Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - SilicaAndPina

Pages: [1] 2 3
Kits / Rebuilding AFV File from act.dat and actsig.dat
« on: August 08, 2021, 01:13:04 PM »
What is an AFV?
An AFV is the file given to developers via DevNet that is needed to activate a Development Kit or Testing Kit console.
When an AFV is applied, the vita generates act.dat and actsig.dat, (as well as some binary blob that it copies to NVS) from that file

This process can be reversed in order to take act.dat and actsig.dat, and generate the corresponding AFV again

Lets take a look at the act.dat file:
it is a binary file found at tm0:/activate/act.dat
the structure is as follows:

int32 - magic number - must be "act\0"
int32 - version - always just 0x01
int32 - issue number- total number of tokens issued
int32 - start date - unix timestamp of activation begin period
int32 - end date - unix timestamp of activation end period
byte[0x10] - openPSID - same as activation key, minus the last set of digits
byte[0x1C] - reserved - all 0x00
byte[0x40] - activation token (encrypted) - for (symmetric) signature checks

after FW 1.80, sony realized that using a symmetric key for signature checks was stupa bad idea, so they also added actsig.dat
this file is just 0x100 bytes, and is a asymmetric signature using either ECDSA or RSA (im not sure which >_<)
this is basically just a blob of encrypted data ..

Now lets take a look at AFV Files:
They are a ascii file, (Not binary), and contain pretty much the same information as act.dat and actsig.dat,

# VITA/ActivationCode\n
# format_version=just like ACT.DAT, there is only version "1"\n
# code_num=number of tokens, (one afv can hold multiple devices activation data) but for our purposes, we will just put 1 here\n
# code_size=size of line1 (act.dat equivalent)\n
# extra_data_size=size of line2 (actsig.dat equivalent)\n
Hex Encoded OpenPSID, All uppercase, Decimal encoded start date, Decimal encoded end date,         Decimal encoded issue number, Hex Encoded Encrypted Token/Signature (symmetric), All uppercase\n
Hex Encoded actsig.dat, All upercase\n

So as you can see its quite trivial to recreate a AFV from act.dat and actsig.dat, you can basically just use a hex editor and notepad, use the hex editor to decode the int32's and copy hex encoded data in accordance to the structure below, and then just write them into notepad in that format, and save it as "vita_activation.afv" and it should work

Or, if your lazy, you can have this program i wrote do all the work for you

Code: [Select]
vita_make_afv act.dat actsig.dat vita_activation.afv
Ok, i got my AFV, now how can i activate my devkit using it?
Well, if you just generated it based on the activation tokens you already have applied if you try activate using this file
it will tell give you an error saying a newer activation file is required
This is because of the issue_number, the vita will refuse any AFV with an issue number that is less than or equal to the current issue number set in tm0:/activate/act.dat and NVS block, so in order to actually use this AFV, you have to either already have broken NVS activation data, or break it so that you can apply it again,
an easy way to break it would just be to use activate.vpk, put a blank (0x20) byte act-nvs.dat, (0x80) byte act.dat in ux0:/data/act.dat and then a blank (0x100) byte actsig.dat in ux0:/data also
then delete or rename the existing act.dat/actsig.dat files in tm0:/activate, open activate.vpk and then it will ask you to restore the activation backup, which of course is just blank data, which will clear all traces of activation from your devkit or testkit, including the last issue number. EASY right?

Oh, and you have to make sure your secure / cp clock is set to a time after the start date, but before the end date, otherwise it wont work!

Ok great, i mannaged to nuke my activation data from my devkit! now im able to use the AFV file i created to.. uh get it all back for some reason?
(wait, why are we doing this again? deleting activation just to copy it straight back? FOR SCIENCE?)

