Editing Archive.dat

The archive.dat file format is used to store PS3 Backup data. [https://support.us.playstation.com/app/answers/detail/a_id/798/~/ps3-backup-utility This feature was added since 1.32.]

The PS3 backup/restore system will create archive.dat files on USB media which will contain a backup of your entire HDD.

There are four types of archive.dat files :

{| class="wikitable"
|-
! Filename !! Function !! Comment
|-
| archive.dat || Index of backed data || This will contain a list of all files/directories and information about the copy-protected archive
|-
| archive_XX.dat || Backed data || This will contain the actual backed data
|-
| archive2.dat || Index of Protected-Content data || This will contain the index of the copy-protected content of your backup
|-
| archive2_XX.dat || Protected-Content data || This will contain the copy-protected content
|-
|}

When a backup is created, the PS3 will divide the data to be backed up
into 2 types, generic data and copy-protected data. The copy-protected
data will usually be your games folder and copy-protected save games
and the like, so when you restore it on a different PS3, it will show
the error "The data was backed up from a different PS3 system. Some
data cannot be restored". 

The archive.dat and archive2.dat files are Index files while the
archive_XX.dat and archive2_XX.dat files contain the actual data. The
archive files are for normal data while the archive2 files are for the
copy-protected data. The archive.dat index file will contain a listing
of all the files and folders that the data files contain, as well as a
footer containing information about the archive2.dat content.

The file format is divided into 4 items : the DAT header, the Archive
header, the payload and the Footer :

All files will contain the DAT header followed by the Archive header then the payload. The archive.dat file alone will contain a footer.

== DAT header ==
The DAT header has a fixed size of 0x40 bytes and will appear at the
start of the file. It will never be encrypted.

{| class="wikitable"
|-
! Offset !! Size !! Name !! Values !! Comment
|-
| 0x00 || 0x04 || Encryption type || 0x30 or 0x40 || Little-Endian value
|-
| 0x04 || 0x04 || DAT type || 0x03 or 0x05 || Little-Endian value
|-
| 0x08 || 0x14 || File hash || .... || Hash of the encrypted data with HMAC
|-
| 0x1C || 0x14 || Key seed || .... || will be all zeroes if encryption type is 0x30
|-
| 0x30 || 0x10 || Padding || 00...00 || all zeroes
|-
| 0x40 || variable || Data || .... || Encrypted data
|}

The DAT content is always encrypted and requires the use of the key
seed from the header to generate the keys used for the encryption/decryption.
The key seed will be a random value if the encryption type is 0x40, or
it will be se tto zero if the encryption type is 0x30, in which case,
the ps3's IDP value will be used as a key seed.

A zeroed out buffer of 64 bytes which contains the key seed at offset
zero is encrypted with a zeroed IV using the VTRM engine to generate
the key/iv/hmac needed for the DAT file processing.

If the IDP is used, then a vtrm encrypt of type 3 is used, otherwise,
if the key seed is used, a vtrm encrypt with portability of type 1 is
used.

The resulting 64 bytes buffer is then divided into the following
structure :

{| class="wikitable"
|-
! Offset !! Size !! Name
|-
| 0x00 || 0x10 || Key
|-
| 0x10 || 0x10 || IV
|-
| 0x20 || 0x0C || Padding
|-
| 0x2C || 0x14 || HMAC key
|-
|}


== Archive header ==
The archive header goes right after the DAT header and will be
encrypted of course. It will contain information on the current
archive file :

{| class="wikitable"
|-
! Offset !! Size !! Name !! Values !! Comment
|-
| 0x00 || 0x08 || ID || ... || The unique ID of this archive
|-
| 0x08 || 0x04 || Index || ... || The index of this file within the archive
|-
| 0x0C || 0x01 || Archive type || 0x04 or 0x05 || Determines if copy-protected content or not
|-
| 0x0D || 0x01 || File type || 0x00 or 0x01 || It looks like it's set to 0 for data files and set to 1 for index files
|-
| 0x0E || 0x02 || Padding || 0x0000 || all zeroes
|-
|}


The ID of the archive is a random value and it must be the same for
all the archive files in the backup directory. The index is set to 0
for index files and starts from 0 for data files and is incremented
for each new data file created. The archive type is set to 0x04 when
the data is copy-protected, but it only seems to be set to 0x04 in the
index file, not in the data files. The file type finally is set to 0
for data files and 1 for index files.

== Index files ==
The index files are the archive.dat and archive2.dat files, they
contain the list of all files and directories within the data files.
After the archive header, the list of files appears in the form of a
block of 0x558 bytes, until the EOS file block which starts with a
64-bit value of zero. After the list of files, the file will contain 
a list of directories in the form of blocks of 0x448 bytes until the
EOS directory block which starts with a 64-bit value of zero.
After the list of directories, if the file is archive.dat (archive
type is 0x05), then a footer is added at the end of the file.

