PS Vita PKG Decryption, PS Vita Keys, the recent F00D Hack and F00D Processor Octopus Exploit today PlayStation Vita developer Yifan Lu updated the PSVIMG Tools GIT releases section with a dump_partials.vpk and more to decrypt PSVita game backups!
Download: dump_partials.vpk / psvimgtools-0.1-linux64.zip / psvimgtools-0.1-osx.zip / psvimgtools-0.1-win64.zip / Source code (zip) / Source code (tar.gz) / Latest Release / GIT / PSVIMGTools Frontend / GIT / psvpfsparser-win32.zip by @SilicaAndPina
Note: The Linux version requires libgcrypt to be installed. Also according to PlayStation Vita hacker Davee, to quote: "You no longer need a Vita to derive your AID for CMA backup decryption. Use this: cma.henkaku.xyz"
To quote from the README.md: psvimgtools
This is a set of tools that let you decrypt, extract, and repack Vita CMA backup images. To use this you need your backup key which is tied to your PSN AID.
You should have cmake and zlib installed. To enable hardware accelerated crypto, make sure libgcrypt is installed. Windows users should install either Cygwin or Bash on Ubuntu for Windows.
Then just run
UsageCode:mkdir build && cd build cmake .. make
This is used to extract .psvimg files. The extracted output includes a directory for each backup set (e.g: ur0:appmeta, ux0:iconlayout.ini, and ur0:tmp/registry are three separate sets). Each backup set contains zero or more files and directories. A special file VITA_PATH.TXT is created for each set to remember what the original path was before extraction (this is used for repacking). A set can be only a single file (for example ux0:iconlayout.ini). In that case, the file VITA_DATA.BIN is created to host the contents of the file.
This decrypts and decompresses .psvmd files. The contents of which are defined in psvimg.h. This contains information such as the firmware version of the system that created the backup and the unique PSID of the system. Extracting this file is not required for repacking and is provided for reverse engineering/debugging purposes.
This repacks extracted files and creates the associated .psvimg and .psvmd files. If you have a decrypted .psvmd, you may pass it in with -m and the tool will reuse as many fields as possible (exception: size fields). No validity checks will be performed. If you do not have a decrypted .psvmd, you should use the -n option and specify the name of the backup. You should use the same name (the file name without the .psvimg extension) when repacking because CMA does check for a valid name. For example, if you are repacking license.psvimg, you should specify -n license.
The pack input directory should follow the same format as the output of psvimg-extract. The means a separate directory for each backup set (there may only be one set, in which your input directory will contain one subdirectory) each with a VITA_PATH.TXT file specifying the Vita path and optionally a VITA_DATA.BIN file if the set is a file.
Note that CMA does check the paths of the backup sets. Trying to add a backup set with a custom path may result in failure.
This is a brute-force backup key find tool. You should generate a valid partials.bin file using the provided "dump_partials" Vita homebrew that runs on HENkaku enabled consoles. You can generate partials for other people as well if you know their AID. The partials.bin file does not contain any console-unique information but is derived from the provided PSN AID. The AID is the 16 hex characters in your CMA backup path. For example, if I wish to decrypt PS Vita/PGAME/xxxxxxxxxxxxxxxx/NPJH00053/game/game.psvimg then my AID is xxxxxxxxxxxxxxxx.
The -n option specifies the number of threads to run. On Linux, each thread tries to run on a separate processor. On OSX/Windows, it is up to the scheduler to make such decisions. You should not specify too high of a number here, as running multiple threads on a single CPU will result in diminishing returns. A good rule of thumb is to specify the number of CPU cores on your system.
Download: bootimage_embedded_devkit.zip (1.80 MB)
Finally, from MRGhidini comes PSVIMGTools Frontend (GIT) followed by PSVIMGTools Easy FrontEnd (GIT) with a demo video below! To quote: If you want to contribute my work, any value will be welcome:
Psvimgtools Easy FrontEnd 1.7.3
Psvimgtools Easy FrontEnd 1.7.2
- Fixed the problem of listing the titleId with underline for some pkg
- Fixed issue with language for some messages
Psvimgtools Easy FrontEnd 1.7.1
- Added ability to extraction of pkg to NoNpDrm
- Added ability to List the Title_ID of pkg that are in the PKG folder
- Added ability to Extract pkg with zRIF, zRIF needs to be added in ListKey.txt together with Title_ID
- Added ability to Extract pkg without zRIF
In the PKG folder, you have a list of suggestions for downloading from the Zeus list, with the zRIF already added to the ListKey.txt file
You need the NoNpDrm plugin in your vita
Psvimgtools Easy FrontEnd 1.6.2
- Added ability to run as administrator
- Added explorer button to browse psvimgtools folders
- Improvement in the process of cloning games
Added "setup install", version management
Psvimgtools Easy FrontEnd 1.6.1
Psvimgtools Easy FrontEnd 1.6
- Fixed message where user without permission in Windows. Tries the process of clone psp games
- Added ability to add APP Wololo
Psvimgtools Easy FrontEnd 1.5
- (Hackinformer Suggestion) Added ability to add Themes automatic
- Added ability to add Whitelist
- Added ability to add Remove Featured
- Added ability to add Package Installer
- Added ability to add SQL commands and themes
Link Themes - https://repod.github.io/vitathemes/
Link Themes forum Hackinformer - https://forum.hackinformer.com/viewtopic.php?f=25&t=442
Psvimgtools Easy FrontEnd 1.4
- (Hackinformer Suggestion) Added ability to add APP Hackinformer
link - https://hackinformer.com/2017/06/23/psvimgtools-mrghidini-updated-1-5/
Psvimgtools Easy FrontEnd 1.3
- Added ability to clone PSP games automatic
- Added ability to listed the names of psp games, through param.sfo.
- Checking if the cma.henkaku link is active with your internet.
- Checking that the folders are in the same executable directory .exe.
- Checking update link.
- Verifying that the QCMA ID is the same as the selected game to extract.
- Fixed bug where it finishes running the processes left open in memory.