Last fall we learned that PS4 RIF Files are required to make PlayStation 4 Packages (PKG files) playable, followed by some OMSK App details, the OMSK Client RIF File, an Install Guide for jailbroken consoles and most recently the necessary PS4 IDX File Generator.
Today PlayStation 4 developer @theorywrong (Twitter) shared via HydrogenNGU a PS4 rif_decryptor that is currently broken, and they are seeking some help from scene devs to fix the code.
Download: PS4 RIF Decryptor Code
Calling this code is enough to decrypt any PS4 .rif file stated by Oneman.
From Pastebin.com:
Cheers to @LightningMods in the PSXHAX Shoutbox for the heads-up on this community project!
Today PlayStation 4 developer @theorywrong (Twitter) shared via HydrogenNGU a PS4 rif_decryptor that is currently broken, and they are seeking some help from scene devs to fix the code.
Download: PS4 RIF Decryptor Code
Code:
#define _WANT_UCRED
#define _XOPEN_SOURCE 700
#define __BSD_VISIBLE 1
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <sys/mman.h>
#include <sys/ioctl.h>
#include <kernel.h>
#include <ps4/kernel.h>
#include <debugnet.h>
#include "jailbreak.h"
typedef struct _decrypt_rif_args
{
void* buffer;
size_t length;
}
decrypt_rif_args;
void save_rif(char *name, uint8_t *raw, size_t size) {
FILE *fd = fopen(name, "wb");
if (fd != NULL) {
fwrite(raw, 1, size, fd);
fclose(fd);
}
else {
debugNetPrintf(INFO, "dump err.\n");
}
}
int decrypt_rif(char *rif_file, char *save_file) {
debugNetPrintf(INFO, "RIF Filename: %s\n", rif_file);
FILE* rif_input = fopen(rif_file, "rb");
if (rif_input == NULL) {
debugNetPrintf(INFO, "fopen: cannot open this file !\n");
return 1;
}
fseek(rif_input, 0L, SEEK_END);
int rif_size = ftell(rif_input);
fseek(rif_input, 0L, SEEK_SET);
void* rif_addr = align_alloc(0x4000, rif_size);
fread(rif_addr, rif_size, 1, rif_input);
fclose(rif_input);
debugNetPrintf(INFO, "RIF Address: %p\n", rif_addr);
debugNetPrintf(INFO, "RIF Size: %p\n", rif_size);
int fd = -1;
fd = open("/dev/npdrm", O_RDWR, 0);
if (fd < 0)
{
free(rif_addr);
debugNetPrintf(INFO, "Failed to open /dev/npdrm!\n");
return 1;
}
decrypt_rif_args args;
memset(&args, 0, sizeof(args));
args.buffer = rif_addr,
args.length = rif_size;
if (ioctl(fd, 0xC0404E03, &args) < 0) {
free(rif_addr);
debugNetPrintf(INFO, "ioctl have a error !!!\n");
return 1;
}
close(fd);
save_rif(save_file, rif_addr, rif_size);
debugNetPrintf(INFO, "Decrypted RIF saved to: %s !\n", save_file);
free(rif_addr);
return 0;
}
int main(int argc, char **argv)
{
debugNetInit("192.168.1.2", 15000, DEBUG);
debugNetPrintf(INFO, "rif_decrypt initialized\n");
int64_t ret;
debugNetPrintf(INFO, "getuid() : %d\n", getuid());
if (getuid() != 0) {
ps4KernelExecute((void*)jailbreak, NULL, &ret, NULL);
debugNetPrintf(INFO, "jailbreak!!\n");
}
if (decrypt_rif("/mnt/usb0/generic.rif", "/mnt/usb1/generic.drif") > 0) {
if (decrypt_rif("/mnt/usb1/generic.rif", "/mnt/usb1/generic.drif") > 0) {
debugNetPrintf(INFO, "Failed to decrypt RIF !!\n");
}
}
return EXIT_SUCCESS;
}
From Pastebin.com:
Code:
__int64 __usercall dec_rif_ioctls@<rax>(__int64 a1@<rdx>, __int64 *a2@<rdi>, __m256i *a3@<rsi>, unsigned __int64 a4@<r12>, __m256i _YMM0@<ymm0>)
{
__m256i *v5; // r14@1
signed int v6; // er13@1
unsigned int v7; // ebx@6
unsigned __int32 v8; // eax@6
