Editing Flash:Encrypted Individual Data - eEID
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
== Encrypted Individual Data - eEID == | == Encrypted Individual Data - eEID == | ||
eEID certainly stands for encrypted EID | eEID certainly stands for encrypted EID. EID stands for Encrypted Individual Data. EID is the equivalent of IdStorage on PSP and PSVita. | ||
EID is the equivalent of IdStorage on PSP and PSVita | |||
It is 0x10000 bytes in size (64 kB) but only the first 0x1DD0 bytes are used. The rest is padded with 0xFF. | It is 0x10000 bytes in size (64 kB) but only the first 0x1DD0 bytes are used. The rest is padded with 0xFF. | ||
Line 358: | Line 354: | ||
Individual info Manager can write to EID0. Appliance Info Manager can rehash it. | Individual info Manager can write to EID0. Appliance Info Manager can rehash it. | ||
EID0 embeds | EID0 embeds 11 AES128CBC encrypted sections. These are the [[Identification Certificates]]. | ||
We | We don't have all EID0 enc/dec keys: | ||
<pre> | <pre> | ||
section 0 | section 0 -> yes | ||
section 1 | section 1 -> missing | ||
section 2 | section 2 -> missing | ||
section 3 | section 3 -> missing | ||
section 4 | section 4 -> missing | ||
section 5 ( | section 5 (probably equivalent to PSP section 0) -> missing | ||
section 6 (PSP | section 6 (equivalent to PSP section 1) -> yes | ||
section 7 (PSP | section 7 (probably equivalent to PSP section 2) -> missing | ||
section 8 (PSP | section 8 (probably equivalent to PSP section 3) -> missing | ||
section 9 (PSP | section 9 (probably equivalent to PSP section 4) -> missing | ||
section 0xA (PSP | section 0xA (equivalent to PSP section 5) -> yes< | ||
</pre> | </pre> | ||
===== EID0 Section ===== | |||
===== EID0 | |||
* Size: 0xC0 bytes. | * Size: 0xC0 bytes. | ||
Line 387: | Line 379: | ||
! Description !! Length !! Note | ! Description !! Length !! Note | ||
|- | |- | ||
| Data || 0x10 || actual data (either | | Data || 0x10 || contains the actual data of the file (either IPDS or OpenPSID) | ||
|- | |- | ||
| plaintext public key || 0x28 || public key (without padding) | | plaintext public key || 0x28 || contains the section's public key (without padding) | ||
|- | |- | ||
| R || 0x14 || part of the | | R || 0x14 || part of the ecdsa signature pair (r,s) | ||
|- | |- | ||
| S || 0x14 || part of the | | S || 0x14 || part of the ecdsa signature pair (r,s) | ||
|- | |- | ||
| public key || 0x28 || | | public key || 0x28 || ecdsa public key (can be used to verify ecdsa signature RS) | ||
|- | |- | ||
| encrypted private key || 0x20 || encrypted | | encrypted private key || 0x20 || encrypted blob that contains the section's private key (with padding) | ||
|- | |- | ||
| cmac || 0x10 || hash of the previous information in | | cmac || 0x10 || hash of the previous information in CMAC mode | ||
|- | |- | ||
| padding || 0x8 || zero byte padding for AES 128 bits encryption | | padding || 0x8 || zero byte padding for AES 128 bits encryption | ||
|} | |} | ||
====== EID0 section 0 | ====== EID0 section 0 crypto ====== | ||
* [https://web.archive.org/web/20141118233713/http://pastie.org/6169158 naehrwert's EID0 section 0 ECDSA signature verification] | * [https://web.archive.org/web/20141118233713/http://pastie.org/6169158 naehrwert's EID0 section 0 ECDSA signature verification] | ||
====== EID0 sections 6 | ====== EID0 sections 6 and 0xA crypto ====== | ||
= | EID0 section 6 is used in the PSP emulator by the DRM crypto engine. It corresponds to PSP KIRK commands 0x10, 0x11 and 0x12 verification of IdStorage Certificates. See also [[http://wololo.net/talk/viewtopic.php?p=20715#p20715]] and PSP wiki for PSP crypto stuff. | ||
