|Author||jas0nuk, FreePlay, J416, Rahim-US|
PRXdecrypter is a tool that can extract and decrypt PRX modules present in all official updates, custom firmware, games and demos.
- Can decrypt/decompress/extract:
- Firmware modules from official firmwares, for both old-style PSP and PSP Go.
- Updater modules from official updaters, including some obfuscated ones.
- Official updater DATA.PSP.
- reboot.bin from all retail firmwares.
- EBOOT.BIN and modules from retail games, and some nonretail/debug EBOOT.BIN files.
- M33 custom firmware modules.
- RLZ files.
- KL3E/KL4E files.
- meimg.img and me_sdimg.img.
- Some demos and game sharing DATA.PSP files.
Copy the PRXdecrypter folder to ms0:/PSP/GAME/.
Make a folder on your Memory Stick called enc and place your encrypted or compressed files there.
- This option will decrypt/decompress files (*.prx, DATA.PSP, EBOOT.BIN, etc) located in the ENC folder.
- If you need to extract firmware update modules from PBP, extract the DATA.PSP file with PBP Unpacker.
- Then put in ms0:/ENC/ folder and with this option you will get all modules in updaterprx folder which will be created automatically in enc folder.
- After extraction, you will be prompted to decrypt them immediately (optional).
- Displays preliminary information about the analyzed file, without any changes in it.
- Unsigncheck files option removes digital signature from files. May contain a link to a specific PSP.
- Signcheck files option will generate a unique signature for your PSP.
- It can be useful when you have a Flash0 dump from another PSP and want to use those files on your PSP.
- For example, if you wanted to restore a flash0 dump from another PSP, you'd have to unsign it on the source PSP, and resign it on the destination PSP, then copy it to flash0.
- Extracts reboot.bin from loadexec_01g.prx PSP-100x firmware.
- To do this, you need to put the decrypted loadexec_01g.prx of the required firmware.
- Then rename it as loadexec_reboot.prx in the enc folder and use this option to extract reboot.bin .
- Extract reboot_02g.bin from loadexec_02g.prx PSP-200x firmware.
- To do this, put the decrypted loadexec_02g.prx of the required firmware.
- Then rename it as loadexec_reboot_02g.prx in the enc folder and use this option to extract reboot_02g.bin .
Switch output folder:
- This option will switch the folder you want to use to process files.
- If you enable this option, the resulting files will not overwrite the original ones, but will be saved to the ms0:/dec/ folder.
- Edit program to XMB.
2.7a fix (by Rahim-US)
- Fixed the M33 gzipped issus.
2.7a (by Rahim-US)
- Now you can decrypt 6.3X and up EBOOT.BIN.
- You can extract hidden modules from any DATA.PSP including 6.xx.
- decrypt/decompress 6.XX modules.
- Keys for 6.XX - 6.60 added.
- Log file can be enabled or disabled on app startup (with LTRIGGER).
- Small fixes and other changes.
2.6b (by J416)
- Keys for tags 0xD91614F0 added.
2.6a (by FreePlay)
- Keys and tags for 6.30 added (old-style PSP only - from hrimfaxi & co.'s new psardumper).
- New kernel PRX decryption code added (from hrimfaxi & co.'s new psardumper).
2.6 (by FreePlay)
- Keys and tags for 5.70, 6.10, and 6.20 (PSP Go) added (taken from coyotebean's psardumper).
- Some additional keys and tags for 6.xx on the old-style PSP.
- Minor code cleanup (more to come, when I get to it).
- Keys for tags 0xD91613F0 and 0x2E5E13F0 added.
- Decryption error for an old key, tag 0x4C940AF0, fixed.
- Decryption key added for pops_04g.prx from 6.XX firmwares - tag 0x457B1EF0.
- Slightly more information when encryption is likely to fail (SHA-1 check warning).
- NOTE: key for tag 0x2E5E10F0 does not appear to be working due to a new encryption method. I'll look into it.
- New EBOOT.BIN key added for tag 0x2E5E12F0. As above, might not work.
- New EBOOT.BIN key added - fixes ""tag error 0x2E5E10F0"".
- Can extract nand_updater+lfatfs_updater from old (not 6.00+) updater DATA.PSP again.
- All keys up to 6.20 - thanks bbtgp.
- Maintenance update with the new key for 6.00-6.20 - tag 0xD91612F0 - many thanks to he who cannot be named.
- Started adding some code to handle the new updater module encryption.
- ""Analyze files"" option added to menu - displays info about the files without changing them.
- User module keys up to 6.00, not sure if they're the ones used in the firmware though.
- Fixed decryption issue - extra data added to decrypted files.
- Rewritten kernel modules for 2.XX+ allowing fewer external files and cleaner code.
- Rewritten handling of compressions - 1.50 has RLZ with the correct file, 2.71 to 3.80 have RLZ, 3.80+ has KL3E, KL4E and may have RLZ depending on the exact firmware version.
- 2.2 - limited release, 5.00 keys.
- 2.25 - EBOOT.BIN keys up to 6.00! (Many thanks to an anonymous friend).
- GZIP failure bug fixed on 3.80+.
- Now bruteforces the XOR key for updater modules (appears in blue at the right of the screen), takes a longer but now it will work on all future updaters until Sony change their updater security.
- User is now asked whether they want to decrypt updater modules which have just been extracted.
- User is now asked whether they want to overwrite files that are read-only before saving them.
- 5.00 keys added (all PSP models).
- Working KL3E decompression on 3.80/3.90 for reboot.bin extraction from these firmwares.
- New menu! Just use the D-pad to select what you want to do, and press X. Used-up or unavailable options appear grey and cannot be selected.
- Working KL4E decompression in 3.80/3.90.
- Press LEFT on the D-Pad to signcheck all ~PSP encrypted files in the ms0:/enc folder.
- Totally reorganized the source code. Everything is now in one build. Internally the code is slightly different for 1.50, 2.71~3.71, and 3.80+.
- All functions are now loaded from prxdecrypter_0xg.prx (1 = 1.50, 2 = 2.71~3.71, 3 = 3.80+).
- At the moment, RLZ decompression is available in 1.50 if you put a decrypted 2.71+ sysmem_rlz.prx into ms0:/enc.
- Made the options a little more organized with a few dividers, and changed keys to make more sense.
- Press SELECT to switch between the normal output folder (which overwrites your input files) and ""ms0:/dec"" so the input files are kept separate from the output.
1.9 Bugfix Release
- Fixed bug where pressing X for too long caused it to try and decrypt multiple times resulting in a huge log of error messages.
- Rewritten method of loading files for RLZ decompression in preparation for 2.0 which will have KLE decompression.
- Improvements to the logfile.
- Tweak to enable 1SEG.PBP decryption.
- More keys added (certain apps which run in pspbtcnf_app mode).
- Fixes to prevent crash on 3.80.
- NOTE: 3.80 has removed the RLZ decompression routines and replaced them with KLE. At the moment I have no information about the KL3E/KL4E NIDs and have therefore left them out of this version.
- RLZ still works fine in 3.71 and below, and in 1.50 where you can load sysmem_rlz.prx to enable it as usual.
- Now extracts special PRXs from updater executables - open the updater with PBP Unpacker and put the DATA.PSP (renamed to whatever) in the enc folder.
- It will extract all the PRXs - including the hidden ones SCE didn't want us to see (they used a lame XOR encryption to hide the new ones).
- A lame XOR encryption was used on the usual ones, and they double-encrypted ""sceLoadExecUpdater"" with a scrambled header.
- Overhauled filetype detection, now works with any file that has a decryption key, not just those with ~PSP in the header.
- Plain 2RLZ decompression works again.
- Reduced occurence of unnecessary unsignchecking.
- Returns correct unknown tag message.
- Handling for double-encrypted files with scrambled headers in order to obtain the output size, such as sceLoadExecUpdater (a PRX hidden inside updaters).
- 2.xx+ game EBOOT.BIN decryption fixed.
- Added support for 1.xx (and possibly 2.00-2.50) index.dat decryption.
- Fully compatible with HEN/2.71/3.xx kernel/3.60 M33 - Just copy PRXdecrypter_3XX folder to GAME. Have fun, firmware modders.
