Editing SELF - SPRX

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
SELF stands for Signed Executable and Linkable Format. SELF is the file format used by the executables on the PS3 and PS Vita. SPRX stands for Signed Playstation Relocatable eXecutable. SPRX is a file extension, derived from PRX, of SELF files that are loaded as "libraries" rather than "applications". SELF files of applications are often named "EBOOT.BIN" as in "encrypted BOOT.BIN" as a legacy of PS1, PS2 and PSP executables filenames.
SELF stands for Signed Executable and Linkable Format. SPRX stands for Signed Playstation Relocatable eXecutable. They are the format used by the executables on the PS3 and PSVita.


[[File:Self.png|thumb|alt=A screenshot of f0f's presentation at CCC2010.]]
[[File:Self.png|thumb|alt=A screenshot of f0f's presentation at CCC2010.]]
Line 6: Line 6:
= Introduction =
= Introduction =


SELF consists of a [[Certified File]] header with an Extended Header followed by the encapsulated ELF file. ELF sections can be compressed using gzip. A SELF is usually encrypted and signed, but [[#fSELF|fSELF]] are unsigned SELFs. ELF sections can be encrypted using AES128 and signed using ECDSA160 or RSA2048 + HMAC-SHA1 or HMAC-SHA256. A SELF has a specific header called Extended header where it stores all the parameters for this program.
It consists of a CF header with an extended header followed by the encapsulated ELF file. ELF sections can be compressed using gzip. SELFs are encrypted and signed, unlike fSELFs. ELF sections are encrypted using AES128 and signed using ECDSA160 or RSA2048 + HMAC-SHA1 or HMAC-SHA256. SELF file has a specific header called Extended header where it stores all the parameters for this program.


*Extended Header
*Extended Header
Extended Header consists of information regarding the structure and offsets of the SELF. The first part is in plaintext until the Encryption Root Header.
It consists of information regarding the structure and offsets of the SELF. The first part is in plaintext until you reach Encryption Root Header.


*Encryption Root Header
*Encryption Root Header
Encryption Root Header is encrypted under an AES256CBC layer. It contains key and IV to further decrypt the Certification data using AES128 (CBC or CTR).
Encryption Root Header is itself encrypted under AES256CBC. It contains key and ivec to further decrypt the Certification data using AES128(CBC or CTR).


*Certification data
*Certification data
Certification Header, Certification Body and CF Signature are encrypted under an AES128 (CBC or CTR) layer with the Encryption Root Header key and IV.
The Certification Header, Certification Body and Certification Footer are encrypted under this AES128 layer and are decrypted with the key above.


*Certification Header
*Certification Header
Signature is an ECDSA160/RSA2048 signature of the SHA1/SHA256 digest of the SELF file starting at offset 0 and ending at offset sign_offset.
Certification Header contains the info required to authenticate the Certification. The Certification Footer signature is ECDSA160 of the SHA1 digest of the SELF file starting at offset 0x0 and ending at offset footer_offset, or RSA2048 ?of the same data?.


*Data Segments
*Data Sections
Data segments can be encrypted and/or compressed. SHA1/HMAC-SHA1/HMAC-SHA256 is used to ensure that they have not been modified.
The data sections can be encrypted and/or compressed. SHA1/HMAC-SHA1/HMAC-SHA256 is used to ensure that they have not been modified.


= Cryptography =
= Cryptography =
Line 29: Line 29:
Basically here are the steps being involved by the loaders:  
Basically here are the steps being involved by the loaders:  


Loaders all have a static key and iv called respectively <abbr title="ERK - 256bit Encryption Round Key">erk</abbr> and <abbr title="RIV - 128bit Reset Initialization Vector">riv</abbr>. Those are keys for the first decryption step which is to decrypt the Encryption Root Header using <abbr title="AES256CBC - Advanced Encryption Standard - 256 bit - Cipher-block chaining">AES256CBC</abbr>. When the SELF is protected by [[NPDRM]] ?instead of using static keys?, erk and riv are derived by decrypting klicensee using "NP_klic_key".
Loaders all have a static key and iv called respectively <abbr title="ERK - 256bit Encryption Round Key">erk</abbr> and <abbr title="RIV - 128bit Reset Initialization Vector">riv</abbr>. Those are keys for the first decryption step which are used to decrypt the very first 0x40 bytes of the SELF's metadata using <abbr title="AES256CBC - Advanced Encryption Standard - 256 bit - Cipher-block chaining">AES256CBC</abbr>.


