Editing NPDRM

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 15: Line 15:
If a Network DRM content is to be loaded, the [[VSH]] loads the act.dat and the .rif associated to the content (it will download .rif to VSH process memory).
If a Network DRM content is to be loaded, the [[VSH]] loads the act.dat and the .rif associated to the content (it will download .rif to VSH process memory).


For Local DRM content too, the [[VSH]] locates a file with the same CONTENT ID as in NPDRM header, then the signatures are checked (RIF offset 0x70 and act.dat offset 0x1010). Using the [[Keys#NPDRM_Keys|np_act_data_index_dec_key]], it will decrypt the actdatIndex stored in RIF.
For Local DRM content too, the [[VSH]] locates a file with the same CONTENT ID as in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).


If a Free DRM (DRM type 3) content is detected then there is no license check, so no need for .rif/act.dat, and a generic klicensee [[Keys#NPDRM_Keys|klic_ps3_free]] will be used for further steps.
If a Free DRM (DRM type 3) content is detected then there is no license check, no need for .rif/act.dat, and a generic klicensee [[Keys#NPDRM_Keys|klic_ps3_free]] will be used for further steps (go to LV2).


Then the execution passes to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscall no 471 sys_npdrm_regist_ekc]].
Using the RIF_KEY with the [[Keys#NPDRM_Keys|np_act_data_index_dec_key]], it will obtain the actdatIndex, then the execution passes to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]]. This function has different parameters depending of the [[#DRM Type]]:
<source lang="C">
* Local/Network DRM content: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd); // is it titleID or content_id?
// is it titleID or content_id?
* Free DRM content: syscall471(npd.type, &npd.titleID, klic_ps3_free, NULL, NULL, npd.license, &npd); // is it titleID or content_id?
int sys_npdrm_regist_ekc(uint32_t type, char* titleID, void* klicensee, uint8_t* actdat, uint8_t* rif, int32_t licenseType, uint8_t* magicVersion);</source>
This function has different parameters depending on the [[#DRM Type]]:
* Local/Network DRM content: <source lang="C">sys_npdrm_regist_ekc(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);</source>
* Free DRM content: <source lang="C">sys_npdrm_regist_ekc(npd.type, &npd.titleID, klic_ps3_free, NULL, NULL, npd.license, &npd);</source>


The lv2 keeps a memory table with contentID and the associated klicensee:
:<small>* Local DRM contents can also include free games/apps too but require this licensing check</small>
* Local/Network DRM content: lv2 AES128 decrypts the encrypted klicensee from RIF by using [[Keys#NPDRM_Keys|NPDRM IDPS Seed]], [[IDPS]], act.dat and some other keys. Once transformed, klicensee is stored in a memory table.
* Free DRM content: lv2 copies the titleID and the generic klicensee (klic_ps3_free) to a memory table.


From there, the lv1 hypervisor, by loading [[Hypervisor_Reverse_Engineering#appldr|appldr]], will transform the key by using the [[Keys#ps3_klic_dec_key|ps3_klic_dec_key]] and finally remove the NPDRM layer of the SELF/SPRX to start the [[SELF - SPRX]] decryption.
The lv2 keeps a memory table with contentID and the associated key:
* Local/Network DRM content: it converts by AES128 encryption the klicensee to another key (by using a [[Keys#NPDRM_Keys|klicensee_constant value on lv2]], [[IDPS]] and the act.dat) and once transformed it is stored in a memory table.
* Free DRM content: it copies the titleID and the generic klicensee (klic_ps3_free) to a memory table.
 
From there, the lv1 hypervisor, by loading [[Hypervisor_Reverse_Engineering#appldr|appldr]], will transform the key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer to start the [[SELF - SPRX]] decryption.


