Yesterday we saw his 1.76 PS4 Entrypoint, and today PlayStation 4 developer IDC returns with some PS4 Act.dat and PS4 RIF research documentation stating he will likely add the required code used to restore an act.dat backup to his Github soon as well.
This news comes following the RIF Samples and PS4 IDX Generator / GenIDX Tool as PlayStation 4 developer @CrazyVoid hinted that both RIF and IDX files are going to be an important part to PS4 game backups and homebrew in the future.
To quote from the Dev Wiki: Act.dat
File Handling
On 1.76, act.dat is loaded and updated by the SceShellCore process.
Beyond 1.76, act.dat is loaded and updated directly by the kernel.
File Verification
A HMACSHA256 of the entire act.dat file using the SHA256 of the OpenPsId as the key is stored in Vtrm using SceShellCore's process ID in slot 0.
SceShellCore's process ID is 0x3800000000000010.
hmacsha256(sha256(sceKernelGetOpenPsIdForSystem()), act.dat) (pseudo-code)
This prevents easily adding or replacing the act.dat file directly. You will need to update this HMAC to prevent the act.dat file from being deleted when adding or replacing it.
File
An act.dat file is made up of 1 to 21 sequential activation structures.
The file is truncated to valid activation structures, so its size will be a multiple of 512.
Activation
Fields are big-endian.
And also from the Dev Wiki, to quote: Rif
Secret
RIFA File
See also RIDX structure for the paired idx file. When in this form, a RIFA header is present, followed by sequential rifs.
RIFA Header
Fields are big-endian.
RIDX File
RIDX Header
Fields are little-endian.
RIDX Entry
Fields are little-endian.
Thanks to @raedoob for the PS4 scene news tip in the PSXHAX Shoutbox earlier today!
This news comes following the RIF Samples and PS4 IDX Generator / GenIDX Tool as PlayStation 4 developer @CrazyVoid hinted that both RIF and IDX files are going to be an important part to PS4 game backups and homebrew in the future.
To quote from the Dev Wiki: Act.dat
File Handling
On 1.76, act.dat is loaded and updated by the SceShellCore process.
Beyond 1.76, act.dat is loaded and updated directly by the kernel.
File Verification
A HMACSHA256 of the entire act.dat file using the SHA256 of the OpenPsId as the key is stored in Vtrm using SceShellCore's process ID in slot 0.
SceShellCore's process ID is 0x3800000000000010.
hmacsha256(sha256(sceKernelGetOpenPsIdForSystem()), act.dat) (pseudo-code)
- sceSblVtrmStoreNth(0x3800000000000010, hmac, 64, 0)
- sceSblVtrmRetrieveNth(0x3800000000000010, hmac, 64, 0)
- sceSblVtrmFreeNth(0x3800000000000010, 0)
This prevents easily adding or replacing the act.dat file directly. You will need to update this HMAC to prevent the act.dat file from being deleted when adding or replacing it.
File
An act.dat file is made up of 1 to 21 sequential activation structures.
The file is truncated to valid activation structures, so its size will be a multiple of 512.
Activation
Fields are big-endian.
