Dat between 0x00 and 0x7F uint8 key0x10; /encrypted klicensee uint64_t start_timestamp; / timestamp of when the content was bought uint64_t expire_timestamp; / timestamp for expiration of content (PS for example) uint8_t rs0x28; ; struct ACTDAT uint8_t unk10x10; /Version, User number uint8_t keyTable0x800; /Key Table. I don't know if DUPLEX used this method or if they replaced the data with debug versions as some implied. Also, it can be use is to modify geohot's make_self_npdrm to use non static keys for encoding. It is located on the VSH. elf (remember that PPC64 has 8 byte aligment). That is a plaintext attack dictionary(vsh). You don't need the curves as you can not sign rif nor act. Some of you asked what this algorithm is for. It has several use from backing up PSN games so they can be used with/without license (some countries allow backups, but NEVER sharing copyrighted material.) or use game updates on lower firmwares (some updates are NPDRM so they could not be decrypted and downgraded). Dat and the rif associated to the content (if local it will locate a file with the same titleid on NPD element, if remote it will download to vsh process memory) Then the signature is checked (last 0x28 bytes of both RIF and act.
Source: t/p?p259713 postcount1 JuanNadie Footnote: KLicenseeDecryptKey is located in appldr twice, e.g. 1.00: Offset(h) A 0B 0C 0D 0E 0F 000187C. 000187D0 F2 FB CA 7A 75 B0 4E DD FD D1 EE zuNÜ.