= PS3 NPDRM EDAT decryption steps =
= PS3 NPDRM EDAT decryption steps =
Line 45: Line 43:
! Value !! Type !! Remarks
! Value !! Type !! Remarks
|-
|-
| 0 || Unknown (official name) || It does not require any license. Set in [[EDAT_files|SDATA files]].
| 0 || Debug || Used in SDAT files.
|-
|-
| 1 || Network || It requires network authentication every time the content is launched. See [http://en.wikipedia.org/wiki/PlayStation_Network_outage#Inability_to_use_PlayStation_3_content inability example].
| 1 || Network || It requires network authentication every time the content is launched. See [http://en.wikipedia.org/wiki/PlayStation_Network_outage#Inability_to_use_PlayStation_3_content inability example].
Line 51: Line 49:
| 2 || Local || It requires first time activation online (paid content but also demo and free of charge content).
| 2 || Local || It requires first time activation online (paid content but also demo and free of charge content).
|-
|-
| 3 || Free || On PS3, it does not require any license file nor console activation (act.dat). PS3 disc bind contents use this DRM Type. On PSP, when a .rif is present for Free DRM Type, the RIF NP Account ID is replaced by a Magic Gate Memory Stick command result and the RIF encrypted account keyring index is replaced by the sha1 digest of this Magic Gate Memory Stick command result.
| 3 || Free || On PS3, it does not require any license file nor console activation (act.dat).
|-
| 4 || PSP || This type exists according to PS3 make_package_npdrm.exe revision 1972. However, no .rif holding this DRM Type was ever seen.
|-
| 0xD || Free (PSP2/PSM) || Used for Free contents but with license (.rif) requirement, unlike DRM Type 3. Requires either pd0:license/rifname.rif (for Welcome Park) or /app/TITLEID/sce_sys/package/temp.bin (for .pkg installed from PS Store).
|-
| 0x100 || Network (PSP/PSP2) || Seen in PSP and PS Vita OS. On PSP, extends the RIF ECDSA signed data with IDPS and Fuse ID. On PS Vita, forces OpenPSID comparison in RIF and thus RIF RSA signature verification.
|-
| 0x400 || GameCard (PSP2) || Requires a .rif stored in the gamecard filesystem and the gamecard  to be inserted for authentication.
|-
|-
| 0x2000 || Unknown (PS3) || Seen in EP0001-NPEB00560_00-GRAW2PS3REMPKG01.rif.
| 0xD || "PS Vita Free" (guessed name) || Free but with license (.rif) requirement, unlike DRM Type 3.
|}
|}


NPDRM contents decryption requires a key, the key licensee or klicensee. Depending on the content's DRM Type, klicensee is got in different ways:
NPDRM contents decryption requires a key, the key licensee or klicensee. Depending on the content's DRM type, klicensee is got in different ways:
* DRM type Network: klicensee is generated using associated RIF downloaded on-load from PS Store + ?to detail?
* DRM type Network: klicensee is generated using rif + ?to detail?
* DRM type Local: klicensee is generated using associated RIF downloaded on-installation from PS Store + act.dat + console's IDPS
* DRM type Local: klicensee is generated using act.dat + associated rif + console's IDPS
* DRM type Free: klicensee is the constant PS3 Free klicensee (see [[Keys#NPDRM_Keys|NPDRM keys]] and [[Keys#Appldr|appldr keys]])
* DRM type Free: klicensee is the constant PS3 Free klicensee (see NPDRM [[Keys]] and appldr keys)
* DRM type Free (PSP2/PSM): klicensee is derived from associated RIF stored in the NPDRM PKG file
* DRM type "PS Vita Free": maybe same as Local: to check.
* DRM type GameCard: klicensee is derived from associated RIF stored in the gamecard and gamecard authentication command
 
Free games/applications, e.g. demos and free additional contents can either use Free, Free (PSP2/PSM) or Local DRM Types.
 
= License Flags =
 
License Flags are guessed to be either 4 or 6 bytes long (leaving DRM Type either 2 or 4 bytes long).
 
See [[RIF]].
 
* 1 by default
* 0x200 for preordered content that is not usable yet. Seen in EP1004-BLES01807_00-GTAVDLCATOMICBLI.rif, EP1004-NPEB01283_00-GTAVDIGITALDOWNL.rif and EP1004-NPEP00231_00-TGRANDTHEF000001.rif.


= Tools =
= Tools =
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/NPDRM"