Then the result is used as key and iv to decrypt the rest of the Certification data using <abbr title="AESCTR - Advanced Encryption Standard - Counter Mode">AES128CTR</abbr> (PS3) or AES128CBC (PS Vita). Finally the decrypted Certification data contains the key and iv for each data segments which are still decrypted following the Segment Certification Header information. This security model is based on the fact that the Certification Root Header once decrypted by the static AES256CBC key in the loader should never be the same from one binary to the other. The same goes for any other value used as an AES128 key or iv.
Then the result is used as key and iv to decrypt the rest of the Certification data using <abbr title="AESCTR - Advanced Encryption Standard - Counter Mode">AES128CTR</abbr> (PS3) or AES128CBC (PSVita). Finally the decrypted Certification data contains the key and iv for each data sections which are still decrypted following the Segment Certification Header information. This security model is based on the fact that the Certification Root Header once decrypted by the static AES256CBC key in the loader should never be the same from one binary to the other. The same goes for any other value used as an AES128 key or iv.


Loaders are also involved with inflating the binaries using zlib.
Loaders are also involved with inflating the binaries using zlib.


The SELF authenticity is based on other independent steps, <abbr title="HMAC-SHA1 - Hash-based Message Authentication Code - Secure Hash Algorithm 1">HMAC-SHA1</abbr> or HMAC-SHA256 of the data segments and <abbr title="ECDSA - Elliptic Curve Digital Signature Algorithm">ECDSA160</abbr> or RSA2048 for the signature of the header and the Certification data.
The SELF authenticity is based on other independent steps, <abbr title="HMAC-SHA1 - Hash-based Message Authentication Code - Secure Hash Algorithm 1">HMAC-SHA1</abbr> or HMAC-SHA256 of the data sections and <abbr title="ECDSA - Elliptic Curve Digital Signature Algorithm">ECDSA160</abbr> or RSA2048 for the signature of the header and the Certification data.


== Short references ==
== Short references ==
Line 48: Line 48:
= fSELF =
= fSELF =


fSELF stands for fake signed ELF. It is the format output by Software Development Kits and ran on activated TestKits and DevKits. As it name suggests, a fSELF is not signed and usually not encrypted. If a fSELF was signed, that would imply that SDK embeds the private keys required to sign it.
fSELF stands for fake signed ELF. It is the format ouput by developer SDK. As it name suggests, it is not signed nor encrypted. If it was, that would imply SDK embeds private keys to sign it and keys to encrypt it.


A fSELF has Attribute set to 0x8000. ?always?
A fSELF has Attribute set to 0x8000. ?always?


A fSELF has usually less rights than a System SELF but more than a finalized Non-System SELF. The OS recognizes a fSELF by looking at its program-authority-id.
A fSELF has usually less rights than a System SELF. The OS recognizes a fSELF by looking at its program-authority-id.


To document more...
To document more...
Line 60: Line 60:
== PS3 ==
== PS3 ==


Files with extensions: eboot.bin, *.self, *.sprx.
Files with extensions: eboot.bin, .self, .sprx.


See also [[SELFs inside ELFs]].
See also [[SELFs inside ELFs]].


== PS Vita ==
== PSVita ==


Files with extensions: eboot.bin, *.self, *.suprx, *.skprx, *.skarx.
Files with extensions: eboot.bin, .self, .suprx, .skprx.


= File Format =
= File Format =


Notes:
Notes:
* Warning: PS3 uses big endian, PS Vita uses little endian.
* Warning: PS3 uses big endian, PSVita uses little endian.
* Encapsulated ELF header fields are useless (only the EI_CLASS EI_DATA and EI_VERSION fields are checked).
* Encapsulated ELF header fields are useless (only the EI_CLASS EI_DATA and EI_VERSION fields are checked).


== PS3 early Program Type 3 SELFs ==
== PS3 early type 3 SELFs ==


<pre>
<pre>
SDK 0.60: No sce version nor elf digest
SDK 0.60: No sce version and digest
SDK 0.8X: No sce version, with 0x30 elf digest
SDK 0.8X: No sce version, with 0x30 digest
SDK 0.9X: With sce version and 0x40 elf digest (scetool produces this type)
SDK 0.9X: With sce version and 0x40 digest (scetool produces this type)
</pre>
</pre>


== Special SELF samples ==
== Special SELFs ==


=== Warhawk public beta release 012 ===
=== Warhawk public beta release 012 ===


Oldest official game SELF (although not even NPDRM protected!!!) found by now: 2007-06-08.
Oldest official game SELF (not NPDRM !!!) I have found for now: 2007-06-08.


*https://web.archive.org/web/*/http://download-prod.online.scea.com/medius-patch/warhawk-pubeta/warhawk//*
*https://web.archive.org/web/*/http://download-prod.online.scea.com/medius-patch/warhawk-pubeta/warhawk//*
Line 97: Line 97:
== Extended Header ==
== Extended Header ==


Extended Header offsets are relative to [[Certified File]] start.
Extended Header offsets are relative to Certified File start.


