Previously we reported on the PlayStation Vita developer leak of Adventure Time: The Secret of the Nameless Kingdom which ran in HENkaku via VitaShell, and now Tokyo Xanadu is rumored to be the first decrypted PS Vita 3.60 Firmware VPK game backup! 
Download: xanadu.zip (2.28 GB) / PS Vita PKGs
To quote from Wololo: "A download link for the Japanese version of the game appeared on Chinese forums a few hours ago, and apparently the game runs on Hacked Vitas through HENkaku.
The file is big (more than 2GB), and according to the author of the release, VitaShell is not able to install it. However, manually unzipping the vpk file and copying the files at the right location on the memory card allows people to run the game, DRM free."
Also from 173210's Blog (GIT), to quote:
[PSP2] SceNpDrmPackage API: Decrypt PS Vita PKGs
I partially revealed some SceNpDrmPackage APIs. Those functions allow to decrypt PS Vita PKGs. I detail them here.
The source of function names: Vita NIDs - Pastebin.com (found by devnoname120)
devnoname120 raised a question for prefix _. I think it is legitimate because they are intended for the internal use. Those functions are actually primitive and a userland static library gives more advanced functions. Probably they are expected to be called just by the library and users will use the library instead of calling them by themselves.
WHAT’S THE NEXT?
By the way, those functions are revealed with reversing fake_package_installer. Decrypting PKG is just a side of installing PKG, and fake_package_installer should have the other side; creating bubble with the unpacked PKG. Though xyzz provides some information for that in his mod of VitaShell, it doesn’t tell how to create PSP and PS1 bubbles. Figuring out that should be the next goal.
I tired of reversing, anyway. If you are going to reverse it rather than wait for me, please contact me. I’m willing to provide my code.
Thanks to @Ensight, @Fimo and @Chaos Kid in the PSXHAX Shoutbox for the news and download links
Download: xanadu.zip (2.28 GB) / PS Vita PKGs
To quote from Wololo: "A download link for the Japanese version of the game appeared on Chinese forums a few hours ago, and apparently the game runs on Hacked Vitas through HENkaku.
The file is big (more than 2GB), and according to the author of the release, VitaShell is not able to install it. However, manually unzipping the vpk file and copying the files at the right location on the memory card allows people to run the game, DRM free."Also from 173210's Blog (GIT), to quote:
[PSP2] SceNpDrmPackage API: Decrypt PS Vita PKGs
I partially revealed some SceNpDrmPackage APIs. Those functions allow to decrypt PS Vita PKGs. I detail them here.
Code:
[
"SceNpDrmPackage": {
"modules": {
"SceNpDrmPackage": {
"functions": {
"_sceNpDrmPackageCheck": 2715321850,
"_sceNpDrmPackageDecrypt": 3606076108
},
"kernel": false,
"nid": 2287029682,
"variables": {}
}
},
"nid": WHATEVER_YOU_LIKE
}
]
#include <psp2/types.h>
/** Options for _sceNpDrmPackageDecrypt */
typedef struct {
/** The offset in encrypted data */
SceOff offset;
/**
* The identifier specified for _sceNpDrmPackageCheck but NOT ORed
* with (1 << 8)
*/
unsigned int identifier;
} _sceNpDrmPackageDecrypt_opt;
/**
* Read the header of PKG and initialize the context
*
* @param buffer - The buffer containing the header of PKG.
* @param size - The size of buffer. The minimum value confirmed is 0x8000.
* @param zero - Unknown. Supposed to be set to 0.
* @param identifier - arbitrary value [0, 6) ORed with (1 << 8) or 0.
* If it is set to 0, the function just checks the header
* and doesn't create the context.
*/
int _sceNpDrmPackageCheck(const void *buffer, SceSize size, int zero,
unsigned int identifier);
/**
* Decrypt the PKG
*
* @param buffer - The buffer containing the content of PKG.
* @param size - The size of buffer. The minimum value confirmed is 0x20.
* @param opt - The options.
*/
int _sceNpDrmPackageDecrypt(void * restrict buffer, SceSize size,
_sceNpDrmPackageDecrypt_opt * restrict opt);devnoname120 raised a question for prefix _. I think it is legitimate because they are intended for the internal use. Those functions are actually primitive and a userland static library gives more advanced functions. Probably they are expected to be called just by the library and users will use the library instead of calling them by themselves.
WHAT’S THE NEXT?
By the way, those functions are revealed with reversing fake_package_installer. Decrypting PKG is just a side of installing PKG, and fake_package_installer should have the other side; creating bubble with the unpacked PKG. Though xyzz provides some information for that in his mod of VitaShell, it doesn’t tell how to create PSP and PS1 bubbles. Figuring out that should be the next goal.
I tired of reversing, anyway. If you are going to reverse it rather than wait for me, please contact me. I’m willing to provide my code.
Thanks to @Ensight, @Fimo and @Chaos Kid in the PSXHAX Shoutbox for the news and download links
