EDAT files
Jump to navigation
Jump to search
| This article is marked for rewrite/restructuring in proper wiki format. You can help PS3 Developer wiki by editing it. |
Info on the talk page
Info on the talk page: please digest the info and move it here
The info on this page is an extract of conversations, forum posts and from the talk page.
EDAT Decryption
EDAT decryption requires a key, the klicensee. Depending on the license type, klicensee is got in different ways:
- License type Local: act.dat + rif + idps combo
- License type Free: constant npdrm1 klicensee (see NPDRM Keys and appldr keys)
Structure (Encrypted Format)
| Offset | Name | Size | Type | Notes | |
|---|---|---|---|---|---|
| Header | |||||
| 0x00 | magic | 4 | char[4] | "NPD\0" (4E 50 44 00) | |
| 0x04 | version | 4 | uint32_t | ex: 1, 2, 3, 4. See Footer for the precise packager version. | |
| 0x08 | License Types | 4 | uint32_t | For PS2 EDAT, the FW requires it to be with activation (also a.k.a. Paid content paired with your individual data)
for PS1 PKG, the FW 4.00 introduced some changes for installing them with regard to the EDAT license type. | |
| 0x0C | Application Type | 4 | uint32_t | ||
| 0x10 | CONTENT ID | 0x30 | uint8_t[0x30] | Content ID (with padding to fit 48 bytes) | |
| 0x40 | Digest | 0x10 | uint8[0x10] | QA digest (seems like to be a SHA-1 hash of the non-finalized file): hash of the original data which is unknown until the whole file is read, so it cannot be used as a check, however it can be used as watermark or zeroed on forged file. | |
| 0x50 | NPD hash 1 | 0x10 | uint8_t[0x10] | CID-FN hash. It is an AES-CMAC hash of concatenation of Content ID (48 bytes) and EDAT file name (eg MINIS.EDAT) using the third NPDRM OMAC key as AES-CMAC key). Example: aes_cmac(55 50 30 35 37 36 2D 4E 50 55 5A 30 30 31 34 39 5F 30 30 2D 56 41 4E 47 55 41 52 44 32 30 30 30 30 30 30 31 00 00 00 00 00 00 00 00 00 00 00 00 4D 49 4E 49 53 2E 45 44 41 54, npd_cid_fn_hash_omac_key). | |
| 0x60 | NPD hash 2 | 0x10 | uint8_t[0x10] | header hash (an AES CMAC hash of the 0x60 bytes from the beginning of the file using xored bytes of the developer's klicensee and the second NPDRM OMAC key as AES-CMAC key) | |
| 0x70 | Activation time | 8 | ?64-bit time? | Start of the validity period, filled with 00 if not used. | |
| 0x78 | Activation time | 8 | ?64-bit time? | End of the validity period, filled with 00 if not used. | |
| 0x80 | NPD type | 1 | ?uint8_t? | (separated from Metadata type for wiki format)
| |
| 0x81 | Metadata type | 3 | ?uint8_t[3]? | (Outdated Flags description from talk page)
| |
| 0x84 | Segment size | 4 | uint32_t | Default block is 16 KB (16384 bytes) = 0x4000, max is 0x8000. | |
| 0x88 | Data size | 8 | uint64_t | Decoded data size. | |
| 0x90 | Meta data sections hash | 0x10 | uint8_t[0x10] | ||
| 0xA0 | Extended header hash | 0x10 | uint8_t[0x10] | An AES-CMAC hash of 160 bytes from the beginning of file. It uses the hash key as AES-CMAC key and it depends on the file flags and keys. | |
| 0xB0 | ECDSA Metadata signature | 0x28 | uint8_t[0x28] | Can be zeroed on forged file. curve_type is vsh type 0x02, pub is vsh public key, | |
| 0xD8 | ECDSA Header signature | 0x28) | uint8_t[0x28] | Enabled (only?) for PS2 classic: all custom firmwares are patched to skip the ECDSA check. Can be zeroed on forged file. curve_type is vsh type 2, pub is vsh public key. | |
| Body | |||||
| 0x100 | Encrypted file | Variable | uint8_t[variable] | The file is encrypted using an AES algorithm in CBC mode. | |
| 0x** | Padding | Variable | uint8_t[variable] | Aligned on ?? bytes. | |
| Description | Size | Notes |
|---|---|---|
| Name | 5 | "EDATA" or "SDATA" |
| Space character | 1 | ' ' = 0x20 |
| Packager Version | 8 |
|
| Padding | 2 | 00 00 |
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
