-
-
Save TheOfficialFloW/30c90b95c35623dda8a367996b4c08b8 to your computer and use it in GitHub Desktop.
| uint8_t rif_name_keys[0x10] = { | |
| 0x19, 0xDD, 0x4F, 0xB9, 0x89, 0x48, 0x2B, 0xD4, | |
| 0xCB, 0x9E, 0xC9, 0xC7, 0x9A, 0x2E, 0xFB, 0xD0 | |
| }; | |
| int aes_encrypt(const void *buf, int size, uint8_t *keys) { | |
| AES_ctx ctx; | |
| AES_set_key(&ctx, rif_name_keys, 0x80); | |
| int i; | |
| for (i = 0; i < size; i += 0x10) { | |
| AES_encrypt(&ctx, buf+i, buf+i); | |
| } | |
| } | |
| typedef struct { | |
| uint64_t mode; // 0: bounded, 1: fixed | |
| uint64_t aid; | |
| } SceNpDrmRifName; | |
| int getRifName(char *name, int length, uint64_t aid, uint64_t mode) { | |
| SceNpDrmRifName rif_name; | |
| rif_name.mode = mode; | |
| rif_name.aid = aid; | |
| aes_encrypt(&rif_name, sizeof(SceNpDrmRifName), rif_name_keys); | |
| snprintf(name, length, "%016llx%016llx.rif", __builtin_bswap64(((uint64_t *)&rif_name)[0]), __builtin_bswap64(((uint64_t *)&rif_name)[1])); | |
| } |
Answering my own question here, after taking a closer look at the source of NoNpDrm:
6488b73b912a753a492e2714e9b38bc7 is what you get when you encrypt an SceNpDrmRifName struct set to mode 1 and with an AID of 0x0000000000000000 (NOT 0x0123456789ABCDEF) and with an IV set to 0.
e.g., if you have a struct.bin file containing 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00:
# openssl enc -aes-128-cbc -in struct.bin -K 19dd4fb989482bd4cb9ec9c79a2efbd0 -iv 0 | xxd
00000000: 6488 b73b 912a 753a 492e 2714 e9b3 8bc7 d..;.*u:I.'.....
00000010: bd14 64a2 6617 22eb 4a30 a3bb 4488 51bc ..d.f.".J0..D.Q.And for a struct.bin set to. 01 00 00 00 00 00 00 00 EF CD AB 89 67 45 23 01:
# openssl enc -aes-128-cbc -in struct.bin -K 19dd4fb989482bd4cb9ec9c79a2efbd0 -iv 0 | xxd
00000000: d607 a34f a875 99c6 a484 9155 63b5 7096 ...O.u.....Uc.p.
00000010: 2af1 59ac bd1b d9e3 b0b8 774a ad10 fd96 *.Y.......wJ....Thus the RIF names for an AID of 0x0123456789ABCDEF would be d607a34fa87599c6a484915563b57096.rif.
Of course, with a 128 bit payload + knowledge of the key, as well as the encrypted and decrypted payloads, one could figure out a missing IV by XORing the decrypted data with the expected one. But of course, using an IV other than zero in this specific case doesn't make much sense...
Very nice work. Do you also have any hints about the IV?
I've tried your algorithm with an
0x0123456789ABCDEFAID and various basic IV's, but couldn't manage to get the expected6488b73b912a753a492e2714e9b38bc7.rifoutput... So I'm wondering if I'm missing something obvious, or if the IV is some value we don't know yet...