__int32 v9; // esi@21
signed int v10; // eax@31
__int64 v11; // rax@36
__int64 v12; // rax@36
__int64 result; // rax@39
__m256i v15; // [rsp+0h] [rbp-528h]@19
__m256i v16; // [rsp+20h] [rbp-508h]@23
__int64 v17; // [rsp+40h] [rbp-4E8h]@23
__m256i v18; // [rsp+60h] [rbp-4C8h]@19
__m256i v19; // [rsp+80h] [rbp-4A8h]@20
__int64 v21; // [rsp+C0h] [rbp-468h]@38
unsigned __int64 _rif_header; // [rsp+E0h] [rbp-448h]@4
unsigned __int16 v23; // [rsp+130h] [rbp-3F8h]@6
char v24; // [rsp+320h] [rbp-208h]@33
char v25; // [rsp+340h] [rbp-1E8h]@23
__int64 v26; // [rsp+380h] [rbp-1A8h]@36
__int64 v27; // [rsp+388h] [rbp-1A0h]@36
__int64 v28; // [rsp+390h] [rbp-198h]@36
__int64 v29; // [rsp+398h] [rbp-190h]@36
__int64 v30; // [rsp+3C0h] [rbp-168h]@36
__int64 v31; // [rsp+3C8h] [rbp-160h]@36
char v32; // [rsp+3E0h] [rbp-148h]@4
__int64 v33; // [rsp+4E0h] [rbp-48h]@1
v5 = a3;
v33 = *(_QWORD *)G__preinit_array_end;
v6 = -2138636287;
if ( !dword_8EF0C0 )
goto LABEL_39;
v6 = -2138636283;
if ( !a2 )
goto LABEL_39;
if ( !a1 )
goto LABEL_39;
memcpy((__int64)&_rif_header, a1, 1024LL);
v6 = sub_28D870((__int64)&_rif_header, (__int64)&v32);
if ( v6 < 0 )
goto LABEL_39;
v6 = -2138636282;
if ( (_DWORD)_rif_header != 'FIR' )
goto LABEL_39;
v7 = ((unsigned int)(unsigned __int16)(_rif_header >> 32) >> 8) | (unsigned __int16)((unsigned __int16)(_rif_header >> 32) << 8);
v8 = _byteswap_ulong(v23) >> 16;
if ( v8 > 0x100 )
{
if ( v8 > 0x301 )
{
if ( v8 != 770 )
goto LABEL_39;
}
else if ( v8 - 512 >= 3 )
{
if ( v8 != 257 && v8 != 258 )
goto LABEL_39;
}
else
{
v6 = -2138636285;
if ( !(unsigned int)check_perm((__int64)&_rif_header, (__int64)&v32) )
goto LABEL_39;
}
}
else if ( v8 )
{
goto LABEL_39;
}
v6 = -2138636284;
if ( !v7 )
goto LABEL_39;
if ( v7 > 1 )
goto LABEL_39;
v6 = _check_if_ps4_activated((__int64 *)&v18, (__int64 *)&v15, (__int64)&_rif_header, 1, a4, _YMM0);
if ( v6 < 0 )
goto LABEL_39;
v6 = -2138636273;
if ( v19.m256i_i8[0] )
goto LABEL_39;
v9 = v19.m256i_i32[2];
if ( v19.m256i_i32[2] <= 0x100u )
{
v6 = -2138636282;
if ( v19.m256i_i32[2] )
goto LABEL_39;
v6 = npdrm_decrypt_kds_rif(&v16.m256i_i64[3], (__int64)&v25, 0, _YMM0);
__asm
{
vxorps ymm0, ymm0, ymm0
vmovaps [rsp+528h+anonymous_0], ymm0
vmovaps [rsp+528h+var_528], ymm0
}
v17 = 0LL;
goto LABEL_35;
}
if ( v19.m256i_i32[2] > 0x301u )
{
v6 = -2138636282;
if ( v19.m256i_i32[2] != 770 )
goto LABEL_39;
}
else if ( (unsigned int)(v19.m256i_i32[2] - 512) >= 3 )
{
if ( v19.m256i_i32[2] != 257 )
{
v6 = -2138636282;
if ( v19.m256i_i32[2] != 258 )
goto LABEL_39;
v10 = npdrm_decrypt_disc_rif((__int64)&v25, (__int64 *)&v24, _YMM0);
goto LABEL_34;
}
}
else
{
v6 = 0x80870003;
if ( !(unsigned int)check_perm((__int64)&v18, v19.m256i_u32[2]) )
goto LABEL_39;
v9 = v19.m256i_i32[2];
}
v10 = npdrm_decrypt_isolated_rif((__int64)&v25, v9, _YMM0);
LABEL_34:
v6 = v10;
LABEL_35:
if ( v6 >= 0 )
{
a2[3] = v29;
a2[2] = v28;
v11 = v26;
a2[1] = v27;
*a2 = v11;
v12 = v30;
a2[5] = v31;
a2[4] = v12;
if ( v5 )
qmemcpy(v5, &v18, 0x68uLL);
v6 = 0;
memset((__int64)&_rif_header, 0LL);
__asm
{
vxorps ymm0, ymm0, ymm0
vmovaps [rsp+528h+var_488], ymm0
vmovaps [rsp+528h+var_4A8], ymm0
vmovaps [rsp+528h+var_4C8], ymm0
}
v21 = 0LL;
}
LABEL_39:
result = *(_QWORD *)G__preinit_array_end;
if ( *(_QWORD *)G__preinit_array_end == v33 )
result = (unsigned int)v6;
return result;
}