81w ago - Following up on the previous PS3 EDAT File Name Restorer utility, today PlayStation 3 homebrew developers Snowydew and KDSBest have made available some PS3 EDAT NPDRM Decryption / Re-Encryption Tools.
To quote: Over on gotbrew irc we were dropped off some stuff from snowydew.
The tools allow for decryption and re encryption of edat, can perform iso.bin.edat extraction, can further decrypt eboot.pbp's / eboot.bins for further game modifiying.
Decryption of act.dat and rif keys, the re encryption part however isn't 100% since we are missing a variable or two, but we can resign them as free npdrm without Sony tools.
A large portion of npdrm right here. It "CAN" do it, it's not implemented just yet. It requires testing though. The encrypton process is a PoC until bytes 0xb0 - 0x100 are figured out.
There is some goodies in the files, check it out if interested in PSP, PS1, etc on your PS3.
[@Snowydew] so very well yes, if you can use the key, find the way to decrypt what's in them, then you could very well sign it with a seperate key / patched ldr to read it as a "proper" signing, and play other ps1 games off the hard drive. It's possible, but i'm currently not seeking it out atm. However all the tools are available to the public to do so
[@Snowydew] "if anyone wants to figure out what the bytes are for 0xb0 to 0x100 that would also massively help us since we've been a bit too busy, or if someone wants to test some things we might be able to go a bit further.
[@Snowydew] so the decryption as it stands right now, an do iso.bin.edat, requires idps, rif and act.dat for the games. re encryption I believe it needs the “fake” signed ones, as well as an idps (not sure on the idps) however the second method only requires the idps and the .rap file. This does not cover licenseing games i believe (It could, but we haven’t tested it). The re encryption algo is in the encryption one, but again haven’t been able to test it completely (reason I was asking around on twitter awhile back).
From Twitter: Welp, time to stop sitting on projects. Multiple versions KDSBest thanks for porting it over and helping Binaries and sources included for all decryption and encryption processes. It's a PoC, but usable.
According to Snowydew, it could leave to people resigning PS1 games into the eboot.pbp's to run PS1 games , but the iso.bin.edat still needs studying:
We haven't fully documented much of it (because the need for "Examples" to see what are in there for a variety of tests). However sandungas might be able to help if he still has that txt file from way back somewhere, there are other smaller things we haven't fully documented, however we would like that if anyone does, please post it on the wiki for others.
The only things I have personally looked at with the few others were the iso.bin.edats and that they're .cue files with a header, which is the most likely the decryption key for the eboot.pbp / bin (depends from what I've actually seen) and the rest calls the emulator with flags, for what exact I'm not sure just yet.
As juan said, currently this only fully supports decryption of PSOne games (Simple fix to add others through klicense keys). the encryption process isn't 100% tested, but if people want to help we can go from there. the headers from 0xb0 to 0x100 as kdsbest said. We currently don't fully know what these are so if anyone wants to help with that, that would be awesome.
From JuanNadie: Congrats snowydew and KDSBest. Good job (specially for providing source code).
I ran the app and there is no text field for klicensee so I assume that this release is only for PSX games.
For those asking this tool (once improved) will allow you to do what EXE.trim.ALL did months ago... freeing DLC, PSX, PS2 and some PSN game. However my favorite use is SDAT. A lot of developers encrypt resource files on SDAT... now we can do our own mods/translation
BTW if you have a RAP you don't need the IDPS nor act.dat nor RIF...
PS: For devs, if any of you knows how an isolated SPU reads the config ring please contact me.
From sandungas: Its poorly explained in the thread, but this tool is not focused in psn, but in rebuilding PS1 games in ps3 format from a copy of the original disc.
The fact is there is an .iso inside all "ps1 classic" games and "psp minis" games... and probably "ps2 classic" games. There are firmware modules (the ones labeled 9660) that can read this .iso format that is an standard of the industry.
So theorically, if you can provide an .iso in the correct format (with the extended track info)... and with the ability of recreating his header and the rest of his structure you have a way to boot any ps1 game in any ps3 model.
