Editing Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[Category:Software]]
[[Category:Software]]<noinclude>[[Category:Main]]</noinclude>
<noinclude>
[[Category:Main]]
</noinclude>


= Useful Information =
= Useful Information =
Line 20: Line 17:
* pub file (public): %s-pub-%s
* pub file (public): %s-pub-%s
* priv file (private): %s-priv-%s
* priv file (private): %s-priv-%s
= Per-console keys =
See [https://www.psdevwiki.com/psp/Kirk#Individual_Seed Kirk documentation] for usage of PSP-related individual seeds.
== Cmep Keyring 0x600 - Visible ID (Test Subject 9 PS Vita) ==
<pre>
00 00 01 01 AC 72 45 00 F5 68 96 03 80 57 C8 1A
25 99 21 A1 73 A4 89 F2 E9 96 23 E9 86 0F 74 2D
</pre>
* Contains the console's [https://wiki.henkaku.xyz/vita/VisibleId Visible ID].
== Cmep Keyring 0x601 - ScePspIndividualKeyMeshCert first half (Test Subject 9 PS Vita) ==
* Contains the first half (0x20 bytes) of of the console's [https://www.psdevwiki.com/psp/Kirk#PSP_Individual_Key_Mesh_Certificate ScePspIndividualKeyMeshCert].
* Warning: the dump presented here is byte-swapped.
<pre>
B9 18 4E 22 83 8B 91 6D 19 86 72 D5 FB 10 FD A3 <- byte-swapped key_mesh.derivation_seed_1
4A 4E 72 CB 02 6E 96 E9 96 B2 C3 23 B9 CF 36 A4 <- byte-swapped key_mesh.derivation_seed_0
</pre>
== Cmep Keyring 0x602 - ScePspIndividualKeyMeshCert second half (Test Subject 9 PS Vita) ==
* Contains the second half (0x20 bytes) of the console's [https://www.psdevwiki.com/psp/Kirk#PSP_Individual_Key_Mesh_Certificate ScePspIndividualKeyMeshCert].
* Warning: the dump presented here is byte-swapped.
<pre>
85 4B 14 AB 00 00 00 00 00 45 72 AC 01 01 08 10 <- byte-swapped hash, byte-swapped reserved, byte-swapped fuse_id
FF 9A 3E E5 A2 B9 F5 25 32 4D E0 2A 8F B1 8F B9 <- byte-swapped key_mesh.derivation_key
</pre>
== ScePspIndividualKeyMeshCert (Test Subject 9 PS Vita) ==
* By byte-swapping keyrings 0x601 and 0x602 or by taking Fuse ID only and running the ScePspIndividualKeyMeshCert generation algorithm (see PSP Jig Kick flashData.prx), we can obtain ScePspIndividualKeyMeshCert.
<pre>
A4 36 CF B9 23 C3 B2 96 E9 96 6E 02 CB 72 4E 4A <- key_mesh.derivation_seed_0
A3 FD 10 FB D5 72 86 19 6D 91 8B 83 22 4E 18 B9 <- key_mesh.derivation_seed_1
B9 8F B1 8F 2A E0 4D 32 25 F5 B9 A2 E5 3E 9A FF <- key_mesh.derivation_key
10 08 01 01 AC 72 45 00 00 00 00 00 AB 14 4B 85 <- fuse_id, reserved, hash
</pre>


= SUPER KEYS (Dumped by SDBoot glitching) =
= SUPER KEYS (Dumped by SDBoot glitching) =
Line 70: Line 24:
<pre>
<pre>
D9022A0C0D9DC52A55A162EA23F50A65
D9022A0C0D9DC52A55A162EA23F50A65
</pre>
== Perconsole Keyslot 0x8 (Test Subject 7) ==
<pre>
A193E1DD073BECDF6720D0616A8E815D
</pre>
== Perconsole Keyslot 0x8 (Test Subject 8) ==
<pre>
80D71F18E0A3F393236AE1E875AE3EF8
</pre>
</pre>


Line 88: Line 30:
<pre>
<pre>
4B0F736E9A1FD865B125B05BC3641EC9
4B0F736E9A1FD865B125B05BC3641EC9
</pre>
== Perconsole Keyslot 0x9 (Test Subject 7) ==
<pre>
C310134A5F5D825AC5E0BB838BA3E287
</pre>
== Perconsole Keyslot 0x9 (Test Subject 8) ==
<pre>
04937A014699DA528E6B0CF7ECCADB78
</pre>
</pre>


Line 109: Line 39:
</pre>
</pre>


* Universal
* Type 3 (finalized unit)


== Perconsole Keyslot 0x606 (Test Subject 5) ==
== Perconsole Keyslot 0x606 (Test Subject 5) ==
Line 132: Line 62:
</pre>
</pre>


== Perconsole Keyslot 0x606 (Test Subject 8) ==
== Perconsole Keyslot 0x607 (Test Subject 5) ==
 
<pre>
98 AF 08 AD B7 8A E2 83 0A 31 47 0A FD 00 B2 64 
D4 E2 C5 83 E2 14 EB 57 F9 58 CD 54 C4 BA 09 4C
</pre>
 
== Perconsole Keyslot 0x607 (Test Subject 5) ==


<pre>
<pre>
Line 158: Line 81:
7E EE 37 A4 C0 DA C7 D2 0A AA 5E DA 34 17 B4 5C   
7E EE 37 A4 C0 DA C7 D2 0A AA 5E DA 34 17 B4 5C   
45 A8 DA 4E FD 40 7D 9D E5 08 53 B4 9A 06 29 43
45 A8 DA 4E FD 40 7D 9D E5 08 53 B4 9A 06 29 43
</pre>
== Perconsole Keyslot 0x607 (Test Subject 8) ==
<pre>
6E 1E 68 77 A7 1D 05 8B 97 55 F6 9D 2E 2A 24 1C 
4A 3D B7 E4 3B E8 F0 65 FA A0 8C 20 58 89 3F F2
</pre>
</pre>


Line 944: Line 860:
1C7FD39E8D63AA32D386413EE6A01C15C4876BF614CA954E36C1602DD7871C4F KEY
1C7FD39E8D63AA32D386413EE6A01C15C4876BF614CA954E36C1602DD7871C4F KEY
051DFE9D9BEA8087F66EB8F631010D88 IV
051DFE9D9BEA8087F66EB8F631010D88 IV
</pre>
=== Unknown GCAUTHMGR Key and IV ===
<pre>
821C5714415E9804D6AAE324EB3DDDFE7BB73E8EC0F9E04D3D6D60BCD0CF4EE9
</pre>
<pre>
CEC36FCD7DB3102A80E9C2AA65734FC1
</pre>
</pre>


Line 1,003: Line 928:
</pre>
</pre>


== GcAuthMgr ==
== AIMGR ==
=== Master Key Seeds ===
 
As part of gc authentication, some keys are derived using these key seeds
* All these seem to be fallback keys in case keyslot 0 (aka pck0) fails to decrypt the idstorage enc_cmac located at cert + 0xD8
& 0x345 and 0x348 bbmac.
 
different key seeds are used depending on the key id used by the gamecart.
* algo used is aes-128-ecb-dec
 
* used together with keyslot 0x212 for cmac


==== KeyID 0x1 ====
KEYSEED:
<pre>
<pre>
7f1fd065dd2f40b3e26579a6390b616d
7BB73E8EC0F9E04D3D6D60BCD0CF4EE9
 
