NPDRM: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 11: Line 11:
= PS3 NPDRM SELF - SPRX decryption steps =
= PS3 NPDRM SELF - SPRX decryption steps =


Once that the user is trying to start a [[SELF - SPRX|SELF]], the [[VSH|vsh]] looks for the [[SELF_-_SPRX#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_-_SPRX#Supplemental_Header_Table|Supplemental Header Table NPDRM header]] is located. From this [[NPD]] header the [[VSH|vsh]] gets the [[NPDRM_Selfs#License_Type]].
Once that the user is trying to start a [[SELF - SPRX]], the [[VSH]] looks for the [[SELF_-_SPRX#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_-_SPRX#Supplemental_Header_Table|Supplemental Header Table NPDRM header]] is located. From this [[NPD]] header the [[VSH]] gets the [[#DRM Type]].


If a Network Licensed content is to be loaded, the [[VSH|vsh]] loads the act.dat and the .rif associated to the content (will download .rif to vsh process memory).
If a Network DRM content is to be loaded, the [[VSH]] loads the act.dat and the .rif associated to the content (it will download .rif to VSH process memory).


For Local Licensed content too, the [[VSH|vsh]] locates a file with the same CONTENT ID as in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).
For Local DRM content too, the [[VSH]] locates a file with the same CONTENT ID as in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).


If a Free content (no license check: no need for .rif/act.dat) is detected then a [[Keys#klic_free_key|generic klicensee]] will be use for further steps (go to LV2).
If a Free DRM (DRM type 3) content is detected then there is no license check, no need for .rif/act.dat, and a generic klicensee [[Keys#NPDRM_Keys|klic_ps3_free]] will be used for further steps (go to LV2).


Using the RIF_KEY with the [[Keys#RIF.27s_act.dat_index_decryption_key|act.dat index decryption key]], it will obtain the actdatIndex, then the execution passes to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]].
Using the RIF_KEY with the [[Keys#NPDRM_Keys|np_act_data_index_dec_key]], it will obtain the actdatIndex, then the execution passes to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]]. This function has different parameters depending of the [[#DRM Type]]:
* Local/Network DRM content: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd); // is it titleID or content_id?
* Free DRM content: syscall471(npd.type, &npd.titleID, klic_ps3_free, NULL, NULL, npd.license, &npd); // is it titleID or content_id?


This function has different parameters depending of the License Type:
:<small>* Local DRM contents can also include free games/apps too but require this licensing check</small>
 
PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
 
:<small>*PAID can also include free games/apps too but require this licensing check</small>


The lv2 keeps a memory table with contentID and the associated key:
The lv2 keeps a memory table with contentID and the associated key:
*Licensed content: the encrypted klicensee is converted to the klicensee (by using a [[Keys#klicensee_constant|constant value on lv2]], [[IDPS]] and the act.dat) and once transformed it is stored in memory table.
* Local/Network DRM content: it converts by AES128 encryption the klicensee to another key (by using a [[Keys#NPDRM_Keys|klicensee_constant value on lv2]], [[IDPS]] and the act.dat) and once transformed it is stored in a memory table.
*Free content: copies the titleID and the generic klicensee to the table.
* Free DRM content: it copies the titleID and the generic klicensee (klic_ps3_free) to a memory table.


From there, the lv1 hypervisor by loading [[Hypervisor_Reverse_Engineering#appldr|Appldr]], will transform (again) this key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer to start the [[SELF - SPRX]] decryption.
From there, the lv1 hypervisor, by loading [[Hypervisor_Reverse_Engineering#appldr|appldr]], will transform the key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer to start the [[SELF - SPRX]] decryption.


