Editing Talk:Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
== aim_spu_module Keys Usage ==
See [[Keys#aim_spu_module_Keys]].
aim_key, aim_iv and aim_compare
Can anyone explain to me what is the purpose and functionality of these keys? I've never seen them in "action" before...
== 2.36 vs 3.30 appldr key 79481839C4... ==
== 2.36 vs 3.30 appldr key 79481839C4... ==
Stop editing 79481839C4... as a 3.30 appldr key, unless you can disprove the absence of it since after 2.36 as seen here: http://pastebin.com/biWXJrst


Stop editing 79481839C4... as a PS3 FW 3.30 appldr key, unless you can disprove the absence of it since after PS3 FW 2.36 as seen here: http://pastebin.com/biWXJrst.
i see it there on offset 18C30 in the pastebin ....


I see it there at offset 0x18C30 in the pastebin....
Here is an appldr keys: [http://www.sendspace.com/file/ou1ln1 .xls] & I doubt about the versions and revisions because of ^^


Here are some appldr keys: [http://www.sendspace.com/file/ou1ln1 .xls (dead link)] and I doubt about the versions and revisions because of ^^
Please edit & add it to the Page.


Please edit and add it to the Page.


Disproving the absence: [https://www.sendspace.com/file/m0j3c1 (dead link)]
Disproving the absence:


This archive contains files from PS3 FW 3.31 DECR (appldr, decrypted appldr and emer_init.self)
https://www.sendspace.com/file/m0j3c1


The key 79481839C4... is inside the decrypted appldr and used to decrypt emer_init.self.
This archive contains files from 3.31DECR (appldr, decrypted appldr and emer_init.self)
 
The key 79481839C4... is inside the decrypted appldr and used to decrypt emer_init.self


== sv_iso_spu_module 1.02-3.55 ==
== sv_iso_spu_module 1.02-3.55 ==
<pre>
<pre>
key_0:  EF4F6A107742E8448BC1F9D8F2481B31 // key_0 is an aes_cfb128 iv
key_0:  EF4F6A107742E8448BC1F9D8F2481B31 //key_0 is an aes_cfb128 iv


iv_0:    2226928D44032F436AFD267E748B2393
iv_0:    2226928D44032F436AFD267E748B2393
key_0_0: 126C6B5945370EEECA68262D02DD12D2 // key_0_0 is used with iv_0 to generate gen_key_0
key_0_0: 126C6B5945370EEECA68262D02DD12D2 //key_0_0 is used with iv_0 to generate gen_key_0
key_0_1: D9A20A79666C27D11032ACCF0D7FB501 // key_0_1 is used with iv_0 to generate gen_key_1
key_0_1: D9A20A79666C27D11032ACCF0D7FB501 //key_0_1 is used with iv_0 to generate gen_key_1


key_1:  7CDD0E02076EFE4599B1B82C359919B3 // key_1 is used with iv_0
key_1:  7CDD0E02076EFE4599B1B82C359919B3 //key_1 is used with iv_0


iv_1:    3BD624020BD3F865E80B3F0CD6566DD0 // iv_1 is used with gen_key_0 and gen_key_1
iv_1:    3BD624020BD3F865E80B3F0CD6566DD0 //iv_1 is used with gen_key_0 and gen_key_1


key_2:  380BCF0B53455B3C7817AB4FA3BA90ED // key_2 + iv_2 are used to generate something from the disk name (id?)
key_2:  380BCF0B53455B3C7817AB4FA3BA90ED //key_2 + iv_2 are used to generate something from the disk name (id?)
iv_2:    69474772AF6FDAB342743AEFAA186287
iv_2:    69474772AF6FDAB342743AEFAA186287


debug_disc_fallback: 67C0758CF4996FEF7E88F90CC6959D66 // this fallback is used if the disk name (id?) is 'PS3_L_DEBUG_DISC'
debug_disc_fallback: 67C0758CF4996FEF7E88F90CC6959D66 //this fallback is used if the disk name (id?) is 'PS3_L_DEBUG_DISC'
</pre>
</pre>


=== Observations ===
===Observations===
 
<pre>genelib.dll (Build 1.20.2662.20880):
<pre>
genelib.dll (Build 1.20.2662.20880):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 59: Line 66:
    
    
00072E80                                      67 C0 75 8C              gÀuŒ
00072E80                                      67 C0 75 8C              gÀuŒ
00072E90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f
00072E90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f</pre>
</pre>


== sc_iso module 1.00-4.00 ==
== sc_iso module 1.00-4.00 ==
<pre>
<pre>
0x0                                     
0x0                                     
Line 74: Line 79:


=== Observations ===
=== Observations ===
<pre> 1.00:
<pre> 1.00:
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 105: Line 109:
   ********  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x2
   ********  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x2
</pre>
</pre>
== aim_spu_module Keys Usage ==
See [[Keys#aim_spu_module_Keys]], especially aim_key, aim_iv and aim_compare.
Can anyone explain to me what is the purpose and functionality of these keys? I have never seen them in "action" before...