CEC36FCD7DB3102A80E9C2AA65734FC1
 
89398ED8AE6FB3B0519485893AD0E5F3
 
33B90F7B250879F87DB269CFC4E7FB35
</pre>
</pre>
IV:
 
* This seems to be used to derive decryption for the certificate from idstorage
 
* used with slot 0x204 (likely iv for aes-256 master key)
 
<pre>
<pre>
8b14c8a1e96f30a7f101a96a3033c55b
821C5714415E9804D6AAE324EB3DDDFE
</pre>
</pre>
==== KeyID 0x8001 ====
=== PSN Keys ===
KEYSEED:
==== X-I-4-Passphrase ====
<pre>
 
6f2285ed463a6e57c5f3550ddcc81feb
used to aes-128-cbc encrypt X-I-4-Passphrase header of PSN authentication request:
</pre>
 
==== KeyID 0x8002 ====
- Version 1 (used until 3.63)
KEYSEED:
<pre>
<pre>
da9608b528825d6d13a7af1446b8ec08
EA35FA34B747929A540219DBA2DA001F
</pre>
</pre>
==== KeyID 0x8003 ====
- Version 2 (used 3.63 onwards)
KEYSEED:
<pre>
<pre>
368b2eb5437a821862a6c95596d8c135
886073DE0511F0581792DC66FD6CA6AF
</pre>
=== Unknown GcAuthMgr Key and IV ===
<pre>
821C5714415E9804D6AAE324EB3DDDFE7BB73E8EC0F9E04D3D6D60BCD0CF4EE9
</pre>
</pre>


<pre>
notes:
CEC36FCD7DB3102A80E9C2AA65734FC1
the IV is all 0 in both cases
</pre>
PSN will still accept a version 1 passphrase which is how henkaku psn spoof works


 
==== X-I-4-Passphrase HMAC ====
== KPRX_AUTH ==
used to generate the HMAC signature for X-I-4-Passphrase
keys part of kprx_auth_sm
 
=== Bind Data HMAC Key ===  
used for ksceSblAuthMgrDecBindData
<pre>
<pre>
901a84fb13a744a378c5018a60f58c22
4D3E171CFB60DF96D1AFA6E76FEBFB5C079A5D177919C3EF417BAFA23A0B0DE2036624F0C87A8D3659DAE19E77195146B11A767D8A35A8610D301A79BBA9342D
</pre>
</pre>
HMAC-SHA256 using this key
result is the key to aes-cbc-decrypt bind data
first 0x10 is key, last 0x10 is iv.


== AIMGR ==
== Communication Processor ==


* All these seem to be fallback keys in case keyslot 0 (aka pck0) fails to decrypt the idstorage enc_cmac located at cert + 0xD8
=== ES2 fsimage1.trf Pub ===
 
* algo used is aes-128-ecb-dec
 
* used together with keyslot 0x212 for cmac


<pre>
<pre>
7BB73E8EC0F9E04D3D6D60BCD0CF4EE9
A9 69 7F 9D 93 43 CA DE 68 E0 4F 9E 35 6E 6A B6
 
BB C7 DE 36 A4 D8 1B 98 A8 3B C1 2B E3 F6 DF 96
CEC36FCD7DB3102A80E9C2AA65734FC1
ED 7A 64 38 94 56 AC A9 33 BE BF BA 4F FE F0 5C
F4 5F 2F 88 6F 43 4F BB C3 A0 13 48 53 30 70 C0
B7 D5 E9 C2 1E FE 53 E9 5A 60 19 DB 51 C1 2C 6B
AF EB 94 E9 92 28 79 63 44 8E 59 60 63 84 B9 9F
3F F3 E5 EB 6A A0 8B F3 2A 4D BA 7A 31 25 20 CE
C2 B6 9B B2 0A 6D 06 40 B1 17 17 0A A2 DD A1 FB
59 0A EE 7A DF C4 E8 0D FC F2 7F A5 5D DE C9 2C
07 92 2F DD 05 AB 16 18 DC B7 27 AA 6F F7 00 27
A9 41 0B C8 45 E5 0E AF D4 6C 0F D9 2F F5 00 67
2D E5 64 89 C6 69 B0 AA 48 1F FD 75 E9 9E 21 A8
DC 2F 9F 9E 87 95 7B 46 BB F6 3F B7 DD BE 8B 8C
A8 61 BA 34 9A 62 45 8E 85 5E E7 8C 3D D6 79 1F
92 E7 64 22 14 4E 51 29 5B 13 37 E1 5C 12 6D F6
FA 0C 29 32 1B C1 D7 C0 0E 3C 19 EE F3 A3 E7 A5
</pre>


89398ED8AE6FB3B0519485893AD0E5F3
=== ES2 CPUP Pub ===


33B90F7B250879F87DB269CFC4E7FB35
<pre>
A7 CC AE 0F 50 11 88 52 7B F3 DA CC A3 E2 31 C8
D8 70 1E 7B 91 92 73 90 70 1D E5 E7 A9 63 27 DA
D8 71 67 A8 F0 13 68 AD DF E4 90 E3 25 A2 90 53
36 97 05 8F BA 77 57 66 69 80 10 AF D8 FD 7A 3F
FD 26 5E 0A 52 FE 04 92 8B CE 8B 43 02 F4 C7 0F
FA C3 C9 39 7F D2 4B 10 62 71 E5 7B DA 20 D2 D7
02 29 8F 6F 99 0E CF 9B 0F E0 4F F6 CC EE 17 0B
55 53 04 23 20 12 D7 8E 60 19 DA B2 97 63 82 9E
6A F5 AD A8 02 20 4F A5 51 63 11 79 CB FE 61 64
73 26 62 E8 57 67 41 94 9B B1 36 45 6C 11 DE 35
5F 48 72 11 D2 30 26 7D C0 5E 69 9A 26 52 AD 5C
6D 74 B0 56 83 26 F4 F2 F5 B8 6A D9 56 E9 44 04
D3 A6 59 28 F4 EA 21 89 56 7C E9 98 99 11 B0 48
08 51 7F 4C 76 A8 B2 5D F1 D6 AB BE 85 95 C4 69
BF D7 E8 70 C4 F0 0A 89 61 0C 2C 9B 79 F6 25 A4
2C A2 B4 C6 B8 D3 7E 62 CE 9E C6 1A 85 6F D3 2F
</pre>
</pre>


* This seems to be used to derive decryption for the certificate from idstorage
=== NBL Configs ===


* used with slot 0x204 (likely iv for aes-256 master key)
==== Key ====


<pre>
<pre>
821C5714415E9804D6AAE324EB3DDDFE
3C 97 EB 60 B2 06 80 E9 5E B7 00 13 11 96 5F AE
</pre>
</pre>
=== PSN Keys ===
==== X-I-4-Passphrase ====


used to aes-128-cbc encrypt X-I-4-Passphrase header of PSN authentication request:
==== IV ====
 
- Version 1 (used until 3.63)
<pre>
<pre>
EA35FA34B747929A540219DBA2DA001F
4D 8A C9 0A E0 B3 C1 30 46 31 A8 6D 56 32 02 70
</pre>
- Version 2 (used 3.63 onwards)
<pre>
886073DE0511F0581792DC66FD6CA6AF
</pre>
</pre>


notes:
=== Deobfuscated blob ===
the IV is all 0 in both cases
PSN will still accept a version 1 passphrase which is how henkaku psn spoof works


