Editing Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 3: Line 3:
= Keys Notes =
= Keys Notes =


You can download the keys from: <s>[https://web.archive.org/web/*/http://ps3devwiki.com/files/devtools/ps3keys/ ps3keys]</s> (or for scetool here : <s>[https://web.archive.org/web/*/http://ps3devwiki.com/files/devtools/scetool/data/ scetool/data/])</s>
You can download the keys from: [http://www.ps3devwiki.com/files/devtools/ps3keys/ ps3keys] (or for scetool here : [http://www.ps3devwiki.com/files/devtools/scetool/data/ scetool/data/])
[https://github.com/search?utf8=%E2%9C%93&q=PS3keys&repo=&langOverride=&start_value=1&type=Repositories&language= ''ps3keys at Github''] /  <s>http://www.mirrorcreator.com/files/JSM2FRCD/ps3keys.exe_links</s> <s>[https://web.archive.org/web/*/http://ps3devwiki.com/files/firmware/MFW-CEX/PS3MFWBuilder/ps3keys.exe ''ps3keys in RAR sfx (254.01 KB)'']</s> / <s>[http://www.mirrorcreator.com/files/EVWOWZES/ps3keys.zip_links ps3keys.zip (229.9 KB)]</s>
<!--// [https://github.com/search?utf8=%E2%9C%93&q=PS3keys&repo=&langOverride=&start_value=1&type=Repositories&language= ''ps3keys at Github''] /  http://www.mirrorcreator.com/files/JSM2FRCD/ps3keys.exe_links [http://www.ps3devwiki.com/files/firmware/MFW-CEX/PS3MFWBuilder/ps3keys.exe ''ps3keys in RAR sfx (254.01 KB)''] / [http://www.mirrorcreator.com/files/EVWOWZES/ps3keys.zip_links ps3keys.zip (229.9 KB)] //-->


== Location ==
== Location ==
Line 253: Line 253:
== sv_iso_spu_module 095.001 - 3.55 ==
== sv_iso_spu_module 095.001 - 3.55 ==


   key_0: EF4F6A107742E8448BC1F9D8F2481B31 // key_0 is an AES128CBC key, used with zero iv to obtain Disc_ID.
   key_0: EF4F6A107742E8448BC1F9D8F2481B31 // key_0 is an AES128CBC key, used with zero iv
    
    
   iv_0(ss::giv): 2226928D44032F436AFD267E748B2393
   iv_0(ss::giv): 2226928D44032F436AFD267E748B2393
Line 259: Line 259:
   key_0_1(ss::kms2): D9A20A79666C27D11032ACCF0D7FB501 // key_0_1 is used with iv_0 to generate gen_key_1(ss::sv_auth::ks2)
   key_0_1(ss::kms2): D9A20A79666C27D11032ACCF0D7FB501 // key_0_1 is used with iv_0 to generate gen_key_1(ss::sv_auth::ks2)
    
    
   key_1(Kwm):  7CDD0E02076EFE4599B1B82C359919B3 // key_1 is used with iv_0, decrypts disc_id from recieved data of the sv_wm_command
   key_1(Kwm):  7CDD0E02076EFE4599B1B82C359919B3 // key_1 is used with iv_0
    
    
   iv_1(ivs_aes):    3BD624020BD3F865E80B3F0CD6566DD0 // iv_1 is used with gen_key_0 and gen_key_1
   iv_1(ivs_aes):    3BD624020BD3F865E80B3F0CD6566DD0 // iv_1 is used with gen_key_0 and gen_key_1
Line 314: Line 314:
uint8_t nppp_aes128cbc_iv[0x10] = {0};
uint8_t nppp_aes128cbc_iv[0x10] = {0};
</source>
</source>
  ss::Kf1_u0: 213AA19F9640484DED1A90FF6E535BD9
  ss::Kf2_u0: 460BE7654AC4A8DFAA5F40A729E44EF3
  ss::Kf1_u1: 80025B9F4A03EFB144E7F2069D1B5BD9
  ss::Kf2_u1: F1F6045B66ABC69A2F62B25492A34EF3
  ss::Kf1_u2: 72F87767AC9362C87B97BBC8C0985BD9
  ss::Kf2_u2: DE29F0DFA04708E951781C25E49D4EF3
  ss::Kf1_u3: DC082F837F1487C2008B7BC920C55BD9
  ss::Kf2_u3: E80885F96ED0F36752CE52BEC3C74EF3
  ss::Kf1_u4: 19766FBC77E4E75CF441E48B942C5BD9
  ss::Kf2_u4: 50CBA7F0C2A7C0F6F33A214326AC4EF3
These keys used for auth_drive_user
  ss::user_param_u0: A97A0621F32A98B6BBCBD54A8BF250E4
                    ACE00B9571C37E44F95BBE4EE4DB93FE
                    00000000000000000000000000000000
                    D1E19EB3AAC6B8E29702FB1D414D7D17
  ss::user_param_u1: 55AFBA594107ABEC2AA8FAEC96D5D579
                    21004208287B6E7D6DBCCB5348403C59
                    01000000000000000000000000000000
                    DC8516DA4515EF85D2433F1115190E68
  ss::user_param_u2  95A5E268B73AB7B8B1126C35D5B5E5C6
                    30172A01C3B8350D8C4965A7C4BDFE3C
                    02000000000000000000000000000000
                    FF3A61D0ACE8BC097484718261E65FA1
  ss::user_param_u3  6317A8CD1250D70A195D7E02B0DB946F
                    CF2CCF4DEF20E74C9A1E6806028A0046
                    03000000000000000000000000000000
                    6E8A6F2DDE07202BF4D0BBDB8A0B805A
  ss::user_param_u4  1E79188E093BC87795B2CF2AE7AF9BB4
                    86801828C2CA05BAD1F278F1801FEACB
                    04000000000000000000000000000000
                    8DB3469342648160168F51D193762395
These keys used on sv_udata_command::set_command()
u0-4 is UserId, 2 for PS2 disc auth, 3 - PS3 disc auth, 4 - drive_auth, get_version, etc.


