Author Topic: Rebuilding AFV File from act.dat and actsig.dat  (Read 7703 times)

Offline SilicaAndPina

  • Hot Pockets
  • End User
  • *****
  • Posts: 38
  • Its probably a wiccan thing..
    • View Profile
Rebuilding AFV File from act.dat and actsig.dat
« on: August 08, 2021, 01:13:04 PM »
What is an AFV?
An AFV is the file given to developers via DevNet that is needed to activate a Development Kit or Testing Kit console.
When an AFV is applied, the vita generates act.dat and actsig.dat, (as well as some binary blob that it copies to NVS) from that file

This process can be reversed in order to take act.dat and actsig.dat, and generate the corresponding AFV again

Lets take a look at the act.dat file:
it is a binary file found at tm0:/activate/act.dat
the structure is as follows:

int32 - magic number - must be "act\0"
int32 - version - always just 0x01
int32 - issue number- total number of tokens issued
int32 - start date - unix timestamp of activation begin period
int32 - end date - unix timestamp of activation end period
byte[0x10] - openPSID - same as activation key, minus the last set of digits
byte[0x1C] - reserved - all 0x00
byte[0x40] - activation token (encrypted) - for (symmetric) signature checks

after FW 1.80, sony realized that using a symmetric key for signature checks was stupa bad idea, so they also added actsig.dat
this file is just 0x100 bytes, and is a asymmetric signature using either ECDSA or RSA (im not sure which >_<)
this is basically just a blob of encrypted data ..

Now lets take a look at AFV Files:
They are a ascii file, (Not binary), and contain pretty much the same information as act.dat and actsig.dat,

# VITA/ActivationCode\n
# format_version=just like ACT.DAT, there is only version "1"\n
# code_num=number of tokens, (one afv can hold multiple devices activation data) but for our purposes, we will just put 1 here\n
# code_size=size of line1 (act.dat equivalent)\n
# extra_data_size=size of line2 (actsig.dat equivalent)\n
Hex Encoded OpenPSID, All uppercase, Decimal encoded start date, Decimal encoded end date,         Decimal encoded issue number, Hex Encoded Encrypted Token/Signature (symmetric), All uppercase\n
Hex Encoded actsig.dat, All upercase\n

So as you can see its quite trivial to recreate a AFV from act.dat and actsig.dat, you can basically just use a hex editor and notepad, use the hex editor to decode the int32's and copy hex encoded data in accordance to the structure below, and then just write them into notepad in that format, and save it as "vita_activation.afv" and it should work

Or, if your lazy, you can have this program i wrote do all the work for you

Code: [Select]
vita_make_afv act.dat actsig.dat vita_activation.afv
Ok, i got my AFV, now how can i activate my devkit using it?
Well, if you just generated it based on the activation tokens you already have applied if you try activate using this file
it will tell give you an error saying a newer activation file is required
This is because of the issue_number, the vita will refuse any AFV with an issue number that is less than or equal to the current issue number set in tm0:/activate/act.dat and NVS block, so in order to actually use this AFV, you have to either already have broken NVS activation data, or break it so that you can apply it again,
an easy way to break it would just be to use activate.vpk, put a blank (0x20) byte act-nvs.dat, (0x80) byte act.dat in ux0:/data/act.dat and then a blank (0x100) byte actsig.dat in ux0:/data also
then delete or rename the existing act.dat/actsig.dat files in tm0:/activate, open activate.vpk and then it will ask you to restore the activation backup, which of course is just blank data, which will clear all traces of activation from your devkit or testkit, including the last issue number. EASY right?

Oh, and you have to make sure your secure / cp clock is set to a time after the start date, but before the end date, otherwise it wont work!

Ok great, i mannaged to nuke my activation data from my devkit! now im able to use the AFV file i created to.. uh get it all back for some reason?
(wait, why are we doing this again? deleting activation just to copy it straight back? FOR SCIENCE?)

There are 3 ways to activate- you can activate via a memory card, it checks for an AFV at "ux0:/data/activate/vita_activation.afv", you can activate over CMA, (this requires DevkitCMA, QCMA and SonyCMA will not work), and finally you can activate via Neighbourhood for PlayStation Vita (devkit only) just click on the red "Activate" button the system will just reboot itself and the activation data will be re-applied.

all this for the off chance that your NVS activation block is broken but act.dat and actsig.dat are not....
this would force it to be re-generated, thus fixing the problem,
but if that is the case, don't use this to try fix it, instead just generate act-nvs.dat from an existing act.dat using this tool: Way faster.

At the end of the day, being able to generate AFV files and use them to activate your devkit may make you feel cool because your doing it the way sony "intended", well with a little bit of time travel anyway.

there is basically 0 practical use for this as far as i can tell, the one thing i can think of has a much faster way to accomplish the same thing, Oh well. if only sonys private key for actsig.dat would get leaked. then this would suddenly be way more useful.

(Thanks to princess of sleeping for providing a sample AFV file for me)

Blessed Be~
« Last Edit: August 08, 2021, 01:15:59 PM by SilicaAndPina »