a9怎么对PS3a9破解怎么看luma版本那么敏感
点击联系发帖人
时间:2017-04-20 23:05
查看: 9607|回复: 110
骑士, 积分 2899, 距离下一级还需 101 积分
精华0帖子威望0 点积分2899 点注册时间最后登录
这里说的水王,并不是单指发帖的频率和密度,比如N神吧,他发帖频率很高,但N神并不是仅仅灌水而已,很多帖子表明,他对很多游戏(日式居多,我感觉)还是颇有研究的。
这里说的水王,大概指的是发帖纯水的那种。。。频率和密度不见得占多大权重,我个人认为,占30%最多了。而真正意义上的“水”字,体现的最淋漓尽致的人,才是咱们A9当之无愧的水王!!!!
请大家一定要客观投票!
单选投票, 共有 102 人参与投票
1. &辉煌的右手
93.14% (95)
您所在的用户组没有投票权限
终结者, 积分 9627, 距离下一级还需 2373 积分
精华0帖子威望0 点积分9627 点注册时间最后登录
不知道怎么回事,不过好像很厉害的样子···
我是个变态
噬魂者, 积分 75548, 距离下一级还需 24452 积分
精华0帖子威望0 点积分75548 点注册时间最后登录
不是有一个人就叫水王吗
很有名的& &大家都知道他& & 头像即本人
我踏月色而来
终结者, 积分 9624, 距离下一级还需 2376 积分
精华0帖子威望0 点积分9624 点注册时间最后登录
不知道,进来看看!!!!!!!!!!!!
↑ 镜中花 ↑
终结者, 积分 11377, 距离下一级还需 623 积分
精华1帖子威望1 点积分11377 点注册时间最后登录
没见过N神清晨刷屏的才敢说N神不水 ╮(╯▽╰)╭
僕は変態じゃないよ!
征服者, 积分 6761, 距离下一级还需 1239 积分
精华1帖子威望1 点积分6761 点注册时间最后登录
舍N其谁………………………………
终结者, 积分 11274, 距离下一级还需 726 积分
精华0帖子威望0 点积分11274 点注册时间最后登录
擦,看成A9女王三选一了!!!!!!!!!!!!!
=w=与日俱帅是不行的
征服者, 积分 6259, 距离下一级还需 1741 积分
精华0帖子威望0 点积分6259 点注册时间最后登录
...虽然经常去PS3区,但是怎么没有在候选区里面看到猴子..
终结者, 积分 11626, 距离下一级还需 374 积分
精华1帖子威望11 点积分11626 点注册时间最后登录
本帖最后由 觉醒美希 于
00:43 编辑
怎么没有超人兄?超人兄可是N神的接班人~~~我提名超人~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
该用户已被禁言
该用户已被禁言
精华0帖子威望0 点积分4006 点注册时间最后登录
右手君是后起之秀,其实还有一个水王忘记较啥了,势头也不必右手君差。N神我居然没有任何印象。。。
Powered by
扫描二维码
下载 A9VG 客户端(iOS, Android)[推荐]搬运一下关于破解SONY PS3-PSN游戏授权国外大神的详细分析含psn游戏
搬运一下关于破解SONY PS3-GAME游戏授权系统国外大神的详细分析含PSN游戏
原帖地址:/forums/ps3-cfw-mfw/psn-games-decrypted-ps3-custom-firmware-3-55-duplex-121017.html
转载:大老
原帖标题:PSN Games Decrypted for PS3 Custom Firmware 3.55 by DUPLEX!
Today PlayStation 3 scene release group DUPLEX, who recently leaked the full PS3 3.40 SDK which was then followed by the PS3 3.60 SDK, have now released a bunch of PSN games decrypted for PS3 Custom Firmware 3.55 and 3.41 users!
Below is one of the PS3 NFO files for Alien.Breed.Impact.PSN.PS3-DUPLEX.nfo from their PlayStation Network game releases along with an ongoing list of NPDRM decrypted titles, as follows:
Release Info: Alien BreedT Impact is an explosive science fiction arcade-shooter that resurrects a much revered franchise with an epic story, swarms of highly intelligent alien enemies, high-impact weapons, highly detailed a all implemented with superb technology in a state-of-the-art gaming experience.
Notes: Since no scene group managed yet, we thought it's time to work on some PSN games to give everyone something to play for CFW 3.55. Fully decrypted .elfs are included as proof and of course for educational purposes&&
1.) copy files to FAT32 USB Key/USB Disk
2.) install game *DUPLEX.*.Install.pkg
3.) install patch *DUPLEX.*.Patch.vX.XX.pkg if any
4.) install crack *DUPLEX.*.Crack.pkg
o& & & & Watchmen.The.End.is.Nigh.Part.2.PSN.PS3-DUPLEX PlayStation
o& & & & Watchmen.The.End.is.Nigh.Part.1.PSN.PS3-DUPLEX PlayStation
o& & & & UNO.PSN.PS3-DUPLEX PlayStation
o& & & & Super.Stardust.HD.PSN.PS3-DUPLEX PlayStation
o& & & & Sonic.The.Hedgehog.4.Episode.1.PSN.PS3-DUPLEX PlayStation
o& & & & Puzzelgeddon.PSN.PS3-DUPLEX PlayStation
o& & & & Plants.vs.Zombies.PSN.PS3-DUPLEX PlayStation
o& & & & PixelJunk.Monsters.PSN.PS3-DUPLEX PlayStation
o& & & & Limbo.PSN.PS3-DUPLEX PlayStation
o& & & & Spare.Parts.PSN.PS3-DUPLEX PlayStation
o& & & & Ricochet.HD.PSN.PS3-DUPLEX PlayStation
o& & & & Galaga.Legions.DX.PSN.PS3-DUPLEX PlayStation
o& & & & Savage.Moon.PSN.PS3-DUPLEX PSP
o& & & & Dream.Chronicles.PSN.PS3-DUPLEX PSP
o& & & & Deadliest.Warrior.The.Game.PSN.PS3-DUPLEX PlayStation
o& & & & Marvel.vs.Capcom.2.PSN.PS3-DUPLEX PlayStation
o& & & & Earthworm.Jim.HD.PSN.PS3-DUPLEX PlayStation
o& & & & Deadliest.Warrior.Legends.PSN.PS3-DUPLEX PlayStation
o& & & & PacMan.Championship.Edition.DX.PSN.PS3-DUPLEX PlayStation
o& & & & Critter.Crunch.PSN.PS3-DUPLEX PlayStation
o& & & & Costume.Quest.PSN.PS3-DUPLEX PlayStation
o& & & & Castle.Crashers.PSN.PS3-DUPLEX PlayStation
o& & & & Bomberman.Ultra.PSN.PS3-DUPLEX PlayStation
o& & & & BloodRayne.Betrayal.PSN.PS3-DUPLEX PlayStation
o& & & & Blast.Factor.PSN.PS3-DUPLEX PlayStation
o& & & & Beyond.Good.and.Evil.HD.PSN.PS3-DUPLEX PlayStation
o& & & & Bejeweled.2.PSN.PS3-DUPLEX PlayStation
o& & & & Alien.Breed.3.Descent.PSN.PS3-DUPLEX PlayStation
o& & & & Alien.Breed.2.Assault.PSN.PS3-DUPLEX PlayStation
o& & & & Alien.Breed.Impact.PSN.PS3-DUPLEX PlayStation
Lets hope for more coming, and feel free to post links to free file-sharing sites for the modded PKG files to download below! Here are some of the initial download links courtesy of /showpost.php?p=431716&postcount=1:
IF YOU ALREADY HAD A DEMO OF ANY OF THOSE GAMES, or LOST THE ACTIVATION/LICENSE, Just delete the installed PSN game first (your savegame should be intact) and reinstall the Duplex version as a clean install. Should work!
PS: the .elf file is useless. Delete it if you want! It's only for those who want to understand how it works.
Limbo PSN PS3-DUPLEX
Size: 98 MB
/file/kBva9Q...PS3-DUPLEX.rar
/f/MuUT9u/L...PS3-DUPLEX.rar
/file/221159...PS3-DUPLEX.rar
Castle.Crashers.PSN.PS3-DUPLEX
Size: 161 MB
/f/JVftbP/Castl...PS3-DUPLEX.rar
/file/wXtzN6g/Ca...PS3-DUPLEX.rar
/files/a9i2wl...PS3-DUPLEX.rar
/file/221128...PS3-DUPLEX.rar
/file//Ca...PS3-DUPLEX.rar
Costume.Quest.PSN.PS3-DUPLEX
Size: 406 MB
/f/ccsGQj/Costu...PS3-DUPLEX.rar
/file/PK7Xndc/Co...PS3-DUPLEX.rar
/files/b0yfpo...PS3-DUPLEX.rar
/file/221131...PS3-DUPLEX.rar
/file//Co...PS3-DUPLEX.rar
Beyond.Good.and.Evil.HD.PSN.PS3-DUPLEX
Size: 1514 MB
/f/Pb4M6g/Beyon...PLEX.part1.rar
/f/sZbaJj/Beyon...PLEX.part2.rar
/file/ZpjajKV/Be...PLEX.part1.rar
/file/dxVWkzF/Be...PLEX.part2.rar
/files/ak9x4r...PLEX.part1.rar
/files/5lq3k3...PLEX.part2.rar
/file/221122...PLEX.part1.rar
/file/221122...PLEX.part2.rar
/file/Tt9Wv4...PLEX.part1.rar
/file/YQbYzr...PLEX.part2.rar
/file/...PLEX.part1.rar
/file/...PLEX.part2.rar
Ricochet.HD.PSN.PS3-DUPLEX
Size: 337 MB
/file/NCmeZc4/Ri...PS3-DUPLEX.rar
/files/pz22qi...PS3-DUPLEX.rar
/file/221149...PS3-DUPLEX.rar
/file//Ri...PS3-DUPLEX.rar
Plants.vs.Zombies.PSN.PS3-DUPLEX
Size: 109 MB
/f/bCpPj6/Plant...PS3-DUPLEX.rar
/file/ScaJMhv/Pl...PS3-DUPLEX.rar
/files/6n1hpa...PS3-DUPLEX.rar
/file/221221...PS3-DUPLEX.rar
/file//Pl...PS3-DUPLEX.rar
Galaga.Legions.DX.PSN.PS3-DUPLEX
Size: 136 MB
/file/qsjjvDD/Ga...PS3-DUPLEX.rar
/files/lk15td...PS3-DUPLEX.rar
/file/221146...PS3-DUPLEX.rar
Dream.Chronicles.PSN.PS3-DUPLEX
Size: 148 MB
/file/P9kRqrN/Dr...PS3-DUPLEX.rar
/files/vs91qj...PS3-DUPLEX.rar
/file/221141...PS3-DUPLEX.rar
Deadliest.Warrior.The.Game.PSN.PS3-DUPLEX
Size: 1075 MB
/f/cmuvVj/Deadl...PLEX.part1.rar
/f/se3jQM/Deadl...PLEX.part2.rar
/file/AyGCMvZ/De...PLEX.part1.rar
/file/F3vMz2B/De...PLEX.part2.rar
/files/jvpdrq...PLEX.part1.rar
/files/o6s8ts...PLEX.part2.rar
/file/221146...PLEX.part1.rar
/file/221140...PLEX.part2.rar
Deadliest.Warrior.Legends.PSN.PS3-DUPLEX
Size: 1717 MB
/f/xV6h35/Deadl...PLEX.part1.rar
/f/6YKM7N/Deadl...PLEX.part2.rar
/file/5zgx3Vb/De...PLEX.part1.rar
/file/mnGj9R7/De...PLEX.part2.rar
/files/ayrjcn...PLEX.part1.rar
/files/bltgvi...PLEX.part2.rar
/file/221190...PLEX.part1.rar
/file/221141...PLEX.part2.rar
Marvel.vs.Capcom.2.PSN.PS3-DUPLEX
Size: 203 MB
/f/hmmfpF/Marve...PS3-DUPLEX.rar
/file/8knJ5Km/Ma...PS3-DUPLEX.rar
/files/sn51bi...PS3-DUPLEX.rar
/file/221139...PS3-DUPLEX.rar
Earthworm.Jim.HD.PSN.PS3-DUPLEX
Size: 240 MB
/f/2qK7CV/Earth...PS3-DUPLEX.rar
/file/QMQ6bfB/Ea...PS3-DUPLEX.rar
/files/cekos5...PS3-DUPLEX.rar
/file/221136...PS3-DUPLEX.rar
/file//Ea...PS3-DUPLEX.rar
PacMan.Championship.Edition.DX.PSN.PS3-DUPLEX
Size: 251 MB
/f/nUyPqP/PacMa...PS3-DUPLEX.rar
/file/47pbxyu/Pa...PS3-DUPLEX.rar
/files/v9eofj...PS3-DUPLEX.rar
/file/221136...PS3-DUPLEX.rar
/file//Pa...PS3-DUPLEX.rar
Critter.Crunch.PSN.PS3-DUPLEX
Size: 447 MB
/f/fmseG2/Critt...PS3-DUPLEX.rar
/file/6pYWH9D/Cr...PS3-DUPLEX.rar
/files/wbmu1b...PS3-DUPLEX.rar
Bomberman.Ultra.PSN.PS3-DUPLEX
Size: 72 MB
/f/f7PcMs/Bombe...PS3-DUPLEX.rar
/file/xRaVtp4/Bo...PS3-DUPLEX.rar
/files/vq1ok0...PS3-DUPLEX.rar
/file/221127...PS3-DUPLEX.rar
/file//Bo...Ultra.PSN.PS3-
DUPLEX.rar
BloodRayne.Betrayal.PSN.PS3-DUPLEX
Size: 972 MB
/f/FrxvX3/Blood...PS3-DUPLEX.rar
/file/xWKUSgv/Bl...PS3-DUPLEX.rar
/files/kshfnn...PS3-DUPLEX.rar
/file/221122...PS3-DUPLEX.rar
/file/221121...PS3-DUPLEX.rar
/file/T4SD7Tq
Alien.Breed.3.Descent.PSN.PS3-DUPLEX
Size: 1701 MB
/f/JjDYSp/Alien...PLEX.part1.rar
/f/zy4rKV/Alien...PLEX.part2.rar
/file/v2JejjJ/Al...PLEX.part1.rar
/file/UkSDcE8/Al...PLEX.part2.rar
/files/fhxxzb...PLEX.part1.rar
/files/o5mpmq...PLEX.part2.rar
Blast.Factor.PSN.PS3-DUPLEX
Size: 276 MB
/f/AN76Wm/Blast...PS3-DUPLEX.rar
/file/y3hzgXQ/Bl...PS3-DUPLEX.rar
/files/ilgk72...PS3-DUPLEX.rar
/file/221115...PS3-DUPLEX.rar
Bejeweled.2.PSN.PS3-DUPLEX
Size: 49 MB
/f/z8mJjy/Bejew...PS3-DUPLEX.rar
/file/wtQ92vP/Be...PS3-DUPLEX.rar
/files/gax1h7...PS3-DUPLEX.rar
/file/221111...PS3-DUPLEX.rar
/file//Be...PS3-DUPLEX.rar
Alien.Breed.Impact.PSN.PS3-DUPLEX
Size: 1199 MB
/f/QWy4x2/Alien...PLEX.part1.rar
/f/yXTu5J/Alien...PLEX.part2.rar
/file/fq8zZve/Al...PLEX.part1.rar
/file/vUJBDDR/Al...PLEX.part2.rar
/files/dja340...PLEX.part1.rar
/files/me8c1d...PLEX.part2.rar
/file/221134...PLEX.part1.rar
/file/221113...PLEX.part2.rar
Alien.Breed.2.Assault.PSN.PS3-DUPLEX
Size: 1382 MB
/f/e5pta2/Alien...PLEX.part1.rar
/f/BzV8Rr/Alien...PLEX.part2.rar
/file/CpbdGys/Al...PLEX.part1.rar
/file/sNw5DAr/Al...PLEX.part2.rar
/files/25ihhc...PLEX.part1.rar
/files/oxpy21...PLEX.part2.rar
Spare.Parts.PSN.PS3-DUPLEX
Size: 1153 MB
/f/R9AZGX/Spare...PLEX.part1.rar
/f/hKbZnj/Spare...PLEX.part2.rar
/file/WjuZkX3/Sp...PLEX.part1.rar
/file/VNytxzW/Sp...PLEX.part2.rar
/files/z3txri...PLEX.part1.rar
/files/0ij459...PLEX.part2.rar
Puzzelgeddon.PSN.PS3-DUPLEX
Size: 180 MB
/f/T2fwqz/Puzze...PS3-DUPLEX.rar
/file/uxJk9wM/Pu...PS3-DUPLEX.rar
/files/q3rm3i...PS3-DUPLEX.rar
UNO.PSN.PS3-DUPLEX
Size: 262 MB
/f/U97GHj/UNO.PSN.PS3-DUPLEX.rar
/file/Jax2tcx/UN...PS3-DUPLEX.rar
/files/rk515c...PS3-DUPLEX.rar
/file/221156...PS3-DUPLEX.rar
/file//UN...PS3-DUPLEX.rar
Super.Stardust.HD.PSN.PS3-DUPLEX
Size: 520 MB
/f/GrdETy/Super...PS3-DUPLEX.rar
/file/SR5JYK5/Su...PS3-DUPLEX.rar
/files/7za9l1...PS3-DUPLEX.rar
/file//Su...PS3-DUPLEX.rar
Sonic.The.Hedgehog.4.Episode.1.PSN.PS3-DUPLEX
Size: 204 MB
/f/Qwb9UP/Sonic...PS3-DUPLEX.rar
/file/3w2aqVR/So...PS3-DUPLEX.rar
/files/q6ony1...PS3-DUPLEX.rar
/file//So...PS3-DUPLEX.rar
Savage.Moon.PSN.PS3-DUPLEX
Size: 567 MB
/f/EdqDvg/Savag...PS3-DUPLEX.rar
/file/Yc2XAZj/Sa...PS3-DUPLEX.rar
/files/2hva00...PS3-DUPLEX.rar
Watchmen.The.End.is.Nigh.Part.1.PSN.PS3-DUPLEX
Size: 1286 MB
/f/sXfVCn/Watch...PLEX.part1.rar
/f/3FfmhZ/Watch...PLEX.part2.rar
/file/gQ97h22/Wa...PLEX.part1.rar
/file/MKTmGxK/Wa...PLEX.part2.rar
/files/yaqxu6...PLEX.part1.rar
/files/3wadnd...PLEX.part2.rar
/file/221159...PLEX.part2.rar
/file//Wa...PLEX.part1.rar
/file//Wa...PLEX.part2.rar
Watchmen.The.End.is.Nigh.Part.2.PSN.PS3-DUPLEX
Size: 830 MB
/f/X49vgc/Watch...PS3-DUPLEX.rar
/file/AN2rETm/Wa...PS3-DUPLEX.rar
/files/axdbyp...PS3-DUPLEX.rar
/file/221265...PS3-DUPLEX.rar
From JuanNadie aka John Doe comes details on the PlayStation 3 NPDRM Self Algorithm below, as follows:
PS3 NPDRM Self Algorithm
THIS DOES NOT ALLOW TO OBTAIN 3.60+ keys, nor piracy as you require the rif, act.dat and IDPS.
On NPDRM self decryption all the security levels of the PS3 are involved: user space (vsh), kernel space(lv2), hypervisor( lv1) and isolated SPU (metldr + appldr)
The process start on vsh.elf...
Once the vsh detects that user is trying to start a self, it looks for the appinfo header type. If the type is 8, then the control digest element type 3 (NPD element) is located. From this NPD header the vsh gets the license type (free, local or network license).
If a free content(type 3) is detected then a generic klicense will be use for further steps (go to LV2). That klicensee is already public (see geohot npdrm_omac_key_1).
npdrm_omac_key1 : 72FCFFE4C128387 # ps3publictools/include/oddkeys.h
npdrm_omac_key2 : 6BA52976EFDA16EF3C339FBB # ...
npdrm_omac_key3 : 9B515FEACF4D91A54E97 # ...
However if a paid content is to be loaded the vsh loads the act.dat and the rif associated to the content (if local it will locate a file with the same titleid on NPD element, if remote it will download to vsh process memory)
Then the signature is checked (last 0x28 bytes of both RIF and act.dat). The curves used are on vsh.self. It is a 3 element table, having the first curve nulled. The curve index for rif/act is 2. The curve values are negated as in the apploader and has the following structure:
struct curve {
uint8_t p[0x14];
uint8_t a[0x14];
uint8_t b[0x14];
uint8_t N[0x14];
uint8_t Gx[0x14];
uint8_t Gy[0x14];
If the curve checks then vsh will process the rif:
struct rif {
uint8_t unk1[0x10]; //version, license type and user number
uint8_t titleid[0x30]; //Content ID
uint8 padding[0xC]; //Padding for randomness
uint32_t actDatI //Key index on act.dat between 0x00 and 0x7F
uint8 key[0x10]; //encrypted klicensee
uint64_t unk2; //timestamp??
uint64_t unk3; //Always 0
uint8_t rs[0x28];
struct ACTDAT {
uint8_t unk1[0x10]; //Version, User number
uint8_t keyTable[0x800]; //Key Table
uint8_t signature[0x28];
Using the RIF_KEY it will obtain the actdatIndex:
AES_KEY rifK
int result = AES_set_decrypt_key(RIF_KEY, 0x80, &rifKey);
AES_decrypt(&rif-&padding, &rif-&padding, &rifKey);
And finally having the actDat key index the execution pass to LV2 syscall 471
Lv2 is accessed using syscall471 which haves the following syntax:
int syscall_471(uint32_t type, char* titleID, void* klicensee, uint8_t* actdat, uint8_t* rif, int32_t licenseType, uint8_t* magicVersion);
The function has different parameters depending if the content is debug, free or paid:
FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
The lv2 keeps a memory table with contentID and the associated key. When it receives a free content (r5 is not null) then copies the titleID and the klicensee to the table. For a paid content the rif.key is converted to the klicensee using:
AES_KEY IDPSKey, ConstKey, ActDatK
uint8_t encrConst[0x10];
uint8_t decryptedActDat[0x10];
uint8_t klicensee[0x10];
int result = AES_set_encrypt_key(&IDPSVariation, 0x80, &IDPSKey);
AES_encrypt(&CONSTACTDAT, &encrConst, &IDPSKey);
result = AES_set_decrypt_key(&encrConst,0x80,&ConstKey);
AES_decrypt(actDat,&decryptedActDat,&ConstKey);
result = AES_set_decrypt_key(&decryptedActDat,0x80,&ActDatK ey);
AES_decrypt(rif,&klicensee,&ActDatKey);
where CONSTACTDAT is a constant value on lv2, IDPSVaritaion appears to be IDPS (not checked but DRM_Manager_initialize (see graf_chokolo's "bible") to something with the same structure), actdat are the 0x10bytes selected by rif keyIndex, and rif is rif.key (bytes 0x50-0x5f).
Once transformed it is stored on memory table... I haven't check further steps on vsh nor lv2 so perhaps there are further transformations on the paid case (NOT FOR THE FREE AS I HAVE DECRYPTED THOSE) so we are jumping directly to the appldr
As you can see from graf_chokolo payloads a parameter is passed on spu_args.field60. That parameter is the previously stored klicensee.
However this key must be transformed (again) even for the free case. The transformation is:
uint8_t decryptedKLicensee[0x10]
AES_KEY KLicenseeKey
int result = AES_set_decrypt_key(&KLicenseeDecryptKey,0x80,&KLI CENSEEKEY);
AES_decrypt(klicensee,&decryptedKLicensee,&KLicens eeKey);
EY is another key located inside the apploader and klicensee is the parameter.
Then we can finally remove the NPDRM layer using:
uint8_t iv[0x10];
memset(&iv[0],0,0x10);
int result = AES_set_decrypt_key(&KLicenseeDecryptKey,0x80,&key );
AES_cbc_encrypt(self + self-&metaoffset + 0x20, self + self-&metaoffset + 0x20,0x40,&key,&iv,0);
Once that layer is removed we proceed as normal:
o& & & & Decrypt using AESCBC256 with the NPDRM keys to obtain the metadata keys
o& & & & Decrypt using AESCTR128 the data sha, hmac, iv keys
o& & & & Decrypt the data.
First of all, I want to congratulate Euss of ps3devwiki on finding the klicensee decrypt key and provide a proof of concept of the AppLoder part of the algorithm. /index.php?title=Talk:SELF_File_Format_and_Decrypti on
Download: PS3 AppLDR/NPDRM 0.92-3.31 Rev 0x01 (2.39 KB) / UnSelf2_keys (app-priv-102f and app-priv-356) (168 Bytes) by RikuKH3
KLicenseeDecryptKey is located in appldr twice, e.g.
&&Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
&&&&00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&&&&00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&&Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
&&00018EB0&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&&0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&00018ED0&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&&0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&& 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&& 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&& 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&& 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
Now you have the tools to decrypt all free executable content. Euss they key is not duplicated... there are two cases that lead to the same (similar to the keys, two cases so two repeated tables).
Some of you asked what this algorithm is for. It has several use from backing up PSN games so they can be used with/without license (some countries allow backups, but NEVER sharing copyrighted material...) or use game updates on lower firmwares (some updates are NPDRM so they could not be decrypted and downgraded). I don't know if DUPLEX used this method or if they replaced the data with debug versions as some implied...
Also, it can be use is to modify geohot's make_self_npdrm to use non static keys for encoding. I don't know if that would be enough to make a self runnable on 3.56+ firmware. However it is a step on the right direction (I think extra modifications are required). If someone knows which parts of the self is whitelisted it would be an interesting addition to the thread. Sony was publishing 3.55 after 3.56 went online so I really interested to see which part of the SELF was whitelisted.
Others asked for the keys. I can not provide them nor functional code to avoid being sued... Graf and geohot were sued for providing the keys and/or functional code.
However, I can provide a tip on getting the RIF key.... once decrypted bytes 0x40 to 0x4F should be xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 aa where x is random and aa is a number between 0x00 and 0x7F. It is located on the VSH.elf (remember that PPC64 has 8 byte aligment). That is a plaintext attack + dictionary(vsh). You don't need the curves as you can not sign rif nor act.dat (You can only check that file is valid). And the vsh keys can be easily find... graf chokolo called IDPS as device_id_ptr.... and the CONST is very near on code execution...
To yolbulduran: That is a piracy related question. In addition you have published confidential info, which anyone who does RCE should avoid (I do not have the SDK). The answer is NO. Why?. See this code:
ret = sceNpDrmVerifyUpgradeLicense("FAKE_CONTENT_TO_DETECT_CFW");
if(ret == 0){
banConsole();
print("CFW detected. Game will exit");
ret = sceNpDrmVerifyUpgradeLicense("REAL_CONTENT");
if (ret == 0) {
int fd = openEncryptedContent("REAL_CONTENT.edat",......,keyForFile,sizeof(KeyForFile));
if (fd & 0) {
//Do things
First part is an example of how a developers can easily catch that modification and stop execution making it dangerous (could get a ban!!!). You modification says that the console has access to a fake content, which only CFW will have. When patching code the modification should be done only to the case you want to fix. That modification should go on the executable not on npd libraries. That way we do not patch the first verify but we will patch the second...
The second part is the real reason why it wont work... you REQUIRE the rif for opening the edat. The rif holds the klicensee for both SELF and EDAT. In fact I assume that the klicensee follows the same transformation upto the apploader. That key that you see on the command it is only used to check the HMAC on the NPD element (see geohot make_self_npdrm omac calculations)
For executable the problem is similar as when trying to run another PPU executable the program will finish and ask the vsh to run the other process which will undergo the full decryption algorithm... again you need the rif.
But... what will happen if we decrypt the paid edat/SELF using the rif and then resign and encrypt as a free content before executing the code??? (Assuming we can sign edat)
WE CAN SIGN EXECUTABLES UP TO 3.55 THANKS TO FAIL0VERFLOW'S EPIC FAIL... I think people do not really understands what that means...
From granberro: Congratulations and thanks for sharing JuanNadie. Regarding EDAT files, IMHO their encryption is FW version independent, at least for the free content. I have changed geohot's make_self_npdrm to encrypt elfs using a given keypair rather than the static one.
Using that tool and unself2 I have managed create and install LBP2 updates 1 to 4 on a 3.41 PS3. Those updates contains EDAT files and were decrypted by the game flawlessly.
I don't know if it is ok to post links to those pkgs. The npdrm diff (just) the important stuff is:
+#ifdef NPDRM2
+&&memcpy(&md_header, KEY(keypair), sizeof(md_header));
-----------------
+#ifdef NPDRM2
+&&AES_set_encrypt_key(KEY(erk), 256, &aes_key);
+&&memcpy(iv, KEY(iv), 16);
+&&AES_cbc_encrypt(&output_self_data[metadata_offset], &output_self_data[metadata_offset], 0x40, &aes_key, iv, AES_ENCRYPT);
+&&u8 d_klic[0x10];
+&&AES_set_decrypt_key(KLicenseeDecryptKey, 128, &aes_key);
+&&AES_decrypt(npdrm_omac_key1, d_klic, &aes_key);
+&&AES_set_encrypt_key(d_klic, 128, &aes_key);
+&&memset(iv, 0, sizeof iv);
+&&AES_cbc_encrypt(&output_self_data[metadata_offset], &output_self_data[metadata_offset], 0x40, &aes_key, iv, AES_ENCRYPT);
& &memcpy(&output_self_data[metadata_offset], KEY(keypair_e), sizeof(md_header));
Hope it helps.
From JuanNadie: Actually an EDAT has several keys. One is in the SELF, others are at the rif and others on firmware. That an EDAT works on lower firmware only proves that the firmware has those keys.
BTW I have tricked the PS3 into decrypt an EDAT (Buzz). The procedure involves knowing how the NPD element is used (most of this is already published).
& &struct {
& &&&uint32_
& &&&uint32_t unknown2;
& &&&uint32_ /* 1 network, 2 local, 3 free */
& &&&uint32_ /* 1 exec, 21 update */
& &&&uint8_t content_id[48];
& &&&uint8_t digest[16];
& &&&uint8_t titlefilenameHash[16];
& &&&uint8_t headerHash[16];
& &&&uint64_t unknown3;
& &&&uint64_t unknown4;
The NPD has 3 different hashes:
o& & & & The first (digest) is a hash of the decrypted data. I don't know the algorithm nor if it is checked.
o& & & & The second is a CMAC. The key is npdrm_omac_key3, and the message is the titleID (0x30 bytes) concat to the filename (excluding path and case sensitive),
o& & & & The third is again a CMAC. This time the message is the whole NPD from NPD magic to the second hash both included. The key for SELFs launched from the VSH is npdrm_omac_key1 xored with npdrm_omac_key2
But for the rest (Selfs executed inside a program and EDAT) instead of using npdrm_omac_key1 another key is used. That key is called the klicensee (however as that name is already used I would call it devklic (developer klicensee),
That key is selected randomly by the developer(activision, ea, ubisoft, square...) and it is a parameter used when creating a pkg. So for EDAT the key for the third hash is devklic xored with npdrm_omac_key2.
If we are going to recrypt an EDAT we need that key. There are several procedures to obtain it:
o& & & & Decrypt the SELF and use RCE to get it. We'll need an idc that locates the call. Very slow, tricky, requires large knowledge but always work.
o& & & & Hook the call that opens EDAT. Then we retrieve it on parameter r3. Faster, requires modifying the firmware. Always work
o& & & & Brute force it: Decrypt the self and try every combination of 16 sequential bytes on the file. I obtained using this method the key on Buzz and LBP. It faster than RCE but it does not always work (the key could be in other file or obfuscated).
I repeat we will need that key to encrypt an EDAT.
We SONY uses this key? To avoid the following exploit?:
o& & & & Obtain the devklic.
o& & & & On a PS3 where the EDAT is authorized write a program with t
sceNp....Open(devklic, "PATH_TO_FILE",READ_ONLY,fd,NULL,0);
That will create a file descriptor. The read of it will be on clear... and we can then write it to an output file.
How I think this works? Well, you provide the correct klicense, so the system will validate the NPD and send a request to LV2 to set the decryption key (This would be related to rif for paid or to the devklic if free). Then when reading if the LV2 Will ask the appldr to decrypt it).... Note that seek works so probably the decryption can be made by blocks.
BTW something similar was done on PSP.
How can we use this?
o& & & & First is good to have the plain text of something you0re trying to reverse so for devs it could be useful to reverse EDAT algorithm
o& & & & Second you can replace the original file and patch the EBOOT to not use encryption.
o& & & & Third you can create a debug EDAT and path lv2 to accept debug files.
However IMHO any warez release that uses those tricks should be NUKED as that is not the correct procedure (that would be reencrypt the EDAT as free).
Other things:
o& & & & The first hash of NPD needs to be obtained
o& & & & The first 0x80 encrypted bytes of an EDAT (0x90-0x10F) contains a key for decrypting the rest of the file. I think that key is constant for the rest of the file. Reason: the 2 EDAT I decrypted from Buzz has the same contain... which means hash1 is the same (2 and 3 are different cause the filename is different), but the encrypted content in the metadata section changes. Perhaps a signature but I think there is a different key there (the data also changes)
granberro Buen trabajo. I saw your work at elotrolado allowing the use of non static keys on a NPDRM.
mathieulh thanks for the compliments on type 2 NPDRM. I also think that someone should modify make_self_npdrm to make SELFs that work "at least" on 3.55 official firmware...
I haven't fully reversed the EDAT algorithm (I’m missing bytes from 0xB0 to 0xFF) but there is enough info for a post. The explanation is for those with flag (offset 0x80-0x83) equals to 0xC which is a normal EDAT. For others values minor changes should be made. Let's begin.
USER SPACE: (Probably incomplete (enough for decryption), most of it is guessed) On previous post I mentioned the command useds by developers to open/read an EDAT. That command has 3 parts:
o& & & & Verify: This parts verifies the NPD element by checking that user is authorized to open the file (using the devklic). In addition it calls LV2 to create an entry in the memory (probably using syscall471) so for further steps it will use the devklic (free) or the decrypted rif key (paid) (see SELF algorithm). I’ll call this rifkey on the rest of the document.
o& & & & Open the file: This will call kernel space. Performs several checks and creates an entry on another table.
o& & & & Read: It also calls LV2, which will decrypt and send data back.
KERNEL SPACE:
When an open request is received:
o& & & & Read the first 0x100 bytes of the file.
o& & & & Validates first 0xA0 bytes on EDAT. This uses appldr with the following execution (see below):
o& & & & Single execution
o& & & & Encrypted arguments
o& & & & CMAC. Key: rifkey, expectedHash: data at 0xA0-0xAF
o& & & & No Encryption erk:null,riv:null
Validates metadatasections. Again uses appldr:
o& & & & Multi execution. Blocks upto 0xFC00.
o& & & & Encrypted arguments
o& & & & CMAC. Key: rifkey, expectedHash:data at 0x90-0x9F
o& & & & No Encryption: erk:null, riv:null
Once the NPD is validated (We have validated header upto 0xAF and the metadatasections( which validate the data itself)) an entry on a memory table is created, the entry created by syscall471 is erased and returns. I’ll call this the EDATEncryptionDataTable. This table has 10 entries (remember the limitation of simultaneous files opened??...). Each entry has the following structure:
typedef struct {
& & uint64_t fileD
& & uint64_
& & uint64_t fileL
& & uint32_
& & uint32_t blockS
& & uint32_tnumB
& & uint8_t blockBase[0x0C];
& & uint8_t devklic[0x10];
& & uint8_t digest[0x10];& & & &
}EDATEncryptionD
-fileDescriptor: The file descriptor
-offset: An additional offset to calculate the position of the metadataSection. Origin unknown. Values seen 0
-File len: Length of the uncompressed data. Copied from EDAT offset 0x88-0x8F
-flag: Flags required to process the data. Copied from EDAT offset 0x80-0x83. Some flags are:
& & 0x: Debug
& & 0x: SDAT… for those rifkey is calculated differently. Algorithm is not tested yet.
& & 0x: Arguments for appldr are encrypted
& & 0x: Data compressed. MetadataSection length will be 0x20 bytes.
o& & & & blockSize: The data is stored on blocks of that length. Required for decryption. Copied from EDAT offset 0x84-0x87
o& & & & numBlocks: Number of blocks on file. Calculated using: numBlocks = (fileLen + blockSize - 1)/blockSize
o& & & & blockBase: Common part of the key used on decryption. First 0xC bytes of headerHash. Copied from EDAT offset 0x60-0x6B.
o& & & & devklic: Our rif key. Copied from the entry created by syscall471. FOR SDAT it is calculated using other algorithm.
o& & & & padding: the digest from NPD. Will be the IV. Copied from EDAT offset 0x40-0x4F.
When an read request is received:
o& & & & The system determines the blocks required (E.g; read from 0x3FFF to 0x8001 will read blocks 0,1 and 2).
o& & & & For each of the blocks:
o& & & & Calculate the blockKey as blockBase concat blockNumber.
o& & & & Calculate block offset: Start of NPD + offset + 0x100 + metadataSectionLen* numBlocks + blockSize*blockNumber. metadataSectionLen is 0x10 for flag 0xC (if compressed or with special hash would be 0x20).
o& & & & Calculate erk: AESECB128Encrypt, key:rifKey, data:blockKey
o& & & & Calculate hashKey: For 0xC is erk. (Others have an additional encryption)
o& & & & Execute appLdr with the following parameters:
o& & & & Single execution
o& & & & Encrypted arguments
o& & & & CMAC. Key: hashKey, expectedHash: metadataSection[blockIndex].hash
o& & & & EncryptionCBC erk:erk, riv:npd.digest
As you know the appldr is used for decrypting SELFs (that part is documented on the wiki). However there is a second mode that is used for EDAT. To use that mode spu_arg.field35 is 5. For values 0 to 4 it will process a SELF and for others will return error. Graf_chokolo described the structure of spu_args for the SELF. However this changes for EDATs…
typedef struct
& & & & uint64_t unk1;
& & & & uint32_t hashF
& & & & uint32_t encryptionF& && &
& & & & uint64_t unk2;
& & & & uint64_
& & & & uint64_t unk3;
& & & & uint64_t stateA& && &
& & & & uint32_t field30;
& & & & uint8_t&&field34;& && & //Must be 0,1,2
& & & & uint8_t&&field35;& && & //Must be 0,1,2,3
& & & & uint16_t&&field36;& && &//Must be 0,1,2,3,4,5
& & & & uint64_t field38;
& & & & uint8_t hashKey[0x10];
& & & & uint8_t riv[0x10];
& & & & uint8_t erk[0x10];
Above I indicated several parameters for the appldr. Those parameters are controlled by hashFlag and encryptionFlag.
-HashFlag: The hash is performed on input data not decrypted data. So if hash fails nothing is decrypted
MSB indicates how to use parameter hashKey.
0x: Indicates that hashKey is encrypted. Decrypt it with EDATKEY and RIVKEY
& && &&&0x: Ignore hashKEY. USE EDATDEFAULTHASHKEY
& && &&&0x: hashKey is not encrypted. Use it directly
LSB indicates the type of hash.
0x: HMACWithSHA1. Hash Len 0x14 bytes
& && &&&0x: CMAC128. Hash len 0x10 (obvious)
& && &&&0x: HMACWithSHA1. Hash Len 0x10 bytes (Hash is trunked)
-EncryptionFlag:
MSB indicates how to use parameters riv and erk
0x: Indicated that erk is encrypted. Decrypt it with EDATKEY and RIVKEY. riv is copied
& && &&&0x: Ignore riv and erk. Use EDATKEY and RIVKEY
& && &&&0x: Use erk and riv directly
LSB indicates which encoding is used.
0x: No encryption (algorithm is memcpy)
& && &&&0x: AESCBC128Decrypt is used.
When a key must be decrypted the algorithm is AESCBC128Decrypt. Keys SHA1:
EDATKEY: 84E9FC3574EAA11A9462FFA53D5EA46B4D0003BF. Already in wiki
RIVKEY: E129F27CBCDF0A15E160D445066FF. This is top secret :D
EDATDEFAULTHASHKEY: 8A721A06ABC7BB9BF398C5EF5D6F1FD997BC0A56
The multiple execution /single execution refers to the ability of appLdr to store an encrypted (and hashed) data on main memory to resume the hashing/decryption operations on next execution. That data is stored at stateAddress. Basically the functioning has several submodes. One for initialization (that decrypts erk, riv and hkey) and copies the state to main memory, another for processing data, which retrieves the state, process the data and updates the state, and finally another that receives the expected hash and validates. Another submode does all these ops on a single execution (calls the three submodes).
Summing up (for 0xC) for each block:
o& & & & Calculate data offset: 0x100 + offset(0) + metadataSectionLen*numberOfBlocks + currentBlockNumber*blockSize
o& & & & Generate block key: concat first 0xC byte of headerHash with current block number
o& & & & Encrypt block key with rifKey using AESECB128Encrypt. This would be erk and hkey
o& & & & Calculate riv. It is NPD digest field
o& & & & Decrypt erk using AESCBC128Decrypt with EDATKEY and RIVKEY -& call result decryptionKey.
o& & & & Using AESCBC128Decrypt decrypt data from offset to offset + blockSize (if last block calculate remaining bytes rounded up to 0x10 multiple). Key is decryptionKey iv is riv
o& & & & Copy data to output file
After searching for those missing bytes I did not found any reference on code. So I zeroed them and feed the file to the PS3... The file was properly loaded and decrypted so:
o& & & & Those bits are a random padding or
o& & & & They are not checked, nor required for creating an EDAT.
That means that you are able to "free" your EDATs using the method above. Remember that you're going to need the devklic and the rifkey.
Octopus For p3T you don't require the devklic cause for paid decryption you only need the key from rif... so decrypt it and use it directly like any other theme
EXE.trim.ALL You're right on version. LV2 uses that value to check which flags are valid. However unk4 (and unk3) which are at 0x70 are zeroes. Your info is for the next 16 bytes located at 0x80. Also you separate finalize and type. From the assembly I can say that the original source code considers it a signed integer (int32_t) (that or they have a really weird compiler cause it always load that field as a word (PPC can read a single byte)).
BTW the text on flowers says something about "werewolves" and the devklic is written as an ASCII text (not binary). It was the first non free content that I decrypted on PC.
euss IMHO best topic of the last half year was written recently by math on lan.st... half year? nah... last year. It's a pity that I would never enter on efnet (nor other sites) as long as they don't allow proxy and TOR.
Finally a bit of drama: Hotz8611, I reversed your reactPSN to see the your method and discovered that you just used the info on this post. I haven't check the vsh.self mode but I suppose that youre nullifyng the curve check and generate RAP by encrypting the rifkey (An AES and another crypto algorithm of 5 rounds with shuffle, acummulation and xoring.). I thank you for making people provide me all those RAP than I'm able to transform to rifkey but next time give proper credits (I don't know if your works is based on mallory or mine but obviously is based on info in this topic).
First of all, here is an implementation of the algorithm. It is not fully tested (for example with ISO.BIN.EDAT it validates but fails when decrypting) and is missing the decompression algorithm (I tried deflate but is does not work if someone identifies the algorithm please post it. Blocks start with 0x05). Also keys have been eliminated. On previous port you have the SHA1: /SuAukd8B
import java.io.F
import java.io.FileNotFoundE
import java.io.IOE
import java.io.RandomAccessF
import java.io.UnsupportedEncodingE
import java.math.BigI
import java.security.InvalidAlgorithmParameterE
import java.security.InvalidKeyE
import java.security.NoSuchAlgorithmE
import java.security.spec.AlgorithmParameterS
import javax.crypto.C
import javax.crypto.M
import javax.crypto.NoSuchPaddingE
import javax.crypto.ShortBufferE
import javax.crypto.spec.IvParameterS
import javax.crypto.spec.SecretKeyS
public class EDAT {
& & public static final int STATUS_ERROR_INPUTFILE_IO = -100;
& & public static final int STATUS_ERROR_HASHTITLEIDNAME = -1;
& & public static final int STATUS_ERROR_HASHDEVKLIC = -2;
& & public static final int STATUS_ERROR_MISSINGKEY = -3;
& & public static final int STATUS_ERROR_HEADERCHECK = -4;
& & public static final int STATUS_ERROR_DECRYPTING = -5;
& & public static final int STATUS_OK = 0;
& & public static final long FLAG_COMPRESSED = 0xL;
& & public static final long FLAG_0x02 = 0xL;
& & public static final long FLAG_KEYENCRYPTED = 0xL;
& & public static final long FLAG_0x10 = 0xL;
& & public static final long FLAG_0x20 = 0xL;
& & public static final long FLAG_SDAT = 0xL;
& & public static final long FLAG_DEBUG = 0xL;
& &&&* This function reads given file and decrypts it
& &&&* @param inFile EDAT file to decrypt
& &&&* @param outFile Path to store the decrypted data
& &&&* @param devKLic Authentication key. Also used for decryption on free content
& &&&* @param keyFromRif Key obtained after decrypting rif60
& &&&* @return Result of the operation
& & public int decryptFile(String inFile, String outFile, byte[] devKLic, byte[] keyFromRif) throws FileNotFoundException, IOException {
& && &&&File fin = new File(inFile);
& && &&&RandomAccessFile raf =
& && &&&raf = new RandomAccessFile(fin, "r");
& && &&&NPD[] ptr = new NPD[1]; //Ptr to Ptr
& && &&&int result = validateNPD(fin.getName(), devKLic, ptr, raf); //Validate NPD hashes
& && &&&if (result & 0) {
& && && && &
& && &&&NPD npd = ptr[0];
& && &&&EDATData data = getEDATData(raf);
& && &&&byte[] rifkey = getKey(npd, data, devKLic, keyFromRif); //Obtain the key for decryption (result of sc471 or sdatkey)
& && &&&if (rifkey == null) {
& && && && &System.out.println("ERROR: Key for decryption is missing");
& && && && &return STATUS_ERROR_MISSINGKEY;
& && &&&} else {
& && && && &System.out.println("DECRYPTION KEY: " + ConversionUtils.getHexString(rifkey));
& && &&&result = checkHeader(rifkey, data, raf);
& && &&&if (result & 0) {
& && && && &
& && &&&RandomAccessFile out = new RandomAccessFile(outFile, "rw");
& && &&&result = decryptData(raf, out, npd, data, rifkey);
& && &&&if (result & 0) {
& && && && &
& && &&&raf.close();
& && &&&return STATUS_OK;
& & private static final int HEADER_MAX_BLOCKSIZE = 0x3C00;
& & private int checkHeader(byte[] rifKey, EDATData data, RandomAccessFile in) throws IOException {
& && &&&in.seek(0);
& && &&&byte[] header = new byte[0xA0];
& && &&&byte[] out = new byte[0xA0];
& && &&&byte[] expectedHash = new byte[0x10];
& && &&&int numBlocks = (int) ((data.getFileLen().intValue() + data.getBlockSize() - 11) / data.getBlockSize());
& && &&&in.readFully(header);
& && &&&in.readFully(expectedHash);
& && &&&System.out.println("Checking header hash:");
& && &&&AppLoader a = new AppLoader();
& && &&&int hashFlag = ((data.getFlags() & FLAG_KEYENCRYPTED) == 0) ? 0x : 0x;
& && &&&//if ((data.getFlags() & DEBUG_FLAG) != 0) hashFlag |= 0x;&&//Debug check not implemented
& && &&&//Veryfing header
& && &&&boolean result = a.doAll(hashFlag, 0x, header, 0, out, 0, header.length, new byte[0x10], new byte[0x10], rifKey, expectedHash, 0);
& && &&&if (!result) {
& && && && &System.out.println("Error verifying header. Is rifKey valid?");
& && && && &return STATUS_ERROR_HEADERCHECK;
& && &&&System.out.println("Checking metadata hash:");
& && &&&a = new AppLoader();
& && &&&a.doInit(hashFlag, 0x, new byte[0x10], new byte[0x10], rifKey);
& && &&&int sectionSize = ((data.getFlags() & FLAG_COMPRESSED) != 0) ? 0x20 : 0x010;
& && &&&int readed = 0;
& && &&&int baseOffset = 0x100;
& && &&&//baseOffset +=&& //There is an unknown offset to add to the metadatasection... value seen 0
& && &&&long remaining = sectionSize * numB
& && &&&while (remaining & 0) {
& && && && &int lenToRead = (HEADER_MAX_BLOCKSIZE & remaining) ? (int) remaining : HEADER_MAX_BLOCKSIZE;
& && && && &in.seek(baseOffset + readed);
& && && && &byte[] content = new byte[lenToRead];
& && && && &out = new byte[lenToRead];
& && && && &in.readFully(content);
& && && && &a.doUpdate(content, 0, out, 0, lenToRead);
& && && && &readed += lenToR
& && && && &remaining -= lenToR
& && &&&result = a.doFinal(header, 0x90);& && &&&if (!result) {
& && && && &System.out.println("Error verifying metadatasection. Data tampered");
& && && && &return STATUS_ERROR_HEADERCHECK;
& && &&&return STATUS_OK;
& & private byte[] decryptMetadataSection(byte[] metadata) {
& && &&&byte[] result = new byte[0x10];
& && &&&result[0x00] = (byte) (metadata[0xC] ^ metadata[0x8] ^ metadata[0x10]);
& && &&&result[0x01] = (byte) (metadata[0xD] ^ metadata[0x9] ^ metadata[0x11]);
& && &&&result[0x02] = (byte) (metadata[0xE] ^ metadata[0xA] ^ metadata[0x12]);
& && &&&result[0x03] = (byte) (metadata[0xF] ^ metadata[0xB] ^ metadata[0x13]);
& && &&&result[0x04] = (byte) (metadata[0x4] ^ metadata[0x8] ^ metadata[0x14]);
& && &&&result[0x05] = (byte) (metadata[0x5] ^ metadata[0x9] ^ metadata[0x15]);
& && &&&result[0x06] = (byte) (metadata[0x6] ^ metadata[0xA] ^ metadata[0x16]);
& && &&&result[0x07] = (byte) (metadata[0x7] ^ metadata[0xB] ^ metadata[0x17]);
& && &&&result[0x08] = (byte) (metadata[0xC] ^ metadata[0x0] ^ metadata[0x18]);
& && &&&result[0x09] = (byte) (metadata[0xD] ^ metadata[0x1] ^ metadata[0x19]);
& && &&&result[0x0A] = (byte) (metadata[0xE] ^ metadata[0x2] ^ metadata[0x1A]);
& && &&&result[0x0B] = (byte) (metadata[0xF] ^ metadata[0x3] ^ metadata[0x1B]);
& && &&&result[0x0C] = (byte) (metadata[0x4] ^ metadata[0x0] ^ metadata[0x1C]);
& && &&&result[0x0D] = (byte) (metadata[0x5] ^ metadata[0x1] ^ metadata[0x1D]);
& && &&&result[0x0E] = (byte) (metadata[0x6] ^ metadata[0x2] ^ metadata[0x1E]);
& && &&&result[0x0F] = (byte) (metadata[0x7] ^ metadata[0x3] ^ metadata[0x1F]);
& & private EDATData getEDATData(RandomAccessFile in) throws IOException {
& && &&&in.seek(0x80);
& && &&&byte[] data = new byte[0x10];
& && &&&in.readFully(data);
& && &&&return EDATData.createEDATData(data);
& & private boolean compareBytes(byte[] value1, int offset1, byte[] value2, int offset2, int len) {
& && &&&boolean result =
& && &&&for (int i = 0; i & i++) {
& && && && &if (value1[i + offset1] != value2[i + offset2]) {
& && && && && & result =
& && && && && &
& && && && &}
& & private int validateNPD(String filename, byte[] devKLic, NPD[] npdPtr, RandomAccessFile in) throws IOException {
& && &&&in.seek(0);
& && &&&byte[] npd = new byte[0x80];
& && &&&in.readFully(npd);
& && &&&byte[] extraData = new byte[0x04];
& && &&&in.readFully(extraData);
& && &&&long flag = ConversionUtils.be32(extraData, 0);
& && &&&if ((flag & FLAG_SDAT) != 0) {
& && && && &System.out.println("INFO: SDAT detected. NPD header is not validated");
& && &&&} else if (!checkNPDHash1(filename, npd)) {
& && && && &return STATUS_ERROR_HASHTITLEIDNAME;
& && &&&} else if (devKLic == null) {
& && && && &System.out.println("WARNING: Can not validate devklic header");
& && &&&} else if (!checkNPDHash2(devKLic, npd)) {
& && && && &return STATUS_ERROR_HASHDEVKLIC;
& && &&&npdPtr[0] = NPD.createNPD(npd);;
& && &&&return STATUS_OK;
& & private boolean checkNPDHash1(String filename, byte[] npd) throws UnsupportedEncodingException {
& && &&&byte[] fileBytes = filename.getBytes("US-ASCII");
& && &&&byte data1[] = new byte[0x30 + fileBytes.length];
& && &&&System.arraycopy(npd, 0x10, data1, 0, 0x30);
& && &&&System.arraycopy(fileBytes, 0x00, data1, 0x30, fileBytes.length);
& && &&&byte[] hash1 = ToolsImpl.CMAC128(npdrm_omac_key3, data1, 0, data1.length);
& && &&&boolean result1 = compareBytes(hash1, 0, npd, 0x50, 0x10);
& && &&&if (result1) {
& && && && &System.out.println("NPD hash 1 is valid (" + ConversionUtils.getHexString(hash1) + ")");
& && &&&return result1;
& & private boolean checkNPDHash2(byte[] klicensee, byte[] npd) {
& && &&&byte[] xoredKey = new byte[0x10];
& && &&&ToolsImpl.XOR(xoredKey, klicensee, npdrm_omac_key2);
& && &&&byte[] calculated = ToolsImpl.CMAC128(xoredKey, npd, 0, 0x60);
& && &&&boolean result2 = compareBytes(calculated, 0, npd, 0x60, 0x10);
& && &&&if (result2) {
& && && && &System.out.println("NPD hash 2 is valid (" + ConversionUtils.getHexString(calculated) + ")");
& && &&&return result2;
& & }& & private byte[] getKey(NPD npd, EDATData data, byte[] devKLic, byte[] keyFromRif) {
& && &&&byte[] result =
& && &&&if ((data.getFlags() & FLAG_SDAT) != 0) {
& && && && &//Case SDAT
& && && && &result = new byte[0x10];
& && && && &ToolsImpl.XOR(result, npd.getDevHash(), SDATKEY);
& && &&&} else {
& && && && &//Case EDAT
& && && && &if (npd.getLicense() == 0x03) {
& && && && && & result = devKL
& && && && &} else if (npd.getLicense() == 0x02) {
& && && && && & result = keyFromR
& && && && &}
& & private int decryptData(RandomAccessFile in, RandomAccessFile out, NPD npd, EDATData data, byte[] rifkey) throws IOException {
& && &&&int numBlocks = (int) ((data.getFileLen().intValue() + data.getBlockSize() - 1) / data.getBlockSize());
& && &&&int metadataSectionSize = ((data.getFlags() & FLAG_COMPRESSED) != 0 || (data.getFlags() & FLAG_0x20) != 0) ? 0x20 : 0x10;
& && &&&int baseOffset = 0x100; //+ offset (unknown)
& && &&&for (int i = 0; i & numB i++) {
& && && && &in.seek(baseOffset + i * metadataSectionSize);
& && && && &byte[] expectedHash = new byte[0x10];
& && && && &
& && && && &
& && && && &int compressionEndBlock = 0;
& && && && &if ((data.getFlags() & FLAG_COMPRESSED) != 0) {
& && && && && & byte[] metadata = new byte[0x20];
& && && && && & in.readFully(metadata);
& && && && && & byte[] result = decryptMetadataSection(metadata);
& && && && && & offset = ConversionUtils.be64(result, 0).intValue(); // + offset (unknown)
& && && && && & len = Long.valueOf(ConversionUtils.be32(result, 8)).intValue();
& && && && && & compressionEndBlock = Long.valueOf(ConversionUtils.be32(result, 0xC)).intValue();
& && && && && & System.arraycopy(metadata, 0, expectedHash, 0, 0x10);& && && && &
& && && && &} else {
& && && && && & in.readFully(expectedHash);
& && && && && & offset = baseOffset + i * data.getBlockSize() + numBlocks * metadataSectionS
& && && && && & len = Long.valueOf(data.getBlockSize()).intValue();
& && && && && & if (i == numBlocks - 1) {
& && && && && && &&&len = data.getFileLen().mod(BigInteger.valueOf(data.getBlockSize())).intValue();
& && && && && & }
& && && && &}
& && && && &int realLen =
& && && && &len = (len + 0xF) & 0xFFFFFFF0;
& && && && &System.out.printf("Offset: %016X, len: %08X, realLen: %08X, endCompress: %d\r\n", offset, len, realLen,compressionEndBlock);
& && && && &in.seek(offset);
& && && && &byte[] encryptedData = new byte[len];
& && && && &byte[] decryptedData = new byte[len];
& && && && &in.readFully(encryptedData);
& && && && &byte[] key = new byte[0x10];
& && && && &byte[] hash = new byte[0x10];
& && && && &byte[] blockKey = calculateBlockKey(i, npd.getDevHash());
& && && && &ToolsImpl.aesecbEncrypt(rifkey, blockKey, 0, key, 0, blockKey.length);
& && && && &if ((data.getFlags() & FLAG_0x10) != 0) {
& && && && && & ToolsImpl.aesecbEncrypt(rifkey, key, 0, hash, 0, key.length);
