Editing Seeds

= Information about these seeds =

The seeds present on this wiki page were acquired through different means. It started with a simple search (Which i have to thank glevand and naehrwert for, as had it not been for those guys, i wouldn't have found myself the confidence to post this) and it went through several people who helped me along the way, and that probably wish to stay anonymous.

Without further ado, here are the seeds (both known and unknown) for several functions of the ps3.

== Common ==

=== Common individuals seed ===

<pre>
59302145AC09B1EFE69E9B7A25FF8F86
E9F6814D37DE204D29729B8416BAEDE4
227098657F298CDB6A9B5E59E4A4BA2F
8E6A740E1FC1E3E935DDD2F66CDEDD6B
</pre>

Used on old firmwares, possible for an old EID0 format (or fallback?) which can be 0x20 or 0x28 bytes in size. Decrypted section is always the same, see comments: http://pastie.org/private/rzg83pokd4vnxg60dj3qwg

Taken from: isoldr/appldr/lv1ldr

== eEID ==

=== eid0 ===

Used for individual ps3/psp/psn information.

==== eid0 individuals seed ====

<pre>
ABCAAD1771EFABFC2B921276FAC2130C
37A6BE3FEF82C79F3BA5733FC35A690B
08B358F970FA16A3D2FFE2299E841EE4
D3DB0E0C9BAEB51BC7DFF10467472F85
</pre>

Taken from: aim_spu_module.self/isoldr/appldr/lv1ldr/spu_token_processor.self/spu_utoken_processor.self

==== eid0 keyseed 0x0 ====

<pre>
2ED7CE8D1D55454585BF6A3281CD03AF
</pre>

Taken from: aim_spu_module.self

==== eid0 keyseed 0x6 ====

<pre>
3AB0E6C4ACFFB629362FFBBBDBC854BC
</pre>

Taken from: pspemudrm (kirk)

==== eid0 keyseed 0x6 for perconsole encrypted private key ====

<pre>
33793B9F79E2EBAE55D4D6BF0ED376E6
</pre>

Encrypt it with perconsole eid0_key to obtain the decryption key to decrypt Your perconsole ecdsa private key, located into the decrypted eid0 section 6 at offset 0x88.

Taken from: pspemudrm (kirk)

==== eid0 keyseed 0xA ====

<pre>
30B0395DC5835AAA3A7986B44AFAE684
</pre>

Taken from: aim_spu_module.self

=== eid1 ===

Used for individual SYSCON information.

==== eid1 individuals seed ====

<pre>
B0D655764C3B44B338F32DD1D0999B66
48A35A2CEB15E28EECDC2DC0B4C7EB05
DC8225C0D5789DBB2E89A24A78585800
72363834EE1A116C2CD25E58EE6763F7
</pre>

Taken from: sc_iso.self/sc_iso_factory.self

=== eid2 ===

Used for individual bluray information.

==== eid2 individuals seed ====

<pre>
7492E57C2C7C63F44942268FB41C58ED
668341F9C97B298396FA9D82075199D8
BC1A934B374FA38D46AF94C7C33373B3
09572084FE2DE34457E0F8527A34753D
</pre>

Taken from: fdm_spu_module.self

==== eid2 DES key ====
<pre>
6CCAB35405FA562C
</pre>

Taken from: fdm_spu_module.self

==== eid2 DES iv ====

<pre>
0000000000000000
</pre> 

Taken from: fdm_spu_module.self

=== eid3 ===

Used for individual CPRM information.

==== eid3 individuals seed ====

<pre>
01D0496A3BADD1735570CB29E16FA231
4FA9FD1ABA19A1C69EEA2F4AA607A71C
6FE23EF8DFBB0F2D9D452CD5FAD58B74
5BF8A4A50D8BDB29B2F4BF14C44ADD76
</pre>

Taken from: CprmModule.spu.isoself

==== eid3 keyseed ====

<pre>
5FFF3FD81E18B956DAE4E6D3368297EF
</pre>

Taken from: CprmModule.spu.isoself

==== eid3 static key ====

<pre>
D99406CA4BF30750436A454736834589
</pre>

Taken from: CprmModule.spu.isoself

=== eid4 ===

Used for individual bluray auth information.

==== eid4 individuals seed ====
<pre>
3EC20C17021901978A2971793829D308
0429FA84E33E7F730C1D416EEA25CAFB
3DE02BC005EA490B03E99198F83F101F
1BA34B50589428ADD2B3EB3FF4C31A58
</pre>

Taken from: sv_iso_spu_module.self

== HDD Specific ==

Used for individual hard drive information.

=== ATA data individuals seed === 

<pre>
D92D65DB057D49E1A66F2274B8BAC508
83844ED756CA79516362EA8ADAC60326
</pre>

Taken from: sb_iso_spu_module.self


=== ATA tweak individuals seed ===

<pre>
C3B3B5AACC74CD6A48EFABF44DCDF16E
379F55F5777D09FBEEDE07058E94BE08
</pre>

Taken from: sb_iso_spu_module.self

=== ENCDEC data individuals seed ===

<pre>
E2D05D4071945B01C36D5151E88CB833
4AAA298081D8C44F185DC660ED575686
</pre>

=== ENCDEC tweak individuals seed ===
<pre>
02083292C305D538BC50E699710C0A3E
55F51CBAA535A38030B67F79C905BDA3
</pre>

=== Arcade/SYSDBG Seeds ===

====ATA data/tweak====

<pre>
DA73ED9020918F4C0A703DCCF890617B
FFD25E3340009109583C643DF4A21324
</pre>

====ENCDEC data====
<pre>
D2BCFF742D571A80DFEE5E2496D19C3A
6F25FA0FC69764CAC20F4269EB540FD8
</pre>
====ENCDEC tweak====
<pre>
C19C7F987EDB6E244B07BEDEFA1E6CC9
F08524D98C05654CC742141E01F823E1
</pre>

== PS2 Emu Specific ==

Used for ps2 memory card save generation

=== mc_iso individuals seed ===

<pre>
5238D0FA23A993B8971D400F982D2177
8130DCF4DE7C4E119C1DE286AA37610B
1AB711223F27681659AE6B71F184F9CB
0E00D08AD06AF9F7A1D55F69C71D2B25
</pre>

Taken from: mc_iso_spu_module.self


=== me_iso individuals seed ===

<pre>
F2336E2563B603077A76657126CAE4DB
820E92856B693CE81422E9FB1C1CA5B3
E943388E4B480350AA24A5FBFABFD172
D97A1E25DE3E64A0A7A482528456B174
</pre>

Taken from: me_iso_spu_module.self

== Syscon Specific ==

Used for individual SYSCON authentication.

=== sc_iso module seed ===

<pre>
B0D655764C3B44B338F32DD1D0999B66
48A35A2CEB15E28EECDC2DC0B4C7EB05
DC8225C0D5789DBB2E89A24A78585800
72363834EE1A116C2CD25E58EE6763F7
</pre>

=== sc_iso module seed {{SD}} ===
<pre>
0AB7611E56DA45076B46129718F5C80E
80BFFBA1800145BF2F1C02F7C011FDE8
E486A45215B5FFFF432DD7F7DFF0C47D
989ADED904DD987FC93BD735DA114397
</pre>

=== sc_magic::auth_magic ===

<pre>
63DCA7D3FEE47F749A408363F1104E8F auth_1 0x00
4D10094324009CC8E6B69C70328E34C5 auth_2 0x00
D97949BAD8DA69D0E01BF31523732832 auth_1 0x01
C9D1DD3CE27E356697E26C12A7B316A8 auth_2 0x01
72FF4C7FD2A5908D6C9C3FD3C037FEEB auth_1 0x02
FA8D083C052080D4A19453452E179A44 auth_2 0x02
35F8421295CBF484E06A17FA2FB98686 auth_1 0x03
C2F3685E7EF49768337B79FDBC8265BE auth_2 0x03
C6E19331FC6D75D1C2800913D1793C7E auth_1 0x04
771A755F402D5196D02A0D092BEFE01E auth_2 0x04
B11701629ED2FA918F9F4D8B78D72D74 auth_1 0x05
19930DE0B6FDCFFC7BA630B82D530431 auth_2 0x05
4420ED722FEA35021955AB40C78EE6DF auth_1 0x06
3E67C2D9432E15D09BEF0E6C6492455D auth_2 0x06
5FA6AF2BB07F72E2ABF80B4EF6DA98E0 auth_1 0x07
8CB782E53E8AEB8A768D366598281B9B auth_2 0x07
</pre>

Size 256<br>

=== secure_com_lib_internal_key::session_key_create_key ===

<pre>
9F1DF816BB4A4A0129D031CFB0AD9B30 0x00
D302FDE17578FBDBA1058449BA5C1BEA 0x01
0E6B7480E5CEB2562A3347BB41012455 0x02
7910AC5D2AD16001F6A2783979096103 0x03
E3052804B7D2836F2879A1751BB40D48 0x04
EF586F9D599170676850590BA67D4BC7 0x05
5D9598637AF25F8023623B1268B5131A 0x06
0EAA32140A2861D8659626F6CE2286DB 0x07
</pre>

=== secure_com_lib_internal_key::time_key ===

<pre>
E3EFDE987E4A2D3F8CF7B3B60E846B21 0x00
4AB026664E9D02F53EFF9544549B1F97 0x01
7ECA7F299891F1B243119E35AE94C3DE 0x02
E0B7A0867CF44923BAE65E3386460C80 0x03
</pre>

=== data key seed ===

<pre>
73686572776F6F645F73735F73656564 "sherwood_ss_seed"
</pre>

=== tweak key seed ===

<pre>
73735F736565645F6F6E655F6D6F7265 "ss_seed_one_more"
</pre>

=== vtrm keyseed ===

<pre>
6B6579736565645F666F725F73726B32 "keyseed_for_srk2"
</pre>

=== seed for backup ===

<pre>
736565645F666F725F6261636B757000 "seed_for_backup."
</pre>

=== eEID1 fallback ===

<pre>
84DEDB601CBFE24C17DDC7BD1B466406
0126A315C548FDD56C0DF6DE19667079
CB21566A84CAFE5CC883F5255E9586E4
4C02AC7201D69D2F6274E86918BE2703
4A86714B7D122170D45E317F97D173E7
615506000725FDE96EE7ACA391D06F73
3B24EABA2DCB71B6AEC2AB4B809ABD09
B8B7EDD3361CC1F3B71DA99617B7DC01
518E3B27164816ACF9C89157B07BB6C8
633D8DD1CFCE1E15AED07083E38E8EBB
145138B3BA0E240F3A7E77678D9D2961
BD123E045C9C0C58A9A03EB8940A1B99
75A1EE8E575ADFD8811BDE09B098ED38
F87F7DC557618412C827EF32FD5215D0
20900F5D2DF6C1BA52CB1B2E5DBC0310
5C91D011F8F232DD14CFA4E9A3108069
DFA88A3C2E27CB4892E8074794B32CF4
B78EC1E9E6A83ECC280182E29E22EDCE
A0A8BA86FF4304C488A8BD461A9B2D6F
E56C435F841C561E0E724F6CEDF38505
1EBB412CB7BBD395D56FD515782C5957
B687263DF0F4E5353BBAD52CCE4C634F
842663A906ED14319746A91FC63E556A
60426AB2283679450F76054E0EB39F22
F92881B49D9811F846E392FB66056DCB
267AA10094FD262D121B5576A0E6C0F1
58DEF55F710C789D8ED78CDE4E6AD6F8
2D9F8180B8C050D9B1847BC50803D3A4
5CB1178E0241C39AC3AA77558BA96567
7EECBF204F0760ECD976FE20AE97BA5C
4150D9D7EA9AC4C286E63C21FBDCE903
B6AD8EDA663C266A1B8F81F843A1C919
5856F90CB7390EBDB5A000D87F4E2619
CDA436059FD3723C3B6DA657E6D936D8
EA517214BA336B9B57912840AF8A3E76
EA715EE979F03A9857AA358E83B45E0E
8FC797DF9927B0E933EA33EBA1592231
E34C8E3E54C98E27C2E3AB69CC0E45F1
AD1BC8B53D9F87107F3FB7BB1B5E26B2
B710593154505CF21A36E2E57823D5BE
0D5D3AB4CD04B1C27A74BEE02E6D25F4
</pre>

= Notes =

* libeeid / ps3hdd_poc / ps3_decrypt_tools were adapted for this. so use them
* you'll need eid_root_key, hdd image and eid 
* the seeds are spreaded all over the wiki, so it's nice to have a spot where you can look at the seed you wish :)
* many thanks to fail0verfl0w for this. gotta love the print_hash function :3
* https://github.com/zecoxao/ps3_decrypt_tools tools for decrypting and encrypting.
* Regarding syscon, there are two chunks of data, one located at ss_sc_init and the other at sc_iso with sizes 0x290 and 0x280 respectively. one is after keyseed_for_srk2 and the other is between k4 and k5.
* ss_sc_init contains fallback EID1 of size 0x290 bytes.