*obiously there is no 100% compatibility in the emulators itself, so some games will not run, but expect a big number to work
With "PSP minis"... there is no use because there are no minis discs to make a backup in .iso format.
With "PS2 classics" probably has some things in common with PS1... but also some different things... can be a bit more complicated (and compatibility very low with ps3 slims).
The file structure of a decrypted iso.bin is divided in "blocks" and "clusters":
First you have the header (1 block) <--- this header can be considered "patched" to the start of the file, doesnt count as part of first cluster... clusters are used only inside the "discs" areas.
Then the "disc 1" starts (1024 blocks, 64 clusters)
Then the "disc 2" starts (another 1024 blocks, 64 clusters) etc...
Inside the first clusters of each disc (this cluster can be considered another header specific for this disc) you have the "magic" PSISOIMG0000 that is different for "psp minis" (I don't remember)... and probably another for "ps2 classics" (speculation)
Also the "game_id"... "number of clusters"... some unknown counters... (probably blocks used or similar). But the most important area of this cluster is the 32 bytes (seems to be a key) displaced 0x800 bytes from the start of the cluster.
Then there is a block of padding, and in the second cluster it begins the "file_table"... this table last to the end of the "disc 1" (and not-used clusters contains a checksum of 16 bytes)
The file_table is composed of entries of 32 bytes each. In each entry you have... the displacement from start of table, file size ?, cluster number (inside the iso) ?... etc...
Well... this file_table is pointing to the disc in iso format, and probably to "sectors" of the disc... it can be a TOC. And here is where is important to take in account the track data mode of the old ps1 discs, because it had an special track (known as MODE2)
The positions are always fixed, so for a game with 4 discs the important stuff is at this offsets:
I just created a new wiki page: ps3devwiki.com/wiki/Iso.bin.edat
All the iso.bin offsets are mapped, some of them are still unknown, but his positions are clear. With this tables can be done a program to "read" iso.bin files to give an output list of all the positions, information, etc... (in a semi-human-readable format)
Now its needed to identify the "unknown" areas by understanding the relationship with the real .iso structure. The next step is to be able to generate this iso.bin files. Feel free to help updating the page if you find something.
The names i used for the tables or areas... are a bit confusing (if anyone understand this better feel free to clarify them) But because i don't know exactly what they are... i found no better names
All that i added to the page is from a iso.bin.edat decrypted from a retail game... i just removed the extension .edat to difference it from an encrypted one
And well... in resume... this iso.bin is pointing to areas of another .iso file. This areas obviously are "sectors of a disc"... and probably related with the TOC of the disc (table of contents)
And for the decryption of each disc (or each disc header)... i think the key is the one i marked as "disc_key" (doesn't seems to be a checksum, and is the only one with 32 bytes) At the end of the file there is an area of 40 bytes a bit strange that i have no idea if is related with encryption.
From PatrickBatman comes a Tutorial to Decrypt NPDRM as follows:
Well I guess I can tell you how the EASY WAY (After figuring this out I saw moogie figured it out also). This the easy way so ill tell you how to do that (I haven't looked for extensively/found the latest NPDRM keys like what duplex uses or whatever)
Basically you can make ebootMOD do this (this is the easy way instead of cygwin or linux)
1) Get deank's ebootMOD
2) Keys: get app-iv-102f, app-key-102f, app-pub-102f, app-priv-356, free_klicensee-key, klic-key, npdrm-const and rif-key
3) Get the unself that is 139KB allows NPDRM decryption
(to get items 2 and 3 search for PS3_Tools_NPDRM_v3)
4) Put keys in ebootMOD's .ps3 folder
5) Replace ebootMOD's unself (132 KB) with the 139KB unself (allows NPDRM decryption)
6) Drag and drop NPDRM eboot over ebootMOD icon
7) EbootMOD will make MODIFIED_EBOOT.BIN at the same location as original NPDRM eboot
Also, you can use the tools with PS3_Tools_NPDRM_v3 to unpkg update pkg files but you need working knowledge of cygwin/linux.