== spu_token_processor ==
== spu_token_processor ==
Line 400: Line 361:
* Location: PS3 software update plugin
* Location: PS3 software update plugin


== index.dat Keys ==
== DAT ==


  index-dat-key-ps3: 2B7E151628AED2A6ABF7158809CF4F3C
  dat-iv: 3032ADFCDE09CFBFF0A3B3525B097FAF
  index-dat-iv-ps3: 3032ADFCDE09CFBFF0A3B3525B097FAF
  dat-key: 2B7E151628AED2A6ABF7158809CF4F3C


Warning: this is for index.dat format, not EDAT/SDAT nor DOCUMENT.DAT format.
To precise: DAT as in EDAT/SDAT or DOCUMENT.DAT?


== PS3 Minis ISO.BIN.EDAT ==
== PS3 Minis ISO.BIN.EDAT ==
Line 1,398: Line 1,359:
|}
|}


=== NID generation suffixes ===
=== PS3 NIDs Salt ===
 
* The algorithm is sha1(name + suffix).
 
==== PS3 NONAME suffix ====


<pre>
<pre>
"0xbc5eba9e042504905b64274994d9c41f"
6759659904250490566427499489741A
</pre>
</pre>


* Note that this ASCII string is used but not the hexadecimal value for it.
=== PS3 NONAME NIDs Salt ===
 
==== PS3 default suffix ====


<pre>
<pre>
6759659904250490566427499489741A
"0xbc5eba9e042504905b64274994d9c41f"
</pre>
</pre>


* Note that this hexadecimal value is used but not the ASCII string for it.
* Note that this string is used, NOT the hex value for it!
* Credit to ClientHax for the discovery
* WTF Sony!


=== Bluray Drive Keys ===
=== Bluray Drive Keys ===
Line 1,710: Line 1,667:
See also [[NPDRM]].
See also [[NPDRM]].


See [https://www.psdevwiki.com/ps3/File:1UN7rOi.png a screenshot of the first retrieved PS3 NPDRM keys files].
See [https://i.imgur.com/1UN7rOi.png a screenshot of the first retrieved PS3 NPDRM keys files].


=== NPDRM Activation ECDSA Public Key ===
=== NPDRM Activation ECDSA Public Key ===
Line 1,719: Line 1,676:
* Location: PSP npdrm.prx, PS3, PS Vita npdrm.skprx.
* Location: PSP npdrm.prx, PS3, PS Vita npdrm.skprx.


Algorithm: Applies to NPDRM act.dat (Signature at 0x1010, sha1hash previous 0x1010 bytes to validate sig) and to NPDRM .rif (signature at 0x70, hash previous 0x70 bytes to validate signature) . Also applies to ps3 EDATs.  
Algorithm: Applies to both NPDRM act.dat and to NPDRM .rif.


ECDSA curve type: 2 (vsh)
ECDSA curve type: ?2 (vsh)?


=== NPDRM PSP EDAT ECDSA Public Key ===
=== NPDRM PSP EDAT ECDSA Public Key ===
Line 1,736: Line 1,693:
  npdrm_psp_edat_ecdsa_priv_key: E5C4D0A8249A6F27E5E0C9D534F4DA15223F42AD
  npdrm_psp_edat_ecdsa_priv_key: E5C4D0A8249A6F27E5E0C9D534F4DA15223F42AD


* Location: Calculated via https://github.com/tpunix/kirk_engine/tree/master/test
* Location: ? Maybe retrieved by PS3 ECDSA randomization fail.


=== NPDRM PSISOIMG0000 ECDSA Public Key ===
=== NPDRM PSISOIMG0000 ECDSA Public Key ===
Line 1,762: Line 1,719:
ECDSA curve type: 2 (vsh)
ECDSA curve type: 2 (vsh)


* Location: PSP np9660.prx , ?PS3? (not there?), PS Vita npdrm.skprx.
* Location: ?PSP?, ?PS3?, PS Vita npdrm.skprx.


=== NPDRM NPUMDIMG ECDSA Private Key ===
=== NPDRM NPUMDIMG ECDSA Private Key ===
Line 1,768: Line 1,725:
  npdrm_npumdimg_ecdsa_priv_key: 14B022E892CF8614A44557DB095C928DE9B89970
  npdrm_npumdimg_ecdsa_priv_key: 14B022E892CF8614A44557DB095C928DE9B89970


* Location: Calculated from 2 different DATA.PSAR with same R (located at 0xD8) (sha1 previous 0xD8 bytes to validate signature)
* Location: ? Maybe retrieved by PS3 ECDSA randomization fail.
 
<pre>
UP9000-UCUS98721_00-PATAPONPSNDEMO08 R1S1
UP1022-NPUH90004_00-PUZZLEGUZZLEDEMO R1S2
</pre>


This key is used to sign the NPUMDIMG data inside PSN NPDRM EBOOT.PBP.
This key is used to sign the NPUMDIMG data inside PSN NPDRM EBOOT.PBP.
Line 1,801: Line 1,753:
  npd_header_hash_xor_key: 6BA52976EFDA16EF3C339FB2971E256B
  npd_header_hash_xor_key: 6BA52976EFDA16EF3C339FB2971E256B


* Location: PS3 vsh.self as it is used in PS3 [[NPD]].
* Location: PS3 OS as it is used in PS3 [[NPD]].


Algorithm:
Algorithm:
Line 1,814: Line 1,766:
  edat-hasher-key-0:  EFFE5BD1652EEBC11918CF7C04D4F011
  edat-hasher-key-0:  EFFE5BD1652EEBC11918CF7C04D4F011
  edat-hasher-key-1:  3D92699B705B073854D8FCC6C7672747
  edat-hasher-key-1:  3D92699B705B073854D8FCC6C7672747
* Location: PS3 appldr.
Since FW 3.60 appldr stores them in scrambled form. key-0 is used for v.1, v.2 and v.3 edats, key-1 is used for v.4 edats.


These keys have to be sorted, and detailed, soon. Also why are there also "edat-key-0 || 4.20" and other 4.20+ EDAT keys on wiki?
These keys have to be sorted, and detailed, soon. Also why are there also "edat-key-0 || 4.20" and other 4.20+ EDAT keys on wiki?
Line 1,833: Line 1,781:
Algorithm: aes128ecb_decrypt(data = enc_klicensee, key = klic_aes_key, dst = klicensee)
Algorithm: aes128ecb_decrypt(data = enc_klicensee, key = klic_aes_key, dst = klicensee)


=== NPDRM Per-console Activation Index AES128ECB key ===
=== NPDRM Activation Data Index AES key ===


Temp name was RIF_KEY, actdatidx_dec_key.
Temp name was RIF_KEY, actdatidx_dec_key.


  npdrm_pcact_index_aes128ecb_key: DA7D4B5E499A4F53B1C1A14A7484443B
  npdrm_act_data_index_aes_key: DA7D4B5E499A4F53B1C1A14A7484443B


* Location: PSP npdrm.prx, PS3 vsh.self, PS Vita npdrm.skprx EKc offset 0x10 in encrypted form and decrypted using kprx_auth_sm.self.
* Location: PSP npdrm.prx, PS3 vsh.self.


