PRXdecrypter PSP

From GameBrew

PRXdecrypter
Prxdecrypter2.png
General
Authorjas0nuk, FreePlay, J416, Rahim-US
Last Updated2012/09/22
TypeSystem tools
Version2.7a fix
LicenseMixed
Links
Download
Website

PRXdecrypter is a tool that can extract and decrypt PRX modules present in all official updates, custom firmware, games and demos.

Features

  • Can decrypt/decompress/extract:
    • Firmware modules from official firmwares, for both old-style PSP and PSP Go.
    • Updater modules from official updaters, including some obfuscated ones.
    • Official updater DATA.PSP.
    • reboot.bin from all retail firmwares.
    • EBOOT.BIN and modules from retail games, and some nonretail/debug EBOOT.BIN files.
    • M33 custom firmware modules.
    • RLZ files.
    • KL3E/KL4E files.
    • meimg.img and me_sdimg.img.
    • Some demos and game sharing DATA.PSP files.
    • index.dat.
    • 1SEG.PBP.

Installation

Copy the PRXdecrypter folder to ms0:/PSP/GAME/.

Make a folder on your Memory Stick called enc and place your encrypted or compressed files there.

User guide

Decrypt/decompress files:

  • This option will decrypt/decompress files (*.prx, DATA.PSP, EBOOT.BIN, etc) located in the ENC folder.
  • If you need to extract firmware update modules from PBP, extract the DATA.PSP file with PBP Unpacker.
  • Then put in ms0:/ENC/ folder and with this option you will get all modules in updaterprx folder which will be created automatically in enc folder.
  • After extraction, you will be prompted to decrypt them immediately (optional).

Analyze files:

  • Displays preliminary information about the analyzed file, without any changes in it.

Unsigncheck/Signcheck files:

  • Unsigncheck files option removes digital signature from files. May contain a link to a specific PSP.
  • Signcheck files option will generate a unique signature for your PSP.
  • It can be useful when you have a Flash0 dump from another PSP and want to use those files on your PSP.
  • For example, if you wanted to restore a flash0 dump from another PSP, you'd have to unsign it on the source PSP, and resign it on the destination PSP, then copy it to flash0.

Extract reboot.bin:

  • Extracts reboot.bin from loadexec_01g.prx PSP-100x firmware.
  • To do this, you need to put the decrypted loadexec_01g.prx of the required firmware.
  • Then rename it as loadexec_reboot.prx in the enc folder and use this option to extract reboot.bin .

Extract reboot_02g.bin:

  • Extract reboot_02g.bin from loadexec_02g.prx PSP-200x firmware.
  • To do this, put the decrypted loadexec_02g.prx of the required firmware.
  • Then rename it as loadexec_reboot_02g.prx in the enc folder and use this option to extract reboot_02g.bin .

Switch output folder:

  • This option will switch the folder you want to use to process files.
  • If you enable this option, the resulting files will not overwrite the original ones, but will be saved to the ms0:/dec/ folder.

Exit:

  • Edit program to XMB.

Changelog

2.7a fix (by Rahim-US)

  • Fixed the M33 gzipped issus.

2.7a (by Rahim-US)

  • Now you can decrypt 6.3X and up EBOOT.BIN.
  • You can extract hidden modules from any DATA.PSP including 6.xx.
  • decrypt/decompress 6.XX modules.
  • Keys for 6.XX - 6.60 added.
  • Log file can be enabled or disabled on app startup (with LTRIGGER).
  • Small fixes and other changes.

2.6b (by J416)

  • Keys for tags 0xD91614F0 added.

2.6a (by FreePlay)

  • Keys and tags for 6.30 added (old-style PSP only - from hrimfaxi & co.'s new psardumper).
  • New kernel PRX decryption code added (from hrimfaxi & co.'s new psardumper).

2.6 (by FreePlay)

  • Keys and tags for 5.70, 6.10, and 6.20 (PSP Go) added (taken from coyotebean's psardumper).
  • Some additional keys and tags for 6.xx on the old-style PSP.
  • Minor code cleanup (more to come, when I get to it).

2.5

  • Keys for tags 0xD91613F0 and 0x2E5E13F0 added.

2.4b

  • Decryption error for an old key, tag 0x4C940AF0, fixed.
  • Decryption key added for pops_04g.prx from 6.XX firmwares - tag 0x457B1EF0.
  • Slightly more information when encryption is likely to fail (SHA-1 check warning).
  • NOTE: key for tag 0x2E5E10F0 does not appear to be working due to a new encryption method. I'll look into it.
  • New EBOOT.BIN key added for tag 0x2E5E12F0. As above, might not work.

