john-k / pspdecrypt Goto Github PK
View Code? Open in Web Editor NEWSimple tool to decrypt PSP binaries
License: GNU General Public License v3.0
Simple tool to decrypt PSP binaries
License: GNU General Public License v3.0
Do we really need to keep GZ after successfully unpacking?
All the text in one line and also empty string
<...>
'flash0:/kd/loadcore.prx' expanded,decrypted,saved!
'flash0:/kd/loadcorei.prx' expanded,decrypted,saved!
'flash0:/kd/loadexec.prx' expanded,saved,extracting reboot.binCannot find reboot.bin inside loadexec.
'flash0:/kd/me_for_vsh.prx' expanded,decrypted,gzip,expanded,saved!
'flash0:/kd/me_wrapper.prx' expanded,decrypted,saved!
<...>
Why???
Here's my proposal:
--outfile/-o
specifies the output decrypted PSP--outdir/-O
specifies the output dir for PSAR--extract-only
will only extract and not decrypt the PSAR's contents--psar-only
and --psp-only
, if given a PBP, will select what to extract/decryptThen, independently (using only --outdir/-O
), --ipl-decrypt
and a facultative --preipl
argument.
Also, possibly, --verbose
(at least for enabling the IPL decryption output).
Davee's code here : https://github.com/DaveeFTW/Infinity/blob/master/tools/psptools/psptool/psar.py seems to suggest the awkward decryption code is actually just a DES. The code might be simplified a lot using that.
These files looks like PRX but with PSPsysGP
magic bytes. File header has F09[0/1/2/3]2B0B
(PSP) or F09A2B0B
(ePSP/PSV) tag,
It would be great to be able to generate a custom PSAR using psardecrypt.
IPL is inside "updater" (DATA.PSP) -> "IplUpdater" (IplUpdater.prx).
You can extract this files with the PRXdecrypter 2.5 by jas0nuk.
PRXdecrypter_SRC_27062010_jas0nuk.zip
decrypt pcff.skprx from 3.74 -> bootimage_extract -> pspbtcnf.zip
D:\PSP\pcff>pspdecrypt.exe pspbtcnf.bin
Decryption failed for tag 4C94A1F0
i have no idea on what to do with this
File: DATA.zip
A standalone IPL decryption feature would be great
I get the following error even after increasing the buffer size, it appears to be a table decryption issue
root@DARKBASE:/mnt/e/DTP/pspdecrypt# ./psardecrypt vsh_arc_b02786_ww_20081114
PSAR ok version 4
psarVersion = 4
Version 5.02.
table_mode = 3
'00001' Cannot decrypt 1g table.
1g table buffer too small. Recompile with bigger buffer.
Segmentation fault
2.82 and older rev 0x04 PSAR decrypt fine.
The devkit kbooti/bootdispi/formati/dformat...., which contain devkit IPL blocks aren't supported yet,
These are the changes that need to be done:
All files that start with the following 0x10 bytes need to have the initial 0x1000 bytes skipped as the IPL only starts at 0x1000 in the file:
119D57D9E9DBA671F21092278A53E44D // kbooti 0.4.0
38045D6178F2501329690FCDF18F0930 // kbooti 0.6.0
C823470DD088E9126CE1E4F45CC90D0B // kbooti 0.7.0
D1ECAA62F333D3294519D95FF3402F8B // kbooti 0.9.0
027A247EB68166EEAC05EC157A328DFF // kbooti 2.6.0
1E9AD1BA7F28E2FE3DC329BD43B18B79 // kbooti 2.7.1
F3A5DBD7BA2064CD0786CE78B0EB6683 // kbooti 3.5.0
If the IPL blocks are using kbooti 3.5.0 (the file starts with the 0xF3A5DBD7BA2064CD0786CE78B0EB6683 bytes), then an xor step needs to be applied to the kirk1 header of each blocks (0x40 bytes of each blocks)
XOR key:
0E82DE13A84BB23E1FEC71542153C45A
A97D9B6A461B761DD1B921E594E08D4F
96402C0524660D700C8FFEB089D53E0E
6390CE0E5E71CBA581915314993E3474
A specific seed hash key also needs to be used to decrypt later IPL stages:
8E939AF03C553F7775317044853D9323
6C7F856DCF97F759EFC3236762E80AF7
4A9561D58704E6538410D9EEBFED2E97
EE4C8B042BC817DFD3D91EF6714055F7
See here for more info here https://playstationdev.wiki/pspdevwiki/index.php?title=Keys#3.5.0_DTP-T1000_Lib-PSP_iplloader
If kbooti 0.4.0 or 0.6.0 are used, the IPL format only uses a single block (like stage 3 IPLs on retails)
The program can't decrypt ePSP (PS Vita) prx modules.
