NPDRM: Difference between revisions
Jump to navigation
Jump to search
m (wikify) |
m (wikify) |
||
| Line 1: | Line 1: | ||
[[Category:Software]]{{Wikify}} | [[Category:Software]]{{Wikify}} | ||
'''The info on this page is an extract of talk page, conversations and forum posts, please digest the info and move it this page''' | '''The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it this page''' | ||
Once the [[VSH|vsh]] detects that user is trying to start a [[SELF File Format and Decryption|SELF]], it looks for the [[SELF_File_Format_and_Decryption#App_Info|appinfo header type]]. If the [[SELF_Types|type is 8]], then the [[SELF_File_Format_and_Decryption#Control_Information|control digest element type 3]] (NPD element) is located. From this NPD header the vsh gets the [[License Types]] (network license, local or free). | Once the [[VSH|vsh]] detects that user is trying to start a [[SELF File Format and Decryption|SELF]], it looks for the [[SELF_File_Format_and_Decryption#App_Info|appinfo header type]]. If the [[SELF_Types|type is 8]], then the [[SELF_File_Format_and_Decryption#Control_Information|control digest element type 3]] (NPD element) is located. From this NPD header the vsh gets the [[License Types]] (network license, local or free). | ||
*'''Network License''' (type | *'''Network License''' (type 1): if a remote paid content is to be loaded, the vsh loads the act.dat and the rif associated to the content (will download to vsh process memory). | ||
*'''Local''' (type | *'''Local''' (type 2): For this paid content too, the vsh locate a file with the same title id on NPD element (CONTENT_ID), then the signature is checked (last 0x28 bytes of both RIF and act.dat). | ||
*'''Free''' (type | *'''Free''' (type 3): if a free content (no license check) is detected then a [[Keys#klic_free_key|generic klicense]] will be use for further steps (go to LV2). | ||
Using the RIF_KEY it will obtain the actdatIndex, and finally having the actDat key index the execution pass to LV2 | Using the RIF_KEY it will obtain the actdatIndex, and finally having the actDat key index the execution pass to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471.]] | ||
This function has different parameters depending if the content is debug, paid (type 1 & 2) or free (type 3): | |||
PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd); | |||
FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd); | |||
:<small>*PAID can also include free games/apps too but require this licensing check</small> | |||
The lv2 keeps a memory table with contentID and the associated key: | |||
*Paid content: the rif.key is converted to the klicensee (by using a constant value on lv2, [[IDPS|IDPS]] and the act.dat) and once transformed it is stored on memory table. | |||
*free content: copies the titleID and the klicensee to the table. | |||
From there, the lv1 hypervisor by loading [[Hypervisor_Reverse_Engineering#appldr|Appldr]], will transform (again) this key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer for start the SELF decryption. | |||
==act.dat header(encrypted) structure== | ==act.dat header(encrypted) structure== | ||
| Line 39: | Line 53: | ||
==rif | ==rif file(encrypted) structure== | ||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
Revision as of 19:54, 28 September 2013
| This article is marked for rewrite/restructuring in proper wiki format. You can help PS3 Developer wiki by editing it. |
The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it this page
Once the vsh detects that user is trying to start a SELF, it looks for the appinfo header type. If the type is 8, then the control digest element type 3 (NPD element) is located. From this NPD header the vsh gets the License Types (network license, local or free).
- Network License (type 1): if a remote paid content is to be loaded, the vsh loads the act.dat and the rif associated to the content (will download to vsh process memory).
- Local (type 2): For this paid content too, the vsh locate a file with the same title id on NPD element (CONTENT_ID), then the signature is checked (last 0x28 bytes of both RIF and act.dat).
- Free (type 3): if a free content (no license check) is detected then a generic klicense will be use for further steps (go to LV2).
Using the RIF_KEY it will obtain the actdatIndex, and finally having the actDat key index the execution pass to LV2 Syscalls 471.
This function has different parameters depending if the content is debug, paid (type 1 & 2) or free (type 3):
PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd); FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
- *PAID can also include free games/apps too but require this licensing check
The lv2 keeps a memory table with contentID and the associated key:
- Paid content: the rif.key is converted to the klicensee (by using a constant value on lv2, IDPS and the act.dat) and once transformed it is stored on memory table.
- free content: copies the titleID and the klicensee to the table.
From there, the lv1 hypervisor by loading Appldr, will transform (again) this key by using the klic_dec_key and finally remove the NPDRM layer for start the SELF decryption.
act.dat header(encrypted) structure
| Name | Offset | Size | Example | Remark |
| Version Number | 0x0 | 0x4 | 00000001 | |
| License Type | 0x4 | 0x4 | 00000001 | |
| User Number | 0x8 | 0x8 | N.A | |
| KeyTable Retail | 0x10 | 0x800 | N.A | |
| KeyTable Debug? | 0x810 | 0x800 | N.A | |
| Signature | 0x1010 | 0x28 | N.A |
rif file(encrypted) structure
| Name | Offset | Size | Example | Remark |
| Version Number | 0x0 | 0x4 | 00 00 00 01 | |
| License Type | 0x4 | 0x4 | 00 01 00 02 | |
| User Number | 0x8 | 0x8 | 00 00 00 00 00 00 00 02 | Used on Rap2Rif header |
| CONTENT ID | 0x10 | 0x30 | N.A | Content ID |
| Random Padding | 0x40 | 0xC | N.A | |
| act.dat index key | 0x4C | 0x4 | N.A | |
| encrypted klic | 0x50 | 0x10 | N.A | |
| bought on/ start | 0x60 | 0x8 | 00 00 01 2F 41 5C 00 00 | For human readable, convert to decimal and use one Epoch-Unix converter time format online. |
| expires in | 0x68 | 0x8 | 00 00 00 00 00 00 00 00 | If zeroed,-, there is no time limit. Used on PS+ for example. |
| Signature | 0x70 | 0x28 | 11 | Patched on some cfw. See Rif_Junk on Rap2Rif by Flatz |