NPDRM: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
m (wikify)
(27 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[[Category:Software]]{{Wikify}}
{{Wikify}}


'''The info on this page is an extract of talk page, conversations and forum posts, please digest the info and move it this page'''
'''The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page'''


See also [https://wiki.henkaku.xyz/vita/SceNpDrm].


Once the [[VSH|vsh]] detects that user is trying to start a [[SELF File Format and Decryption|SELF]], it looks for the [[SELF_File_Format_and_Decryption#App_Info|appinfo header type]]. If the [[SELF_Types|type is 8]], then the [[SELF_File_Format_and_Decryption#Control_Information|control digest element type 3]] (NPD element) is located. From this NPD header the vsh gets the [[License Types]] (network license, local or free).
= PS3 NPDRM SELF - SPRX decryption steps =


*'''Network License''' (type 01): if a remote paid content is to be loaded, the vsh loads the act.dat and the rif associated to the content (will download to vsh process memory)
Once the user is trying to start a [[SELF File Format and Decryption|SELF]], the [[VSH|vsh]] looks for the [[SELF_File_Format_and_Decryption#Program_Identification_Header|Program Identification Header]]. If the [[Program Type]] is NPDRM, then the [[SELF_File_Format_and_Decryption#Supplemental_Header_Table|NPDRM info]] is located. From this NPD header the vsh gets the [[NPDRM_Selfs#License_Type]].


*'''Local''' (type 02): it will locate a file with the same titleid on NPD element (CONTENT_ID), then the signature is checked (last 0x28 bytes of both RIF and act.dat).
If a Network Licensed content is to be loaded, the vsh loads the act.dat and the .rif associated to the content (will download .rif to vsh process memory).


*'''Free''' (type 03): if a free content (03) is detected then a generic klicense will be use for further steps (go to LV2).  
For Local License content too, the vsh locates a file with the same CONTENT ID than in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).


If a Free content (no license check: no need for .rif/act.dat) is detected then a [[Keys#klic_free_key|generic klicense]] will be use for further steps (go to LV2).


==act.dat header(encrypted) structure==
Using the RIF_KEY with the [[Keys#RIF.27s_act.dat_index_decryption_key|act.dat index decryption key]], it will obtain the actdatIndex, then the execution passes to [[LV2_Functions_and_Syscalls#LV2_Syscalls|LV2 Syscalls 471]].


{| class="wikitable sortable"
This function has different parameters depending of the License Type:
|-
 
| style="background-color:#123EDA; color:#FFFFFF;" |'''Name'''
<div style="width:600px; overflow:auto">
| style="background-color:#123EDA; color:#FFFFFF;" |'''Offset'''
PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
| style="background-color:#123EDA; color:#FFFFFF;" |'''Size'''
FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
| style="background-color:#123EDA; color:#FFFFFF;" |'''Example'''
</div>
| style="background-color:#123EDA; color:#FFFFFF;" |'''Remark'''
:<small>*PAID can also include free games/apps too but require this licensing check</small>
|-
 
| Version Number || 0x0 || 0x4 || 00000001 ||
The lv2 keeps a memory table with contentID and the associated key:
|-
*Licensed content: the encrypted klicensee is converted to the klicensee (by using a [[Keys#klicensee_constant|constant value on lv2]], [[IDPS|IDPS]] and the act.dat) and once transformed it is stored in memory table.
| License Type || 0x4 || 0x4 || 00000001 ||
*Free content: copies the titleID and the generic klicensee to the table.
|-
 
| User Number || 0x8 || 0x8 || N.A ||
From there, the lv1 hypervisor by loading [[Hypervisor_Reverse_Engineering#appldr|Appldr]], will transform (again) this key by using the [[Keys#klic_dec_key|klic_dec_key]] and finally remove the NPDRM layer to start the [[SELF - SPRX]] decryption.
|-
 
| KeyTable Retail || 0x10 || 0x800 || N.A ||
See also:
|-
*http://wololo.net/talk/viewtopic.php?f=67&t=40656 Tutorial: How to find dev klicensee by '''Mysis'''
| KeyTable Debug? || 0x810 || 0x800 || N.A ||
 
|-
= PS3 NPDRM EDAT decryption steps =
| Signature || 0x1010 || 0x28 || N.A ||
|-
|}


To document.


