Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
PS4 CFW and Hacks       Thread starter PSXHAX       Start date Dec 12, 2017 at 9:13 AM       2      
Status
Not open for further replies.
Yesterday we saw his 1.76 PS4 Entrypoint, and today PlayStation 4 developer IDC returns with some PS4 Act.dat and PS4 RIF research documentation stating he will likely add the required code used to restore an act.dat backup to his Github soon as well. :tree::geek:

This news comes following the RIF Samples and PS4 IDX Generator / GenIDX Tool as PlayStation 4 developer @CrazyVoid hinted that both RIF and IDX files are going to be an important part to PS4 game backups and homebrew in the future.

To quote from the Dev Wiki: Act.dat

File Handling


On 1.76, act.dat is loaded and updated by the SceShellCore process.

Beyond 1.76, act.dat is loaded and updated directly by the kernel.

File Verification

A HMACSHA256 of the entire act.dat file using the SHA256 of the OpenPsId as the key is stored in Vtrm using SceShellCore's process ID in slot 0.

SceShellCore's process ID is 0x3800000000000010.

hmacsha256(sha256(sceKernelGetOpenPsIdForSystem()), act.dat) (pseudo-code)
  • sceSblVtrmStoreNth(0x3800000000000010, hmac, 64, 0)
  • sceSblVtrmRetrieveNth(0x3800000000000010, hmac, 64, 0)
  • sceSblVtrmFreeNth(0x3800000000000010, 0)
Note: sceSblVtrm* are kernel functions.

This prevents easily adding or replacing the act.dat file directly. You will need to update this HMAC to prevent the act.dat file from being deleted when adding or replacing it.

File

An act.dat file is made up of 1 to 21 sequential activation structures.

The file is truncated to valid activation structures, so its size will be a multiple of 512.

Activation

Fields are big-endian.

Name Offset Size Example Remark
Signature 0x000 4 41 43 54 00 ('ACT\0') -
Version 0x004 2 00 01 1 (current)
Type 0x006 2 00 02 2 or 3
PSN Account ID 0x008 8 AB CD EF 01 02 34 78 91 -
Start Timestamp 0x010 8 00 00 00 00 52 85 64 00 Start timestamp (unix/epoch)
End Timestamp 0x018 8 7F FF FF FF FF FF FF FF End timestamp (unix/epoch), typically INT64_MAX
Unknown 0x020 64 - -
OpenPsId SHA256 Hash 0x060 32 - sha256(sceKernelGetOpenPsIdForSystem()) (pseudo-code)
Unknown 0x080 32 - Found to match exactly for different users and consoles. Maybe system version SHA256 hash?
RIF Secret Encryption IV 0x0A0 16 - See rif
RIF Secret Encryption Key Seed 0x0B0 16 - Used to decrypt rif secret (KDS RIF only)
Unknown 0x0C0 64 - -
RSA Signature 0x100 256 - Verified using same public key as RIF type 0
And also from the Dev Wiki, to quote: Rif

Name Offset Size Example Remark
Signature 0x000 4 52 49 46 00 ('RIF\0') -
Version 0x004 2 00 01 1 (current)
Unknown 0x006 2 FF FF -
PSN Account ID 0x008 8 AB CD EF 01 02 34 78 91 0 if not KDS RIF
Start Timestamp 0x010 8 00 00 00 00 52 85 64 00 Start timestamp (unix/epoch)
End Timestamp 0x018 8 7F FF FF FF FF FF FF FF End timestamp (unix/epoch), typically INT64_MAX
Content ID 0x020 48 IP9100-CUSA00001_00-PLAYROOM00000000 -
Type 0x050 2 01 01 -
  • 0x000 KDS RIF
  • 0x101,0x302 Isolated RIF
  • 0x102 Disc RIF
  • 0x200-0x202 Fake/Debug RIF
Unknown 0x052 2 00 0F -
Unknown 0x054 2 00 1A -
SKU Flag 0x056 2 00 01 -
Extra Flags 0x058 4 00 00 00 00 -
Unknown 0x060 4 00 02 00 00 -
Unknown 0x064 476 - -
Disc Key 0x240 32 - -
Secret Encryption IV 0x260 16 - -
Encrypted Secret 0x270 144 - See Secret for when decrypted
RSA Signature 0x300 256 - Verified using public key depending on type
Secret

Name Offset Size Example Remark
Unknown 0x00 16 - -
Unknown 0x10 16 - -
Unknown 0x20 16 - -
Content Key Seed 0x30 16 - Used to generate PFS key
SELF Key Seed 0x40 16 - Used to generate SELF key
Unknown 0x50 16 - -
Unknown 0x60 16 - -
Entitlement Key 0x70 16 - -
Unknown 0x80 16 - -
RIFA File

See also RIDX structure for the paired idx file. When in this form, a RIFA header is present, followed by sequential rifs.

RIFA Header

Fields are big-endian.

Name Offset Size Example Remark
Signature 0x000 4 52 49 46 00 ('RIF\0') -
Service ID 0x004 48 IP9100-CUSA00001_00 Size assumed
Unknown 0x034 972 - -
RIDX File

RIDX Header


Fields are little-endian.

Name Offset Size Example Remark
Signature 0x00 4 78 64 69 72 ('xdir') -
RIF Count 0x04 4 01 00 00 00 -
Version 0x08 1 01 1 (current)
Service ID 0x09 19 IP9100-CUSA00001_00 -
Unknown 0x1C 4 01 00 00 00 -
Entries 0x20 48 * RIF Count - See RIDX entry
RIDX Entry

Fields are little-endian.

Name Offset Size Example Remark
Entitlement label 0x00 16 PLAYROOM00000000 -
Offset 0x10 8 00 04 00 00 00 00 00 00 Offset into RIFA file
Size 0x18 8 00 04 00 00 00 00 00 00 -
Unknown 0x20 1 01 -
Unknown 0x21 15 - -
Thanks to @raedoob for the PS4 scene news tip in the PSXHAX Shoutbox earlier today! <3
PS4 Act.dat and PlayStation 4 RIF File Research Findings by IDC.jpg
 

Comments

Status
Not open for further replies.
Back
Top