EDAT files: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
CelesteBlue (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
{{Wikify}} | {{Wikify}} | ||
=Info on the talk page= | = Info on the talk page = | ||
'''Info on the talk page''': please digest the info and move it here''' | '''Info on the talk page''': please digest the info and move it here''' | ||
'''The info on this page is an extract of conversations, forum posts and from the talk page. | '''The info on this page is an extract of conversations, forum posts and from the talk page. | ||
===Decryption | === EDAT Decryption === | ||
EDAT decryption requires a key, the klicensee. Depending on the license type, klicensee is got in different ways: | |||
* License type Local: act.dat + rif + idps combo | |||
* License type Free: constant npdrm1 klicensee (see NPDRM Keys and appldr keys) | |||
===== Structure (Encrypted Format) ===== | |||
{| class="wikitable" style="text-align: center;" | {| class="wikitable" style="text-align: center;" | ||
|- | |- | ||
| Line 36: | Line 26: | ||
! rowspan="19" | Header | ! rowspan="19" | Header | ||
|- | |- | ||
| 0x00 | | 0x00 || magic || 4 || char[4] ||"NPD\0" (4E 50 44 00) | ||
|- | |- | ||
| 0x04 | | 0x04 || version || 4 || uint32_t || | ||
*01 | *01 | ||
*02 | *02 | ||
| Line 44: | Line 34: | ||
*04 | *04 | ||
|- | |- | ||
| 0x08 | | 0x08 || [[License_Types|License Types]] || 4 || uint32_t || For PS2 EDAT, the FW requires it to be with activation (also a.k.a. Paid content paired with your individual data) | ||
for [[PKG_files#Misc.2FNote|PS1 PKG]], the FW 4.00 introduced some changes for installing them with regard to the EDAT license type. | for [[PKG_files#Misc.2FNote|PS1 PKG]], the FW 4.00 introduced some changes for installing them with regard to the EDAT license type. | ||
|- | |- | ||
| 0x0C | | 0x0C || [[App Types|Application Type]] || 4 || uint32_t || | ||
|- | |- | ||
| 0x10 | | 0x10 || [[PARAM.SFO#CONTENT_ID|CONTENT ID]] || 0x30 || uint8_t[0x30] || Content ID (with padding to fit 48 bytes) | ||
|- | |- | ||
| 0x40 | | 0x40 || Digest || 0x10 || uint8[0x10] || QA digest (seems like to be a SHA-1 hash of the non-finalized file): hash of the original data which is unknown until the whole file is read, so it cannot be used as a check, however it can be used as watermark or zeroed on forged file. | ||
|- | |- | ||
| 0x50 | | 0x50 || NPD hash 1 || 0x10 || uint8_t[0x10] || CID-FN hash. It is an AES-CMAC hash of concatenation of Content ID (48 bytes) and EDAT file name (eg MINIS.EDAT) using the third [[Keys#NPDRM_OMAC_Keys|NPDRM OMAC key]] as AES-CMAC key). Example: aes_cmac(55 50 30 35 37 36 2D 4E 50 55 5A 30 30 31 34 39 5F 30 30 2D 56 41 4E 47 55 41 52 44 32 30 30 30 30 30 30 31 00 00 00 00 00 00 00 00 00 00 00 00 4D 49 4E 49 53 2E 45 44 41 54, npd_cid_fn_hash_omac_key). | ||
|- | |- | ||
| 0x60 | | 0x60 || NPD hash 2 || 0x10 || uint8_t[0x10] || header hash (an AES CMAC hash of the 0x60 bytes from the beginning of the file using xored bytes of the developer's klicensee and the second [[Keys#NPDRM_OMAC_Keys|NPDRM OMAC key]] as AES-CMAC key) | ||
|- | |- | ||
| 0x70 | | 0x70 || Activation time || 8 || ?64-bit time? || Start of the validity period, filled with 00 if not used. | ||
|- | |- | ||
| 0x78 | | 0x78 || Activation time || 8 || ?64-bit time? || End of the validity period, filled with 00 if not used. | ||
