Editing Talk:Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 90: Line 90:
</pre>
</pre>


= EAP/EMC Aeolia Script for encrypting (with header necessary) =
= system modules keysets changes =
 
<pre>
import struct
from binascii import unhexlify as uhx
from binascii import hexlify as hx
from Crypto.Cipher import AES
from Crypto.Hash import SHA, HMAC
 
import os
import sys
 
CIPHERKEYSEMC = ['5F74FE7790127FECF82CC6E6D91FA2D1'] # FULL
CIPHERKEYSEAP = ['581A75D7E9C01F3C1BD7473DBD443B98']
HASHERKEYEMC  = ['73FE06F3906B05ECB506DFB8691F9F54']
HASHERKEYEAP  = ['824D9BB4DBA3209294C93976221249E4']
ZEROS128 =      ['00000000000000000000000000000000']
 
def aes_decrypt_cbc(key, iv, input):
    return AES.new(key, AES.MODE_CBC, iv).decrypt(input)
   
def aes_encrypt_cbc(key, iv, input):
    return AES.new(key, AES.MODE_CBC, iv).encrypt(input)
 
def emc_decrypt_header(hdr):
    return hdr[:0x30] + aes_decrypt_cbc(uhx(CIPHERKEYSEMC[0]), uhx(ZEROS128[0]), hdr[0x30:0x80])
   
def emc_encrypt_header(hdr):
    return hdr[:0x30] + aes_encrypt_cbc(uhx(CIPHERKEYSEMC[0]), uhx(ZEROS128[0]), hdr[0x30:])
   
def eap_decrypt_header(hdr):
    return hdr[:0x30] + aes_decrypt_cbc(uhx(CIPHERKEYSEAP[0]), uhx(ZEROS128[0]), hdr[0x30:0x80])
   
def eap_encrypt_header(hdr):
    return hdr[:0x30] + aes_encrypt_cbc(uhx(CIPHERKEYSEAP[0]), uhx(ZEROS128[0]), hdr[0x30:0x80])
 
def main(argc, argv):
        with open(sys.argv[1], 'rb') as f:
            data = f.read()
            type = data[7:8]
            if type == uhx('48'):
                print 'EMC'
               
                body_len = struct.unpack('<L', data[0xc:0x10])[0]
                body = data[0x80:0x80+body_len]
                body_aes_key  = data[0x30:0x40]
                ebody = aes_encrypt_cbc(body_aes_key, uhx(ZEROS128[0]), body)
                body_hmac_key = data[0x40:0x50]
                bhmac = HMAC.new(body_hmac_key, ebody, SHA)
                hdr = (data[0:0x50] + uhx(bhmac.hexdigest()) + data[0x64:0x6C])
                hhmac = HMAC.new(uhx(HASHERKEYEMC[0]), hdr, SHA)
                hdr = (hdr + uhx(hhmac.hexdigest()))
                hdr = emc_encrypt_header(hdr)
                print bhmac.hexdigest()
                print hhmac.hexdigest()
                with open(sys.argv[1] + '.bin', 'wb') as g:
                    g.write(hdr+ebody)
            if type == uhx('68'):
                print 'EAP'
                body_len = struct.unpack('<L', data[0xc:0x10])[0]
                body = data[0x80:0x80+body_len]
                body_aes_key  = data[0x30:0x40]
                ebody = aes_encrypt_cbc(body_aes_key, uhx(ZEROS128[0]), body)
                body_hmac_key = data[0x40:0x50]
                bhmac = HMAC.new(body_hmac_key, ebody, SHA)
                hdr = (data[0:0x50] + uhx(bhmac.hexdigest()) + data[0x64:0x6C])
                hhmac = HMAC.new(uhx(HASHERKEYEAP[0]), hdr, SHA)
                hdr = (hdr + uhx(hhmac.hexdigest()))
                hdr = eap_encrypt_header(hdr)
                print bhmac.hexdigest()
                print hhmac.hexdigest()
                with open(sys.argv[1] + '.bin', 'wb') as g:
                    g.write(hdr+ebody)
           
           
 
if __name__ == '__main__':
    main(len(sys.argv), sys.argv)
</pre>
 
= System modules keysets changes =
 
<pre>
<pre>
1.00 to 3.70 are 0
1.00 to 3.70 are 0
Line 183: Line 102:
7.50 to 7.55 are 8
7.50 to 7.55 are 8
8.00 to 8.03 are 9
8.00 to 8.03 are 9
8.50 to 8.52 are 0xA
8.50 to 8.52 are A
9.00 to 9.04 are 0xB
9.00 to 9.0X are B
9.50 to 9.60 are 0xC
10.00 to 10.01 are 0xD
10.50 to 10.70 are 0xE
11.00 to 11.02 are 0xF
11.50 to 11.XX are 0 (counter at 0xA at 1 instead of 0)
</pre>
</pre>


* Final slot (0xF) has been depleted so in theory SIE will not be able to update keys again.
= southbridge firmware keysets changes =
 
= Southbridge firmware keysets changes =


<pre>
<pre>
Line 204: Line 116:
</pre>
</pre>


= Order of keys in ShellCore =
= order of keys in shellcore =


P->Q->DQ->QP
P->Q->DQ->QP
Line 234: Line 146:
* <s>42 42 AA FD 7A 05 B4 5C F3 5E 08 22 D4 55 97 45</s> (ShellCore, QP, 0x80)
* <s>42 42 AA FD 7A 05 B4 5C F3 5E 08 22 D4 55 97 45</s> (ShellCore, QP, 0x80)


= Database rebuild trigger magic =
= Database reconstruction magic =


<pre>
<pre>
Line 242: Line 154:
= Portable Keys Dumps =
= Portable Keys Dumps =


* Static always.
* Static Always


== sealedkey_key_E ==
== sealedkey_key_E ==
Line 263: Line 175:
</pre>
</pre>


== sealedkey_key_sign_E ==
== sealedkey_key_sign_E ==


<pre>
<pre>
Line 291: Line 203:


== crepo_iv ==
== crepo_iv ==
Used for Crash Report.


<pre>
<pre>
Line 299: Line 209:


== crepo_key_1_sign_E ==
== crepo_key_1_sign_E ==
Used for Crash Report.


<pre>
<pre>
Line 307: Line 215:
</pre>
</pre>


== crepo_key_2_sign_E ==
== crepo_key_2_sign_E ==
 
Used for Crash Report.


<pre>
<pre>
Line 316: Line 222:
</pre>
</pre>


== crepo_key_1_sign_I ==
== crepo_key_1_sign_I   ==
 
Used for Crash Report.


<pre>
<pre>
Line 325: Line 229:
</pre>
</pre>


== crepo_key_2_sign_I ==
== crepo_key_2_sign_I   ==
 
Used for Crash Report.


<pre>
<pre>
Line 335: Line 237:


== crepo_key_1_E ==
== crepo_key_1_E ==
Used for Crash Report.
<pre>
<pre>
24 3F 86 77 5F 7C DA 8F 9A D4 8A 72 69 9C BC 1E  
24 3F 86 77 5F 7C DA 8F 9A D4 8A 72 69 9C BC 1E  
Line 349: Line 248:
</pre>
</pre>


== crepo_key_2_E ==
== crepo_key_2_E ==
 
Used for Crash Report.


<pre>
<pre>
Line 364: Line 261:
</pre>
</pre>


== crepo_key_1_I ==
== crepo_key_1_I   ==
 
Used for Crash Report.
 
<pre>
<pre>
8B 5B 04 14 D6 26 36 F6 86 37 DD 3A E2 8B EC FA  
8B 5B 04 14 D6 26 36 F6 86 37 DD 3A E2 8B EC FA  
Line 380: Line 274:


== rootparam_key_IV ==
== rootparam_key_IV ==
<pre>
<pre>
95 69 82 9C D4 B1 5F F8 43 30 54 5A 34 EC 1B C5
95 69 82 9C D4 B1 5F F8 43 30 54 5A 34 EC 1B C5
Line 428: Line 321:


== rootparam_key_0_I ==
== rootparam_key_0_I ==
<pre>
<pre>
F6 9F B6 9A 77 1F C2 D5 12 F7 25 2F A5 86 FB 22  
F6 9F B6 9A 77 1F C2 D5 12 F7 25 2F A5 86 FB 22  
Line 440: Line 332:
</pre>
</pre>


== rootparam_key_1_I ==
== rootparam_key_1_I ==
 
 


<pre>
<pre>
Line 453: Line 347:
</pre>
</pre>


== rootparam_key_2_I ==
== rootparam_key_2_I ==
 
 


<pre>
<pre>
Line 466: Line 362:
</pre>
</pre>


== rootparam_key_3_I ==
== rootparam_key_3_I ==
 


<pre>
<pre>
Line 478: Line 375:
18 83 AB 46 60 2F 27 D2 6B 86 65 0C CA C7 89 C1  
18 83 AB 46 60 2F 27 D2 6B 86 65 0C CA C7 89 C1  
</pre>
</pre>


