Activation File: Difference between revisions
m (Correct 2-byte value examples) |
mNo edit summary |
||
Line 21: | Line 21: | ||
This prevents easily adding or replacing the act.dat file directly. You will need to update this HMAC to prevent the act.dat file from being deleted when adding or replacing it. | This prevents easily adding or replacing the act.dat file directly. You will need to update this HMAC to prevent the act.dat file from being deleted when adding or replacing it. | ||
== File | == File == | ||
An act.dat file is made up of 1 to 21 sequential activation structures. | An act.dat file is made up of 1 to 21 sequential activation structures. | ||
Line 27: | Line 27: | ||
The file is truncated to valid activation structures, so its size will be a multiple of 512. | The file is truncated to valid activation structures, so its size will be a multiple of 512. | ||
=== Activation | === Activation === | ||
Fields are big-endian. | Fields are big-endian. |
Revision as of 21:44, 11 December 2017
File Handling
On 1.76, act.dat is loaded and updated by the SceShellCore process.
Beyond 1.76, act.dat is loaded and updated directly by the kernel.
File Verification
A HMACSHA256 of the entire act.dat file using the SHA256 of the OpenPsId as the key is stored in Vtrm using SceShellCore's process ID in slot 0.
SceShellCore's process ID is 0x3800000000000010
.
hmacsha256(sha256(sceKernelGetOpenPsIdForSystem()), act.dat)
(pseudo-code)
sceSblVtrmStoreNth(0x3800000000000010, hmac, 64, 0)
sceSblVtrmRetrieveNth(0x3800000000000010, hmac, 64, 0)
sceSblVtrmFreeNth(0x3800000000000010, 0)
Note: sceSblVtrm* are kernel functions.
This prevents easily adding or replacing the act.dat file directly. You will need to update this HMAC to prevent the act.dat file from being deleted when adding or replacing it.
File
An act.dat file is made up of 1 to 21 sequential activation structures.
The file is truncated to valid activation structures, so its size will be a multiple of 512.
Activation
Fields are big-endian.
Name | Offset | Size | Example | Remark |
---|---|---|---|---|
Signature | 0x000 |
4 | 41 43 54 00 ('ACT\0')
| |
Version | 0x004 |
2 | 00 01 |
1 (current) |
Type | 0x006 |
2 | 00 02 |
2 or 3 |
PSN Account ID | 0x008 |
8 | AB CD EF 01 02 34 78 91 |
|
Start Timestamp | 0x010 |
8 | 00 00 00 00 52 85 64 00 |
Start timestamp (unix/epoch) |
End Timestamp | 0x018 |
8 | 7F FF FF FF FF FF FF FF |
End timestamp (unix/epoch), typically INT64_MAX |
Unknown | 0x020 |
64 | - | |
OpenPsId SHA256 Hash | 0x060 |
32 | - | sha256(sceKernelGetOpenPsIdForSystem()) (pseudo-code)
|
Unknown | 0x080 |
32 | - | Found to match exactly for different users and consoles. Maybe system version SHA256 hash? |
Unknown | 0x0A0 |
16 | - | Match exactly to data found in RIF data at 0x260 of same size (KDS RIF only) |
Unknown | 0x0B0 |
16 | - | Used to decrypt RIF secret data (KDS RIF only) |
Unknown | 0x0C0 |
64 | - | |
RSA Signature | 0x100 |
256 | - | Verified using same public key as RIF type 0 |