PSSE: Difference between revisions
No edit summary |
|||
(3 intermediate revisions by 2 users not shown) | |||
Line 4: | Line 4: | ||
PSSE stands for PlayStation Suite Encrypted. It is an encryption layer that encrypts the PSM game's filesystem. | PSSE stands for PlayStation Suite Encrypted. It is an encryption layer that encrypts the PSM game's filesystem. | ||
The encryption layer is comparable to the PS Vita [[Filesystem]] in many ways; however, it seemed that there was a bug at Sony, where besides executable files, the first directory level of a PSM app is not encrypted with PSSE, whose directory level is below the root of RO/. Similarly, the PSM SaveData is not encrypted by such layer either. | The encryption layer is comparable to the PS Vita Protected [[Filesystem]] (PFS) in many ways; however, it seemed that there was a bug at Sony, where besides executable files, the first directory level of a PSM app is not encrypted with PSSE, whose directory level is below the root of RO/. Similarly, the PSM SaveData is not encrypted by such layer either. | ||
== Data Structure == | == Data Structure == | ||
{| class="wikitable" style="font-size:small; text-align: center;border | {| class="wikitable" style="font-size:small; text-align: center;border;" | ||
|- | |- | ||
|'''offset''' | |||
|'''value''' | |||
|'''description''' | |||
|- | |- | ||
|0x00||0x50535345 (ASCII "PSSE" / "PSME")||Magic Number / File Header | |0x00||0x50535345 (ASCII "PSSE" / "PSME")||Magic Number / File Header | ||
Line 17: | Line 17: | ||
|0x4|| int32 || Version | |0x4|| int32 || Version | ||
|- | |- | ||
|0x8 || | |0x8 || int64 || Decrypted file size | ||
|- | |||
|0x10 || int32 || PSSE Type (always 0x1) | |||
|- | |- | ||
|0x14|| char[0x24] [[System_File_Object_(SFO)_(PSF)#CONTENT_ID|CONTENT_ID]]||Contents of /RW/System/content_id | |0x14|| char[0x24] [[System_File_Object_(SFO)_(PSF)#CONTENT_ID|CONTENT_ID]]||Contents of /RW/System/content_id | ||
|- | |||
|0x40|| char[0x10] || MD5 Of Original File (Plaintext) | |||
|- | |||
|0x50 || char[0x20] || Encrypted Filename | |||
|- | |- | ||
|0x70|| char[0x10] ||Encrypted IV | |0x70|| char[0x10] ||Encrypted IV | ||
|- | |- | ||
|0x680|| | |0x80|| char[0x200] ||RSA Signature? | ||
|- | |||
|0x280|| char[0x20] || HMAC hash of (encrypted) first block, (Vita), key is in RIF | |||
|- | |||
|0x2A0||char[0x1E0] || Reserved (all 0's) | |||
|- | |||
|0x480|| char[0x20] || HMAC hash of (encrypted) first block, (Android) key is in RIF | |||
|- | |||
|0x4A0|| char[0x1E0] || Reserved (all 0's) | |||
|- | |||
|0x680|| char[until next multiple of 0x8000] || encrypted block data | |||
|- | |- | ||
|} | |} | ||
Line 53: | Line 69: | ||
A script that implements the above algorithm can be found here: | A script that implements the above algorithm can be found here: | ||
https://github.com/KuromeSan/psse-decrypt | https://github.com/KuromeSan/psse-decrypt | ||
it is in the public domain, so feel free to use it for whatever you want | it is in the public domain, so feel free to use it for whatever you want |
Latest revision as of 11:41, 23 April 2024
What is PSSE?[edit | edit source]
PSSE stands for PlayStation Suite Encrypted. It is an encryption layer that encrypts the PSM game's filesystem.
The encryption layer is comparable to the PS Vita Protected Filesystem (PFS) in many ways; however, it seemed that there was a bug at Sony, where besides executable files, the first directory level of a PSM app is not encrypted with PSSE, whose directory level is below the root of RO/. Similarly, the PSM SaveData is not encrypted by such layer either.
Data Structure[edit | edit source]
offset | value | description |
0x00 | 0x50535345 (ASCII "PSSE" / "PSME") | Magic Number / File Header |
0x4 | int32 | Version |
0x8 | int64 | Decrypted file size |
0x10 | int32 | PSSE Type (always 0x1) |
0x14 | char[0x24] CONTENT_ID | Contents of /RW/System/content_id |
0x40 | char[0x10] | MD5 Of Original File (Plaintext) |
0x50 | char[0x20] | Encrypted Filename |
0x70 | char[0x10] | Encrypted IV |
0x80 | char[0x200] | RSA Signature? |
0x280 | char[0x20] | HMAC hash of (encrypted) first block, (Vita), key is in RIF |
0x2A0 | char[0x1E0] | Reserved (all 0's) |
0x480 | char[0x20] | HMAC hash of (encrypted) first block, (Android) key is in RIF |
0x4A0 | char[0x1E0] | Reserved (all 0's) |
0x680 | char[until next multiple of 0x8000] | encrypted block data |
Decryption[edit | edit source]
AES-128-CBC decrypt 0x10 bytes from 0x70 using PSSE Header IV and PSSE Header Key the resulting decryption is the Contents IV, now take 0x10 bytes from 0x120 of the game's NoPsmDrm RIF, this is the Content Key (if its one of the DLL's in the PSM Runtime Package, then the content key is Runtime PSSE App Key)
the content data section (0x680 onwards) is made up of blocks, each 0x8000 bytes in size
however the first block is only 0x7980 bytes, (0x8000 - 0x680) as if the block started at 0x00, however you start reading from 0x680
all subsequent blocks are 0x8000 bytes, so block 0 is at 0x680, block 1 at 0x8000, block 2 at 0x10000 etc,
and, at every interval of 0x80000 bytes there is an 0x400 byte gap before the next block starts
(that next block is then 0x7C00 bytes long, as if the block started at 0x80000, even though it starts at 0x800400) and of course all subsequent ones are then 0x8000 past there again,
when reading each block the IV used to decrypt it changes slightly, usually just the first byte changes. to calculate the IV for any given block, take that block's number (counting sequentially from 0x800, following all above rules) as an int32, little endain, put it into a byte-array. and make that byte array be 0x10 bytes long, with the block number at the very start eg, for block 4 it would be 0x04000000000000000000000000000000 then, XOR the original IV from the PSSE Header, with that byte array,
Decrypt each block using AES-128-CBC with the content IV you calculated earlier from header + block ID and the content KEY from the rif,
to decrypt the entire file, decrypt each block in-order.
A script that implements the above algorithm can be found here: https://github.com/KuromeSan/psse-decrypt it is in the public domain, so feel free to use it for whatever you want