=== Struct ===
=== Struct ===
Line 121: Line 121:
! field !! offset !! type !! notes
! field !! offset !! type !! notes
|-
|-
| Extended Header version || 0x0 || u64 || 3 for PS3, 4 for PS Vita
| Extended Header version || 0x0 || u64 || 3 for PS3, 4 for PSVita
|-
|-
| Program Identification Header offset || 0x8 || u64 || Offset to Program Identification Header.
| Program Identification Header offset || 0x8 || u64 || Offset to Program Identification Header.
|-
|-
| ELF Header offset || 0x10 || u64 || Offset to ELF Header.
| ELF Header offset || 0x10 || u64 || Offset to ELF header.
|-  
|-  
| Program Header offset || 0x18 || u64 || Offset to ELF Program Header.
| Program Header offset || 0x18 || u64 || Offset to ELF Program Header.
Line 144: Line 144:
=== Comments ===
=== Comments ===


The real ELF data is located after the Extended Header (see Extended Header size in [[Certified File#Header|Certified File Header]]). It is encrypted, unless [[Certified File]] attribute is 0x8000 (fake CF). unfself works by cutting the SCE header from the fSELF and if needed decompressing segments.
The real ELF data is located after the extended header (see header size). It is encrypted, unless attribute is 0x8000. unfself works by cutting the SCE header from the (fake)SELF and if needed decompressing sections.


== Program Identification Header ==
== Program Identification Header ==


Temporary name was App Info. Official name is Program Identification Header.
Temp name was App Info. Official name is Program Identification Header.


=== Struct ===
=== Struct ===
Line 211: Line 211:
[http://www.openwatcom.com/ftp/devel/docs/elf-64-gen.pdf ELF-64 Object File Format]
[http://www.openwatcom.com/ftp/devel/docs/elf-64-gen.pdf ELF-64 Object File Format]


==== PS Vita ====
==== PSVita ====


<source lang="C">
<source lang="C">
Line 272: Line 272:
|}
|}


See also [https://wiki.henkaku.xyz/vita/images/a/a2/Vita_SDK_specifications.pdf yifan lu's outdated specifications for PS Vita fSELF]
See also specifications:
[https://wiki.henkaku.xyz/vita/images/a/a2/Vita_SDK_specifications.pdf yifanlu specs]


=== SCE specific ELF types (e_type) ===
=== SCE specific ELF types (e_type) ===
Line 278: Line 279:
<source lang="C">
<source lang="C">
/* SCE-specific definitions for e_type: */
/* SCE-specific definitions for e_type: */
#define ET_SCE_EXEC 0xFE00 /* SCE Executable - PRX2 */
#define ET_SCE_EXEC 0xFE00 /* SCE Executable */
#define ET_SCE_RELEXEC 0xFE04 /* SCE Relocatable Executable - PRX2 */
#define ET_SCE_RELEXEC 0xFE04 /* SCE Relocatable Executable */
#define ET_SCE_STUBLIB 0xFE0C /* SCE SDK Stubs */
#define ET_SCE_STUBLIB 0xFE0C /* SCE SDK Stubs */
#define ET_SCE_DYNEXEC 0xFE10 /* SCE EXEC_ASLR (PS4 Executable with ASLR) */
#define ET_SCE_DYNAMIC 0xFE18 /* ? */
#define ET_SCE_DYNAMIC 0xFE18 /* ? */
#define ET_SCE_IOPRELEXEC 0xFF80 /* SCE IOP Relocatable Executable */
#define ET_SCE_IOPRELEXEC 0xFF80 /* SCE IOP Relocatable Executable */
Line 289: Line 289:
#define ET_SCE_PSPRELEXEC 0xFFA0 /* SCE PSP Relocatable Executable */
#define ET_SCE_PSPRELEXEC 0xFFA0 /* SCE PSP Relocatable Executable */
#define ET_SCE_PPURELEXEC 0xFFA4 /* SCE PPU Relocatable Executable */
#define ET_SCE_PPURELEXEC 0xFFA4 /* SCE PPU Relocatable Executable */
#define ET_SCE_ARMRELEXEC 0xFFA5 /* ?SCE ARM Relocatable Executable (PS Vita System Software earlier or equal 0.931.010) */
#define ET_SCE_ARMRELEXEC 0xFFA5 /* ?SCE ARM Relocatable Executable (PSVita FW <=0.931) */
#define ET_SCE_PSPOVERLAY 0xFFA8 /* ? */
#define ET_SCE_PSPOVERLAY 0xFFA8 /* ? */
</source>
</source>
Line 319: Line 319:
</source>
</source>


==== PS Vita ====
==== PSVita ====


<source lang="C">
<source lang="C">
Line 339: Line 339:
=== SCE specific segment types (p_type) ===
=== SCE specific segment types (p_type) ===


<source lang="c">
<source lang="C">
#define PT_SCE_RELA 0x60000000
*PT_SCE_IOPMOD = 0x70000080
#define PT_SCE_LICINFO_1 0x60000001
*PT_SCE_EEMOD = 0x70000090
#ddfine PT_SCE_LICINFO_2 0x60000002
*PT_SCE_PSPREL = 0x700000A0
#define PT_SCE_DYNLIBDATA 0x61000000
*PT_SCE_PPURELA = 0x700000A4
#define PT_SCE_PROCESS_PARAM 0x61000001
*PT_SCE_SEGSYM = 0x700000A8
#define PT_SCE_MODULE_PARAM 0x61000002
#define PT_SCE_RELRO 0x61000010 // for PS4
#define PT_SCE_COMMENT 0x6FFFFF00
#define PT_SCE_LIBVERSION 0x6FFFFF01
#define PT_SCE_UNK_70000001 0x70000001
#define PT_SCE_IOPMOD 0x70000080
#define PT_SCE_EEMOD 0x70000090
#define PT_SCE_PSPRELA 0x700000A0
#define PT_SCE_PSPRELA2 0x700000A1
#define PT_SCE_PPURELA 0x700000A4
#define PT_SCE_SEGSYM 0x700000A8
</source>
'''PT_SCE_MODULE_PARAM (PS4)'''
 
This segment contains a single C struct. It appears instead of PT_SCE_PROCESS_PARAM if the ELF file was compiled to be a library. Like PT_SCE_PROCESS_PARAM, the .data segment contains it and it is always at offset 0.
<source lang="c">
struct SceModuleParamBase {
    // current size of the struct this version
    uint64_t size;
    // magic bytes
    uint32_t magic; // 0x3c13f4bf
    // current version of the struct format used
    uint32_t version;
    // for example: 0x0803_0001 for firmware version 8.03
    uint32_t sdk_version;
}
</source>
The struct is the base or head of the actual struct used. The above fields are always present and their offsets do not change between versions.
 
Fields whose name are of the form: unk_0x[0-9 aA-fF], are unknown fields whose offset is in the name, e.g. unk_0x18 is at offset 0x18.<source lang="c">
// checked FW 2.xx-7.00
// FW < 2.00 files do not have a PT_SCE_MODULE_PARAM segment, unchecked 7.00 < FW < 7.55
struct SceModuleParamV1 {
    uint64_t size; // 0x18
    uint32_t magic; // 0x3c13f4bf
    uint32_t version; // 1 for V1
    uint32_t sdk_version;
}
// checked 7.55-9.00, unchecked FW > 10.50 and 7.00 < FW < 7.55
struct SceModuleParamV2 {
    uint64_t size; // 0x20
    uint32_t magic; // 0x3c13f4bf
    uint32_t version; // 2 for V2
    uint32_t sdk_version;
    uint64_t unk_0x18;
}
</source>
</source>


Line 423: Line 377:
</source>
</source>


=== SCE specific section types (sh_type) ===
=== Comments ===


<source lang="C">
Processor specific section types (sh_type):
#define SHT_SCE_RELA 0x60000000
*SHT_SCE_IOPMOD = 0x70000080
#define SHT_SCE_NID 0x61000001
*SHT_SCE_EEMOD = 0x70000090
#define SHT_SCE_IOPMOD 0x70000080
*SHT_SCE_PSPREL = 0x700000a0
#define SHT_SCE_EEMOD 0x70000090
*SHT_SCE_PPURELA = 0x700000a4
#define SHT_SCE_PSPRELA 0x700000A0
#define SHT_SCE_PPURELA 0x700000A4
</source>


== Segment Extended Header ==
== Segment Extended Header ==


Temporary name was Section Info. Official name is segment_ext_header.
Temp name was SELF Section Info. Official name is segment_ext_header.


Segment Extended Header is a table which maps each phdr/shdr entry to the actual offset/size within the encrypted Certified File. Indeed, because segments can be compressed, they might not match the values listed within the ELF phdr/shdr.
A table which maps each phdr entry to the actual offset/size within the encrypted CF. Indeed, because sections can be compressed, they might not match the values listed within the ELF phdr/shdr.


There is one of these entries for each ELF phdr (ELF Program Segment Header) entry in the ELF file so that the console knows where to decrypt the data from, because it might also be compressed.
There is one of these entries for each ELF phdr (ELF Program Segment Header) entry in the ELF file so that the console knows where to decrypt the data from (because it might also be compressed).