|- | |- | ||
| 0x80 | | 0x80 || NPD type || 1 || ?uint8_t? || (separated from Metadata type for wiki format) | ||
*00 Finalized EDAT | *00: Finalized EDAT | ||
*01 Finalized SDAT | *01: Finalized SDAT | ||
*80 Non Finalized EDAT | *80: Non Finalized EDAT | ||
*81 Non Finalized SDAT | *81: Non Finalized SDAT | ||
|- | |- | ||
| 0x81 | | 0x81 || Metadata type || 3 || ?uint8_t[3]? || (Outdated Flags description from talk page) | ||
*00 | *00 | ||
*01 Compressed? | *01: Compressed? | ||
*02 Plain text? | *02: Plain text? | ||
*03 Compressed plain text? | *03: Compressed plain text? | ||
*05 Compressed? | *05: Compressed? | ||
*06 Plain text? | *06: Plain text? | ||
*07 Compressed plain text? | *07: Compressed plain text? | ||
*0C ? | *0C: ? | ||
*0D Compressed data? | *0D: Compressed data? | ||
*3C | *3C: Data/misc? | ||
|- | |- | ||
| 0x84 | | 0x84 || Segment size || 4 || uint32_t || Default block is 16 KB (16384 bytes) = 0x4000, max is 0x8000. | ||
|- | |- | ||
| 0x88 | | 0x88 || Data size || 8 || uint64_t || Decoded data size. | ||
|- | |- | ||
| 0x90 | | 0x90 || Meta data sections hash || 0x10 || uint8_t[0x10] || | ||
|- | |- | ||
| 0xA0 | | 0xA0 || Extended header hash || 0x10 || uint8_t[0x10] || An AES-CMAC hash of 160 bytes from the beginning of file. It uses the hash key as AES-CMAC key and it depends on the file flags and keys. | ||
|- | |- | ||
| 0xB0 | | 0xB0 || ECDSA Metadata signature || 0x28 || uint8_t[0x28] || Can be zeroed on forged file. curve_type is vsh type 0x02, pub is vsh public key, | ||
|- | |- | ||
| 0xD8 | | 0xD8 || ECDSA Header signature || 0x28) || uint8_t[0x28] || Enabled (only?) for PS2 classic: all custom firmwares are patched to skip the ECDSA check. Can be zeroed on forged file. curve_type is vsh type 2, pub is vsh public key. | ||
|- | |- | ||
! colspan=6 | | ! colspan=6 | | ||
| Line 95: | Line 85: | ||
! rowspan="3" | Body | ! rowspan="3" | Body | ||
|- | |- | ||
| 0x100 | | 0x100 || Encrypted file || Variable || uint8_t[variable] || The file is encrypted using an AES algorithm in CBC mode. | ||
|- | |- | ||
| 0x** | | 0x** || Padding || Variable || uint8_t[variable] || Aligned on ?? bytes. | ||
|} | |} | ||
=====Footer Structure (Encrypted Format)===== | ===== Footer Structure (Encrypted Format) ===== | ||
{| class="wikitable" style="text-align: center;" | {| class="wikitable" style="text-align: center;" | ||
|- | |- | ||
! Description || Size || Notes | ! Description || Size || Notes | ||
|- | |- | ||
| Name | | Name || 5 || "EDATA" or "SDATA" | ||
|- | |- | ||
| Space | | Space character || 1 || ' ' = 0x20 | ||
|- | |- | ||
| Tool Version || 8 || | | Tool Version || 8 || | ||
| Line 120: | Line 111: | ||
*Version 4: "4.0.0.W " | *Version 4: "4.0.0.W " | ||
|- | |- | ||
| | | Padding || 2 || 00 00 | ||
|} | |} | ||
{{File Formats}} | {{File Formats}}<noinclude>[[Category:Main]]</noinclude> | ||
<noinclude>[[Category:Main]]</noinclude> | |||
Revision as of 01:04, 4 February 2022
| This article is marked for rewrite/restructuring in proper wiki format. You can help PS3 Developer wiki by editing it. |
Info on the talk page
Info on the talk page: please digest the info and move it here
The info on this page is an extract of conversations, forum posts and from the talk page.
