PS VITA / PS TV [UPDATED] CMA Has Been Hacked & Backups Decrypted for all Firmwares even 3.65

UPDATE (FEB 26) Davee of Team Molecule release a CMA Key Generator to ease this Process
(UPDATE TAB for additional details)
Original Article (FEB. 20) Well the other day I caught wind of this on Reddit but Yifan Lu quickly made it private as it wasn't ready for public use so I didn't report on this. Well it now seems it is ready and the dev has released this to everyone now. This means we can extract anything from CMA backups even 3.61+ or old ones you have with another account etc. And better yet we can repack these adding what we want as well. Please note this doesn't allow for piracy but some tricks can be done as this will allow one to install ARK on 3.61+ systems without the need of being on 3.60 first or a PS3.


Also some registry hacks can be done and possibly more as time goes on as this is kind of like Pexploit for the PS3 and the EML hacks by mr gas & Major Tom, which at first even the dev behind it didn't see a lot of use for it but over time many others found some nifty uses for it. So enough of my winded speech lets see what the dev has to say and what this is all about.​

​

psvimgtools: Decrypt Vita Backups Backup Keys One Weird Trick psvimg-keyfind Hacking Backups UPDATE

• 
  
  psvimgtools: Decrypt Vita Backups​
  
  The Vita's Content Manager allows you to backup and restore games, saves, and system settings. These backups are encrypted (but not signed!) using a key derived in the F00D processor. While researching into F00D, xyz and Proxima stumbled upon a neat trick (proposed originally by plutoo) that lets you obtain this secret key and that has inspired me to write a set of tools to manipulate CMA backups. The upshot is that with these tools, you can modify backups for any Vita system including 3.63 and likely all future firmware. This does not mean you can run homebrew ("EDITOR's Note" At least on the native Vita side although ePSP homebrew is possible"), but does enable certain tricks like disabling the PSTV whitelist or swapping / buttons.
  
• 
  
  
  Backup Keys​
  Because my friends who discovered this are pretty busy with other stuff at the time, I will attempt to document their findings here. The backup encryption process is documented in detail on the wiki, but the short version is that your AID (unique to a PSN account) is used to generate a key seed. This key seed is used by the F00D processor (the security coprocessor) to generate a AES256 key, which is passed directly to the hardware crypto device. The ARM (application) processor can access this crypto hardware but cannot read any keys out of it. This means that ARM can use the hardware as a black-box to encrypt backups without knowing the key. Of course you can try to brute force the key since you know both the plaintext and ciphertext thanks to the HENkaku kernel hack, but that would take 2256 time, which is physically impossible. However, since we can hack any Vita on 3.60, it is possible to use the Vita itself as a black box for extracting and modifying backups for other devices on unhackable firmwares, but since the process requires access to a hacked Vita, it is not very useful.
  
• 
  
  One Weird Trick​
  But not all hope is lost! As I've said, the crypto hardware can be accessed by the ARM processor as well as the F00D processor. For certain other non-critical tasks, the ARM processor sets the key directly for the crypto hardware, so we know how the keys are set. There are a few dozen key slots that both processors can write to. The catch is that once the key is written, it cannot be read back.
  
  Let's dive deeper into how keys are passed to the crypto hardware. Note that an AES256 key is 256-bits or 32 bytes wide. Since an ARMv7 processor can only write 4 bytes at a time (okay it can do 8 bytes and also the bus width is usually optimized to be the size of a cache line, but for simplicity, we assume it can only write 4 bytes), a 32 byte key is sent with 8 write requests of 4 bytes. Now, the correct way for a crypto device to handle this is to provide a signaling mechanism to the host so it can indicate when a key slot write is about to occur. Then the host sends all parts of the key. Finally, the host indicates that the key transfer is complete and the crypto device locks the key in place and wipes it when another key transfer is requested for that slot. And for completeness, there should be measures in place to only allow one device to do a key transfer at a time in order to prevent races.
  