=== Struct ===
=== Struct ===
Line 463: Line 414:
| Size || 0x08 || u64 || Size of data
| Size || 0x08 || u64 || Size of data
|-   
|-   
| compress_algorithm || 0x10 || u32 || 1 = plain, 2 = zlib
| Compression || 0x10 || u32 || 1 = uncompressed, 2 = compressed
|-   
|-   
| Unknown || 0x14 || u32 || Always 0, as far as I know.
| Unknown || 0x14 || u32 || Always 0, as far as I know.
|-   
|-   
| request_encryption || 0x18 || u64 || 0 = unrequested, 1 = completed, 2 = requested
| Encryption || 0x18 || u64 || 1 = encrypted, 2 = unencrypted
|}
|}


Line 515: Line 466:
== Supplemental Header Table ==
== Supplemental Header Table ==


Temporary name was Control Information. Official name is supplemental_header_table.
Temp name was Control Information. Official name is supplemental_header_table.


=== Struct ===
=== Struct ===


<source lang="C">
<source lang="C">
typedef struct ECDSA224_signature { // size is 0x38
  unsigned char r[0x1C];
  unsigned char s[0x1C];
} ECDSA224_signature;
// current hypothesis of SceSharedSecret is full (0x40 bytes) shared_secret overwritten with klicensee at offset 0x10
typedef struct SceSharedSecret { // size is 0x40 on PS Vita SDK versions 0.931.010-3.740.011
  uint8_t shared_secret_0[0x10]; // ex: 0x7E7FD126A7B9614940607EE1BF9DDF5E or full of zeroes
  uint8_t klicensee[0x10]; // usually full of zeroes for NPDRM and fSELF. Usually retrieved from bound RIF for NPDRM.
  uint8_t shared_secret_2[0x10]; // usually full of zeroes for NPDRM and fSELF
  uint32_t shared_secret_3_0; // ex: 0x10, usually full of zeroes for NPDRM and fSELF
  uint32_t shared_secret_3_1; // usually full of zeroes for NPDRM and fSELF
  uint32_t shared_secret_3_2; // usually full of zeroes for NPDRM and fSELF
  uint32_t shared_secret_3_3; // usually full of zeroes for NPDRM and fSELF
} SceSharedSecret;
  typedef struct {
  typedef struct {
   uint32_t type; // 1=PS3 plaintext_capability; 2=PS3 ELF digest; 3=PS3 NPDRM, 4=PS Vita ELF digest; 5=PS Vita NPDRM; 6=PS Vita boot param; 7=PS Vita shared secret
   uint32_t type; // 1=PS3 plaintext_capability; 2=PS3 ELF digest; 3=PS3 NPDRM, 4=PSVita ELF digest; 5=PSVita NPDRM; 6=PSVita boot param; 7=PSVita shared secret
   uint32_t size;
   uint32_t size;
   uint64_t next; // 1 if another Supplemental Header element follows else 0
   uint64_t next; // 1 if another Supplemental Header element follows else 0
Line 549: Line 484:
     // type 2, 0x40 bytes
     // type 2, 0x40 bytes
     struct { // 0x30 bytes of data
     struct { // 0x30 bytes of data
       uint8_t constant[0x14]; // same for every PS3/PS Vita SELF, hardcoded in make_fself.exe: 627CB1808AB938E32C8C091708726A579E2586E4
       uint8_t constant[0x14]; // same for every PSVita/PS3 SELF, hardcoded in make_fself.exe: 627CB1808AB938E32C8C091708726A579E2586E4
       uint8_t elf_digest[0x14]; // SHA-1. Hash F2C552BF716ED24759CBE8A0A9A6DB9965F3811C is blacklisted by appldr
       uint8_t elf_digest[0x14]; // SHA-1. Hash F2C552BF716ED24759CBE8A0A9A6DB9965F3811C is blackisted by appldr
       uint64_t required_system_version; // filled on Sony authentication server, contains decimal PS3_SYSTEM_VER value from PARAM.SFO
       uint64_t required_system_version; // filled on Sony auth server, contains decimal PS3_SYSTEM_VER value from PARAM.SFO
     } PS3_elf_digest_header_40;
     } PS3_elf_digest_header_40;


Line 562: Line 497:
     // type 3, 0x90 bytes
     // type 3, 0x90 bytes
     struct { // 0x80 bytes of data
     struct { // 0x80 bytes of data
       PS3_NPD npd; // See [[NPD]]
       uint32_t magic;           // 4E 50 44 00 ("NPD.")
      uint32_t license_version;
      uint32_t drm_type;        // [[License Types|license_type]]
      uint32_t app_type;        // [[App Types|app_type]]
      uint8_t content_id[0x30];
      uint8_t digest[0x10];    // SHA-1 hash of debug self/sprx created with make_fself_npdrm
      uint8_t inv_digest[0x10]; // hash_cid_fname
      uint8_t xor_digest[0x10]; // hash_cid
      uint8_t padding[0x10];
     } PS3_npdrm_header;
     } PS3_npdrm_header;


