NPDRM

From PS3 Developer wiki
Jump to navigation Jump to search

The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page.

To merge on wiki:

See also PS Vita NPDRM and PSP NPDRM.

PS3 NPDRM SELF - SPRX decryption steps

Once that the user is trying to start a SELF - SPRX, the VSH looks for the Program Identification Header. If the Program Type is NPDRM, then the Supplemental Header Table NPDRM header is located. From this NPD header the VSH gets the #DRM Type.

If a Network DRM content is to be loaded, the VSH loads the act.dat and the .rif associated to the content (it will download .rif to VSH process memory).

For Local DRM content too, the VSH locates a file with the same CONTENT ID as in NPDRM header, then the signatures are checked (RIF offset 0x70 and act.dat offset 0x1010). Using the np_act_data_index_dec_key, it will decrypt the actdatIndex stored in RIF.

If a Free DRM (DRM type 3) content is detected then there is no license check, so no need for .rif/act.dat, and a generic klicensee klic_ps3_free will be used for further steps.

Then the execution passes to LV2 Syscall no 471 sys_npdrm_regist_ekc.

// is it titleID or content_id?
int sys_npdrm_regist_ekc(uint32_t type, char* titleID, void* klicensee, uint8_t* actdat, uint8_t* rif, int32_t licenseType, uint8_t* magicVersion);

This function has different parameters depending on the #DRM Type:

  • Local/Network DRM content:
    sys_npdrm_regist_ekc(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
    
  • Free DRM content:
    sys_npdrm_regist_ekc(npd.type, &npd.titleID, klic_ps3_free, NULL, NULL, npd.license, &npd);
    

The lv2 keeps a memory table with contentID and the associated klicensee:

  • Local/Network DRM content: lv2 AES128 decrypts the encrypted klicensee from RIF by using NPDRM IDPS Seed, IDPS, act.dat and some other keys. Once transformed, klicensee is stored in a memory table.
  • Free DRM content: lv2 copies the titleID and the generic klicensee (klic_ps3_free) to a memory table.

From there, the lv1 hypervisor, by loading appldr, will transform the key by using the ps3_klic_dec_key and finally remove the NPDRM layer of the SELF/SPRX to start the SELF - SPRX decryption.

PS3 NPDRM EDAT decryption steps

See EDAT files.

DRM Type

A temporary name was "License type".

Value Type Remarks
0 Debug Used in SDAT files.
1 Network It requires network authentication every time the content is launched. See inability example.
2 Local It requires first time activation online (paid content but also demo and free of charge content).
3 Free On PS3, it does not require any license file nor console activation (act.dat). PS3 disc bind contents use this DRM Type.
4 PSP This type was found in make_package_npdrm.exe revision 1972.
0xD "PSP2 Free" (guessed name) Used for Free contents but with license (.rif) requirement, unlike DRM Type 3.
0x400 "PSP2 GameCard" (guessed name) Requires a .rif stored in the gamecard filsystem and the cartridge to be inserted for authentication. 0x04 might be the Application Type.
0x2000 PS3 Disc Based (hypothesis) 0x20 might be the Application Type.

NPDRM contents decryption requires a key, the key licensee or klicensee. Depending on the content's DRM Type, klicensee is got in different ways:

  • DRM type Network: klicensee is generated using rif + ?to detail?
  • DRM type Local: klicensee is generated using act.dat + associated rif + console's IDPS
  • DRM type Free: klicensee is the constant PS3 Free klicensee (see NPDRM Keys and appldr keys)
  • DRM type "PSP2 Free": klicensee is derived from associated RIF stored in the NPDRM PKG file
  • DRM type "PSP2 GameCard": klicensee is derived from associated RIF stored in the gamecard and cartridge special auth command

Free games/applications, e.g. demos and some additional contents can either use Free, Local or "PSP2 Free" DRM Types.

Tools