NPDRM: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
Line 5: Line 5:
See also [https://wiki.henkaku.xyz/vita/SceNpDrm].
See also [https://wiki.henkaku.xyz/vita/SceNpDrm].


= Introduction =
= PS3 NPDRM decryption steps =


Once the user is trying to start a [[SELF File Format and Decryption|SELF]], the [[VSH|vsh]] looks for the [[SELF_File_Format_and_Decryption#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_File_Format_and_Decryption#Supplemental_Header_Table|NPDRM info]] is located. From this NPD header the vsh gets the [[NPDRM_Selfs#License_Types]].
Once the user is trying to start a [[SELF File Format and Decryption|SELF]], the [[VSH|vsh]] looks for the [[SELF_File_Format_and_Decryption#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_File_Format_and_Decryption#Supplemental_Header_Table|NPDRM info]] is located. From this NPD header the vsh gets the [[NPDRM_Selfs#License_Type]].
 
{| class="wikitable sortable"
|-
! Value !! Type !! Remarks
|-
| 1 || Network License || If a remote paid content is to be loaded, the vsh loads the act.dat and the rif associated to the content (will download to vsh process memory).
|-
| 2 || Local License || For this paid content too, the vsh locate a file with the same title id on NPD element (CONTENT_ID), then the signature is checked (last 0x28 bytes of both RIF and act.dat).
|-
| 3 || Free || If a free content (no license check: no need for rif/act.dat) is detected then a [[Keys#klic_free_key|generic klicense]] will be use for further steps (go to LV2).
|}


Using the RIF_KEY with the [[Keys#RIF.27s_act.dat_index_decryption_key|act.dat index decryption key]], it will obtain the actdatIndex, and finally having the actDat key index, the execution pass to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]].
Using the RIF_KEY with the [[Keys#RIF.27s_act.dat_index_decryption_key|act.dat index decryption key]], it will obtain the actdatIndex, and finally having the actDat key index, the execution pass to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]].
Line 38: Line 27:
See also:
See also:
*http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by '''Mysis'''
*http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by '''Mysis'''
= License Type =
{| class="wikitable sortable"
|-
! Value !! Type !! Remarks
|-
| 1 || Network License || If a remote paid content is to be loaded, the vsh loads the act.dat and the rif associated to the content (will download to vsh process memory).
|-
| 2 || Local License || For this paid content too, the vsh locate a file with the same title id on NPD element (CONTENT_ID), then the signature is checked (last 0x28 bytes of both RIF and act.dat).
|-
| 3 || Free || If a free content (no license check: no need for rif/act.dat) is detected then a [[Keys#klic_free_key|generic klicense]] will be use for further steps (go to LV2).
|}


= Tools =
= Tools =

Revision as of 19:50, 25 December 2019

The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page

See also [1].

PS3 NPDRM decryption steps

Once the user is trying to start a SELF, the vsh looks for the Program Identification Header. If the Program Type is NPDRM, then the NPDRM info is located. From this NPD header the vsh gets the NPDRM_Selfs#License_Type.

Using the RIF_KEY with the act.dat index decryption key, it will obtain the actdatIndex, and finally having the actDat key index, the execution pass to LV2 Syscalls 471.

This function has different parameters depending of the License Type:

PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
*PAID can also include free games/apps too but require this licensing check

The lv2 keeps a memory table with contentID and the associated key:

  • Paid content: the rif.key is converted to the klicensee (by using a constant value on lv2, IDPS and the act.dat) and once transformed it is stored on memory table.
  • free content: copies the titleID and the generic klicensee to the table.

From there, the lv1 hypervisor by loading Appldr, will transform (again) this key by using the klic_dec_key and finally remove the NPDRM layer to start the SELF - SPRX decryption.

See also:

License Type

Value Type Remarks
1 Network License If a remote paid content is to be loaded, the vsh loads the act.dat and the rif associated to the content (will download to vsh process memory).
2 Local License For this paid content too, the vsh locate a file with the same title id on NPD element (CONTENT_ID), then the signature is checked (last 0x28 bytes of both RIF and act.dat).
3 Free If a free content (no license check: no need for rif/act.dat) is detected then a generic klicense will be use for further steps (go to LV2).

Tools