==== X-I-4-Passphrase HMAC ====
used to generate the HMAC signature for X-I-4-Passphrase
<pre>
<pre>
4D3E171CFB60DF96D1AFA6E76FEBFB5C079A5D177919C3EF417BAFA23A0B0DE2036624F0C87A8D3659DAE19E77195146B11A767D8A35A8610D301A79BBA9342D
4D 8A C9 0A E0 B3 C1 30 46 31 A8 6D 56 32 02 70 iv  blob01 aes-128-cbc
</pre>
3C 97 EB 60 B2 06 80 E9 5E B7 00 13 11 96 5F AE key blob01 aes-128-cbc


== Communication Processor ==
A9 69 7F 9D 93 43 CA DE 68 E0 4F 9E 35 6E 6A B6 fs1 rsa
 
BB C7 DE 36 A4 D8 1B 98 A8 3B C1 2B E3 F6 DF 96 fs1
=== ES2 fsimage1.trf Pub ===
ED 7A 64 38 94 56 AC A9 33 BE BF BA 4F FE F0 5C fs1
 
F4 5F 2F 88 6F 43 4F BB C3 A0 13 48 53 30 70 C0 fs1
<pre>
B7 D5 E9 C2 1E FE 53 E9 5A 60 19 DB 51 C1 2C 6B fs1
A9 69 7F 9D 93 43 CA DE 68 E0 4F 9E 35 6E 6A B6  
AF EB 94 E9 92 28 79 63 44 8E 59 60 63 84 B9 9F fs1
BB C7 DE 36 A4 D8 1B 98 A8 3B C1 2B E3 F6 DF 96  
3F F3 E5 EB 6A A0 8B F3 2A 4D BA 7A 31 25 20 CE fs1
ED 7A 64 38 94 56 AC A9 33 BE BF BA 4F FE F0 5C  
C2 B6 9B B2 0A 6D 06 40 B1 17 17 0A A2 DD A1 FB fs1
F4 5F 2F 88 6F 43 4F BB C3 A0 13 48 53 30 70 C0  
59 0A EE 7A DF C4 E8 0D FC F2 7F A5 5D DE C9 2C fs1
B7 D5 E9 C2 1E FE 53 E9 5A 60 19 DB 51 C1 2C 6B  
07 92 2F DD 05 AB 16 18 DC B7 27 AA 6F F7 00 27 fs1
AF EB 94 E9 92 28 79 63 44 8E 59 60 63 84 B9 9F  
A9 41 0B C8 45 E5 0E AF D4 6C 0F D9 2F F5 00 67 fs1
3F F3 E5 EB 6A A0 8B F3 2A 4D BA 7A 31 25 20 CE  
2D E5 64 89 C6 69 B0 AA 48 1F FD 75 E9 9E 21 A8 fs1
C2 B6 9B B2 0A 6D 06 40 B1 17 17 0A A2 DD A1 FB  
DC 2F 9F 9E 87 95 7B 46 BB F6 3F B7 DD BE 8B 8C fs1
59 0A EE 7A DF C4 E8 0D FC F2 7F A5 5D DE C9 2C  
A8 61 BA 34 9A 62 45 8E 85 5E E7 8C 3D D6 79 1F fs1
07 92 2F DD 05 AB 16 18 DC B7 27 AA 6F F7 00 27  
92 E7 64 22 14 4E 51 29 5B 13 37 E1 5C 12 6D F6 fs1
A9 41 0B C8 45 E5 0E AF D4 6C 0F D9 2F F5 00 67  
FA 0C 29 32 1B C1 D7 C0 0E 3C 19 EE F3 A3 E7 A5 fs1 rsa
2D E5 64 89 C6 69 B0 AA 48 1F FD 75 E9 9E 21 A8  
 
DC 2F 9F 9E 87 95 7B 46 BB F6 3F B7 DD BE 8B 8C  
68 48 3F BB 69 F1 04 A3 CB 0A D8 18 7F 90 0B 12
A8 61 BA 34 9A 62 45 8E 85 5E E7 8C 3D D6 79 1F  
89 6F F0 68 51 B5 51 CC 75 B9 C7 01 4D B1 8F A9
92 E7 64 22 14 4E 51 29 5B 13 37 E1 5C 12 6D F6  
0A 82 27 97 B6 CC 1D C0 2B CD 68 8E 91 C6 22 64
FA 0C 29 32 1B C1 D7 C0 0E 3C 19 EE F3 A3 E7 A5
1B F4 36 ED 32 2D D4 F0 D2 CD C1 7F 20 35 AA 0B
F4 E0 8D 02 49 BF EE 25 52 90 AC E9 40 C4 69 27
E0 C9 DF 3D 3A A0 62 98 4E B6 D3 77 41 5C C4 09
3F B8 3E 20 28 65 2D 80 70 C5 25 4A CA 0B CA D0
A7 C3 3A DC 90 EF 6B 66 D2 CD F5 0B A3 CC A0 E2
29 9E 38 D2 76 11 66 B9 2C 28 7F 75 1F 94 FF 06
74 18 EA A9 D7 C9 EF 9A 26 3D 42 8C 23 33 0D 27
41 42 67 E7 DB BC A6 B7 07 F8 C3 3D 9F 06 B0 3E
CB 45 3F A6 40 22 28 A4 0A 13 8A 49 68 F3 F0 72
94 EA D9 E8 55 37 CF 8D 43 AD AF EC 51 87 40 D4
D4 D5 A5 4B AE 14 27 7E FB 42 F9 C7 81 4E 1E E5
</pre>
</pre>


=== ES2 CPUP Pub ===
== Ernie ==
 
=== Security ID (RL78) ===


<pre>
<pre>
A7 CC AE 0F 50 11 88 52 7B F3 DA CC A3 E2 31 C8
00 00 00 00 00 00 00 00 00 00 (it's blank LMAO)
D8 70 1E 7B 91 92 73 90 70 1D E5 E7 A9 63 27 DA
D8 71 67 A8 F0 13 68 AD DF E4 90 E3 25 A2 90 53
36 97 05 8F BA 77 57 66 69 80 10 AF D8 FD 7A 3F
FD 26 5E 0A 52 FE 04 92 8B CE 8B 43 02 F4 C7 0F
FA C3 C9 39 7F D2 4B 10 62 71 E5 7B DA 20 D2 D7
02 29 8F 6F 99 0E CF 9B 0F E0 4F F6 CC EE 17 0B
55 53 04 23 20 12 D7 8E 60 19 DA B2 97 63 82 9E
6A F5 AD A8 02 20 4F A5 51 63 11 79 CB FE 61 64
73 26 62 E8 57 67 41 94 9B B1 36 45 6C 11 DE 35
5F 48 72 11 D2 30 26 7D C0 5E 69 9A 26 52 AD 5C
6D 74 B0 56 83 26 F4 F2 F5 B8 6A D9 56 E9 44 04
D3 A6 59 28 F4 EA 21 89 56 7C E9 98 99 11 B0 48
08 51 7F 4C 76 A8 B2 5D F1 D6 AB BE 85 95 C4 69
BF D7 E8 70 C4 F0 0A 89 61 0C 2C 9B 79 F6 25 A4
2C A2 B4 C6 B8 D3 7E 62 CE 9E C6 1A 85 6F D3 2F
</pre>
</pre>


=== NBL Configs ===
=== Ernie Update AES128CBC Key 0x10/0x30/0x31/0x40/0x41 (PHAT) ===
 
==== Key ====


<pre>
<pre>
3C 97 EB 60 B2 06 80 E9 5E B7 00 13 11 96 5F AE
key: 12B5408FD189E223B61890F488536008
iv : 82D6528A87BC55B38EF29A45730EF130
</pre>
</pre>


==== IV ====
* supports type 0
<pre>
* for block size 0x400 ONLY (block size 0x800 not supported)
4D 8A C9 0A E0 B3 C1 30 46 31 A8 6D 56 32 02 70
</pre>


=== Deobfuscated blob ===
=== Ernie Updater AES128CBC Key 0x10/0x30/0x31/0x40/0x41 (PHAT) ===


<pre>
<pre>
4D 8A C9 0A E0 B3 C1 30 46 31 A8 6D 56 32 02 70 iv blob01 aes-128-cbc
key: EAE43A1C48CD32A565E2CA7D8F9018DC
3C 97 EB 60 B2 06 80 E9 5E B7 00 13 11 96 5F AE key blob01 aes-128-cbc
iv: C9D9619CA151342D04602ECF0B8D6E33
</pre>
 
* supports type 0
* for block size 0x400 ONLY (block size 0x800 not supported)
* for updater and confzz firmwares ONLY
* location: around 0xFXXX of syscon firmware


A9 69 7F 9D 93 43 CA DE 68 E0 4F 9E 35 6E 6A B6 fs1 rsa
=== Ernie Update AES128CBC Key 0x60 (PHAT) ===
BB C7 DE 36 A4 D8 1B 98 A8 3B C1 2B E3 F6 DF 96 fs1
ED 7A 64 38 94 56 AC A9 33 BE BF BA 4F FE F0 5C fs1
F4 5F 2F 88 6F 43 4F BB C3 A0 13 48 53 30 70 C0 fs1
B7 D5 E9 C2 1E FE 53 E9 5A 60 19 DB 51 C1 2C 6B fs1
AF EB 94 E9 92 28 79 63 44 8E 59 60 63 84 B9 9F fs1
3F F3 E5 EB 6A A0 8B F3 2A 4D BA 7A 31 25 20 CE fs1
C2 B6 9B B2 0A 6D 06 40 B1 17 17 0A A2 DD A1 FB fs1
59 0A EE 7A DF C4 E8 0D FC F2 7F A5 5D DE C9 2C fs1
07 92 2F DD 05 AB 16 18 DC B7 27 AA 6F F7 00 27 fs1
A9 41 0B C8 45 E5 0E AF D4 6C 0F D9 2F F5 00 67 fs1
2D E5 64 89 C6 69 B0 AA 48 1F FD 75 E9 9E 21 A8 fs1
DC 2F 9F 9E 87 95 7B 46 BB F6 3F B7 DD BE 8B 8C fs1
A8 61 BA 34 9A 62 45 8E 85 5E E7 8C 3D D6 79 1F fs1
92 E7 64 22 14 4E 51 29 5B 13 37 E1 5C 12 6D F6 fs1
FA 0C 29 32 1B C1 D7 C0 0E 3C 19 EE F3 A3 E7 A5 fs1 rsa


68 48 3F BB 69 F1 04 A3 CB 0A D8 18 7F 90 0B 12
<pre>
89 6F F0 68 51 B5 51 CC 75 B9 C7 01 4D B1 8F A9
key: 8C9ED3908C4143AE02855794C025BE1A
0A 82 27 97 B6 CC 1D C0 2B CD 68 8E 91 C6 22 64
iv : C85AE1576D5E205FE8043573F55F4E11
1B F4 36 ED 32 2D D4 F0 D2 CD C1 7F 20 35 AA 0B
F4 E0 8D 02 49 BF EE 25 52 90 AC E9 40 C4 69 27
E0 C9 DF 3D 3A A0 62 98 4E B6 D3 77 41 5C C4 09
3F B8 3E 20 28 65 2D 80 70 C5 25 4A CA 0B CA D0
A7 C3 3A DC 90 EF 6B 66 D2 CD F5 0B A3 CC A0 E2
29 9E 38 D2 76 11 66 B9 2C 28 7F 75 1F 94 FF 06
74 18 EA A9 D7 C9 EF 9A 26 3D 42 8C 23 33 0D 27
41 42 67 E7 DB BC A6 B7 07 F8 C3 3D 9F 06 B0 3E
CB 45 3F A6 40 22 28 A4 0A 13 8A 49 68 F3 F0 72
94 EA D9 E8 55 37 CF 8D 43 AD AF EC 51 87 40 D4
D4 D5 A5 4B AE 14 27 7E FB 42 F9 C7 81 4E 1E E5
</pre>
</pre>


== Ernie ==
* supports type 0
* location: around 0xFXXX in syscon firmware


=== Security ID (RL78) ===
=== Ernie Updater AES128CBC Key 0x60 (PHAT) ===


<pre>
<pre>
00 00 00 00 00 00 00 00 00 00 (it's blank LMAO)
key: 7014BEE6136725B9FFBE9A8614DD5C2A
iv: FBD11DF2E0AAEE0B9C3738163CB8B6BD
</pre>
</pre>


=== Ernie Update AES128CBC Key 0x10/0x30/0x31/0x40/0x41 (PHAT) ===
* supports type 0
* for updater and confzz firmwares ONLY
 
=== Ernie Update AES128CBC Key 0x70/0x72 (PSTV) ===


<pre>
<pre>
key: 12B5408FD189E223B61890F488536008
key: 67C34253A7DE13517EC903FE1119C04C
iv : 82D6528A87BC55B38EF29A45730EF130
iv : DB302673D69F0D513A635E68A470F9C1
</pre>
</pre>


* supports type 0
* aka the key for the meaning of life, universe and everything else
* for block size 0x400 ONLY (block size 0x800 not supported)
* supports type 6 and 7


=== Ernie Updater AES128CBC Key 0x10/0x30/0x31/0x40/0x41 (PHAT) ===
=== Ernie Updater AES128CBC Key 0x70/0x72 (PSTV) ===


<pre>
<pre>
key: EAE43A1C48CD32A565E2CA7D8F9018DC
key: BE01B7FA1EC3ED641879DDE44D60486E
iv: C9D9619CA151342D04602ECF0B8D6E33
iv : 671A74C7E50F25CF64D4341039C78705
</pre>
</pre>


* supports type 0
* aka the key for the meaning of life, universe and everything else
* for block size 0x400 ONLY (block size 0x800 not supported)
* supports type 6 and 7
* for updater and confzz firmwares ONLY  
* for updater and confzz firmwares ONLY
* location: around 0xFXXX of syscon firmware


=== Ernie Update AES128CBC Key 0x60 (PHAT) ===
=== Ernie Update AES128CBC Key 0x80/0x82 (PS Vita SLIM) ===


<pre>
<pre>
key: 8C9ED3908C4143AE02855794C025BE1A
key: 523BEB53FCB95DC772AA1BFB0A96CD10
iv : C85AE1576D5E205FE8043573F55F4E11
iv : 385D67E50CE7669ECD171FE576814343
</pre>
</pre>


* supports type 0
* supports type 5 and 8
* location: around 0xFXXX in syscon firmware


=== Ernie Updater AES128CBC Key 0x60 (PHAT) ===
=== Ernie Updater AES128CBC Key 0x80/0x82 (PS Vita SLIM) ===