EDAT Decryption
EDAT decryption requires a key, the klicensee. Depending on the license type, klicensee is got in different ways:
- License type Local: act.dat + rif + idps combo
- License type Free: constant npdrm1 klicensee (see NPDRM Keys and appldr keys)
Structure (Encrypted Format)
| Offset | Name | Size | Type | Notes | |
|---|---|---|---|---|---|
| Header | |||||
| 0x00 | magic | 4 | char[4] | "NPD\0" (4E 50 44 00) | |
| 0x04 | version | 4 | uint32_t |
| |
| 0x08 | License Types | 4 | uint32_t | For PS2 EDAT, the FW requires it to be with activation (also a.k.a. Paid content paired with your individual data)
for PS1 PKG, the FW 4.00 introduced some changes for installing them with regard to the EDAT license type. | |
| 0x0C | Application Type | 4 | uint32_t | ||
| 0x10 | CONTENT ID | 0x30 | uint8_t[0x30] | Content ID (with padding to fit 48 bytes) | |
| 0x40 | Digest | 0x10 | uint8[0x10] | QA digest (seems like to be a SHA-1 hash of the non-finalized file): hash of the original data which is unknown until the whole file is read, so it cannot be used as a check, however it can be used as watermark or zeroed on forged file. | |
| 0x50 | NPD hash 1 | 0x10 | uint8_t[0x10] | CID-FN hash. It is an AES-CMAC hash of concatenation of Content ID (48 bytes) and EDAT file name (eg MINIS.EDAT) using the third NPDRM OMAC key as AES-CMAC key). Example: aes_cmac(55 50 30 35 37 36 2D 4E 50 55 5A 30 30 31 34 39 5F 30 30 2D 56 41 4E 47 55 41 52 44 32 30 30 30 30 30 30 31 00 00 00 00 00 00 00 00 00 00 00 00 4D 49 4E 49 53 2E 45 44 41 54, npd_cid_fn_hash_omac_key). | |
| 0x60 | NPD hash 2 | 0x10 | uint8_t[0x10] | header hash (an AES CMAC hash of the 0x60 bytes from the beginning of the file using xored bytes of the developer's klicensee and the second NPDRM OMAC key as AES-CMAC key) | |
| 0x70 | Activation time | 8 | ?64-bit time? | Start of the validity period, filled with 00 if not used. | |
| 0x78 | Activation time | 8 | ?64-bit time? | End of the validity period, filled with 00 if not used. | |
| 0x80 | NPD type | 1 | ?uint8_t? | (separated from Metadata type for wiki format)
| |
| 0x81 | Metadata type | 3 | ?uint8_t[3]? | (Outdated Flags description from talk page)
| |
| 0x84 | Segment size | 4 | uint32_t | Default block is 16 KB (16384 bytes) = 0x4000, max is 0x8000. | |
| 0x88 | Data size | 8 | uint64_t | Decoded data size. | |
| 0x90 | Meta data sections hash | 0x10 | uint8_t[0x10] | ||
| 0xA0 | Extended header hash | 0x10 | uint8_t[0x10] | An AES-CMAC hash of 160 bytes from the beginning of file. It uses the hash key as AES-CMAC key and it depends on the file flags and keys. | |
| 0xB0 | ECDSA Metadata signature | 0x28 | uint8_t[0x28] | Can be zeroed on forged file. curve_type is vsh type 0x02, pub is vsh public key, | |
| 0xD8 | ECDSA Header signature | 0x28) | uint8_t[0x28] | Enabled (only?) for PS2 classic: all custom firmwares are patched to skip the ECDSA check. Can be zeroed on forged file. curve_type is vsh type 2, pub is vsh public key. | |
| Body | |||||
| 0x100 | Encrypted file | Variable | uint8_t[variable] | The file is encrypted using an AES algorithm in CBC mode. | |
| 0x** | Padding | Variable | uint8_t[variable] | Aligned on ?? bytes. | |
| Description | Size | Notes |
|---|---|---|
| Name | 5 | "EDATA" or "SDATA" |
| Space character | 1 | ' ' = 0x20 |
| Tool Version | 8 |
|
| Padding | 2 | 00 00 |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