& && && && &} else {
& && && && && & System.arraycopy(key, 0, hash, 0, key.length);
& && && && &}
& && && && &int cryptoFlag = ((data.getFlags() & FLAG_0x02) == 0) ? 0x2 : 0x1;
& && && && &int hashF
& && && && &if ((data.getFlags() & FLAG_0x10) == 0) {
& && && && && & hashFlag = 0x02;
& && && && &} else if ((data.getFlags() & FLAG_0x20) == 0) {
& && && && && & hashFlag = 0x04;
& && && && &} else {
& && && && && & hashFlag = 0x01;
& && && && &}
& && && && &if ((data.getFlags() & FLAG_KEYENCRYPTED) != 0) {
& && && && && & cryptoFlag |= 0x;
& && && && && & hashFlag |= 0x;
& && && && &}
& && && && &if ((data.getFlags() & FLAG_DEBUG) != 0) {
& && && && && & cryptoFlag |= 0x;
& && && && && & hashFlag |= 0x;
& && && && &}
& && && && &AppLoader a = new AppLoader();
& && && && &boolean result = a.doAll(hashFlag, cryptoFlag, encryptedData, 0, decryptedData, 0, encryptedData.length, key, npd.getDigest(), hash, expectedHash, 0);
& && && && &if (!result) {
& && && && && & System.out.println("Error decrypting block " + i);
& && && && && & return STATUS_ERROR_DECRYPTING;
& && && && &}
& && && && &if ((data.getFlags() & FLAG_COMPRESSED) != 0) {
& && && && && & //byte[] decompress = new byte[Long.valueOf(data.getBlockSize()).intValue()];
& && && && && & //DECOMPRESS: MISSING ALGORITHM& && && && && &&&
& && && && && & //out.write(decompress, 0, data.getBlockSize());
& && && && &} else {
& && && && && & out.write(decryptedData, 0, realLen);
& && && && &}
& && &&&return STATUS_OK;
& & private byte[] calculateBlockKey(int blk, byte[] baseKey) {
& && &&&byte[] result = new byte[0x10];
& && &&&System.arraycopy(baseKey, 0, result, 0, 0xC);
& && &&&result[0xC] = (byte) (blk && 24 & 0xFF);
& && &&&result[0xD] = (byte) (blk && 16 & 0xFF);
& && &&&result[0xE] = (byte) (blk && 8 & 0xFF);
& && &&&result[0xF] = (byte) (blk & 0xFF);
& & class AppLoader {
& && &&&private D
& && &&&private H
& && &&&public boolean doAll(int hashFlag, int cryptoFlag, byte[] in, int inOffset, byte[] out, int outOffset, int len, byte[] key, byte[] iv, byte[] hash, byte[] expectedHash, int hashOffset) {
& && && && &doInit(hashFlag, cryptoFlag, key, iv, hash);
& && && && &doUpdate(in, inOffset, out, outOffset, len);
& && && && &return doFinal(expectedHash, hashOffset);
& && &&&public void doInit(int hashFlag, int cryptoFlag, byte[] key, byte[] iv, byte[] hashKey) {
& && && && &byte[] calculatedKey = new byte[key.length];
& && && && &byte[] calculatedIV = new byte[iv.length];
& && && && &byte[] calculatedHash = new byte[hashKey.length];
& && && && &getCryptoKeys(cryptoFlag, calculatedKey, calculatedIV, key, iv);
& && && && &getHashKeys(hashFlag, calculatedHash, hashKey);
& && && && &setDecryptor(cryptoFlag);
& && && && &setHash(hashFlag);
& && && && &System.out.println("ERK:&&" + ConversionUtils.getHexString(calculatedKey));
& && && && &System.out.println("IV:& &" + ConversionUtils.getHexString(calculatedIV));
& && && && &System.out.println("HASH: " + ConversionUtils.getHexString(calculatedHash));
& && && && &dec.doInit(calculatedKey, calculatedIV);
& && && && &hash.doInit(calculatedHash);
& && &&&public void doUpdate(byte[] in, int inOffset, byte[] out, int outOffset, int len) {
& && && && &hash.doUpdate(in, inOffset, len);
& && && && &dec.doUpdate(in, inOffset, out, outOffset, len);
& && &&&public boolean doFinal(byte[] expectedhash, int hashOffset) {
& && && && &return hash.doFinal(expectedhash, hashOffset);
& && &&&private void getCryptoKeys(int cryptoFlag, byte[] calculatedKey, byte[] calculatedIV, byte[] key, byte[] iv) {
& && && && &int mode = cryptoFlag & 0xF0000000;
& && && && &switch (mode) {
& && && && && & case 0x:
& && && && && && &&&ToolsImpl.aescbcDecrypt(EDATKEY, EDATIV, key, 0, calculatedKey, 0, calculatedKey.length);
& && && && && && &&&System.arraycopy(iv, 0, calculatedIV, 0, calculatedIV.length);
& && && && && && &&&System.out.println("MODE: Encrypted ERK");
& && && && && && &&&
& && && && && & case 0x:
& && && && && && &&&System.arraycopy(EDATKEY, 0, calculatedKey, 0, calculatedKey.length);
& && && && && && &&&System.arraycopy(EDATIV, 0, calculatedIV, 0, calculatedIV.length);
& && && && && && &&&System.out.println("MODE: Default ERK");
& && && && && && &&&
& && && && && & case 0x:
& && && && && && &&&System.arraycopy(key, 0, calculatedKey, 0, calculatedKey.length);
& && && && && && &&&System.arraycopy(iv, 0, calculatedIV, 0, calculatedIV.length);
& && && && && && &&&System.out.println("MODE: Unencrypted ERK");
& && && && && && &&&
& && && && && & default:
& && && && && && &&&throw new IllegalStateException("Crypto mode is not valid: Undefined keys calculator");
& && && && &}
& && &&&private void getHashKeys(int hashFlag, byte[] calculatedHash, byte[] hash) {
& && && && &int mode = hashFlag & 0xF0000000;
& && && && &switch (mode) {
& && && && && & case 0x:
& && && && && && &&&ToolsImpl.aescbcDecrypt(EDATKEY, EDATIV, hash, 0, calculatedHash, 0, calculatedHash.length);
& && && && && && &&&System.out.println("MODE: Encrypted HASHKEY");
& && && && && && &&&
& && && && && & case 0x:
& && && && && && &&&System.arraycopy(EDATHASH, 0, calculatedHash, 0, calculatedHash.length);
& && && && && && &&&System.out.println("MODE: Default HASHKEY");
& && && && && && &&&
& && && && && & case 0x:
& && && && && && &&&System.arraycopy(hash, 0, calculatedHash, 0, calculatedHash.length);
& && && && && && &&&System.out.println("MODE: Unencrypted HASHKEY");
& && && && && && &&&
& && && && && & default:
& && && && && && &&&throw new IllegalStateException("Hash mode is not valid: Undefined keys calculator");
& && && && &}
& && &&&private void setDecryptor(int cryptoFlag) {
& && && && &int aux = cryptoFlag & 0xFF;
& && && && &switch (aux) {
& && && && && & case 0x01:
& && && && && && &&&dec = new NoCrypt();
& && && && && && &&&System.out.println("MODE: Decryption Algorithm NONE");
& && && && && && &&&
& && && && && & case 0x02:
& && && && && && &&&dec = new AESCBC128Decrypt();
& && && && && && &&&System.out.println("MODE: Decryption Algorithm AESCBC128");
& && && && && && &&&
& && && && && & default:
& && && && && && &&&throw new IllegalStateException("Crypto mode is not valid: Undefined decryptor");
& && && && &}
& && &&&private void setHash(int hashFlag) {
& && && && &int aux = hashFlag & 0xFF;
& && && && &switch (aux) {
& && && && && & case 0x01:
& && && && && && &&&hash = new HMAC();
& && && && && && &&&hash.setHashLen(0x14);
& && && && && && &&&System.out.println("MODE: Hash HMAC Len 0x14");
& && && && && && &&&
& && && && && & case 0x02:
& && && && && && &&&hash = new CMAC();
& && && && && && &&&hash.setHashLen(0x10);
& && && && && && &&&System.out.println("MODE: Hash CMAC Len 0x10");
& && && && && && &&&
& && && && && & case 0x04:
& && && && && && &&&hash = new HMAC();
& && && && && && &&&hash.setHashLen(0x10);
& && && && && && &&&System.out.println("MODE: Hash HMAC Len 0x10");
& && && && && && &&&
& && && && && & default:
& && && && && && &&&throw new IllegalStateException("Hash mode is not valid: Undefined hash algorithm");
& && && && &}
& && &&&abstract class Decryptor {
& && && && &public abstract void doInit(byte[] key, byte[] iv);
& && && && &public abstract void doUpdate(byte[] in, int inOffset, byte[] out, int outOffset, int len);
& && &&&class NoCrypt extends Decryptor {
& && && && &@Override
& && && && &public void doInit(byte[] key, byte[] iv) {
& && && && && & //Do nothing
& && && && &}
& && && && &@Override
& && && && &public void doUpdate(byte[] in, int inOffset, byte[] out, int outOffset, int len) {
& && && && && & System.arraycopy(in, inOffset, out, outOffset, len);
& && && && &}
& && &&&class AESCBC128Decrypt extends Decryptor {
& && && && &C
& && && && &@Override
& && && && &public void doInit(byte[] key, byte[] iv) {
& && && && && & try {
& && && && && && &&&SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
& && && && && && &&&c = Cipher.getInstance("AES/CBC/NoPadding");
& && && && && && &&&AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
& && && && && && &&&c.init(Cipher.DECRYPT_MODE, skeySpec, paramSpec);
& && && && && & } catch (InvalidKeyException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & } catch (InvalidAlgorithmParameterException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & } catch (NoSuchAlgorithmException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & } catch (NoSuchPaddingException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doUpdate(byte[] in, int inOffset, byte[] out, int outOffset, int len) {
& && && && && & try {
& && && && && && &&&c.update(in, inOffset, len, out, outOffset);
& && && && && & } catch (ShortBufferException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & }
& && && && &}
& && &&&abstract class Hash {
& && && && &public abstract void setHashLen(int len);
& && && && &public abstract void doInit(byte[] key);
& && && && &public abstract void doUpdate(byte[] in, int inOffset, int len);
& && && && &public abstract boolean doFinal(byte[] expectedhash, int hashOffset);
& && &&&class HMAC extends Hash {
& && && && &private int hashL
& && && && &private M
& && && && &@Override
& && && && &public void setHashLen(int len) {
& && && && && & if (len == 0x10 || len == 0x14) {
& && && && && && &&&hashLen =
& && && && && & } else {
& && && && && && &&&throw new IllegalArgumentException("Hash len must be 0x10 or 0x14");
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doInit(byte[] key) {
& && && && && & try {
& && && && && && &&&SecretKeySpec skeySpec = new SecretKeySpec(key, "HmacSHA1");
& && && && && && &&&mac = Mac.getInstance("HmacSHA1");
& && && && && && &&&mac.init(skeySpec);
& && && && && & } catch (InvalidKeyException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & } catch (NoSuchAlgorithmException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doUpdate(byte[] in, int inOffset, int len) {
& && && && && & mac.update(in, inOffset, len);
& && && && &}
& && && && &@Override
& && && && &public boolean doFinal(byte[] expectedhash, int hashOffset) {
& && && && && & byte[] result = mac.doFinal();
& && && && && & return compareBytes(result, 0, expectedhash, hashOffset, hashLen);
& && && && &}
& && &&&class CMAC extends Hash {
& && && && &int hashL
& && && && &byte[]
& && && && &byte[] K1;
& && && && &byte[] K2;
& && && && &byte[] nonP
& && && && &byte[]
& && && && &public CMAC() {
& && && && && & hashLen = 0x10;
& && && && &}
& && && && &@Override
& && && && &public void setHashLen(int len) {
& && && && && & if (len == 0x10) {
& && && && && && &&&hashLen =
& && && && && & } else {
& && && && && && &&&throw new IllegalArgumentException("Hash len must be 0x10");
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doInit(byte[] key) {
& && && && && & this.key =
& && && && && & K1 = new byte[0x10];
& && && && && & K2 = new byte[0x10];
& && && && && & calculateSubkey(key, K1, K2);
& && && && && & nonProcessed =
& && && && && & previous = new byte[0x10];
& && && && &}
& && && && &private void calculateSubkey(byte[] key, byte[] K1, byte[] K2) {
& && && && && & byte[] zero = new byte[0x10];
& && && && && & byte[] L = new byte[0x10];
& && && && && & ToolsImpl.aesecbEncrypt(key, zero, 0, L, 0, zero.length);
& && && && && & BigInteger aux = new BigInteger(1, L);
& && && && && & if ((L[0] & 0x80) != 0) {
& && && && && && &&&//Case MSB is set
& && && && && && &&&aux = aux.shiftLeft(1).xor(BigInteger.valueOf(0x87));
& && && && && & } else {
& && && && && && &&&aux = aux.shiftLeft(1);
& && && && && & }
& && && && && & byte[] aux1 = aux.toByteArray();
& && && && && & if (aux1.length &= 0x10) {
& && && && && && &&&System.arraycopy(aux1, aux1.length - 0x10, K1, 0, 0x10);
& && && && && & } else {
& && && && && && &&&System.arraycopy(zero, 0, K1, 0, zero.length);
& && && && && && &&&System.arraycopy(aux1, 0, K1, 0x10 - aux1.length, aux1.length);
& && && && && & }
& && && && && & aux = new BigInteger(1, K1);
& && && && && & if ((K1[0] & 0x80) != 0) {
& && && && && && &&&aux = aux.shiftLeft(1).xor(BigInteger.valueOf(0x87));
& && && && && & } else {
& && && && && && &&&aux = aux.shiftLeft(1);
& && && && && & }
& && && && && & aux1 = aux.toByteArray();
& && && && && & if (aux1.length &= 0x10) {
& && && && && && &&&System.arraycopy(aux1, aux1.length - 0x10, K2, 0, 0x10);
& && && && && & } else {
& && && && && && &&&System.arraycopy(zero, 0, K2, 0, zero.length);
& && && && && && &&&System.arraycopy(aux1, 0, K2, 0x10 - aux1.length, aux1.length);
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doUpdate(byte[] in, int inOffset, int len) {
& && && && && & byte[]
& && && && && & if (nonProcessed != null) {
& && && && && && &&&int totalLen = len + nonProcessed.
& && && && && && &&&data = new byte[totalLen];
& && && && && && &&&System.arraycopy(nonProcessed, 0, data, 0, nonProcessed.length);
& && && && && && &&&System.arraycopy(in, inOffset, data, nonProcessed.length, len);
& && && && && & } else {
& && && && && && &&&data = new byte[len];
& && && && && && &&&System.arraycopy(in, inOffset, data, 0, len);
& && && && && & }
& && && && && & int count = 0;
& && && && && & while (count & data.length - 0x10) {
& && && && && && &&&byte[] aux = new byte[0x10];
& && && && && && &&&System.arraycopy(data, count, aux, 0, aux.length);
& && && && && && &&&ToolsImpl.XOR(aux, aux, previous);
& && && && && && &&&ToolsImpl.aesecbEncrypt(key, aux, 0, previous, 0, aux.length);
& && && && && && &&&count += 0x10;
& && && && && & }
& && && && && & nonProcessed = new byte[data.length - count];
& && && && && & System.arraycopy(data, count, nonProcessed, 0, nonProcessed.length);
& && && && &}
& && && && &@Override
& && && && &public boolean doFinal(byte[] expectedhash, int hashOffset) {
& && && && && & byte[] aux = new byte[0x10];
& && && && && & System.arraycopy(nonProcessed, 0, aux, 0, nonProcessed.length);
& && && && && & if (nonProcessed.length == 0x10) {
& && && && && && &&&ToolsImpl.XOR(aux, aux, K1);
& && && && && & } else {
& && && && && && &&&aux[nonProcessed.length] = (byte) 0x80;
& && && && && && &&&ToolsImpl.XOR(aux, aux, K2);
& && && && && & }
& && && && && & ToolsImpl.XOR(aux, aux, previous);
& && && && && & byte[] calculatedhash = new byte[0x10];
& && && && && & ToolsImpl.aesecbEncrypt(key, aux, 0, calculatedhash, 0, aux.length);
& && && && && & return compareBytes(expectedhash, hashOffset, calculatedhash, 0, hashLen);
& && && && &}
About compression: Instead of having metadatasections of 0x10 byes the new section is 0x20 bytes long.
struct compressMetadataSection {
& & & & uint8_t hash[0x10];
& & & & uint64_t fileO
& & & & uint32_
& & & & uint32_t isEndOfC& &
The obtain bytes 0x10-01F xor of data is used.
You probably forgot to decrypt the key. The result of syscall471 must be decrypted using EDATKEY and RIVKEY.
To make free files:
o& & & & Create a memory image of the file.
o& & & & Decrypt the data, so you have a memory copy of the file decrypted (for compressed no need to decompress)
o& & & & Modify NPD to make if free (0x03 instead of 0x02). Recalculate hashes using devlikc (that why we need it).
o& & & & Recrypt each block using the devklic as base to calculate blocks keys (wich will then be transformed again as does the appldr for that type).
o& & & & Once recrypted, recalculate the hashes of the sections so they matched the new value for the encrypted data.
o& & & & If compressed recalculate the offset and len on the metadatasection
o& & & & Using the new metadatasection recalculate data 0x90-0x9F.
o& & & & Using the new NPD header + new metadatasectionHash calculate hash and place it at 0xA0-0xAF.
o& & & & Write file to disk (Remember, that file is function of filename, you must overwrite (not recommend while testing) or remember to rename it properly).
The code I posted already implements SDAT. You just need the SDATKEY. The SHA1 is ED2A01}
骑士, 积分 2899, 距离下一级还需 101 积分
精华0帖子威望0 点积分2899 点注册时间最后登录
这里说的水王,并不是单指发帖的频率和密度,比如N神吧,他发帖频率很高,但N神并不是仅仅灌水而已,很多帖子表明,他对很多游戏(日式居多,我感觉)还是颇有研究的。
这里说的水王,大概指的是发帖纯水的那种。。。频率和密度不见得占多大权重,我个人认为,占30%最多了。而真正意义上的“水”字,体现的最淋漓尽致的人,才是咱们A9当之无愧的水王!!!!
请大家一定要客观投票!
单选投票, 共有 102 人参与投票
1. &辉煌的右手
93.14% (95)
您所在的用户组没有投票权限
终结者, 积分 9627, 距离下一级还需 2373 积分
精华0帖子威望0 点积分9627 点注册时间最后登录
不知道怎么回事,不过好像很厉害的样子···
我是个变态
噬魂者, 积分 75548, 距离下一级还需 24452 积分
精华0帖子威望0 点积分75548 点注册时间最后登录
不是有一个人就叫水王吗
很有名的& &大家都知道他& & 头像即本人
我踏月色而来
终结者, 积分 9624, 距离下一级还需 2376 积分
精华0帖子威望0 点积分9624 点注册时间最后登录
不知道,进来看看!!!!!!!!!!!!
↑ 镜中花 ↑
终结者, 积分 11377, 距离下一级还需 623 积分
精华1帖子威望1 点积分11377 点注册时间最后登录
没见过N神清晨刷屏的才敢说N神不水 ╮(╯▽╰)╭
僕は変態じゃないよ!