== rootparam_key_4_I ==
== rootparam_key_4_I ==


<pre>
<pre>
Line 491: Line 390:
D6 7E A4 70 53 25 BE 42 D3 19 4A 8D B0 8A AC EF  
D6 7E A4 70 53 25 BE 42 D3 19 4A 8D B0 8A AC EF  
</pre>
</pre>


== rootparam_key_5_I ==
== rootparam_key_5_I ==
Line 518: Line 418:
E6 99 81 1C A7 25 73 C0 00 EA 1C A9 D6 B6 12 3A  
E6 99 81 1C A7 25 73 C0 00 EA 1C A9 D6 B6 12 3A  
</pre>
</pre>
== rootparam_key_2_sign_E ==
== rootparam_key_2_sign_E ==


Line 525: Line 424:
4C 60 CC 78 F7 F4 D5 45 82 9B 2E 79 62 D2 D1 CD  
4C 60 CC 78 F7 F4 D5 45 82 9B 2E 79 62 D2 D1 CD  
</pre>
</pre>
== rootparam_key_3_sign_E ==
== rootparam_key_3_sign_E ==


Line 532: Line 430:
4C 60 CC 78 F7 F4 D5 45 82 9B 2E 79 62 D2 D1 CD  
4C 60 CC 78 F7 F4 D5 45 82 9B 2E 79 62 D2 D1 CD  
</pre>
</pre>
== rootparam_key_4_sign_E ==
== rootparam_key_4_sign_E ==


Line 539: Line 436:
3D C7 51 95 7B A1 CB 80 A5 EC 47 81 43 A9 61 4E  
3D C7 51 95 7B A1 CB 80 A5 EC 47 81 43 A9 61 4E  
</pre>
</pre>
== rootparam_key_5_sign_E ==
== rootparam_key_5_sign_E ==


Line 626: Line 522:


== sealedkey_key_E (pfsSKKey__SecKey) ==
== sealedkey_key_E (pfsSKKey__SecKey) ==
Used for PFS encryption.


<pre>
<pre>
Line 639: Line 533:


* flag is 0
* flag is 0
* identical to I


== SCE_EAP_HDD__KEY (External) ==
== SCE_EAP_HDD__KEY (External) ==
Used for HDD encryption.


<pre>
<pre>
Line 660: Line 551:


== crepo_key_1_E (CFK1) ==
== crepo_key_1_E (CFK1) ==
Used for Crash Report.


<pre>
<pre>
Line 676: Line 565:


* flag is 0xC
* flag is 0xC
== crepo_key_1_I (CFK1) ==
Used for Crash Report.
<pre>
43 46 4B 31 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
77 B7 5A 04 C9 69 D3 FE BC 11 38 EE 2F B1 31 CC
71 E6 66 F7 D3 78 E4 F4 CD AB 35 D7 DE C4 A3 26
3B 2A 68 2C 43 06 15 CE 04 77 3D 4B A5 BC F8 7E
CF 9B CF 77 B4 8B A7 78 DE BD 09 75 BB 5B B1 27
44 A1 E3 CC EC 71 4F 10 09 48 CC 23 55 41 3C CE
11 34 1A 57 F2 34 69 F9 62 6B 2E 71 AD 17 B2 2C
</pre>


== crepo_key_2_E (CFK1) ==
== crepo_key_2_E (CFK1) ==
Used for Crash Report.


<pre>
<pre>
Line 723: Line 595:


* flag is 0x14
* flag is 0x14
== rootparam_key_0_I (SCEROOTPARAM_KEY) ==
<pre>
53 43 45 52 4F 4F 54 50 41 52 41 4D 5F 4B 45 59
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
CA 5C 5D 73 F7 57 0D 77 E9 00 AB 72 C0 5A C3 C4
B4 9C 45 CB CD 90 29 61 58 EC 47 1F 5F 26 72 52
29 ED 9C 0A F8 D3 97 00 29 85 A9 DF D0 F2 47 21
03 EA A7 1E B1 10 C0 03 99 B1 1D EC B2 E5 DF 08
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
</pre>


== rootparam_key_4_E  (SCEROOTPARAM_KEY) ==
== rootparam_key_4_E  (SCEROOTPARAM_KEY) ==
Line 753: Line 612:
* flag is 0x14
* flag is 0x14


== rootparam_key_5_E (SCEROOTPARAM_KEY) ==
== rootparam_key_5_E (SCEROOTPARAM_KEY) ==


<pre>
<pre>
Line 770: Line 629:


== SCE_LwUtoken_Key (External) ==
== SCE_LwUtoken_Key (External) ==
Used for "low" user tokens.


<pre>
<pre>
Line 787: Line 644:


== SCE_LwUtoken_Key (External-Extra1) ==
== SCE_LwUtoken_Key (External-Extra1) ==
Used for "low" user tokens.