There are 3 ways to activate- you can activate via a memory card, it checks for an AFV at "ux0:/data/activate/vita_activation.afv", you can activate over CMA, (this requires DevkitCMA, QCMA and SonyCMA will not work), and finally you can activate via Neighbourhood for PlayStation Vita (devkit only) just click on the red "Activate" button the system will just reboot itself and the activation data will be re-applied.

all this for the off chance that your NVS activation block is broken but act.dat and actsig.dat are not....
this would force it to be re-generated, thus fixing the problem,
but if that is the case, don't use this to try fix it, instead just generate act-nvs.dat from an existing act.dat using this tool: Way faster.

At the end of the day, being able to generate AFV files and use them to activate your devkit may make you feel cool because your doing it the way sony "intended", well with a little bit of time travel anyway.

there is basically 0 practical use for this as far as i can tell, the one thing i can think of has a much faster way to accomplish the same thing, Oh well. if only sonys private key for actsig.dat would get leaked. then this would suddenly be way more useful.

(Thanks to princess of sleeping for providing a sample AFV file for me)

Blessed Be~

PS Vita / [Release] [PC TOOL] [Python] depersonalize_devnet
« on: May 02, 2021, 05:36:25 AM »
Removes watermark from Sony Developer PDF's and PUPs


you can run the same file from different users and find that after running this its the same bytes :D
making it possible to share w/o sony knowing where it came from

Blessed Be!!

PS 5 / Get a PS5 Camera Adapter without knowing any serial number!
« on: March 04, 2021, 07:32:01 AM »
1) take an existing serial number, eg: P0418091177309 ( yuno found this one on an ebay listing )
2) add a random number with 1-5 digits to it (lets say 2156), now we have P0418091179465
3) goto
4) say your not a robot

5) enter your newly calculated serial number-

6) fill in your details-

7) click submit and your done- enjoy !

if you receive an email saying there processing your request then you win !

-- Blessed Be~

PS 5 / NpTrophy v2 - PS5 Trophy File extractor!
« on: February 21, 2021, 05:37:47 AM »
I have written a program to extract files out of the PS5's trophy00.ucp file.


PS 5 / Unity for PlayStation 5, and first look at ps5 executables.
« on: February 20, 2021, 02:47:33 AM »
- we found the first ps5 for unity release, its

if u install the right unity version u can install and take a look at the files
extracted files:

It contains compiled SELF binaries that are NOT encrypted "clang version 10.0.0 (PS5 clang version e46d84a8 e46d84a8f26dda5456e992ff595a5a433c322b2e)"
src code, dll verisons of the cg compiler (i think?) and at9tool. some source code, and other neat things :D

- CG Compiler!

- Ps5 SELFS!

(not encrypted!)

- Trophy data files !!!

- Ps5 Codename Found!

- Some src

Found using Silica's UnityBrute (heavily upgraded by Olebeck)  and countless others who threw there network processing power into this.
(yuno's node found it i think?), and 5 terabytes of HTTP Requests :D

btw, it mentions where to find ps5 devnet, its at
still ip locked thou :-:

Reverse Engineering / Re: #ChovyProject - Road to PS1 support
« on: October 17, 2020, 07:28:06 AM »
I disagree with this idea.
DATA.PSP start 0x150 have 0x410 bytes unknown data,  I fill random data here, it doesn't effect game run.
and some pocketstation supported game release on psn before psv release.
eg ff8 pkg download from psn file date is Wed, 07 Oct 2009 08:39:01 GMT

oh yeah! i totally forgot the PKG's were used before PSV even released (like on PSP and PS3)
thus if it were a flag in DATA.PSP they would have to have either had that right from the start (unlikely.) or update existing PS1 packages
but thats unlikely because Date-Modified header as you imagined.

so its gotta be somewhere else possibly just hardcoded into pspemu and sceshell lol

Reverse Engineering / Re: #ChovyProject - Road to PS1 support
« on: October 17, 2020, 06:43:23 AM »
I don't know, may be list hard-code in psv?
If psn support restore backup to psv it will support.
Eg Final fantasy VIII, Super robot taisen series.

i was thinking maybe some flag in DATA.PSP tbh .. i dont know ..

Reverse Engineering / Re: #ChovyProject - Road to PS1 support
« on: October 17, 2020, 06:12:07 AM »
EdatTest can resign EDAT
PbpResign can resign any PSP PBP from PSN
PrxDecrypt can resign DATA.PSP
PspTest can resign DATA.PSAR Program.cs#L1230
SceEbootGen C# __sce_ebootpbp and __sce_discinfo test generator
VmpTest psx save decryptor and encryptor

Thank you !

btw any idea how the psvita knows if a game supports the PocketStation?

Reverse Engineering / Re: #ChovyProject - Road to PS1 support
« on: October 17, 2020, 05:31:05 AM »
I have successed get PS1 content work on PSV and pocketstation emulator also work. Currently only support EBOOT.PBP from PSN package, because PS1 game iso need lzr compress, currently there is no way to recompress lzr.
1. DATA.PSP need resign with 0x65 kirk key.
2. DATA.PSAR need resign with versionkey.
3. Originally a multi-disc game need __sce_discinfo instead of __sceebootpbp, psv will verify multi-disk signature from vs0:\app\NPXS10028\__sce_discinfo (no private key, can't modify it). bug if __sceebootpbp is provided, the check can be bypassed.

DATA.PSP is a pops emulator loader and DATA.PASR length is hard-code in it and verify the length. DATA.PSP in most game have same code, only DATA.PASR length different, a few games that have other differences, but I’m not sure what they are for.

I have use JP9000-NPJI90001_00-0000000000000001 for seed game, but any psp game can also work.

ps: chovy-gen have a bug, if PSAR size less than 0x1C0000 will gen wrong __sceebootpbp. fix this can get pc engine game work.

next step is found the way to recompress lzr to get normal ps1 iso work.

psx lzr compress different like psp content, that code doesn't work. decompress code can find in

all kirk key can find here

versionkey same as KEYS.BIN

I have only test code written in C#, hard code filename for test, If you wish I can share it.

sorry i accidentally clicked 'modify' on your reply when trying to reply to it then wrote my reply inside it *oops* ... sorry about that ... >_<

anyway, the key there seems to be the same key i found on the psp dev wiki, im just not quite sure how im suppost to sign with it haha

also yes this code would be helpful would be better to understand what your talking about >-<

Reverse Engineering / Re: #ChovyProject - Road to PS1 support
« on: October 17, 2020, 04:37:45 AM »
Wow you actually got games to load?
ive been messing around with POPS for awhile im not exactly sure about how to get version key of a POPS game, my current code was

Code: [Select]
        public unsafe static byte[] GetVersionKeyPs1(Stream pbp)


            pbp.Seek(0x24, SeekOrigin.Begin);
            Int64 PSISOOffset = Convert.ToInt64(readUInt32(pbp));
            pbp.Seek(PSISOOffset, SeekOrigin.Begin);
            pbp.Seek(0x400, SeekOrigin.Current);
            pbp.Seek(0x4, SeekOrigin.Current);
            int key_index, drm_type;

            key_index = readInt32(pbp);
            drm_type = readInt32(pbp);

            pbp.Seek(PSISOOffset + 0x400, SeekOrigin.Begin);
            byte[] pgd_buf = new byte[0x70];
            pbp.Read(pgd_buf, 0x00, pgd_buf.Length);

            byte[] VER_KEY_ENC = new byte[0x10];
            pbp.Read(VER_KEY_ENC, 0x00, VER_KEY_ENC.Length);

            MAC_KEY mkey;
            byte[] VERSION_KEY = new byte[0x10];
            int mac_type;
            if (drm_type == 1)
                mac_type = 1;
                if (key_index > 1)
                    mac_type = 3;
                mac_type = 2;

            sceDrmBBMacInit(&mkey, mac_type);
            sceDrmBBMacUpdate(&mkey, pgd_buf, 0x70);
            bbmac_getkey(&mkey, VER_KEY_ENC, VERSION_KEY);

            return VERSION_KEY;

is this correct?
found KIRK 0x65 but it seems to be an AES key? how do i sign with AES? esp since DATA.PSP seems to have a RSA/EC signature in there ?