<pre>
<pre>
key: 7014BEE6136725B9FFBE9A8614DD5C2A
key: DBD9450ACCA8544895663A6F472BDE7F
iv: FBD11DF2E0AAEE0B9C3738163CB8B6BD
iv : F927C6A1153DB2D65F736C3AD9E1CE76
</pre>
</pre>


* supports type 0
* supports type 5 and 8
* for updater and confzz firmwares ONLY
* for updater and confzz firmwares ONLY


=== Ernie Update AES128CBC Key 0x70/0x72 (PSTV) ===
=== SERVICE 0x900 PASSPHRASE ===
<pre>
93CE8EBEDF7F69A96F35DDE3BECB97D5
</pre>


=== BStoBSid Key ===
<pre>
<pre>
key: 67C34253A7DE13517EC903FE1119C04C
46B532E3F012E663C0694ECA7C8C58B7
iv : DB302673D69F0D513A635E68A470F9C1
</pre>
</pre>


* aka the key for the meaning of life, universe and everything else
=== First Loader Jig Handshake Key ===
* supports type 6 and 7


=== Ernie Updater AES128CBC Key 0x70/0x72 (PSTV) ===
Also known as g_debug_challenge_key. See [https://wiki.henkaku.xyz/vita/Enc#Secret_debug_mode].


AES256ECB Key:
<pre>
<pre>
key: BE01B7FA1EC3ED641879DDE44D60486E
F47716E6C5649FD648538FD9773D12D1
iv : 671A74C7E50F25CF64D4341039C78705
229E118737B1D782D6A80CDB72E4B9C3
</pre>
</pre>


* aka the key for the meaning of life, universe and everything else
=== Supported Keysets by Ernie ===
* supports type 6 and 7
* for updater and confzz firmwares ONLY
 
=== Ernie Update AES128CBC Key 0x80/0x82 (PS Vita SLIM) ===
 
<pre>
<pre>
key: 523BEB53FCB95DC772AA1BFB0A96CD10
0, 1, 0xB, 0xE, 0xF
iv : 385D67E50CE7669ECD171FE576814343
</pre>
</pre>


* supports type 5 and 8
=== Ernie Handshake Keysets ===
 
These keysets are stored on each side (Ernie firmware and cMeP binaries).


=== Ernie Updater AES128CBC Key 0x80/0x82 (PS Vita SLIM) ===
==== Keyset 0x0 ====


===== SharedData_0 =====
<pre>
<pre>
key: DBD9450ACCA8544895663A6F472BDE7F
80996FBBC8B4EBA30595F4D379A23BD0
iv : F927C6A1153DB2D65F736C3AD9E1CE76
</pre>
</pre>


* supports type 5 and 8
===== SharedKey_0_A =====
* for updater and confzz firmwares ONLY
 
=== SERVICE 0x900 PASSPHRASE ===
<pre>
<pre>
93CE8EBEDF7F69A96F35DDE3BECB97D5
EF685D2E33C7D029A1A2EE646BE39D41
</pre>
</pre>


=== BStoBSid Key ===
===== SharedKey_0_B =====
<pre>
<pre>
46B532E3F012E663C0694ECA7C8C58B7
CE7867DE57575C008D998281E8DA5912
</pre>
</pre>


=== First Loader Jig Handshake Key ===
==== Keyset 0x1 ====


Also known as g_debug_challenge_key. See [https://wiki.henkaku.xyz/vita/Enc#Secret_debug_mode].
===== SharedData_1 =====
 
AES256ECB Key:
<pre>
<pre>
F47716E6C5649FD648538FD9773D12D1
8C20B6FABD2236F772AA283B8C82B13E
229E118737B1D782D6A80CDB72E4B9C3
</pre>
 
=== Supported Keysets by Ernie ===
<pre>
0, 1, 0xB, 0xE, 0xF
</pre>
 
=== Ernie Handshake Keysets ===
 
These keysets are stored on each side (Ernie firmware and cMeP binaries).
 
==== Keyset 0x0 ====
 
===== SharedData_0 =====
<pre>
80996FBBC8B4EBA30595F4D379A23BD0
</pre>
 
===== SharedKey_0_A =====
<pre>
EF685D2E33C7D029A1A2EE646BE39D41
</pre>
 
===== SharedKey_0_B =====
<pre>
CE7867DE57575C008D998281E8DA5912
</pre>
 
==== Keyset 0x1 ====
 
===== SharedData_1 =====
<pre>
8C20B6FABD2236F772AA283B8C82B13E
</pre>
</pre>


Line 1,911: Line 1,784:
</pre>
</pre>


== IdStorage Keys ==
== IdStorage Certificate Keys ==


=== PS Vita IdStorage leaves 0-0x7D RSA2048 Public Key ===
=== IdStorage Certificates ECDSA Public Keys (160 bit) ===
 
 
<pre>
==== PSP Certificates ====
E9 18 F0 8E F8 D1 ED 4A 5E 80 65 44 15 5D AF 3E
99 CD 65 65 5C 5D FE BC BA 59 A4 AB 52 81 63 53
B1 DC 9C 0E BB 70 F7 48 57 47 9C 4C 49 00 8E E4
F7 55 93 14 71 67 DF 9C 92 8E D8 42 4A 10 75 50
D0 9F 6A 48 57 9A E3 86 BF 6B A3 0C 73 57 00 DC
F7 CB 2B B3 7C 03 11 CC EC D9 0F BA A1 2E E5 EE
5C D3 10 D5 0F 1D 58 C1 23 8B CD 7B 9E E6 2C 7F
4C AE 11 01 8C A5 AE F0 D5 C2 8D 5E E9 F6 6F 1E
37 8B B4 BD BC C0 2F 3D 3D 6E F8 E6 35 EF B6 C2
EF 82 ED AD 07 16 5A 4D A4 AB 83 76 14 9D 6F 29
6D AD DA 83 CF 0D F3 9F 9C 6B AC 79 61 B6 6F 32
60 34 99 B4 C3 9C 94 D7 1A 29 8A B4 12 D8 42 F9
69 C3 0E 47 EF 86 FD 35 E5 CD 23 E8 95 B3 E1 A3
D6 E9 CA 90 8F 46 59 FE BC B3 00 C0 9C E7 34 07
5A 7F 85 2A 5B AD 82 B8 52 85 74 6F 73 45 C2 5F
4B 7A 8D 85 70 8B 6C FD AA 59 70 BF 33 00 79 D5
</pre>
 
* Exponent is 65537.
* Found in PS Vita factTest.self.
* Signature is stored in PS Vita IdStorage leaf 0x7E offset 0x60.
* PSP IdStorage does not have this signature.
* This signature does not seem to be checked on console boot. It might be used only during manufacturing/servicing to ensure that IdStorage leaves 0-0x7D have been written correctly. This implies that IdStorage leaves 0-0x7D are not meant to be edited after manufacturing, contrarly to some other leaves.
 
== IdStorage Certificate Keys ==
 
=== IdStorage Certificates ECDSA Public Keys (160 bit) ===
 
==== PSP Certificates ====


<pre>
<pre>
Line 2,068: Line 1,912:
     13C2E7694BEC696D52CF00092AC1F272
     13C2E7694BEC696D52CF00092AC1F272


== PSM Keys ==
== PSM Keys ==
 
 
=== Update HMAC Key ===
=== PSM PKG HMAC Key ===
 
 
     5AE4E16B214290E14366E5B653C4E3C3E69E4956510EADD66ACB37A077E0686E
     5AE4E16B214290E14366E5B653C4E3C3
     086F8BAB5030E3D82407F01B676CB8037DF20D1420C08A91A2141A3FE5DC063C
    E69E4956510EADD66ACB37A077E0686E
 
    086F8BAB5030E3D82407F01B676CB803
how to calculate update URL:
     7DF20D1420C08A91A2141A3FE5DC063C
 
 
HmacSha1("NPPA00236_00", hmackey) => 87b2fc0108d5197ae7572bda397dd8a81b56839e
used to calculate PSM PKG URL
 
 
append first 8 characters of hex encoded hmac; like such: "NPPA00236_00_87B2FC01"
hmacsha1("NPPA00236_00", key) = 87b2fc0108d5197ae7572bda397dd8a81b56839e
 
 
update xml is => http://psm-pkg.np.dl.playstation.net/psm/np/NPPA/NPPA00236_00_87B2FC01/version.xml
use last 8 characters for this part: "NPPA00236_00_87B2FC01"
 
 
you can get the PKG for any PSM application like so:
final result: http://psm-pkg.np.dl.playstation.net/psm/np/NPPA/NPPA00236_00_87B2FC01/1.00/NPPA00236_00.pkg
 
 
take "appVersion" from version.xml => "1.00"
(change domain to zeus.dl.playstation.net to download in current year)
 
 
build PKG link using version => http://psm-pkg.np.dl.playstation.net/psm/np/NPPA/NPPA00236_00_87B2FC01/1.00/NPPA00236_00.pkg
=== PSMDA "protected_kconsole_cache.dat" HMAC Key ===
 
 
you can also get screenshots and description of the application; using /metadata.xml; for example;
    B73966320E286ADC03F05465CA9E2F92388AEE236D43883135BAB0A5BD5043EA
 
 
http://psm-pkg.np.dl.playstation.net/psm/np/NPPA/NPPA00236_00_87B2FC01/1.00/metadata.xml
=== PSMDA "NSXVID-PSS.VT.WW-GLOBAL.xml" RSA Private ===
 
 
(note; you have to change the domain to zeus.dl.playstation.net as sony removed the "psm-pkg.np.dl.playstation.net" subdomain awhile ago)
    -----BEGIN PRIVATE KEY-----
 
    MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxl+8fRzDzyWb0
=== 'psm.pub' strong name public key ===
    89L9ssKWMO4IYJATVV/qsGPqL5XtgjqlSY6dV3QHWtdiqm4B9h8cy325+XEORMC8
Used for verifying strong name signature of runtime's Mono/.NET assemblies;
    oErllSl7yovu956/D5laLLGqRkyFPcNer+DOjO99bDfJTTV1bSHuwc9oo3mJn6AO
    WuiY3aguCIYxNgSlDsfavjmCDXa3Q85hFOxJnn7HlM4X6rNxFi9y48LqUrDyWw0L
    bs+07bqNLoYHXtMoZcNQHqNmGtIHGx4RuFzZ4hduorjNsmSKHiQSz+ydJgJWtLJO
    tC2EM8zj8zStmlDiMTyAqKPHjENp4FBLoF87PISLsbyf4dTdWk35TvnsU/+tGVyH
    bVNcEAzvAgMBAAECggEBAKSil//kDIKD/BkrDDc6h9+aHqDPe+EgbVnxCb8pPBFB
    gEKIbVh5oUvMMA38txzEYNVd5AELOH6kyBRVePlajWmAPLddAOJYgK6y7kVPBFMl
    Db/yxjJVPxODxjeshtmEQUfIjhGQMvSdcVC9gBFusyFxr41haW7mw+mKHV/uQVbk
    TM/ZnEaN2Zrl7FfCUwXa3qyMrwj01bbAXXEqdM9ZF3UIXCLzihtNDKPAbpcVoQXH
    fItXVFeHjXqVCOVcKTI1PgElM6Q7VsVsU4pJGOmKy2gFbKqF4eniDK6gdGitbVpp
    rlXIrS2P8ZOfT+fSMjLbrr+mJEc2np4LYFlEHcJgtkkCgYEAwMrmf1LasiU/sijh
    0fOTV6TXefSrOxnpiq9Qs/oTSZ5USTh5FrunF0dX5Isy4XjYKWfIVwVl9LnAXRqR
    QTiHkbFon2KMYYyQfDUe4T9kuX6cAqp8WjBaivxs8chErM8rzZns62bR1B9+/IX4
    VIiHA1jfP9eiCl+1lMhhnnNIHX0CgYEA69Ffc2w5UCJ1cHxu8dR9V4otY57vBJFN
    2Svb8h3kJnO9LfU/RYMeXTgJSklh9Tw/zXPOMEQnxi7LocrDd1713vQTTspT3wWd
    3AJ25l0BP3NGnbEtGwv6It+VnUULr964vOUv/bl4UMQs52JsnxURts+GPZ3gAF1S
    U2AVxvVej9sCgYBAk7Yhb99RTKjJRGhfqvbvpIeIkivI4CUaDx85KcrMHfydig0F
    UFXntj36j6W7YH8HX3v7qhM8pfuJNBzze7vtUT96I8hh5HOBJ0nwqQtUFtSrD/AX
    RZsOcv8K/coDGGHTvHtfXlFqfCJM85L6vcB7nokpGVFtqCFqdLQ+Ht9JAQKBgQCU
    Ao/0dCLs5xPrDE7ePk6FmVavxlui9Eh2XI7qQlSmxdIhfGLAEHIIdFlwZOq076Hk
    JCFwLfcA7vIklI1m6RVNYMiVlWxa+L2CD5HtOMbFumbCJyh2Z2gSZ18SnPme4x30
    ga1DhRu9JcRBXodqueCqa0qIdgTYdbpsVkyU2gEGLQKBgGotuH/yrXNfifTc6Y24
    TSaqk/Dq6OvQOEFSIzgOzaQhWvwZjlz3uOnmi3vUo/guG9q/J1JWucWoXNXkkcmb
    trc3RYwzy6Rn+0uGHGA91e2bn6vT6PLNOgNUE7YCRDJe5DsDYHtUNILNbRVdSvNs
    rnh1i22Y3zLWChh3swswqgf7
    -----END PRIVATE KEY-----
 
* Used by the PSM Dev Assistant to sign the NSXVID-PSS.VT.WW-GLOBAL.xml file to prevent from modification.
 
=== PSM Publishing License PKCS12 Import Password ===
 
    password
 
=== PSM Publishing License PKCS12 PEM Pass Phrase ===
 
    password
 
* PKCS12 certificate used in signing PSM Dev PSSE with PSM SDK.
 
(World's most secure passwords ever, impossible to crack xD)    
You can use openssl like so:   
    openssl pkcs12 -in <filename> -password pass:password -passout pass:password
to view the keystore of a PSM Publishing License
 
=== 'psm.pub' strong name signatures public key ===
     00240000048000009400000006020000002400005253413100040000110000009133D396CA929938BC68440B541D8888614E7BD475B
     00240000048000009400000006020000002400005253413100040000110000009133D396CA929938BC68440B541D8888614E7BD475B
     EF719AB4F4B85B1C21FC3EF2B5F32DF0DE7C769CA90687650DA49EEBE7ADCB71479F1463E10902CB65A1F44FA2E71B3F30E108FE0F6
     EF719AB4F4B85B1C21FC3EF2B5F32DF0DE7C769CA90687650DA49EEBE7ADCB71479F1463E10902CB65A1F44FA2E71B3F30E108FE0F6
     699D179DAED5B1A774DB1ABA104C59118544B47CDA724AEA8E6899FA760DFE0BA8656515B48AE94FDE29FC8F5BD569126C7A9AE6F3
     699D179DAED5B1A774DB1ABA104C59118544B47CDA724AEA8E6899FA760DFE0BA8656515B48AE94FDE29FC8F5BD569126C7A9AE6F3


 
=== SCE_PSM_KDBG_ACCOUNT_KEY ===
=== PSM Developer Assistant ===
Keys used in the PlayStation Mobile Development Assistant and PlayStation Mobile Development Assistant for Unity applications
 
==== "protected_kconsole_cache.dat" HMAC Key ====
 
    B73966320E286ADC03F05465CA9E2F92388AEE236D43883135BAB0A5BD5043EA
 
==== "NSXVID-PSS.VT.WW-GLOBAL.xml" RSA Private ====
 
    -----BEGIN PRIVATE KEY-----
    MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCxl+8fRzDzyWb0
    89L9ssKWMO4IYJATVV/qsGPqL5XtgjqlSY6dV3QHWtdiqm4B9h8cy325+XEORMC8
    oErllSl7yovu956/D5laLLGqRkyFPcNer+DOjO99bDfJTTV1bSHuwc9oo3mJn6AO
    WuiY3aguCIYxNgSlDsfavjmCDXa3Q85hFOxJnn7HlM4X6rNxFi9y48LqUrDyWw0L
    bs+07bqNLoYHXtMoZcNQHqNmGtIHGx4RuFzZ4hduorjNsmSKHiQSz+ydJgJWtLJO
    tC2EM8zj8zStmlDiMTyAqKPHjENp4FBLoF87PISLsbyf4dTdWk35TvnsU/+tGVyH
    bVNcEAzvAgMBAAECggEBAKSil//kDIKD/BkrDDc6h9+aHqDPe+EgbVnxCb8pPBFB
    gEKIbVh5oUvMMA38txzEYNVd5AELOH6kyBRVePlajWmAPLddAOJYgK6y7kVPBFMl
    Db/yxjJVPxODxjeshtmEQUfIjhGQMvSdcVC9gBFusyFxr41haW7mw+mKHV/uQVbk
    TM/ZnEaN2Zrl7FfCUwXa3qyMrwj01bbAXXEqdM9ZF3UIXCLzihtNDKPAbpcVoQXH
    fItXVFeHjXqVCOVcKTI1PgElM6Q7VsVsU4pJGOmKy2gFbKqF4eniDK6gdGitbVpp
    rlXIrS2P8ZOfT+fSMjLbrr+mJEc2np4LYFlEHcJgtkkCgYEAwMrmf1LasiU/sijh
    0fOTV6TXefSrOxnpiq9Qs/oTSZ5USTh5FrunF0dX5Isy4XjYKWfIVwVl9LnAXRqR
    QTiHkbFon2KMYYyQfDUe4T9kuX6cAqp8WjBaivxs8chErM8rzZns62bR1B9+/IX4
    VIiHA1jfP9eiCl+1lMhhnnNIHX0CgYEA69Ffc2w5UCJ1cHxu8dR9V4otY57vBJFN
    2Svb8h3kJnO9LfU/RYMeXTgJSklh9Tw/zXPOMEQnxi7LocrDd1713vQTTspT3wWd
    3AJ25l0BP3NGnbEtGwv6It+VnUULr964vOUv/bl4UMQs52JsnxURts+GPZ3gAF1S
    U2AVxvVej9sCgYBAk7Yhb99RTKjJRGhfqvbvpIeIkivI4CUaDx85KcrMHfydig0F
    UFXntj36j6W7YH8HX3v7qhM8pfuJNBzze7vtUT96I8hh5HOBJ0nwqQtUFtSrD/AX
    RZsOcv8K/coDGGHTvHtfXlFqfCJM85L6vcB7nokpGVFtqCFqdLQ+Ht9JAQKBgQCU
    Ao/0dCLs5xPrDE7ePk6FmVavxlui9Eh2XI7qQlSmxdIhfGLAEHIIdFlwZOq076Hk
    JCFwLfcA7vIklI1m6RVNYMiVlWxa+L2CD5HtOMbFumbCJyh2Z2gSZ18SnPme4x30
    ga1DhRu9JcRBXodqueCqa0qIdgTYdbpsVkyU2gEGLQKBgGotuH/yrXNfifTc6Y24
    TSaqk/Dq6OvQOEFSIzgOzaQhWvwZjlz3uOnmi3vUo/guG9q/J1JWucWoXNXkkcmb
    trc3RYwzy6Rn+0uGHGA91e2bn6vT6PLNOgNUE7YCRDJe5DsDYHtUNILNbRVdSvNs
    rnh1i22Y3zLWChh3swswqgf7
    -----END PRIVATE KEY-----
 
* Used by the PSM Dev Assistant to sign the NSXVID-PSS.VT.WW-GLOBAL.xml file to prevent from modification.
 
==== Publishing License PKCS12 Import Password ====
 
    password
 
==== Publishing License PKCS12 PEM Pass Phrase ====
 
    password
 
* PKCS12 certificate used in signing PSM Dev PSSE with PSM SDK.
(World's most secure passwords ever, impossible to crack)   
 
You can use openssl like so:   
    openssl pkcs12 -in <filename> -password pass:password -passout pass:password
to view the private and public keys of a PSM Publishing license.
 
=== PSM Android ===
These keys are labeled within the debug symbols of the Android version of PSM.
 
==== SCE_PSM_KDBG_ACCOUNT_KEY ====  


     965895DF95F5432CCBCC4B7823CBF4B3
     965895DF95F5432CCBCC4B7823CBF4B3


==== SCE_PSM_KDBG_ACCOUNT_IV ====  
=== SCE_PSM_KDBG_ACCOUNT_IV ===


     00000000000000000000000000000000
     00000000000000000000000000000000


==== SCE_PSM_KDBG_C1_KEY ====  
=== SCE_PSM_KDBG_C1_KEY ===


     965895DF95F5432CCBCC4B7823CBF4B3
     965895DF95F5432CCBCC4B7823CBF4B3


==== SCE_PSM_KDBG_C1_IV ====  
=== SCE_PSM_KDBG_C1_IV ===


     00000000000000000000000000000000
     00000000000000000000000000000000


==== SCE_PSM_KDBG_CONSOLE_KEY ====  
=== SCE_PSM_KDBG_CONSOLE_KEY ===


     8235EDC66CD14D04F793369A74C7A4FE
     8235EDC66CD14D04F793369A74C7A4FE


==== SCE_PSM_KDBG_CONSOLE_IV ====  
=== SCE_PSM_KDBG_CONSOLE_IV ===


     00000000000000000000000000000000
     00000000000000000000000000000000


==== SCE_PSM_KDBG_LOGINFO_KEY ====  
=== SCE_PSM_KDBG_LOGINFO_KEY ===


     B293993BB5977F88844A7D21DDF63BC7
     B293993BB5977F88844A7D21DDF63BC7


==== SCE_PSM_KDBG_LOGINFO_IV ====  
=== SCE_PSM_KDBG_LOGINFO_IV ===


     00000000000000000000000000000000
     00000000000000000000000000000000


==== SCE_PSM_KDBG_V1_KEY ====  
=== SCE_PSM_KDBG_V1_KEY ===


     14E5A03B1E62D483F88769986EDB1140
     14E5A03B1E62D483F88769986EDB1140


==== SCE_PSM_KDBG_V1_IV ====  
=== SCE_PSM_KDBG_V1_IV ===


     00000000000000000000000000000000
     00000000000000000000000000000000


==== SCE_PSM_HEADER_SIGNATURE_PUB_KEY ====  
=== SCE_PSM_HEADER_SIGNATURE_PUB_KEY ===


     3082010A0282010100A98F6B27F5AFF0F96C7411A337DFCF723C37BEF6FF6552B
     3082010A0282010100A98F6B27F5AFF0F96C7411A337DFCF723C37BEF6FF6552B
Line 2,212: Line 2,040:
     F2EE34F88702030100010000
     F2EE34F88702030100010000


