NPDRM Basic Info

Posted by Slynk | Posted in | Posted on 2:23 AM

I'd like to begin this post with a few comments.

  1. Only a little bit of this is my own findings, a lot of this info was found from other sources.
  2. NPDRM discussion does not have to be a topic of piracy, it can be used in conjunction with signing/encrypting homebrew if it is fully documented one day.
  3. This is mostly to bring together the bits of info scattered across the interwebs.
NPDRM Types

NP 3 is a free licensed app. It has no license check. No edata/riff. Just install and use. This can be trial software as well.

NP 2 is a locally licensed app. First time activation must take place online. After which you'll have an edata/riff for that app and somehow this is connected to your act.dat.

NP1 is a network licensed app. It requires network authentication every time it is launched.

The offset for determining the NPDRM type of a self is at the NPDRM Header offset + 0x1C.

NPDRM Security

NPDRM as well as edata use AES, ECDSA, and CMAC for authenticity. These keys, with the exception of the CMAC key, are out there in the ether and can be found without much effort for someone who knows what they're doing. The specifics of the algorithm are still being researched but a few people have already figured it out; but of course they won't share their info.

AES and ECDSA are handle by appldr like always. CMAC is handle by one of vsh's modules. (Don't know which one, just adding it for completeness.)

Another form of security used in NPDRM is called a k_license. This is a 16 byte key that the developer makes that functions as sort of a "project key". It's used in all npdrm encrypted files within the project to prevent one of the files from being replaced by another project's file. It is also referred to as an SCE NPDRM Key. 

NPDRM Header

The current known structure of the NPDRM Header:


typedef struct 
{ 
    byte[4] block_type;  // this is 3(NPDRM) 
    byte[4] block_size;  // this is 0x90(sizeof(Self_NPDRM)) 
    byte[4] unknown1;    // So far always 0 
    byte[4] unknown2;    // So far always 0 
    byte[4] magic;       // 0x4E504400(NPD) 
    byte[4] unknown3;    // So far always 1 
    byte[4] license;     // 1 Network License, 2 Local License, 3 Free 
    byte[4] type;        // 1 Executable, 21 Update for Disc Based Game 
    byte[0x30] titleid; 
    byte[0x10] hash_unknown; 
    byte[0x10] hash1; 
    byte[0x10] hash2; 
    byte[0x10] padding; 
} Self_NPDRM



I hear there's plenty of more info in the official sdk for anyone who legally owns it as well. Anyway, I'll post more if anything else comes to light. ^^

Comments (5)

Any more info on this. Please :)

Sorry, I'm not working on the PS3 anymore. Too much drama. Plus my first gen PS3, which is my only one, bit the dust so not much motivation to keep on working. : /

Thanks for replying. Sorry to here about your ps3. I'm on my forth. I would hate to be without it, so I know how much it probably sucks.

Yeah. I *could* replace the ps3 but I'd have to buy a slim and a ps2 to be happy XD. Can't play persona anymore :(

me gustaria saber si con esto se podria jugar a la demo del pes 2012 y convertirlo en full?

Post a Comment