Editing Trophy files

Trophies was introduced in 2.40 firmware; therefore, games compiled with an SDK smaller than 2.40 don't have trophies.

=== Firmware related files ===
 friendtrophy_plugin.rco (/dev_flash/vsh/resource)
 friendtrophy_plugin.sprx (/dev_flash/vsh/module)
 friendtrophy_plugin_game.rco (/dev_flash/vsh/resource)
 libsysutil_np_trophy.sprx (/dev_flash/sys/external)
 np_trophy_ingame.rco (/dev_flash/vsh/resource)
 np_trophy_ingame.sprx (/dev_flash/vsh/module)
 np_trophy_plugin.rco (/dev_flash/vsh/resource)
 np_trophy_plugin.sprx (/dev_flash/vsh/module)
 np_trophy_util.sprx (/dev_flash/vsh/module)

[http://www.mirrorcreator.com/files/U6OQTVZS/np_trophy-02.4000.rar_links np_trophy-02.4000]<br />
[http://www.mirrorcreator.com/files/P4X7EJ6B/np_trophy-04.4500_0.rar_links np_trophy-04.4500]

=== Harddrive related files ===
home\userid\trophy\ :

* _TROPSYS_
**PARAM.PFD
**TROPSYS.DAT 
* NPCOMMID (e.g. NPWR00710_00)
**ICON0.PNG
**PARAM.PFD
**PARAM.SFO
**[[Content_Information_Files#Trophy_Collection|TROPxxx.PNG]] (e.g. TROP000.PNG ... TROP999.PNG for each individual trophy)
**TROPCONF.SFM
**TROPTRNS.DAT
**TROPUSR.DAT

==== _TROPSYS_ ====
System folder, used as an index of all the trophies of this user.

===== PARAM.PFD =====
Supervises the signature of '''TROPSYS.DAT'''.

===== TROPSYS.DAT =====
This file is an "index" containing a list with all the trophy installations made by this user.

Every time a '''TROPHY.TRP''' is installed... '''TROPSYS.DAT''' is updated to include the new installation

Removing a trophy installation (by simply removing the folder for this installation) doesn't updates the "index", and it displays a "corrupt icon" in XMB.

Two ways to "force" the "index" to update to remove this "corrupt icon" are: by repeating the installation (the installation will fail, but the icon will be removed), or from "recovery mode" menu using the option "rebuild database"

==== NPCOMMID ====
NP Communication ID in format NPWRxxyyy_zz (e.g. NPWR00153_00)

===== PARAM.PFD =====

===== PARAM.SFO =====

'' Full Article: [[PARAM.SFO]]''

===== TROPCONF.SFM =====
Contains a list with the names, id's, texts, conditions, etc... required to win each trophy

* The file is static (never changes after the installation)
The only way to update this file is by installing a new "trophy installer" (TROPHY.TRP) using the same ID's, but with a higher version (this happens with some "game expansions" that updates the trophy installation with new trophies related with the new content)

* Is language specific (texts are not common for all the languages). See [[Languages]]
Its the trophy installer (TROPHY.TRP) who decides wich '''TROPCONF.SFM''' will be installed depending of the language settings in the XMB

