PSVIMG

PSVIMG files are encrypted files generated by CMA in backing up and restoring data from the Vita. The format is documented in this tool.

Generating PSVIMG
When CMA is used to backup system, game, or savedata from the Vita to a PC or PS3, the following algorithm is used:


 * 1) Using a tar-like structure, stream all of the file data into a file.
 * 2) If making a PSVMD file, use the deflate algorithm to compress.
 * 3) Generate a random nonce for the first 0x10 bytes using the RndNumber syscall.
 * 4) Generate a unique session AES256 key using a secret phrase and the PSN account id of the PSVita.
 * 5) Generate a SHA256 hash of the plaintext every 0x8000 bytes and insert the hash into the filestream.
 * 6) Encrypt the stream data using EncDecKeygen syscall from SceSblDmac5Mgr with the nonce as the header and the AES256 session key.
 * 7) Transmit to PC or PS3.

Secrets
If you look at the 16 character hex directory name included in part of the backup path, that is your PSN Account Id. The AES256 session key is calculated by doing a SHA256 hash of the 8 byte hex binary representation of the PSN Account Id followed by the secret phrase:

Example
Buffer:

SHA256 of this buffer generates the AES256 session key of:

To generate the PSVIMG AES key, the buffer is encrypted using AES256ECB with the following key A9FA5A62799FCC4C726B4E2CE3506D38 (Prototype units use the following key instead: 3ED01F93E84B23AEDD2C12B16199FDE0).

This key is set though kprx_auth_sm using service 0x50001).

It is then used in conjunction with encdec_w_portability to decrypt/encrypt PSVIMG blocks.

SHA-256: 186F29050C0D0D99038D86EFA9B6AD332E59564B7FFCA97985C09D64BD4BC442

The encrypted above hash produces the following result: