[EmBoLa.be]

Originally Posted by Pirate @JuanNadie and @mallory , I have updated your statuses here as homebrew devs for the work you have contributed here

Yep You ppl deserve this, so enjoy

[JuanNadie]

mallory: don't worry about credits. The devs know that I published the algorithm and those are the ones who rellay count. My only regret is that the info made it to the front page when it wasn't noob's proof. About IRC, I don't like chats however if I have time I will enter to say hello.

jester: Yep, the edat is completely different. The edat structure is totally different:
-An NPD element
-Then info for the lv2/vsh: the key index, blocksize (the SPU has a max size for reading), and decrypted/decompressed file length.
-Then I expect some metadata for keys.
-Then structures defining length and offset for ¿decryption? and inflating.
-The data itself.

pirate: Thank you for the upgrade.

[erexx]

Originally Posted by JuanNadie pirate: Thank you for the upgrade.

Both of you deserve it and more.
I have never seen a more through and precise explanation of a such an obscure process in any console hack.
More over openly sharing this with everyone is: Awesome.
Mallory's implementation is near genius in its simplistic approach.
I have learned a lot from this.
Thank you very much!

[cookie42]

@mallory Might want to include later npdrm keys in your next (?) release before people start complaining that it doesn't work.

[Octopus]

So... we had some tests here and:
PJ Shooter - work
Flower - don't work
PJ Eden - work
Locoroco - don't work

Why is this happen? I'm think it's because PJ Shooter, PJ Eden don't have EDAT files, Flower have one file in directory "Guard", LocoRoco have all files in EDAT archives.
And also we have error with decrypting elfs later then 3.30, we think its becouse of keys.

[yolbulduran]

I think it is not necessary to decrypt edat files, but eboot.bin files need to be patched against edat file checks.

Read (my) post (#5) and JuanNadie's post (#8). There may even edat reading functions in eboot.bin's waiting to be patched. By decrypting eboot.bin's only VerifyLicense checks defeated.

Even you decrypt edat files, eboot.bin wants to read them via system calls. So they need to be in an encrypted form, unless eboot.bin patched.

Originally Posted by Octopus So... we had some tests here and: Flower - don't work Locoroco - don't work Why is this happen? I'm think it's because PJ Shooter, PJ Eden don't have EDAT files, Flower have one file in directory "Guard", LocoRoco have all files in EDAT archives.

[Octopus]

Look, EDAT encrypted with the same keys like eboot.bin right? so if my ps3 #2 dont have rif and act.dat it can't be decrypted, or I dont get it? LocoRoco has all files in EDAT, so I cant delete all EDAT reads, yeah?

[Octopus]

JuanNadie's post (#8):

But.... what will happen if we decrypt the paid edat/SELF using the rif and then resign and encrypt as a free content before executing the code??? (Assuming we can sign edat)

[mallory]

Originally Posted by JuanNadie mallory: don't worry about credits. The devs know that I published the algorithm and those are the ones who rellay count. My only regret is that the info made it to the front page when it wasn't noob's proof. About IRC, I don't like chats however if I have time I will enter to say hello. jester: Yep, the edat is completely different. The edat structure is totally different: -An NPD element -Then info for the lv2/vsh: the key index, blocksize (the SPU has a max size for reading), and decrypted/decompressed file length. -Then I expect some metadata for keys. -Then structures defining length and offset for ¿decryption? and inflating. -The data itself. pirate: Thank you for the upgrade.

Correct, AFAIK. It will be interesting to see if the metadata is in exactly the same format as it is in a SELF. I am busy reversing lv2 and appldr to find out how to decrypt EDAT. At this point I have about half of the appldr subroutines identified in some form. Any further hints from the proven reverser @JuanNadie would be appreciated!

[granberro]

Congratulations and thanks for sharing JuanNadie.

Regarding EDAT files, IMHO their encryption is FW version independent, at least for the free content.

I have changed geohot's make_self_npdrm to encrypt elfs using a given keypair rather than the static one.

Using that tool and unself2 I have managed create and install LBP2 updates 1 to 4 on a 3.41 PS3. Those updates contains EDAT files and were decrypted by the game flawlessly.

I don't know if it is ok to post links to those pkgs. The npdrm diff (just) the important stuff is:

Code:

+#ifdef NPDRM2
+  memcpy(&md_header, KEY(keypair), sizeof(md_header));
+#endif
-----------------

+#ifdef NPDRM2
+  AES_set_encrypt_key(KEY(erk), 256, &aes_key);
+  memcpy(iv, KEY(iv), 16);
+  AES_cbc_encrypt(&output_self_data[metadata_offset], &output_self_data[metadata_offset], 0x40, &aes_key, iv, AES_ENCRYPT);
+  u8 d_klic[0x10];
+  AES_set_decrypt_key(KLicenseeDecryptKey, 128, &aes_key);
+  AES_decrypt(npdrm_omac_key1, d_klic, &aes_key);
+  AES_set_encrypt_key(d_klic, 128, &aes_key);
+  memset(iv, 0, sizeof iv);
+  AES_cbc_encrypt(&output_self_data[metadata_offset], &output_self_data[metadata_offset], 0x40, &aes_key, iv, AES_ENCRYPT);
+#else
   memcpy(&output_self_data[metadata_offset], KEY(keypair_e), sizeof(md_header));

Hope it helps.