Note that only one file for one language is installed


'''Header with Sce-Np-Trophy-Signature'''
<pre>Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  45 01 95 BA 00 00 00 01 00 00 00 00 00 00 3B 75  E.•º..........;u                       same in different trophysets
00000010  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................                       on same console+userid
00000020  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................                       ...
00000030  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................                       ...
00000040  3C 21 2D 2D 53 63 65 2D 4E 70 2D 54 72 6F 70 68  <!--Sce-Np-Troph     <!--Sce-Np-Troph  same in different trophysets
00000050  79 2D 53 69 67 6E 61 74 75 72 65 3A 20 34 63 33  y-Signature: 4c3     y-Signature: 4c3  on different console+userid    
00000060  39 62 39 38 63 30 31 30 30 30 30 30 30 30 30 30  9b98c01000000000     9b98c01000000000  ...
00000070  30 30 30 30 30 63 62 65 39 33 61 33 35 63 37 39  00000cbe93a35c79     00000             ...
00000080  61 64 61 62 36 64 63 63 63 36 30 62 31 36 36 36  adab6dccc60b1666
00000090  39 64 35 65 36 38 38 38 65 30 36 61 61 61 61 66  9d5e6888e06aaaaf
000000A0  34 63 64 35 31 32 63 61 37 30 38 30 66 61 38 63  4cd512ca7080fa8c
000000B0  31 37 38 31 62 38 30 31 36 32 35 34 34 61 66 30  1781b80162544af0
000000C0  64 63 61 33 65 30 38 66 32 64 66 65 34 39 34 66  dca3e08f2dfe494f
000000D0  36 64 64 64 61 31 35 30 62 35 61 65 33 33 34 38  6ddda150b5ae3348
000000E0  35 32 61 65 61 64 62 63 63 31 62 65 62 61 36 64  52aeadbcc1beba6d             differs per trophyset
000000F0  38 66 66 34 66 38 65 39 61 63 39 34 61 65 31 64  8ff4f8e9ac94ae1d
00000100  32 37 38 36 61 36 38 35 33 38 30 38 62 33 33 65  2786a6853808b33e
00000110  36 32 38 34 33 63 35 35 33 32 30 39 34 32 63 30  62843c55320942c0
00000120  37 34 33 32 30 32 63 62 62 61 34 65 34 30 62 32  743202cbba4e40b2
00000130  37 34 34 31 34 39 31 32 61 35 35 61 33 62 62 37  74414912a55a3bb7
00000140  34 37 35 63 35 33 62 61 37 30 35 31 35 64 31 33  475c53ba70515d13
00000150  62 38 66 34 61 30 34 65 38 64 66 63 30 34 64 30  b8f4a04e8dfc04d0
00000160  37 39 34 32 63 66 31 62 62 33 34 31 33 65 64 39  7942cf1bb3413ed9
00000170  63 31 31 35 66 33 30 63 35 36 61 35 63 37 37 65  c115f30c56a5c77e
00000180  38 30 34 65 37 62 66 37 66 32 35 64 36 61 30 37  804e7bf7f25d6a07
00000190  33 63 35 64 31 31 36 39 62 32 34 61 31 2D 2D 3E  3c5d1169b24a1-->                  -->    same in different trophysets
000001A0  0A 3C 74 72 6F 70 68 79 63 6F 6E 66 20 76 65 72  .<trophyconf ver     .<trophyconf ver    on same console+userid
000001B0  73 69 6F 6E 3D 22 31 2E 30 22 3E 0A 20 3C 6E 70  sion="1.0">. <np     sion="1.0">. <np    ...
</pre>


'''followed by "trophyconf" in XML format with the listed trophies:'''
<pre>
<trophyconf version="1.0">
 <npcommid>NPXXYYYYY_00</npcommid>
 <trophyset-version>01.00</trophyset-version>
 <parental-level license-area="default">0</parental-level>
 <title-name>Name Game</title-name>
 <title-detail>Detail Game</title-detail>
 ...
 <group id="001">
  <name>Additionall Content grouped in subfolders in XMB</name>
  <detail>bla bla bla bla.</detail>
 </group>
 ...
 <trophy id="000" hidden="no" ttype="P" pid="-1">
  <name>Platinum trophy</name>
  <detail>Details (id=000 is always the platinum)</detail>
 </trophy>
 <trophy id="001" hidden="no" ttype="B" pid="000">
  <name>a bronze trophy</name>
  <detail>Details (B = bronze)</detail>
 </trophy>
 ...
 <trophy id="041" hidden="no" ttype="G" pid="-1" gid="001">
  <name>trophy from group id = 001</name>
  <detail>gold trophy (subgropus never has a platinum)</detail>
 </trophy>
</trophyconf>
</pre>

{|class="wikitable"
|-
! ttype !! Meaning 
|-
| P || Platinum 
|-
| G || Gold 
|-
| S || Silver 
|-
| B || Bronze 
|-
|}

===== TROPTRNS.DAT =====

Fully encrypted, the method is the same as used for save games. Besides that, it is signed with a RSA signature and SHA1-HMAC too. 