== spu_token_processor ==
== spu_token_processor ==
 
<pre> spu_token_processor 1.00-3.56
<pre>spu_token_processor 1.00-3.56
   token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A
   token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A
   token-key:  341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED
   token-key:  341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED
   token-iv:  E8663A69CD1A5C454A761E728C7C254E</pre>
   token-iv:  E8663A69CD1A5C454A761E728C7C254E</pre>
 
===Observations===
=== Observations ===
 
<pre>1.00:
<pre>1.00:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 193: Line 188:
</pre>
</pre>


== appldr rev 0x01 ==
== appldr rev0x01 ==
 
  appold_R  :  B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D        # ps3publictools/include/keys.h
  appold_R  :  B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D        # ps3publictools/include/keys.h
  appold_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
  appold_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
Line 204: Line 198:
  appold_keypair_d :  3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000        # ps3publictools/include/oddkeys.h
  appold_keypair_d :  3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000        # ps3publictools/include/oddkeys.h


== npdrm rev 0x01 ==
== npdrm rev0x01 ==
 
  npdrm_R  :  A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D        # ps3publictools/include/keys.h
  npdrm_R  :  A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D        # ps3publictools/include/keys.h
  npdrm_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
  npdrm_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
Line 211: Line 204:
  npdrm_Da :  040AB47509BED04BD96521AD1B365B86BF620A98        # ...
  npdrm_Da :  040AB47509BED04BD96521AD1B365B86BF620A98        # ...
        
        
  klic_ps3_free :  72F990788F9CFF745725F08E4C128387        # ps3publictools/include/oddkeys.h
  npdrm_omac_key1 :  72F990788F9CFF745725F08E4C128387        # ps3publictools/include/oddkeys.h
  npd_header_hash_xor_key :  6BA52976EFDA16EF3C339FB2971E256B        # ...
  npdrm_omac_key2 :  6BA52976EFDA16EF3C339FB2971E256B        # ...
  npd_cid_fn_hash_aes_cmac_key :  9B515FEACF75064981AA604D91A54E97        # ...
  npdrm_omac_key3 :  9B515FEACF75064981AA604D91A54E97        # ...
        
        
  npdrm_keypair_e  :  A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0        # ps3publictools/include/oddkeys.h
  npdrm_keypair_e  :  A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0        # ps3publictools/include/oddkeys.h
Line 220: Line 213:


----
----


=== Using VSH ECDSA in Python ===
=== Using VSH ECDSA in Python ===
Line 296: Line 290:
print("----------")</pre>
print("----------")</pre>


=== Observations ===
===Observations===
 
3.10:
3.10:
  PUB:
  PUB:
Line 395: Line 388:
   0062EEA0  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81  ›.¼„?^.*P!Ó¦§ª.
   0062EEA0  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81  ›.¼„?^.*P!Ó¦§ª.
   0062EEB0  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ  
   0062EEB0  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ  


3.55:
3.55:
Line 432: Line 426:
----
----


== Raw key list ==
==RAW key list==
 
Some insight in how the AES routines and SHA1 hashes relate to offsets in appldr : [http://pastie.org/private/fdabkjhmd3hwowi6dgsbw aes 3.15] [http://pastie.org/private/unpbjffn6zgy3vldefvivq sha1 3.15]
Some insight in how the AES routines and SHA1 hashes relate to offsets in appldr:
* [http://pastie.org/private/fdabkjhmd3hwowi6dgsbw AES routines 3.15]
* [http://pastie.org/private/unpbjffn6zgy3vldefvivq sha1 hashes 3.15]
 
=== Primary Table ===
 
(C/P is from PS3 FW 3.56 Fix)


=== Primairy Table ===
(C/P is from 3.56 Fix)
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 556: Line 545:
   0001A3B0  B2 C0 CD 24 92 B0 B5 A1 00 00 00 3A 00 00 00 00  ²ÀÍ$’°µ¡...:....  PUB - Curve
   0001A3B0  B2 C0 CD 24 92 B0 B5 A1 00 00 00 3A 00 00 00 00  ²ÀÍ$’°µ¡...:....  PUB - Curve


