Editing Talk:Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
== Superslim DEX Serial 1 Signature ==
<pre>
R:00 78 8C AE B0 E7 0C 3C D5 32 11 CC 0E 16 C2 A1 6E 9B F6 E6 80
S:00 82 03 7E 33 00 DE 68 DA 8A DD 87 E5 A8 E3 64 2F B7 55 3D D6
</pre>
== Superslim DEX Serial 1 Token ==
<pre>
2F 4A F9 92 92 F3 01 FD 40 31 53 AB 8F 4A 17 15
2F EA D8 C3 0D E5 F5 5F C8 6E 8B 19 EC BE 22 D2
82 F6 30 29 D2 CD 03 44 0B 55 06 84 0D 4E 83 0B
39 7C 4D 35 6A D8 B2 27 4C A5 74 35 95 C3 23 B4
4E 32 3B 39 5A 85 4B E4 FA E3 1B 0B 74 11 AF C9
</pre>
== 2.36 vs 3.30 appldr key 79481839C4... ==
Stop editing 79481839C4... as a PS3 FW 3.30 appldr key, unless you can disprove the absence of it since after PS3 FW 2.36 as seen here: http://pastebin.com/biWXJrst.
I see it there at offset 0x18C30 in the pastebin....
Here are some appldr keys: [http://www.sendspace.com/file/ou1ln1 .xls (dead link)] and I doubt about the versions and revisions because of ^^
Please edit and add it to the Page.
Disproving the absence: [https://www.sendspace.com/file/m0j3c1 (dead link)]
This archive contains files from PS3 FW 3.31 DECR (appldr, decrypted appldr and emer_init.self)
The key 79481839C4... is inside the decrypted appldr and used to decrypt emer_init.self.
== sv_iso_spu_module 1.02-3.55 ==
<pre>
key_0:  EF4F6A107742E8448BC1F9D8F2481B31 // key_0 is an aes_cfb128 iv
iv_0:    2226928D44032F436AFD267E748B2393
key_0_0: 126C6B5945370EEECA68262D02DD12D2 // key_0_0 is used with iv_0 to generate gen_key_0
key_0_1: D9A20A79666C27D11032ACCF0D7FB501 // key_0_1 is used with iv_0 to generate gen_key_1
key_1:  7CDD0E02076EFE4599B1B82C359919B3 // key_1 is used with iv_0
iv_1:    3BD624020BD3F865E80B3F0CD6566DD0 // iv_1 is used with gen_key_0 and gen_key_1
key_2:  380BCF0B53455B3C7817AB4FA3BA90ED // key_2 + iv_2 are used to generate something from the disk name (id?)
iv_2:    69474772AF6FDAB342743AEFAA186287
debug_disc_fallback: 67C0758CF4996FEF7E88F90CC6959D66 // this fallback is used if the disk name (id?) is 'PS3_L_DEBUG_DISC'
</pre>
=== Observations ===
<pre>
genelib.dll (Build 1.20.2662.20880):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
00034C80                                      67 C0 75 8C              gÀuŒ
00034C90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f</pre>
<pre>genelib.dll (Build 2.50.3551.37780):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
00063E80                                      67 C0 75 8C              gÀuŒ
00063E90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f</pre>
<pre>genelib.dll (Build 3.12.4159.28611):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
0006BE80                                      67 C0 75 8C              gÀuŒ
0006BE90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f</pre>
<pre>genelib.dll (Build 3.30.4566.37262):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
00072E80                                      67 C0 75 8C              gÀuŒ
00072E90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f
</pre>
== sc_iso module 1.00-4.00 ==
<pre>
0x0                                   
0x1                                   
0x2    D413B89663E1FE9F75143D3BB4565274
0x3    FA72CEEF59B4D2989F111913287F51C7
0x4    DAA4B9F2BC70B280A7B340FA0D04BA14
0x5                                   
</pre>
=== Observations ===
<pre> 1.00:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00020210  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x4
  00020220  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ  key rev 0x3
  00020230  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt  key rev 0x2
</pre>
<pre> 3.15:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00014110  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt  key rev 0x4
  00014120  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ  key rev 0x3
  00014130  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x2
</pre>
<pre> 3.41:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00014110  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt  key rev 0x4
  00014120  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ  key rev 0x3
  00014130  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x2
</pre>
<pre> 3.55:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  00014110  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt  key rev 0x4
  00014120  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ  key rev 0x3
  00014130  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x2
</pre>
<pre> 4.00:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  ********  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt  key rev 0x4
  ********  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ  key rev 0x3
  ********  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x2
</pre>
== aim_spu_module Keys Usage ==
See [[Keys#aim_spu_module_Keys]], especially aim_key, aim_iv and aim_compare.
Can anyone explain to me what is the purpose and functionality of these keys? I have never seen them in "action" before...
== spu_token_processor ==
== spu_token_processor ==
 
