Editing Talk:Keys
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
== | == aim_spu_module Keys Usage == | ||
See [[Keys#aim_spu_module_Keys]]. | |||
aim_key, aim_iv and aim_compare | |||
Can anyone explain to me what is the purpose and functionality of these keys? I've never seen them in "action" before... | |||
== 2.36 vs 3.30 appldr key 79481839C4... == | == 2.36 vs 3.30 appldr key 79481839C4... == | ||
Stop editing 79481839C4... as a 3.30 appldr key, unless you can disprove the absence of it since after 2.36 as seen here: http://pastebin.com/biWXJrst | |||
i see it there on offset 18C30 in the pastebin .... | |||
Here is an appldr keys: [http://www.sendspace.com/file/ou1ln1 .xls] & I doubt about the versions and revisions because of ^^ | |||
Please edit & add it to the Page. | |||
Disproving the absence: | Disproving the absence: | ||
https://www.sendspace.com/file/m0j3c1 | |||
The key 79481839C4... is inside the decrypted appldr and used to decrypt emer_init.self | This archive contains files from 3.31DECR (appldr, decrypted appldr and emer_init.self) | ||
The key 79481839C4... is inside the decrypted appldr and used to decrypt emer_init.self | |||
== sv_iso_spu_module 1.02-3.55 == | == sv_iso_spu_module 1.02-3.55 == | ||
<pre> | <pre> | ||
key_0: EF4F6A107742E8448BC1F9D8F2481B31 // key_0 is an aes_cfb128 iv | key_0: EF4F6A107742E8448BC1F9D8F2481B31 //key_0 is an aes_cfb128 iv | ||
iv_0: 2226928D44032F436AFD267E748B2393 | iv_0: 2226928D44032F436AFD267E748B2393 | ||
key_0_0: 126C6B5945370EEECA68262D02DD12D2 // key_0_0 is used with iv_0 to generate gen_key_0 | key_0_0: 126C6B5945370EEECA68262D02DD12D2 //key_0_0 is used with iv_0 to generate gen_key_0 | ||
key_0_1: D9A20A79666C27D11032ACCF0D7FB501 // key_0_1 is used with iv_0 to generate gen_key_1 | key_0_1: D9A20A79666C27D11032ACCF0D7FB501 //key_0_1 is used with iv_0 to generate gen_key_1 | ||
key_1: 7CDD0E02076EFE4599B1B82C359919B3 // key_1 is used with iv_0 | key_1: 7CDD0E02076EFE4599B1B82C359919B3 //key_1 is used with iv_0 | ||
iv_1: 3BD624020BD3F865E80B3F0CD6566DD0 // iv_1 is used with gen_key_0 and gen_key_1 | iv_1: 3BD624020BD3F865E80B3F0CD6566DD0 //iv_1 is used with gen_key_0 and gen_key_1 | ||
key_2: 380BCF0B53455B3C7817AB4FA3BA90ED // key_2 + iv_2 are used to generate something from the disk name (id?) | key_2: 380BCF0B53455B3C7817AB4FA3BA90ED //key_2 + iv_2 are used to generate something from the disk name (id?) | ||
iv_2: 69474772AF6FDAB342743AEFAA186287 | iv_2: 69474772AF6FDAB342743AEFAA186287 | ||
debug_disc_fallback: 67C0758CF4996FEF7E88F90CC6959D66 // this fallback is used if the disk name (id?) is 'PS3_L_DEBUG_DISC' | debug_disc_fallback: 67C0758CF4996FEF7E88F90CC6959D66 //this fallback is used if the disk name (id?) is 'PS3_L_DEBUG_DISC' | ||
</pre> | </pre> | ||
=== Observations === | ===Observations=== | ||
<pre>genelib.dll (Build 1.20.2662.20880): | |||
<pre> | |||
genelib.dll (Build 1.20.2662.20880): | |||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 76: | Line 66: | ||
00072E80 67 C0 75 8C gÀuŒ | 00072E80 67 C0 75 8C gÀuŒ | ||
00072E90 F4 99 6F EF 7E 88 F9 0C C6 95 9D 66 ô™oï~ˆù.Æ•.f | 00072E90 F4 99 6F EF 7E 88 F9 0C C6 95 9D 66 ô™oï~ˆù.Æ•.f</pre> | ||
</pre> | |||
== sc_iso module 1.00-4.00 == | == sc_iso module 1.00-4.00 == | ||
<pre> | <pre> | ||
0x0 | 0x0 | ||
Line 91: | Line 79: | ||
=== Observations === | === Observations === | ||
<pre> 1.00: | <pre> 1.00: | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 122: | Line 109: | ||
******** DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14 Ú¤¹ò¼p²€§³@ú..º. key rev 0x2 | ******** DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14 Ú¤¹ò¼p²€§³@ú..º. key rev 0x2 | ||
</pre> | </pre> | ||
