Author Topic: #ChovyProject - Road to PS1 support  (Read 1562 times)

Offline dots_tb

  • Refugee
  • **
  • Posts: 91
    • View Profile
#ChovyProject - Road to PS1 support
« on: August 24, 2019, 09:31:32 PM »
Goal is to get PS1 support that is hard to patch.

We will probably use the current chovy-sign method.

A PS1 base game will provide a RIF and a version key. The version key will be used to encrypt another PSN PS1 eboot. The Content ID does not seem to be found twice in the file along with the Vita prompting an corruption error when replaced with another eboot.pbp off of NPS (with regenerated __sceebootpbp) this leads me to believe that the DATA.PSP's content id is used to get the correct RIF and may have a Vita side check?

Resources:
https://github.com/tpunix/kirk_engine
https://github.com/xdotnano/PSXtract

Offline SilicaAndPina

  • Hot Pockets
  • End User
  • *****
  • Posts: 33
  • Its probably a wiccan thing..
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #1 on: November 09, 2019, 06:12:47 AM »
don't forget that on PS1- they dont just hand us the title and icon informaion you need to get it from somewhere ...

*Maybe scrape from renascene.com giving fake referer header?*

Offline SquallATF

  • End User
  • *
  • Posts: 5
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #2 on: October 17, 2020, 03:39:14 AM »
I have successed get PS1 content work on PSV and pocketstation emulator also work. Currently only support EBOOT.PBP from PSN package, because PS1 game iso need lzr compress, currently there is no way to recompress lzr.
1. DATA.PSP need resign with 0x65 kirk key.
2. DATA.PSAR need resign with versionkey.
3. Originally a multi-disc game need __sce_discinfo instead of __sceebootpbp, psv will verify multi-disk signature from vs0:\app\NPXS10028\__sce_discinfo (no private key, can't modify it). bug if __sceebootpbp is provided, the check can be bypassed.

DATA.PSP is a pops emulator loader and DATA.PASR length is hard-code in it and verify the length. DATA.PSP in most game have same code, only DATA.PASR length different, a few games that have other differences, but I’m not sure what they are for.

I have use JP9000-NPJI90001_00-0000000000000001 for seed game, but any psp game can also work.

ps: chovy-gen have a bug, if PSAR size less than 0x1C0000 will gen wrong __sceebootpbp. fix this can get pc engine game work.

next step is found the way to recompress lzr to get normal ps1 iso work.
« Last Edit: October 17, 2020, 03:41:50 AM by SquallATF »

Offline SilicaAndPina

  • Hot Pockets
  • End User
  • *****
  • Posts: 33
  • Its probably a wiccan thing..
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #3 on: October 17, 2020, 04:37:45 AM »
Wow you actually got games to load?
ive been messing around with POPS for awhile im not exactly sure about how to get version key of a POPS game, my current code was

Code: [Select]
        public unsafe static byte[] GetVersionKeyPs1(Stream pbp)
        {

            kirk_init();

            pbp.Seek(0x24, SeekOrigin.Begin);
            Int64 PSISOOffset = Convert.ToInt64(readUInt32(pbp));
            pbp.Seek(PSISOOffset, SeekOrigin.Begin);
            pbp.Seek(0x400, SeekOrigin.Current);
            pbp.Seek(0x4, SeekOrigin.Current);
            int key_index, drm_type;

            key_index = readInt32(pbp);
            drm_type = readInt32(pbp);

            pbp.Seek(PSISOOffset + 0x400, SeekOrigin.Begin);
            byte[] pgd_buf = new byte[0x70];
            pbp.Read(pgd_buf, 0x00, pgd_buf.Length);

            byte[] VER_KEY_ENC = new byte[0x10];
            pbp.Read(VER_KEY_ENC, 0x00, VER_KEY_ENC.Length);

            MAC_KEY mkey;
            byte[] VERSION_KEY = new byte[0x10];
            int mac_type;
            if (drm_type == 1)
            {
                mac_type = 1;
                if (key_index > 1)
                {
                    mac_type = 3;
                }
            }
            else
            {
                mac_type = 2;
            }

            sceDrmBBMacInit(&mkey, mac_type);
            sceDrmBBMacUpdate(&mkey, pgd_buf, 0x70);
            bbmac_getkey(&mkey, VER_KEY_ENC, VERSION_KEY);

            return VERSION_KEY;
        }

is this correct?
found KIRK 0x65 but it seems to be an AES key? how do i sign with AES? esp since DATA.PSP seems to have a RSA/EC signature in there ?

As for LZR sign_np actually has a function to LZR compress a buffer. so just use that! https://github.com/swarzesherz/sign_np/blob/ac77d56e13b5c6c60564100699560d12ff3f425f/tlzrc.c#L604

im interested in adding support for this into chovy-sign (its kinda half-done already >_<)


do you have any example code or anything?
« Last Edit: October 17, 2020, 05:09:35 AM by SilicaAndPina »

Offline SilicaAndPina

  • Hot Pockets
  • End User
  • *****
  • Posts: 33
  • Its probably a wiccan thing..
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #4 on: October 17, 2020, 05:31:05 AM »
I have successed get PS1 content work on PSV and pocketstation emulator also work. Currently only support EBOOT.PBP from PSN package, because PS1 game iso need lzr compress, currently there is no way to recompress lzr.
1. DATA.PSP need resign with 0x65 kirk key.
2. DATA.PSAR need resign with versionkey.
3. Originally a multi-disc game need __sce_discinfo instead of __sceebootpbp, psv will verify multi-disk signature from vs0:\app\NPXS10028\__sce_discinfo (no private key, can't modify it). bug if __sceebootpbp is provided, the check can be bypassed.

