Not possible at the moment, rolling back is only available to those in Sony's Beta program running PS4 Beta Firmware.
Also here's some more information from
Robbie Luong on how
Something Sinister's tool is used with the previously released
PS4 Keys by RedEyeX32:
It extracts and unencrypts encrypted files in game packages. A couple of extra steps are required before it can be used. First the rsa parameters have to be added to main.cs from main.cs, copy/paste the first 4 bytes of the exponent, first 128 bytes of p, first 128 bytes of q, each into it's own binary file.
To create the rest of the rsa parameters, use those 3 files with the application posted in this thread (RedEyeX32's linked above). Do command:
Code:
rsa_genkey.exe exponent p q
This will create a text file called priv.txt with all the parameters. Paste them into
main.cs from the rar posted above.
Code:
public struct RSAParameters {
D = new Byte[256] { ... },
DP = new byte [128] { ... },
DQ = new byte [128] { ... },
Exponent = new byte[04] { ... },
InverseQ = new byte[128] { ... },
Modulus = new byte[256] { ... },
P = new byte[128] { ... },
Q = new byte[128] { ... }
};
That will fix the exception caused by null pointers. One more minor fix in main.cs, that will also raise an exception with some files:
Code:
byte[] file_data = DecryptAes(key, iv, IO.In.ReadBytes(entry[i].size));
change it to this:
Code:
if ((entry[i].size % 16) != 0) padded_size = entry[i].size + (16 - (entry[i].size %16));
else padded_size = entry[i].size;
byte[] file_data = DecryptAes(key, iv, IO.In.ReadBytes(padded_size));
and add padded_size to the list of declared variables
Code:
uint entry_count = IO.In.SeekNReadUInt32(0x10);
uint file_table_offset = IO.In.SeekNReadUInt32(0x18);
uint padded_size;
also this fixes the incorrect use of zeroes for padding. section containing an encrypted file of size 0x214 bytes:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00E4C570 1B DB 69 12 D3 CC DD D1 D3 3A 59 26 DA 43 63 0A .Ûi.ÓÌÝÑÓ:Y&ÚCc.
00E4C580 23 22 1A D0 01 2B 74 1A 83 FC B6 1D 96 5A 70 09 #".Ð.+t.ƒü¶.–Zp.
00E4C590 6E 1F 1D 22 BB 43 55 1B F5 C8 7C FC 4B 35 93 B8 n.."»CU.õÈ|üK5“¸
00E4C5A0 F9 61 18 00 4D 9D C0 A4 70 38 B8 E6 72 0D 91 D3 ùa..M.À¤p8¸ær.‘Ó
00E4C5B0 A1 9E B1 B9 85 4D 22 74 26 6A 3D 37 36 B2 CD 43 ¡ž±¹…M"t&j=76²ÍC
00E4C5C0 70 04 58 76 1A 83 6A F0 92 A2 07 08 DF 96 12 AE p.Xv.ƒjð’¢..ß–.®
00E4C5D0 11 80 CF 32 9E 6A C5 78 8E 4A E8 D0 51 8F A5 C7 .€Ï2žjÅxŽJèÐQ.¥Ç
00E4C5E0 D3 BC 7E A0 6E 08 C2 97 EC AF 91 92 04 A1 53 B9 Ó¼~ n.—쯑’.¡S¹
00E4C5F0 32 83 99 18 91 8A E6 0C 42 CA 8D 4A 32 CF 6B F1 2ƒ™.‘Šæ.BÊ.J2Ïkñ
00E4C600 F7 0F BA 13 37 39 A5 3D 14 4E B5 E6 BF B6 86 ED ÷.º.79¥=.Nµæ¿¶†í
00E4C610 2A C9 2C B3 21 75 46 1F CF EF BE 3F BC BD 50 71 *É,³!uF.Ïï¾?¼½Pq
00E4C620 45 4A 16 74 D5 6B 8D 17 44 FF 3A 85 A8 B2 3D 0E EJ.tÕk..Dÿ:…¨²=.
00E4C630 F2 E8 4E 8D 91 3F D0 FC 7A 73 16 43 D8 8D 17 32 òèN.‘?Ðüzs.CØ..2
00E4C640 3B 15 9E A1 BF 37 7A FB 0D 2B 4F 93 DA 4E FF F0 ;.ž¡¿7zû.+O“ÚNÿð
00E4C650 9B 32 68 EC 0A E9 F2 0B 06 03 22 B9 31 39 24 13 ›2hì.éò..."¹19$.
