From Vita Developer wiki
Jump to navigation Jump to search

keystone file is located in sce_sys folder of apps/patches/addcont/savedatas/trophies. It is PFS encrypted.

It embeds a key called keystone that is used to verify that :

1) somebody who wants to extract/verify PKG is the owner of the product

2) a patch data is published by the creator of the app data

Keystone is generated from Passcode.

File Structure[edit | edit source]

Offset Size Description
0x0 0x8 Magic "keystone"
0x8 0x2 Type (always 2)
0xA 0x2 Version (always 1)
0xC 0x14 Padding
0x20 0x10 IV for encrypted key
0x30 0x10 Encrypted key
0x40 0x20 HMAC Value

Generation[edit | edit source]

SCE provides in official SDK a tool called pc2ks that converts passcode to keystone.

Decryption[edit | edit source]

The first step is to check the HMAC of the file. The process is to use the HMAC key from the Keys#PFS_Secret_Keys page to check the HMAC at position 0x40 in the file. If it is correct, it proceeds to use another key to decrypt the value at 0x30 using the value at 0x20 as the IV.