Decryption failed for tag 457B9AF0
Decryption failed for tag 4C94A1F0
0x6 2 Compression Type 0x300-Plain, 0x200-KL4E, 0x100-2RLZ, 0x000-GZIP Little endian u16 & 0xF00
this flag can be found at PRX header, for some reason pspdecrypt handles everything properly except gzip formats, which it doesn't extract to plain elfs
for some reason the tool doesn't decrypt prxs from proto 0.6.5 archive but the old tool i used to use (decrypt_prx) does
PSAR version 2
Firmware version 4.21.
table_mode = 2
'flash0:/data/cert/CA_LIST.cer' expanded,saved!
'flash0:/dic/atokp.dic' expanded,saved!
<...>
'flash0:/vsh/module/netplay_client_plugin.prx' expanded,decrypted,gzip,expanded,saved!
'flash0:/vsh/module/impose_plugin.prx' expanded,decrypted,gzip,expanded,saved!
'flash0:/vsh/module/content_browser.prx' expanded,decrypted,gzip,expanded,saved!
Decrypt IPL 1 failed 0x00000002, WTF!
'ipl:/nandipl_-2147352261g.ipl' expanded,saved!,descramble using xorkey 1,decrypted IPL,linearized at 040f0000,stage2 unscrambled & decompressed,kernel keys decrypted,stage3 decrypted
Done!
12.11.2021 23:01 <DIR> .
12.11.2021 23:01 <DIR> ..
12.11.2021 22:56 32 kkeys_nandipl_-2147352261g.ipl
12.11.2021 22:56 147 456 nandipl_-2147352261g.ipl
12.11.2021 22:56 76 144 reboot_03g.bin
12.11.2021 22:56 132 848 stage1_nandipl_-2147352261g.ipl
12.11.2021 22:56 54 404 stage2_nandipl_-2147352261g.ipl
12.11.2021 22:56 67 144 stage3_nandipl_-2147352261g.ipl
There are issues with :
It would be nice to add an extract only feature in psardecrypt, like the original psardumper allows.
this is no rocket science, outdir option -O should attempt to create the specified output directory with mkdir 0777 as soon as the command is executed.
Hello! Requesting to add decryption support for PS1 (loader) ELFs in the EBOOT.PBP of PS1 / PSone titles.
I get the following error when using pspdecrypt 1.0:
Decryption failed for tag DAA06F0
In testing, i used the Tekken 2 and Resident Evil 1: Directors Cut ELF to try to decrypt. I can upload the ELF if need be for testing :P
Hello, I tried to decrypt the game update (PBOOT.PBP) but it failed.
Is it possible to support it?
Here is a screenshot and uploaded the files.
https://i.gyazo.com/dabb014361d788ad2696df89a7686c81.png
NPJH50698_00-SIREN4PLUS2012MA.zip
It's currently untested, it's not that much useful but it would still be nice to have.
I'm honestly not sure if this would even be the scope of this, but Resurssiklunssi is problematic on modern firmwares (I think it does work with (L)ME and leda.prx, but not able to verify right now) and there's otherwise no way I know of to extract rco files for later firmware versions, which I've come to realize is a pain recently seeing as I'm trying to modify the XMB waves.
I just want to know if it's something that could be considered for addition. Thanks.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.