| This article is marked for rewrite/restructuring in proper wiki format.
You can help PS3 Developer wiki by editing it.
The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it this page
Once the user is trying to start a SELF, the vsh looks for the appinfo header type; if the type is 8, then the control digest element type 3 (NPD element) is located. From this NPD header the vsh gets the License Types (network license, local or free).
- Type 1 (Network License): if a remote paid content is to be loaded, the vsh loads the act.dat and the rif associated to the content (will download to vsh process memory).
- Type 2 (Local): For this paid content too, the vsh locate a file with the same title id on NPD element (CONTENT_ID), then the signature is checked (last 0x28 bytes of both RIF and act.dat).
- Type 3 (Free): if a free content (no license check: no need for rif/act.dat) is detected then a generic klicense will be use for further steps (go to LV2).
This function has different parameters depending if the content is debug, paid (type 1 & 2) or free (type 3):
PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd); FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
- *PAID can also include free games/apps too but require this licensing check
The lv2 keeps a memory table with contentID and the associated key:
- Paid content: the rif.key is converted to the klicensee (by using a constant value on lv2, IDPS and the act.dat) and once transformed it is stored on memory table.
- free content: copies the titleID and the generic klicensee to the table.
- http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by Mysis
act.dat header(encrypted) structure
|Version||0x4||0x4||00000001||1 or 2(current)|
|Account ID||0x8||0x8||B4 1F 2C 0B DC 1B 43 31||personal PSN account ID|
|Primary Key Table||0x10||0x800||N.A||Used for decrypting rifkeys|
|Unknown3||0x860||0x10||N.A||Encrypted_data for v.1 / Padding for v.2|
|Unknown4||0x870||0x10||N.A||Encrypted_data for v.1 / Time_Stamp for v.2|
|Unknown5||0xED0||0x40||N.A||algo is same as for Unknown1?|
|RSA Signature?||0xF10||0x100||N.A||params are unknown|
|ECDSA Signature||0x1010||0x28||N.A||pub=vsh_pub, ctype=0x02(vsh_curves)|
rif file(encrypted) structure
The rif holds the klicensee for both SELF and paid EDAT.
|Version Number||0x0||0x4||00 00 00 01|
|License Type||0x4||0x4||00 00 00 02|
|Account ID||0x8||0x8||B4 1F 2C 0B DC 1B 43 31||Used on Rap2Rif header|
|CONTENT ID||0x10||0x30||UP900-UCUS98721_00-PATAPONPSNDEMO08||Content ID|
|Encrypted Key Index||0x40||0x10||N.A||Used for choosing act.dat key|
|Encrypted Rifkey||0x50||0x10||N.A||Used for decrypt NPDRM self/sprx and edat files|
|License start time||0x60||0x8||00 00 01 1F C5 16 7B D8||For human readable, convert to decimal and use one Epoch-Unix converter time format online. Should be 0x08 lenght|
|License expiration time||0x68||0x8||00 00 00 00 00 00 00 00||If zeroed,-, there is no time limit. Used on PS+ for example. should be 0x08|
|ECDSA Signature||0x70||0x28||11||Patched in some CFW to allow unsigned. See Rif_Junk on Rap2Rif by Flatz , params are same as for act.dat|
|Unknown3||0xC0||0x40||N.A||Zero bytes / Padding|
|RSA Signature?||0x100||0x100||N.A||Params are unknown|