2.4a

  • New EBOOT.BIN key added - fixes ""tag error 0x2E5E10F0"".
  • Can extract nand_updater+lfatfs_updater from old (not 6.00+) updater DATA.PSP again.

2.4

  • All keys up to 6.20 - thanks bbtgp.

2.3a

  • Maintenance update with the new key for 6.00-6.20 - tag 0xD91612F0 - many thanks to he who cannot be named.
  • Started adding some code to handle the new updater module encryption.

2.3

  • ""Analyze files"" option added to menu - displays info about the files without changing them.
  • User module keys up to 6.00, not sure if they're the ones used in the firmware though.
  • Fixed decryption issue - extra data added to decrypted files.
  • Rewritten kernel modules for 2.XX+ allowing fewer external files and cleaner code.
  • Rewritten handling of compressions - 1.50 has RLZ with the correct file, 2.71 to 3.80 have RLZ, 3.80+ has KL3E, KL4E and may have RLZ depending on the exact firmware version.

2.25

  • 2.2 - limited release, 5.00 keys.
  • 2.25 - EBOOT.BIN keys up to 6.00! (Many thanks to an anonymous friend).

2.1

  • GZIP failure bug fixed on 3.80+.
  • Now bruteforces the XOR key for updater modules (appears in blue at the right of the screen), takes a longer but now it will work on all future updaters until Sony change their updater security.
  • User is now asked whether they want to decrypt updater modules which have just been extracted.
  • User is now asked whether they want to overwrite files that are read-only before saving them.
  • 5.00 keys added (all PSP models).

2.0b

  • Working KL3E decompression on 3.80/3.90 for reboot.bin extraction from these firmwares.
  • New menu! Just use the D-pad to select what you want to do, and press X. Used-up or unavailable options appear grey and cannot be selected.

2.0

  • Working KL4E decompression in 3.80/3.90.
  • Press LEFT on the D-Pad to signcheck all ~PSP encrypted files in the ms0:/enc folder.
  • Totally reorganized the source code. Everything is now in one build. Internally the code is slightly different for 1.50, 2.71~3.71, and 3.80+.
    • All functions are now loaded from prxdecrypter_0xg.prx (1 = 1.50, 2 = 2.71~3.71, 3 = 3.80+).
    • At the moment, RLZ decompression is available in 1.50 if you put a decrypted 2.71+ sysmem_rlz.prx into ms0:/enc.
  • Made the options a little more organized with a few dividers, and changed keys to make more sense.
  • Press SELECT to switch between the normal output folder (which overwrites your input files) and ""ms0:/dec"" so the input files are kept separate from the output.

1.9 Bugfix Release

  • Fixed bug where pressing X for too long caused it to try and decrypt multiple times resulting in a huge log of error messages.
  • Rewritten method of loading files for RLZ decompression in preparation for 2.0 which will have KLE decompression.
  • Improvements to the logfile.
  • Tweak to enable 1SEG.PBP decryption.
  • More keys added (certain apps which run in pspbtcnf_app mode).
  • Fixes to prevent crash on 3.80.
    • NOTE: 3.80 has removed the RLZ decompression routines and replaced them with KLE. At the moment I have no information about the KL3E/KL4E NIDs and have therefore left them out of this version.
  • RLZ still works fine in 3.71 and below, and in 1.50 where you can load sysmem_rlz.prx to enable it as usual.

1.8

  • Now extracts special PRXs from updater executables - open the updater with PBP Unpacker and put the DATA.PSP (renamed to whatever) in the enc folder.
    • It will extract all the PRXs - including the hidden ones SCE didn't want us to see (they used a lame XOR encryption to hide the new ones).
    • A lame XOR encryption was used on the usual ones, and they double-encrypted ""sceLoadExecUpdater"" with a scrambled header.
  • Overhauled filetype detection, now works with any file that has a decryption key, not just those with ~PSP in the header.
  • Plain 2RLZ decompression works again.
  • Reduced occurence of unnecessary unsignchecking.
  • Returns correct unknown tag message.
  • Handling for double-encrypted files with scrambled headers in order to obtain the output size, such as sceLoadExecUpdater (a PRX hidden inside updaters).
  • 2.xx+ game EBOOT.BIN decryption fixed.
  • Added support for 1.xx (and possibly 2.00-2.50) index.dat decryption.