Basically, you can see the file structure as a union between a EOS
block and a File Structure block. The EOS block represents the End Of
Stream, and starts with a 64-bit value of zero, while file blocks
start with the path to the file which cannot be zero.

=== File structure ===

{| class="wikitable"
|-
! Offset !! Size !! Name !! Values !! Comment
|-
| 0x00 || 0x520 || Path || ... || The full absolute path of the file
|-
| 0x520 || 0x34 || File stats || ... || File stats as a sysFSStat structure (see lv2/sysfs.h)
|-
| 0x554 || 0x04 || Flags || 0x00 or 0x01 || The flags are set to 0x01 if the file resides in /dev_flash2
|-
|}

=== EOS File structure ===

{| class="wikitable"
|-
! Offset !! Size !! Name !! Values !! Comment
|-
| 0x00 || 0x08 || Zero || 00..00 || Must be set to zero to indicate the end of the list
|-
| 0x08 || 0x08 || Total files || ... || The total number of files that were just listed
|-
| 0x10 || 0x08 || Total file sizes || ... || The total size of all the
files listed
|-
| 0x18 || 0x540 || Padding || 00...00 || All zeroes until the end of the block
|-
|}

=== Directory structure ===

{| class="wikitable"
|-
! Offset !! Size !! Name !! Values !! Comment
|-
| 0x00 || 0x420 || Path || ... || The full absolute path of the directory
|-
| 0x420 || 0x34 || File stats || ... || Directory stats as a sysFSStat structure (see lv2/sysfs.h)
|-
| 0x454 || 0x04 || Flags || 0x01 or 0x03 || The flags are set to 0x03 if the directory resides in /dev_flash2 or 0x01 otherwise
|-
|}

=== EOS Directory structure ===

{| class="wikitable"
|-
! Offset !! Size !! Name !! Values !! Comment
|-
| 0x00 || 0x08 || Zero || 00..00 || Must be set to zero to indicate the end of the list
|-
| 0x08 || 0x08 || Total directories || ... || The total number of directories that were just listed
|-
| 0x10 || 0x448 || Padding || 00...00 || All zeroes until the end of the block
|-
|}


=== Archive Index Footer ===

{| class="wikitable"
|-
! Offset !! Size !! Name !! Values !! Comment
|-
| 0x00 || 0x10 || [[PSID]] || ... || The OpenPSID of the PS3 on which this backup was created
|-
| 0x10 || 0x08 || Archive2.dat total file sizes || ... || The total file sizes of the copy-protected content (same value as in the EOS file structure of the archive2.dat)
|-
| 0x18 || 0x08 || Padding || 00..00 || All zeroes
|-
|}

== Data files ==
Data files are sequential files which contain only the DAT header and
archive header, followed by raw data. There is no compression, no
separation between the files, no padding, etc.. the files will be
packed one after the other in the same order as they appear in the
index file.

A data file may even end on a non-16 byte boundary, in which case,
there still will not be any additional padding and the AES128 CBC
algorithm has to be modified to allow encryption of a stream instead
of 16-byte blocks.

For the last block of the file to be encrypted, if it has less than 16
bytes, then the IV is instead encrypted (so, the previous block
encrypted twice), then xor-ed with the remaining bytes of input.
To decrypt, you simply need to decrypt the IV and xor it again with
the first bytes of the ciphertext to get the plaintext back.

= Notes =

== Registry Database Utility ==

The archives created by "db_backup.self" and "registry_backup.self" from the Sony SDK have a DAT type of 0x04.
* "db_backup.self" creates a backup of the database. (there's only one resulting file).
* "registry_backup.self" creates a backup of the xRegistry.sys file.

= Tools =

== PeXploit ==

PeXploit is a GUI version of ps3xport with user-friendly features.

* PKG Bubble Install Source (by pink1): http://www.mediafire.com/download/22352yzs75jh7oa/PSN_Bubbles.zip

* https://github.com/xXxTheDarkprogramerxXx/PeXploit

== arctool ==

arctool is a python script to ease ps3xport usage.

* https://web.archive.org/web/*/http://playstationhax.xyz/forums/topic/1092-release-arctool-and-arcunpack-by-flatz/ [http://www.mediafire.com/download/zvfc1ddi9dh21p4/arctool.7z]

== ps3xport ==

ps3xport is a CUI tool to decrypt and encrypt PS3 exported backup archives.

* https://github.com/kakaroto/ps3xport ([[KaKaRoTo_Kind_of_%C2%B4Jailbreak%C2%B4|KaKaRoTo Kind of ´Jailbreak´]])


{{File Formats}}<noinclude>[[Category:Main]]</noinclude>