00E4C660 B4 06 A1 7A 78 DD CD 91 FC 50 6A 91 66 D9 92 64 ´.¡zxÝÍ‘üPj‘fÙ’d
00E4C670 CC A1 6E 69 AD 04 50 20 DA 21 D9 72 E3 66 10 4F Ì¡ni..P Ú!Ùrãf.O
00E4C680 86 66 BA 7E AF 92 22 C7 3B FC 56 12 61 6E 51 43 †fº~¯’"Ç;üV.anQC
00E4C690 9E 06 62 0D A6 2E 68 42 AE 3B 4E 5F E8 EC 36 83 ž.b.¦.hB®;N_èì6ƒ
00E4C6A0 F3 A8 70 5D 68 2E 97 67 17 32 F5 C0 B9 8D 83 6D ó¨p]h.—g.2õÀ¹.ƒm
00E4C6B0 23 D4 64 D0 21 BA 6A 7E 6C BF 84 CB AF E7 0C 0A #ÔdÐ!ºj~l¿„˯ç..
00E4C6C0 80 BD 3E C0 58 0E 27 23 87 D3 6D AB 92 F8 88 0B €½>ÀX.'#‡Óm«’øˆ.
00E4C6D0 70 97 CD 18 2A 15 B9 2A 5E E2 2C 04 E4 4D 64 C8 p—Í.*.¹*^â,.äMdÈ
00E4C6E0 5A DD 76 EE 98 23 93 9F 83 EE 3F 1E 84 06 99 5E ZÝvî˜#“Ÿƒî?.„.™^
00E4C6F0 AE 8A FD F1 9E BA D5 75 8A 03 FA 67 83 A3 70 2F ®ŠýñžºÕuŠ.úgƒ£p/
00E4C700 BF 3D 13 18 58 E8 1E 35 48 3C EF 21 04 2C FE F3 ¿=..Xè.5H<ï!.,þó
00E4C710 EA 7E A2 93 19 2C D4 46 51 5A 77 50 E0 65 B4 55 ê~¢“.,ÔFQZwPàe´U
00E4C720 D3 DE 64 19 BF C3 62 0B F4 30 4F 1D 2E 91 BF 66 ÓÞd.¿Ãb.ô0O..‘¿f
00E4C730 E5 45 F5 09 85 A8 2A D9 03 BA 4D D7 D7 F5 29 28 åEõ.…¨*Ù.ºM××õ)(
00E4C740 3F CB FB 09 9D 1D F8 60 27 63 04 2A 7F A5 25 3C ?Ëû...ø`'c.*.¥%<
00E4C750 70 C5 F2 31 3E 81 DF 48 01 82 D9 BC B2 53 FB 3A pÅò1>.ßH.‚Ù¼²Sû:
00E4C760 7C 62 56 BB D6 6D 77 58 B5 6D 06 A5 34 F7 76 C3 |bV»ÖmwXµm.¥4÷vÃ
00E4C770 B8 8A 57 E4 18 C1 27 61 33 BD DE 25 98 67 42 1D ¸ŠWä.Á'a3½Þ%˜gB.
00E4C780 7A 42 71 57 96 1B 82 4B 33 6D 19 49 E4 38 F9 34 zBqW–.‚K3m.Iä8ù4
the last line is 4 bytes of the end of the file, the rest is artifact of encryption. here it is decrypted and extracted:
Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00000000 D2 94 A0 18 00 00 00 01 00 00 00 00 00 00 02 14 Ò” .............
00000010 00 00 00 00 00 00 01 80 00 00 00 00 00 00 00 01 .......€........
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000060 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000070 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000080 00 10 00 0C 4E 50 57 52 30 35 32 39 34 5F 30 30 ....NPWR05294_00
00000090 00 11 00 0C 30 00 00 00 00 00 00 00 00 00 00 00 ....0...........
000000A0 00 12 00 B0 66 8F C1 6A 37 A3 30 BE 88 CA A0 73 ...°f.Áj7£0¾ˆÊ s
000000B0 05 CB 5F 0E D1 21 1D 6F 7C 30 F2 0A 96 DB F2 5D .Ë_.Ñ!.o|0ò.–Ûò]
000000C0 FC 90 F5 42 82 95 83 E1 F2 5F 98 7A 35 00 96 3A ü.õB‚•ƒáò_˜z5.–:
000000D0 7F 74 A3 44 2E DF 47 83 1A F2 22 B2 48 29 60 D5 .t£D.ßGƒ.ò"²H)`Õ
000000E0 31 8A 4B B0 7F 73 DA 0D 9D FB E0 89 86 02 62 17 1ŠK°.sÚ..ûà‰†.b.