     // type 4, 0x50 bytes
     // type 4, 0x50 bytes
     struct { // 0x40 bytes of data
     struct { // 0x40 bytes of data
       uint8_t constant[0x14]; // same for every PS3/PS Vita SELF, hardcoded in make_fself.exe: 627CB1808AB938E32C8C091708726A579E2586E4
       uint8_t constant[0x14]; // same for every PSVita/PS3 SELF, hardcoded in make_fself.exe: 627CB1808AB938E32C8C091708726A579E2586E4
       uint8_t elf_digest[0x20]; // SHA-256 of source ELF file.
       uint8_t elf_digest[0x20]; // SHA-256 of source ELF file.
       uint8_t padding[8];
       uint8_t padding[8];
Line 574: Line 517:
      
      
     // type 5, 0x110 bytes
     // type 5, 0x110 bytes
     struct { // 0x100 bytes of data
     struct { // 0x80 bytes of data
       uint32_t magic;              // 7F 44 52 4D (".DRM")
       uint32_t magic;              // 7F 44 52 4D (".DRM")
       uint32_t finalized_flag;      // ex: 80 00 00 01. It may be version like in NPD.
       uint32_t finalized_flag;      // ex: 80 00 00 01
       uint32_t drm_type;            // [[NPDRM#DRM_Type]]
       uint32_t drm_type;            // [[License Types|license_type]] ex: 2 local, 0xD free with license
       uint32_t padding;             // It may be Application Type like in NPD.
       uint32_t padding;
       uint8_t content_id[0x30];
       uint8_t content_id[0x30];
       uint8_t digest[0x10];        // ?sha-1 hash of debug SELF/SPRX created using make_fself_npdrm? content_id hash?
       uint8_t digest[0x10];        // ?sha-1 hash of debug self/sprx created using make_fself_npdrm?
       uint8_t padding_78[0x78];
       uint8_t padding_78[0x78];
       ECDSA224_signature sig[0x38]; // signature of PSVita_npdrm_header? signature of an external NPDRM file?
       uint8_t hash_signature[0x38]; // unknown hash/signature
     } PSVita_npdrm_header;
     } PSVita_npdrm_header;
      
      
     // type 6, 0x110 bytes
     // type 6, 0x110 bytes
     struct { // 0x100 bytes of data
     struct { // 0x100 bytes of data
       uint8_t boot_param[0x100];
      uint32_t is_used; // 0=false, 1=true
       uint8_t boot_param[0x9C]; // ex: starting with 02 00 00 00
     } PSVita_boot_param_header;
     } PSVita_boot_param_header;
      
      
     // type 7, 0x50 bytes
     // type 7, 0x50 bytes
     struct { // 0x40 bytes of data
     struct { // 0x40 bytes of data
       SceSharedSecret shared_secret;
       uint8_t shared_secret_0[0x10]; // ex: 0x7E7FD126A7B9614940607EE1BF9DDF5E or full of zeroes
      uint8_t shared_secret_1[0x10]; // ex: full of zeroes
      uint8_t shared_secret_2[0x10]; // ex: full of zeroes
      uint8_t shared_secret_3[0x10]; // ex: full of zeroes
     } PSVita_shared_secret_header;
     } PSVita_shared_secret_header;
   };
   };
Line 602: Line 549:
=== Comments ===
=== Comments ===


There are 3 digests in ps3_npdrm_header:
*digest is the sha1 checksum of the entire SELF file.
*inv_digest is the inverse of digest.
*xor_digest is digest XORed with 0xAAAAAA..AAAAAB.
The PSJailbreak payload ignores the actual checksums, but checks that the 3rd checksum is the 2nd checksum XORed with 0xAAAAAA..AAAAAB.
Notes:
* See [[Capability_Flags]].
* See [[Capability_Flags]].
* PS3 loader uses supplemental_header_table to handle some data:
* PS3 loader uses supplemental_header_table to handle some data:
Line 609: Line 564:
   uint8[0x14] elf_digest;        /* sha1 hash of the ELF file */
   uint8[0x14] elf_digest;        /* sha1 hash of the ELF file */
   uint32_t    unknown_0;          /* seems to be padding */
   uint32_t    unknown_0;          /* seems to be padding */
   uint64_t    required_system_version;    /* PS3_SYSTEM_VER, decimal format */
   uint64_t    required_system_vesion;    /* PS3_SYSTEM_VER, decimal format */
} supplemental_header_table;
} supplemental_header_table;
</source>
</source>


= Extraction =
== Encryption Root Header ==
 
Temp name was Metadata Information. Official name is encryption_root_header.
 
This is not present in fCF (fSELF, fSPP, etc...).
 
The key and ivec fields are encrypted using AES256CBC.
 