==== SCE_PSM_WHOLE_SIGNATURE_PUB_KEY ====  
=== SCE_PSM_WHOLE_SIGNATURE_PUB_KEY ===


     3082010A0282010100D452C18752BDE6289ACEB862AD32145322C13EEC82F5675
     3082010A0282010100D452C18752BDE6289ACEB862AD32145322C13EEC82F5675
Line 2,224: Line 2,052:
     655F4CDE0F02030100010000
     655F4CDE0F02030100010000


==== internalKey (KeyStore) ====  
=== internalKey (KeyStore) ===


     534B4257020000000000000010000000002F27E9ECD4606C3CE0BCFE99E2AE5EB
     534B4257020000000000000010000000002F27E9ECD4606C3CE0BCFE99E2AE5EB
Line 2,232: Line 2,060:
     E83746A9819C60AB7ED23B8D7685612A831C41000000
     E83746A9819C60AB7ED23B8D7685612A831C41000000


==== internalIcvKey (KeyStore) ====  
=== internalIcvKey (KeyStore) ===


     534B4257020000000000000010000000002F27E9ECD4606C3CE0BCFE99E2AE5EB
     534B4257020000000000000010000000002F27E9ECD4606C3CE0BCFE99E2AE5EB
Line 2,239: Line 2,067:
     C026F69D7A98767567BF04C95074B4C00000000000000000000000000000000BB
     C026F69D7A98767567BF04C95074B4C00000000000000000000000000000000BB
     6E2E9E14AB8D04309918ABD4186B5798F48C78000000
     6E2E9E14AB8D04309918ABD4186B5798F48C78000000
=== PSSE (PlayStation Suite Encryption) ===
PSSE is the encryption of PSM application files,
the whole game is encrypted and it server a similar function as PFS for the PSVita.


==== Header IV ====
=== PSSE Header IV ===


     000102030405060708090A0B0C0D0E0F
     000102030405060708090A0B0C0D0E0F


==== Header Key ====  
=== PSSE Header Key ===  
      
      
     4E298B40F531F469D21F75B133C307BE
     4E298B40F531F469D21F75B133C307BE


==== App Key ====
=== Runtime PSSE App Key ===
For decrypting PSSE files with IP9100-NPXS10074_00-0000000000000000 as content id
For decrypting PSSE files with IP9100-NPXS10074_00-0000000000000000 as content id
     A8693C4DF0AEEDBC9ABFD8213692912D
     A8693C4DF0AEEDBC9ABFD8213692912D


==== Debug Header Key ====
=== Debug PSSE Header Key ===
When you encrypt files locally for use in PSM Dev Assistant, using PSM SDK's "psm_encryptor64.dll"  
When you encrypt files locally for use in PSM Dev Assistant, using PSM SDK's "psm_encryptor64.dll"  
the following header key is used INSTEAD of the retail one.
the following header key is used INSTEAD of the retail one.
     00112233445566778899AABBCCDDEEFF
     00112233445566778899AABBCCDDEEFF
=== Hash Account ID ===
used for calculating "Unique ID" in
Sce.PlayStation.Core.Services.AccountInformation.UniqueID
==== Hash Account ID HMAC-SHA256 key ====
    BDEE3E0B93073749856F25CCDB443AFB0FAB94287493DC1AD0C5697E2A7AE14E
==== Hash Account ID AES-128-CBC Key ====
    5AA3DB8FE6AEE26CD185B086F5BD78A4
==== Hash Account ID AES-128-CBC Iv ====
    00000000000000000000000000000000
How to calculate UniqueID:
get psn accountid; => 0123456789abcdef (example)
sha256hmac(accountid, hmackey) => 4653ec6275f410c47d280a3688a554a579a7e7c9f52599381ae9ee4a1b6220e3
trim hmac to first 8 bytes => 4653ec6275f410c4
append trimmed hmac to accountid => 0123456789abcdef4653ec6275f410c4
aes128cbc(accountid + trimhmac, key, iv) => c7656d883573d94809c8fa05f511d84f
so "c7656d883573d94809c8fa05f511d84f" is the "UniqueID"


== EncDec Keys ==
== EncDec Keys ==
Line 3,316: Line 3,115:
! Type !! Version !! Modulus !! Usage || Notes
! Type !! Version !! Modulus !! Usage || Notes
|-
|-
| 0 and 1 || 1.00+ ||
| 0 and 1 || 1.00+ ||  
     9CCCE3A536FA641B2D1354EE98F093C2
     9CCCE3A536FA641B2D1354EE98F093C2
     68470F722C024B86CD60274E08E0067A
     68470F722C024B86CD60274E08E0067A
Line 3,400: Line 3,199:
! Type !! Version !! Modulus !! Usage || Notes
! Type !! Version !! Modulus !! Usage || Notes
|-
|-
| PSP || 1.00+ ||
| PSP || 1.00+ ||  
     BBDB6AA32E3B51A6D4708D5FC9899919
     BBDB6AA32E3B51A6D4708D5FC9899919
     395A2AAD83E98F4864C3BA43A5D6906F
     395A2AAD83E98F4864C3BA43A5D6906F
Line 3,472: Line 3,271:
== NID generation suffixes ==
== NID generation suffixes ==


* The algorithm is sha1(name + suffix).
* algo is sha1(name + suffix)


=== No suffix ===
=== No suffix ===
Line 3,478: Line 3,277:
For some PSP and PS Vita old NIDs, there was no suffix at all: algo was simply sha1(name).
For some PSP and PS Vita old NIDs, there was no suffix at all: algo was simply sha1(name).


=== PS3 NONAME suffix ===
=== PS3 NONAME default suffix ===


<pre>"0xbc5eba9e042504905b64274994d9c41f"</pre>
<pre>bc5eba9e042504905b64274994d9c41f</pre>


* Note that this ASCII string is used but not the hexadecimal value for it.
To check how to use this suffix (see: [https://www.psdevwiki.com/ps3/Keys#PS3_NONAME_NIDs_Salt]).


=== PS3 default suffix ===
=== PS3 default suffix ===
Line 3,488: Line 3,287:
<pre>6759659904250490566427499489741A</pre>
<pre>6759659904250490566427499489741A</pre>


* Note that this hexadecimal value is used but not the ASCII string for it.
=== PS Vita NONAME default suffix ===
 
=== PS Vita NONAME suffix ===


<pre>c1b886af5c31846467e7ba5e2cffd64a</pre>
<pre>c1b886af5c31846467e7ba5e2cffd64a</pre>
* Note that this hexadecimal value is used but not the ASCII string for it.


== SceKrm ==
== SceKrm ==
Please note that all contributions to Vita Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see Vita Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/vita/Keys"