Keys
Jump to navigation
Jump to search
PSX[edit | edit source]
KELF - KIRX Keys[edit | edit source]
Funnily enough SCE only encrypt and hash small sections of the elf/irx files. So one can just modify the unencrypted/unhashed sections of the files to get code execution.
These are all the keys you need to decrypt/encrypt/sign an elf/irx properly.
You can use https://github.com/xfwcfw/kelftool or https://github.com/zecoxao/kelf-tool/tree/master.
Most keys have been obtained from PS3 PS2 emulator. See [1].
MG_SIG_MASTER_KEY=51ED689419A83AD8 MG_SIG_HASH_KEY=65E88B1A9E3FD268 MG_KBIT_MASTER_KEY=5001C87121F939C144D86B069224B247 MG_KBIT_IV=35C860019222BB60 MG_KC_MASTER_KEY=77F38314B047D87C9B37D266049228C4 MG_KC_IV=8C2BD03EC245C56D MG_ROOTSIG_MASTER_KEY=D56604A445781EC4 MG_ROOTSIG_HASH_KEY=E773089E35D26A1B38C761029437CEE3 MG_CONTENT_TABLE_IV=20CB60F58D24BE50 MG_CONTENT_IV=7D16C46313C3711C
Source: [2]
uint8_t MG_KBIT_IV[8] = { 0x35, 0xC8, 0x60, 0x01, 0x92, 0x22, 0xBB, 0x60 }; uint8_t MG_KC_IV[8] = { 0x8C, 0x2B, 0xD0, 0x3E, 0xC2, 0x45, 0xC5, 0x6D }; uint8_t MG_KBIT_MASTER_KEY[16] = { 0x50, 0x01, 0xC8, 0x71, 0x21, 0xF9, 0x39, 0xC1, 0x44, 0xD8, 0x6B, 0x06, 0x92, 0x24, 0xB2, 0x47 }; uint8_t MG_KC_MASTER_KEY[16] = { 0x77, 0xF3, 0x83, 0x14, 0xB0, 0x47, 0xD8, 0x7C, 0x9B, 0x37, 0xD2, 0x66, 0x04, 0x92, 0x28, 0xC4 }; uint8_t MG_SIG_HASH_KEY[16] = { 0x65, 0xE8, 0x8B, 0x1A, 0x9E, 0x3F, 0xD2, 0x68 }; uint8_t MG_SIG_MASTER_KEY[16] = { 0x51, 0xED, 0x68, 0x94, 0x19, 0xA8, 0x3A, 0xD8 }; uint8_t MG_CONTENT_TABLE_IV[] = { 0x20, 0xCB, 0x60, 0xF5, 0x8D, 0x24, 0xBE, 0x50 }; uint8_t MG_CONTENT_IV[] = { 0x7D, 0x16, 0xC4, 0x63, 0x13, 0xC3, 0x71, 0x1C }; uint8_t MG_ROOTSIG_MASTER_KEY[16] = { 0xD5, 0x66, 0x04, 0xA4, 0x45, 0x78, 0x1E, 0xC4 }; uint8_t MG_ROOTSIG_HASH_KEY[16] = { 0xE7, 0x73, 0x08, 0x9E, 0x35, 0xD2, 0x6A, 0x1B, 0x38, 0xC7, 0x61, 0x02, 0x94, 0x37, 0xCE, 0xE3 };