SLB2: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
No edit summary
Line 44: Line 44:
=== SLB PUP Files ===
=== SLB PUP Files ===
These files are contained inside of SLB2 containers. They contain data pertaining to system firmware.
These files are contained inside of SLB2 containers. They contain data pertaining to system firmware.
All inner pup files begin with the same bytes:


  '''Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F'''
You are able to decrypt inner pup files using the follow keys:
  00000000 4F 15 3D 1D 00 01 01 12 04 00 00 00              O.=.........
  erk    = DB7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E063 0CB9AB2D215865878A
 
  riv    = C9205F46F6021697E670F13DFA726212
 
  pub    = A8FD6DB24532D094EFA08BD35C9A72287D905C6B27B42B E4AB925AAF4AFFF34D41EEB54DD128700D
After that the bytes begin to differentiate. It could be a file count, or a hash used later on to decrypt the inner pup files.
priv  = 001AD976FCDE86F5B8F63453EF3A7F94E861975BA3
ctype  = 30


1st 40 bytes are encrypted with aes-256-cbc and the result is used as erk and riv for the next 240 bytes.now that is decrypted through aes-128-ctr and now you can find the location for encrypted sections+hmac key+erk/riv keys
the rest sections are also encrypted with aes-128-ctr


{{Software}}
{{Software}}
<noinclude>[[Category:Main]]</noinclude>
<noinclude>[[Category:Main]]</noinclude>

Revision as of 03:15, 23 March 2014

SLB2 structure

PS4 SLB PUP container format - SKFU
 /* file structure of SLB goes as following, if unpacking make sure you use 64 bits little endian on windows os */
 typedef unsigned char u8;
 typedef unsigned long int u32;
 typedef unsigned long long int u64;
 
 typedef struct{
 	u32 offset; //1 block is headersize (512 padded)
 	u32 cryptSize;
 	u64 reserved; //probably file alignment
 	u8 fileName[32];
 } fileEntry;
 
 typedef struct{
 	u32 magic; //SLB2
 	u64 version; //1
 	u32 fileCount;
 	u32 blockCount;
 	u8 reserved[12];
 	fileEntry files[10];
 } ps4pup;

SLB2 files to play with

1.500.000:

* https://mega.co.nz/#!WE8zUAyb!ZuZy5Vxrd4eCc4bTvFW_ZC7lu7Ub0tcdyE08xbJtrok (Main)

1.501.000 :

Unpacking

SLB PUP Files

These files are contained inside of SLB2 containers. They contain data pertaining to system firmware.

You are able to decrypt inner pup files using the follow keys:

erk    = DB7A24EC38BDB45B98CCD7D363EA2AF0C326E65081E063 0CB9AB2D215865878A
riv    = C9205F46F6021697E670F13DFA726212
pub    = A8FD6DB24532D094EFA08BD35C9A72287D905C6B27B42B E4AB925AAF4AFFF34D41EEB54DD128700D
priv   = 001AD976FCDE86F5B8F63453EF3A7F94E861975BA3
ctype  = 30

1st 40 bytes are encrypted with aes-256-cbc and the result is used as erk and riv for the next 240 bytes.now that is decrypted through aes-128-ctr and now you can find the location for encrypted sections+hmac key+erk/riv keys the rest sections are also encrypted with aes-128-ctr