Thread: NPDRM Self algorithm
View Single Post
Old 12-09-2012   #153
ccfman2004
Apprentice
 
Join Date: May 2008
Posts: 1
Likes: 0
Liked 0 Times in 0 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Originally Posted by JuanNadie View Post
Well, a year passed since I opened this thread so lets celebrate with an update

I have been able to resolve the EDAT v4 version. Basically S**Y add a new key/hash.
When creating the hv99 call, field38 contains the key index. For version 0 to 3 key index zero is used (older key). For version 4, index 1 (the new key) is used.

Keys SHAs:

Code:
EDATKEY0:  84E9FC3574EAA11A9462FFA53D5EA46B4D0003BF
EDATKEY1:  6ECDFEC0A11890C1F2A689062D3EFE562317B2FB
EDATHASH0: 8A721A06ABC7BB9BF398C5EF5D6F1FD997BC0A56
EDATHASH1: F7B2917B1FA260FD51D37716A91036651F6F42F2
In addition to that I reversed more fields of the edat header:

0x40 - 0x4F: Before I said that is was a unknown hash. The value actually is the first 0x10 bytes of the SHA1 of the file before is packed (after using make_edata_npdrm)
0x70 - 0x77 and 0x78 to 0x7F: While normally zero on some betas has a value. This is actually dates (since and upto) of validity. When used in combination of a riff the most restrictive is used
0xD8 - 0xFF: Here are the bad news. This is an ECDSA signature. The pub/curve used is the same that the one used on rifs or act.dats. I haven't found a collision so priv can not be obtained. Fortunately the check is not active (I don't know why... perhaps older version have this not properly implemented)

Finally an update version of the code. I have to break compatibility with @KDSBest release in order to integrate the additional key. Also I added the ecdsa check as a warning (won't stop decryption) as well as minor fixes.


http://pastebin.com/ZpSY1Nf7


On the .ENC files (AKA PS2 remastered games on PSN):

I started reversing those. At the moment I know that the OMAC checks are still there (the klicensee is the default). The ECDSA check is ENABLED for PS2 games and on lv2 an ENC is required to be a paid content (so patching vsh.self and lv2 will be required to use a fake ISO.BIN.ENC). I can not gave more information of the encryption although I suspect that an encryption similar to BDEMU is used
I too would like to know how to compile this so I can try it out.
ccfman2004 is offline   Reply With Quote