  The incorrect way to do this is to naively allow anyone to set any part of the key at any time. Why? Because if we can set part of an unknown key to a known value, we can reduce the time to brute force the complete key dramatically. Let's say we have an unknown 256-bit key that is...
  
  

  22 22 22 22 44 44 44 44 66 66 66 66 88 88 88 88 AA AA AA AA CC CC CC CC EE EE EE EE 11 11 11 11

  Now say we can zero out the first 28 bytes of this key so the crypto engine uses!
  

  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 11 11 11 11

  
  We still don't know the last 4 bytes. But now, we pass in a chosen plaintext to the crypto device to do an AES256 operation and we get back the ciphertext. We can then brute force every possible key with the first 28 bytes to be zero.
  
  That's 232 = 4294967296 keys, which takes about a minute to compute with a single modern Intel core. We now know the last four bytes of the key and can repeat this procedure for the second to last four bytes and so on. This reduces the search time to 8·232=2358·232=235, which is not only possible but practical as well. Running this brute force optimized on a four core Intel CPU with hardware AES instructions takes about 300 seconds to find the full 256-bit key. In fact, xyz pointed out that you can even precompute all possible "mostly-zero" keys and the storage would "only" be half a TB.
  As you might have guessed, the Vita does it the incorrect way, so anyone can retrieve their backup keys.
  
• 
  
  psvimg-keyfind​
  I wrote a tool to do this brute force for you. It is not hyper-optimized but is portable and can find any key on a modern computer in about ten minutes. I have provided a Vita homebrew that generates the chosen ciphertexts on any HENkaku enabled Vita. These "partials", as I call it, can be passed to psvimg-keyfind to retrieve a backup key for any PSN AID. The AID is not console unique but is tied to your PSN account. This is the hex sequence you see in your CMA backup path. The idea is that if you have a non-hackable Vita, you can easily send your AID to a friend (or stranger) who can generate the partials for you. You can then use psvimg-keyfind to find your backup key and use it to modify settings on your non-hackable Vita. Huge thanks to Proxima for the reference implementation that this is based off of.
  
  
• 
  
  Hacking Backups​
  What I did is completely reverse how CMA generates and parses the backup format. I have documented extensively how these formats work. I also wrote tools to dump and repack CMA backups and all this works with backups generated from the latest firmware.
  Hacking backups isn't as fun as having a hacked system. So, don't update from 3.60 if you have it! You cannot run unsigned code with this, so you are only limited to tricks that can be done on the registry, app.db, and other places. This includes:
  
  • Enabling almost any games to run on the PSTV
  • Swap / buttons for out-of-region consoles
  • Run PSP homebrew with custom bubbles
  • Maybe more as people make new discoveries
  My hope is that other people will take my tools as building blocks for a user-friendly way of enabling some of the tricks above as currently the processes are pretty involved. This also increases the attack surface for people looking to find Vita exploits as parsing of files that users normally aren't allowed to modify are common weak points.
  
  Additionally, because of how Sony implemented CMA backups and that the key-erase procedure is a hardware vulnerability, this is pretty much impossible to patch in future firmware updates. Unless Sony decides to break all compatibility with backups generated on all firmware up until the current firmware. And that would mean that any backup people made up until this theoretical update comes out would be unusable. Sony is known for pulling stunts like removing Linux from PS3, but I think this is beyond even what they would do.
  
• 
  
  ## UPDATE ## (FEB - 26)
  Davee of Team Molecule has released a CMA key generator to ease this process along. Simply go to
  www.cma.henkaku.xyz
  
  With any browser and input your CMA ID number. You can find this where ever your CMA stores your backups etc.
  
  e.g. 1f5a79b79bedfa59
  
  Simply input that alphanumeric phrase into the browser to get your key needed for decrypting and encrypting your games and backups with these tools. ​
  
  

NOTICE: See UPDATE Tab (above) for NEW details ​

Release
I've built versions of this tool for Windows x64, Linux x64, and OSX here.
Please read the usage notes.​

Links

• Information from Yifan Lu's Blog
• From Yifan Lu @Twitter
• SOURCE Code & Tools on Github

 

Wow, that's amazing. It's hard to fathom what these guys can, and also what they virtually can't do. Good read bud.