* Specullation
Based in the name (trophy transmission or transfer) its a file derivated of TROPUSR.DAT, with an added layer of encryption, ready to be sended to PSN to synchronize the data related with this game with your trophies in your online account

It contains info related with user, either because its present in the source file (TROPUSR.DAT) or because it contains the file PARAM.SFO "incrusted" in the format

== Structure of TROPUSR.DAT and TROPTRNS.DAT ==
Structures: https://github.com/bucanero/apollo-ps3/blob/master/include/trophy.h

Block types: https://github.com/bucanero/apollo-ps3/blob/master/source/trophy.c

== How signatures from XML and TROPTRNS.DAT are signed? ==

The signature itself have a size of 160 bytes. It contains a header of 12 bytes (the signature header) which contains 4 bytes of a magic (0x4C39B98C for XML, 0xB9DDE13B for DAT), a version (0x01000000) and a padding of 4 zero bytes. There are SHA1-HMAC hash after the header and RSA signature of 128 bytes. A RSA signature uses the SHA1 hash as a message. A trophy utility uses PKCS#1 as a padding scheme, the public exponent of 65537 and the modulus which is placed in a transformed way inside a module. A RSA modulus consists of 128 bytes followed by 8 bytes of a public exponent, they are 16 groups of 8 bytes each written in a reversed order. So the last group of 8 bytes will be the first group of 8 bytes, the penultimate group of 8 bytes will be the second group, etc. A SHA1-HMAC after the signature header and SHA1 hash from the decrypted signature should be equal to the corresponding computed hashes.

===== Keys =====

RSA public exponent: <code>65537</code>

== Signature for XML ==

Take ASCII hex bytes from Sce-Np-Trophy-Signature and convert them to bytes and you will see a block of 160 bytes. This is your XML signature and it uses the format mentioned above.  A SHA1-HMAC hash after the header is generated using a concatenation of the XML content itself (starting with ''trophyconf'' tag without a signature block) and the signature header (real bytes, not ASCII bytes!). You can find a HMAC key of 64 bytes inside np_trophy_util.prx module which begins with 6A C0...). The SHA1 hash for RSA signature is generated using a concatenation of the XML content itself (starting with ''trophyconf'' tag without a signature block), the signature header (real bytes, not ASCII bytes!) and the SHA1-HMAC hash. A RSA modulus started with 92 C8... inside np_trophy_util.prx.

===== Keys =====
RSA modulus:
<pre>CA 30 CE E5 9B F1 9E 04 1F 6F 02 C5 4A E4 2C D6
76 91 85 E1 57 AB 86 59 B7 0D CE C0 C3 EE 60 39
FF 95 2F D9 76 7D 35 47 4B 11 BB 55 14 20 5C 55
38 64 F7 7B D4 DA 89 9B 30 11 0B 0E A4 F8 AD 33
FB E0 35 0E 08 5B 2A 92 A7 D3 27 97 81 10 AA B9
50 85 73 02 35 40 81 56 70 7C 3B 22 38 F9 78 BF
F4 F3 08 06 38 09 AE AF B2 F9 AE C6 2E 19 68 CF
F5 8B 9B A8 34 B3 58 8C 92 C8 41 1C 54 8B FC 49</pre>

====== SHA1-HMAC key ======
 Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F                    example 4.45 CEX/Retail
 000558F0  6A C0 B3 FB 1E BB 4F B7 BC C2 A0 0D A3 A2 A4 BD  jÀ³û.»O·¼Â .£¢¤½
 00055900  BC B7 88 EC 45 67 48 CC 86 CD 9D 09 EF 37 93 7F  ¼·ˆìEgHÌ†Í..ï7“.
 00055910  6E E3 11 67 77 8E 41 4E 9B 71 1B E9 D8 CB B5 F8  nã.gwŽAN›q.éØËµø
 00055920  95 6E 45 4E E9 4A 46 C3 9D C4 FF 0D 09 0B 92 B7  •nENéJFÃ.Äÿ...’·

