6,153
edits
Changes
Jump to navigation
Jump to search
Line 2:
Line 2: − + + − + − + − + − + + − + Line 25:
Line 27: − + − + Line 44:
Line 46: − + + + +
→Generating PSVIMG
== Generating PSVIMG ==
== Generating PSVIMG ==
When [[CMA]] is used to backup system, game, or savedata from the Vita to a PC or PS3, the following algorithm is used:
When [[CMA]] is used to backup system, game, or savedata from the PSVita to a PC or PS3, the following algorithm is used:
# Using a tar-like structure, stream all of the file data into a file.
# Using a tar-like structure, stream all of the file data into a file.
# If making a PSVMD file, use the deflate algorithm to compress.
# If making a PSVMD file, use the deflate algorithm to compress.
# Generate a random nonce for the first 0x10 bytes using the RndNumber syscall.
# Generate a random nonce for the first 0x10 bytes using the RndNumber syscall.
# Generate a unique session AES256 key using a secret phrase and the PSN account id of the PSVita.
# Generate a unique session AES256-CBC key using a secret phrase and the PSN account id.
# Generate a SHA256 hash of the plaintext every 0x8000 bytes and insert the hash into the filestream.
# Generate a SHA256 hash of the plaintext every 0x8000 bytes and insert the hash into the filestream.
# Encrypt the stream data using EncDecKeygen syscall from [[SceSblSsMgr#SceSblDmac5Mgr|SceSblDmac5Mgr]] with the nonce as the header and the AES256 session key.
# Encrypt the stream data using [[SceSblSsMgr#sceSblDmac5EncDecKeyGen|sceSblDmac5EncDecKeyGen]] with the nonce as the header and the AES256-CBC session key.
# Transmit to PC or PS3.
# Transmit to PC or PS3.
=== Secrets ===
=== Secrets ===
If you look at the 16 character hex directory name included in part of the backup path, that is your PSN Account Id.
The AES256 session key is calculated by doing a SHA256 hash of the 8 byte hex binary representation of the PSN Account Id followed by the secret phrase:
If you look on your PC at the 16 character hex directory name included in part of the backup path, that is your PSN Account Id.
The AES256-CBC session key is calculated by doing a SHA256 hash of the 8 byte hex binary representation of the PSN Account Id followed by the secret phrase:
<code>Sri Jayewardenepura Kotte</code>
<code>Sri Jayewardenepura Kotte</code>
==== Example ====
==== Example ====
Buffer:
Buffer of an example of PSN Account Id:
<source>
<source>
01 23 45 67 89 AB CD EF 53 72 69 20 4A 61 79 65 77
01 23 45 67 89 AB CD EF 53 72 69 20 4A 61 79 65 77
</source>
</source>
SHA256 of this buffer generates the AES256 session key of:
SHA256 of this buffer consists in the AES256-CBC session key:
<source>
<source>
02EAAB5A00EC9D4207E8B1F53F8A2F3F91F1A73AAFDD2A81CCFEE3E83E5B101A
02EAAB5A00EC9D4207E8B1F53F8A2F3F91F1A73AAFDD2A81CCFEE3E83E5B101A
</source>
</source>
To generate the PSVIMG AES key, the buffer is decrypted using AES128ECB with a 128 bits key located at offset 0x82DC in the 3.60 kprx_auth_sm (Prototype units use another key located at offset 0x7294 in 1.03 kprx_auth_sm ).
To generate the PSVIMG AES key, the buffer is decrypted using AES128-ECB with a 128 bits key located at offset 0x82DC in the 3.60 kprx_auth_sm (Prototype units use another key located at offset 0x7294 in 1.03 kprx_auth_sm ).
This key is set though kprx_auth_sm using [[F00D_Commands#0x50001|service 0x50001]]).
This key is set though kprx_auth_sm using [[F00D_Commands#0x50001|service 0x50001]]).
</source>
</source>
SHA-256: 186F29050C0D0D99038D86EFA9B6AD332E59564B7FFCA97985C09D64BD4BC442
SHA-256:
<source>
186F29050C0D0D99038D86EFA9B6AD332E59564B7FFCA97985C09D64BD4BC442
</source>
The encrypted above hash produces the following result:
The encrypted above hash produces the following result: