Editing Sealedkey / pfsSKKey

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
This key can be found on different places and will be used for eg. Save Data or Trophy Data decryption and encryption.
This key can be found on different places and will be used for eg. SaveGame or Trophy Data decryption and encryption.
 
==== Paths ====
==== Flags ====
 
{| class="wikitable"
{| class="wikitable"
|-
|-
! Kind !! Path
! Kind !! Path
|-
|-
| Trophy || /user/home/[[User ID|user Id]]/trophy/data/[[sce_trop]]/sealedkey
| Trophys || /user/home/[[User ID|user Id]]/trophy/data/[[sce_trop]]/sealedkey
|-
|-
| Save Data || /user/home/[[User ID|user Id]]/[[NP Title ID|title Id]]/[[save data directory]]/[[sce_sys]]/
| SaveGames || /user/home/[[User ID|user Id]]/[[NP Title ID|title Id]]/[[save data directory]]/[[sce_sys]]/
|}
|}


== Structure ==
== Structure ==
 
- size always 96 bytes
- size is always 96 bytes


{| class="wikitable"
{| class="wikitable"
Line 22: Line 19:
| 00 || 07 || MAGIC ("pfsSKKey") (?playstation file system sealed key key?)
| 00 || 07 || MAGIC ("pfsSKKey") (?playstation file system sealed key key?)
|-
|-
| 08 || 09 || KeySet for getSealedKeySecret (changed beyond kernel 1.73)
| 08 || 0F || Category (game=1 or version ?)
|-
| 0A || 0F || Just 0x00 Bytes
|-
|-
| 10 || 1F || IV (16 bytes)
| 10 || 1F || IV (16 bytes)
Line 35: Line 30:
'''C'''
'''C'''
<source lang="c">
<source lang="c">
  typedef struct sealedkey_t {
  typedef struct sealedkey {
     const unsigned char MAGIC[8];
     const unsigned char MAGIC[8];
     const unsigned char KEYSET[2]; // short
     const unsigned char CAT[8];
    const unsigned char ALIGN0Bytes[6];
     const unsigned char IV[16];
     const unsigned char IV[16];
     const unsigned char KEY[32];
     const unsigned char KEY[32];
     const unsigned char SHA256[32];
     const unsigned char SHA256[32];
  } PfsSKKey;
  } selaedkey;
</source>
</source>


Line 49: Line 43:
  protected internal struct sealedkey {
  protected internal struct sealedkey {
     internal static byte[] MAGIC = new byte[8];
     internal static byte[] MAGIC = new byte[8];
    internal static short KeySet;
     internal static byte[] CAT = new byte[8];
     internal static byte[] AlignBytes = new byte[6];
     internal static byte[] IV = new byte[16];
     internal static byte[] IV = new byte[16];
     internal static byte[] KEY = new byte[32];
     internal static byte[] KEY = new byte[32];
Line 57: Line 50:
</source>
</source>


Note: You cannot use a const byte[] definition in C#. It needs to be a static byte[].
Note: You can't use a const byte[] defination in C#. It need to be a static byte[].


== De/En -Crypting ==
== De/En -Crypting ==
 
Can be decrypted by frindly asking the OS to do it for you. You will need kernel rights to be able to ask the PS4 for it.
Can be decrypted by friendly asking the OS to do it for you. You will need kernel rights to be able to ask the PS4 for it.
<source lang="c">
<source lang="c">
  /* Decryption */  
  /* Decryption */
#define USER1 10000000
#define usb0  "/mnt/usb0/"
#define usb1  "/mnt/usb1/"
#define pfs  "decrypted_pfsSKKey.key"
  #define foreach(item, array) \
  #define foreach(item, array) \
     for (int keep = 1, \
     for (int keep = 1, \
               count = 0, \
               count = 0, \
               size = sizeof(array) / sizeof*(array); \
               size = sizeof(array) / sizeof(*array); \
           keep && count != size; \
           keep && count != size; \
           keep = !keep, count++) \
           keep = !keep, count++) \
Line 73: Line 70:
   
   
  typedef unsigned char byte;              /* byte defination for c/c++ */
  typedef unsigned char byte;              /* byte defination for c/c++ */
byte PFSK_IDENT[8] = "pfsSKKey";
byte VERSION[8] = "\x01\x00\x00\x00\x00\x00\x00\x00"
const char USER1 = "10000000";
const char usb0 = "/mnt/usb0/";
const char usb1 = "/mnt/usb1/";
const char pfs = "dec_pfsSK.Key";
const char home = "/user/home/";
const char tropkey = "/trophy/data/sce_trop/sealedkey";
  char usb_error = "[-] ERROR: Can't access usb0 nor usb1!\n[-] Will return now to caller.\n"
  char usb_error = "[-] ERROR: Can't access usb0 nor usb1!\n[-] Will return now to caller.\n"
  char usb0path[(strlen(usb0) + strlen(pfs))];
  char usb0path, usb1path;
  char usb1path[strlen(usb0path)];
  byte pfsSKKey[96];
   