As for LZR sign_np actually has a function to LZR compress a buffer. so just use that!

im interested in adding support for this into chovy-sign (its kinda half-done already >_<)

do you have any example code or anything?

dev / Re: Definite proof the SKGleba bricks Vitas !
« on: September 11, 2020, 07:46:36 AM »
A minute of silence for these poor Vitas that will never come back to life.

a reminder for everyone that PSVita's are NOT Cute Girls, so them never coming back to life isnt a cute thing.

Reverse Engineering / Re: CXML format
« on: September 04, 2020, 07:01:12 AM »
Mentioned Issue(s) are Fixed in V3 of CXML Decompiler.

I have released a tool called "default-psn-avatar" awhile back originally just to get the.. default avatar but it has evolved alot since then:
it allows you to do the following:

1) Set avatar back to the default (duh)
2) Remove / Change "Real Name" entry (unrestricted input unlike PS4 or Web)
3) Change PSN Profile colour to ANY 32bit RGB color.
4) Remove Address Information from PSN

Fun stuff:
- If you set ONLY a first name, with no last name ("") then the ps4 profile viewer app will crash upon loading your profile ;P
- If you set your first and last name to a blank space it will appear invisible!
- If you set ONLY your first name to have a bunch of trailing spaces and a single space for last eg: F:"    Silica" M:"" L:" "
due to a rendering bug in the PS4, your name will appear to "move" when its selected in Party Chat.
- Setting an all white background as your cover image and making your profile color all white (#FFFFFF)
makes the page basically unreadable on PS4.

Download it here:

Thanks and Blessed Be~

PS M / [OpenPSS] Sce.PlayStation.Core.dll but its open src.
« on: August 07, 2020, 02:46:18 PM »
There is an essential .NET Mannaged library that EVERY psm game has a reference too.
most of the PSM DLL's are shipped with the game however PlayStation.Core is not.

because of this i decided to "rewrite" the library but with full src.
for Sce.PlayStation.Core essentially this is just like having the actual src code for the file :D

You have to build it using PSM Studio ofc.

see here:

somehow my dll is smaller than the offical one. but whatever,
if you replace it at %SCE_PSM_SDK%\mono\lib\psm with mine you'll see retail games still work np

though i havent tried everything theres a chance it could still be broken somewhere ahah

Blessed Be~

Tutorials / [UNOFFICAL] How to bypass AutoModerator on r/vitahacks
« on: August 05, 2020, 12:12:32 PM »
Okay so you may have noticed that r/vitahacks and other shitty subreddits have an "AutoModerator" that just removes posts based on certain words found within them,

for example on vitahacks if you say "NoNpDrm" it gets automatically removed and you receive a message saying

We do not permit discussion of piracy and piracy related tools for Vita and PSP or questions involving them. Period. This includes if these tools are used for legitimate means. This includes any general question that includes references to these tools. This includes meta questions about this tool and this rule. The reason is less about ethics and more about the association of these topics with low-effort threads that create a burden for the moderating staff. There are other subreddit more dedicated for these low-effort, low-value topics.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

this is a clear violation of our 1st amendment rights!


1) Open Notepad.exe

2) Type the word

3) Right click the middle of the word

4) Open "Insert Unicode Control Character"

5) Click on "PDF"

6) Now copy paste the word into Reddit or whatever else

it wont be removed now! enjoy your INDEPENDENCE! from the CENSORING COMMUNIST MODERATORS!

Blessed Be~

Pages: [1] 2 3