Or the easy way: get Unpkg GUI by Team SOS (I just extracted Skyrim 1.03 update with this, but of course can't decrypt eboot cause its using higher NPDRM keys or has EDAT, haven't checked anyway EDAT uses several keys,
EDATDEFAULTHASHKEY: 8A721A06ABC7BB9BF398C5EF5D6F1FD997BC0A56 and blah blah)
Finally, from zecoxao comes some precompiled tools for Edats in general (Minis and PSX Classics ONLY!) and the executable is located in the bin folder of each VS project. He also recently set up a ps3_decrypt_tools GIT for interested PlayStation 3 developers.
To quote: In case you haven't noticed, ps3devwiki.com/wiki/Iso.bin.edat is more complete because i have had some help in decrypting the stuff. There's also a new thing i've found. They are some differences between a 1 CD PSX Classic like Abe's Oddysee, and Multi-Disk PSX Classics like FF VII and FF VIII. I would appreciate if someone took the care into documenting those differences.
Stay tuned for more PS3 Hacks and PS3 CFW news, follow us on Twitter and be sure to drop by the PS3 Hacks and PS3 Custom Firmware Forums for the latest PlayStation 3 scene updates and homebrew releases!
Following up on his previous revision, this weekend Quake of http://trading-post.sytes.net:6969/forum/viewtopic.php?p=939#939 let us know a PS3 Make Package NPDRM GUI v2.1.1125 update is out now followed by v2.1.1127 and v2.1.1128 and includes skin selection.
I'm here to inform you on an update to my software: Make Package NPDRM GUI to 2.1.1125:
Fixed: CMD Skin replacement. - Upon exiting CMD form the button skin would not return.
Added: Skin list to Error Handler
Added: Skin Error Handler - By request [Tranced]
Added: Skin Selection - Skins can now be selected
Added: Refresh - See Menu
Added: Visual enhancements
Notes: RAR only includes EXE's and default skin.
Skins can be edited in X:\Program Files\NPDRM GUI Tools\skin
FAQ (Q = Question - A = Answer - S = Solution):
Q) Is it possible to make Multiple Theme packages
A) Yes! Listview: - Just check the ones you want in the Listview.
S) Move and or Delete known Edat's to another folder.
Q) My pkgs are missing?
A) make_package_npdrm support's an output folder with: -o | --output DIR output package to DIR.
S) Try doing a *.pkg search or, Opening the App Path, User Dir (C:\Documents and Settings\USER_NAME - C:\USERS\USER_NAME) OR, Make sure to check the --output box and click the corresponding button to the right and select a Dir.
Following up on his previous updates, this weekend PlayStation 3 homebrew developer Quake of http://trading-post.sytes.net:6969/forum/viewtopic.php?p=939#939 has updated Make Package NPDRM GUI version 2.1.1121 with details below.
1) Fixed: Error 13: Type miss match - Bug
2) Added: Textbox, Command button to Output form. -
3) Replaced: Output text font
1) Added: Files Collapse -
2) Added: Output Visible - Thus NOT making the OutPut Snap to GUI.
3) Added: Skin Colors to - GUI, Settings - See Settings-Skin
4) Added: Delay on Shut down - 2.5sec
5) Added: Opacity - See Settings
6) Added: More Graphics - See Settings Skin
7) Fixed: A bug in Help topics in menu
1) Fixed: OutPut BackColor / ForeColor resign upon window close/re-open
2) Added:SHA1 - This does not do 4096+ gb large files
3) Fixed: Scroller size - Bottom area
1) Added: Sounds - Settings
2) Added: OutPut Form - Removed output from main form
3) Added: Lots of Settings - See settings
4) Added: More file recognition
Following up on his PS3 Make Package NPDRM GUI from Quake of http://trading-post.sytes.net:6969/forum/viewtopic.php?p=939#939, today he has made available a Make Edata NPDRM GUI v1.1.1025 alongside Make Package NPDRM GUI version 2.1.1080 with details below.
