Editing Flash:Encrypted Individual Data - eEID

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
== Encrypted Individual Data - eEID ==
== Encrypted Individual Data - eEID ==


eEID certainly stands for encrypted EID as each section eEID embeds is encrypted. EID certainly stands for Encrypted Individual Data. Why two 'e' in eEID ?
eEID certainly stands for encrypted EID. EID stands for Encrypted Individual Data. EID is the equivalent of IdStorage on PSP and PSVita.


EID is the equivalent of IdStorage on PSP and PSVita.
It is 0x10000 bytes in length (64 kB) but only the first 0x1DD0 bytes are used. The rest is padded with 0xFF.
 
eEID is decrypted by metldr and is passed over to the isolated loader which may pass it to a SELF. We can see this in graf_chokolo’s original payload.
 
It is 0x10000 bytes in size (64 kB) but only the first 0x1DD0 bytes are used. The rest is padded with 0xFF.


It is composed of 6 sections numbered from 0 to 5.
It is composed of 6 sections numbered from 0 to 5.
Line 19: Line 15:
! Section !! Usage !! Description !! [[iso module]]
! Section !! Usage !! Description !! [[iso module]]
|-
|-
| [[Flash:Encrypted_Individual_Data_-_eEID#EID0|EID0]] || Identification Certificates || [[Flash:Encrypted_Individual_Data_-_eEID#EID0|EID0]] is needed for loading parameters to isoldr for loading isolated SELF files on a SPE || aim_spu_module
| [[Flash:Encrypted_Individual_Data_-_eEID#EID0|EID0]] || [[IDPS]] || [[Flash:Encrypted_Individual_Data_-_eEID#EID0|EID0]] is needed for loading parameters to isoldr for loading isolated SELF files on a SPE || aim_spu_module
|-
|-
| [[Flash:Encrypted_Individual_Data_-_eEID#EID1|EID1]] || SCinit || ? + Syscon paring + Auth1/Auth2/Validate (see [[SC_Communication|SC Communication]] for more (log with logic analyzer)) || ?sc_iso_factory or ss_sc_init?
| [[Flash:Encrypted_Individual_Data_-_eEID#EID1|EID1]] || SCinit || ? + Syscon paring + Auth1/Auth2/Validate (see [[SC_Communication|SC Communication]] for more (log with logic analyzer)) || ?sc_iso_factory or ss_sc_init?
Line 345: Line 341:
! Address !! Size !! Value !! Description !! Observations  
! Address !! Size !! Value !! Description !! Observations  
|-
|-
| 0x0 || 0x10 || 00 00 00 01 00 89 00 08 14 01 01 06 1B 91 1C 5C || [[IDPS]] ||
| 0x0 || 0x10 || 00 00 00 01 00 89 00 08 14 01 01 06 1B 91 1C 5C || [[IDPS]] || [[IDPS]]
|-
|-
| 0x10 || 0x2 || 00 12 || Unknown || Unknown (00 11 on [[DEH-H1000A-E]] and earlier models)<!-- same value as "cISD1 relative offset 0x56" ? (see [[Talk:Flash:Individual System Data - cISD]] -->
| 0x10 || 0x2 || 00 12 || Unknown || Unknown (00 11 on [[DEH-H1000A-E]] and earlier models)<!-- same value as "cISD1 relative offset 0x56" ? (see [[Talk:Flash:Individual System Data - cISD]] -->
Line 351: Line 347:
| 0x12 || 0x2 || 00 0B || EID0 sections number || Always 11.
| 0x12 || 0x2 || 00 0B || EID0 sections number || Always 11.
|-
|-
| 0x14 || 0xC || FC D1 D8 BE 6F F4 C8 D8 8F E1 C3 F7 || [[Flash:perconsole_nonce|perconsole nonce]] ||
| 0x14 || 0xC || FC D1 D8 BE 6F F4 C8 D8 8F E1 C3 F7 || [[Flash:perconsole_nonce|perconsole nonce]] || Appear to be the same nonce as in the encrypted files metloader/bootloader at offset 0x14-0x1F.
|-
|-
| 0x20 || Rest || Rest || Encrypted Data ||
| 0x20 || Rest || Rest || Encrypted Data ||
Line 358: Line 354:
Individual info Manager can write to EID0. Appliance Info Manager can rehash it.
Individual info Manager can write to EID0. Appliance Info Manager can rehash it.


EID0 embeds many (usually 11) AES128CBC encrypted sections. Each section is a IDPS Certificate.
EID0 embeds 11 AES128CBC encrypted sections.


