Investigating PSVita Firmware xTractor
A few days ago, developer SKFU released a tool which “extracts” the PSVita firmware. He updated it today, adding some validation of the input file, and a Linux version. Those of us who have access to the Vita pre-release firmware can grab the tool here, while others like me are stuck with their hex editor and their decompiler, trying to understand what this tool does. I had a quick look in the internals of SKFU’s tool, and found some bits of information.
The result is a bit disappointing, to be honest. Not than SKFU claimed it was anything else, but the tool is basically a hardcoded list of file names and offsets. It takes a random input file, and splits it into predefined chunks. Running version 1.00 of the tool on a random video file, I ended up with a few dozen files.
Especially (and as expected), the tool is not doing any kind of decryption… But we’ll take what we get for now, especially since the device is not released yet. So, here is the list of hardcoded files that the tool extracts:
fwfeatures.xml version.txt binary1.self binary2.self sce.wm sce1.pack sce2.pak sce3.pak sce4.pak sce5.pak sce6.pak sce7.pak sce8.pak sce9.pak sce10.pak sce11.pak sce12.pak sce13.pak sce14.pak sce15.pak sce16.pak sce17.pak sce18.pak sce19.pak sce20.pak sce21.pak sce22.pak sce23.pak sce24.pak sce25.pak sce26.pak
So, well… some config files, some binaries (updater?) and a bunch of resource files… nothing too exciting for now, I guess :/
I have some experience with Qt, and its cryptographic architecture on Linux comes in a different package from the rest of the library, namely libqca and libqca2. It has the following description (taken from YaST2):
libqca2 – Qt Cryptographic Architecture 2
This package provides a generic Qt cryptographic architecture, including a library and a plug-in for using all supported capabilities of openssl, like SSL/TLS, X509, RSA, SHA1, MD5, Blowfish, 3DES, and AES. It can be extended by further plug-ins, for example, with qca-sasl for SASL support.
I’m not too sure about the details on Windows, but if it comes in a different package on Linux, I also expect a qca.dll or similar on Windows since the Linux version has libqca.so.2.
So if it decrypted the firmware as well, it would most likely use this library since it has AES support and Sony usually use AES as an encryption algorithm.
Its size is somewhat bigger than I expected though and I wonder why is that.
Your independency on the external setup which make the easy way about the backup files windows 10 will be easily finish. After your set of the function it automatically take data as the backup. When your data need the backup then you can easily use it.