Virage2

From iQueBrew
Revision as of 12:56, 2 May 2018 by Asper (talk | contribs) (Created page with "OTP is stored somewhere inside a console chip (maybe inside the "big" NEC chip) and seems to be called "virage2" inside SDK code. OTP can be dumped together with bootROM using...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

OTP is stored somewhere inside a console chip (maybe inside the "big" NEC chip) and seems to be called "virage2" inside SDK code. OTP can be dumped together with bootROM using a patched .rec file able to launch a modified .sta save file.

Offset Size Description Note
0x00 0x14 SK Hash common
0x14 0x10 ROM Patch common
0x24 0x10 ROM Patch common
0x34 0x10 ROM Patch common
0x44 0x10 ROM Patch common
0x54 0x20 EccPublicKey per-console
0x74 0x04 bbId per-console
0x78 0x40 EccPrivateKey per-console
0xB8 0x10 bootAppKey - COMMON KEY common
0xC8 0x10 recryptListKey per-console
0xD8 0x10 appStateKey per-console
0xE8 0x10 selfMsgKey per-console
0xF8 0x04 csumAdjust per-console
0xFC 0x04 jtagEnable common
Retrieved from "http://www.iquebrew.org/index.php?title=Virage2&oldid=736"