1.7

  • Fully compatible with HEN/2.71/3.xx kernel/3.60 M33 - Just copy PRXdecrypter_3XX folder to GAME. Have fun, firmware modders.
    • OE and M33 users should also use this version, just put it in GAME352 or GAME (if you have that set to the 3.52 kernel).
    • 1.50 users (if any of you still exist) or those who want to use the 1.50 kernel, use the kxploited version.
    • Will maintain this version in case the 3.XX kernel changes significantly which breaks PRXdecrypter.
  • Added 3.60 and 3.7X keys.
  • HEN/3.XX version doesn't need sysmem_rlz.prx for RLZ decompression as it uses the function from the 3.xx kernel.
  • Huge internal cleanup with clearer messages, better error handling and more speed.
  • Improved logging (logs almost everything now).
  • Press O to UnSignCheck all files in the ms0:/enc folder.
  • Press RIGHT on the D-PAD to extract reboot_02g.bin from loadexec_reboot_02g.prx (from 3.60 or higher).

1.6

  • Now comes with a HEN compatible EBOOT.
  • Added 6 more key sets (1.XX, 2.00-2.50, 2.60-2.71, 2.80, 3.00 and 3.10+ gameshare keys).
  • Fixed 2.7X demo decryption.
  • Removed 5 useless keys.
  • Now uses the entire buffer - previously, files over 4mb would fail.
  • Added second layer of descrambling to a few files - this would have produced messed up output if you tried in the old version.

1.5b

  • Added decryption for:
    • 1.XX game EBOOT.BIN files.
    • New game EBOOT.BIN types which aren't yet being used (4 different keys).
    • A few unknown filetypes (keys found in mesg_led).
    • DATA.PSP from 2.7X, 2.8X and 3.XX demos (4 different keys).
    • DATA.PSP from official updaters.
    • 2.50/2.60 meimg.img and me_sdimg.img (2 different keys).
  • NOTE: If you want to decrypt a file, make sure it has the 4 byte ""~PSP"" header, or it will be skipped by the decrypt function. You can easily add this using a hex editor.
  • Better checks before attempting to ""UnSignCheck"" files.
  • Fixed an incorrect error message.
  • Fixed a logging bug which logged ""fail"" and ""success"" at the same time.
  • Increased buffers to 10mb each to allow large files to be decrypted.

1.5

  • More source cleanup and improved error handling: If something fails to decrypt or decompress it saves as much as possible, or avoids saving to prevent memory stick corruption. (No more deletion of files for no reason).
  • Can decompress plain 2RLZ files in the ms0:/enc folder (extracted from RCOs or whatever).
  • Improved method of initializing 2RLZ decompressor.
  • Now writes a log of all activities to ms0:/enc/log.txt.
  • Fixed a bug which prevented the header of extremely small files (less than 208 bytes) being found.
  • Retail game EBOOT.BIN decryption.
  • Improved M33 PRX detection to reduce false positives.
  • SHA-1 check removed to allow files such as vshmain.prx from 3.5X to decrypt.

1.4b

  • M33 decompression fixed, no longer interferes with official PRXs.
  • Source cleanup.

1.4

  • Decompresses PRXs from M33 custom firmware.
  • Improved error handling of corrupted and already decompressed files.
  • Improved path handling, hopefully solving problems opening files.

1.3

  • 3.30 support.

1.2

  • 3.10/3.11 support.
  • Changed name.

1.1

  • Supports sigchecked files if they were signed on the PSP they are being decrypted on.
  • Can decompress RLZ files.
  • Changed name of external file (reflected in the instructions).
  • Much better error handling. Note: if a file entirely fails to decrypt (e.g. EBOOT.BIN) it will be deleted to prevent memory stick corruption.
  • To save space, paths are printed as just the filename, e.g 'audio.prx' instead of 'ms0:/enc/audio.prx' whilst decrypting.

1.0

  • First version.

Credits

  • Everyone at LAN.st/Malloc.us/Dark-AleX.org/Exophase.
  • Dark_AleX - For unsigncheck, for SE/OE/M33, and for various decryption keys.
  • Team Noobz/C+D - For 3.00~3.52 encryption keys.
  • PspPet - For the original psardumper.
  • SilverSpring - For various pieces of info about keys and decryption.
  • Chilly Willy - For excellent 3.xx code examples and automatic folder renaming.
  • neur0n - For 6.xx decryption keys.

Thanks to coyotebean / hrimfaxi & co. for their new psardumpers / neur0n.

External links