= References =

[http://pastie.org/2858016 THE PLACEHOLDER] <- this curious pastie contains the first 4 bytes of several keys/seeds
<pre>
1st-eid2 indiv seed
2nd-eid0 indiv seed
3rd-eid1 indiv seed
4th-eid4 indiv seed
5th-ata data seed
6th-me iso indiv seed
7th-mc iso indiv seed
</pre>

[http://www.ps3devwiki.com/wiki/Iso_module isolated modules] <- used as reference for eid specific seeds, amongst others

= What's inside: =

== Each EID0 Section (0xC0 bytes) ==

{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Data || 0x10 || contains the actual data of the file (either idps or psid)
|-
| plaintext public key || 0x28 || contains the section's public key (without padding)
|-
| R || 0x14 || part of the ecdsa signature pair (r,s)
|-
| S || 0x14 || part of the ecdsa signature pair (r,s)
|-
| public key || 0x28 || ecdsa public key (unknown what this is doing here)
|-
| encrypted private key || 0x20 || encrypted blob that contains the section's private key (with padding)
|-
| omac/cmac1 || 0x10 || hash of the previous information in CMAC1/OMAC mode
|-
| padding || 0x8 || zero byte padding
|}

[http://pastie.org/6169158 Source of the information]

== EID1 (0x2A0 bytes) ==

This is, quite possibly, one of the most important EID parts in the system. Since the seed was found on syscon selfs, it's very likely that this is directly associated with SYSCON itself.
Unfortunately, there is no way to know because there are additional layers of cryptography inside it.

== EID2(0x730 bytes) ==
http://www.psdevwiki.com/ps3/Hypervisor_Reverse_Engineering#Remarrying
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Header || 0x20 ||
|-
| P(rimary) block || 0x80 || contains bd drive info
|-
| S(econdary) block || 0x690 || contains bd drive info
|}

== EID3(0x100) ==
http://www.psdevwiki.com/ps3/Hypervisor_Reverse_Engineering#Communication
{|class="wikitable"
|-
! Offset !! Description !! Length !! Note
|-
| 0x00 || Header || 0x20 || contains ckp_management_id, size of cprm keys + sha1 digest + padding and nonce
|-
| 0x20 || cprm player keys || 0xB8 || 
|-
| 0xD8 || sha1 digest || 0x14 || sha1 digest of previous section
|-
| 0xEC || padding || 0x4 ||
|-
| 0xF0 || omac1 digest || 0x10 || omac1 digest of whole eid3
|}

== EID4(0x30) ==

{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Drive Key 1 || 0x10 || Encrypts data sent from host to bd drive
|-
| Drive Key 2 || 0x10 || Decrypts data sent from bd drive to host
|-
| CMAC/OMAC1 || 0x10 || Hash of the previous bytes in CMAC/OMAC1 mode
|-
|}

== EID5 (0xA00) ==

The largest and quite possibly the most important EID of all 6. It's unknown what is inside this specific EID. We'll probably never know what's inside it without analyzing every possible clue about the PS3. And even then, it might be impossible to find it's real use. It's size is similar to EID0, but it has an aditional 0x1A0 bytes.

=== Theory ===

==== 0x40 bytes Header ====

{|class="wikitable"
|-
! Description !! Length !! Note
|-
| header(idps) || 0x10 || idps
|-
| unk(static) || 0x2 || 00 12
|-
| unk2(static) || 0x2 || 00 0B (eid0) 00 02(request_idps) 07 30 (eid5)
|-
| perconsole nonce || 0xC ||
|-
| unk3(changes) || 0x20 || 
|}

==== Content ====
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| sections || 0x9C0 || 13 sections of 0xC0 bytes each (copy of the 11 sections in EID0 and two sections dedicated to bootldr and metldr respectively)
|-
|}
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>