征服者, 积分 6761, 距离下一级还需 1239 积分
精华1帖子威望1 点积分6761 点注册时间最后登录
舍N其谁………………………………
终结者, 积分 11274, 距离下一级还需 726 积分
精华0帖子威望0 点积分11274 点注册时间最后登录
擦,看成A9女王三选一了!!!!!!!!!!!!!
=w=与日俱帅是不行的
征服者, 积分 6259, 距离下一级还需 1741 积分
精华0帖子威望0 点积分6259 点注册时间最后登录
...虽然经常去PS3区,但是怎么没有在候选区里面看到猴子..
终结者, 积分 11626, 距离下一级还需 374 积分
精华1帖子威望11 点积分11626 点注册时间最后登录
本帖最后由 觉醒美希 于
00:43 编辑
怎么没有超人兄?超人兄可是N神的接班人~~~我提名超人~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
该用户已被禁言
该用户已被禁言
精华0帖子威望0 点积分4006 点注册时间最后登录
右手君是后起之秀,其实还有一个水王忘记较啥了,势头也不必右手君差。N神我居然没有任何印象。。。
Powered by
扫描二维码
下载 A9VG 客户端(iOS, Android)[推荐]搬运一下关于破解SONY PS3-PSN游戏授权国外大神的详细分析含psn游戏
搬运一下关于破解SONY PS3-GAME游戏授权系统国外大神的详细分析含PSN游戏
原帖地址:/forums/ps3-cfw-mfw/psn-games-decrypted-ps3-custom-firmware-3-55-duplex-121017.html
转载:大老
原帖标题:PSN Games Decrypted for PS3 Custom Firmware 3.55 by DUPLEX!
Today PlayStation 3 scene release group DUPLEX, who recently leaked the full PS3 3.40 SDK which was then followed by the PS3 3.60 SDK, have now released a bunch of PSN games decrypted for PS3 Custom Firmware 3.55 and 3.41 users!
Below is one of the PS3 NFO files for Alien.Breed.Impact.PSN.PS3-DUPLEX.nfo from their PlayStation Network game releases along with an ongoing list of NPDRM decrypted titles, as follows:
Release Info: Alien BreedT Impact is an explosive science fiction arcade-shooter that resurrects a much revered franchise with an epic story, swarms of highly intelligent alien enemies, high-impact weapons, highly detailed a all implemented with superb technology in a state-of-the-art gaming experience.
Notes: Since no scene group managed yet, we thought it's time to work on some PSN games to give everyone something to play for CFW 3.55. Fully decrypted .elfs are included as proof and of course for educational purposes&&
1.) copy files to FAT32 USB Key/USB Disk
2.) install game *DUPLEX.*.Install.pkg
3.) install patch *DUPLEX.*.Patch.vX.XX.pkg if any
4.) install crack *DUPLEX.*.Crack.pkg
o& & & & Watchmen.The.End.is.Nigh.Part.2.PSN.PS3-DUPLEX PlayStation
o& & & & Watchmen.The.End.is.Nigh.Part.1.PSN.PS3-DUPLEX PlayStation
o& & & & UNO.PSN.PS3-DUPLEX PlayStation
o& & & & Super.Stardust.HD.PSN.PS3-DUPLEX PlayStation
o& & & & Sonic.The.Hedgehog.4.Episode.1.PSN.PS3-DUPLEX PlayStation
o& & & & Puzzelgeddon.PSN.PS3-DUPLEX PlayStation
o& & & & Plants.vs.Zombies.PSN.PS3-DUPLEX PlayStation
o& & & & PixelJunk.Monsters.PSN.PS3-DUPLEX PlayStation
o& & & & Limbo.PSN.PS3-DUPLEX PlayStation
o& & & & Spare.Parts.PSN.PS3-DUPLEX PlayStation
o& & & & Ricochet.HD.PSN.PS3-DUPLEX PlayStation
o& & & & Galaga.Legions.DX.PSN.PS3-DUPLEX PlayStation
o& & & & Savage.Moon.PSN.PS3-DUPLEX PSP
o& & & & Dream.Chronicles.PSN.PS3-DUPLEX PSP
o& & & & Deadliest.Warrior.The.Game.PSN.PS3-DUPLEX PlayStation
o& & & & Marvel.vs.Capcom.2.PSN.PS3-DUPLEX PlayStation
o& & & & Earthworm.Jim.HD.PSN.PS3-DUPLEX PlayStation
o& & & & Deadliest.Warrior.Legends.PSN.PS3-DUPLEX PlayStation
o& & & & PacMan.Championship.Edition.DX.PSN.PS3-DUPLEX PlayStation
o& & & & Critter.Crunch.PSN.PS3-DUPLEX PlayStation
o& & & & Costume.Quest.PSN.PS3-DUPLEX PlayStation
o& & & & Castle.Crashers.PSN.PS3-DUPLEX PlayStation
o& & & & Bomberman.Ultra.PSN.PS3-DUPLEX PlayStation
o& & & & BloodRayne.Betrayal.PSN.PS3-DUPLEX PlayStation
o& & & & Blast.Factor.PSN.PS3-DUPLEX PlayStation
o& & & & Beyond.Good.and.Evil.HD.PSN.PS3-DUPLEX PlayStation
o& & & & Bejeweled.2.PSN.PS3-DUPLEX PlayStation
o& & & & Alien.Breed.3.Descent.PSN.PS3-DUPLEX PlayStation
o& & & & Alien.Breed.2.Assault.PSN.PS3-DUPLEX PlayStation
o& & & & Alien.Breed.Impact.PSN.PS3-DUPLEX PlayStation
Lets hope for more coming, and feel free to post links to free file-sharing sites for the modded PKG files to download below! Here are some of the initial download links courtesy of /showpost.php?p=431716&postcount=1:
IF YOU ALREADY HAD A DEMO OF ANY OF THOSE GAMES, or LOST THE ACTIVATION/LICENSE, Just delete the installed PSN game first (your savegame should be intact) and reinstall the Duplex version as a clean install. Should work!
PS: the .elf file is useless. Delete it if you want! It's only for those who want to understand how it works.
Limbo PSN PS3-DUPLEX
Size: 98 MB
/file/kBva9Q...PS3-DUPLEX.rar
/f/MuUT9u/L...PS3-DUPLEX.rar
/file/221159...PS3-DUPLEX.rar
Castle.Crashers.PSN.PS3-DUPLEX
Size: 161 MB
/f/JVftbP/Castl...PS3-DUPLEX.rar
/file/wXtzN6g/Ca...PS3-DUPLEX.rar
/files/a9i2wl...PS3-DUPLEX.rar
/file/221128...PS3-DUPLEX.rar
/file//Ca...PS3-DUPLEX.rar
Costume.Quest.PSN.PS3-DUPLEX
Size: 406 MB
/f/ccsGQj/Costu...PS3-DUPLEX.rar
/file/PK7Xndc/Co...PS3-DUPLEX.rar
/files/b0yfpo...PS3-DUPLEX.rar
/file/221131...PS3-DUPLEX.rar
/file//Co...PS3-DUPLEX.rar
Beyond.Good.and.Evil.HD.PSN.PS3-DUPLEX
Size: 1514 MB
/f/Pb4M6g/Beyon...PLEX.part1.rar
/f/sZbaJj/Beyon...PLEX.part2.rar
/file/ZpjajKV/Be...PLEX.part1.rar
/file/dxVWkzF/Be...PLEX.part2.rar
/files/ak9x4r...PLEX.part1.rar
/files/5lq3k3...PLEX.part2.rar
/file/221122...PLEX.part1.rar
/file/221122...PLEX.part2.rar
/file/Tt9Wv4...PLEX.part1.rar
/file/YQbYzr...PLEX.part2.rar
/file/...PLEX.part1.rar
/file/...PLEX.part2.rar
Ricochet.HD.PSN.PS3-DUPLEX
Size: 337 MB
/file/NCmeZc4/Ri...PS3-DUPLEX.rar
/files/pz22qi...PS3-DUPLEX.rar
/file/221149...PS3-DUPLEX.rar
/file//Ri...PS3-DUPLEX.rar
Plants.vs.Zombies.PSN.PS3-DUPLEX
Size: 109 MB
/f/bCpPj6/Plant...PS3-DUPLEX.rar
/file/ScaJMhv/Pl...PS3-DUPLEX.rar
/files/6n1hpa...PS3-DUPLEX.rar
/file/221221...PS3-DUPLEX.rar
/file//Pl...PS3-DUPLEX.rar
Galaga.Legions.DX.PSN.PS3-DUPLEX
Size: 136 MB
/file/qsjjvDD/Ga...PS3-DUPLEX.rar
/files/lk15td...PS3-DUPLEX.rar
/file/221146...PS3-DUPLEX.rar
Dream.Chronicles.PSN.PS3-DUPLEX
Size: 148 MB
/file/P9kRqrN/Dr...PS3-DUPLEX.rar
/files/vs91qj...PS3-DUPLEX.rar
/file/221141...PS3-DUPLEX.rar
Deadliest.Warrior.The.Game.PSN.PS3-DUPLEX
Size: 1075 MB
/f/cmuvVj/Deadl...PLEX.part1.rar
/f/se3jQM/Deadl...PLEX.part2.rar
/file/AyGCMvZ/De...PLEX.part1.rar
/file/F3vMz2B/De...PLEX.part2.rar
/files/jvpdrq...PLEX.part1.rar
/files/o6s8ts...PLEX.part2.rar
/file/221146...PLEX.part1.rar
/file/221140...PLEX.part2.rar
Deadliest.Warrior.Legends.PSN.PS3-DUPLEX
Size: 1717 MB
/f/xV6h35/Deadl...PLEX.part1.rar
/f/6YKM7N/Deadl...PLEX.part2.rar
/file/5zgx3Vb/De...PLEX.part1.rar
/file/mnGj9R7/De...PLEX.part2.rar
/files/ayrjcn...PLEX.part1.rar
/files/bltgvi...PLEX.part2.rar
/file/221190...PLEX.part1.rar
/file/221141...PLEX.part2.rar
Marvel.vs.Capcom.2.PSN.PS3-DUPLEX
Size: 203 MB
/f/hmmfpF/Marve...PS3-DUPLEX.rar
/file/8knJ5Km/Ma...PS3-DUPLEX.rar
/files/sn51bi...PS3-DUPLEX.rar
/file/221139...PS3-DUPLEX.rar
Earthworm.Jim.HD.PSN.PS3-DUPLEX
Size: 240 MB
/f/2qK7CV/Earth...PS3-DUPLEX.rar
/file/QMQ6bfB/Ea...PS3-DUPLEX.rar
/files/cekos5...PS3-DUPLEX.rar
/file/221136...PS3-DUPLEX.rar
/file//Ea...PS3-DUPLEX.rar
PacMan.Championship.Edition.DX.PSN.PS3-DUPLEX
Size: 251 MB
/f/nUyPqP/PacMa...PS3-DUPLEX.rar
/file/47pbxyu/Pa...PS3-DUPLEX.rar
/files/v9eofj...PS3-DUPLEX.rar
/file/221136...PS3-DUPLEX.rar
/file//Pa...PS3-DUPLEX.rar
Critter.Crunch.PSN.PS3-DUPLEX
Size: 447 MB
/f/fmseG2/Critt...PS3-DUPLEX.rar
/file/6pYWH9D/Cr...PS3-DUPLEX.rar
/files/wbmu1b...PS3-DUPLEX.rar
Bomberman.Ultra.PSN.PS3-DUPLEX
Size: 72 MB
/f/f7PcMs/Bombe...PS3-DUPLEX.rar
/file/xRaVtp4/Bo...PS3-DUPLEX.rar
/files/vq1ok0...PS3-DUPLEX.rar
/file/221127...PS3-DUPLEX.rar
/file//Bo...Ultra.PSN.PS3-
DUPLEX.rar
BloodRayne.Betrayal.PSN.PS3-DUPLEX
Size: 972 MB
/f/FrxvX3/Blood...PS3-DUPLEX.rar
/file/xWKUSgv/Bl...PS3-DUPLEX.rar
/files/kshfnn...PS3-DUPLEX.rar
/file/221122...PS3-DUPLEX.rar
/file/221121...PS3-DUPLEX.rar
/file/T4SD7Tq
Alien.Breed.3.Descent.PSN.PS3-DUPLEX
Size: 1701 MB
/f/JjDYSp/Alien...PLEX.part1.rar
/f/zy4rKV/Alien...PLEX.part2.rar
/file/v2JejjJ/Al...PLEX.part1.rar
/file/UkSDcE8/Al...PLEX.part2.rar
/files/fhxxzb...PLEX.part1.rar
/files/o5mpmq...PLEX.part2.rar
Blast.Factor.PSN.PS3-DUPLEX
Size: 276 MB
/f/AN76Wm/Blast...PS3-DUPLEX.rar
/file/y3hzgXQ/Bl...PS3-DUPLEX.rar
/files/ilgk72...PS3-DUPLEX.rar
/file/221115...PS3-DUPLEX.rar
Bejeweled.2.PSN.PS3-DUPLEX
Size: 49 MB
/f/z8mJjy/Bejew...PS3-DUPLEX.rar
/file/wtQ92vP/Be...PS3-DUPLEX.rar
/files/gax1h7...PS3-DUPLEX.rar
/file/221111...PS3-DUPLEX.rar
/file//Be...PS3-DUPLEX.rar
Alien.Breed.Impact.PSN.PS3-DUPLEX
Size: 1199 MB
/f/QWy4x2/Alien...PLEX.part1.rar
/f/yXTu5J/Alien...PLEX.part2.rar
/file/fq8zZve/Al...PLEX.part1.rar
/file/vUJBDDR/Al...PLEX.part2.rar
/files/dja340...PLEX.part1.rar
/files/me8c1d...PLEX.part2.rar
/file/221134...PLEX.part1.rar
/file/221113...PLEX.part2.rar
Alien.Breed.2.Assault.PSN.PS3-DUPLEX
Size: 1382 MB
/f/e5pta2/Alien...PLEX.part1.rar
/f/BzV8Rr/Alien...PLEX.part2.rar
/file/CpbdGys/Al...PLEX.part1.rar
/file/sNw5DAr/Al...PLEX.part2.rar
/files/25ihhc...PLEX.part1.rar
/files/oxpy21...PLEX.part2.rar
Spare.Parts.PSN.PS3-DUPLEX
Size: 1153 MB
/f/R9AZGX/Spare...PLEX.part1.rar
/f/hKbZnj/Spare...PLEX.part2.rar
/file/WjuZkX3/Sp...PLEX.part1.rar
/file/VNytxzW/Sp...PLEX.part2.rar
/files/z3txri...PLEX.part1.rar
/files/0ij459...PLEX.part2.rar
Puzzelgeddon.PSN.PS3-DUPLEX
Size: 180 MB
/f/T2fwqz/Puzze...PS3-DUPLEX.rar
/file/uxJk9wM/Pu...PS3-DUPLEX.rar
/files/q3rm3i...PS3-DUPLEX.rar
UNO.PSN.PS3-DUPLEX
Size: 262 MB
/f/U97GHj/UNO.PSN.PS3-DUPLEX.rar
/file/Jax2tcx/UN...PS3-DUPLEX.rar
/files/rk515c...PS3-DUPLEX.rar
/file/221156...PS3-DUPLEX.rar
/file//UN...PS3-DUPLEX.rar
Super.Stardust.HD.PSN.PS3-DUPLEX
Size: 520 MB
/f/GrdETy/Super...PS3-DUPLEX.rar
/file/SR5JYK5/Su...PS3-DUPLEX.rar
/files/7za9l1...PS3-DUPLEX.rar
/file//Su...PS3-DUPLEX.rar
Sonic.The.Hedgehog.4.Episode.1.PSN.PS3-DUPLEX
Size: 204 MB
/f/Qwb9UP/Sonic...PS3-DUPLEX.rar
/file/3w2aqVR/So...PS3-DUPLEX.rar
/files/q6ony1...PS3-DUPLEX.rar
/file//So...PS3-DUPLEX.rar
Savage.Moon.PSN.PS3-DUPLEX
Size: 567 MB
/f/EdqDvg/Savag...PS3-DUPLEX.rar
/file/Yc2XAZj/Sa...PS3-DUPLEX.rar
/files/2hva00...PS3-DUPLEX.rar
Watchmen.The.End.is.Nigh.Part.1.PSN.PS3-DUPLEX
Size: 1286 MB
/f/sXfVCn/Watch...PLEX.part1.rar
/f/3FfmhZ/Watch...PLEX.part2.rar
/file/gQ97h22/Wa...PLEX.part1.rar
/file/MKTmGxK/Wa...PLEX.part2.rar
/files/yaqxu6...PLEX.part1.rar
/files/3wadnd...PLEX.part2.rar
/file/221159...PLEX.part2.rar
/file//Wa...PLEX.part1.rar
/file//Wa...PLEX.part2.rar
Watchmen.The.End.is.Nigh.Part.2.PSN.PS3-DUPLEX
Size: 830 MB
/f/X49vgc/Watch...PS3-DUPLEX.rar
/file/AN2rETm/Wa...PS3-DUPLEX.rar
/files/axdbyp...PS3-DUPLEX.rar
/file/221265...PS3-DUPLEX.rar
From JuanNadie aka John Doe comes details on the PlayStation 3 NPDRM Self Algorithm below, as follows:
PS3 NPDRM Self Algorithm
THIS DOES NOT ALLOW TO OBTAIN 3.60+ keys, nor piracy as you require the rif, act.dat and IDPS.
On NPDRM self decryption all the security levels of the PS3 are involved: user space (vsh), kernel space(lv2), hypervisor( lv1) and isolated SPU (metldr + appldr)
The process start on vsh.elf...
Once the vsh detects that user is trying to start a self, it looks for the appinfo header type. If the type is 8, then the control digest element type 3 (NPD element) is located. From this NPD header the vsh gets the license type (free, local or network license).
If a free content(type 3) is detected then a generic klicense will be use for further steps (go to LV2). That klicensee is already public (see geohot npdrm_omac_key_1).
npdrm_omac_key1 : 72FCFFE4C128387 # ps3publictools/include/oddkeys.h
npdrm_omac_key2 : 6BA52976EFDA16EF3C339FBB # ...
npdrm_omac_key3 : 9B515FEACF4D91A54E97 # ...
