Topics

46

Reverse Engineering / Magna Carta Portable SHIP.PPS file

« on: August 24, 2019, 09:05:14 PM »

Magic: 53 4D 50 46 or SMPF

Header:

Code: [Select]

typedef struct pps_header {
    uint32_t magic;
    uint32_t file_num;
} pps_header;
Table 1, File IDs at 0x800:
Each file id is a uint16_t. It file_num long, hover the last few seem to have some sort of problem and there is overflow? These file ids align with the file names of the PS2 counterpart.

Table 2, File Info at 0x5800:

Code: [Select]

typedef struct pps_entry_offset {
uint32_t offset;
uint32_t entry_size;
} __attribute__((__packed__))  pps_entry_offset ;
Offset is multiplied by 0x800. Entry size is the size of the entry within the SHIP.PPS (aka compressed). Table 2 is ran in parallel to the Table 1.

Large files are made into a zlib stream, which has following header pre-pended to it.

Code: [Select]

typedef struct pps_entry_header {
uint32_t uncompressed_sz;
uint32_t compressed_sz;
} __attribute__((__packed__)) pps_entry_header;
Another file type which is embedded straight into the SHIP.PPS is the text files.
It is comprised of two sections.
The first section is unknown. It seems to have a variable to decide text speed. There seems to be a "section identifier" (0x4 size) that increases by at the start of a new section. These section identifiers are followed by length indicators (0x4 sized) that determine the lengths of the strings in the second section.

The second section has the text data:
$n is used for newlines in UTF-16 strings.
It auto newlines after 24 characters ingame.

The other files embedded are currently unknown.

47

Reverse Engineering / __sceebootpbp formats

« on: August 24, 2019, 08:16:33 PM »

Format is used by the Vita to prevent tampering of eboot.pbp by hashing parts of the file along with itself.

Structure for post firmware 1.8 (0x200):

Code: [Select]

typedef struct sce_ebootpbp {
uint64_t magic;
uint32_t unk1;
uint32_t type;// 03 - ps1,  02 - psp
uint8_t np_title[0x30];
uint64_t aid;
uint64_t secure_tick;
uint64_t filesz;
uint64_t sw_ver;
uint8_t padding[0xf8];
ECDSA_SIG_0x1c ebootpbp_hdr_sig;
ECDSA_SIG_0x1c NPUMDIMG_sig;
ECDSA_SIG_0x1c sceebootpbp_sig;
} __attribute__((packed)) sce_ebootpbp;
Pre 1.8 structure (0x100):

Code: [Select]

typedef struct sce_ebootpbp {
uint64_t magic;
uint32_t unk1;// set to 1
uint32_t type;//0
uint8_t np_title[0x30];
uint64_t aid; //may not be needed
uint8_t padding[0x10];
ECDSA_SIG_0x1c ebootpbp_hdr_sig;//0x58
ECDSA_SIG_0x1c NPUMDIMG_sig;  //0xc8
ECDSA_SIG_0x1c sceebootpbp_sig; //0x90

} __attribute__((packed)) sce_ebootpbp;

Magic: NPUMDSIG, NPPS1SIG

The format utilizes f00d service 0x1000B, 0x22 which derives its "random number" from the hash/message being signed with ECDSA. The private key was changed post 1.8 along with added support of PS1 eboots. NPPS1SIG does not have a content id.

ebootpbp_hdr_sig - SHA224 of first 0x200 (maybe up until end of param.sfo) of EBOOT.pbp.
NPUMDIMG_sig - SHA224 of the first 0x1C0000 of DATA.PSAR
sceebootpbp_sig - SHA224 of 0x1C8(post 1.8 ) or 0xC8 of the __sceebootpbp file.

All of these hashes are then ran though 0x22.

Implementation: https://github.com/dots-tb/chovy-gen

48

Reverse Engineering / IKA SEQ SYSTEM v4.1 HuneX 2010

« on: August 24, 2019, 08:04:35 PM »

Used to hold text and scene data.

MAGIC:
IKA SEQ SYSTEM  v4.1 HuneX 2010 (0x20 bytes)

Time stamp of date modified:
0x20 Year
0x24 Day
0x28 Month
0x2C Most likely some sort of time?

0x30 Scene data start
0x34 File size

FILETOPADDR structure things:
Offset (0x4)
FILETOPADDR (0xB)
[Byte 0x7] (0x1)

@n is newline

49

Read these / Overall Rules

« on: August 24, 2019, 05:09:40 PM »

Site Wide Rules

• This is an English speaking website.
  • If your first message is not in English, you will be banned.
  • If you state that you are not very good at English you will be banned. It will be obvious, stating that you are not good at English is showing weakness!
• If you ask a simple question and have shown no attempt at answering it yourself nor any intent of putting effort into answering it, you will be banned.
• This site is for 18 years or older, if it can be proved that you are under this age, you will be banned.
• If any of your messages contain media with no text, you will be banned.
• Any advertising will result in a ban. Spam, flooding, advertisements, chain letters, pyramid schemes, and solicitations are also forbidden on this forum.
• Any off-topic information (deemed by the board categories and following board specific rules) will result in a ban.
• Any off-topic information not conforming to the topic set by the OP will result in a ban. Assuming that the OP has followed these rules.
• Posting of personal information (yours or another's) will result in a ban.
• All material posted is the responsibility of the user posting said material. You also agree not to post any copyrighted material unless you own the copyright or you have written consent from the owner of the copyrighted material.
• Each post must contain unique content, otherwise ban.
• You may revive a post if there is new information pertaining to it. If you revive a thread otherwise, you will be banned.
• Your post must add value to the discussion or you will be banned.
• Elevating another user of this forum or an obvious mortal man above mortal man will result in a ban.
• Using the term jailbreak or other similar buzzwords will result in a ban. If it is a release that contains the word jailbreak, an exception may be made.
• The use of alts is not allowed. You and any alternate accounts will be banned.
• All material posted must be legal in the United States of America or the Netherlands. You probably will be banned otherwise.
• Do not be a coward or else the only brave thing you will have done is be banned

Console Hacking and Game Modding Category rules.

• Threads dedicated to asking for help will result in a ban.
• The parent board (insert console name here) is dedicated to releases and other end-user related material. The sub-categories are dedicated to their label.
• You may ask for help in the sub-categories, however, you must show you put effort into it and post all information you found pertaining to it. If not, you will be banned.
• Game modding is not console modding, implying that game modding is console modding will result in a ban.

User Created Content

• It must be created by you and not overlap with an existing board
• A game being posted may also be posted in a Console hacking category if it can ran on that hacked console category.

*Every ban is an IP ban.

Any other information that does not require stability maybe asked in the Discord server. 
Rules are subject to change probably without notice.
Signatures will be treated as information appended to your post.