- OE and M33 users should also use this version, just put it in GAME352 or GAME (if you have that set to the 3.52 kernel).
- 1.50 users (if any of you still exist) or those who want to use the 1.50 kernel, use the kxploited version.
- Will maintain this version in case the 3.XX kernel changes significantly which breaks PRXdecrypter.
- Added 3.60 and 3.7X keys.
- HEN/3.XX version doesn't need sysmem_rlz.prx for RLZ decompression as it uses the function from the 3.xx kernel.
- Huge internal cleanup with clearer messages, better error handling and more speed.
- Improved logging (logs almost everything now).
- Press O to UnSignCheck all files in the ms0:/enc folder.
- Press RIGHT on the D-PAD to extract reboot_02g.bin from loadexec_reboot_02g.prx (from 3.60 or higher).
- Now comes with a HEN compatible EBOOT.
- Added 6 more key sets (1.XX, 2.00-2.50, 2.60-2.71, 2.80, 3.00 and 3.10+ gameshare keys).
- Fixed 2.7X demo decryption.
- Removed 5 useless keys.
- Now uses the entire buffer - previously, files over 4mb would fail.
- Added second layer of descrambling to a few files - this would have produced messed up output if you tried in the old version.
- Added decryption for:
- 1.XX game EBOOT.BIN files.
- New game EBOOT.BIN types which aren't yet being used (4 different keys).
- A few unknown filetypes (keys found in mesg_led).
- DATA.PSP from 2.7X, 2.8X and 3.XX demos (4 different keys).
- DATA.PSP from official updaters.
- 2.50/2.60 meimg.img and me_sdimg.img (2 different keys).
- NOTE: If you want to decrypt a file, make sure it has the 4 byte ""~PSP"" header, or it will be skipped by the decrypt function. You can easily add this using a hex editor.
- Better checks before attempting to ""UnSignCheck"" files.
- Fixed an incorrect error message.
- Fixed a logging bug which logged ""fail"" and ""success"" at the same time.
- Increased buffers to 10mb each to allow large files to be decrypted.
- More source cleanup and improved error handling: If something fails to decrypt or decompress it saves as much as possible, or avoids saving to prevent memory stick corruption. (No more deletion of files for no reason).
- Can decompress plain 2RLZ files in the ms0:/enc folder (extracted from RCOs or whatever).
- Improved method of initializing 2RLZ decompressor.
- Now writes a log of all activities to ms0:/enc/log.txt.
- Fixed a bug which prevented the header of extremely small files (less than 208 bytes) being found.
- Retail game EBOOT.BIN decryption.
- Improved M33 PRX detection to reduce false positives.
- SHA-1 check removed to allow files such as vshmain.prx from 3.5X to decrypt.
- M33 decompression fixed, no longer interferes with official PRXs.
- Source cleanup.
- Decompresses PRXs from M33 custom firmware.
- Improved error handling of corrupted and already decompressed files.
- Improved path handling, hopefully solving problems opening files.
- 3.30 support.
- 3.10/3.11 support.
- Changed name.
- Supports sigchecked files if they were signed on the PSP they are being decrypted on.
- Can decompress RLZ files.
- Changed name of external file (reflected in the instructions).
- Much better error handling. Note: if a file entirely fails to decrypt (e.g. EBOOT.BIN) it will be deleted to prevent memory stick corruption.
- To save space, paths are printed as just the filename, e.g 'audio.prx' instead of 'ms0:/enc/audio.prx' whilst decrypting.
- First version.
- Everyone at LAN.st/Malloc.us/Dark-AleX.org/Exophase.
- Dark_AleX - For unsigncheck, for SE/OE/M33, and for various decryption keys.
- Team Noobz/C+D - For 3.00~3.52 encryption keys.
- PspPet - For the original psardumper.
- SilverSpring - For various pieces of info about keys and decryption.
- Chilly Willy - For excellent 3.xx code examples and automatic folder renaming.
- neur0n - For 6.xx decryption keys.
Thanks to coyotebean / hrimfaxi & co. for their new psardumpers / neur0n.