NPDRM: Difference between revisions
Jump to navigation
Jump to search
CelesteBlue (talk | contribs) |
CelesteBlue (talk | contribs) |
||
| (18 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
{{Wikify}} | {{Wikify}} | ||
'''The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page''' | '''The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page.''' | ||
See also [https://wiki.henkaku.xyz/vita/SceNpDrm]. | To merge on wiki: | ||
* [http://www.emunewz.net/forum/showthread.php?tid=8134 PSP NPDRM explanation by Hykem] | |||
* [http://wololo.net/talk/viewtopic.php?f=67&t=40656 How to find dev klicensee in NPDRM SELF - SPRX by '''Mysis'''] | |||
See also [https://wiki.henkaku.xyz/vita/SceNpDrm PS Vita NPDRM] and PSP NPDRM. | |||
= PS3 NPDRM SELF - SPRX decryption steps = | = PS3 NPDRM SELF - SPRX decryption steps = | ||
Once the user is trying to start a [[SELF | Once that the user is trying to start a [[SELF - SPRX]], the [[VSH]] looks for the [[SELF_-_SPRX#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_-_SPRX#Supplemental_Header_Table|Supplemental Header Table NPDRM header]] is located. From this [[NPD]] header the [[VSH]] gets the [[#DRM Type]]. | ||
If a Network | If a Network DRM content is to be loaded, the [[VSH]] loads the act.dat and the .rif associated to the content (it will download .rif to VSH process memory). | ||
For Local | For Local DRM content too, the [[VSH]] locates a file with the same CONTENT ID as in NPDRM header, then the signatures are checked (RIF offset 0x70 and act.dat offset 0x1010). Using the [[Keys#NPDRM_Keys|np_act_data_index_dec_key]], it will decrypt the actdatIndex stored in RIF. | ||
If a Free content | If a Free DRM (DRM type 3) content is detected then there is no license check, so no need for .rif/act.dat, and a generic klicensee [[Keys#NPDRM_Keys|klic_ps3_free]] will be used for further steps. | ||
Then the execution passes to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscall no 471 sys_npdrm_regist_ekc]]. | |||
<source lang="C"> | |||
// is it titleID or content_id? | |||
int sys_npdrm_regist_ekc(uint32_t type, char* titleID, void* klicensee, uint8_t* actdat, uint8_t* rif, int32_t licenseType, uint8_t* magicVersion);</source> | |||
This function has different parameters depending on the [[#DRM Type]]: | |||
* Local/Network DRM content: <source lang="C">sys_npdrm_regist_ekc(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);</source> | |||
* Free DRM content: <source lang="C">sys_npdrm_regist_ekc(npd.type, &npd.titleID, klic_ps3_free, NULL, NULL, npd.license, &npd);</source> | |||
The lv2 keeps a memory table with contentID and the associated klicensee: | |||
* Local/Network DRM content: lv2 AES128 decrypts the encrypted klicensee from RIF by using [[Keys#NPDRM_Keys|NPDRM IDPS Seed]], [[IDPS]], act.dat and some other keys. Once transformed, klicensee is stored in a memory table. | |||
* Free DRM content: lv2 copies the titleID and the generic klicensee (klic_ps3_free) to a memory table. | |||
From there, the lv1 hypervisor, by loading [[Hypervisor_Reverse_Engineering#appldr|appldr]], will transform the key by using the [[Keys#ps3_klic_dec_key|ps3_klic_dec_key]] and finally remove the NPDRM layer of the SELF/SPRX to start the [[SELF - SPRX]] decryption. | |||
= PS3 NPDRM EDAT decryption steps = | |||
See [[EDAT files]]. | |||
= DRM Type = | |||
A temporary name was "License type". | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
| Line 44: | Line 45: | ||
! Value !! Type !! Remarks | ! Value !! Type !! Remarks | ||
|- | |- | ||
| 0 || | | 0 || Unknown (official name) || It does not require any license. Set in [[EDAT_files|SDATA files]]. | ||
|- | |||
| 1 || Network || It requires network authentication every time the content is launched. See [http://en.wikipedia.org/wiki/PlayStation_Network_outage#Inability_to_use_PlayStation_3_content inability example]. | |||
|- | |||
| 2 || Local || It requires first time activation online (paid content but also demo and free of charge content). | |||