However if a paid content is to be loaded the vsh loads the act.dat and the rif associated to the content (if local it will locate a file with the same titleid on NPD element, if remote it will download to vsh process memory)
Then the signature is checked (last 0x28 bytes of both RIF and act.dat). The curves used are on vsh.self. It is a 3 element table, having the first curve nulled. The curve index for rif/act is 2. The curve values are negated as in the apploader and has the following structure:
struct curve {
uint8_t p[0x14];
uint8_t a[0x14];
uint8_t b[0x14];
uint8_t N[0x14];
uint8_t Gx[0x14];
uint8_t Gy[0x14];
If the curve checks then vsh will process the rif:
struct rif {
uint8_t unk1[0x10]; //version, license type and user number
uint8_t titleid[0x30]; //Content ID
uint8 padding[0xC]; //Padding for randomness
uint32_t actDatI //Key index on act.dat between 0x00 and 0x7F
uint8 key[0x10]; //encrypted klicensee
uint64_t unk2; //timestamp??
uint64_t unk3; //Always 0
uint8_t rs[0x28];
struct ACTDAT {
uint8_t unk1[0x10]; //Version, User number
uint8_t keyTable[0x800]; //Key Table
uint8_t signature[0x28];
Using the RIF_KEY it will obtain the actdatIndex:
AES_KEY rifK
int result = AES_set_decrypt_key(RIF_KEY, 0x80, &rifKey);
AES_decrypt(&rif-&padding, &rif-&padding, &rifKey);
And finally having the actDat key index the execution pass to LV2 syscall 471
Lv2 is accessed using syscall471 which haves the following syntax:
int syscall_471(uint32_t type, char* titleID, void* klicensee, uint8_t* actdat, uint8_t* rif, int32_t licenseType, uint8_t* magicVersion);
The function has different parameters depending if the content is debug, free or paid:
FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
The lv2 keeps a memory table with contentID and the associated key. When it receives a free content (r5 is not null) then copies the titleID and the klicensee to the table. For a paid content the rif.key is converted to the klicensee using:
AES_KEY IDPSKey, ConstKey, ActDatK
uint8_t encrConst[0x10];
uint8_t decryptedActDat[0x10];
uint8_t klicensee[0x10];
int result = AES_set_encrypt_key(&IDPSVariation, 0x80, &IDPSKey);
AES_encrypt(&CONSTACTDAT, &encrConst, &IDPSKey);
result = AES_set_decrypt_key(&encrConst,0x80,&ConstKey);
AES_decrypt(actDat,&decryptedActDat,&ConstKey);
result = AES_set_decrypt_key(&decryptedActDat,0x80,&ActDatK ey);
AES_decrypt(rif,&klicensee,&ActDatKey);
where CONSTACTDAT is a constant value on lv2, IDPSVaritaion appears to be IDPS (not checked but DRM_Manager_initialize (see graf_chokolo's "bible") to something with the same structure), actdat are the 0x10bytes selected by rif keyIndex, and rif is rif.key (bytes 0x50-0x5f).
Once transformed it is stored on memory table... I haven't check further steps on vsh nor lv2 so perhaps there are further transformations on the paid case (NOT FOR THE FREE AS I HAVE DECRYPTED THOSE) so we are jumping directly to the appldr
As you can see from graf_chokolo payloads a parameter is passed on spu_args.field60. That parameter is the previously stored klicensee.
However this key must be transformed (again) even for the free case. The transformation is:
uint8_t decryptedKLicensee[0x10]
AES_KEY KLicenseeKey
int result = AES_set_decrypt_key(&KLicenseeDecryptKey,0x80,&KLI CENSEEKEY);
AES_decrypt(klicensee,&decryptedKLicensee,&KLicens eeKey);
EY is another key located inside the apploader and klicensee is the parameter.
Then we can finally remove the NPDRM layer using:
uint8_t iv[0x10];
memset(&iv[0],0,0x10);
int result = AES_set_decrypt_key(&KLicenseeDecryptKey,0x80,&key );
AES_cbc_encrypt(self + self-&metaoffset + 0x20, self + self-&metaoffset + 0x20,0x40,&key,&iv,0);
Once that layer is removed we proceed as normal:
o& & & & Decrypt using AESCBC256 with the NPDRM keys to obtain the metadata keys
o& & & & Decrypt using AESCTR128 the data sha, hmac, iv keys
o& & & & Decrypt the data.
First of all, I want to congratulate Euss of ps3devwiki on finding the klicensee decrypt key and provide a proof of concept of the AppLoder part of the algorithm. /index.php?title=Talk:SELF_File_Format_and_Decrypti on
Download: PS3 AppLDR/NPDRM 0.92-3.31 Rev 0x01 (2.39 KB) / UnSelf2_keys (app-priv-102f and app-priv-356) (168 Bytes) by RikuKH3
KLicenseeDecryptKey is located in appldr twice, e.g.
&&Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
&&&&00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&&&&00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&&Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
&&00018EB0&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&&0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&00018ED0&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&&0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&& 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&& 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&& 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
&&&&F2 FB CA 7A 75 B0 4E DC 13 90 63 8C CD FD D1 EE&&ò??zu°N?..cOE????
&& 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00&&................
Now you have the tools to decrypt all free executable content. Euss they key is not duplicated... there are two cases that lead to the same (similar to the keys, two cases so two repeated tables).
Some of you asked what this algorithm is for. It has several use from backing up PSN games so they can be used with/without license (some countries allow backups, but NEVER sharing copyrighted material...) or use game updates on lower firmwares (some updates are NPDRM so they could not be decrypted and downgraded). I don't know if DUPLEX used this method or if they replaced the data with debug versions as some implied...
Also, it can be use is to modify geohot's make_self_npdrm to use non static keys for encoding. I don't know if that would be enough to make a self runnable on 3.56+ firmware. However it is a step on the right direction (I think extra modifications are required). If someone knows which parts of the self is whitelisted it would be an interesting addition to the thread. Sony was publishing 3.55 after 3.56 went online so I really interested to see which part of the SELF was whitelisted.
Others asked for the keys. I can not provide them nor functional code to avoid being sued... Graf and geohot were sued for providing the keys and/or functional code.
However, I can provide a tip on getting the RIF key.... once decrypted bytes 0x40 to 0x4F should be xx xx xx xx xx xx xx xx xx xx xx xx 00 00 00 aa where x is random and aa is a number between 0x00 and 0x7F. It is located on the VSH.elf (remember that PPC64 has 8 byte aligment). That is a plaintext attack + dictionary(vsh). You don't need the curves as you can not sign rif nor act.dat (You can only check that file is valid). And the vsh keys can be easily find... graf chokolo called IDPS as device_id_ptr.... and the CONST is very near on code execution...
To yolbulduran: That is a piracy related question. In addition you have published confidential info, which anyone who does RCE should avoid (I do not have the SDK). The answer is NO. Why?. See this code:
ret = sceNpDrmVerifyUpgradeLicense("FAKE_CONTENT_TO_DETECT_CFW");
if(ret == 0){
banConsole();
print("CFW detected. Game will exit");
ret = sceNpDrmVerifyUpgradeLicense("REAL_CONTENT");
if (ret == 0) {
int fd = openEncryptedContent("REAL_CONTENT.edat",......,keyForFile,sizeof(KeyForFile));
if (fd & 0) {
//Do things
First part is an example of how a developers can easily catch that modification and stop execution making it dangerous (could get a ban!!!). You modification says that the console has access to a fake content, which only CFW will have. When patching code the modification should be done only to the case you want to fix. That modification should go on the executable not on npd libraries. That way we do not patch the first verify but we will patch the second...
The second part is the real reason why it wont work... you REQUIRE the rif for opening the edat. The rif holds the klicensee for both SELF and EDAT. In fact I assume that the klicensee follows the same transformation upto the apploader. That key that you see on the command it is only used to check the HMAC on the NPD element (see geohot make_self_npdrm omac calculations)
For executable the problem is similar as when trying to run another PPU executable the program will finish and ask the vsh to run the other process which will undergo the full decryption algorithm... again you need the rif.
But... what will happen if we decrypt the paid edat/SELF using the rif and then resign and encrypt as a free content before executing the code??? (Assuming we can sign edat)
WE CAN SIGN EXECUTABLES UP TO 3.55 THANKS TO FAIL0VERFLOW'S EPIC FAIL... I think people do not really understands what that means...
From granberro: Congratulations and thanks for sharing JuanNadie. Regarding EDAT files, IMHO their encryption is FW version independent, at least for the free content. I have changed geohot's make_self_npdrm to encrypt elfs using a given keypair rather than the static one.
Using that tool and unself2 I have managed create and install LBP2 updates 1 to 4 on a 3.41 PS3. Those updates contains EDAT files and were decrypted by the game flawlessly.
I don't know if it is ok to post links to those pkgs. The npdrm diff (just) the important stuff is:
+#ifdef NPDRM2
+&&memcpy(&md_header, KEY(keypair), sizeof(md_header));
-----------------
+#ifdef NPDRM2
+&&AES_set_encrypt_key(KEY(erk), 256, &aes_key);
+&&memcpy(iv, KEY(iv), 16);
+&&AES_cbc_encrypt(&output_self_data[metadata_offset], &output_self_data[metadata_offset], 0x40, &aes_key, iv, AES_ENCRYPT);
+&&u8 d_klic[0x10];
+&&AES_set_decrypt_key(KLicenseeDecryptKey, 128, &aes_key);
+&&AES_decrypt(npdrm_omac_key1, d_klic, &aes_key);
+&&AES_set_encrypt_key(d_klic, 128, &aes_key);
+&&memset(iv, 0, sizeof iv);
+&&AES_cbc_encrypt(&output_self_data[metadata_offset], &output_self_data[metadata_offset], 0x40, &aes_key, iv, AES_ENCRYPT);
& &memcpy(&output_self_data[metadata_offset], KEY(keypair_e), sizeof(md_header));
Hope it helps.
From JuanNadie: Actually an EDAT has several keys. One is in the SELF, others are at the rif and others on firmware. That an EDAT works on lower firmware only proves that the firmware has those keys.
BTW I have tricked the PS3 into decrypt an EDAT (Buzz). The procedure involves knowing how the NPD element is used (most of this is already published).
& &struct {
& &&&uint32_
& &&&uint32_t unknown2;
& &&&uint32_ /* 1 network, 2 local, 3 free */
& &&&uint32_ /* 1 exec, 21 update */
& &&&uint8_t content_id[48];
& &&&uint8_t digest[16];
& &&&uint8_t titlefilenameHash[16];
& &&&uint8_t headerHash[16];
& &&&uint64_t unknown3;
& &&&uint64_t unknown4;
The NPD has 3 different hashes:
o& & & & The first (digest) is a hash of the decrypted data. I don't know the algorithm nor if it is checked.
o& & & & The second is a CMAC. The key is npdrm_omac_key3, and the message is the titleID (0x30 bytes) concat to the filename (excluding path and case sensitive),
o& & & & The third is again a CMAC. This time the message is the whole NPD from NPD magic to the second hash both included. The key for SELFs launched from the VSH is npdrm_omac_key1 xored with npdrm_omac_key2
But for the rest (Selfs executed inside a program and EDAT) instead of using npdrm_omac_key1 another key is used. That key is called the klicensee (however as that name is already used I would call it devklic (developer klicensee),
That key is selected randomly by the developer(activision, ea, ubisoft, square...) and it is a parameter used when creating a pkg. So for EDAT the key for the third hash is devklic xored with npdrm_omac_key2.
If we are going to recrypt an EDAT we need that key. There are several procedures to obtain it:
o& & & & Decrypt the SELF and use RCE to get it. We'll need an idc that locates the call. Very slow, tricky, requires large knowledge but always work.
o& & & & Hook the call that opens EDAT. Then we retrieve it on parameter r3. Faster, requires modifying the firmware. Always work
o& & & & Brute force it: Decrypt the self and try every combination of 16 sequential bytes on the file. I obtained using this method the key on Buzz and LBP. It faster than RCE but it does not always work (the key could be in other file or obfuscated).
I repeat we will need that key to encrypt an EDAT.
We SONY uses this key? To avoid the following exploit?:
o& & & & Obtain the devklic.
o& & & & On a PS3 where the EDAT is authorized write a program with t
sceNp....Open(devklic, "PATH_TO_FILE",READ_ONLY,fd,NULL,0);
That will create a file descriptor. The read of it will be on clear... and we can then write it to an output file.
How I think this works? Well, you provide the correct klicense, so the system will validate the NPD and send a request to LV2 to set the decryption key (This would be related to rif for paid or to the devklic if free). Then when reading if the LV2 Will ask the appldr to decrypt it).... Note that seek works so probably the decryption can be made by blocks.
BTW something similar was done on PSP.
How can we use this?
o& & & & First is good to have the plain text of something you0re trying to reverse so for devs it could be useful to reverse EDAT algorithm
o& & & & Second you can replace the original file and patch the EBOOT to not use encryption.
o& & & & Third you can create a debug EDAT and path lv2 to accept debug files.
However IMHO any warez release that uses those tricks should be NUKED as that is not the correct procedure (that would be reencrypt the EDAT as free).
Other things:
o& & & & The first hash of NPD needs to be obtained
o& & & & The first 0x80 encrypted bytes of an EDAT (0x90-0x10F) contains a key for decrypting the rest of the file. I think that key is constant for the rest of the file. Reason: the 2 EDAT I decrypted from Buzz has the same contain... which means hash1 is the same (2 and 3 are different cause the filename is different), but the encrypted content in the metadata section changes. Perhaps a signature but I think there is a different key there (the data also changes)
granberro Buen trabajo. I saw your work at elotrolado allowing the use of non static keys on a NPDRM.
mathieulh thanks for the compliments on type 2 NPDRM. I also think that someone should modify make_self_npdrm to make SELFs that work "at least" on 3.55 official firmware...
I haven't fully reversed the EDAT algorithm (I’m missing bytes from 0xB0 to 0xFF) but there is enough info for a post. The explanation is for those with flag (offset 0x80-0x83) equals to 0xC which is a normal EDAT. For others values minor changes should be made. Let's begin.
USER SPACE: (Probably incomplete (enough for decryption), most of it is guessed) On previous post I mentioned the command useds by developers to open/read an EDAT. That command has 3 parts:
o& & & & Verify: This parts verifies the NPD element by checking that user is authorized to open the file (using the devklic). In addition it calls LV2 to create an entry in the memory (probably using syscall471) so for further steps it will use the devklic (free) or the decrypted rif key (paid) (see SELF algorithm). I’ll call this rifkey on the rest of the document.
o& & & & Open the file: This will call kernel space. Performs several checks and creates an entry on another table.
o& & & & Read: It also calls LV2, which will decrypt and send data back.
KERNEL SPACE:
When an open request is received:
o& & & & Read the first 0x100 bytes of the file.
o& & & & Validates first 0xA0 bytes on EDAT. This uses appldr with the following execution (see below):
o& & & & Single execution
o& & & & Encrypted arguments
o& & & & CMAC. Key: rifkey, expectedHash: data at 0xA0-0xAF
o& & & & No Encryption erk:null,riv:null
Validates metadatasections. Again uses appldr:
o& & & & Multi execution. Blocks upto 0xFC00.
o& & & & Encrypted arguments
o& & & & CMAC. Key: rifkey, expectedHash:data at 0x90-0x9F
o& & & & No Encryption: erk:null, riv:null
Once the NPD is validated (We have validated header upto 0xAF and the metadatasections( which validate the data itself)) an entry on a memory table is created, the entry created by syscall471 is erased and returns. I’ll call this the EDATEncryptionDataTable. This table has 10 entries (remember the limitation of simultaneous files opened??...). Each entry has the following structure:
typedef struct {
& & uint64_t fileD
& & uint64_
& & uint64_t fileL
& & uint32_
& & uint32_t blockS
& & uint32_tnumB
& & uint8_t blockBase[0x0C];
& & uint8_t devklic[0x10];
& & uint8_t digest[0x10];& & & &
}EDATEncryptionD
-fileDescriptor: The file descriptor
-offset: An additional offset to calculate the position of the metadataSection. Origin unknown. Values seen 0
-File len: Length of the uncompressed data. Copied from EDAT offset 0x88-0x8F
-flag: Flags required to process the data. Copied from EDAT offset 0x80-0x83. Some flags are:
& & 0x: Debug
& & 0x: SDAT… for those rifkey is calculated differently. Algorithm is not tested yet.
& & 0x: Arguments for appldr are encrypted
& & 0x: Data compressed. MetadataSection length will be 0x20 bytes.
o& & & & blockSize: The data is stored on blocks of that length. Required for decryption. Copied from EDAT offset 0x84-0x87
o& & & & numBlocks: Number of blocks on file. Calculated using: numBlocks = (fileLen + blockSize - 1)/blockSize
o& & & & blockBase: Common part of the key used on decryption. First 0xC bytes of headerHash. Copied from EDAT offset 0x60-0x6B.
o& & & & devklic: Our rif key. Copied from the entry created by syscall471. FOR SDAT it is calculated using other algorithm.
o& & & & padding: the digest from NPD. Will be the IV. Copied from EDAT offset 0x40-0x4F.
When an read request is received:
o& & & & The system determines the blocks required (E.g; read from 0x3FFF to 0x8001 will read blocks 0,1 and 2).
o& & & & For each of the blocks:
o& & & & Calculate the blockKey as blockBase concat blockNumber.
o& & & & Calculate block offset: Start of NPD + offset + 0x100 + metadataSectionLen* numBlocks + blockSize*blockNumber. metadataSectionLen is 0x10 for flag 0xC (if compressed or with special hash would be 0x20).
o& & & & Calculate erk: AESECB128Encrypt, key:rifKey, data:blockKey
o& & & & Calculate hashKey: For 0xC is erk. (Others have an additional encryption)
o& & & & Execute appLdr with the following parameters:
o& & & & Single execution
o& & & & Encrypted arguments
o& & & & CMAC. Key: hashKey, expectedHash: metadataSection[blockIndex].hash
o& & & & EncryptionCBC erk:erk, riv:npd.digest
As you know the appldr is used for decrypting SELFs (that part is documented on the wiki). However there is a second mode that is used for EDAT. To use that mode spu_arg.field35 is 5. For values 0 to 4 it will process a SELF and for others will return error. Graf_chokolo described the structure of spu_args for the SELF. However this changes for EDATs…
typedef struct
& & & & uint64_t unk1;
& & & & uint32_t hashF
& & & & uint32_t encryptionF& && &
& & & & uint64_t unk2;
& & & & uint64_
& & & & uint64_t unk3;
& & & & uint64_t stateA& && &
& & & & uint32_t field30;
& & & & uint8_t&&field34;& && & //Must be 0,1,2
& & & & uint8_t&&field35;& && & //Must be 0,1,2,3
& & & & uint16_t&&field36;& && &//Must be 0,1,2,3,4,5
& & & & uint64_t field38;
& & & & uint8_t hashKey[0x10];
& & & & uint8_t riv[0x10];
& & & & uint8_t erk[0x10];
Above I indicated several parameters for the appldr. Those parameters are controlled by hashFlag and encryptionFlag.
-HashFlag: The hash is performed on input data not decrypted data. So if hash fails nothing is decrypted
MSB indicates how to use parameter hashKey.
0x: Indicates that hashKey is encrypted. Decrypt it with EDATKEY and RIVKEY
& && &&&0x: Ignore hashKEY. USE EDATDEFAULTHASHKEY
& && &&&0x: hashKey is not encrypted. Use it directly
LSB indicates the type of hash.
0x: HMACWithSHA1. Hash Len 0x14 bytes
& && &&&0x: CMAC128. Hash len 0x10 (obvious)
& && &&&0x: HMACWithSHA1. Hash Len 0x10 bytes (Hash is trunked)
-EncryptionFlag:
MSB indicates how to use parameters riv and erk
0x: Indicated that erk is encrypted. Decrypt it with EDATKEY and RIVKEY. riv is copied
& && &&&0x: Ignore riv and erk. Use EDATKEY and RIVKEY
& && &&&0x: Use erk and riv directly
LSB indicates which encoding is used.
0x: No encryption (algorithm is memcpy)
& && &&&0x: AESCBC128Decrypt is used.