Algorithm: AES128ECB_decrypt(data = rif.enc_metadata, key = npdrm_act_data_index_aes_key, dst = actdat_idx)
Algorithm: AES128ECB_decrypt(data = rif.enc_metadata, key = npdrm_act_data_index_aes_key, dst = actdat_idx)
Line 1,869: Line 1,817:
  npdrm_idps_seed: 5E06E04FD94A71BF0000000000000001
  npdrm_idps_seed: 5E06E04FD94A71BF0000000000000001


Location: PSP npdrm.prx, PS3 lv2_kernel.self, PS Vita npdrm.skprx EKc offset 0 in encrypted form and decrypted using kprx_auth_sm.self
Location: PSP npdrm.prx, PS3 lv2_kernel.self


Algorithm: AES128ECB_encrypt(data = npdrm_idps_seed, key = IDPS, dst = per_console_act_key)
Algorithm: AES128ECB_encrypt(data = npdrm_idps_seed, key = IDPS, dst = per_console_act_key)
Line 1,976: Line 1,924:
  npdrm_pkg_self_ecdsa_pub_bak_y: EC4907E129C5B5CD386D94D82318B9D558777C5A
  npdrm_pkg_self_ecdsa_pub_bak_y: EC4907E129C5B5CD386D94D82318B9D558777C5A


== ECDSA Curves (VSH) ==
== ECDSA Curve Type 2 (VSH) ==


   curve :    000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
   curve :    000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Line 1,998: Line 1,946:
Other representation: https://github.com/balika011/DC-M33/blob/master/psptools/psptool/kirk.py#L158.
Other representation: https://github.com/balika011/DC-M33/blob/master/psptools/psptool/kirk.py#L158.


* The type 2 curve is used for example for rif/act.dat, most IdStorage Certificates.
* This curve is used for example for rif/act.dat, most IdStorage Certificates.


== Snowden Key ==
== Snowden Key ==
Line 2,031: Line 1,979:
   MG_KBIT_MASTER_KEY  5001C87121F939C144D86B069224B247 <- me_iso
   MG_KBIT_MASTER_KEY  5001C87121F939C144D86B069224B247 <- me_iso
   MG_KC_MASTER_KEY    77F38314B047D87C9B37D266049228C4 <- me_iso
   MG_KC_MASTER_KEY    77F38314B047D87C9B37D266049228C4 <- me_iso
   META_KEY_RETAIL      389DCBA5203C8159ECF94C9393164CC9 <- sb_iso (key_id 0x18, is not final key, used to encrypt drm_key to create final one)
   META_KEY_RETAIL      389DCBA5203C8159ECF94C9393164CC9 <- sb_iso
   DATA_KEY_RETAIL      1017823463F468C1AA41D700B140F257 <- sb_iso (key_id 0x19, is not final key, used to encrypt drm_key to create final one)
   DATA_KEY_RETAIL      1017823463F468C1AA41D700B140F257 <- sb_iso
   VMC_KEY_RETAIL        64E30D19A16941D677E32EEBE07F45D2 <- sb_iso (key_id 0x1A, final key)
   VMC_KEY_RETAIL        64E30D19A16941D677E32EEBE07F45D2 <- sb_iso
   META_KEY_DEBUG        2B05F7C7AFD1B169D62586503AEA9798 <- sb_iso (key_id 0x15, final key)
   META_KEY_DEBUG        2B05F7C7AFD1B169D62586503AEA9798 <- sb_iso  
   DATA_KEY_DEBUG        74FF7E5D1D7B96943BEFDCFA81FC2007 <- sb_iso (key_id 0x16, final key)
   DATA_KEY_DEBUG        74FF7E5D1D7B96943BEFDCFA81FC2007 <- sb_iso  
   VMC_KEY_DEBUG        30479D4B80E89E2B59E5C9145E1064A9 <- sb_iso (key_id 0x17, final key)
   VMC_KEY_DEBUG        30479D4B80E89E2B59E5C9145E1064A9 <- sb_iso
   MG_SIG_HASH_KEY      65E88B1A9E3FD268 <- me_iso
   MG_SIG_HASH_KEY      65E88B1A9E3FD268 <- me_iso
   MG_SIG_MASTER_KEY    51ED689419A83AD8 <- me_iso
   MG_SIG_MASTER_KEY    51ED689419A83AD8 <- me_iso
Line 2,250: Line 2,198:
  kirk_unk100 = 000102030405060708090A0B0C0D0E0F
  kirk_unk100 = 000102030405060708090A0B0C0D0E0F


=== PSP PCK Master Key ===
=== PSP IdStorage Master Key ===


  psp_idstorage_master_key = 475E09F4A237DA9BEFFF3BC077143D8A
  psp_idstorage_master_key = 475E09F4A237DA9BEFFF3BC077143D8A
* Can be found probably in PS3 PSPemu (Kirk command 16 emulation) and in Kicho Dencho Factory NAND Dump, inside one of the modules.
* Used to generate the perconsole keys necessary for kirk 5, 6, 8, 9, 0xA, 0xF, 0x10, 0x12 commands.
* Named idskey0 in Despertar Del Cementerio source code.


=== DOCUMENT.DAT ===
=== DOCUMENT.DAT ===
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "http://www.psdevwiki.com/ps3/Keys"