PS Vita PKG Decryption, PS Vita Keys, the recent F00D Hack and F00D Processor Octopus Exploit today PlayStation Vita developer Yifan Lu updated the PSVIMG Tools GIT releases section with a dump_partials.vpk and more to decrypt PSVita game backups!
Download: dump_partials.vpk / psvimgtools-0.1-linux64.zip / psvimgtools-0.1-osx.zip / psvimgtools-0.1-win64.zip / Source code (zip) / Source code (tar.gz) / Latest Release / GIT
Note: The Linux version requires libgcrypt to be installed. Also according to PlayStation Vita hacker Davee, to quote: "You no longer need a Vita to derive your AID for CMA backup decryption. Use this: cma.henkaku.xyz"
To quote from the README.md: psvimgtools
This is a set of tools that let you decrypt, extract, and repack Vita CMA backup images. To use this you need your backup key which is tied to your PSN AID.
You should have cmake and zlib installed. To enable hardware accelerated crypto, make sure libgcrypt is installed. Windows users should install either Cygwin or Bash on Ubuntu for Windows.
Then just run
UsageCode:mkdir build && cd build cmake .. make
This is used to extract .psvimg files. The extracted output includes a directory for each backup set (e.g: ur0:appmeta, ux0:iconlayout.ini, and ur0:tmp/registry are three separate sets). Each backup set contains zero or more files and directories. A special file VITA_PATH.TXT is created for each set to remember what the original path was before extraction (this is used for repacking). A set can be only a single file (for example ux0:iconlayout.ini). In that case, the file VITA_DATA.BIN is created to host the contents of the file.
This decrypts and decompresses .psvmd files. The contents of which are defined in psvimg.h. This contains information such as the firmware version of the system that created the backup and the unique PSID of the system. Extracting this file is not required for repacking and is provided for reverse engineering/debugging purposes.
This repacks extracted files and creates the associated .psvimg and .psvmd files. If you have a decrypted .psvmd, you may pass it in with -m and the tool will reuse as many fields as possible (exception: size fields). No validity checks will be performed. If you do not have a decrypted .psvmd, you should use the -n option and specify the name of the backup. You should use the same name (the file name without the .psvimg extension) when repacking because CMA does check for a valid name. For example, if you are repacking license.psvimg, you should specify -n license.
The pack input directory should follow the same format as the output of psvimg-extract. The means a separate directory for each backup set (there may only be one set, in which your input directory will contain one subdirectory) each with a VITA_PATH.TXT file specifying the Vita path and optionally a VITA_DATA.BIN file if the set is a file.
Note that CMA does check the paths of the backup sets. Trying to add a backup set with a custom path may result in failure.
This is a brute-force backup key find tool. You should generate a valid partials.bin file using the provided "dump_partials" Vita homebrew that runs on HENkaku enabled consoles. You can generate partials for other people as well if you know their AID. The partials.bin file does not contain any console-unique information but is derived from the provided PSN AID. The AID is the 16 hex characters in your CMA backup path. For example, if I wish to decrypt PS Vita/PGAME/xxxxxxxxxxxxxxxx/NPJH00053/game/game.psvimg then my AID is xxxxxxxxxxxxxxxx.
The -n option specifies the number of threads to run. On Linux, each thread tries to run on a separate processor. On OSX/Windows, it is up to the scheduler to make such decisions. You should not specify too high of a number here, as running multiple threads on a single CPU will result in diminishing returns. A good rule of thumb is to specify the number of CPU cores on your system.
Download: bootimage_embedded_devkit.zip (1.80 MB)