PSVIMG

PSVIMG files are encrypted files generated by CMA in backing up and restoring data from the Vita. The format is documented in this tool.

Generating PSVIMG
When CMA is used to backup system, game, or savedata from the PSVita to a PC or PS3, the following algorithm is used:


 * 1) Using a tar-like structure, stream all of the file data into a file.
 * 2) If making a PSVMD file, use the deflate algorithm to compress.
 * 3) Generate a random nonce for the first 0x10 bytes using the RndNumber syscall.
 * 4) Generate a unique session AES256-CBC key using a secret phrase and the account id.
 * 5) Generate a SHA256 hash of the plaintext every 0x8000 bytes and insert the hash into the filestream.
 * 6) Encrypt the stream data using sceSblDmac5EncDecKeyGen with the nonce as the header and the AES256-CBC session key. This key is set through kprx_auth_sm using service 0x50001. It is then used in conjunction with encdec_w_portability to decrypt/encrypt PSVIMG blocks.
 * 7) Transmit to PC or PS3.

PSVIMG Key Derivation
The AES256-CBC session key is calculated by:
 * Creating a 33 byte buffer composed of 8 byte hex binary representation of your account id followed by the 0x19 byte PSVIMG secret passphrase.
 * Calculating a SHA-256 hash of buffer above.
 * Decrypting the 32 byte output of the calculated SHA-256 hash with AES128-ECB (128 bit key stored in kprx_auth_sm).
 * This decrypted output is the derived PSVIMG AES256-CBC key.

When you backup with CMA, the files are stored in a directory in your PC that consists of 16 character hex directory name within your backup path. That hex directory name is a representation of your account id.

ex: \Documents\PS Vita\PSAVEDATA\0123456789abcdef\ with '0123456789abcdef' being your account id.

Example
This is an example where we are going to use account id: 0123456789abcdef.

SHA-256 hash of this 32 byte buffer:

The decrypted hash produces the following result after decrypting with AES128-ECB:

This 32 byte (256 bits) sized buffer is the PSVIMG AES256-CBC key.