 

I think the time for me to stop updating vita as arrived, thyanks for the news

 

my 7-year old laptop must be slow by today's standards, 'cause it took nearly an hour to bruteforce my backup key..

 

I'm curious what happend when I have not activated console. Partial binary dump comes with zeroed AccountID. In theory could be then work on any, not SEN affiliated consoles, am I right?


BTW: What a lovely theme You have @atreyu187 ^^"

 

I love having an i7-6700 hehe Just blew through the bruteforce in less then 5min :p

This is awesome. Hopefully with everyones combined efforts we can get some neat things going with this

 

http://cma.henkaku.xyz/

type in ur cma id - takes one second. lol! my, this has progressed rather rapidly.

 

http://cma.henkaku.xyz/

type in ur cma id - takes one second. lol! my, this has progressed rather rapidly.

Would you mind clarifying a bit on how to get the CMA ID? I'm a bit more lost on this step then I'd like to admit..

 

Would you mind clarifying a bit on how to get the CMA ID? I'm a bit more lost on this step then I'd like to admit..

the cma id will be the alphanumeric folder that qcma creates on ur computer. u can also get it with the partial.vpk file. that's what that number is.

 

the cma id will be the alphanumeric folder that qcma creates on ur computer. u can also get it with the partial.vpk file. that's what that number is.

Ah I've never used qcma oddly enough that explains a few things lol. Thank you for elaborating. Gonna look into qcma now for my other vita

I appreciate it! I already bruteforced mine, so I can confirm that the site you linked provides the same outcome(in case anyone was wondering)

 

Damn, that's impressive!

 

@Red There is no such thing as CMA ID. It's AccountID, the number by which user is recognized in SEN. You will find it in registry, partial dump, vitaindent, and even cma backup in folder name.

edit: I to slow writing ;p

 

I'm curious what happend when I have not activated console. Partial binary dump comes with zeroed AccountID. In theory could be then work on any, not SEN affiliated consoles, am I right?


BTW: What a lovely theme You have @atreyu187 ^^"

Why not use ePSP Bubble Maker 2.0 to offline activate?

 

@Red , one of my tutorials involves creating a cma backup for anyone. I make mention of which line in the system.dreg contains the id.

 

There are two reasons:

• On PSTV I don't need PSP emulation (there is better emu on PC)
• I want someday merge my account with existing account; this mod will makes this impossible without resigning all stuff, so it's better in that case to stay on generic AID.

 

@Red , one of my tutorials involves creating a cma backup for anyone. I make mention of which line in the system.dreg contains the id.

Thank you for the further clarification! I found what I needed a few minutes ago actually Once you pointed me to qmca I was home free!

 

There are two reasons:

• On PSTV I don't need PSP emulation (there is better emu on PC)
• I want someday merge my account with existing account; this mod will makes this impossible without resigning all stuff, so it's better in that case to stay on generic AID.

I don't think you'll have that issue because I deactivated mine just to use the tool and it asked you to input your PlayStation network email address and then once it was activated I was able to transfer content from my PlayStation 3 to the system just like if I was doing it officially

 

So im on 3.63, what can i do as of now with this? already got my key

 

So im on 3.63, what can i do as of now with this? already got my key

Probably dumping game assets without PFS layer and injecting Ark2 bubbles and such..




Sent from my iPhone using Tapatalk

 

Probably dumping game assets without PFS layer and injecting Ark2 bubbles and such..

So what steps should i take if wanted to play the psp game final fantasy crisis core? a little confusing for me right now lol