NPDRM: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
Line 5: Line 5:
See also [https://wiki.henkaku.xyz/vita/SceNpDrm].
See also [https://wiki.henkaku.xyz/vita/SceNpDrm].


= PS3 NPDRM decryption steps =
= PS3 NPDRM SELF - SPRX decryption steps =


Once the user is trying to start a [[SELF File Format and Decryption|SELF]], the [[VSH|vsh]] looks for the [[SELF_File_Format_and_Decryption#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_File_Format_and_Decryption#Supplemental_Header_Table|NPDRM info]] is located. From this NPD header the vsh gets the [[NPDRM_Selfs#License_Type]].
Once the user is trying to start a [[SELF File Format and Decryption|SELF]], the [[VSH|vsh]] looks for the [[SELF_File_Format_and_Decryption#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_File_Format_and_Decryption#Supplemental_Header_Table|NPDRM info]] is located. From this NPD header the vsh gets the [[NPDRM_Selfs#License_Type]].


Using the RIF_KEY with the [[Keys#RIF.27s_act.dat_index_decryption_key|act.dat index decryption key]], it will obtain the actdatIndex, and finally having the actDat key index, the execution pass to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]].
If a Network Licensed content is to be loaded, the vsh loads the act.dat and the .rif associated to the content (will download .rif to vsh process memory).
 
For Local License content too, the vsh locates a file with the same CONTENT ID than in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).
 
If a Free content (no license check: no need for .rif/act.dat) is detected then a [[Keys#klic_free_key|generic klicense]] will be use for further steps (go to LV2).
 
Using the RIF_KEY with the [[Keys#RIF.27s_act.dat_index_decryption_key|act.dat index decryption key]], it will obtain the actdatIndex, then the execution passes to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]].


This function has different parameters depending of the License Type:
This function has different parameters depending of the License Type:
Line 20: Line 26:


The lv2 keeps a memory table with contentID and the associated key:
The lv2 keeps a memory table with contentID and the associated key:
*Paid content: the rif.key is converted to the klicensee (by using a [[Keys#klicensee_constant|constant value on lv2]], [[IDPS|IDPS]] and the act.dat) and once transformed it is stored on memory table.
*Licensed content: the encrypted klicensee is converted to the klicensee (by using a [[Keys#klicensee_constant|constant value on lv2]], [[IDPS|IDPS]] and the act.dat) and once transformed it is stored in memory table.
*free content: copies the titleID and the generic klicensee to the table.
*Free content: copies the titleID and the generic klicensee to the table.


From there, the lv1 hypervisor by loading [[Hypervisor_Reverse_Engineering#appldr|Appldr]], will transform (again) this key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer to start the [[SELF - SPRX]] decryption.
From there, the lv1 hypervisor by loading [[Hypervisor_Reverse_Engineering#appldr|Appldr]], will transform (again) this key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer to start the [[SELF - SPRX]] decryption.
Line 27: Line 33:
See also:
See also:
*http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by '''Mysis'''
*http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by '''Mysis'''
= PS3 NPDRM EDAT decryption steps =
To document.


= License Type =
= License Type =
Line 34: Line 44:
! Value !! Type !! Remarks
! Value !! Type !! Remarks
|-
|-
| 1 || Network License || If a remote paid content is to be loaded, the vsh loads the act.dat and the rif associated to the content (will download to vsh process memory).
| 1 || Network License ||
|-
|-
| 2 || Local License || For this paid content too, the vsh locate a file with the same title id on NPD element (CONTENT_ID), then the signature is checked (last 0x28 bytes of both RIF and act.dat).
| 2 || Local License ||
|-
|-
| 3 || Free || If a free content (no license check: no need for rif/act.dat) is detected then a [[Keys#klic_free_key|generic klicense]] will be use for further steps (go to LV2).
| 3 || Free ||
|}
|}



Revision as of 02:20, 26 December 2019

The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page

See also [1].

PS3 NPDRM SELF - SPRX decryption steps

Once the user is trying to start a SELF, the vsh looks for the Program Identification Header. If the Program Type is NPDRM, then the NPDRM info is located. From this NPD header the vsh gets the NPDRM_Selfs#License_Type.

If a Network Licensed content is to be loaded, the vsh loads the act.dat and the .rif associated to the content (will download .rif to vsh process memory).

For Local License content too, the vsh locates a file with the same CONTENT ID than in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).

If a Free content (no license check: no need for .rif/act.dat) is detected then a generic klicense will be use for further steps (go to LV2).

Using the RIF_KEY with the act.dat index decryption key, it will obtain the actdatIndex, then the execution passes to LV2 Syscalls 471.

This function has different parameters depending of the License Type:

PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
*PAID can also include free games/apps too but require this licensing check

The lv2 keeps a memory table with contentID and the associated key:

  • Licensed content: the encrypted klicensee is converted to the klicensee (by using a constant value on lv2, IDPS and the act.dat) and once transformed it is stored in memory table.
  • Free content: copies the titleID and the generic klicensee to the table.

From there, the lv1 hypervisor by loading Appldr, will transform (again) this key by using the klic_dec_key and finally remove the NPDRM layer to start the SELF - SPRX decryption.

See also:

PS3 NPDRM EDAT decryption steps

To document.

License Type

Value Type Remarks
1 Network License
2 Local License
3 Free

Tools