• Stars
    star
    206
  • Rank 190,504 (Top 4 %)
  • Language
    C
  • License
    MIT License
  • Created over 7 years ago
  • Updated over 7 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Decrypt Vita CMA backups

psvimgtools

This is a set of tools that let you decrypt, extract, and repack Vita CMA backup images. To use this you need your backup key which is tied to your PSN AID.

Building

You should have cmake and zlib installed. To enable hardware accelerated crypto, make sure libgcrypt is installed. Windows users should install either Cygwin or Bash on Ubuntu for Windows.

Then just run

mkdir build && cd build
cmake ..
make

Usage

psvimg-extract

This is used to extract .psvimg files. The extracted output includes a directory for each backup set (e.g: ur0:appmeta, ux0:iconlayout.ini, and ur0:tmp/registry are three separate sets). Each backup set contains zero or more files and directories. A special file VITA_PATH.TXT is created for each set to remember what the original path was before extraction (this is used for repacking). A set can be only a single file (for example ux0:iconlayout.ini). In that case, the file VITA_DATA.BIN is created to host the contents of the file.

psvmd-decrypt

This decrypts and decompresses .psvmd files. The contents of which are defined in psvimg.h. This contains information such as the firmware version of the system that created the backup and the unique PSID of the system. Extracting this file is not required for repacking and is provided for reverse engineering/debugging purposes.

psvimg-create

This repacks extracted files and creates the associated .psvimg and .psvmd files. If you have a decrypted .psvmd, you may pass it in with -m and the tool will reuse as many fields as possible (exception: size fields). No validity checks will be performed. If you do not have a decrypted .psvmd, you should use the -n option and specify the name of the backup. You should use the same name (the file name without the .psvimg extension) when repacking because CMA does check for a valid name. For example, if you are repacking license.psvimg, you should specify -n license.

The pack input directory should follow the same format as the output of psvimg-extract. The means a separate directory for each backup set (there may only be one set, in which your input directory will contain one subdirectory) each with a VITA_PATH.TXT file specifying the Vita path and optionally a VITA_DATA.BIN file if the set is a file.

Note that CMA does check the paths of the backup sets. Trying to add a backup set with a custom path may result in failure.

psvimg-keyfind

This is a brute-force backup key find tool. You should generate a valid partials.bin file using the provided "dump_partials" Vita homebrew that runs on HENkaku enabled consoles. You can generate partials for other people as well if you know their AID. The partials.bin file does not contain any console-unique information but is derived from the provided PSN AID. The AID is the 16 hex characters in your CMA backup path. For example, if I wish to decrypt PS Vita/PGAME/xxxxxxxxxxxxxxxx/NPJH00053/game/game.psvimg then my AID is xxxxxxxxxxxxxxxx.

The -n option specifies the number of threads to run. On Linux, each thread tries to run on a separate processor. On OSX/Windows, it is up to the scheduler to make such decisions. You should not specify too high of a number here, as running multiple threads on a single CPU will result in diminishing returns. A good rule of thumb is to specify the number of CPU cores on your system.

More Repositories

1

taiHEN

CFW framework for PS Vita
C
281
star
2

usbmc

USB storage as Vita memory card
C
122
star
3

KindleTool

Tool for creating/extracting Kindle updates and more
C
106
star
4

psvsd

84
star
5

VitaMTP

Library to interact with Vita's USB MTP protocol
C
81
star
6

PSXperia

This tool will take a PSX image that you legally own and convert it to be playable on the Xperia Play with the emulator extracted from the packaged game "Crash Bandicoot."
Java
78
star
7

UVLoader

Userland Vita Loader for loading unsigned executables on your Vita
C
73
star
8

Spider3DSTools

Tools to work with 3DS 9.x Spider exploit
Assembly
70
star
9

3ds_injector

Open source implementation of loader module with code injection support
C
51
star
10

netcheck_bypass

C
45
star
11

Fastboot-Kindle

Fastboot tool for the Kindle
C
42
star
12

KindleLauncher

GUI launcher for Kindle Touch
Java
36
star
13

VitaDefiler

An RPC for Vita that supports ARM userland code execution
C#
27
star
14

OpenBlanket

Open API for Kindle's libBlanket
C
20
star
15

KindleEPUBReader

EPUB reader plugin for Kindle Touch
Java
18
star
16

libMTP

libmtp is a LGPL library implementation of the Media Transfer Protocol (MTP), a superset of the Picture Transfer Protocol (PTP).
C
18
star
17

ARMv7_MMU_Dumper

Bare metal ARMv7 MMU Translation Table dumper
C
17
star
18

Rejuvenate

Run homebrew on the Vita
C#
14
star
19

Polipo-iOS

iOS port of Polipo caching HTTP proxy
C
14
star
20

ngptv

Because VitaTV is already taken
Python
13
star
21

3DSSystemTools

C++
12
star
22

PSMSigner

Locally sign PSMDA cache files
C
12
star
23

VitaInjector

Inject userland ARM code through PSM
C#
10
star
24

DumpMemory

Visual Studio extension to dump and load memory for debug targets
C#
9
star
25

ropdetect

Detecting ROP execution using performance monitors
TeX
8
star
26

PSXPeria-Wrapper

Loads injected PSX games on Xperia Play
C++
7
star
27

usb_detect

USB probing for Vita
C
7
star
28

yifanlu.github.io

Personal blog
CSS
5
star
29

LibiMX50USB

Library to interact with iMX50 USB download mode
C
5
star
30

TinyForward

A fast, small, and portable HTTP forwarding proxy.
C
4
star
31

Josh

Native console access wrapper for Java
Java
3
star
32

CollegesMap

Facebook app to display friends' colleges on a map
PHP
2
star
33

Histogram

Minimal POSIX file histogram generation tool
C
1
star