=== Struct ===
 
<source lang="C">
typedef struct {
  uint8_t key[16];
  uint8_t key_pad[16];
  uint8_t iv[16];
  uint8_t iv_pad[16];
} __attribute__((packed)) encryption_root_header;
</source>
 
=== Comments ===
 
== Certification Header ==
 
Temp name was Metadata Header. Official name is certification_header.
 
It is only present if the Encryption Root Header is present.
 
It is decrypted using AES128 with the key and ivec entries from the Encryption Root Header.
 
It is located after the Encryption Root Header in the SELF file.
 
=== Struct ===
 
<source lang="C">
typedef struct {
  uint64_t footer_offset;
  uint32_t signature_type;            // 1 = ECDSA160, 5 = RSA2048
  uint32_t segment_count;
  uint32_t blocks_count; // was keyCount
  uint32_t optional_header_size;
  uint64_t unknown06;
} __attribute__((packed)) certification_header;
</source>
 
=== Comments ===
 
== Certification Body ==
 
*It is decrypted with the key and ivec entries from the Encryption Root Header.
 
=== Segment Certification Header ===
 
Temp name was Metadata Section Header. Official name is segment_certification_header.
 
It is only present if the Certification Header is present.
 
The number of sections is indicated by the segment_count entry in the Certification Header.
 
The Segment Certification Headers are located after the Certification Header in the SELF file.
 
==== Struct ====
 
<source lang="C">
typedef struct {
  uint64_t segment_offset;
  uint64_t segment_size;
  uint32_t segment_type;  // 1 = shdr, 2 = phdr, 3 = sceversion
  uint32_t program_idx;    // 0,1,2,3,etc for phdr, always 3 for shdrs, sceversion shdr number for sceversion
  uint32_t hash_algorithm; // ?1 = none?, 2 = sha1_hmac, 3 = sha1, 6 = sha256_hmac
  uint32_t hash_idx;
  uint32_t enc_algorithm;  // 1 = none, 2 = aes128cbccfb, 3 = aes128ctr
  uint32_t key_idx;        // -1 when enc_algorithm = none
  uint32_t iv_idx;        // -1 when enc_algorithm = none
  uint32_t comp_algorithm; // 1 = none, 2 = zlib
} __attribute__((packed)) segment_certification_header;
</source>
 
==== Comments ====
 
Notes:
*Segment data is decrypted using enc_algorithm with the key and ivec from the Segment Certification specified by key_idx and iv_idx.
*The segment_offset of the Segment Certification Header matches in general the offset from the Segment Extended Header.
 
=== Segment Certification ===
 
Temp name was Metadata Keys, Section Hash. Official name might be Segment Certification.
 
The number of Segment Certifications is indicated by the segment_count entry in the Certification Header.
 
The Segment Certifications are located after the Segment Certification Headers in the SELF file.
 
==== Struct ====
 
<source lang="C">
typedef struct {
  union { // size is 0x40 bytes
    uint8_t digest[0x20]; // hmac_sha1
    uint8_t hmac_key[0x20];
  } hash_type2;
  union { // size is 0x60 bytes
    uint8_t unk0[0x20]; // certinly hmax_sha256
    uint8_t unk1[0x40]; // certainly hmac_key
  } hash_type6;
  union { // size is 0x20 bytes
    uint8_t key[0x10];
    uint8_t iv[0x10];
  } encryption_params; // present for type 2 and 3
} __attribute__((packed)) segment_certification;
</source>
 
==== Comments ====
 
Notes:
*The HMAC-SHA1 is calculated on the decrypted data and before the decompression.
 
=== Optional Header Table ===
 
Temp name was Signature Info, Capabilities Info. Official name is optional_header_table.
 
The Optional Header Table is located after the Section Hash in the SELF file.
It is only present if optional_header_size in the Certification Header is not zero.
 
==== Struct ====
 
<source lang="C">
typedef struct {
uint32_t type; // 1=capability_header, 2=individual_seed_header, 3=attribute_header
uint32_t size;
uint64_t next; // 1 if another optional_header structure follows else 0
union {
// type 1
struct { // 0x20 bytes of data
uint8_t capability[0x20];
} capability_header;
// type 2
struct { // 0x100 bytes of data
uint8_t individual_seed[0x100];
} individual_seed_header;
// type 3
struct { // 0x20 bytes of data
uint8_t attribute[0x20];
} attribute_header;
};
} __attribute__((packed)) optional_header;
</source>
 
=== Comments ===
 
* Type 1 contains encrypted_capability. See [[Capability Flags]].


