x1C0 to 0x1CC.
 
   - 0x1CC to 0x1D0 (0x04 bytes): CRC32 of data from 0x1C0 to 0x1CC.
 
|-
 
|-
| 0x1D0 (0xE8 * 2) || 0x10 bytes || Boot parameters (encrypted with Wii U SEEPROM key).
+
| 0x1D0 (0xE8 * 2) || 0x10 bytes || Boot parameters (encrypted with Wii U SEEPROM key)
 
  Structure containing parameters for boot0:
 
  Structure containing parameters for boot0:
 
   - 0x1D0 to 0x1D2 (0x02 bytes): boot1 version.
 
   - 0x1D0 to 0x1D2 (0x02 bytes): boot1 version.
Line 145: Line 185:  
   - 0x1DC to 0x1E0 (0x04 bytes): CRC32 of data from 0x1D0 to 0x1DC.
 
   - 0x1DC to 0x1E0 (0x04 bytes): CRC32 of data from 0x1D0 to 0x1DC.
 
|-
 
|-
| 0x1E0 (0xF0 * 2) || 0x10 bytes || Boot parameters (encrypted with Wii U SEEPROM key).
+
| 0x1E0 (0xF0 * 2) || 0x10 bytes || Boot parameters (encrypted with Wii U SEEPROM key)
 
  Structure containing parameters for boot0:
 
  Structure containing parameters for boot0:
 
   - 0x1E0 to 0x1E2 (0x02 bytes): boot1 copy version.
 
   - 0x1E0 to 0x1E2 (0x02 bytes): boot1 copy version.
Line 152: Line 192:  
   - 0x1EC to 0x1F0 (0x04 bytes): CRC32 of data from 0x1E0 to 0x1EC.
 
   - 0x1EC to 0x1F0 (0x04 bytes): CRC32 of data from 0x1E0 to 0x1EC.
 
|-
 
|-
| 0x1F0 (0xF8 * 2) || 0x10 bytes || Empty.
+
| 0x1F0 (0xF8 * 2) || 0x10 bytes || Empty
 
|-
 
|-
 
|}
 
|}
Retrieved from "https://wiiubrew.org/wiki/Special:MobileDiff/2383"