== spu_token_processor == | == spu_token_processor == | ||
<pre> spu_token_processor 1.00-3.56 | |||
<pre>spu_token_processor 1.00-3.56 | |||
token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A | token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A | ||
token-key: 341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED | token-key: 341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED | ||
token-iv: E8663A69CD1A5C454A761E728C7C254E</pre> | token-iv: E8663A69CD1A5C454A761E728C7C254E</pre> | ||
===Observations=== | |||
=== Observations === | |||
<pre>1.00: | <pre>1.00: | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 210: | Line 188: | ||
</pre> | </pre> | ||
== appldr | == appldr rev0x01 == | ||
appold_R : B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D # ps3publictools/include/keys.h | appold_R : B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D # ps3publictools/include/keys.h | ||
appold_n : B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB # ... | appold_n : B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB # ... | ||
Line 221: | Line 198: | ||
appold_keypair_d : 3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000 # ps3publictools/include/oddkeys.h | appold_keypair_d : 3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000 # ps3publictools/include/oddkeys.h | ||
== npdrm | == npdrm rev0x01 == | ||
npdrm_R : A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D # ps3publictools/include/keys.h | npdrm_R : A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D # ps3publictools/include/keys.h | ||
npdrm_n : B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB # ... | npdrm_n : B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB # ... | ||
Line 228: | Line 204: | ||
npdrm_Da : 040AB47509BED04BD96521AD1B365B86BF620A98 # ... | npdrm_Da : 040AB47509BED04BD96521AD1B365B86BF620A98 # ... | ||
npdrm_omac_key1 : 72F990788F9CFF745725F08E4C128387 # ps3publictools/include/oddkeys.h | |||
npdrm_omac_key2 : 6BA52976EFDA16EF3C339FB2971E256B # ... | |||
npdrm_omac_key3 : 9B515FEACF75064981AA604D91A54E97 # ... | |||
npdrm_keypair_e : A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0 # ps3publictools/include/oddkeys.h | npdrm_keypair_e : A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0 # ps3publictools/include/oddkeys.h | ||
Line 237: | Line 213: | ||
---- | ---- | ||
=== Using VSH ECDSA in Python === | === Using VSH ECDSA in Python === | ||
Line 313: | Line 290: | ||
print("----------")</pre> | print("----------")</pre> | ||
=== Observations === | ===Observations=== | ||
3.10: | 3.10: | ||
PUB: | PUB: | ||
Line 412: | Line 388: | ||
0062EEA0 20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81 ›.¼„?^.*P!Ó¦§ª. | 0062EEA0 20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81 ›.¼„?^.*P!Ó¦§ª. | ||
0062EEB0 4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20 N$ÿ퟽ªÛ$<†*S µ | 0062EEB0 4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20 N$ÿ퟽ªÛ$<†*S µ | ||
3.55: | 3.55: | ||
Line 453: | Line 430: | ||
Some insight in how the AES routines and SHA1 hashes relate to offsets in appldr: | Some insight in how the AES routines and SHA1 hashes relate to offsets in appldr: | ||
* [http://pastie.org/private/fdabkjhmd3hwowi6dgsbw AES routines 3.15] | * [http://pastie.org/private/fdabkjhmd3hwowi6dgsbw AES routines 3.15] | ||
[http://pastie.org/private/unpbjffn6zgy3vldefvivq sha1 hashes 3.15] | |||
=== Primary Table === | === Primary Table === | ||
(C/P is from | (C/P is from 3.56 Fix) | ||