<pre> spu_token_processor 1.00-3.56
<pre>spu_token_processor 1.00-3.56
   token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A
   token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A
   token-key:  341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED
   token-key:  341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED
   token-iv:  E8663A69CD1A5C454A761E728C7C254E</pre>
   token-iv:  E8663A69CD1A5C454A761E728C7C254E</pre>
 
===Observations===
=== Observations ===
 
<pre>1.00:
<pre>1.00:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 148: Line 15:
0000A380  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?•¨ï..™d‚îÂ.µbí    <-- token-key
0000A380  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?•¨ï..™d‚îÂ.µbí    <-- token-key
    
    
0000A480  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯   <-- eid0_iv_sd_1
0000A480  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯
0000A490  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„   <-- aim_ks_4
0000A490  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„
    
    
0000AA20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
0000AA20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
Line 162: Line 29:
00004880  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004880  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004890  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004890  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
000048A0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„   <-- aim_ks_4
000048A0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„
000048B0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯   <-- eid0_iv_sd_1
000048B0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯
    
    
00004F20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
00004F20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
Line 176: Line 43:
00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„   <-- aim_ks_4
00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„
00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯   <-- eid0_iv_sd_1
00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯
 
00004D20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
</pre>
<pre>3.55:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
00004700  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b‘7.‹ÇVÿüa.%    <-- token-key
00004710  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?•¨ï..™d‚îÂ.µbí    <-- token-key
00004720  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  Ì0Ä"‘.Û%s5S¯Ðn‡b    <-- token-hmac
00004730  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  ³r.žú¦ÕóZoX¿8ÿ‹_    <-- token-hmac
00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„    <-- aim_ks_4
00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯    <-- eid0_iv_sd_1
    
    
00004D20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
00004D20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
Line 204: Line 57:
00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„   <-- aim_ks_4
00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„
00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯   <-- eid0_iv_sd_1
00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯
      
      
00004D20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
00004D20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
</pre>
</pre>


== appldr rev 0x01 ==
== aim_spu_module ==
  aim_ks_4 : 30B0395DC5835AAA3A7986B44AFAE684
  aim_ks_1 : 2ED7CE8D1D55454585BF6A3281CD03AF
  aim_iv  : 51F78B72A64711CF5C72323FB8607A00
  aim_key  : 922B198CDF0C07DCCE848B69882D804CC23F19C2EAE1244F35AF176F7FD37851
http://pastie.org/2547291 (ks version depends on the first four bytes of the eid)
(from main page)


===Observations===
<pre>  aim_spu_module.self.elf 1.00 :
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  00008670  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J¦;,.DâEðtÚçx*  <- pub?  (1.00-3.42)
  00008680  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6..Žâ.kßo.Š<Á{ã.  <- pub?  (1.00-3.42)
  00008690  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  êHµqôÒmí........  <- pub?  (1.00-3.42)
  000086A0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  Q÷‹r¦G.Ï\r2?¸`z.  <- IV    (1.00-3.42 but not found in 3.50++)
  000086B0  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  ’+.Œß..Ü΄‹iˆ-€L  <- KEY  (1.00-3.42 but not found in 3.50++)
  000086C0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  Â?.Âêá$O5¯.o.ÓxQ  <- KEY  (1.00-3.42 but not found in 3.50++)
  000086D0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯  <- KS 1  (1.00-3.56)
  000086E0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„  <- KS 4  (1.00-3.56)
</pre>
<pre>  aim_spu_module.self.elf 3.42:
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  00003070  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„  <- KS 4  (1.00-3.56)
  00003080  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯  <- KS 1  (1.00-3.56)
  00003090  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  ’+.Œß..Ü΄‹iˆ-€L  <- KEY  (1.00-3.42 but not found in 3.50++)
  000030A0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  Â?.Âêá$O5¯.o.ÓxQ  <- KEY  (1.00-3.42 but not found in 3.50++)
  000030B0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  Q÷‹r¦G.Ï\r2?¸`z.  <- IV    (1.00-3.42 but not found in 3.50++)
  000030C0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J¦;,.DâEðtÚçx*  <- pub?  (1.00-3.42)
  000030D0  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6..Žâ.kßo.Š<Á{ã.  <- pub?  (1.00-3.42)
  000030E0  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  êHµqôÒmí........  <- pub?  (1.00-3.42)
</pre>
----
== appldr rev0x01 ==
  appold_R  :  B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D        # ps3publictools/include/keys.h
  appold_R  :  B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D        # ps3publictools/include/keys.h
  appold_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
  appold_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
Line 221: Line 112:
  appold_keypair_d :  3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000        # ps3publictools/include/oddkeys.h
  appold_keypair_d :  3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000        # ps3publictools/include/oddkeys.h