====== RSA modulus ======
 Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F                    example 4.45 CEX/Retail
 000557F0  92 C8 41 1C 54 8B FC 49 F5 8B 9B A8 34 B3 58 8C  ’ÈA.T‹üIõ‹›¨4³XŒ
 00055800  B2 F9 AE C6 2E 19 68 CF F4 F3 08 06 38 09 AE AF  ²ù®Æ..hÏôó..8.®¯
 00055810  70 7C 3B 22 38 F9 78 BF 50 85 73 02 35 40 81 56  p|;"8ùx¿P…s.5@.V
 00055820  A7 D3 27 97 81 10 AA B9 FB E0 35 0E 08 5B 2A 92  §Ó'—..ª¹ûà5..[*’
 00055830  30 11 0B 0E A4 F8 AD 33 38 64 F7 7B D4 DA 89 9B  0...¤ø38d÷{ÔÚ‰›
 00055840  4B 11 BB 55 14 20 5C 55 FF 95 2F D9 76 7D 35 47  K.»U. \Uÿ•/Ùv}5G
 00055850  B7 0D CE C0 C3 EE 60 39 76 91 85 E1 57 AB 86 59  ·.ÎÀÃî`9v‘…áW«†Y
 00055860  1F 6F 02 C5 4A E4 2C D6 CA 30 CE E5 9B F1 9E 04  .o.ÅJä,ÖÊ0Îå›ñž.

== Signature for TROPTRNS.DAT ==

Decrypt TROPTRNS.DAT and take 160 bytes starting from offset 0x170. This is your TROPTRNS.DAT signature and it uses the format mentioned above. A RSA modulus started with 3C 1C... inside np_trophy_util.prx.

===== Keys =====
====== ? ======
 Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F                    example 4.45 CEX/Retail
 000556E0  A8 AB D9 BC 89 46 46 2B B9 C8 8D 4C 07 ED 22 8B  ¨«Ù¼‰FF+¹È.L.í"‹
 000556F0  27 A4 E3 67 15 B0 42 89 8F BC CD C4 1A 02 E5 B0  '¤ãg.°B‰.¼ÍÄ..å°
 00055700  A5 F5 AC F7 99 12 45 58 97 19 36 00 BC 66 5F 95  ¥õ¬÷™.EX—.6.¼f_•
 00055710  A5 AA 47 84 94 4C 48 6A AA 75 7D D0 73 1D 28 D7  ¥ªG„”LHjªu}Ðs.(×
====== RSA modulus ======
 Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F                    example 4.45 CEX/Retail
 000555E0  3C 1C 00 AC F2 9C F5 E7 57 0B 80 4D 82 1C 17 57  <..¬òœõçW.€M‚..W
 000555F0  5E 00 A9 6A 37 4F BF 5C 30 7E C3 EA BB 61 15 7E  ^.©j7O¿\0~Ãê»a.~
 00055600  53 B2 0A 50 B6 86 D0 84 D4 C5 E5 28 EF AD BA 5B  S².P¶†Ð„ÔÅå(ïº[
 00055610  DE 69 2C E9 97 02 AA C4 5F E5 1E F4 2D 94 A1 A9  Þi,é—.ªÄ_å.ô-”¡©
 00055620  C8 EE 8A DF 10 F4 A1 34 66 0D 18 01 4E 44 4C 46  ÈîŠß.ô¡4f...NDLF
 00055630  34 7B BA 58 4E 75 72 F9 7F DE 0E 04 51 ED A0 5C  4{ºXNurù.Þ..Qí \
 00055640  D9 44 31 97 04 AD C3 E8 14 57 4E 52 94 2E 1D 25  ÙD1—.Ãè.WNR”..%
 00055650  EA D1 2C 1C D5 EA 95 F9 CE 8A 7F 56 1F 08 EC 50  êÑ,.Õê•ùÎŠ.V..ìP

===== TROPUSR.DAT =====
Stores data related with the unlocked trophies for this specific game, included timestamps when the trophy was unlocked, etc...