=== Secondary Tables ===
=== Secondairy Tables ===


==== 1.00 ====
====1.00====
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 582: Line 571:
   000150B0  B4 57 8A 4C 61 C5 D6 BF 00 00 00 11 00 00 00 00  ´WŠLaÅÖ¿........  PUB - Curve
   000150B0  B4 57 8A 4C 61 C5 D6 BF 00 00 00 11 00 00 00 00  ´WŠLaÅÖ¿........  PUB - Curve


==== 2.40 ====
====2.40====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 593: Line 581:
   00018EF0  C7 46 05 E7 B8 CB 73 2D 00 00 00 08 00 00 00 00  ÇF.ç¸Ës-........  PUB - Curve
   00018EF0  C7 46 05 E7 B8 CB 73 2D 00 00 00 08 00 00 00 00  ÇF.ç¸Ës-........  PUB - Curve


==== 3.40 ====
====3.40====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 618: Line 605:
   000194E0  08 F6 A0 36 58 F2 97 0E 00 00 00 29 00 00 00 00  .ö 6Xò—....)....  PUB - Curve
   000194E0  08 F6 A0 36 58 F2 97 0E 00 00 00 29 00 00 00 00  .ö 6Xò—....)....  PUB - Curve


==== 3.50 ====
====3.50====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 643: Line 629:
   000197D0  27 CE 9E 47 88 9A 45 D0 00 00 00 2A 00 00 00 00  'ΞGˆšEÐ...*....  PUB - Curve
   000197D0  27 CE 9E 47 88 9A 45 D0 00 00 00 2A 00 00 00 00  'ΞGˆšEÐ...*....  PUB - Curve


==== 3.55 ====
====3.55====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 668: Line 653:
   0001A710  FA 3B E8 32 9E 01 5E 57 00 00 00 3A 00 00 00 00  ú;è2ž.^W...:....  PUB - Curve
   0001A710  FA 3B E8 32 9E 01 5E 57 00 00 00 3A 00 00 00 00  ú;è2ž.^W...:....  PUB - Curve


==== 3.56 ====
====3.56====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 693: Line 677:
   00020660  6A B0 91 E1 6B 23 14 33 00 00 00 3B 00 00 00 00  j°‘ák#.3...;....  PUB - Curve
   00020660  6A B0 91 E1 6B 23 14 33 00 00 00 3B 00 00 00 00  j°‘ák#.3...;....  PUB - Curve


* [http://pastebin.com/2btt19gh] <!--//Older pastie: http://pastebin.com/uWUqGXwx / http://pastie.org/private/enolspz7cyhvlg8rxhqwqg//-->
 
http://pastebin.com/2btt19gh
<!--//Older pastie: http://pastebin.com/uWUqGXwx / http://pastie.org/private/enolspz7cyhvlg8rxhqwqg//-->


=== Other ===
=== Other ===
some pasties mention parts of these, for completeness listed too.
some pasties mention parts of these, for completeness listed too.


==== Revokelist ====
==== Revokelist ====
Seen in: appldr, isoldr, lv2ldr, spu_pkg_rvk_verifier.self
Seen in: appldr, isoldr, lv2ldr, spu_pkg_rvk_verifier.self


===== 1.00-3.55 RVK =====
===== 1.00-3.55 RVK =====
 
(seen in =>1.00 <= 3.55)
(seen in => 1.00 <= 3.55)
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 715: Line 697:
   0001AC40  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  Z€Hý†_...‘‰SZ7b>    PUB - rvklist 0.80-3.55
   0001AC40  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  Z€Hý†_...‘‰SZ7b>    PUB - rvklist 0.80-3.55
   0001AC50  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!Btc§T÷........    PUB - rvklist 0.80-3.55
   0001AC50  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!Btc§T÷........    PUB - rvklist 0.80-3.55
===== 3.56 RVK =====
===== 3.56 RVK =====
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 726: Line 707:
   00020CC0  8F B5 B7 F4 B5 B4 E6 3B 00 00 00 00 00 00 00 00  .µ·ôµ´æ;........    PUB - rvklist 3.56
   00020CC0  8F B5 B7 F4 B5 B4 E6 3B 00 00 00 00 00 00 00 00  .µ·ôµ´æ;........    PUB - rvklist 3.56


==== 1.00+ ====
==== 1.00++ ====
 
(seen in =>1.00 <=3.56)
(seen in => 1.00 <=3.56)
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 763: Line 743:


<!--//http://pastie.org/private/dhdhplnph3pondohxnrlnw checked, all are listed above or not curve e.g.: 03 af 06 fd 1c e6 da 36 //-->
<!--//http://pastie.org/private/dhdhplnph3pondohxnrlnw checked, all are listed above or not curve e.g.: 03 af 06 fd 1c e6 da 36 //-->
----
http://pastie.org/private/qwndjafrtkvhe9cikbxhg << [http://pastebin.com/wHSRj9gW some eid0 related stuff].


