Advertising (This ad goes away for registered users. You can Login or Register)

trying to find gamekey in ppsspp for decryption of save data

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
grief3r
Posts: 358
Joined: Sat Nov 09, 2013 4:12 am

Re: trying to find gamekey in ppsspp for decryption of save

Post by grief3r »

qwikrazor87 wrote:
grief3r wrote:I suppose for that i will have to find the module sceIoOpen then set a breakpoint when i load the save data, then try to disassemble the code from there,
i know the game uses AES since SED can dec / enc the save data, i have tried this both ways and the save data loads( it only detects the corrupt save when i edit the unenc save then encrypt it back ,
however it would be useful to know which modules handle the AES so that i can skip this, then know where to find the start of the function that decompresses the save data,
thanks in advance
It's a very tedious job pinpointing the function handling the game's custom enc/comp, I can't give you an easy road map for it, but you'll need to look for it somewhere after sceUtilitySavedataInitStart is called, find out where the save is loaded to, then see if you can find out what the game does with that data (psplink helps a lot in this case).
that helped a lot, im currently disassembling the functions that write to the save data buffer in memory

i would like to know if it's possible to find out the original names of the functions the game devs made for the game,
i mean if it is possible to figure out export names for sce functions it should be possible for game specific fxn as well, since ppsspp just puts a label zz_un_(address) at beginning of each fxn, that label is rather meaningless
Advertising
PSV1001 2.61 FieldRunners
PSP1001 6.60 Pro-C
PSP 3001 6.20 Pro-C2
qwikrazor87
Guru
Posts: 2874
Joined: Sat Apr 21, 2012 1:23 pm
Location: The North Pole

Re: trying to find gamekey in ppsspp for decryption of save

Post by qwikrazor87 »

grief3r wrote:that helped a lot, im currently disassembling the functions that write to the save data buffer in memory

i would like to know if it's possible to find out the original names of the functions the game devs made for the game,
i mean if it is possible to figure out export names for sce functions it should be possible for game specific fxn as well, since ppsspp just puts a label zz_un_(address) at beginning of each fxn, that label is rather meaningless
Function NIDs are only used if the function is exported to be used by another module, otherwise we can't find out the original function name (exception is if the game has debug info with the function names), and if games do have NIDs for their custom functions then we'll need to brute force the NIDs until the correct name is found.
Advertising
PSP 2001 - TA-085 - 6.61 PRO-C2
PS Vita 3G - PCH-1101 - 3.65 HENkaku Ensō
Alcatel phone - Android 8.1.0
Laptop - Toshiba Satellite L305D-S5974 - Ubuntu 16.04 LTS
dogevid
Posts: 1
Joined: Thu Jul 29, 2021 4:24 am

Re: trying to find gamekey in ppsspp for decryption of save data

Post by dogevid »

I'm beyond frustrated at this point. Nothing **** works, and maybe that's my fault for ever upgrading to 6.60. I should have stayed on the older firmware, but no--everyone said it was great.

SGDeemer doesn't work any more. It doesn't create the sddata.bin or sdinfo.bin files to convert a save.

Downloaded this save decrypter for PC. Only it has no instructions.
Locked

Return to “Programming and Security”