What is NID, how I could get and why

bubugian · Post by **bubugian** » Thu Aug 13, 2009 7:01 pm

Hi all,
I'm new with psp programming so, please be patient if my questions are banal.

In some posts I found some reference to NID.
Seems that NID is used for hooking sce function.

I'm not sure to have understood so, I'm going to post some simple answer:

- What is NID ?
- Where is NID (how I discover it, with wich tools) ?
- Why I shoud hook a sce function ?
- How I coul hook a function ?

Thanks all !

slasher2661996 · Post by **slasher2661996** » Thu Aug 13, 2009 7:51 pm

Q1: Well, a nid is the memory address 0x000000 etc. to a reference to a firmware function

Q2: http://silverspring.lan.st/

Q3: You should hook a function is you want to track the usage, do something before the function executes etc.

Q4: Search this forum "easy hook example"

m0skit0 · Post by **m0skit0** » Thu Aug 13, 2009 8:48 pm

Q1: A NID is just a 32-bits function ID for the kernel to recognize it and resolve it on the ELF imports. It's the SHA1 hash for the function name. Each NID is unique (hopefuly) and it's related to an export library, which in turn is related to PRX modules.

slasher2661996 · Post by **slasher2661996** » Thu Aug 13, 2009 8:49 pm

m0skit0 wrote:Q1: NID is just a function ID for the kernel to recognize it and resolve it on the ELF imports. It's the SHA1 hash for the function name.

That, i didn't know ;)

Dariusc123456 · Post by **Dariusc123456** » Fri Aug 14, 2009 4:33 am

m0skit0 wrote:Q1: A NID is just a 32-bits function ID for the kernel to recognize it and resolve it on the ELF imports. It's the SHA1 hash for the function name. Each NID is unique (hopefuly) and it's related to an export library, which in turn is related to PRX modules.

A nid isn't really "unique" for each function since its some of the nids are randomize since 3.71 (or 3.60 i think). Only some of the nids are a 32 bit ID sha-1 (including in the unofficial pspsdk).

m0skit0 · Post by **m0skit0** » Fri Aug 14, 2009 5:24 am

I think you meant only some functions got their NID randomized. You can try this links to see what i'm saying:

Function name & NID for 5.00 FW:
http://prxlibdocs.dark-alex.org/5.00/index.html

Online SHA1 calculator
http://sha1-hash-online.waraxe.us/

Take any resolved function name (that is, things like sceUsbBus_driver_48CCE3C1 are just library name + NID and not the real function name, so it doesnt work), put it in the text box, click "calculate hash" button and compare first 4 bytes of hash to function's NID in reverse order: compare first byte of hash with last byte of NID and so on.

Let me know when you find one that doesn't coincide.

J.F. · Post by **J.F.** » Fri Aug 14, 2009 5:50 am

All NIDs used to be just the SHA1 hash of the function name... emphasis on used to be. User functions still are since Sony clearly can't change the user functions. However, in an effort to defeat custom firmware, Sony started randomizing the kernel function NIDs starting at 3.70. Not all kernel functions either, just many of the ones custom firmware relies on.

So user function NIDs will still match the SHA1 hash of the name, but many of the kernel function NIDs won't.

Dariusc123456 · Post by **Dariusc123456** » Fri Aug 14, 2009 7:21 am

Could it be possible that Sony is using the sha-1 but added on some random numbers to confuse cfw/homebrew developers?

Jim · Post by **Jim** » Fri Aug 14, 2009 10:31 pm

You think?! Genius!