The file is updated every time a trophy is unlocked, and at the same time the [[PARAM.PFD]] is updated to store the new signature

The file is encrypted, some tricks can be done to tamper with this files to unlock trophies, but consider the methods not perfect (they generates semi-corrupted files that can be considered valid under some circunstancies, but are corrupted in the end)

*Notes
**The trophies unlocked in a PS3 that has never been connected online doesnt contains timestamps, this is easy to identify by looking in the "trophy collection" in [[XMB]] under the individual trophies names if is displayed the date and time when this specific trophy was unlocked. Additionally the user accounts that has never been registered in PSN contains a dummy ACCOUNTID filled with zeroes, this dummy ACCOUNTID is stored in the [[PARAM.SFO#ACCOUNTID | PARAM.SFO]] of the trophies

===== Content information files =====
These are "multimedia" files, not critical and not protected in any way, for more information see: [[Content_Information_Files|Content Information Files]]

=== [[TROPHY.TRP|Trophy Installer]] ===

In blu-ray discs in path: bdvb/PS3_GAME/TROPDIR/[[PARAM.SFO#NPCOMMID|NPCOMMID]]/'''[[TROPHY.TRP]]'''. e.g: bdvb/PS3_GAME/TROPDIR/NPWR00001/TROPHY.TRP

In HDD games in path: ???

Installed in path: dev_hdd0/home/'''<user_id>'''/trohpy/[[PARAM.SFO#NPCOMMID|NPCOMMID]]

The first installation of a trophyset is always version '''01.00''' (inside the TROPCONF.SFM)... and is installed in the default path

To avoid corruption when a new trophyset for the same game is installed (e.g: by installing a game patch containing new trophyes), the system renames the previous install folder by adding a '''_BU_''' (its a '''B'''ack '''U'''p) before the name of the folder e.g: '''_BU_NPWR00001'''. Then the new trophyset is installed in the default path e.g: '''NPWR00001'''

Only 2 trophysets of the same game can be stored at any time, the older one is always inside the '''_BU_''' folder and the XMB only loads the one inside the default path (without '''_BU_''')

'''Contents'''

*TROPCONF.SFM
Source file used by the system to generate TROPUSR.DAT (or to be indexed in TROPSYS.DAT) ?

The format is similar than the installed TROPCONF.SFM but this one is a reduced version that only contains "trophy id's"

 <trophyconf version="1.1">
  <npcommid>NPWR00001_00</npcommid>
  <trophyset-version>01.00</trophyset-version>
  <parental-level license-area="default">0</parental-level>
  <trophy id="000" hidden="no" ttype="P" pid="-1"/>
  <trophy id="001" hidden="no" ttype="B" pid="000"/>
  <trophy id="002" hidden="no" ttype="B" pid="000"/>
  <trophy id="003" hidden="no" ttype="B" pid="000"/>
  <trophy id="004" hidden="no" ttype="B" pid="000"/>
  <trophy id="005" hidden="no" ttype="B" pid="000"/>
  <trophy id="006" hidden="no" ttype="B" pid="000"/>
  <trophy id="007" hidden="no" ttype="B" pid="000"/>
  <trophy id="008" hidden="no" ttype="B" pid="000"/>
  <trophy id="009" hidden="yes" ttype="S" pid="000"/>
  <trophy id="010" hidden="yes" ttype="G" pid="000"/>
 </trophyconf>

*TROP.SFM
Default language "trophyconf" file (with english texts in <name> and <detail>), used by the installer to generate TROPCONF.SFM

*TROP_'''xx'''.SFM (optionall)
Same than TROP.SFM but containing texts for other [[Languages]]

*ICON0.PNG, TROP'''xxx'''.PNG, and GR00'''x'''.PNG. See [[Content Information Files]]
ICON0.PNG is the main icon always visible in XMB
GR00'''x'''.PNG (optionall) is a subicon when trophies are grouped
TROP'''xxx'''.PNG is the icon for every trophy

==PSL1GHT and trophy's==
https://github.com/an0nym0u5/PSL1GHT/tree/master/ppu/include/np