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 790: | Line 767: | ||
|- | |- | ||
|} | |} | ||
silk.sprx DES key: <code>8E3E1E46FFEE0309</code> | silk.sprx DES key: <code>8E3E1E46FFEE0309</code> | ||
== Colors == | == Colors == | ||
=== HMAC === | ===HMAC=== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#f491ad" | | |align="center" colspan="1" style="background:#f491ad" | | ||
Line 822: | Line 798: | ||
=== ldr key (inside decrypted metldr/asecure_loader) === | === ldr key (inside decrypted metldr/asecure_loader) === | ||
<pre>erk: C0CEFE 84C227 F75BD0 7A7EB8 46509F 93B238 E770DA CB9FF4 A388F8 12482B E21B | |||
<pre> | |||
erk: C0CEFE 84C227 F75BD0 7A7EB8 46509F 93B238 E770DA CB9FF4 A388F8 12482B E21B | |||
riv: 47EE74 54E477 4CC9B8 960C7B 59F4C1 4D | riv: 47EE74 54E477 4CC9B8 960C7B 59F4C1 4D | ||
pub: C2D4AA F31935 5019AF 99D44E 2B58CA 29252C 89123D 11D621 8F40B1 38CAB2 9B7101 F3AEB7 2A9750 19 | pub: C2D4AA F31935 5019AF 99D44E 2B58CA 29252C 89123D 11D621 8F40B1 38CAB2 9B7101 F3AEB7 2A9750 19 | ||
Line 832: | Line 806: | ||
Da: C5B2BF A1A413 DD16F2 6D31C0 F2ED47 20DCFB 067000 | Da: C5B2BF A1A413 DD16F2 6D31C0 F2ED47 20DCFB 067000 | ||
Priv: 00C5B2 BFA1A4 13DD16 F26D31 C0F2ED 4720DC FB0670 | Priv: 00C5B2 BFA1A4 13DD16 F26D31 C0F2ED 4720DC FB0670 | ||
Curvetype: 0x20 | Curvetype: 0x20</pre> | ||
</pre> | ====erk==== | ||
==== erk ==== | |||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#C0CEFE" | | |align="center" colspan="1" style="background:#C0CEFE" | | ||
Line 851: | Line 822: | ||
|} | |} | ||
==== riv ==== | ====riv==== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#47EE74" | | |align="center" colspan="1" style="background:#47EE74" | | ||
Line 862: | Line 832: | ||
|} | |} | ||
==== pub ==== | ====pub==== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#C2D4AA" | | |align="center" colspan="1" style="background:#C2D4AA" | | ||
Line 881: | Line 850: | ||
|} | |} | ||
==== R ==== | ====R==== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#806E07" | | |align="center" colspan="1" style="background:#806E07" | | ||
Line 893: | Line 861: | ||
|} | |} | ||
==== n ==== | ====n==== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#E13A7E" | | |align="center" colspan="1" style="background:#E13A7E" | | ||
Line 905: | Line 872: | ||
|} | |} | ||
==== K ==== | ====K==== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#BA9055" | | |align="center" colspan="1" style="background:#BA9055" | | ||
Line 917: | Line 883: | ||
|} | |} | ||
==== Da ==== | ====Da==== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#C5B2BF" | | |align="center" colspan="1" style="background:#C5B2BF" | | ||
Line 928: | Line 893: | ||
|align="center" colspan="1" style="background:#067000" | | |align="center" colspan="1" style="background:#067000" | | ||
|} | |} | ||
: | |||
==== Priv ==== | ====Priv==== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#00C5B2" | | |align="center" colspan="1" style="background:#00C5B2" | | ||
Line 940: | Line 905: | ||
|align="center" colspan="1" style="background:#FB0670" | | |align="center" colspan="1" style="background:#FB0670" | | ||
|} | |} | ||
: | |||
==== Curve ==== | ====Curve==== | ||
{| class="wikitable" border="0" cellspacing="1" cellpadding="1" | {| class="wikitable" border="0" cellspacing="1" cellpadding="1" | ||
|align="center" colspan="1" style="background:#000020" | | |align="center" colspan="1" style="background:#000020" | | ||
|} | |} | ||
: | |||
== Non PS3 specific Keys == | ==Non PS3 specific Keys== | ||
=== Kirk (PSP) === | === Kirk (PSP) === | ||
