Ok, I opened MEMCARD1.DAT created by PSX emulator for PSP.
I was keep looking for method how to decode encryption.

We can...
1. use ePSXe savedata for PSX emu for PSP
2. you can play multi discs PSX games by ePSXe cd change method
3. you can cheat by editing PSX emu savedata
Once if we could decrypt encryption.

Ok, I tell you the truth, my brain is melting by those total random numbers that keep changing randomly.
My head is burning and my eyes are shrinking:( :(
meeewwwwwwwwww mewwwwwwwwww :p :p :p :p
some one open MEMCARD1.DAT with hex editor and help me!!!!!!

wtf are you trying to tell us ?

He's saying what most know by now. Simply put, the memory cards are encrypted.

I just recreated all my PSone games with proper names, IDs, icons and backgrounds, but now I can't use my old savegames anymore. Is there a way of converting them to be used with the newly created EBOOTs? I don't want to lose my 5 hour savegame for Symphony of the Night.

Renaming the folder to the proper game ID (SLUS00067) or touching the files in any way result in corrupted data. Any suggestions?

maybe move your memcard1.dat to your new save directory, but i'm sure that will lead to an 80000004 error.

if that doesn't work, you'll just have to revert.

maybe move your memcard1.dat to your new save directory, but i'm sure that will lead to an 80000004 error.
Already tried that. Results in corrupted data and said error.

I guess I'll have to stick with various "Hot Shots Golf 2" games, then ... ;-)

I got some gameplay before people figured you could just hex edit the pbp. Besides, I don't spend my time looking at the save game menu.

the PSP/PS1 saves are encrypted with AES 128Bit encryption.

the memory card file contains 128Kbytes of save data, and 48 bytes of key data (3 keys@16bytes each).

Try using an AES descryptor using the hex string found in the keys.bin file, if not, try brute forcing it.

128 bit AES encryption is 340,282,366,920,938,463,463,374,607,431,768,211,45 6 possible key combinations.

If a device could be built that could check a billion billion keys (1018) per second, 10,790,283,070,806 years would still be required to exhaust the key space. By way of comparison, current evidence indicates that the age of the universe is only about 13,000,000,000 years.

Godo luck with that.

And if I only had a brain.... Said the Scarerow.

the PSP/PS1 saves are encrypted with AES 128Bit encryption.

the memory card file contains 128Kbytes of save data, and 48 bytes of key data (3 keys@16bytes each).

Try using an AES descryptor using the hex string found in the keys.bin file, if not, try brute forcing it.

128 bit AES encryption is 340,282,366,920,938,463,463,374,607,431,768,211,45 6 possible key combinations.

If a device could be built that could check a billion billion keys (1018) per second, 10,790,283,070,806 years would still be required to exhaust the key space. By way of comparison, current evidence indicates that the age of the universe is only about 13,000,000,000 years.

Godo luck with that.
world is big, i bet someone live longer then that

the PSP/PS1 saves are encrypted with AES 128Bit encryption.

the memory card file contains 128Kbytes of save data, and 48 bytes of key data (3 keys@16bytes each).

Try using an AES descryptor using the hex string found in the keys.bin file, if not, try brute forcing it.

128 bit AES encryption is 340,282,366,920,938,463,463,374,607,431,768,211,45 6 possible key combinations.

If a device could be built that could check a billion billion keys (1018) per second, 10,790,283,070,806 years would still be required to exhaust the key space. By way of comparison, current evidence indicates that the age of the universe is only about 13,000,000,000 years.

Godo luck with that.


You are forgetting something very important. Since a psp or psone game can create and read it's own saves the keys have to be either in the game code or somewhere else in the psp. That means the key is in the eboot/iso, the firmware, the ipl, the idstorage area, or somewhere like that. Of course, it might be obfuscated well enough that it would take some time and skill to find but it has to be there.

if it were that simple, it would have been long discussed here. encrypted or not, there's got to be a way.

the PSP/PS1 saves are encrypted with AES 128Bit encryption.

the memory card file contains 128Kbytes of save data, and 48 bytes of key data (3 keys@16bytes each).

Try using an AES descryptor using the hex string found in the keys.bin file, if not, try brute forcing it.

128 bit AES encryption is 340,282,366,920,938,463,463,374,607,431,768,211,45 6 possible key combinations.

If a device could be built that could check a billion billion keys (1018) per second, 10,790,283,070,806 years would still be required to exhaust the key space. By way of comparison, current evidence indicates that the age of the universe is only about 13,000,000,000 years.

Godo luck with that.


I'll put my Atari 800 right on it

You are forgetting something very important. Since a psp or psone game can create and read it's own saves the keys have to be either in the game code or somewhere else in the psp. That means the key is in the eboot/iso, the firmware, the ipl, the idstorage area, or somewhere like that. Of course, it might be obfuscated well enough that it would take some time and skill to find but it has to be there.

Yes you are right, remeber the GTA exploit ? That used a PRX to encode the savegame ;) So it's defently possible, also with 3.02 OE-B we have kernel acces to 3.02 so I think it ain't THAT hard to crack the savegame :)

Try using an AES decrypter using the hex string found in the keys.bin file,


Has anyone tried this? Could work!

If anyone has any info on this please share :D Thank you ^^

http://svn.ps2dev.org
svn\pspsdk\src\samples\savedata
encrypt
decrypt
utility
Not sure what the gamekey would be in the case of ps1 emulated games though...

I realize this isnt actually a solution to decrypting the savegames, but if your goal is to keep your progress from an old PBP to a new (corrected) PBP, couldnt you use CW Cheat to export the save from the old game? After you boot up the Old.PBP and save to the memory stick, fire up the New.PBP and use CWCheat to load your game.

You'd at least have your save. Or does 3.03oea2 not work with CWCheat anymore? I've been playing FFT since 302oeb and have been ignoring the developments.

I realize this isnt actually a solution to decrypting the savegames, but if your goal is to keep your progress from an old PBP to a new (corrected) PBP, couldnt you use CW Cheat to export the save from the old game? After you boot up the Old.PBP and save to the memory stick, fire up the New.PBP and use CWCheat to load your game.


Wow :eek: Didn't know CWCheat could use savedata like that...! (it works fine, even on the new 3.03 OE-B) I'm gonna give it a try. MrSquishy I advise you to update to 3.03 OE, because it supports PSX ISO compression! Really useful :D

EDIT: It works!!! Thank you @ MrSquishy
EDIT2: As I thought, CWCheat uses code from the SaveDataTool for that part...

BTW I have checked out Shine's SaveDataTool, you can get it here (http://www.mynetcologne.de/~nc-buszfr/SavedataTool.zip), but I can't get this running on DAX OE firmware... Tried converting it with PSP Brew with no results though. Can someone make it compatible with 3.0x OE FW? Source is included in the archive..


http://svn.ps2dev.org
svn\pspsdk\src\samples\savedata
encrypt
decrypt
utility
Not sure what the gamekey would be in the case of ps1 emulated games though...
This is most probably Shine's SaveDataTool you're talking about.. right?
And it seems like weltall (CWCheat dev) figured out the gamekey!! Nothing less expected ;)