_sw(MAKE_JUMP(sceUtilitySavedataInitStart_hook), UtilitySavedataInitStart_pointer);
_sw(0x00000000, UtilitySavedataInitStart_pointer + 4);
sceUtilitySavedataInitStart_ = (void *)&code;
Advertising
This redirects the real call to our hook._sw(MAKE_JUMP(sceUtilitySavedataInitStart_hook), UtilitySavedataInitStart_pointer);
_sw(0x00000000, UtilitySavedataInitStart_pointer + 4);
This one points to the real syscall which is backed up in "code".sceUtilitySavedataInitStart_ = (void *)&code;
thanks for the help!qwikrazor87 wrote:This redirects the real call to our hook._sw(MAKE_JUMP(sceUtilitySavedataInitStart_hook), UtilitySavedataInitStart_pointer);
_sw(0x00000000, UtilitySavedataInitStart_pointer + 4);This one points to the real syscall which is backed up in "code".sceUtilitySavedataInitStart_ = (void *)&code;
yeah, it's they key, byte by byte.grief3r wrote:thanks for the help!
here is what appears to be the game key
https://gyazo.com/0ff12dfc6cba4f5e855169aa85c1f362
is this the key byte by byte? or is there some big-end / little -end business going on
it seems the save data for this game has some weird compression, i know which bytes im looking to replace , it's a long stream of bytes but they are divided into 2 bytes each and spread all over the decrypted save data, is there any known compression methods that behave this way that you know of thanks in advanceqwikrazor87 wrote:yeah, it's they key, byte by byte.grief3r wrote:thanks for the help!
here is what appears to be the game key
https://gyazo.com/0ff12dfc6cba4f5e855169aa85c1f362
is this the key byte by byte? or is there some big-end / little -end business going on
hmm, no idea, game saves don't have any standard format, devs can do whatever they want with the save, so you'll need to figure it out.grief3r wrote: it seems the save data for this game has some weird compression, i know which bytes im looking to replace , it's a long stream of bytes but they are divided into 2 bytes each and spread all over the decrypted save data, is there any known compression methods that behave this way that you know of thanks in advance
you said the psp uses AES to decrypt save data correct? do you know if it's some kind of variation because im looking to make my own decryption tool for this game, so far all i know is that it uses AES and that xor's the bytesqwikrazor87 wrote:hmm, no idea, game saves don't have any standard format, devs can do whatever they want with the save, so you'll need to figure it out.grief3r wrote: it seems the save data for this game has some weird compression, i know which bytes im looking to replace , it's a long stream of bytes but they are divided into 2 bytes each and spread all over the decrypted save data, is there any known compression methods that behave this way that you know of thanks in advance
yes, most, if not all, games use AES encryption on the saves, the AES encryption is handled by PSP kernel in chnnlsv.grief3r wrote:you said the psp uses AES to decrypt save data correct? do you know if it's some kind of variation because im looking to make my own decryption tool for this game, so far all i know is that it uses AES and that xor's the bytes
I suppose for that i will have to find the module sceIoOpen then set a breakpoint when i load the save data, then try to disassemble the code from there,qwikrazor87 wrote:yes, most, if not all, games use AES encryption on the saves, the AES encryption is handled by PSP kernel in chnnlsv.grief3r wrote:you said the psp uses AES to decrypt save data correct? do you know if it's some kind of variation because im looking to make my own decryption tool for this game, so far all i know is that it uses AES and that xor's the bytes
Very few games add their own encryption/compression to the saves (before having the PSP encrypt it), and some also have hash checks.
Make sure that you are using the correct game key to decrypt the sav.
In the case of the game encrypting/compressing it's save, you'll need to look into the game's code and figure out what happens.
It's a very tedious job pinpointing the function handling the game's custom enc/comp, I can't give you an easy road map for it, but you'll need to look for it somewhere after sceUtilitySavedataInitStart is called, find out where the save is loaded to, then see if you can find out what the game does with that data (psplink helps a lot in this case).grief3r wrote:I suppose for that i will have to find the module sceIoOpen then set a breakpoint when i load the save data, then try to disassemble the code from there,
i know the game uses AES since SED can dec / enc the save data, i have tried this both ways and the save data loads( it only detects the corrupt save when i edit the unenc save then encrypt it back ,
however it would be useful to know which modules handle the AES so that i can skip this, then know where to find the start of the function that decompresses the save data,
thanks in advance