Name | Offset | Size | Example | Remark |
Signature | 0x000 | 4 | 41 43 54 00 ('ACT\0') | - |
Version | 0x004 | 2 | 00 01 | 1 (current) |
Type | 0x006 | 2 | 00 02 | 2 or 3 |
PSN Account ID | 0x008 | 8 | AB CD EF 01 02 34 78 91 | - |
Start Timestamp | 0x010 | 8 | 00 00 00 00 52 85 64 00 | Start timestamp (unix/epoch) |
End Timestamp | 0x018 | 8 | 7F FF FF FF FF FF FF FF | End timestamp (unix/epoch), typically INT64_MAX |
Unknown | 0x020 | 64 | - | - |
OpenPsId SHA256 Hash | 0x060 | 32 | - | sha256(sceKernelGetOpenPsIdForSystem()) (pseudo-code) |
Unknown | 0x080 | 32 | - | Found to match exactly for different users and consoles. Maybe system version SHA256 hash? |
RIF Secret Encryption IV | 0x0A0 | 16 | - | See rif |
RIF Secret Encryption Key Seed | 0x0B0 | 16 | - | Used to decrypt rif secret (KDS RIF only) |
Unknown | 0x0C0 | 64 | - | - |
RSA Signature | 0x100 | 256 | - | Verified using same public key as RIF type 0 |
Name | Offset | Size | Example | Remark |
Signature | 0x000 | 4 | 52 49 46 00 ('RIF\0') | - |
Version | 0x004 | 2 | 00 01 | 1 (current) |
Unknown | 0x006 | 2 | FF FF | - |
PSN Account ID | 0x008 | 8 | AB CD EF 01 02 34 78 91 | 0 if not KDS RIF |
Start Timestamp | 0x010 | 8 | 00 00 00 00 52 85 64 00 | Start timestamp (unix/epoch) |
End Timestamp | 0x018 | 8 | 7F FF FF FF FF FF FF FF | End timestamp (unix/epoch), typically INT64_MAX |
Content ID | 0x020 | 48 | IP9100-CUSA00001_00-PLAYROOM00000000 | - |
Type | 0x050 | 2 | 01 01 | -
|
Unknown | 0x052 | 2 | 00 0F | - |
Unknown | 0x054 | 2 | 00 1A | - |
SKU Flag | 0x056 | 2 | 00 01 | - |
Extra Flags | 0x058 | 4 | 00 00 00 00 | - |
Unknown | 0x060 | 4 | 00 02 00 00 | - |
Unknown | 0x064 | 476 | - | - |
Disc Key | 0x240 | 32 | - | - |
Secret Encryption IV | 0x260 | 16 | - | - |
Encrypted Secret | 0x270 | 144 | - | See Secret for when decrypted |
RSA Signature | 0x300 | 256 | - | Verified using public key depending on type |
Name | Offset | Size | Example | Remark |
Unknown | 0x00 | 16 | - | - |
Unknown | 0x10 | 16 | - | - |
Unknown | 0x20 | 16 | - | - |
Content Key Seed | 0x30 | 16 | - | Used to generate PFS key |
SELF Key Seed | 0x40 | 16 | - | Used to generate SELF key |
Unknown | 0x50 | 16 | - | - |
Unknown | 0x60 | 16 | - | - |
Entitlement Key | 0x70 | 16 | - | - |
Unknown | 0x80 | 16 | - | - |
See also RIDX structure for the paired idx file. When in this form, a RIFA header is present, followed by sequential rifs.
RIFA Header
Fields are big-endian.
Name | Offset | Size | Example | Remark |
Signature | 0x000 | 4 | 52 49 46 00 ('RIF\0') | - |
Service ID | 0x004 | 48 | IP9100-CUSA00001_00 | Size assumed |
Unknown | 0x034 | 972 | - | - |
RIDX Header
Fields are little-endian.
Name | Offset | Size | Example | Remark |
Signature | 0x00 | 4 | 78 64 69 72 ('xdir') | - |
RIF Count | 0x04 | 4 | 01 00 00 00 | - |
Version | 0x08 | 1 | 01 | 1 (current) |
Service ID | 0x09 | 19 | IP9100-CUSA00001_00 | - |
Unknown | 0x1C | 4 | 01 00 00 00 | - |
Entries | 0x20 | 48 * RIF Count | - | See RIDX entry |
Fields are little-endian.
Name | Offset | Size | Example | Remark |
Entitlement label | 0x00 | 16 | PLAYROOM00000000 | - |
Offset | 0x10 | 8 | 00 04 00 00 00 00 00 00 | Offset into RIFA file |
Size | 0x18 | 8 | 00 04 00 00 00 00 00 00 | - |
Unknown | 0x20 | 1 | 01 | - |
Unknown | 0x21 | 15 | - | - |