|- | |- | ||
| | | 3 || Free || On PS3, it does not require any license file nor console activation (act.dat). PS3 disc bind contents use this DRM Type. On PSP, when a .rif is present for Free DRM Type, the RIF NP Account ID is replaced by a Magic Gate Memory Stick command result and the RIF encrypted account keyring index is replaced by the sha1 digest of this Magic Gate Memory Stick command result. | ||
|- | |- | ||
| | | 4 || PSP || This type exists according to PS3 make_package_npdrm.exe revision 1972. However, no .rif holding this DRM Type was ever seen. | ||
|- | |- | ||
| | | 0xD || Free (PSP2/PSM) || Used for Free contents but with license (.rif) requirement, unlike DRM Type 3. Requires either pd0:license/rifname.rif (for Welcome Park) or /app/TITLEID/sce_sys/package/temp.bin (for .pkg installed from PS Store). | ||
|- | |||
| 0x100 || Network (PSP/PSP2) || Seen in PSP and PS Vita OS. On PSP, extends the RIF ECDSA signed data with IDPS and Fuse ID. On PS Vita, forces OpenPSID comparison in RIF and thus RIF RSA signature verification. | |||
|- | |||
| 0x400 || GameCard (PSP2) || Requires a .rif stored in the gamecard filesystem and the gamecard to be inserted for authentication. | |||
|- | |||
| 0x2000 || Unknown (PS3) || Seen in EP0001-NPEB00560_00-GRAW2PS3REMPKG01.rif. | |||
|} | |} | ||
= | NPDRM contents decryption requires a key, the key licensee or klicensee. Depending on the content's DRM Type, klicensee is got in different ways: | ||
* DRM type Network: klicensee is generated using associated RIF downloaded on-load from PS Store + ?to detail? | |||
* DRM type Local: klicensee is generated using associated RIF downloaded on-installation from PS Store + act.dat + console's IDPS | |||
* DRM type Free: klicensee is the constant PS3 Free klicensee (see [[Keys#NPDRM_Keys|NPDRM keys]] and [[Keys#Appldr|appldr keys]]) | |||
* DRM type Free (PSP2/PSM): klicensee is derived from associated RIF stored in the NPDRM PKG file | |||
* DRM type GameCard: klicensee is derived from associated RIF stored in the gamecard and gamecard authentication command | |||
Free games/applications, e.g. demos and free additional contents can either use Free, Free (PSP2/PSM) or Local DRM Types. | |||
= License Flags = | |||
License Flags are guessed to be either 4 or 6 bytes long (leaving DRM Type either 2 or 4 bytes long). | |||
See [[RIF]]. | |||
* | * 1 by default | ||
* 0x200 for preordered content that is not usable yet. Seen in EP1004-BLES01807_00-GTAVDLCATOMICBLI.rif, EP1004-NPEB01283_00-GTAVDIGITALDOWNL.rif and EP1004-NPEP00231_00-TGRANDTHEF000001.rif. | |||
= Tools = | |||
*[ | * Tools to convert RAP to klicensee: [[Dev_Tools#ReactPSN_.rap_to_.rif_converter|download links and usage]] | ||
{{File Formats}}<noinclude>[[Category:Main]]</noinclude> | {{File Formats}}<noinclude>[[Category:Main]]</noinclude> | ||
Latest revision as of 20:54, 24 June 2023
| This article is marked for rewrite/restructuring in proper wiki format. You can help PS3 Developer wiki by editing it. |
The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page.
To merge on wiki:
See also PS Vita NPDRM and PSP NPDRM.
PS3 NPDRM SELF - SPRX decryption steps[edit | edit source]
Once that the user is trying to start a SELF - SPRX, the VSH looks for the Program Identification Header. If the Program Type is NPDRM, then the Supplemental Header Table NPDRM header is located. From this NPD header the VSH gets the #DRM Type.
If a Network DRM content is to be loaded, the VSH loads the act.dat and the .rif associated to the content (it will download .rif to VSH process memory).
For Local DRM content too, the VSH locates a file with the same CONTENT ID as in NPDRM header, then the signatures are checked (RIF offset 0x70 and act.dat offset 0x1010). Using the np_act_data_index_dec_key, it will decrypt the actdatIndex stored in RIF.
If a Free DRM (DRM type 3) content is detected then there is no license check, so no need for .rif/act.dat, and a generic klicensee klic_ps3_free will be used for further steps.