== Fake keys ==
== Fake keys ==
Line 773: Line 757:
|-
|-
|}
|}
silk.sprx DES key: <code>8E3E1E46FFEE0309</code>
silk.sprx DES key: <code>8E3E1E46FFEE0309</code>


== Colors ==
== Colors ==


=== HMAC ===
===HMAC===
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#f491ad" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#f491ad" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 805: Line 788:


=== ldr key (inside decrypted metldr/asecure_loader) ===
=== ldr key (inside decrypted metldr/asecure_loader) ===
 
<pre>erk: C0CEFE 84C227 F75BD0 7A7EB8 46509F 93B238 E770DA CB9FF4 A388F8 12482B E21B
<pre>
erk: C0CEFE 84C227 F75BD0 7A7EB8 46509F 93B238 E770DA CB9FF4 A388F8 12482B E21B
riv: 47EE74 54E477 4CC9B8 960C7B 59F4C1 4D
riv: 47EE74 54E477 4CC9B8 960C7B 59F4C1 4D
pub: C2D4AA F31935 5019AF 99D44E 2B58CA 29252C 89123D 11D621 8F40B1 38CAB2 9B7101 F3AEB7 2A9750 19
pub: C2D4AA F31935 5019AF 99D44E 2B58CA 29252C 89123D 11D621 8F40B1 38CAB2 9B7101 F3AEB7 2A9750 19
Line 815: Line 796:
Da: C5B2BF A1A413 DD16F2 6D31C0 F2ED47 20DCFB 067000
Da: C5B2BF A1A413 DD16F2 6D31C0 F2ED47 20DCFB 067000
Priv: 00C5B2 BFA1A4 13DD16 F26D31 C0F2ED 4720DC FB0670
Priv: 00C5B2 BFA1A4 13DD16 F26D31 C0F2ED 4720DC FB0670
Curvetype: 0x20
Curvetype: 0x20</pre>
</pre>
====erk====
 
==== erk ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C0CEFE" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C0CEFE" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 834: Line 812:
|}
|}


==== riv ====
====riv====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#47EE74" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#47EE74" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 845: Line 822:
|}
|}


==== pub ====
====pub====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C2D4AA" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C2D4AA" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 864: Line 840:
|}
|}


==== R ====
====R====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#806E07" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#806E07" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 876: Line 851:
|}
|}


==== n ====
====n====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#E13A7E" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#E13A7E" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 888: Line 862:
|}
|}


==== K ====
====K====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#BA9055" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#BA9055" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 900: Line 873:
|}
|}


==== Da ====
====Da====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C5B2BF" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C5B2BF" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 911: Line 883:
|align="center" colspan="1" style="background:#067000" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#067000" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
|}
:


==== Priv ====
====Priv====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#00C5B2" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#00C5B2" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 923: Line 895:
|align="center" colspan="1" style="background:#FB0670" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#FB0670" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
|}
:


==== Curve ====
====Curve====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#000020" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#000020" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
|}
:


== Non PS3 specific Keys ==
==Non PS3 specific Keys==


=== Kirk (PSP) ===
=== Kirk (PSP) ===
not to be found in the PS3, but reference is here: http://wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715


Not to be found in the PS3, but reference is here: http://wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715
== Unknown value in syscon eeprom ==
 
this value is used at least 3 times and it's (conveniently?) positioned at the start of SYSCON EEPROM, followed by another unknown block with the same size of EID1
== Unknown value in Syscon eeprom ==
 
This value is used at least 3 times and it is (conveniently?) positioned at the start of SYSCON EEPROM, followed by another unknown block with the same size of EID1.