We do not have all EID0 sections enc/dec key seeds:
We don't have all EID0 enc/dec keys:
<pre>
<pre>
section 0 (PS3 cert keyset 0) -> yes
section 0 -> yes
section 1 (PS3 cert keyset 1)-> missing
section 1 -> missing
section 2 (PS3 cert keyset 2) -> missing
section 2 -> missing
section 3 (PS3 cert keyset 3) -> missing
section 3 -> missing
section 4 (PS3 cert keyset 4) -> missing
section 4 -> missing
section 5 (PS3 cert keyset 5) -> missing
section 5 (probably equivalent to PSP section 0) -> missing
section 6 (PSP cert keyset 1) -> yes
section 6 (equivalent to PSP section 1) -> yes
section 7 (PSP cert keyset 2) -> missing
section 7 (probably equivalent to PSP section 2) -> missing
section 8 (PSP cert keyset 3) -> missing
section 8 (probably equivalent to PSP section 3) -> missing
section 9 (PSP cert keyset 4) -> missing
section 9 (probably equivalent to PSP section 4) -> missing
section 0xA (PSP cert keyset 5) -> yes
section 0xA (equivalent to PSP section 5) -> yes<
</pre>
</pre>


Keys for EID0 sections 0, 6 and 0xA key seeds were found in secure modules, for instance seeds for 0 and 0xA in aim_spu_module, seed for 6 in pspemudrm.
===== EID0 Section =====
 
===== EID0 Sections =====
 
====== IDPS Certificate Structure ======


* Size: 0xC0 bytes.
* Size: 0xC0 bytes.
Line 387: Line 379:
! Description !! Length !! Note
! Description !! Length !! Note
|-
|-
| Data || 0x10 || actual data (either IDPS or OpenPSID)
| Data || 0x10 || contains the actual data of the file (either IPDS or OpenPSID)
|-
|-
| plaintext public key || 0x28 || public key (without padding)
| plaintext public key || 0x28 || contains the section's public key (without padding)
|-
|-
| R || 0x14 || part of the ECDSA signature pair (r,s)
| R || 0x14 || part of the ecdsa signature pair (r,s)
|-
|-
| S || 0x14 || part of the ECDSA signature pair (r,s)
| S || 0x14 || part of the ecdsa signature pair (r,s)
|-
|-
| public key || 0x28 || ECDSA public key (can be used to verify ECDSA signature RS)
| public key || 0x28 || ecdsa public key (can be used to verify ecdsa signature RS)
|-
|-
| encrypted private key || 0x20 || encrypted ECDSA private key
| encrypted private key || 0x20 || encrypted blob that contains the section's private key (with padding)
|-
|-
| cmac || 0x10 || hash of the previous information in AES CMAC mode
| cmac || 0x10 || hash of the previous information in CMAC mode
|-
|-
| padding || 0x8 || zero byte padding for AES 128 bits encryption
| padding || 0x8 || zero byte padding for AES 128 bits encryption
|}
|}


====== EID0 section 0-5 crypto ======
====== EID0 section 0 crypto ======


* [https://web.archive.org/web/20141118233713/http://pastie.org/6169158 naehrwert's EID0 section 0 ECDSA signature verification]
* [https://web.archive.org/web/20141118233713/http://pastie.org/6169158 naehrwert's EID0 section 0 ECDSA verification]


====== EID0 sections 6-0xA crypto ======
====== EID0 sections 6 and 0xA crypto ======


EID0 section 6 is used in the PSP emulator by the DRM crypto engine to retrieve PSID. EID0 section 0xA is used by aim_spu_module to retrieve OpenPSID.
EID0 section 6 is used in the PSP emulator by the DRM crypto engine. It corresponds to PSP Kirk commands 0x10, 0x11 and 0x12 verification of IdStorage Certificates. See also [[http://wololo.net/talk/viewtopic.php?p=20715#p20715]] and PSP wiki for PSP crypto stuff.


These sections' certificates uses PSP certificate keyset. It corresponds to PSP KIRK commands 0x10, 0x11 and 0x12 for verification of IdStorage Certificates. See also [[http://wololo.net/talk/viewtopic.php?p=20715#p20715]] and PSP wiki for PSP crypto stuff.
Note: What's interesting is that on PS3 it uses ECDSA curve VSH type 2 with the PSP IDS Certificates public keys, whilst it uses a different curve with the PS3 exclusive Certificates (for example section 0). That's maybe how Davee and Proxima figured out the KIRK 0x10 and 0x11 ECDSA crypto keys. But not sure because their work was in 2011, not in 2012 nor 2013 (naehrwert).
 
====== Note ======
 
On PS3 it uses ECDSA curve VSH type 2 with the PSP IDPS Certificates, whilst it uses a different curve with the PS3 exclusive IDPS Certificates (for example section 0). That is maybe how Davee and Proxima figured out the KIRK 0x10 and 0x11 ECDSA crypto keys. But not sure because their work was in 2011, not in 2012 (naehrwert) and it seems that PS3 uses a different seed for encrypting the ECDSA private key (see section 6 ECDSA private key seed).


=== EID1 ===
=== EID1 ===
Used for individual SYSCON information.


==== Example ====
==== Example ====
Line 472: Line 458:


=== EID2 ===
=== EID2 ===
Used for individual BD drive information. See [[Hypervisor_Reverse_Engineering#Remarrying]].


==== Example ====
==== Example ====
Line 504: Line 488:


* Size: 0x730 bytes.
* Size: 0x730 bytes.
Related to BD drive. See [[Hypervisor_Reverse_Engineering#Remarrying]].


{|class="wikitable"
{|class="wikitable"
Line 522: Line 508:
|}
|}


Note: In decrypted P-Block these bytes match [[Product Code]]:
Note: In decrypted P-Block these bytes match [[Target ID]]:


{| class="wikitable" style="font-size:x-small; border:2px ridge #999999;"
{| class="wikitable" style="font-size:x-small; border:2px ridge #999999;"
|-
|-
! Value !! [[Product Code]] !! Console Type !! Remarks !! Confirmed ?
! Value !! [[Target ID]] !! Console Type !! Remarks
|-
|-
| || {{TID80}} || ||
| || {{TID80}} ||  
|-
|-
| 0xFF || {{TID81}} || No BD playback with this [[Product Code]]. || {{yes}}
| 0xFF || {{TID81}} || No BD playback on that [[Target ID]].
|-
|-
| 0xFF || {{TID82}} || No BD playback with this [[Product Code]]. || {{yes}}
| 0xFF || {{TID82}} || No BD playback on that [[Target ID]].
|-
|-
| 0x01 || {{TID83}} || DVD Region 2 (NTSC)  || {{no}}
| 0x01 || {{TID83}} ||  
|-
|-
| 0x02 || {{TID84}} || DVD Region 1 (NTSC)  || {{yes}}
| 0x02 || {{TID84}} ||  
|-
|-
| 0x04 || {{TID85}} || DVD Region 2 (PAL)  || {{yes}}
| 0x04 || {{TID85}} ||  
|-
|-
| 0x10 || {{TID86}} || DVD Region 3 (NTSC)  || {{no}}
| 0x10 || {{TID86}} ||  
|-
|-
| 0x04 || {{TID87}} || DVD Region 2 (PAL)  || {{yes}}
| 0x04 || {{TID87}} ||  
|-
|-
| 0x80 || {{TID88}} || DVD Region 4 (NTSC) || {{yes}}
| || {{TID88}} ||  
|-
|-
| 0x08 || {{TID89}} || DVD Region 4 (PAL)  || {{no}}
| 0x08 || {{TID89}} ||  
|-
|-
| 0x10 || {{TID8A}} || DVD Region 3 (NTSC)  || {{yes}}
| || {{TID8A}} ||  
|-
|-
| 0x10 || {{TID8B}} || DVD Region 3 (NTSC)  || {{yes}}
| || {{TID8B}} ||  
|-
|-
| 0x20 || {{TID8C}} || DVD Region 5 (NTSC/PAL)  || {{no}}
| 0x20 || {{TID8C}} ||  
|-
|-
| 0x40 || {{TID8D}} || DVD Region 6  || {{no}}
| || {{TID8D}} ||  
|-
|-
| 0x10 || {{TID8E}} || DVD Region 3 (NTSC)  || {{yes}}
| 0x10 || {{TID8E}} ||  
|-
|-
| 0x80 || {{TID8F}} || DVD Region 4 (NTSC)  || {{no}}
| || {{TID8F}} ||  
|-
|-
| 0xFF || {{TIDA0}} || No BD playback with this [[Product Code]]. || {{yes}}
| 0xFF || {{TIDA0}} || No BD playback on that [[Target ID]].
|-
|-
|}
|}
Line 568: Line 554:
Notes:
Notes:
* 0xFF = 0b11111111 - all bits enabled
* 0xFF = 0b11111111 - all bits enabled
* 0x80 = 0b10000000 - {{TID88}} - bit 7 (DVD Region 4 (NTSC))
* 0x20 = 0b00100000 - {{TID8C}} - bit 5
* 0x40 = 0b01000000 - {{TID8D}} - bit 6 (DVD Region 6)
* 0x10 = 0b00010000 - {{TID8E}} | {{TID86}} -  bit 4
* 0x20 = 0b00100000 - {{TID8C}} - bit 5 (DVD Region 5 (NTSC/PAL))
* 0x08 = 0b00001000 - {{TID89}} - bit 3
* 0x10 = 0b00010000 - {{TID8E}} | {{TID86}} | {{TID8A}} | {{TID8B}} -  bit 4 (DVD Region 3 (NTSC))
* 0x04 = 0b00000100 - {{TID87}} | {{TID85}} - bit 2
* 0x08 = 0b00001000 - {{TID89}} - bit 3 (DVD Region 4 (PAL))
* 0x02 = 0b00000010 - {{TID84}} - bit 1
* 0x04 = 0b00000100 - {{TID87}} | {{TID85}} - bit 2 (DVD Region 2(PAL))
* 0x01 = 0b00000001 - {{TID83}} - bit 0
* 0x02 = 0b00000010 - {{TID84}} - bit 1 (DVD Region 1 (NTSC))
* 0x01 = 0b00000001 - {{TID83}} - bit 0 (DVD Region 2 (NTSC))