==Trophy Points==
{| class="wikitable"
|-
! Game type 
! [[File:Trophy-platinum.png|20px]]Platinum (180 points) 
! [[File:Trophy-gold.png|20px]]Gold (90 points) 
! [[File:Trophy-silver.png|20px]]Silver (30 points) 
! [[File:Trophy-bronze.png|20px]]Bronze (15 points) 
! Points Max
|-
| Disc Game || {{yes}} || {{yes}} || {{yes}} || {{yes}} || 1230
|-
| PSN Game || {{no}} || ? || ? || ? || 315
|-
| Game expansions || {{no}} || ? || ? || ? || 200
|-
|}

*Required Number of Points per Level
**Level 1 = 0
**Level 2 = 200
**Level 3 = 600
**Level 4 = 1,200
**Level 5 = 2,400
**Level 6 = 4,000
**Level 7 = 6,000
**Level 8 = 8,000
**Level 9 = 10,000
**Level 10 = 12,000
**Level 11 = 14,000
**Level 12 = 16,000
**Level 13 = 24,000
**Level 14 = 32,000
**Level 15 = 40,000
**Level 16 = 48,000
**Level 17 = 56,000
**Level 18 = 64,000
**Level 19 = 70,000
**Level 20 and up = previous level plus 8,000

== Tools ==
<syntaxhighlight lang="python" enclose="div">
# (c) flatz

import sys, os, urllib2
import hashlib, hmac

from Crypto.Cipher import AES

def aes_encrypt_cbc(key, iv, input):
	aes = AES.new(key, AES.MODE_CBC, iv)
	output = aes.encrypt(input)
	return output

def aes_decrypt_cbc(key, iv, input):
	aes = AES.new(key, AES.MODE_CBC, iv)
	output = aes.decrypt(input)
	return output

def sha1_hmac(key, message):
	return hmac.new(key, message, digestmod=hashlib.sha1).digest()

# paste a HMAC key from np_trophy_util.prx here... hint:
#   C3A3A0...
hmac_key = 
'C3A3A0..........................................................................................................................'.decode('hex')

# paste an ERK from np_trophy_util.prx here... hint:
#   02499F...
keygen_erk = '02499F..........................'.decode('hex')
keygen_riv = '00000000000000000000000000000000'.decode('hex')

def build_url(np_comm_id, file_name, encrypted=False, env='np'):
	np_comm_id_hash = sha1_hmac(hmac_key, np_comm_id).encode('hex').upper()
	file_name_hash = sha1_hmac(hmac_key, '{0}/{1}'.format(np_comm_id, file_name)).encode('hex').upper()
	file_extension = os.path.splitext(file_name)[1]
	if encrypted:
		file_extension_parts = file_extension.rpartition('.')
		file_extension = file_extension_parts[1] + 'E' + file_extension_parts[2]
	return 'http://trophy01.{0}.community.playstation.net/trophy/{0}/{1}_{2}/{3}{4}'.format(env, np_comm_id, np_comm_id_hash, file_name_hash, file_extension)

def fetch_file_data(np_comm_id, file_name, encrypted=False, env='np'):
	file_url = build_url(np_comm_id, file_name, encrypted, env)
	connection = urllib2.urlopen(file_url)
	data = connection.read()
	if encrypted:
		data_erk = aes_encrypt_cbc(keygen_erk, keygen_riv, np_comm_id.ljust(16, '\x00'))
		data_riv = data[:16]
		data = aes_decrypt_cbc(data_erk, data_riv, data)[16:]
	return data

icon0_png_url = build_url('NPWR03612_00', 'ICON0.PNG')
trop_sfm_url = build_url('NPWR03612_00', 'TROP.SFM', True)
trop000_png_url = build_url('NPWR03612_00', 'TROP000.PNG')
trop_sfm = fetch_file_data('NPWR03612_00', 'TROP.SFM', True)

print 'ICON0.PNG:', icon0_png_url
print 'TROP.SFM:', trop_sfm_url
print 'TROP000.PNG:', trop000_png_url

print trop_sfm
</syntaxhighlight>

== Unlock Trophys ==
* https://github.com/darkautism/PS3TrophyIsGood
* http://www.mediafire.com/download/4650ncmu8ud2wcl/PS3TrophyIsGood.zip
* https://www.youtube.com/watch?v=Z0e14M3v8OM


{{File Formats}}<noinclude>[[Category:Main]]</noinclude>