NPDRM: Difference between revisions
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) No edit summary |
||
Line 5: | Line 5: | ||
See also [https://wiki.henkaku.xyz/vita/SceNpDrm]. | See also [https://wiki.henkaku.xyz/vita/SceNpDrm]. | ||
= PS3 NPDRM decryption steps = | = PS3 NPDRM SELF - SPRX decryption steps = | ||
Once the user is trying to start a [[SELF File Format and Decryption|SELF]], the [[VSH|vsh]] looks for the [[SELF_File_Format_and_Decryption#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_File_Format_and_Decryption#Supplemental_Header_Table|NPDRM info]] is located. From this NPD header the vsh gets the [[NPDRM_Selfs#License_Type]]. | Once the user is trying to start a [[SELF File Format and Decryption|SELF]], the [[VSH|vsh]] looks for the [[SELF_File_Format_and_Decryption#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_File_Format_and_Decryption#Supplemental_Header_Table|NPDRM info]] is located. From this NPD header the vsh gets the [[NPDRM_Selfs#License_Type]]. | ||
Using the RIF_KEY with the [[Keys#RIF.27s_act.dat_index_decryption_key|act.dat index decryption key]], it will obtain the actdatIndex, | If a Network Licensed content is to be loaded, the vsh loads the act.dat and the .rif associated to the content (will download .rif to vsh process memory). | ||
For Local License content too, the vsh locates a file with the same CONTENT ID than in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat). | |||
If a Free content (no license check: no need for .rif/act.dat) is detected then a [[Keys#klic_free_key|generic klicense]] will be use for further steps (go to LV2). | |||
Using the RIF_KEY with the [[Keys#RIF.27s_act.dat_index_decryption_key|act.dat index decryption key]], it will obtain the actdatIndex, then the execution passes to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]]. | |||
This function has different parameters depending of the License Type: | This function has different parameters depending of the License Type: | ||
Line 20: | Line 26: | ||
The lv2 keeps a memory table with contentID and the associated key: | The lv2 keeps a memory table with contentID and the associated key: | ||
* | *Licensed content: the encrypted klicensee is converted to the klicensee (by using a [[Keys#klicensee_constant|constant value on lv2]], [[IDPS|IDPS]] and the act.dat) and once transformed it is stored in memory table. | ||
* | *Free content: copies the titleID and the generic klicensee to the table. | ||
From there, the lv1 hypervisor by loading [[Hypervisor_Reverse_Engineering#appldr|Appldr]], will transform (again) this key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer to start the [[SELF - SPRX]] decryption. | From there, the lv1 hypervisor by loading [[Hypervisor_Reverse_Engineering#appldr|Appldr]], will transform (again) this key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer to start the [[SELF - SPRX]] decryption. | ||
Line 27: | Line 33: | ||
See also: | See also: | ||
*http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by '''Mysis''' | *http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by '''Mysis''' | ||
= PS3 NPDRM EDAT decryption steps = | |||
To document. | |||
= License Type = | = License Type = | ||
Line 34: | Line 44: | ||
! Value !! Type !! Remarks | ! Value !! Type !! Remarks | ||
|- | |- | ||
| 1 || Network License || | | 1 || Network License || | ||
|- | |- | ||
| 2 || Local License || | | 2 || Local License || | ||
|- | |- | ||
| 3 || Free || | | 3 || Free || | ||
|} | |} | ||
Revision as of 02:20, 26 December 2019
This article is marked for rewrite/restructuring in proper wiki format. You can help PS3 Developer wiki by editing it. |
The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page
See also [1].
PS3 NPDRM SELF - SPRX decryption steps
Once the user is trying to start a SELF, the vsh looks for the Program Identification Header. If the Program Type is NPDRM, then the NPDRM info is located. From this NPD header the vsh gets the NPDRM_Selfs#License_Type.
If a Network Licensed content is to be loaded, the vsh loads the act.dat and the .rif associated to the content (will download .rif to vsh process memory).
For Local License content too, the vsh locates a file with the same CONTENT ID than in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).
If a Free content (no license check: no need for .rif/act.dat) is detected then a generic klicense will be use for further steps (go to LV2).
Using the RIF_KEY with the act.dat index decryption key, it will obtain the actdatIndex, then the execution passes to LV2 Syscalls 471.
This function has different parameters depending of the License Type:
PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd); FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
- *PAID can also include free games/apps too but require this licensing check
The lv2 keeps a memory table with contentID and the associated key:
- Licensed content: the encrypted klicensee is converted to the klicensee (by using a constant value on lv2, IDPS and the act.dat) and once transformed it is stored in memory table.
- Free content: copies the titleID and the generic klicensee to the table.
From there, the lv1 hypervisor by loading Appldr, will transform (again) this key by using the klic_dec_key and finally remove the NPDRM layer to start the SELF - SPRX decryption.
See also:
- http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by Mysis
PS3 NPDRM EDAT decryption steps
To document.
License Type
Value | Type | Remarks |
---|---|---|
1 | Network License | |
2 | Local License | |
3 | Free |
Tools
|