DATA.PSP is a pops emulator loader and DATA.PASR length is hard-code in it and verify the length. DATA.PSP in most game have same code, only DATA.PASR length different, a few games that have other differences, but I’m not sure what they are for.

I have use JP9000-NPJI90001_00-0000000000000001 for seed game, but any psp game can also work.

ps: chovy-gen have a bug, if PSAR size less than 0x1C0000 will gen wrong __sceebootpbp. fix this can get pc engine game work.

next step is found the way to recompress lzr to get normal ps1 iso work.

Quote
psx lzr compress different like psp content, that code doesn't work. decompress code can find in https://github.com/xdotnano/PSXtract

all kirk key can find here https://github.com/hrydgard/ppsspp/commit/e7ec568b0285702fb67ecc2abc3c387ca7a63edc#diff-e3ac423e281b3a80d1202b12accbb2f2ca9153f27f22dedb43c5086495301981

versionkey same as KEYS.BIN

I have only test code written in C#, hard code filename for test, If you wish I can share it.

sorry i accidentally clicked 'modify' on your reply when trying to reply to it then wrote my reply inside it *oops* ... sorry about that ... >_<

anyway, the key there seems to be the same key i found on the psp dev wiki, im just not quite sure how im suppost to sign with it haha

also yes this code would be helpful would be better to understand what your talking about >-<




Offline SquallATF

  • End User
  • *
  • Posts: 5
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #5 on: October 17, 2020, 05:45:26 AM »
EdatTest can resign EDAT
PbpResign can resign any PSP PBP from PSN
PrxDecrypt can resign DATA.PSP
PspTest can resign DATA.PSAR Program.cs#L1230
SceEbootGen C# __sce_ebootpbp and __sce_discinfo test generator
VmpTest psx save decryptor and encryptor

PocsIdChanger.7z a plugin change pocketstation id for FFVIII to get ID 211 Chocobo
Code: [Select]
# change ff8 pocketstation id
*SLPS01880
ur0:tai/pocsid.suprx
« Last Edit: October 17, 2020, 06:18:02 AM by SquallATF »

Offline SilicaAndPina

  • Hot Pockets
  • End User
  • *****
  • Posts: 33
  • Its probably a wiccan thing..
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #6 on: October 17, 2020, 06:12:07 AM »
EdatTest can resign EDAT
PbpResign can resign any PSP PBP from PSN
PrxDecrypt can resign DATA.PSP
PspTest can resign DATA.PSAR Program.cs#L1230
SceEbootGen C# __sce_ebootpbp and __sce_discinfo test generator
VmpTest psx save decryptor and encryptor

Thank you !

btw any idea how the psvita knows if a game supports the PocketStation?

Offline SquallATF

  • End User
  • *
  • Posts: 5
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #7 on: October 17, 2020, 06:21:24 AM »
Thank you !

btw any idea how the psvita knows if a game supports the PocketStation?
I don't know, may be list hard-code in psv?
If psn support restore backup to psv it will support.
Eg Final fantasy VIII, Super robot taisen series.

Offline SilicaAndPina

  • Hot Pockets
  • End User
  • *****
  • Posts: 33
  • Its probably a wiccan thing..
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #8 on: October 17, 2020, 06:43:23 AM »
I don't know, may be list hard-code in psv?
If psn support restore backup to psv it will support.
Eg Final fantasy VIII, Super robot taisen series.


i was thinking maybe some flag in DATA.PSP tbh .. i dont know ..

Offline SquallATF

  • End User
  • *
  • Posts: 5
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #9 on: October 17, 2020, 07:17:37 AM »

i was thinking maybe some flag in DATA.PSP tbh .. i dont know ..
I disagree with this idea.
DATA.PSP start 0x150 have 0x410 bytes unknown data,  I fill random data here, it doesn't effect game run.
and some pocketstation supported game release on psn before psv release.
eg ff8 pkg download from psn file date is Wed, 07 Oct 2009 08:39:01 GMT

Offline SilicaAndPina

  • Hot Pockets
  • End User
  • *****
  • Posts: 33
  • Its probably a wiccan thing..
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #10 on: October 17, 2020, 07:28:06 AM »
I disagree with this idea.
DATA.PSP start 0x150 have 0x410 bytes unknown data,  I fill random data here, it doesn't effect game run.
and some pocketstation supported game release on psn before psv release.
eg ff8 pkg download from psn file date is Wed, 07 Oct 2009 08:39:01 GMT

oh yeah! i totally forgot the PKG's were used before PSV even released (like on PSP and PS3)
thus if it were a flag in DATA.PSP they would have to have either had that right from the start (unlikely.) or update existing PS1 packages
but thats unlikely because Date-Modified header as you imagined.

so its gotta be somewhere else possibly just hardcoded into pspemu and sceshell lol

Offline SquallATF

  • End User
  • *
  • Posts: 5
    • View Profile
Re: #ChovyProject - Road to PS1 support
« Reply #11 on: October 19, 2020, 10:51:09 AM »
I missed a native library source code, a modified version of Ecdsa encryption with openssl.