Join Us and become a Member for a Verified Badge to access private areas with the latest PS4 PKGs.
Status
Not open for further replies.
To celebrate PlayStation Vita's birthday, PS Vita developer Yifan Lu with help from H of UkakNEH made available PSVIMGTools for backing up and restoring data on the PS Vita handheld console similar to the PS3 backup tool. :cool:

Download: psvimgtools-master.zip / psvimgtools-master.zip (Mirror) / PSVIMGTools Master / GIT / PSVIMGTools Frontend / GIT by @SilicaAndPina / Psvimgtools.Easy.FrontEnd.1.8.7.zip / GIT via MRGhidini

To quote from Wiki.Henkaku.xyz: PSVIMG

PSVIMG files are encrypted files generated by CMA in backing up and restoring data from the Vita.

Generating PSVIMG

When CMA is used to backup system, game, or savedata from the Vita to a PC or PS3, the following algorithm is used:
  • Using a tar-like structure, stream all of the file data into a file.
  • If making a PSVMD file, use the deflate algorithm to compress.
  • Generate a random nonce for the first 0x10 bytes using the RndNumber syscall.
  • Generate a unique session AES256 key using a secret phrase and the PSN account id of the PSVita.
  • Generate a SHA256 hash of the plaintext every 0x8000 bytes and insert the hash into the filestream.
  • Encrypt the stream data using EncDecKeygen syscall from SceSblDmac5Mgr with the nonce as the header and the AES256 session key.
  • Transmit to PC or PS3.
Secrets

If you look at the 16 character hex directory name included in part of the backup path, that is your PSN account id. The AES256 session key is calculated by doing a SHA256 hash of the 8 byte hex binary representation of the PSN account id followed by the secret phrase: Sri Jayewardenepura Kotte

Example

Buffer:
Code:
01 23 45 67 89 AB CD EF 53 72 69 20 4A 61 79 65 77
61 72 64 65 6E 65 70 75 72 61 20 4B 6F 74 74 65
SHA256 of this buffer generates the AES256 session key of:
Code:
02EAAB5A00EC9D4207E8B1F53F8A2F3F91F1A73AAFDD2A81CCFEE3E83E5B101A
Unfortunately, this is dependent on the PSVita for executing using the EncDecKeygen function. The AES256 key is altered inside the F00D Processor (Octopus Exploit) in some way currently unknown. Upon decryption, the session key is sent to F00D and an assigned slot.

When the HW crypto engine is invoked to perform the decryption, it is given the slot number. Presumably, the crypto engine talks directly with F00D to use the derived key.
Finally, from MRGhidini comes PSVIMGTools Frontend (GIT) followed by PSVIMGTools Easy FrontEnd (GIT) with a demo video below!

Thanks to @CelesteBlue for the post on this news! :)
PSVIMGTools for PS Vita Backing Up  Restoring Data by Yifan Lu.jpg
 

Comments

I have to precise that it was made possible thanks to H. investigation into lv1 on vita fw 1.50.

If someone can compile it, share please.
 
What exactly we can do with this tool in noob terms? Restore encrypt games in PS VITA 3.63 or just in 3.60 ?

Thanks lot PSXHAX and YIFANLU
I would like to know that too, or maybe is for keep the system files safe in case of brick? like what happens few months ago with those vpks that bricked several vita's
 
Status
Not open for further replies.
Back
Top