When a key must be decrypted the algorithm is AESCBC128Decrypt. Keys SHA1:
EDATKEY: 84E9FC3574EAA11A9462FFA53D5EA46B4D0003BF. Already in wiki
RIVKEY: E129F27CBCDF0A15E160D445066FF. This is top secret :D
EDATDEFAULTHASHKEY: 8A721A06ABC7BB9BF398C5EF5D6F1FD997BC0A56
The multiple execution /single execution refers to the ability of appLdr to store an encrypted (and hashed) data on main memory to resume the hashing/decryption operations on next execution. That data is stored at stateAddress. Basically the functioning has several submodes. One for initialization (that decrypts erk, riv and hkey) and copies the state to main memory, another for processing data, which retrieves the state, process the data and updates the state, and finally another that receives the expected hash and validates. Another submode does all these ops on a single execution (calls the three submodes).
Summing up (for 0xC) for each block:
o& & & & Calculate data offset: 0x100 + offset(0) + metadataSectionLen*numberOfBlocks + currentBlockNumber*blockSize
o& & & & Generate block key: concat first 0xC byte of headerHash with current block number
o& & & & Encrypt block key with rifKey using AESECB128Encrypt. This would be erk and hkey
o& & & & Calculate riv. It is NPD digest field
o& & & & Decrypt erk using AESCBC128Decrypt with EDATKEY and RIVKEY -& call result decryptionKey.
o& & & & Using AESCBC128Decrypt decrypt data from offset to offset + blockSize (if last block calculate remaining bytes rounded up to 0x10 multiple). Key is decryptionKey iv is riv
o& & & & Copy data to output file
After searching for those missing bytes I did not found any reference on code. So I zeroed them and feed the file to the PS3... The file was properly loaded and decrypted so:
o& & & & Those bits are a random padding or
o& & & & They are not checked, nor required for creating an EDAT.
That means that you are able to "free" your EDATs using the method above. Remember that you're going to need the devklic and the rifkey.
Octopus For p3T you don't require the devklic cause for paid decryption you only need the key from rif... so decrypt it and use it directly like any other theme
EXE.trim.ALL You're right on version. LV2 uses that value to check which flags are valid. However unk4 (and unk3) which are at 0x70 are zeroes. Your info is for the next 16 bytes located at 0x80. Also you separate finalize and type. From the assembly I can say that the original source code considers it a signed integer (int32_t) (that or they have a really weird compiler cause it always load that field as a word (PPC can read a single byte)).
BTW the text on flowers says something about "werewolves" and the devklic is written as an ASCII text (not binary). It was the first non free content that I decrypted on PC.
euss IMHO best topic of the last half year was written recently by math on lan.st... half year? nah... last year. It's a pity that I would never enter on efnet (nor other sites) as long as they don't allow proxy and TOR.
Finally a bit of drama: Hotz8611, I reversed your reactPSN to see the your method and discovered that you just used the info on this post. I haven't check the vsh.self mode but I suppose that youre nullifyng the curve check and generate RAP by encrypting the rifkey (An AES and another crypto algorithm of 5 rounds with shuffle, acummulation and xoring.). I thank you for making people provide me all those RAP than I'm able to transform to rifkey but next time give proper credits (I don't know if your works is based on mallory or mine but obviously is based on info in this topic).
First of all, here is an implementation of the algorithm. It is not fully tested (for example with ISO.BIN.EDAT it validates but fails when decrypting) and is missing the decompression algorithm (I tried deflate but is does not work if someone identifies the algorithm please post it. Blocks start with 0x05). Also keys have been eliminated. On previous port you have the SHA1: /SuAukd8B
import java.io.F
import java.io.FileNotFoundE
import java.io.IOE
import java.io.RandomAccessF
import java.io.UnsupportedEncodingE
import java.math.BigI
import java.security.InvalidAlgorithmParameterE
import java.security.InvalidKeyE
import java.security.NoSuchAlgorithmE
import java.security.spec.AlgorithmParameterS
import javax.crypto.C
import javax.crypto.M
import javax.crypto.NoSuchPaddingE
import javax.crypto.ShortBufferE
import javax.crypto.spec.IvParameterS
import javax.crypto.spec.SecretKeyS
public class EDAT {
& & public static final int STATUS_ERROR_INPUTFILE_IO = -100;
& & public static final int STATUS_ERROR_HASHTITLEIDNAME = -1;
& & public static final int STATUS_ERROR_HASHDEVKLIC = -2;
& & public static final int STATUS_ERROR_MISSINGKEY = -3;
& & public static final int STATUS_ERROR_HEADERCHECK = -4;
& & public static final int STATUS_ERROR_DECRYPTING = -5;
& & public static final int STATUS_OK = 0;
& & public static final long FLAG_COMPRESSED = 0xL;
& & public static final long FLAG_0x02 = 0xL;
& & public static final long FLAG_KEYENCRYPTED = 0xL;
& & public static final long FLAG_0x10 = 0xL;
& & public static final long FLAG_0x20 = 0xL;
& & public static final long FLAG_SDAT = 0xL;
& & public static final long FLAG_DEBUG = 0xL;
& &&&* This function reads given file and decrypts it
& &&&* @param inFile EDAT file to decrypt
& &&&* @param outFile Path to store the decrypted data
& &&&* @param devKLic Authentication key. Also used for decryption on free content
& &&&* @param keyFromRif Key obtained after decrypting rif60
& &&&* @return Result of the operation
& & public int decryptFile(String inFile, String outFile, byte[] devKLic, byte[] keyFromRif) throws FileNotFoundException, IOException {
& && &&&File fin = new File(inFile);
& && &&&RandomAccessFile raf =
& && &&&raf = new RandomAccessFile(fin, "r");
& && &&&NPD[] ptr = new NPD[1]; //Ptr to Ptr
& && &&&int result = validateNPD(fin.getName(), devKLic, ptr, raf); //Validate NPD hashes
& && &&&if (result & 0) {
& && && && &
& && &&&NPD npd = ptr[0];
& && &&&EDATData data = getEDATData(raf);
& && &&&byte[] rifkey = getKey(npd, data, devKLic, keyFromRif); //Obtain the key for decryption (result of sc471 or sdatkey)
& && &&&if (rifkey == null) {
& && && && &System.out.println("ERROR: Key for decryption is missing");
& && && && &return STATUS_ERROR_MISSINGKEY;
& && &&&} else {
& && && && &System.out.println("DECRYPTION KEY: " + ConversionUtils.getHexString(rifkey));
& && &&&result = checkHeader(rifkey, data, raf);
& && &&&if (result & 0) {
& && && && &
& && &&&RandomAccessFile out = new RandomAccessFile(outFile, "rw");
& && &&&result = decryptData(raf, out, npd, data, rifkey);
& && &&&if (result & 0) {
& && && && &
& && &&&raf.close();
& && &&&return STATUS_OK;
& & private static final int HEADER_MAX_BLOCKSIZE = 0x3C00;
& & private int checkHeader(byte[] rifKey, EDATData data, RandomAccessFile in) throws IOException {
& && &&&in.seek(0);
& && &&&byte[] header = new byte[0xA0];
& && &&&byte[] out = new byte[0xA0];
& && &&&byte[] expectedHash = new byte[0x10];
& && &&&int numBlocks = (int) ((data.getFileLen().intValue() + data.getBlockSize() - 11) / data.getBlockSize());
& && &&&in.readFully(header);
& && &&&in.readFully(expectedHash);
& && &&&System.out.println("Checking header hash:");
& && &&&AppLoader a = new AppLoader();
& && &&&int hashFlag = ((data.getFlags() & FLAG_KEYENCRYPTED) == 0) ? 0x : 0x;
& && &&&//if ((data.getFlags() & DEBUG_FLAG) != 0) hashFlag |= 0x;&&//Debug check not implemented
& && &&&//Veryfing header
& && &&&boolean result = a.doAll(hashFlag, 0x, header, 0, out, 0, header.length, new byte[0x10], new byte[0x10], rifKey, expectedHash, 0);
& && &&&if (!result) {
& && && && &System.out.println("Error verifying header. Is rifKey valid?");
& && && && &return STATUS_ERROR_HEADERCHECK;
& && &&&System.out.println("Checking metadata hash:");
& && &&&a = new AppLoader();
& && &&&a.doInit(hashFlag, 0x, new byte[0x10], new byte[0x10], rifKey);
& && &&&int sectionSize = ((data.getFlags() & FLAG_COMPRESSED) != 0) ? 0x20 : 0x010;
& && &&&int readed = 0;
& && &&&int baseOffset = 0x100;
& && &&&//baseOffset +=&& //There is an unknown offset to add to the metadatasection... value seen 0
& && &&&long remaining = sectionSize * numB
& && &&&while (remaining & 0) {
& && && && &int lenToRead = (HEADER_MAX_BLOCKSIZE & remaining) ? (int) remaining : HEADER_MAX_BLOCKSIZE;
& && && && &in.seek(baseOffset + readed);
& && && && &byte[] content = new byte[lenToRead];
& && && && &out = new byte[lenToRead];
& && && && &in.readFully(content);
& && && && &a.doUpdate(content, 0, out, 0, lenToRead);
& && && && &readed += lenToR
& && && && &remaining -= lenToR
& && &&&result = a.doFinal(header, 0x90);& && &&&if (!result) {
& && && && &System.out.println("Error verifying metadatasection. Data tampered");
& && && && &return STATUS_ERROR_HEADERCHECK;
& && &&&return STATUS_OK;
& & private byte[] decryptMetadataSection(byte[] metadata) {
& && &&&byte[] result = new byte[0x10];
& && &&&result[0x00] = (byte) (metadata[0xC] ^ metadata[0x8] ^ metadata[0x10]);
& && &&&result[0x01] = (byte) (metadata[0xD] ^ metadata[0x9] ^ metadata[0x11]);
& && &&&result[0x02] = (byte) (metadata[0xE] ^ metadata[0xA] ^ metadata[0x12]);
& && &&&result[0x03] = (byte) (metadata[0xF] ^ metadata[0xB] ^ metadata[0x13]);
& && &&&result[0x04] = (byte) (metadata[0x4] ^ metadata[0x8] ^ metadata[0x14]);
& && &&&result[0x05] = (byte) (metadata[0x5] ^ metadata[0x9] ^ metadata[0x15]);
& && &&&result[0x06] = (byte) (metadata[0x6] ^ metadata[0xA] ^ metadata[0x16]);
& && &&&result[0x07] = (byte) (metadata[0x7] ^ metadata[0xB] ^ metadata[0x17]);
& && &&&result[0x08] = (byte) (metadata[0xC] ^ metadata[0x0] ^ metadata[0x18]);
& && &&&result[0x09] = (byte) (metadata[0xD] ^ metadata[0x1] ^ metadata[0x19]);
& && &&&result[0x0A] = (byte) (metadata[0xE] ^ metadata[0x2] ^ metadata[0x1A]);
& && &&&result[0x0B] = (byte) (metadata[0xF] ^ metadata[0x3] ^ metadata[0x1B]);
& && &&&result[0x0C] = (byte) (metadata[0x4] ^ metadata[0x0] ^ metadata[0x1C]);
& && &&&result[0x0D] = (byte) (metadata[0x5] ^ metadata[0x1] ^ metadata[0x1D]);
& && &&&result[0x0E] = (byte) (metadata[0x6] ^ metadata[0x2] ^ metadata[0x1E]);
& && &&&result[0x0F] = (byte) (metadata[0x7] ^ metadata[0x3] ^ metadata[0x1F]);
& & private EDATData getEDATData(RandomAccessFile in) throws IOException {
& && &&&in.seek(0x80);
& && &&&byte[] data = new byte[0x10];
& && &&&in.readFully(data);
& && &&&return EDATData.createEDATData(data);
& & private boolean compareBytes(byte[] value1, int offset1, byte[] value2, int offset2, int len) {
& && &&&boolean result =
& && &&&for (int i = 0; i & i++) {
& && && && &if (value1[i + offset1] != value2[i + offset2]) {
& && && && && & result =
& && && && && &
& && && && &}
& & private int validateNPD(String filename, byte[] devKLic, NPD[] npdPtr, RandomAccessFile in) throws IOException {
& && &&&in.seek(0);
& && &&&byte[] npd = new byte[0x80];
& && &&&in.readFully(npd);
& && &&&byte[] extraData = new byte[0x04];
& && &&&in.readFully(extraData);
& && &&&long flag = ConversionUtils.be32(extraData, 0);
& && &&&if ((flag & FLAG_SDAT) != 0) {
& && && && &System.out.println("INFO: SDAT detected. NPD header is not validated");
& && &&&} else if (!checkNPDHash1(filename, npd)) {
& && && && &return STATUS_ERROR_HASHTITLEIDNAME;
& && &&&} else if (devKLic == null) {
& && && && &System.out.println("WARNING: Can not validate devklic header");
& && &&&} else if (!checkNPDHash2(devKLic, npd)) {
& && && && &return STATUS_ERROR_HASHDEVKLIC;
& && &&&npdPtr[0] = NPD.createNPD(npd);;
& && &&&return STATUS_OK;
& & private boolean checkNPDHash1(String filename, byte[] npd) throws UnsupportedEncodingException {
& && &&&byte[] fileBytes = filename.getBytes("US-ASCII");
& && &&&byte data1[] = new byte[0x30 + fileBytes.length];
& && &&&System.arraycopy(npd, 0x10, data1, 0, 0x30);
& && &&&System.arraycopy(fileBytes, 0x00, data1, 0x30, fileBytes.length);
& && &&&byte[] hash1 = ToolsImpl.CMAC128(npdrm_omac_key3, data1, 0, data1.length);
& && &&&boolean result1 = compareBytes(hash1, 0, npd, 0x50, 0x10);
& && &&&if (result1) {
& && && && &System.out.println("NPD hash 1 is valid (" + ConversionUtils.getHexString(hash1) + ")");
& && &&&return result1;
& & private boolean checkNPDHash2(byte[] klicensee, byte[] npd) {
& && &&&byte[] xoredKey = new byte[0x10];
& && &&&ToolsImpl.XOR(xoredKey, klicensee, npdrm_omac_key2);
& && &&&byte[] calculated = ToolsImpl.CMAC128(xoredKey, npd, 0, 0x60);
& && &&&boolean result2 = compareBytes(calculated, 0, npd, 0x60, 0x10);
& && &&&if (result2) {
& && && && &System.out.println("NPD hash 2 is valid (" + ConversionUtils.getHexString(calculated) + ")");
& && &&&return result2;
& & }& & private byte[] getKey(NPD npd, EDATData data, byte[] devKLic, byte[] keyFromRif) {
& && &&&byte[] result =
& && &&&if ((data.getFlags() & FLAG_SDAT) != 0) {
& && && && &//Case SDAT
& && && && &result = new byte[0x10];
& && && && &ToolsImpl.XOR(result, npd.getDevHash(), SDATKEY);
& && &&&} else {
& && && && &//Case EDAT
& && && && &if (npd.getLicense() == 0x03) {
& && && && && & result = devKL
& && && && &} else if (npd.getLicense() == 0x02) {
& && && && && & result = keyFromR
& && && && &}
& & private int decryptData(RandomAccessFile in, RandomAccessFile out, NPD npd, EDATData data, byte[] rifkey) throws IOException {
& && &&&int numBlocks = (int) ((data.getFileLen().intValue() + data.getBlockSize() - 1) / data.getBlockSize());
& && &&&int metadataSectionSize = ((data.getFlags() & FLAG_COMPRESSED) != 0 || (data.getFlags() & FLAG_0x20) != 0) ? 0x20 : 0x10;
& && &&&int baseOffset = 0x100; //+ offset (unknown)
& && &&&for (int i = 0; i & numB i++) {
& && && && &in.seek(baseOffset + i * metadataSectionSize);
& && && && &byte[] expectedHash = new byte[0x10];
& && && && &
& && && && &
& && && && &int compressionEndBlock = 0;
& && && && &if ((data.getFlags() & FLAG_COMPRESSED) != 0) {
& && && && && & byte[] metadata = new byte[0x20];
& && && && && & in.readFully(metadata);
& && && && && & byte[] result = decryptMetadataSection(metadata);
& && && && && & offset = ConversionUtils.be64(result, 0).intValue(); // + offset (unknown)
& && && && && & len = Long.valueOf(ConversionUtils.be32(result, 8)).intValue();
& && && && && & compressionEndBlock = Long.valueOf(ConversionUtils.be32(result, 0xC)).intValue();
& && && && && & System.arraycopy(metadata, 0, expectedHash, 0, 0x10);& && && && &
& && && && &} else {
& && && && && & in.readFully(expectedHash);
& && && && && & offset = baseOffset + i * data.getBlockSize() + numBlocks * metadataSectionS
& && && && && & len = Long.valueOf(data.getBlockSize()).intValue();
& && && && && & if (i == numBlocks - 1) {
& && && && && && &&&len = data.getFileLen().mod(BigInteger.valueOf(data.getBlockSize())).intValue();
& && && && && & }
& && && && &}
& && && && &int realLen =
& && && && &len = (len + 0xF) & 0xFFFFFFF0;
& && && && &System.out.printf("Offset: %016X, len: %08X, realLen: %08X, endCompress: %d\r\n", offset, len, realLen,compressionEndBlock);
& && && && &in.seek(offset);
& && && && &byte[] encryptedData = new byte[len];
& && && && &byte[] decryptedData = new byte[len];
& && && && &in.readFully(encryptedData);
& && && && &byte[] key = new byte[0x10];
& && && && &byte[] hash = new byte[0x10];
& && && && &byte[] blockKey = calculateBlockKey(i, npd.getDevHash());
& && && && &ToolsImpl.aesecbEncrypt(rifkey, blockKey, 0, key, 0, blockKey.length);
& && && && &if ((data.getFlags() & FLAG_0x10) != 0) {
& && && && && & ToolsImpl.aesecbEncrypt(rifkey, key, 0, hash, 0, key.length);
& && && && &} else {
& && && && && & System.arraycopy(key, 0, hash, 0, key.length);
& && && && &}
& && && && &int cryptoFlag = ((data.getFlags() & FLAG_0x02) == 0) ? 0x2 : 0x1;
& && && && &int hashF
& && && && &if ((data.getFlags() & FLAG_0x10) == 0) {
& && && && && & hashFlag = 0x02;
& && && && &} else if ((data.getFlags() & FLAG_0x20) == 0) {
& && && && && & hashFlag = 0x04;
& && && && &} else {
& && && && && & hashFlag = 0x01;
& && && && &}
& && && && &if ((data.getFlags() & FLAG_KEYENCRYPTED) != 0) {
& && && && && & cryptoFlag |= 0x;
& && && && && & hashFlag |= 0x;
& && && && &}
& && && && &if ((data.getFlags() & FLAG_DEBUG) != 0) {
& && && && && & cryptoFlag |= 0x;
& && && && && & hashFlag |= 0x;