   
  /* Get's the encrypted sealed key based on user id */
  /* Get's the encrypted sealed key based on user id */
  int get_pfsSKKey(byte *buffer, const char *userID, char path) {
  byte get_pfsSKKey(char userID) {
    char toOpen[(strlen(home) + strlen(userID) + strlen(path))];
     FILE *pfskey = fopen("/user/home/" + userID + "/trophy/data/sce_trop/sealedkey", "rb");  
     if (pfskey == NULL) return 0;
    sprintf(toOpen, home, userID, path)
     FILE *pfskey = fopen(toOpen, "r");  
     if (!pfskey) return NULL;
    
    
     fread(buffer, 96, 1, pfskey);
    byte pfsSKKey[96];
     fread(pfsSKKey, 96, 1, pfskey);
     fclose(pfskey);
     fclose(pfskey);
     return 1;
     return pfsSKKey;
  }
  }
   
   
  /* Dump the sealedkey. Send over tcp and save to file */
  /* Dump the sealedkey. Send over tcp and save to file */
  int dumpDecryptedSealedKey(int to) {
  int dumpDecryptedSealedKey(int to) {
     if (to < 0 || to > 1) return -2;
     if (to != 0 || to != 1) return -2;
   
   
     /* First load the sealedkey into a buffer */
     byte pfsSKKey;
    PfsSKKEy enc;
     if (sizeof((pfsSKKey = get_pfsSKKey(USER1))) != 96) {
     if (!get_pfsSKKey(&enc, USER1, tropkey)) {
         knet_printf("[-] Can not load the sealed key!\n");
         printf("[-] Can not load the sealed key!\n");
        kernel.printf("[-] Can not load the sealed key!\n");
         return -1;
         return -1;
     }
     }
   
   
     /* Let's check the pfsSKKEy */
     /* Now decrpyt the key */
     if (enc->MAGIC == PFSK_IDENT && enc->CAT == VERSION) {
     byte decyrpted_pfsSKKey[16];
        printf("[+] Magic and version ok!\n[+] sk IV = ");
    int i = kernel.sceSblSsDecryptSealedKey(pfsSKKey, decrpyted_pfsSKKey);
        foreach(byte *val, &enc->IV) printf("%02X", *val);
    knet_printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);
    kernel.printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);
   
   
         printf("\n[+] sk KEY = ");
    /* Sending over tcp */
        foreach(byte *val, enc->KEY) printf("%02X", *val);
    if (i) {
         if (to == 0) {
            knet_printf("[+] Your decrypted sealedkey = ");
            kernel.printf("[+] Your decrypted sealedkey = ");
   
   
        printf("\n[+] sk Key-SHA256 = ");
            foreach(byte *val, dec_pfsSKKey) {
        foreach(byte *val, sk->SHA256) printf("%02X", *val);
                knet_printf("%02X", *val);
        printf("\n");
        kernel.printf("%02X", *val);
       
            }
    }
            knet_printf("\n");
    else return -4;
            kernel.printf("\n");
            return 1;
    /* Now decrypt it */
        }
    byte dec[16];
        else { /* Saving to file */
            knet_printf("[+] Will try to save to file...");
    int i;
            kernel.printf("[+] Will try to save to file...");
    if (!(i = kernel.sceSblSsDecryptSealedKey(&enc, &dec))) {
        printf("[-] Error!\n[-] sceSblSsDecryptSealedKey returned %d\n", i);
        return -1;
    }
    printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);
    if (!to) { /* Print it out */
        printf("[+] Your decrypted sealedkey = ");
        foreach(byte *val, &dec) printf("%02X", *val);
        printf("\n");
        return 1;
    }
    else { /* Saving to file */
        printf("[+] Will try to save to file...");
     
     
        sprintf(usb0path, usb0, pfs);
            usb0path = usb0 + pfs;
        sprintf(usb1path, usb1, pfs);
            usb1path = usb1 + pfs;
            FILE *dump = fopen(usb0path, "wb");
        FILE *dump = fopen(usb0path, "w");
   
   
        if (!dump) {
            if (dump == NULL) {
            dump = fopen(usb1path, "w");
                dump = fopen(usb1path, "wb");
            if (!dump) {
                if (dump == NULL) {
                printf("fail!\n%s", usb_error);
                    knet_printf("fail!\n" + usb_error);
                return -3;
                    kernel.printf("fail!\n" + usb_error);
                    return -3;
                }
             }
             }
            fwrite(dec_pfsSKKey, 16, 1, dump);
            knet_printf("done!\n");
            kernel.printf("done!\n");
            fclose(dump);
            return 1;
         }
         }
        fwrite(&dec, 16, 1, dump);
        printf("done!\n");
        fclose(dump);
        return 1;
     }
     }
    else {
        knet_printf("[+] Error!\n");
        kernel.printf("[+] Error!\n");
    }
    return -1;
  }
  }
</source>
</source>
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/ps4/Sealedkey_/_pfsSKKey"