Following PS Vita PKG Decryption, PS Vita Keys, the recent F00D Hack and F00D Processor Octopus Exploit today PlayStation Vita developer Yifan Lu updated the PSVIMG Tools GIT releases section with a dump_partials.vpk and more to decrypt PSVita game backups!
Download: dump_partials.vpk / psvimgtools-0.1-linux64.zip / psvimgtools-0.1-osx.zip / psvimgtools-0.1-win64.zip / Source code (zip) / Source code (tar.gz) / Latest Release / GIT / PSVIMGTools Frontend / GIT by @SilicaAndPina
Note: The Linux version requires libgcrypt to be installed. Also according to PlayStation Vita hacker Davee, to quote: "You no longer need a Vita to derive your AID for CMA backup decryption. Use this: cma.henkaku.xyz"
To quote from the README.md: psvimgtools
This is a set of tools that let you decrypt, extract, and repack Vita CMA backup images. To use this you need your backup key which is tied to your PSN AID.
Building
You should have cmake and zlib installed. To enable hardware accelerated crypto, make sure libgcrypt is installed. Windows users should install either Cygwin or Bash on Ubuntu for Windows.
Then just run
UsageCode:mkdir build && cd build cmake .. make
psvimg-extract
This is used to extract .psvimg files. The extracted output includes a directory for each backup set (e.g: ur0:appmeta, ux0:iconlayout.ini, and ur0:tmp/registry are three separate sets). Each backup set contains zero or more files and directories. A special file VITA_PATH.TXT is created for each set to remember what the original path was before extraction (this is used for repacking). A set can be only a single file (for example ux0:iconlayout.ini). In that case, the file VITA_DATA.BIN is created to host the contents of the file.
psvmd-decrypt
This decrypts and decompresses .psvmd files. The contents of which are defined in psvimg.h. This contains information such as the firmware version of the system that created the backup and the unique PSID of the system. Extracting this file is not required for repacking and is provided for reverse engineering/debugging purposes.
psvimg-create
This repacks extracted files and creates the associated .psvimg and .psvmd files. If you have a decrypted .psvmd, you may pass it in with -m and the tool will reuse as many fields as possible (exception: size fields). No validity checks will be performed. If you do not have a decrypted .psvmd, you should use the -n option and specify the name of the backup. You should use the same name (the file name without the .psvimg extension) when repacking because CMA does check for a valid name. For example, if you are repacking license.psvimg, you should specify -n license.
The pack input directory should follow the same format as the output of psvimg-extract. The means a separate directory for each backup set (there may only be one set, in which your input directory will contain one subdirectory) each with a VITA_PATH.TXT file specifying the Vita path and optionally a VITA_DATA.BIN file if the set is a file.
Note that CMA does check the paths of the backup sets. Trying to add a backup set with a custom path may result in failure.
psvimg-keyfind
This is a brute-force backup key find tool. You should generate a valid partials.bin file using the provided "dump_partials" Vita homebrew that runs on HENkaku enabled consoles. You can generate partials for other people as well if you know their AID. The partials.bin file does not contain any console-unique information but is derived from the provided PSN AID. The AID is the 16 hex characters in your CMA backup path. For example, if I wish to decrypt PS Vita/PGAME/xxxxxxxxxxxxxxxx/NPJH00053/game/game.psvimg then my AID is xxxxxxxxxxxxxxxx.
The -n option specifies the number of threads to run. On Linux, each thread tries to run on a separate processor. On OSX/Windows, it is up to the scheduler to make such decisions. You should not specify too high of a number here, as running multiple threads on a single CPU will result in diminishing returns. A good rule of thumb is to specify the number of CPU cores on your system.
Download: bootimage_embedded_devkit.zip (1.80 MB)
Finally, from MRGhidini comes PSVIMGTools Frontend (GIT) followed by PSVIMGTools Easy FrontEnd (GIT) with a demo video below!
-
About the Author: PSXHAX"Live in Your World, HAX in Ours!"Hello World! I've been reporting on Sony PlayStation hacking news since 2000 and started PSXHAX in 2015 to cover PlayStation (PSX), PlayStation 2 (PS2), PlayStation 3 (PS3), PlayStation 4 (PS4), PlayStation Portable (PSP), PlayStation Vita (PS Vita) and PlayStation TV (PS TV) platforms along with anything else of interest.
Click on my UserName author link above and you'll be able to view a filtered list of all of the articles I've contributed thus far to PSXHAX.COM.
If you enjoy gaming and would like to write (unpaid) for this site, Contact Us and we'll be happy to have ya join our Staff!
-
Page 1 of 2
Comments
-