== npdrm rev 0x01 ==
== npdrm rev0x01 ==
 
  npdrm_R  :  A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D        # ps3publictools/include/keys.h
  npdrm_R  :  A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D        # ps3publictools/include/keys.h
  npdrm_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
  npdrm_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
Line 228: Line 118:
  npdrm_Da :  040AB47509BED04BD96521AD1B365B86BF620A98        # ...
  npdrm_Da :  040AB47509BED04BD96521AD1B365B86BF620A98        # ...
        
        
  klic_ps3_free :  72F990788F9CFF745725F08E4C128387        # ps3publictools/include/oddkeys.h
  npdrm_omac_key1 :  72F990788F9CFF745725F08E4C128387        # ps3publictools/include/oddkeys.h
  npd_header_hash_xor_key :  6BA52976EFDA16EF3C339FB2971E256B        # ...
  npdrm_omac_key2 :  6BA52976EFDA16EF3C339FB2971E256B        # ...
  npd_cid_fn_hash_aes_cmac_key :  9B515FEACF75064981AA604D91A54E97        # ...
  npdrm_omac_key3 :  9B515FEACF75064981AA604D91A54E97        # ...
        
        
  npdrm_keypair_e  :  A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0        # ps3publictools/include/oddkeys.h
  npdrm_keypair_e  :  A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0        # ps3publictools/include/oddkeys.h
Line 236: Line 126:
  npdrm_keypair_d  :  87C74FFE66930BAAA16F864091C566FB000000000000000000000000000000000828B58FACF9DEC8D70DFEF0F37663AE00000000000000000000000000000000        # ps3publictools/include/oddkeys.h
  npdrm_keypair_d  :  87C74FFE66930BAAA16F864091C566FB000000000000000000000000000000000828B58FACF9DEC8D70DFEF0F37663AE00000000000000000000000000000000        # ps3publictools/include/oddkeys.h