Then the execution passes to LV2 Syscall no 471 sys_npdrm_regist_ekc.
// is it titleID or content_id?
int sys_npdrm_regist_ekc(uint32_t type, char* titleID, void* klicensee, uint8_t* actdat, uint8_t* rif, int32_t licenseType, uint8_t* magicVersion);
This function has different parameters depending on the #DRM Type:
- Local/Network DRM content:
sys_npdrm_regist_ekc(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
- Free DRM content:
sys_npdrm_regist_ekc(npd.type, &npd.titleID, klic_ps3_free, NULL, NULL, npd.license, &npd);
The lv2 keeps a memory table with contentID and the associated klicensee:
- Local/Network DRM content: lv2 AES128 decrypts the encrypted klicensee from RIF by using NPDRM IDPS Seed, IDPS, act.dat and some other keys. Once transformed, klicensee is stored in a memory table.
- Free DRM content: lv2 copies the titleID and the generic klicensee (klic_ps3_free) to a memory table.
From there, the lv1 hypervisor, by loading appldr, will transform the key by using the ps3_klic_dec_key and finally remove the NPDRM layer of the SELF/SPRX to start the SELF - SPRX decryption.
PS3 NPDRM EDAT decryption steps[edit | edit source]
See EDAT files.
DRM Type[edit | edit source]
A temporary name was "License type".
| Value | Type | Remarks |
|---|---|---|
| 0 | Unknown (official name) | It does not require any license. Set in SDATA files. |
| 1 | Network | It requires network authentication every time the content is launched. See inability example. |
| 2 | Local | It requires first time activation online (paid content but also demo and free of charge content). |
| 3 | Free | On PS3, it does not require any license file nor console activation (act.dat). PS3 disc bind contents use this DRM Type. On PSP, when a .rif is present for Free DRM Type, the RIF NP Account ID is replaced by a Magic Gate Memory Stick command result and the RIF encrypted account keyring index is replaced by the sha1 digest of this Magic Gate Memory Stick command result. |
| 4 | PSP | This type exists according to PS3 make_package_npdrm.exe revision 1972. However, no .rif holding this DRM Type was ever seen. |
| 0xD | Free (PSP2/PSM) | Used for Free contents but with license (.rif) requirement, unlike DRM Type 3. Requires either pd0:license/rifname.rif (for Welcome Park) or /app/TITLEID/sce_sys/package/temp.bin (for .pkg installed from PS Store). |
| 0x100 | Network (PSP/PSP2) | Seen in PSP and PS Vita OS. On PSP, extends the RIF ECDSA signed data with IDPS and Fuse ID. On PS Vita, forces OpenPSID comparison in RIF and thus RIF RSA signature verification. |
| 0x400 | GameCard (PSP2) | Requires a .rif stored in the gamecard filesystem and the gamecard to be inserted for authentication. |
| 0x2000 | Unknown (PS3) | Seen in EP0001-NPEB00560_00-GRAW2PS3REMPKG01.rif. |
NPDRM contents decryption requires a key, the key licensee or klicensee. Depending on the content's DRM Type, klicensee is got in different ways:
- DRM type Network: klicensee is generated using associated RIF downloaded on-load from PS Store + ?to detail?
- DRM type Local: klicensee is generated using associated RIF downloaded on-installation from PS Store + act.dat + console's IDPS
- DRM type Free: klicensee is the constant PS3 Free klicensee (see NPDRM keys and appldr keys)
- DRM type Free (PSP2/PSM): klicensee is derived from associated RIF stored in the NPDRM PKG file
- DRM type GameCard: klicensee is derived from associated RIF stored in the gamecard and gamecard authentication command
Free games/applications, e.g. demos and free additional contents can either use Free, Free (PSP2/PSM) or Local DRM Types.
License Flags[edit | edit source]
License Flags are guessed to be either 4 or 6 bytes long (leaving DRM Type either 2 or 4 bytes long).
See RIF.
- 1 by default
- 0x200 for preordered content that is not usable yet. Seen in EP1004-BLES01807_00-GTAVDLCATOMICBLI.rif, EP1004-NPEB01283_00-GTAVDIGITALDOWNL.rif and EP1004-NPEP00231_00-TGRANDTHEF000001.rif.
Tools[edit | edit source]
- Tools to convert RAP to klicensee: download links and usage
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