* Load the Encryption Root Header and decrypt the key and IV entries using AES256CBC with key and IV from OS.
== Certification Footer ==
* Load the Certification Header and decrypt it using AES128CTR/CBC with the key and IV entries from the Encryption Root Header.
* Load the Segment Certification Headers and decrypt them using AES128CTR/CBC with the key and ivec entries from the Encryption Root Header.
* Load the Segment Certifications and decrypt them using AES128CTR/CBC with the key and ivec entries from the Encryption Root Header.
* For each Segment Certification:
** In the SELF file, fseek to data_offset and read in data_size bytes.
** Decrypt the data using the algorithm, key and ivec from the Segment Certification specified by keyIndex and ivecIndex in the Segment Certification Header.
** Uncompress the data using the algorithm specified in the Segment Certification Header.
** Write the output data to the ELF file as the program section specified by segment_id in the Segment Certification Header.


= Tools =
Temp name was Signature.


== Official tools ==
It is located at the Certification Header footer_offset in the SELF file.


=== make_fself ===
It is decrypted with the key and ivec entries from the Encryption Root Header.


==== make_fself version 1.9.0 (2009-02-15) ====
It can be ECDSA160 or RSA2048, according to the Certification Header.


Found in SCE PS3 SDK 1.92.
=== Struct ===


=== make_fself_npdrm ===
<source lang="C">
typedef struct {
  union {
    uint8_t r[21];
    uint8_t s[21];
    uint8_t padding[6];
  } ECDSA160;
  union {
    uint8_t rsa[0x100];
  } RSA2048;
} __attribute__((packed)) certification_footer;
</source>


==== make_fself_npdrm version 1.9.0 (2009-02-15) ====
=== Comments ===


Found in SCE PS3 SDK 1.92.
* footer_offset is the number of bytes which are used to generate the SHA-1 which is used to generate the ECDSA signature. The length should be eveything from the beginning until the signature itself. The decrypted version of the input data is used for signature.


=== unfself ===
= Extraction =


==== unfself version 1.9.0 (2009-02-15) ====
=== ELF Header ===


Found in SCE PS3 SDK 1.92.
Elf64_Ehdr elfHeader;
fseek ( selfFile, fix64 ( selfHeader.elfHeaderOffset ), SEEK_SET );
fread ( &amp;elfHeader, sizeof ( Elf64_Ehdr ), 1, selfFile );
fseek ( elfFile, 0, SEEK_SET );
fwrite ( &amp;elfHeader, sizeof ( Elf64_Ehdr ), 1, elfFile );


== Unofficial tools ==
=== Section Headers ===


=== some tool by geohot (2009) ===
Elf64_Shdr elfSectionHeaders[100];
fseek ( selfFile, fix64 ( selfHeader.elfSectionHeadersOffset ), SEEK_SET );
fread ( elfSectionHeaders, sizeof ( Elf64_Shdr ), fix16 ( elfHeader.e_shnum ), selfFile );
fseek ( elfFile, fix64 ( elfHeader.e_shoff ), SEEK_SET );
fwrite ( elfSectionHeaders, sizeof ( Elf64_Shdr ), fix16 ( elfHeader.e_shnum ), elfFile );


To be documented.
=== Section Data ===


=== scetool by fail0verflow (?2010?) ===
Notes:
*Unknown, manually copying the data over works for now.
*There should be a section data offset somewhere.


To be documented.
=== Program Headers ===


=== some tool by xorloser ===
Elf64_Phdr elfProgramHeaders[100];
fseek ( selfFile, fix64 ( selfHeader.elfProgramHeadersOffset ), SEEK_SET );
fread ( elfProgramHeaders, sizeof ( Elf64_Phdr ), fix16 ( elfHeader.e_phnum ), selfFile );
fseek ( elfFile, fix64 ( elfHeader.e_phoff ), SEEK_SET );
fwrite ( elfProgramHeaders, sizeof ( Elf64_Phdr ), fix16 ( elfHeader.e_phnum ), elfFile );


To be documented.
=== Program Data ===
 
Notes:
*Load the Encryption Root Header and decrypt the key and ivec entries using AES256CBC with erk and riv from OS.
*Load the Certification Header and decrypt it using AES128CTR/CBC with the key and ivec entries from the Encryption Root Header.
*Load the Segment Certification Headers and decrypt them using AES128CTR/CBC with the key and ivec entries from the Encryption Root Header.
*Load the Segment Certifications and decrypt them using AES128CTR/CBC with the key and ivec entries from the Encryption Root Header.
*For each Segment Certification:
**In the SELF file, fseek to data_offset and read in data_size bytes.
**Decrypt the data using the algorithm, key and ivec from the Segment Certification specified by keyIndex and ivecIndex in the Segment Certification Header.
**Uncompress the data using the algorithm specified in the Segment Certification Header.
**Write the output data to the ELF file as the program section specified by program_idx in the Segment Certification Header.




{{File Formats}}<noinclude>
{{File Formats}}<noinclude>[[Category:Main]]</noinclude>
[[Category:Main]]
</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)