<pre>
<pre>
Line 944: Line 915:
</pre>
</pre>


== Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61) ==
==Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61)==


from LV1LDR.ELF FW 3.61
from LV1LDR.ELF FW3.61


   offset 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   offset 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 958: Line 929:
   1A3F0  60 01 0B 71 06 31 E4 35 A7 D9 15 E8 2A E8 8E DE < pub
   1A3F0  60 01 0B 71 06 31 E4 35 A7 D9 15 E8 2A E8 8E DE < pub
   1A400  66 72 64 65 6C B7 06 2E 00 00 00 00 00 00 00 00 < pub
   1A400  66 72 64 65 6C B7 06 2E 00 00 00 00 00 00 00 00 < pub
   1A410  84 4F 80 F3 C5 7C 45 5C 7F 09 00 00 00 00 00 00 < root_scramble_key
   1A410  84 4F 80 F3 C5 7C 45 5C 7F 09 00 00 00 00 00 00 < root_scramlbe_key
    
    
   1D140  F9 2C 86 66 EF FB AC 7E B5 83 E5 4A 25 7F 7C 05 < sk1_key
   1D140  F9 2C 86 66 EF FB AC 7E B5 83 E5 4A 25 7F 7C 05 < sk1_key
Line 976: Line 947:
   1DE10  22 95 C6 CA 7F 1E 54 7A B3 0E DF D7 EE 5C B8 12 < erk_obf
   1DE10  22 95 C6 CA 7F 1E 54 7A B3 0E DF D7 EE 5C B8 12 < erk_obf
   1DE20  9B 32 B2 0F A7 72 80 F1 09 5E A1 3F 1C 2D 5C 99 < riv_obf
   1DE20  9B 32 B2 0F A7 72 80 F1 09 5E A1 3F 1C 2D 5C 99 < riv_obf


Unscrambling script: key_unscrambler.py
Unscrambling script: key_unscrambler.py
<syntaxhighlight lang="python" enclose="div">
<syntaxhighlight lang="python" enclose="div">
   from CryptoPlus.Cipher import AES
   from CryptoPlus.Cipher import AES
Line 1,017: Line 988:
   print 'riv_dec:', riv_dec.encode('hex')
   print 'riv_dec:', riv_dec.encode('hex')
</syntaxhighlight>
</syntaxhighlight>
Scrambling script: key_scrambler.py
Scrambling script: key_scrambler.py
<syntaxhighlight lang="python" enclose="div">
<syntaxhighlight lang="python" enclose="div">
   from CryptoPlus.Cipher import AES
   from CryptoPlus.Cipher import AES
Line 1,058: Line 1,027:
   print 'riv_obf:', riv_obf.encode('hex')</code>
   print 'riv_obf:', riv_obf.encode('hex')</code>
</syntaxhighlight>
</syntaxhighlight>
 
source: [http://www.ps3news.com/forums/ps3-hacks-jailbreak/ps3-lv0-keys-leaked-4-21-4-25-4-30-cfw-updates-incoming-124532-24.html]
* Source: [http://www.ps3news.com/forums/ps3-hacks-jailbreak/ps3-lv0-keys-leaked-4-21-4-25-4-30-cfw-updates-incoming-124532-24.html]


= SPU Status Codes =
= SPU Status Codes =
Line 1,153: Line 1,121:
= Lv0 Passwords =
= Lv0 Passwords =


Lv0 sends this value to SPU when it loads lv1.self. Check is inside lv1ldr.
Lv0 sends this value to SPU when it loads lv1.self<br>
Check is inside lv1ldr.


{| class="wikitable sortable"
{| class="wikitable sortable"
Line 1,175: Line 1,144:
| 4.00 - 4.11 || <code>8005ADF19082F027E19E947DC5A51A05</code>
| 4.00 - 4.11 || <code>8005ADF19082F027E19E947DC5A51A05</code>
|-
|-
| 4.20 - {{latestPS3}} || <code>25EFE04B1D920B48CFFDCE7D43F438F1</code>
| 4.20 - {{latest}} || <code>25EFE04B1D920B48CFFDCE7D43F438F1</code>
|-
|}
|}


= RSA Source Example =
= RSA Source Example =


* [https://paste.ubuntu.com/24678348/ (to mirror because needs account)]
* https://paste.ubuntu.com/24678348/
* Uses Trophy Public Modulus and Exponent for Signature verification
* Uses Trophy Public Modulus and Exponent for Signature verification
* Adapted from [https://rosettacode.org/wiki/RSA_code#C Rosetta Code]
* adapted from https://rosettacode.org/wiki/RSA_code#C