=== EID3 ===
=== EID3 ===
Used for individual CPRM information. See [[Hypervisor_Reverse_Engineering#Communication]].


==== Example ====
==== Example ====
Line 628: Line 610:


* Size: 0x100 bytes.
* Size: 0x100 bytes.
Related to Communication. See [[Hypervisor_Reverse_Engineering#Communication]].


{|class="wikitable"
{|class="wikitable"
Line 666: Line 650:


=== EID4 ===
=== EID4 ===
Used for individual bluray auth information. See also [[BD Drive Reverse Engineering]].
EID4 contains two 128bit keys which are necessary to establish a secure communication channel to the BD drive for sending vendor specific security commands.
EID4 is encrypted with AES-CBC-256 algorithm.


==== Example ====
==== Example ====
Line 692: Line 670:


==== Structure ====
==== Structure ====
EID4 contains two 128bit keys which are necessary to establish a secure communication channel to the BD drive for sending vendor specific security commands.
EID4 is encrypted with AES-CBC-256 algorithm.
See also [[BD Drive Reverse Engineering]].


* Size: 0x30 bytes.
* Size: 0x30 bytes.
Line 707: Line 691:


=== EID5 ===
=== EID5 ===
The largest and quite possibly the most important EID section of all 6. It's unknown what is inside this specific EID. We will probably never know without analyzing every possible clue about the PS3. And even then, it might be impossible to find its real use.
EID5 size is quite similar to EID0, but it has an additional 0x1A0 bytes. EID5 header has many similarities with EID0 header.


==== Example ====
==== Example ====
Line 739: Line 719:


==== Structure ====
==== Structure ====
The largest and quite possibly the most important EID section of all 6. It's unknown what is inside this specific EID. We'll probably never know without analyzing every possible clue about the PS3. And even then, it might be impossible to find its real use. Its size is similar to EID0, but it has an additional 0x1A0 bytes.


* Size: 0xA00 bytes.
* Size: 0xA00 bytes.
Line 746: Line 728:
! Address !! Size !! Value !! Description !! Observations  
! Address !! Size !! Value !! Description !! Observations  
|-
|-
| 0x0 || 0x10 || 00 00 00 01 00 89 00 08 14 01 01 06 1B 91 1C 5C || [[IDPS]] ||
| 0x0 || 0x10 || 00 00 00 01 00 89 00 08 14 01 01 06 1B 91 1C 5C || [[IDPS]] || [[IDPS]]
|-
|-
| 0x10 || 0x2 || 00 12 || Unknown || Unknown.
| 0x10 || 0x2 || 00 12 || Unknown || Unknown
|-
|-
| 0x12 || 0x2 || 07 30 || Unknown || Maybe data size in bytes (in EID0 it is encrypted Identification Certificates count). 0x730 on CEX, 0x7E0 on DEX/DECR.
| 0x12 || 0x2 || 07 30 || Unknown || Unknown. 07 E0 on DEX/DECR
|-
|-
| 0x14 || 0xC || FC D1 D8 BE 6F F4 C8 D8 8F E1 C3 F7 || [[Flash:perconsole_nonce|perconsole nonce]] ||
| 0x14 || 0xC || FC D1 D8 BE 6F F4 C8 D8 8F E1 C3 F7 || [[Flash:perconsole_nonce|perconsole nonce]] || Contains the 0xC byte perconsole nonce (as seen in bootldr/metldr and EID0) again at 0x14 to 0x1F
|-
|-
| 0x20 || Rest || || Encrypted, Unknown ||  
| 0x20 || Rest || || Encrypted, Unknown ||  
Line 759: Line 741:
=== Unreferenced EID area ===
=== Unreferenced EID area ===


Possibly just unused EID region (which would explain why it is 0xFF filled).
Possibly just unused EID region (which would also explain why it is 0xFF filled).


==== Example ====
==== Example ====
Line 780: Line 762:
000907E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000907E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000907F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre>
000907F0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ</pre>
|-
|}
|}


Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)