Activation File

From PS4 Developer wiki
Revision as of 21:50, 11 December 2017 by Idc (talk | contribs)
Jump to navigation Jump to search

File Handling

On 1.76, act.dat is loaded and updated by the SceShellCore process.

Beyond 1.76, act.dat is loaded and updated directly by the kernel.

File Verification

A HMACSHA256 of the entire act.dat file using the SHA256 of the OpenPsId as the key is stored in Vtrm using SceShellCore's process ID in slot 0.

SceShellCore's process ID is 0x3800000000000010.

hmacsha256(sha256(sceKernelGetOpenPsIdForSystem()), act.dat) (pseudo-code)

  • sceSblVtrmStoreNth(0x3800000000000010, hmac, 64, 0)
  • sceSblVtrmRetrieveNth(0x3800000000000010, hmac, 64, 0)
  • sceSblVtrmFreeNth(0x3800000000000010, 0)

Note: sceSblVtrm* are kernel functions.

This prevents easily adding or replacing the act.dat file directly. You will need to update this HMAC to prevent the act.dat file from being deleted when adding or replacing it.

File

An act.dat file is made up of 1 to 21 sequential activation structures.

The file is truncated to valid activation structures, so its size will be a multiple of 512.

Activation

Fields are big-endian.

Name Offset Size Example Remark
Signature 0x000 4 41 43 54 00 ('ACT\0')
Version 0x004 2 00 01 1 (current)
Type 0x006 2 00 02 2 or 3
PSN Account ID 0x008 8 AB CD EF 01 02 34 78 91
Start Timestamp 0x010 8 00 00 00 00 52 85 64 00 Start timestamp (unix/epoch)
End Timestamp 0x018 8 7F FF FF FF FF FF FF FF End timestamp (unix/epoch), typically INT64_MAX
Unknown 0x020 64 -
OpenPsId SHA256 Hash 0x060 32 - sha256(sceKernelGetOpenPsIdForSystem()) (pseudo-code)
Unknown 0x080 32 - Found to match exactly for different users and consoles. Maybe system version SHA256 hash?
RIF Secret Encryption IV 0x0A0 16 - See rif
RIF Secret Encryption Key Seed 0x0B0 16 - Used to decrypt rif secret (KDS RIF only)
Unknown 0x0C0 64 -
RSA Signature 0x100 256 - Verified using same public key as RIF type 0