==rif header(encrypted) structure==
= License Type =


{| class="wikitable sortable"
{| class="wikitable sortable"
|-
|-
| style="background-color:#123EDA; color:#FFFFFF;" |'''Name'''
! Value !! Type !! Remarks
| style="background-color:#123EDA; color:#FFFFFF;" |'''Offset'''
| style="background-color:#123EDA; color:#FFFFFF;" |'''Size'''
| style="background-color:#123EDA; color:#FFFFFF;" |'''Example'''
| style="background-color:#123EDA; color:#FFFFFF;" |'''Remark'''
|-
| Version Number || 0x0 || 0x4 || 00 00 00 01 ||
|-
| License Type || 0x4 || 0x4 || 00 01 00 02 ||
|-
| User Number || 0x8 || 0x8 || 00 00 00 00 00 00 00 02 || Used on Rap2Rif header
|-
| [[PARAM.SFO#CONTENT_ID|CONTENT ID]] || 0x10 || 0x30 || N.A || Content ID
|-
| Random Padding || 0x40 || 0xC || N.A ||
|-
|-
| act.dat index key || 0x4C || 0x4 || N.A ||
| 0 || Debug || SDAT
|-
|-
| encrypted klic || 0x50 || 0x10 || N.A  ||
| 1 || Network License || It requires network authentication every time the content is launched. [http://en.wikipedia.org/wiki/PlayStation_Network_outage#Inability_to_use_PlayStation_3_content See inability example].
|-
|-
| bought on/ start || 0x60 || 0x8 || 00 00 01 2F 41 5C 00 00 || For human readable, convert to decimal and use one [http://www.epochconverter.com/ Epoch-Unix converter] time format online.
| 2 || Local License || It requires first time activation online (paid content but also demo & free of charge content).
|-
|-
| expires in || 0x68 || 0x8 || 00 00 00 00 00 00 00 00 || If zeroed,-, there is no time limit. Used on PS+ for example.
| 3 || Free || It does not require any license file nor console activation (act.dat).
|-
| Signature || 0x70 || 0x28 || 11 || Patched on some cfw. See Rif_Junk on Rap2Rif by '''Flatz'''
|-
|}
|}
= Tools =


*[http://pastie.org/private/yltlfwubsz8w5pyhmojyfg '''Rap2Rif''' source code by '''Flatz''' ]
*[http://pastie.org/private/yltlfwubsz8w5pyhmojyfg '''Rap2Rif''' source code by '''Flatz''' ]
Line 75: Line 60:


*[[Dev_Tools#ReactPSN_.rap_-.3E_.rif_converter|Link download & usage]]
*[[Dev_Tools#ReactPSN_.rap_-.3E_.rif_converter|Link download & usage]]
*[http://www.emunewz.net/forum/showthread.php?tid=8134 another reference]
{{File Formats}}<noinclude>[[Category:Main]]</noinclude>

Revision as of 03:26, 26 December 2019

This article is marked for rewrite/restructuring in proper wiki format.
You can help PS3 Developer wiki by editing it.

The info on this page is an extract (and simplify) of talk page, conversations and forum posts, please digest the info and move it to this page

See also [1].

PS3 NPDRM SELF - SPRX decryption steps

Once the user is trying to start a SELF, the vsh looks for the Program Identification Header. If the Program Type is NPDRM, then the NPDRM info is located. From this NPD header the vsh gets the NPDRM_Selfs#License_Type.

If a Network Licensed content is to be loaded, the vsh loads the act.dat and the .rif associated to the content (will download .rif to vsh process memory).

For Local License content too, the vsh locates a file with the same CONTENT ID than in NPDRM header, then the signatures are checked (last 0x28 bytes of both RIF and act.dat).

If a Free content (no license check: no need for .rif/act.dat) is detected then a generic klicense will be use for further steps (go to LV2).

Using the RIF_KEY with the act.dat index decryption key, it will obtain the actdatIndex, then the execution passes to LV2 Syscalls 471.

This function has different parameters depending of the License Type: 

PAID: syscall471(npd.type, &npd.titleID, NULL, &actdat.keyTable[rif.actDatIndex], &rif.key, npd.license, &npd);
FREE: syscall471(npd.type, &npd.titleID, freeklicensee, NULL, NULL, npd.license, &npd);
*PAID can also include free games/apps too but require this licensing check

The lv2 keeps a memory table with contentID and the associated key:

  • Licensed content: the encrypted klicensee is converted to the klicensee (by using a constant value on lv2, IDPS and the act.dat) and once transformed it is stored in memory table.
  • Free content: copies the titleID and the generic klicensee to the table.

From there, the lv1 hypervisor by loading Appldr, will transform (again) this key by using the klic_dec_key and finally remove the NPDRM layer to start the SELF - SPRX decryption.

See also:

PS3 NPDRM EDAT decryption steps

To document.

License Type

Value Type Remarks
0 Debug SDAT
1 Network License It requires network authentication every time the content is launched. See inability example.
2 Local License It requires first time activation online (paid content but also demo & free of charge content).
3 Free It does not require any license file nor console activation (act.dat).

Tools


SCE File Types
Certified File
NPDRM
NPDRM · App Types · ACT.DAT · RIF
PKG
EDAT
RCOXML
CXML
XMBML
XMB Config
DB Config
Databases
System Data
XMB Preload
Licences
 ·
Games/Apps
PS3
Emulators
Web
Unsorted
Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=NPDRM&oldid=55161"