Following up on his PS3 Make Package NPDRM GUI from Quake of http://trading-post.sytes.net:6969/forum/viewtopic.php?p=939#939, today he has made available a Make Edata NPDRM GUI v1.1.1025 alongside Make Package NPDRM GUI version 2.0.1025 with details below.
Fixed: Loop - When NPDRM is not present
Added: NPDRM file check - When NPDRM is not present
PS3 Make Package NPDRM GUI 2.0.0 Changelog:
Fixed: Destination Directory - I Hope
Fixed: NPDRM file name - Improper file name when reopening GUI.
Added: More INI setting - These are auto setting, You won't see them: See above.
Added: Windows open X, Y
Added: CMD Responce - All controls included.
Added: All CMD Internal's.
Added: *Keypress - ContentID, KLicensee, DRMType, ContentType, PackageType.
PS3 Make Edata NPDRM GUI - v1.1.1025 Changelog:
Fixed: Loop - When NPDRM is not present.
Added: NPDRM file check - When NPDRM is not present.
Added: Taskbar Menu - Also in Package GUI
Following up on the PS3 EDAT NPDRM Decryption / Re-Encryption Tools, recently Quake of http://trading-post.sytes.net:6969/forum/viewtopic.php?t=415 has released a PS3 Make Package NPDRM GUI homebrew application for those uncomfortable with Sony's command-line version.
To quote: SubZero Dezigns brings you; Make Package NPDRM GUI
Used to make PKG files with http://uploadmirrors.com/download/3VG4K3FY/make_package_npdrm.rar
Q) My pkg's are missing?
A) make_package_npdrm doesn't support an output folder right now.
S) Try doing a *.pkg search or, Opening the App Path.
Simple Public License (SimPL) 2.0
The SimPL applies to the software's source and object code and comes with any rights that I have in it (other than trademarks). You agree to the SimPL by copying, distributing, or making a derivative work of the software.
You get the royalty free right to:
1) Use the software for any purpose;
2) Make derivative works of it (this is called a "Derived Work");
3) Copy and distribute it and any Derived Work.
If you distribute the software or a Derived Work, you must give back to the community by:
1) Prominently noting the date of any changes you make;
2) Leaving other people's copyright notices, warranty disclaimers, and license terms in place;
3) Providing the source code, build scripts, installation scripts, and interface definitions in a form that is easy to get and best to modify;
4) Licensing it to everyone under SimPL, or substantially similar terms (such as GPL 2.0), without adding further restrictions to the rights provided;
5) Conspicuously announcing that it is available under that license.
There are some things that you must shoulder:
1) You get NO WARRANTIES. None of any kind;
2) If the software damages you in any way, you may only recover direct damages up to the amount you paid for it (that is zero if you did not pay anything). You may not recover any other damages, including those called "consequential damages." (The state or country where you live may not allow you to limit your liability in this way, so this may not apply to you);
The SimPL continues perpetually, except that your license rights end automatically if:
1) You do not abide by the "give back to the community" terms (your licensees get to keep their rights if they abide);
2) Anyone prevents you from distributing the software under the terms of the SimPL.
Leaving the PackageType Blank it will not be used in make_package_npdrm
Theme package is not implemented.
Added: Target-Directory Frame - See button >..
Added: Target-Directory Controls
Removed: Input Text on KLicensee
Added: Edit button to ContentID, KLicensee.
Added: Edit to ContentID, KLicensee buttons. - See text Box's
Added: Text Box's to ContentID, KLicensee. - KLicense Default Char' Limit = 34(0x00000000000000000000000000000000)
Fixed: PackageType - Used with Target-Directory
Added: Theme package - Working!
How to: To make a pkg of a Fixed Sample.p3t.edt
Select Fixed Edat theme in File List
Change ContentType to Theme
Press theme Button.
Install PKG in Install Package Files
Scroll to Theme and Apply Theme
Changed: Icon menu to File menu
Fixed: Execute Themes All
Removed: Right Click Input Text on DRMType, ContType, PackageTpe
Added: Right Click Edit on DRMType, ContType, PackageTpe
Added: Menu Options to DRMType, ContType, PackageTpe
For the more user control freaks(Like myself)
Added: ListView control