<pre>
<pre>
Line 805: Line 660:


== SCE_LwUtoken_Key (External-Extra2) ==  
== SCE_LwUtoken_Key (External-Extra2) ==  
Used for "low" user tokens.


<pre>
<pre>
Line 823: Line 676:


== IPMI (E) ==
== IPMI (E) ==
Used for Inter-Process Method Invocation.


<pre>
<pre>
Line 840: Line 691:


== SCE_SBL_BAR_KEY1 (E) ==
== SCE_SBL_BAR_KEY1 (E) ==
Used for Secure Block Backup And Restore feature.
<pre>
<pre>
ffffff80869df8e0  53 43 45 5f 53 42 4c 5f  42 41 52 5f 4b 45 59 31  |SCE_SBL_BAR_KEY1|
ffffff80869df8e0  53 43 45 5f 53 42 4c 5f  42 41 52 5f 4b 45 59 31  |SCE_SBL_BAR_KEY1|
Line 870: Line 718:
* flag is 0x4C
* flag is 0x4C


== Unknown key 0x54 ==
== Other Keys ==
 
<pre>
<pre>
91 0B 7C A6 6B 4B F9 DA 00 72 F1 67 6C 51 99 70
91 0B 7C A6 6B 4B F9 DA 00 72 F1 67 6C 51 99 70
Line 884: Line 731:


* flag 0x54
* flag 0x54
== hidAuthThreadMain ==


<pre>
<pre>
Line 900: Line 745:
* hidAuthThreadMain  
* hidAuthThreadMain  
* flag 0x48
* flag 0x48
== livedump ==


<pre>
<pre>
Line 916: Line 759:
* livedump
* livedump
* flag 0x44
* flag 0x44
== pfs_sbl_key ==


<pre>
<pre>
Line 932: Line 773:
* pfs_sbl_key
* pfs_sbl_key
* flag 0x58
* flag 0x58
== SCECloudSD___KEY ==
Used for Cloud Save Data features. Similar to the Cloud Data Key Ring used in PS Vita since System Software version 3.100.081.


<pre>
<pre>
Line 998: Line 835:
* flag 0x1C
* flag 0x1C


= Portable Keys Dumps (ShellCore) =
= Portable Keys Dumps (Shellcore) =


== SCE_CFS_hostname (E) ==
== SCE_CFS_hostname (E) ==


Host by Amazon AWS at Portland, Oregon, 97086 United States of America. Alias of cfss.crs.playstation.net.
<pre>
 
Zeke Jedediah Dunbar is a main character of the Infamous videogame developped by Sony Computer Entertainment America.


<pre>
-------HEX DUMP------
-------HEX DUMP------
ffffff8085f7f8e0  53 43 45 5f 43 46 53 5f  68 6f 73 74 6e 61 6d 65  |SCE_CFS_hostname|
ffffff8085f7f8e0  53 43 45 5f 43 46 53 5f  68 6f 73 74 6e 61 6d 65  |SCE_CFS_hostname|
Line 1,020: Line 854:
* flag 0xD
* flag 0xD


== SCE_RCR_hostname (E) ==  
== SCE_RCR_hostname(E) ==  
 
Host by Amazon AWS at Portland, Oregon, 97086 United States of America. Owned by Minato-ku for Sony Computer Entertainment Inc. Network Platform Service Department at Tokyo (Japan).
 
Zeke Jedediah Dunbar is a main character of the Infamous videogame developped by Sony Computer Entertainment America.


<pre>
<pre>
Line 1,041: Line 871:


== SCE_CDN_hostname (E) ==
== SCE_CDN_hostname (E) ==
Used for Crash Report.


<pre>
<pre>
Line 1,055: Line 883:
ffffff8085f7f950  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
ffffff8085f7f950  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
</pre>
</pre>


* flag 0xD
* flag 0xD


== SCE_SYS_TLM_SECK (E) ==
== SCE_SYS_TLM_SECK(E) (GetOpenPsIdHash) ==
 
Used in GetOpenPsIdHash.


<pre>
<pre>
Line 1,077: Line 904:


== Other Keys ==
== Other Keys ==
<pre>
<pre>
-------HEX DUMP------
-------HEX DUMP------
Line 1,108: Line 934:
56 6B DD 67 C3 B6 B5 04 EF 1A 39 C0 CC AC 4B E2
56 6B DD 67 C3 B6 B5 04 EF 1A 39 C0 CC AC 4B E2
</pre>
</pre>
* same as Internal


* timezone_key_E | flag = 0x40
* timezone_key_E | flag = 0x40
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/ps4/Talk:Keys"