= PS3 NPDRM EDAT decryption steps =
= PS3 NPDRM EDAT decryption steps =
Line 53: Line 50:
|-
|-
| 3 || Free || On PS3, it does not require any license file nor console activation (act.dat).
| 3 || Free || On PS3, it does not require any license file nor console activation (act.dat).
|-
| 0xD || "PS Vita Free" (guessed name) || Free but with license (.rif) requirement, unlike DRM Type 3.
|}
|}
NPDRM contents decryption requires a key, the key licensee or klicensee. Depending on the content's DRM type, klicensee is got in different ways:
* DRM type Network: klicensee is generated using rif + ?to detail?
* DRM type Local: klicensee is generated using act.dat + associated rif + console's IDPS
* DRM type Free: klicensee is the constant PS3 Free klicensee (see NPDRM [[Keys]] and appldr keys)
* DRM type "PS Vita Free": maybe same as Local: to check.


= Tools =
= Tools =

Revision as of 00:01, 9 February 2022

This article is marked for rewrite/restructuring in proper wiki format.
You can help PS3 Developer wiki by editing it.

The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page.

To merge on wiki:

See also PS Vita NPDRM and PSP NPDRM.

PS3 NPDRM SELF - SPRX decryption steps

Once that the user is trying to start a SELF - SPRX, the VSH looks for the Program Identification Header. If the Program Type is NPDRM, then the Supplemental Header Table NPDRM header is located. From this NPD header the VSH gets the #DRM Type.

If a Network DRM content is to be loaded, the VSH loads the act.dat and the .rif associated to the content (it will download .rif to VSH process memory).

For Local DRM content too, the VSH locates a file with the same CONTENT ID as in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).

If a Free DRM (DRM type 3) content is detected then there is no license check, no need for .rif/act.dat, and a generic klicensee klic_ps3_free will be used for further steps (go to LV2).

Using the RIF_KEY with the np_act_data_index_dec_key, it will obtain the actdatIndex, then the execution passes to LV2 Syscalls 471. This function has different parameters depending of the #DRM Type:

  • Local/Network DRM content: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd); // is it titleID or content_id?
  • Free DRM content: syscall471(npd.type, &npd.titleID, klic_ps3_free, NULL, NULL, npd.license, &npd); // is it titleID or content_id?
* Local DRM contents can also include free games/apps too but require this licensing check

The lv2 keeps a memory table with contentID and the associated key:

  • Local/Network DRM content: it converts by AES128 encryption the klicensee to another key (by using a klicensee_constant value on lv2, IDPS and the act.dat) and once transformed it is stored in a memory table.
  • Free DRM content: it copies the titleID and the generic klicensee (klic_ps3_free) to a memory table.

From there, the lv1 hypervisor, by loading appldr, will transform the key by using the klic_dec_key and finally remove the NPDRM layer to start the SELF - SPRX decryption.

PS3 NPDRM EDAT decryption steps

See EDAT files.

DRM Type

A temporary name was "License type".

Value Type Remarks
0 Debug Used in SDAT files.
1 Network It requires network authentication every time the content is launched. See inability example.
2 Local It requires first time activation online (paid content but also demo and free of charge content).
3 Free On PS3, it does not require any license file nor console activation (act.dat).
0xD "PS Vita Free" (guessed name) Free but with license (.rif) requirement, unlike DRM Type 3.

NPDRM contents decryption requires a key, the key licensee or klicensee. Depending on the content's DRM type, klicensee is got in different ways:

  • DRM type Network: klicensee is generated using rif + ?to detail?
  • DRM type Local: klicensee is generated using act.dat + associated rif + console's IDPS
  • DRM type Free: klicensee is the constant PS3 Free klicensee (see NPDRM Keys and appldr keys)
  • DRM type "PS Vita Free": maybe same as Local: to check.

Tools


SCE File Types
Certified File
NPDRM
NPDRM · App Types · ACT.DAT · RIF
PKG
EDAT
RCOXML
CXML
XMBML
XMB Config
DB Config
Databases
System Data
XMB Preload
Licences
 ·
Games/Apps
PS3
Emulators
Web
Unsorted
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=NPDRM&oldid=65286"