@@ -32,6 +32,7 @@ u8 np[0x10];
u8 iv[0x10] = {0};
u8 *ptr;
u8 key[0x10]= {0};
+u8 key2[0x10]= {0};
u8 org_key[0x10];
u8 new_key[0x10];
@@ -60,6 +61,9 @@ int main(int argc, char *argv[]) {
if (key_get_simple("trp-key-retail", key, 0x10) < 0)
fail("failed to load the ps4 trp retail key.");
+ if (key_get_simple("trp-key-debug", key2, 0x10) < 0)
+ fail("failed to load the ps4 trp debug key.");
+
//org key
memset(np, 0x00, 0x10);
memcpy(np, argv[2], 12);
@@ -68,7 +72,7 @@ int main(int argc, char *argv[]) {
//new key
memset(np, 0x00, 0x10);
memcpy(np, "AAAA00000_00", 12);
- aes128cbc_enc(key, iv, np, 0x10, new_key);
+ aes128cbc_enc(key2, iv, np, 0x10, new_key);
for(i = 0; i < num; i++) {
pos = 0x60 + (i * 0x40);
@@ -29,12 +29,16 @@
#include "tools.h"
u8 np[0x10];
+u8 np2[0x10];
u8 iv[0x10] = {0};
+u8 new_civ[0x10] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
+};
u8 *ptr;
u8 key[0x10]= {0};
u8 key2[0x10]= {0};
u8 org_key[0x10];
-u8 new_key[0x10];
+u8 new_key[0x10];
typedef struct {
u8 entry_name[32];
@@ -70,9 +74,9 @@ int main(int argc, char *argv[]) {
aes128cbc_enc(key, iv, np, 0x10, org_key);
//new key
- memset(np, 0x00, 0x10);
- memcpy(np, "AAAA00000_00", 12);
- aes128cbc_enc(key2, iv, np, 0x10, new_key);
+ memset(np2, 0x00, 0x10);
+ memcpy(np2, "AAAA00000_00", 12);
+ aes128cbc_enc(key2, iv, np2, 0x10, new_key);
for(i = 0; i < num; i++) {
pos = 0x60 + (i * 0x40);
@@ -90,14 +94,22 @@ int main(int argc, char *argv[]) {
memcpy(civ, ptr + e->entry_pos, 0x10);
//decrypt
- aes128cbc(org_key, civ, ptr + e->entry_pos + 0x10, e->entry_len - 0x10, ptr + e->entry_pos + 0x10);
+ aes128cbc(org_key, civ, ptr + e->entry_pos + 0x10, e->entry_len - 0x10, ptr + e->entry_pos + 0x10);
+
//encrypt with new key np
- aes128cbc_enc(new_key, civ, ptr + e->entry_pos + 0x10, e->entry_len - 0x10, ptr + e->entry_pos + 0x10);
+ aes128cbc_enc(new_key, new_civ, ptr + e->entry_pos + 0x10, e->entry_len - 0x10, ptr + e->entry_pos + 0x10);
+
+ //copy new_civ to old civ
+ memcpy(ptr + e->entry_pos, new_civ , 0x10);
+
+ //set new flag
+ e->flag = 0x02;
+ wbe32( ptr + pos + 0x20 + 0x08 + 0x08, e->flag);
}
}
- //set header flag to development
- wbe32(ptr + 0x18, 0x00000001);
+ //set header flag to development (not needed)
+ //wbe32(ptr + 0x18, 0x00000001);
//calculate sha1 - set to zero, calc, store
memset(ptr + 0x1C, 0, 0x14);
@@ -96,6 +96,12 @@ int main(int argc, char *argv[]) {
//decrypt
aes128cbc(org_key, civ, ptr + e->entry_pos + 0x10, e->entry_len - 0x10, ptr + e->entry_pos + 0x10);
+ //size of signature is 0x140, set it to x's
+ memset(ptr + e->entry_pos + 0x2D, 'x', 0x140);
+
+ //print to screen to check validity
+ //printf("%s\n", ptr + e->entry_pos + 0x10);
+
//encrypt with new key np
aes128cbc_enc(new_key, new_civ, ptr + e->entry_pos + 0x10, e->entry_len - 0x10, ptr + e->entry_pos + 0x10);
@@ -105,7 +111,7 @@ int main(int argc, char *argv[]) {
//set new flag
e->flag = 0x02;
wbe32( ptr + pos + 0x20 + 0x08 + 0x08, e->flag);
- }
+ }
}
//set header flag to development (not needed)
@@ -119,6 +119,8 @@ int main(int argc, char *argv[]) {
//calculate sha1 - set to zero, calc, store
memset(ptr + 0x1C, 0, 0x14);
+ //set flag to 0 (debug)
+ memset(ptr + 0x31, '0', 1);
sha1(ptr, sz, ptr + 0x1C);
memcpy_to_file(argv[3], ptr , sz );
@@ -99,7 +99,11 @@ int main(int argc, char *argv[]) {
//size of signature is 0x140, set it to x's
memset(ptr + e->entry_pos + 0x2D, 'x', 0x140);
- //print to screen to check validity
+ //magic is AAAA00000_00, set it
+ memset(ptr + e->entry_pos + 0x1B5, 'A', 0x4);
+ memset(ptr + e->entry_pos + 0x1B9, '0', 0x5);
+
+ //print to screen to check validity, uncomment this if necessary
//printf("%s\n", ptr + e->entry_pos + 0x10);
//encrypt with new key np
02 CC D3 46 B4 59 CB 83 50 5E 8E 76 0A 44 D4 57
21 F4 1A 6B AD 8A 1D 3E CA 7A D5 86 C1 01 B7 A9
Copyright © 2024, NextGenUpdate.
All Rights Reserved.