& && && && &}
& && && && &AppLoader a = new AppLoader();
& && && && &boolean result = a.doAll(hashFlag, cryptoFlag, encryptedData, 0, decryptedData, 0, encryptedData.length, key, npd.getDigest(), hash, expectedHash, 0);
& && && && &if (!result) {
& && && && && & System.out.println("Error decrypting block " + i);
& && && && && & return STATUS_ERROR_DECRYPTING;
& && && && &}
& && && && &if ((data.getFlags() & FLAG_COMPRESSED) != 0) {
& && && && && & //byte[] decompress = new byte[Long.valueOf(data.getBlockSize()).intValue()];
& && && && && & //DECOMPRESS: MISSING ALGORITHM& && && && && &&&
& && && && && & //out.write(decompress, 0, data.getBlockSize());
& && && && &} else {
& && && && && & out.write(decryptedData, 0, realLen);
& && && && &}
& && &&&return STATUS_OK;
& & private byte[] calculateBlockKey(int blk, byte[] baseKey) {
& && &&&byte[] result = new byte[0x10];
& && &&&System.arraycopy(baseKey, 0, result, 0, 0xC);
& && &&&result[0xC] = (byte) (blk && 24 & 0xFF);
& && &&&result[0xD] = (byte) (blk && 16 & 0xFF);
& && &&&result[0xE] = (byte) (blk && 8 & 0xFF);
& && &&&result[0xF] = (byte) (blk & 0xFF);
& & class AppLoader {
& && &&&private D
& && &&&private H
& && &&&public boolean doAll(int hashFlag, int cryptoFlag, byte[] in, int inOffset, byte[] out, int outOffset, int len, byte[] key, byte[] iv, byte[] hash, byte[] expectedHash, int hashOffset) {
& && && && &doInit(hashFlag, cryptoFlag, key, iv, hash);
& && && && &doUpdate(in, inOffset, out, outOffset, len);
& && && && &return doFinal(expectedHash, hashOffset);
& && &&&public void doInit(int hashFlag, int cryptoFlag, byte[] key, byte[] iv, byte[] hashKey) {
& && && && &byte[] calculatedKey = new byte[key.length];
& && && && &byte[] calculatedIV = new byte[iv.length];
& && && && &byte[] calculatedHash = new byte[hashKey.length];
& && && && &getCryptoKeys(cryptoFlag, calculatedKey, calculatedIV, key, iv);
& && && && &getHashKeys(hashFlag, calculatedHash, hashKey);
& && && && &setDecryptor(cryptoFlag);
& && && && &setHash(hashFlag);
& && && && &System.out.println("ERK:&&" + ConversionUtils.getHexString(calculatedKey));
& && && && &System.out.println("IV:& &" + ConversionUtils.getHexString(calculatedIV));
& && && && &System.out.println("HASH: " + ConversionUtils.getHexString(calculatedHash));
& && && && &dec.doInit(calculatedKey, calculatedIV);
& && && && &hash.doInit(calculatedHash);
& && &&&public void doUpdate(byte[] in, int inOffset, byte[] out, int outOffset, int len) {
& && && && &hash.doUpdate(in, inOffset, len);
& && && && &dec.doUpdate(in, inOffset, out, outOffset, len);
& && &&&public boolean doFinal(byte[] expectedhash, int hashOffset) {
& && && && &return hash.doFinal(expectedhash, hashOffset);
& && &&&private void getCryptoKeys(int cryptoFlag, byte[] calculatedKey, byte[] calculatedIV, byte[] key, byte[] iv) {
& && && && &int mode = cryptoFlag & 0xF0000000;
& && && && &switch (mode) {
& && && && && & case 0x:
& && && && && && &&&ToolsImpl.aescbcDecrypt(EDATKEY, EDATIV, key, 0, calculatedKey, 0, calculatedKey.length);
& && && && && && &&&System.arraycopy(iv, 0, calculatedIV, 0, calculatedIV.length);
& && && && && && &&&System.out.println("MODE: Encrypted ERK");
& && && && && && &&&
& && && && && & case 0x:
& && && && && && &&&System.arraycopy(EDATKEY, 0, calculatedKey, 0, calculatedKey.length);
& && && && && && &&&System.arraycopy(EDATIV, 0, calculatedIV, 0, calculatedIV.length);
& && && && && && &&&System.out.println("MODE: Default ERK");
& && && && && && &&&
& && && && && & case 0x:
& && && && && && &&&System.arraycopy(key, 0, calculatedKey, 0, calculatedKey.length);
& && && && && && &&&System.arraycopy(iv, 0, calculatedIV, 0, calculatedIV.length);
& && && && && && &&&System.out.println("MODE: Unencrypted ERK");
& && && && && && &&&
& && && && && & default:
& && && && && && &&&throw new IllegalStateException("Crypto mode is not valid: Undefined keys calculator");
& && && && &}
& && &&&private void getHashKeys(int hashFlag, byte[] calculatedHash, byte[] hash) {
& && && && &int mode = hashFlag & 0xF0000000;
& && && && &switch (mode) {
& && && && && & case 0x:
& && && && && && &&&ToolsImpl.aescbcDecrypt(EDATKEY, EDATIV, hash, 0, calculatedHash, 0, calculatedHash.length);
& && && && && && &&&System.out.println("MODE: Encrypted HASHKEY");
& && && && && && &&&
& && && && && & case 0x:
& && && && && && &&&System.arraycopy(EDATHASH, 0, calculatedHash, 0, calculatedHash.length);
& && && && && && &&&System.out.println("MODE: Default HASHKEY");
& && && && && && &&&
& && && && && & case 0x:
& && && && && && &&&System.arraycopy(hash, 0, calculatedHash, 0, calculatedHash.length);
& && && && && && &&&System.out.println("MODE: Unencrypted HASHKEY");
& && && && && && &&&
& && && && && & default:
& && && && && && &&&throw new IllegalStateException("Hash mode is not valid: Undefined keys calculator");
& && && && &}
& && &&&private void setDecryptor(int cryptoFlag) {
& && && && &int aux = cryptoFlag & 0xFF;
& && && && &switch (aux) {
& && && && && & case 0x01:
& && && && && && &&&dec = new NoCrypt();
& && && && && && &&&System.out.println("MODE: Decryption Algorithm NONE");
& && && && && && &&&
& && && && && & case 0x02:
& && && && && && &&&dec = new AESCBC128Decrypt();
& && && && && && &&&System.out.println("MODE: Decryption Algorithm AESCBC128");
& && && && && && &&&
& && && && && & default:
& && && && && && &&&throw new IllegalStateException("Crypto mode is not valid: Undefined decryptor");
& && && && &}
& && &&&private void setHash(int hashFlag) {
& && && && &int aux = hashFlag & 0xFF;
& && && && &switch (aux) {
& && && && && & case 0x01:
& && && && && && &&&hash = new HMAC();
& && && && && && &&&hash.setHashLen(0x14);
& && && && && && &&&System.out.println("MODE: Hash HMAC Len 0x14");
& && && && && && &&&
& && && && && & case 0x02:
& && && && && && &&&hash = new CMAC();
& && && && && && &&&hash.setHashLen(0x10);
& && && && && && &&&System.out.println("MODE: Hash CMAC Len 0x10");
& && && && && && &&&
& && && && && & case 0x04:
& && && && && && &&&hash = new HMAC();
& && && && && && &&&hash.setHashLen(0x10);
& && && && && && &&&System.out.println("MODE: Hash HMAC Len 0x10");
& && && && && && &&&
& && && && && & default:
& && && && && && &&&throw new IllegalStateException("Hash mode is not valid: Undefined hash algorithm");
& && && && &}
& && &&&abstract class Decryptor {
& && && && &public abstract void doInit(byte[] key, byte[] iv);
& && && && &public abstract void doUpdate(byte[] in, int inOffset, byte[] out, int outOffset, int len);
& && &&&class NoCrypt extends Decryptor {
& && && && &@Override
& && && && &public void doInit(byte[] key, byte[] iv) {
& && && && && & //Do nothing
& && && && &}
& && && && &@Override
& && && && &public void doUpdate(byte[] in, int inOffset, byte[] out, int outOffset, int len) {
& && && && && & System.arraycopy(in, inOffset, out, outOffset, len);
& && && && &}
& && &&&class AESCBC128Decrypt extends Decryptor {
& && && && &C
& && && && &@Override
& && && && &public void doInit(byte[] key, byte[] iv) {
& && && && && & try {
& && && && && && &&&SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
& && && && && && &&&c = Cipher.getInstance("AES/CBC/NoPadding");
& && && && && && &&&AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
& && && && && && &&&c.init(Cipher.DECRYPT_MODE, skeySpec, paramSpec);
& && && && && & } catch (InvalidKeyException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & } catch (InvalidAlgorithmParameterException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & } catch (NoSuchAlgorithmException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & } catch (NoSuchPaddingException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doUpdate(byte[] in, int inOffset, byte[] out, int outOffset, int len) {
& && && && && & try {
& && && && && && &&&c.update(in, inOffset, len, out, outOffset);
& && && && && & } catch (ShortBufferException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & }
& && && && &}
& && &&&abstract class Hash {
& && && && &public abstract void setHashLen(int len);
& && && && &public abstract void doInit(byte[] key);
& && && && &public abstract void doUpdate(byte[] in, int inOffset, int len);
& && && && &public abstract boolean doFinal(byte[] expectedhash, int hashOffset);
& && &&&class HMAC extends Hash {
& && && && &private int hashL
& && && && &private M
& && && && &@Override
& && && && &public void setHashLen(int len) {
& && && && && & if (len == 0x10 || len == 0x14) {
& && && && && && &&&hashLen =
& && && && && & } else {
& && && && && && &&&throw new IllegalArgumentException("Hash len must be 0x10 or 0x14");
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doInit(byte[] key) {
& && && && && & try {
& && && && && && &&&SecretKeySpec skeySpec = new SecretKeySpec(key, "HmacSHA1");
& && && && && && &&&mac = Mac.getInstance("HmacSHA1");
& && && && && && &&&mac.init(skeySpec);
& && && && && & } catch (InvalidKeyException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & } catch (NoSuchAlgorithmException ex) {
& && && && && && &&&throw new IllegalStateException(ex);
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doUpdate(byte[] in, int inOffset, int len) {
& && && && && & mac.update(in, inOffset, len);
& && && && &}
& && && && &@Override
& && && && &public boolean doFinal(byte[] expectedhash, int hashOffset) {
& && && && && & byte[] result = mac.doFinal();
& && && && && & return compareBytes(result, 0, expectedhash, hashOffset, hashLen);
& && && && &}
& && &&&class CMAC extends Hash {
& && && && &int hashL
& && && && &byte[]
& && && && &byte[] K1;
& && && && &byte[] K2;
& && && && &byte[] nonP
& && && && &byte[]
& && && && &public CMAC() {
& && && && && & hashLen = 0x10;
& && && && &}
& && && && &@Override
& && && && &public void setHashLen(int len) {
& && && && && & if (len == 0x10) {
& && && && && && &&&hashLen =
& && && && && & } else {
& && && && && && &&&throw new IllegalArgumentException("Hash len must be 0x10");
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doInit(byte[] key) {
& && && && && & this.key =
& && && && && & K1 = new byte[0x10];
& && && && && & K2 = new byte[0x10];
& && && && && & calculateSubkey(key, K1, K2);
& && && && && & nonProcessed =
& && && && && & previous = new byte[0x10];
& && && && &}
& && && && &private void calculateSubkey(byte[] key, byte[] K1, byte[] K2) {
& && && && && & byte[] zero = new byte[0x10];
& && && && && & byte[] L = new byte[0x10];
& && && && && & ToolsImpl.aesecbEncrypt(key, zero, 0, L, 0, zero.length);
& && && && && & BigInteger aux = new BigInteger(1, L);
& && && && && & if ((L[0] & 0x80) != 0) {
& && && && && && &&&//Case MSB is set
& && && && && && &&&aux = aux.shiftLeft(1).xor(BigInteger.valueOf(0x87));
& && && && && & } else {
& && && && && && &&&aux = aux.shiftLeft(1);
& && && && && & }
& && && && && & byte[] aux1 = aux.toByteArray();
& && && && && & if (aux1.length &= 0x10) {
& && && && && && &&&System.arraycopy(aux1, aux1.length - 0x10, K1, 0, 0x10);
& && && && && & } else {
& && && && && && &&&System.arraycopy(zero, 0, K1, 0, zero.length);
& && && && && && &&&System.arraycopy(aux1, 0, K1, 0x10 - aux1.length, aux1.length);
& && && && && & }
& && && && && & aux = new BigInteger(1, K1);
& && && && && & if ((K1[0] & 0x80) != 0) {
& && && && && && &&&aux = aux.shiftLeft(1).xor(BigInteger.valueOf(0x87));
& && && && && & } else {
& && && && && && &&&aux = aux.shiftLeft(1);
& && && && && & }
& && && && && & aux1 = aux.toByteArray();
& && && && && & if (aux1.length &= 0x10) {
& && && && && && &&&System.arraycopy(aux1, aux1.length - 0x10, K2, 0, 0x10);
& && && && && & } else {
& && && && && && &&&System.arraycopy(zero, 0, K2, 0, zero.length);
& && && && && && &&&System.arraycopy(aux1, 0, K2, 0x10 - aux1.length, aux1.length);
& && && && && & }
& && && && &}
& && && && &@Override
& && && && &public void doUpdate(byte[] in, int inOffset, int len) {
& && && && && & byte[]
& && && && && & if (nonProcessed != null) {
& && && && && && &&&int totalLen = len + nonProcessed.
& && && && && && &&&data = new byte[totalLen];
& && && && && && &&&System.arraycopy(nonProcessed, 0, data, 0, nonProcessed.length);
& && && && && && &&&System.arraycopy(in, inOffset, data, nonProcessed.length, len);
& && && && && & } else {
& && && && && && &&&data = new byte[len];
& && && && && && &&&System.arraycopy(in, inOffset, data, 0, len);
& && && && && & }
& && && && && & int count = 0;
& && && && && & while (count & data.length - 0x10) {
& && && && && && &&&byte[] aux = new byte[0x10];
& && && && && && &&&System.arraycopy(data, count, aux, 0, aux.length);
& && && && && && &&&ToolsImpl.XOR(aux, aux, previous);
& && && && && && &&&ToolsImpl.aesecbEncrypt(key, aux, 0, previous, 0, aux.length);
& && && && && && &&&count += 0x10;
& && && && && & }
& && && && && & nonProcessed = new byte[data.length - count];
& && && && && & System.arraycopy(data, count, nonProcessed, 0, nonProcessed.length);
& && && && &}
& && && && &@Override
& && && && &public boolean doFinal(byte[] expectedhash, int hashOffset) {
& && && && && & byte[] aux = new byte[0x10];
& && && && && & System.arraycopy(nonProcessed, 0, aux, 0, nonProcessed.length);
& && && && && & if (nonProcessed.length == 0x10) {
& && && && && && &&&ToolsImpl.XOR(aux, aux, K1);
& && && && && & } else {
& && && && && && &&&aux[nonProcessed.length] = (byte) 0x80;
& && && && && && &&&ToolsImpl.XOR(aux, aux, K2);
& && && && && & }
& && && && && & ToolsImpl.XOR(aux, aux, previous);
& && && && && & byte[] calculatedhash = new byte[0x10];
& && && && && & ToolsImpl.aesecbEncrypt(key, aux, 0, calculatedhash, 0, aux.length);
& && && && && & return compareBytes(expectedhash, hashOffset, calculatedhash, 0, hashLen);
& && && && &}
About compression: Instead of having metadatasections of 0x10 byes the new section is 0x20 bytes long.
struct compressMetadataSection {
& & & & uint8_t hash[0x10];
& & & & uint64_t fileO
& & & & uint32_
& & & & uint32_t isEndOfC& &
The obtain bytes 0x10-01F xor of data is used.
You probably forgot to decrypt the key. The result of syscall471 must be decrypted using EDATKEY and RIVKEY.
To make free files:
o& & & & Create a memory image of the file.
o& & & & Decrypt the data, so you have a memory copy of the file decrypted (for compressed no need to decompress)
o& & & & Modify NPD to make if free (0x03 instead of 0x02). Recalculate hashes using devlikc (that why we need it).
o& & & & Recrypt each block using the devklic as base to calculate blocks keys (wich will then be transformed again as does the appldr for that type).
o& & & & Once recrypted, recalculate the hashes of the sections so they matched the new value for the encrypted data.
o& & & & If compressed recalculate the offset and len on the metadatasection
o& & & & Using the new metadatasection recalculate data 0x90-0x9F.
o& & & & Using the new NPD header + new metadatasectionHash calculate hash and place it at 0xA0-0xAF.
o& & & & Write file to disk (Remember, that file is function of filename, you must overwrite (not recommend while testing) or remember to rename it properly).
The code I posted already implements SDAT. You just need the SDATKEY. The SHA1 is ED2A01}
我要回帖
更多关于 3ds a9破解怎么装游戏 的文章
更多推荐
- ·温岭话翻译器方言689什么意思
- ·小米电脑如何下载小米手机为啥玩不了我的世界界?
- ·皇帝的新装72小时打一字字
- ·请问各位gta5自带录像过后文件存在哪在里面录的视频在哪里找??
- ·红色警戒3起义时刻地图包放哪里2起义时刻在哪下啊
- ·请问unity插件VR Panorama 360 PROunity rendererr是怎么用的?
- ·哪个dotadota2智力加技能伤害的伤害最高
- ·请问憋七在一局结束后是怎么结算胜负得分的?——QQ炫舞天天传奇圣光祭司司怎么得
- ·免费送时空猎人vip号最新的vip怎么刷会员等级
- ·dnfdnf4月17日神秘人人在哪17号的最新相关信息
- ·不能自立确得道者多助,引虎自冲机中机的生肖是什么?——qq炫舞为什么登上却进不去大厅然后就掉了
- ·谁有DNF英雄联盟日语补丁包包全和其他补丁
- ·天国的水晶宫txt下载的扎哈 如何 有关注的吗
- ·我qq为什么一进点赞列表给人点赞状就秒qt冻结状态?还降了两级?秒赞前天以关,点赞是手动点。
- ·有谁有庶女有毒橙光游戏攻略抖S都有毒我想吃掉你里面所有的cg图
- ·王者荣耀王者成吉思汗汗的3技能最多能储存多少次
- ·崩坏3开放世界崩坏3樱色轮回采集点攻略 开放世界崩坏3樱色轮回采集点怎么过
- ·玩这游戏的适合外国人玩的游戏都是傻逼吗
- ·DNF今天cf神秘人人在哪儿的最新相关信息
- ·《火影忍者究极风暴下载:究极风暴3》已经打过的战斗怎么重新打
- ·a9怎么对PS3a9破解怎么看luma版本那么敏感
- ·青丘狐传说手游装备怎么结婚 结婚情缘系统详解
- ·LOL韩服下虹桥枢纽7路新时刻表套路,这么玩拳头不管的吗
- ·热血江湖武器强化发光手游武器怎么发光 武器发光攻略
- ·现在三国全面战争那个好玩最好玩的是哪个
- ·我想要龙骑帝国20本布局辅助器
- ·天龙八部3D魔域跑商怎么赚钱攻略 怎么魔域跑商怎么赚钱赚更多钱
- ·南加大研究生申请条件游戏专业作品集辅导谁参加过?希望各位给介绍一家。
- ·途游中国象棋残局获得补签卡
- ·在江湖风云录2接镖任务中,接手北小星任务时,把阿七放走后该怎么办。
- ·平时一个人玩 时间也少 选什么职业实践最少时间好
- ·新版天天飞车无限油新版的是不是改不了
- ·dnf剑宗怎么破dnf红眼火山破锁血锁血
- ·关于过关玩法亚盘走盘过关玩法中场次有走盘是算输还是赢——QQ炫舞天空之心怎样获得
- ·20双色球2017045期双色球开奖结果今天的 ?——QQ炫舞宠物怎么升21级