= Unknown Triple_DES key? =
= Unknown Triple_DES key ? =


  Key = F1660C455AB510B98B42660B8FB0476402C503052DB2AC87
  Key = F1660C455AB510B98B42660B8FB0476402C503052DB2AC87
  IV  = 6991982C9598E77C
  IV  = 6991982C9598E77C
* Location: explore_plugin.sprx
* Location: explore_plugin.sprx
= Unknown psp drm keys ? =
<code>61B0C0587157D9FA74670E5C7E6E95B9</code>
<pre>
xor key0:  EC6D29592635A57F972A0DBCA3263300
xor key1:  7044A3AEEF5DA5F2857FF2D694F5363B
xor key2:  D8C0B0F33E6B7685FDFB4D7D451E9203
xor key3:  36A53EACC5269EA383D9EC256C484872
xor key4:  FAAA50EC2FDE5493AD14B2CEA53005DF
xor key5:  CB15F407F96A523C04B9B2EE5C53FA86
xor key6:  678D7FA32A9CA0D1508AD8385E4B017E
xor key7:  135FA47CAB395BA476B8CCA98F3A0445
xor key8:  E350ED1D910A1FD029BB1C3EF34077FB
</pre>


= SacModule =
= SacModule =
Line 1,196: Line 1,181:
  Data.enc = 5745E719A338CD681D02D7089A40FBF6D1E4206780ED0922E049B5BF69959DA3
  Data.enc = 5745E719A338CD681D02D7089A40FBF6D1E4206780ED0922E049B5BF69959DA3
  Data.dec = 6794C8666FB90DF0B6350B1816D5C8F010101010101010101010101010101010
  Data.dec = 6794C8666FB90DF0B6350B1816D5C8F010101010101010101010101010101010
 
First 0x10 bytes only used from the decrypted data
First 0x10 bytes only used from the decrypted data.


  Key2 = 10CC98B53A7C4462B8700923E613FA39
  Key2 = 10CC98B53A7C4462B8700923E613FA39
Line 1,203: Line 1,187:
  Data2.enc = E172AC67EFD5FB5EC97EC180592D17F2 .... 5A79457925B6678D3866ADC53C4658EE
  Data2.enc = E172AC67EFD5FB5EC97EC180592D17F2 .... 5A79457925B6678D3866ADC53C4658EE
  Data2.dec = 00A09853C2AF506F5F8876AB4543233C .... 4334097D2FDD1C090909090909090909
  Data2.dec = 00A09853C2AF506F5F8876AB4543233C .... 4334097D2FDD1C090909090909090909
 
There are 2 blobs inside: 1) offset = 0, size = 0xAF 2) offset 0xB7, size = 0x240
There are 2 blobs inside:
* 1) offset = 0, size = 0xAF.
* 2) offset 0xB7, size = 0x240.


Second part contains RSA-1024 Private keyset, used to sign some data.
Second part contains RSA-1024 Private keyset, used to sign some data.
Line 1,222: Line 1,203:
  rsa enc pub: BE95A0C43EDEAADE777A54521F5B9836D8C1FA17071F12DDF1B30289CC9FB24200508B875E6F155F9AB8D8B808DB752682B20CAC56F8EA2276DB52D81E3195FE
  rsa enc pub: BE95A0C43EDEAADE777A54521F5B9836D8C1FA17071F12DDF1B30289CC9FB24200508B875E6F155F9AB8D8B808DB752682B20CAC56F8EA2276DB52D81E3195FE
               A31A539F9AB9E68232CC523735E18CEC41112AADF8A66DA782BA297AAC60CEA323B067D357B3410FCB84253159CAD55B6664FD888F196BB78EB2BE85EBEBDD1F
               A31A539F9AB9E68232CC523735E18CEC41112AADF8A66DA782BA297AAC60CEA323B067D357B3410FCB84253159CAD55B6664FD888F196BB78EB2BE85EBEBDD1F
= Unity Keys =
<pre>
PS3:      I3-DDQR-F4PJ-5D8E-G4TT-DQS2
Vita:        I3-B2DJ-BSR5-HKTE-2HHH-9QR2
PS4:            I3-9HBF-CRK9-TDEA-422V-KDB5
Vita/PS4:    I3-M7AD-279S-X79U-FPTT-854R
PS3/Vita:    I3-CH9J-73FU-F25C-NVPU-7Q43
PS3/PS4:    I3-ZHZG-JS75-VJ5T-GJD4-EDTX
</pre>
= Fail Keys =
Sony's Hall of Shame, see [[Fail_Keys]]
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Template used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/Talk:Keys"