Note: What's interesting is that on PS3 it uses ECDSA curve VSH type 2 with the PSP Identification Certificates public keys, whilst it uses a different curve with the PS3 exclusive Certificates (for example section 0). That's maybe how Davee and Proxima figured out the KIRK 0x10 and 0x11 ECDSA crypto keys. But not sure because their work was in 2011, not in 2012 nor 2013 (naehrwert) and it seems PS3 uses a different seed for encrypting the ECDSA private key (see section 6 ECDSA private key seed). | |||
=== EID1 === | === EID1 === | ||
Line 522: | Line 510: | ||
|} | |} | ||
Note: In decrypted P-Block these bytes match [[ | Note: In decrypted P-Block these bytes match [[Target ID]]: | ||
{| class="wikitable" style="font-size:x-small; border:2px ridge #999999;" | {| class="wikitable" style="font-size:x-small; border:2px ridge #999999;" | ||
|- | |- | ||
! Value !! [[ | ! Value !! [[Target ID]] !! Console Type !! Remarks | ||
|- | |- | ||
| || {{TID80}} | | || {{TID80}} || | ||
|- | |- | ||
| 0xFF || {{TID81}} || No BD playback | | 0xFF || {{TID81}} || No BD playback on that [[Target ID]]. | ||
|- | |- | ||
| 0xFF || {{TID82}} || No BD playback | | 0xFF || {{TID82}} || No BD playback on that [[Target ID]]. | ||
|- | |- | ||
| 0x01 || {{TID83}} || | | 0x01 || {{TID83}} || | ||
|- | |- | ||
| 0x02 || {{TID84}} || | | 0x02 || {{TID84}} || | ||
|- | |- | ||
| 0x04 || {{TID85}} || | | 0x04 || {{TID85}} || | ||
|- | |- | ||
| 0x10 || {{TID86}} || | | 0x10 || {{TID86}} || | ||
|- | |- | ||
| 0x04 || {{TID87}} || | | 0x04 || {{TID87}} || | ||
|- | |- | ||
| | | || {{TID88}} || | ||
|- | |- | ||
| 0x08 || {{TID89}} || | | 0x08 || {{TID89}} || | ||
|- | |- | ||
| | | || {{TID8A}} || | ||
|- | |- | ||
| | | || {{TID8B}} || | ||
|- | |- | ||
| 0x20 || {{TID8C}} || | | 0x20 || {{TID8C}} || | ||
|- | |- | ||
| | | || {{TID8D}} || | ||
|- | |- | ||
| 0x10 || {{TID8E}} || | | 0x10 || {{TID8E}} || | ||
|- | |- | ||
| | | || {{TID8F}} || | ||
|- | |- | ||
| 0xFF || {{TIDA0}} || No BD playback | | 0xFF || {{TIDA0}} || No BD playback on that [[Target ID]]. | ||
|- | |- | ||
|} | |} | ||
Line 568: | Line 556: | ||
Notes: | Notes: | ||
* 0xFF = 0b11111111 - all bits enabled | * 0xFF = 0b11111111 - all bits enabled | ||
* 0x20 = 0b00100000 - {{TID8C}} - bit 5 | |||
* 0x10 = 0b00010000 - {{TID8E}} | {{TID86}} - bit 4 | |||
* 0x20 = 0b00100000 - {{TID8C}} - bit 5 | * 0x08 = 0b00001000 - {{TID89}} - bit 3 | ||
* 0x10 = 0b00010000 - {{TID8E}} | {{TID86 | * 0x04 = 0b00000100 - {{TID87}} | {{TID85}} - bit 2 | ||
* 0x08 = 0b00001000 - {{TID89}} - bit 3 | * 0x02 = 0b00000010 - {{TID84}} - bit 1 | ||
* 0x04 = 0b00000100 - {{TID87}} | {{TID85}} - bit 2 | * 0x01 = 0b00000001 - {{TID83}} - bit 0 | ||
* 0x02 = 0b00000010 - {{TID84}} - bit 1 | |||
* 0x01 = 0b00000001 - {{TID83}} - bit 0 | |||
=== EID3 === | === EID3 === | ||
Line 708: | Line 694: | ||
=== EID5 === | === EID5 === | ||
The largest and quite possibly the most important EID section of all 6. It's unknown what is inside this specific EID. We | The largest and quite possibly the most important EID section of all 6. It's unknown what is inside this specific EID. We'll probably never know without analyzing every possible clue about the PS3. And even then, it might be impossible to find its real use. | ||
EID5 size is | EID5 size is similar to EID0, but it has an additional 0x1A0 bytes. EID5 header has some similarities with EID0 header. | ||
==== Example ==== | ==== Example ==== | ||
Line 750: | Line 736: | ||
| 0x10 || 0x2 || 00 12 || Unknown || Unknown. | | 0x10 || 0x2 || 00 12 || Unknown || Unknown. | ||
|- | |- | ||
| 0x12 || 0x2 || 07 30 || Unknown || | | 0x12 || 0x2 || 07 30 || Unknown || Unknown. 07 E0 on DEX/DECR | ||
|- | |- | ||
| 0x14 || 0xC || FC D1 D8 BE 6F F4 C8 D8 8F E1 C3 F7 || [[Flash:perconsole_nonce|perconsole nonce]] || | | 0x14 || 0xC || FC D1 D8 BE 6F F4 C8 D8 8F E1 C3 F7 || [[Flash:perconsole_nonce|perconsole nonce]] || |