1. Forums /
  2. Gaming Lounge /
  3. PS4 /
  4. PS4 Mods and Cheats /
  5. Resource:: PS4 Resigning Trophies on DevKits and TestKits
Post: PS4 Resigning Trophies on DevKits and TestKits
01-22-2017, 06:51 PM #1
Hydrogen's Avatar
Hydrogen
Super Mod
(adsbygoogle = window.adsbygoogle || []).push({});
PS4 Resigning Trophies on DevKits / TestKits


Previously in cased you missed it, a developer named You must login or register to view this content. aka (harlequin) had shared out his trophy resigning scripts he used by the help of You must login or register to view this content. python code, and by using You must login or register to view this content.. He managed to get some goodies out of this, and is waiting for someone to test. You could check out the thread I made a couple hours ago over that here:

Previous Thread: You must login or register to view this content.

Furthermore, PS4 Developer You must login or register to view this content. had came along the ride, and tweeted out stating he is going to make a PS4 Trophy Resigning Tutorial very soon, which is what we are going to discuss here today!

Today, Zecoxao had helped out harlequin with some issues towards resigning the trophies. Hopefully by the end of the month, we'll get this trophy resigning back to its feet for next-gen consoles. In addition, always remember we haven't found a way to spoof (atleast publicly) in order to take these trophies online, and also not on 1.76 consoles instead of DevKits/TestKits.

Download: You must login or register to view this content. / You must login or register to view this content.
 / You must login or register to view this content.



To roughly quote Zecoxao: "Resigning trophies for devkits and testkits must respect 3 conditions, and 1 is failing" #1

np_comm_id must be AAAA00000_00 (ok here)
resigning must be made by decrypting with retail key and encrypting with debug key (not respected here)
trophy must be named trophy00.trp (user can choose, so it's ok here)

I suggest before encrypting with retail key to encrypt with debug key and test. I can provide builds of debug trophy, and retail trophy of a game for further analysis.

EDIT: Here's the respective trophy files from minecraft retail and debug You must login or register to view this content.

Fixed Trophy Resigner to Allow Debug Resigning

    @@ -32,6 +32,7 @@ u8 np[0x10];

 u8 iv[0x10] = {0};

 u8 *ptr;

 u8 key[0x10]= {0};

+u8 key2[0x10]= {0};

 u8 org_key[0x10];

 u8 new_key[0x10];

 

 @@ -60,6 +61,9 @@ int main(int argc, char *argv[]) {

 	if (key_get_simple("trp-key-retail", key, 0x10) < 0)

 		fail("failed to load the ps4 trp retail key.");

 	

+	if (key_get_simple("trp-key-debug", key2, 0x10) < 0)

+		fail("failed to load the ps4 trp debug key.");

+	

 	//org key

 	memset(np, 0x00, 0x10);

 	memcpy(np, argv[2], 12);	

 @@ -68,7 +72,7 @@ int main(int argc, char *argv[]) {

 	//new key

 	memset(np, 0x00, 0x10);

 	memcpy(np, "AAAA00000_00", 12);		

-	aes128cbc_enc(key, iv, np, 0x10, new_key);

+	aes128cbc_enc(key2, iv, np, 0x10, new_key);

 			

 	for(i = 0; i < num; i++) {	

 		pos = 0x60 + (i * 0x40);


Changed Flags

    @@ -29,12 +29,16 @@

 #include "tools.h"

 

 u8 np[0x10];

+u8 np2[0x10];

 u8 iv[0x10] = {0};

+u8 new_civ[0x10] = {

+	0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F

+};

 u8 *ptr;

 u8 key[0x10]= {0};

 u8 key2[0x10]= {0};

 u8 org_key[0x10];

-u8 new_key[0x10];

+u8 new_key[0x10];	

 

 typedef struct {

  	u8 entry_name[32];

 @@ -70,9 +74,9 @@ int main(int argc, char *argv[]) {

 	aes128cbc_enc(key, iv, np, 0x10, org_key);

 	

 	//new key

-	memset(np, 0x00, 0x10);

-	memcpy(np, "AAAA00000_00", 12);		

-	aes128cbc_enc(key2, iv, np, 0x10, new_key);

+	memset(np2, 0x00, 0x10);

+	memcpy(np2, "AAAA00000_00", 12);		

+	aes128cbc_enc(key2, iv, np2, 0x10, new_key);

 			

 	for(i = 0; i < num; i++) {	

 		pos = 0x60 + (i * 0x40);

 @@ -90,14 +94,22 @@ int main(int argc, char *argv[]) {

 			memcpy(civ, ptr + e->entry_pos, 0x10);

 			

 			//decrypt

-			aes128cbc(org_key, civ, ptr + e->entry_pos + 0x10,  e->entry_len - 0x10, ptr + e->entry_pos + 0x10);						

+			aes128cbc(org_key, civ, ptr + e->entry_pos + 0x10,  e->entry_len - 0x10, ptr + e->entry_pos + 0x10);

+			

 			//encrypt with new key np			

-			aes128cbc_enc(new_key, civ, ptr + e->entry_pos + 0x10,  e->entry_len - 0x10, ptr + e->entry_pos + 0x10);				

+			aes128cbc_enc(new_key, new_civ, ptr + e->entry_pos + 0x10,  e->entry_len - 0x10, ptr + e->entry_pos + 0x10);

+

+			//copy new_civ to old civ

+			memcpy(ptr + e->entry_pos, new_civ , 0x10);

+			

+			//set new flag

+			e->flag = 0x02;

+			wbe32( ptr + pos + 0x20 + 0x08 + 0x08, e->flag);

 		}		

 	}

 	

-	//set header flag to development

-	wbe32(ptr + 0x18, 0x00000001);

+	//set header flag to development (not needed)

+	//wbe32(ptr + 0x18, 0x00000001);

 	

 	//calculate sha1 - set to zero, calc, store

 	memset(ptr + 0x1C, 0, 0x14);


Set Signature to X

    @@ -96,6 +96,12 @@ int main(int argc, char *argv[]) {

 			//decrypt

 			aes128cbc(org_key, civ, ptr + e->entry_pos + 0x10,  e->entry_len - 0x10, ptr + e->entry_pos + 0x10);

 			

+			//size of signature is 0x140, set it to x's

+			memset(ptr + e->entry_pos + 0x2D, 'x', 0x140);

+			

+			//print to screen to check validity

+			//printf("%s\n", ptr + e->entry_pos + 0x10);

+			

 			//encrypt with new key np			

 			aes128cbc_enc(new_key, new_civ, ptr + e->entry_pos + 0x10,  e->entry_len - 0x10, ptr + e->entry_pos + 0x10);

 

 @@ -105,7 +111,7 @@ int main(int argc, char *argv[]) {

 			//set new flag

 			e->flag = 0x02;

 			wbe32( ptr + pos + 0x20 + 0x08 + 0x08, e->flag);

-		}		

+		}

 	}

 	

 	//set header flag to development (not needed)


Missing Flags

    @@ -119,6 +119,8 @@ int main(int argc, char *argv[]) {

 	

 	//calculate sha1 - set to zero, calc, store

 	memset(ptr + 0x1C, 0, 0x14);

+	//set flag to 0 (debug)

+	memset(ptr + 0x31, '0', 1);

 	sha1(ptr, sz, ptr + 0x1C);	

 	

 	memcpy_to_file(argv[3], ptr , sz );

Fixed np_comm_id Inside XML

    @@ -99,7 +99,11 @@ int main(int argc, char *argv[]) {

 			//size of signature is 0x140, set it to x's

 			memset(ptr + e->entry_pos + 0x2D, 'x', 0x140);

 			

-			//print to screen to check validity

+			//magic is AAAA00000_00, set it

+			memset(ptr + e->entry_pos + 0x1B5, 'A', 0x4);

+			memset(ptr + e->entry_pos + 0x1B9, '0', 0x5);

+			

+			//print to screen to check validity, uncomment this if necessary

 			//printf("%s\n", ptr + e->entry_pos + 0x10);

 			

 			//encrypt with new key np


For anyone needing the keys, i'll provide them here for you:

Trophy Debug Key

    02 CC D3 46 B4 59 CB 83 50 5E 8E 76 0A 44 D4 57


Trophy Retail Key

    21 F4 1A 6B AD 8A 1D 3E CA 7A D5 86 C1 01 B7 A9
Last edited by Hydrogen ; 01-22-2017 at 09:07 PM.

The following 3 users say thank you to Hydrogen for this useful post:

MOD-RuLeZ, MODZ4FUN420, Darth Saul
01-22-2017, 09:10 PM #2
Hydrogen's Avatar
Hydrogen
Super Mod
Added in Zecoxao's Pull Request for other information that's fixed.
01-22-2017, 10:45 PM #3
Frosty's Avatar
Frosty
error
Originally posted by Hydrogen View Post
Added in Zecoxao's Pull Request for other information that's fixed.


Why remove my post Sal

The following user thanked Frosty for this useful post:

MOD-RuLeZ

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo