Activation File: Difference between revisions
Jump to navigation
Jump to search
CelesteBlue (talk | contribs) No edit summary |
|||
| Line 1: | Line 1: | ||
== File Handling == | == File Handling == | ||
On 1.76, act.dat is loaded and updated by the SceShellCore process. | On 1.76, act.dat is loaded and updated by the [[SceShellCore]] process. | ||
Beyond 1.76, act.dat is loaded and updated | Beyond 1.76, act.dat is loaded and updated by the kernel. | ||
=== File Verification === | === File Verification === | ||
A | A HMAC-SHA256 digest of the entire act.dat file using the [[Device ID]] as key is stored in [[VTRM]] slot 0. | ||
<code>hmacsha256(sha256(sceKernelGetOpenPsIdForSystem()), act.dat)</code> (pseudo-code) | <code>hmac = hmacsha256(sha256(sceKernelGetOpenPsIdForSystem()), act.dat)</code> (pseudo-code) | ||
* <code>sceSblVtrmStoreNth(0x3800000000000010, hmac, 64, 0)</code> | VTRM is accessed by the sceSblVtrm* kernel functions with SceShellCore's authority-id (0x3800000000000010): | ||
* <code>sceSblVtrmRetrieveNth(0x3800000000000010, hmac, 64, 0)</code> | * <code>sceSblVtrmStoreNth(0x3800000000000010, hmac, 64, 0)</code> to write | ||
* <code>sceSblVtrmFreeNth(0x3800000000000010, 0)</code> | * <code>sceSblVtrmRetrieveNth(0x3800000000000010, hmac, 64, 0)</code> to read | ||
* <code>sceSblVtrmFreeNth(0x3800000000000010, 0)</code> to clear | |||
This prevents easily adding or replacing the act.dat file directly. This HMAC has to be updated when moving act.dat to prevent the act.dat file from being deleted when adding or replacing it. | |||
This prevents easily adding or replacing the act.dat file directly. | |||
== File == | == File == | ||
Latest revision as of 21:51, 25 December 2024
File Handling[edit | edit source]
On 1.76, act.dat is loaded and updated by the SceShellCore process.
Beyond 1.76, act.dat is loaded and updated by the kernel.
File Verification[edit | edit source]
A HMAC-SHA256 digest of the entire act.dat file using the Device ID as key is stored in VTRM slot 0.
hmac = hmacsha256(sha256(sceKernelGetOpenPsIdForSystem()), act.dat) (pseudo-code)
VTRM is accessed by the sceSblVtrm* kernel functions with SceShellCore's authority-id (0x3800000000000010):
sceSblVtrmStoreNth(0x3800000000000010, hmac, 64, 0)to writesceSblVtrmRetrieveNth(0x3800000000000010, hmac, 64, 0)to readsceSblVtrmFreeNth(0x3800000000000010, 0)to clear
This prevents easily adding or replacing the act.dat file directly. This HMAC has to be updated when moving act.dat to prevent the act.dat file from being deleted when adding or replacing it.
File[edit | edit source]
An act.dat file is made up of 1 to 21 sequential activation structures.
The file is truncated to valid activation structures, so its size will be a multiple of 512.
Activation structure (Universal)[edit | edit source]
Fields are big-endian.
| Name | Offset | Size | Example | Remark |
|---|---|---|---|---|
| Signature | 0x000 |
4 | 41 43 54 00 ('ACT\0')
| |
| Version | 0x004 |
2 | 00 01 |
1 , 2 or 3 |
| Type | 0x006 |
2 | 00 02 |
2 or 3 |
| PSN Account ID | 0x008 |
8 | AB CD EF 01 02 34 78 91 |
|
| Start Timestamp | 0x010 |
8 | 00 00 00 00 52 85 64 00 |
Start timestamp (unix/epoch) |
| End Timestamp | 0x018 |
8 | 7F FF FF FF FF FF FF FF |
End timestamp (unix/epoch), typically INT64_MAX |
| Unknown | 0x020 |
64 | - | |
| DeviceId (OpenPsId SHA256 Hash) | 0x060 |
32 | - | sha256(sceKernelGetOpenPsIdForSystem()) (pseudo-code)
|
| Unknown | 0x080 |
32 | - | Found to match exactly for different users and consoles. Maybe system version SHA256 hash? |
| RIF Secret Encryption IV | 0x0A0 |
16 | - | See rif |
| RIF Secret Encryption Key Seed | 0x0B0 |
16 | - | Used to decrypt rif secret (KDS RIF only) |
| RIF Secret Encryption Key Seed for Version 2 | 0x0C0 |
16 | - | Used to decrypt rif secret (KDS RIF only) (Version 2) |
| RIF Secret Encryption Key Seed for Version 3 | 0x0D0 |
16 | - | Used to decrypt rif secret (KDS RIF only) (Version 3) |
| Unknown | 0x0E0 |
32 | - | |
| RSA Signature | 0x100 |
256 | - | Verified using same public key as RIF type 0 |
