Editing Seeds

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 35: Line 35:
* Location: aim_spu_module.self/isoldr/appldr/lv1ldr/spu_token_processor.self/spu_utoken_processor.self
* Location: aim_spu_module.self/isoldr/appldr/lv1ldr/spu_token_processor.self/spu_utoken_processor.self


==== EID0 section 0 seed for enc/dec + CMAC (Kirk command 0x12) ====
==== EID0 section 0 seed ====


<pre>2ED7CE8D1D55454585BF6A3281CD03AF</pre>
<pre>2ED7CE8D1D55454585BF6A3281CD03AF</pre>
Line 41: Line 41:
* Location: aim_spu_module.self
* Location: aim_spu_module.self


==== EID0 section 6 seed for enc/dec + CMAC (Kirk command 0x12) ====
==== EID0 section 6 seed ====


<pre>3AB0E6C4ACFFB629362FFBBBDBC854BC</pre>
<pre>3AB0E6C4ACFFB629362FFBBBDBC854BC</pre>
Line 47: Line 47:
* Location: pspemudrm (KIRK)
* Location: pspemudrm (KIRK)


==== EID0 section 0xA seed for enc/dec + CMAC (Kirk command 0x12) ====
==== EID0 section 6 seed for encrypted ECDSA private key ====


<pre>30B0395DC5835AAA3A7986B44AFAE684</pre>
<pre>33793B9F79E2EBAE55D4D6BF0ED376E6</pre>


* Location: aim_spu_module.self
Notes:
* This seed is the equivalent of the PSP KIRK command 0x10 AES128ECB seed (idskey0).
* Does EID0 section 0xA (or others) use the same seed ? Else why not to search their seed ;) ?


==== EID0 section 6 seed for encrypted ECDSA private key (Kirk command 0x10) ====
1) aes-256-ecb encrypt the seed with per-console EID0_key, in order to obtain the 128bit decryption key to decrypt your per-console encrypted ECDSA private key.


<pre>33793B9F79E2EBAE55D4D6BF0ED376E6</pre>
2) aes-128-ecb decrypt the encrypted ECDSA private key, located in the decrypted EID0 section 6 at offset 0x88.


Notes:
3) Verify the ECDSA private key. See KIRK command 0x10 on PSP or PS3 wiki (same public key and curve).
* This seed is the equivalent of the PSP Kirk command 0x10 AES128ECB seed (idskey0).
* EID0 sections 7-0xA use a different and unknown seed.


1) aes-256-ecb encrypt the seed with per-console EID0_key (indiv+0x20) and EID0_iv (indiv+0x10), in order to obtain the 128bit decryption key to decrypt per-console encrypted ECDSA private key.
* Location: pspemudrm (KIRK)


2) aes-128-cbc decrypt with iv=0 the encrypted ECDSA private key, located at certificate offset 0x88.
==== EID0 section 0xA seed ====


3) Verify the ECDSA private key by using the ECDSA public key at certificate offset 0x10. See KIRK command 0x10 on PSP or PS3 wiki (same constant public key and curve).
<pre>30B0395DC5835AAA3A7986B44AFAE684</pre>


* Location: pspemudrm (KIRK)
* Location: aim_spu_module.self


=== EID1 ===
=== EID1 ===
Line 444: Line 444:
= References =
= References =


[[Iso_module|Isolated modules]] <- used as reference for EID specific seeds, amongst others
[[Iso_module Isolated modules]] <- used as reference for EID specific seeds, amongst others




{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/Seeds"