not to be found in the PS3, but reference is here: http://wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715 | |||
== Unknown value in syscon eeprom == | |||
this value is used at least 3 times and it's (conveniently?) positioned at the start of SYSCON EEPROM, followed by another unknown block with the same size of EID1 | |||
== Unknown value in | |||
<pre> | <pre> | ||
Line 961: | Line 925: | ||
</pre> | </pre> | ||
== Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61) == | ==Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61)== | ||
from LV1LDR.ELF | from LV1LDR.ELF FW3.61 | ||
offset 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | offset 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F | ||
Line 995: | Line 959: | ||
Unscrambling script: key_unscrambler.py | Unscrambling script: key_unscrambler.py | ||
<syntaxhighlight lang="python" enclose="div"> | <syntaxhighlight lang="python" enclose="div"> | ||
from CryptoPlus.Cipher import AES | from CryptoPlus.Cipher import AES | ||
Line 1,170: | Line 1,133: | ||
= Lv0 Passwords = | = Lv0 Passwords = | ||
Lv0 sends this value to SPU when it loads lv1.self | Lv0 sends this value to SPU when it loads lv1.self<br> | ||
Check is inside lv1ldr. | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
Line 1,192: | Line 1,156: | ||
| 4.00 - 4.11 || <code>8005ADF19082F027E19E947DC5A51A05</code> | | 4.00 - 4.11 || <code>8005ADF19082F027E19E947DC5A51A05</code> | ||
|- | |- | ||
| 4.20 - {{ | | 4.20 - {{latest}} || <code>25EFE04B1D920B48CFFDCE7D43F438F1</code> | ||
|- | |||
|} | |} | ||
= RSA Source Example = | = RSA Source Example = | ||
* | * https://paste.ubuntu.com/24678348/ | ||
* Uses Trophy Public Modulus and Exponent for Signature verification | * Uses Trophy Public Modulus and Exponent for Signature verification | ||
* | * adapted from https://rosettacode.org/wiki/RSA_code#C | ||
= Unknown Triple_DES key? = | = Unknown Triple_DES key ? = | ||
Key = F1660C455AB510B98B42660B8FB0476402C503052DB2AC87 | Key = F1660C455AB510B98B42660B8FB0476402C503052DB2AC87 | ||
Line 1,213: | Line 1,178: | ||
Data.enc = 5745E719A338CD681D02D7089A40FBF6D1E4206780ED0922E049B5BF69959DA3 | Data.enc = 5745E719A338CD681D02D7089A40FBF6D1E4206780ED0922E049B5BF69959DA3 | ||
Data.dec = 6794C8666FB90DF0B6350B1816D5C8F010101010101010101010101010101010 | Data.dec = 6794C8666FB90DF0B6350B1816D5C8F010101010101010101010101010101010 | ||
First 0x10 bytes only used from the decrypted data | |||
First 0x10 bytes only used from the decrypted data | |||
Key2 = 10CC98B53A7C4462B8700923E613FA39 | Key2 = 10CC98B53A7C4462B8700923E613FA39 | ||
Line 1,220: | Line 1,184: | ||
Data2.enc = E172AC67EFD5FB5EC97EC180592D17F2 .... 5A79457925B6678D3866ADC53C4658EE | Data2.enc = E172AC67EFD5FB5EC97EC180592D17F2 .... 5A79457925B6678D3866ADC53C4658EE | ||
Data2.dec = 00A09853C2AF506F5F8876AB4543233C .... 4334097D2FDD1C090909090909090909 | Data2.dec = 00A09853C2AF506F5F8876AB4543233C .... 4334097D2FDD1C090909090909090909 | ||
There are 2 blobs inside: 1) offset = 0, size = 0xAF 2) offset 0xB7, size = 0x240 | |||
There are 2 blobs inside: | |||
Second part contains RSA-1024 Private keyset, used to sign some data. | Second part contains RSA-1024 Private keyset, used to sign some data. | ||
Line 1,240: | Line 1,201: | ||
A31A539F9AB9E68232CC523735E18CEC41112AADF8A66DA782BA297AAC60CEA323B067D357B3410FCB84253159CAD55B6664FD888F196BB78EB2BE85EBEBDD1F | A31A539F9AB9E68232CC523735E18CEC41112AADF8A66DA782BA297AAC60CEA323B067D357B3410FCB84253159CAD55B6664FD888F196BB78EB2BE85EBEBDD1F | ||
= | = Unknown (BB Syscon) = | ||
<pre> | <pre> | ||
F8EC1FED43ED70ED9AEDC7EDF4ED18EE | |||
</pre> | </pre> | ||