Category PS Vita Jailbreaking       Thread starter PSXHAX       Start date Aug 21, 2016 at 10:37 PM       7,424       3            
Previously we reported on the PlayStation Vita developer leak of Adventure Time: The Secret of the Nameless Kingdom which ran in HENkaku via VitaShell, and now Tokyo Xanadu is rumored to be the first decrypted PS Vita 3.60 Firmware VPK game backup! :geek:

Download: xanadu.zip (2.28 GB) / PS Vita PKGs

To quote from Wololo: "A download link for the Japanese version of the game appeared on Chinese forums a few hours ago, and apparently the game runs on Hacked Vitas through HENkaku.

decrypted_elf.jpgThe file is big (more than 2GB), and according to the author of the release, VitaShell is not able to install it. However, manually unzipping the vpk file and copying the files at the right location on the memory card allows people to run the game, DRM free."

Also from 173210's Blog (GIT), to quote:

[PSP2] SceNpDrmPackage API: Decrypt PS Vita PKGs

I partially revealed some SceNpDrmPackage APIs. Those functions allow to decrypt PS Vita PKGs. I detail them here.
Code:
[
  "SceNpDrmPackage": {
        "modules": {
            "SceNpDrmPackage": {
                "functions": {
                    "_sceNpDrmPackageCheck": 2715321850,
                    "_sceNpDrmPackageDecrypt": 3606076108
                },
                "kernel": false,
                "nid": 2287029682,
                "variables": {}
	    }
        },
        "nid": WHATEVER_YOU_LIKE
    }
]

#include <psp2/types.h>

/** Options for _sceNpDrmPackageDecrypt */
typedef struct {
	/** The offset in encrypted data */
	SceOff offset;

	/**
	 * The identifier specified for _sceNpDrmPackageCheck but NOT ORed
         * with (1 << 8)
	 */
	unsigned int identifier;
} _sceNpDrmPackageDecrypt_opt;

/**
 * Read the header of PKG and initialize the context
 *
 * @param buffer - The buffer containing the header of PKG.
 * @param size - The size of buffer. The minimum value confirmed is 0x8000.
 * @param zero - Unknown. Supposed to be set to 0.
 * @param identifier - arbitrary value [0, 6) ORed with (1 << 8) or 0.
 *                     If it is set to 0, the function just checks the header
 *                     and doesn't create the context.
 */
int _sceNpDrmPackageCheck(const void *buffer, SceSize size, int zero,
                          unsigned int identifier);

/**
 * Decrypt the PKG
 *
 * @param buffer - The buffer containing the content of PKG.
 * @param size - The size of buffer. The minimum value confirmed is 0x20.
 * @param opt - The options.
 */
int _sceNpDrmPackageDecrypt(void * restrict buffer, SceSize size,
                            _sceNpDrmPackageDecrypt_opt * restrict opt);
The source of function names: Vita NIDs - Pastebin.com (found by devnoname120)

devnoname120 raised a question for prefix _. I think it is legitimate because they are intended for the internal use. Those functions are actually primitive and a userland static library gives more advanced functions. Probably they are expected to be called just by the library and users will use the library instead of calling them by themselves.

WHAT’S THE NEXT?

By the way, those functions are revealed with reversing fake_package_installer. Decrypting PKG is just a side of installing PKG, and fake_package_installer should have the other side; creating bubble with the unpacked PKG. Though xyzz provides some information for that in his mod of VitaShell, it doesn’t tell how to create PSP and PS1 bubbles. Figuring out that should be the next goal.

I tired of reversing, anyway. If you are going to reverse it rather than wait for me, please contact me. I’m willing to provide my code.

Thanks to @Ensight, @Fimo and @Chaos Kid in the PSXHAX Shoutbox for the news and download links ;)
Tokyo Xanadu.jpg
 

Comments

kombat75

Senior Member
Contributor
If files too big and mc already expensive not point rips the games.

Might as well rip it to external hdd so that we can store more gigs and more games.
 

AZGA87

Member
Contributor
well it's a start, i agree that if the games are too big size and the MC expensive it's not that great, but since you can transfer files from your pc to your MC it's not that bad, just like the psp but a little more expensive, though they usually find a way around it like compressing files and such
 
Recent Articles
Star Wars Jedi: Fallen Order Joins New PS4 Game Releases Next Week
Explore the galaxy in the latest PlayStation 4 third-person action-adventure game Star Wars Jedi: Fallen Order from Respawn Entertainment arriving to PS4 next week on November 15th. Play as an...
Feel The Power of Pro with PlayStation 4 Pro Latest PS4 TV Spot!
Right behind their It's Time to Play! campaign and Black Friday Deals, Sony is ramping up PlayStation promotions for the holidays with the latest PS4 TV spot showcasing the Limited Edition PS4 Pro...
REPL4Y for Android PS4 Remote Play App Free Trial Version by Twist3d89
Proceeding his request for Beta Testers and the Chiaki Open Source PS4 Remote Play Client release, developer Twist3d89 has made available a free trial version of his REPL4Y for Android application...
Sony CEO Jim Ryan on the Next-Gen Transition to PlayStation 5
Since the leaked PS5 DevKit Prototype images surfaced last month PlayStation CEO Jim Ryan revealed several areas Sony must focus on for a successful transition to their next-generation PlayStation...
Top