000000F0 55 2A 4A 8B 04 50 37 E7 FB D8 A9 0F 96 AC B9 2D U*J‹.P7çûØ©.–¬¹-
00000100 13 B5 E7 92 D5 61 64 A0 01 AC CB 6D 80 67 34 97 .µç’Õad .¬Ëm€g4—
00000110 35 C5 81 12 A1 BB A9 05 99 18 B4 9A D8 83 B8 9E 5Å..¡»©.™.´šØƒ¸ž
00000120 6A FB FF 56 F6 3E A6 4D 46 80 09 E3 0E 04 E4 2A jûÿVö>¦MF€.ã..ä*
00000130 64 1A 63 4C D1 4D 9F D1 5E B4 CA 8D 72 C4 72 D5 d.cLÑMŸÑ^´Ê.rÄrÕ
00000140 B7 AE 9E 6C 41 15 A8 AB FA 25 BA 54 76 B7 E9 6B ·®žlA.¨«ú%ºTv·ék
00000150 EA 3C 83 2B 00 13 00 10 70 7C F9 B0 19 9A 17 93 ê<ƒ+....p|ù°.š.“
00000160 01 6C AB AA E7 D9 94 6D 00 00 00 00 00 00 00 00 .l«ªçÙ”m........
00000170 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00000200 8D C1 40 8A 5E D0 1F 1B B6 4F CB 71 26 0D 27 38 .Á@Š^Ð..¶OËq&.'8
00000210 08 2E 7D 66 00 00 00 00 00 00 00 00 00 00 00 00 ..}f............
if we had used zero for the padding bytes, it would give instead:
Code:
00000200 8D C1 40 8A 5E D0 1F 1B B6 4F CB 71 26 0D 27 38 .Á@Š^Ð..¶OËq&.'8
00000210 BA FF CA 5B D9 8D 62 B9 98 1A 2F 61 3B D7 3E 52 ºÿÊ[Ù.b¹˜./a;×>R
the whole last line is incorrect not just the padding. it's important because the last 20 bytes before the padding is the sha1 checksum of the file from 0-1FF
Code:
8DC1408A5ED01F1BB64FCB71260D2738082E7D66
this can be used to check that the file was unencrypted correctly. optionally add a text box control in the designer window, name it textBox1 and in the properties window, for scrollable, choose vertical. then after line:
Code:
for (int i = 0; i < entry_count; i++) {
add this:
Code:
textBox1.Text = textBox1.Text + "\r\n";
textBox1.Text = textBox1.Text + "\r\nType: " + entry[i].type.ToString("X");
textBox1.Text = textBox1.Text + " Unk1: " + entry[i].unk1.ToString("X");
textBox1.Text = textBox1.Text + "\r\nFlags1: " + entry[i].flags1.ToString("X");
textBox1.Text = textBox1.Text + " Flags2: " + entry[i].flags2.ToString("X");
textBox1.Text = textBox1.Text + "\r\nOffset: 0x" + entry[i].offset.ToString("X");
textBox1.Text = textBox1.Text + " Size: 0x" + entry[i].size.ToString("X");
textBox1.Text = textBox1.Text + "\r\nKey Index: " + entry[i].key_index.ToString("X");textBox1.Text = textBox1.Text + " Encrypted: " + entry[i].is_encrypted.ToString();
to see the file list:
by the way, this method gives the same keys already posted by
modrobert.
I was really only trying to see if keys would work. Here is my compiled version. Really, it is somewhat funny for me to release this since I don't know where he got the random numbers and exponent or anything about ps4 pkgs. I don't know C# either.
Requires net framework 2.0 sorry, but that's what language he used for his release.
Download:
ps4pkgdec.zip (7 KB) /
solution.zip (517 KB)
I used it on a few game update pkgs. It usually extracts 2-5 files. Inspecting the extracted files in a hex editor, 1 or 2 obviously appear decrypted. These files have type 402 and 403. Not all updates have 402 or 403 file types. You will have to find some that do.
type 402 contains an np title id. type 403 contains the file's size, a similar type id and at the end of the file is the sha1 of the file contents. You can verify this by opening the type 403 file in a hexeditor, like hxd.exe, delete the last 20 bytes, have it compute the sha1 checksum of the remaining contents. It should be identical to the 20 bytes just cut from the end of the file. This verifies the file was decrypted correctly as shown in the posts above.
I don't know what these files are, but there is a string table in the original package file with the names of some of the files. What Mr. Redeye has named unknown1, is now labeled string index. It is the offset of the file's name in the string table, but file types 402 and 403 don't have entries in the string table, index ==0.
update to pkgdec
Added:
- list file properties
- extract all files
- extract file by file number
Requires .Net 4.0
Download:
ps4pkgdec_update.zip (14 KB) /
ps4pkgdec_update_source.zip (10 KB)
The files in the file table are only a small part of the pkg. lots of other data still in the game pkg. note also, he does not use the key index. the part 1 key seed is hard coded and being used to decrypt all the encrypted files. files with key index 3 look ok. files with a different key index possibly use a different key?