jordywastaken
Member
Hi psx-place!
I stumbled upon an interesting sprx, so I decided to yeet it into ida but the output seemed incorrect, so I decided to take a peek at the decrypted prx in HxD and that's when I realized it was no ordinary sprx.
I took a look around on psdevwiki and noticed that the start of the prx matched with the 'cf_header' structure, I then looked at the rest of the header and noticed this:
Pretty funny isn't it?
After that I loaded the prx in ida as a binary file to get access to the elf header and segment headers to map them out, I managed to label most of it and noticed that the 3 main segment of the sprx are zlib compressed
I then extracted each segment into different .bin files and extracted their content with an open source zlib tool, checked with HxD and they seemed correct, first segment contains code, second segment contains a mix of code and data and the third segment contains only data.
My question is: Is there any tool to decompress automatically 'Certified file' signed prx and elf files? On the wiki it is specified that system software packages (e.g. .pkg, .spkg_hdr.X) and others are also signed with this format.
Sources:
- https://www.psdevwiki.com/ps3/Certified_File
- https://www.psdevwiki.com/ps3/SELF_-_SPRX
I stumbled upon an interesting sprx, so I decided to yeet it into ida but the output seemed incorrect, so I decided to take a peek at the decrypted prx in HxD and that's when I realized it was no ordinary sprx.
I took a look around on psdevwiki and noticed that the start of the prx matched with the 'cf_header' structure, I then looked at the rest of the header and noticed this:
Pretty funny isn't it?
After that I loaded the prx in ida as a binary file to get access to the elf header and segment headers to map them out, I managed to label most of it and noticed that the 3 main segment of the sprx are zlib compressed
I then extracted each segment into different .bin files and extracted their content with an open source zlib tool, checked with HxD and they seemed correct, first segment contains code, second segment contains a mix of code and data and the third segment contains only data.
My question is: Is there any tool to decompress automatically 'Certified file' signed prx and elf files? On the wiki it is specified that system software packages (e.g. .pkg, .spkg_hdr.X) and others are also signed with this format.
Sources:
- https://www.psdevwiki.com/ps3/Certified_File
- https://www.psdevwiki.com/ps3/SELF_-_SPRX