----
=== Using VSH ECDSA in Python ===
<pre>#!/usr/bin/env python
### Python 2 future-compatible workarounds: (see: http://python-future.org/compatible_idioms.html)
## prevent interpreting print(a,b) as a tuple plus support print(a, file=sys.stderr)
from __future__ import print_function
## interpret long as int, support int.from_bytes()
from builtins import int
## support bytes()
from builtins import bytes
import hashlib
import binascii
CONST_VSH_ECDSA = {
    "P": { "INT": 0xFFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF, "DESC": "VSH P", },
    "A": { "INT": 0xFFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFC, "DESC": "VSH A", },
    "B": { "INT": 0xA68BEDC33418029C1D3CE33B9A321FCCBB9E0F0B, "DESC": "VSH B", },
    "N": { "INT": 0xFFFFFFFFFFFFFFFEFFFFB5AE3C523E63944F2127, "DESC": "VSH Order N/Q", },
    "GX": { "INT": 0x128EC4256487FD8FDF64E2437BC0A1F6D5AFDE2C, "DESC": "VSH Gx", },
    "GY": { "INT": 0x5958557EB1DB001260425524DBC379D5AC5F4ADF, "DESC": "VSH Gy", },
    "PUBX": { "INT": 0x6227B00A02856FB04108876719E0A0183291EEB9, "DESC": "VSH PubKey X", },
    "PUBY": { "INT": 0x6E736ABF81F70EE9161B0DDEB026761AFF7BC85B, "DESC": "VSH PubKey Y", },
}
Data = bytes.fromhex("fcf66ca605a05f5274552f6df523050d98cf249bb06fdce5a0cc0db82503446cc9c00c57f7d7017368844a5f4dc25335b3d4af51238dde5b939d1d271c4922bd05017aa28d22b175165a49941ead92081044f5dd1e3f49d7b0f31a767425e702b75131fac432adfb2e24f62553cde74a8d03e1267893674b52693fbd20e801becd85fef37ccd7c735121a4f5910cf807")
print("Data:", binascii.hexlify(Data))
Sha1 = hashlib.sha1(Data).digest()  ## 0ac2caf8d2a7489be95673c7ab4d75c6a448c5f4
print("Sha1:", binascii.hexlify(Sha1))
Signature_R = 0x008288896404ecb6447a93bdc5606bda076ea0e6a1
Signature_S = 0x00846c7b4596e63808ca85b3e975b4673c2c84c711
print("----------")</pre>
A) With starkbank-ecdsa (faster) from https ://pypi.org/project/starkbank-ecdsa/<br>
Install via: pip install starkbank-ecdsa
<pre>import ellipticcurve.curve
import ellipticcurve.ecdsa
import ellipticcurve.point
import ellipticcurve.publicKey
import ellipticcurve.signature
Vsh_Curve = ellipticcurve.curve.CurveFp(CONST_VSH_ECDSA["A"]["INT"], CONST_VSH_ECDSA["B"]["INT"], CONST_VSH_ECDSA["P"]["INT"], CONST_VSH_ECDSA["N"]["INT"], CONST_VSH_ECDSA["GX"]["INT"], CONST_VSH_ECDSA["GY"]["INT"], "VSH Curve", oid=(1, 2, 3, 4))
#
Vsh_PubKey_Point = ellipticcurve.point.Point(CONST_VSH_ECDSA["PUBX"]["INT"], CONST_VSH_ECDSA["PUBY"]["INT"])
Vsh_PubKey = ellipticcurve.publicKey.PublicKey(Vsh_PubKey_Point, Vsh_Curve)
#
Signature = ellipticcurve.signature.Signature(Signature_R, Signature_S)
#
Data_String = Data.decode("latin-1")
Result = ellipticcurve.ecdsa.Ecdsa.verify(Data_String, Signature, Vsh_PubKey, hashfunc=hashlib.sha1)
print("Verify with module starkbank-ecdsa:", Result)
print("----------")</pre>
B) With ecdsa (slower) from https ://pypi.org/project/ecdsa/<br>
Install via: pip install ecdsa
<pre>import ecdsa.curves
import ecdsa.ecdsa
import ecdsa.ellipticcurve
import ecdsa.keys
Vsh_Curve = ecdsa.ellipticcurve.CurveFp(CONST_VSH_ECDSA["P"]["INT"], CONST_VSH_ECDSA["A"]["INT"], CONST_VSH_ECDSA["B"]["INT"])
Vsh_Generator = ecdsa.ellipticcurve.PointJacobi(Vsh_Curve, CONST_VSH_ECDSA["GX"]["INT"], CONST_VSH_ECDSA["GY"]["INT"], 1, order=CONST_VSH_ECDSA["N"]["INT"], generator=True)
#
Vsh_PubKey_Point = ecdsa.ellipticcurve.Point(Vsh_Curve, CONST_VSH_ECDSA["PUBX"]["INT"], CONST_VSH_ECDSA["PUBY"]["INT"], order=CONST_VSH_ECDSA["N"]["INT"])
Vsh_PubKey = ecdsa.ecdsa.Public_key(Vsh_Generator, Vsh_PubKey_Point, verify=True)
#
Signature = ecdsa.ecdsa.Signature(Signature_R, Signature_S)
#
Sha1_Int = int.from_bytes(Sha1, byteorder="big")
print("Sha1 Int:", Sha1_Int)
Result = Vsh_PubKey.verifies(Sha1_Int, Signature)
print("Verify with module ecdsa:", Result)
print("----------")</pre>
=== Observations ===
3.10:
PUB:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0065ECC0  62 27 B0 0A 02 85 6F B0 41 08 87 67 19 E0 A0 18  b'°..…o°A.‡g.à .
  0065ECD0  32 91 EE B9 6E 73 6A BF 81 F7 0E E9 16 1B 0D DE  2‘î¹nsj¿.÷.é...Þ
  0065ECE0  B0 26 76 1A FF 7B C8 5B                          °&v.ÿ{È[
CURVE:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0061CF60  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CF70  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CF80  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CF90  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CFA0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CFB0  00 00 00 00 00 00 00 00 FF FF FF FE 00 00 00 00  ........ÿÿÿþ....
  0061CFC0  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FE  ............ÿÿÿþ
  0061CFD0  00 00 00 00 00 00 00 03 9A 2E B7 73 FC A6 1D CB  ........š.·sü¦.Ë
  0061CFE0  52 36 A4 2C 6F 7F EB 42 6E 5A DA 06 00 00 00 00  R6¤,o.ëBnZÚ.....
  0061CFF0  00 00 00 00 FF FE 4A 39 E8 0D 6F 15 1E 24 52 70  ....ÿþJ9è.o..$Rp
  0061D000  DD A6 53 11 EA B7 63 4F 69 57 7D 0F 51 E3 06 02  ݦS.ê·cOiW}.Qã..
  0061D010  71 1A 07 05 9F BC A7 BA 92 F5 E3 4D 6F 72 16 F0  q...Ÿ¼§º’õãMor.ð
  0061D020  D8 28 A3 7D 41 3E F7 3F 00 00 00 00 00 00 00 00  Ø(£}A>÷?........
  0061D030  FF FF FF FE 00 00 00 00 00 00 00 00 00 00 00 00  ÿÿÿþ............
  0061D040  00 00 00 00 FF FF FF FE 00 00 00 00 00 00 00 03  ....ÿÿÿþ........
  0061D050  59 74 12 3C CB E7 FD 63 E2 C3 1C C4 65 CD E0 33  Yt.<ËçýcâÃ.ÄeÍà3
  0061D060  44 61 F0 F4 00 00 00 00 00 00 00 01 00 00 4A 51  Daðô..........JQ
  0061D070  C3 AD C1 9C 6B B0 DE D8 ED 71 3B DA 9B 78 02 70  íÁœk°ÞØíq;Ú›x.p
  0061D080  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81  ›.¼„?^.*P!Ó¦§ª.
  0061D090  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ
3.15:
PUB:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  0065FAF0                          62 27 B0 0A 02 85 6F B0          b'°..…o°
  0065FB00  41 08 87 67 19 E0 A0 18 32 91 EE B9 6E 73 6A BF  A.‡g.à .2‘î¹nsj¿
  0065FB10  81 F7 0E E9 16 1B 0D DE B0 26 76 1A FF 7B C8 5B  .÷.é...Þ°&v.ÿ{È[
CURVE:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  0061DDE0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DDF0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DE00  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DE10  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DE20  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DE30  00 00 00 00 00 00 00 00 FF FF FF FE 00 00 00 00  ........ÿÿÿþ....
  0061DE40  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FE  ............ÿÿÿþ
  0061DE50  00 00 00 00 00 00 00 03 9A 2E B7 73 FC A6 1D CB  ........š.·sü¦.Ë
  0061DE60  52 36 A4 2C 6F 7F EB 42 6E 5A DA 06 00 00 00 00  R6¤,o.ëBnZÚ.....
  0061DE70  00 00 00 00 FF FE 4A 39 E8 0D 6F 15 1E 24 52 70  ....ÿþJ9è.o..$Rp
  0061DE80  DD A6 53 11 EA B7 63 4F 69 57 7D 0F 51 E3 06 02  ݦS.ê·cOiW}.Qã..
  0061DE90  71 1A 07 05 9F BC A7 BA 92 F5 E3 4D 6F 72 16 F0  q...Ÿ¼§º’õãMor.ð
  0061DEA0  D8 28 A3 7D 41 3E F7 3F 00 00 00 00 00 00 00 00  Ø(£}A>÷?........
  0061DEB0  FF FF FF FE 00 00 00 00 00 00 00 00 00 00 00 00  ÿÿÿþ............
  0061DEC0  00 00 00 00 FF FF FF FE 00 00 00 00 00 00 00 03  ....ÿÿÿþ........
  0061DED0  59 74 12 3C CB E7 FD 63 E2 C3 1C C4 65 CD E0 33  Yt.<ËçýcâÃ.ÄeÍà3
  0061DEE0  44 61 F0 F4 00 00 00 00 00 00 00 01 00 00 4A 51  Daðô..........JQ
  0061DEF0  C3 AD C1 9C 6B B0 DE D8 ED 71 3B DA 9B 78 02 70  íÁœk°ÞØíq;Ú›x.p
  0061DF00  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81  ›.¼„?^.*P!Ó¦§ª.
  0061DF10  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ
3.41:
PUB:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  00671640                          62 27 B0 0A 02 85 6F B0          b'°..…o°
  00671650  41 08 87 67 19 E0 A0 18 32 91 EE B9 6E 73 6A BF  A.‡g.à .2‘î¹nsj¿
  00671660  81 F7 0E E9 16 1B 0D DE B0 26 76 1A FF 7B C8 5B  .÷.é...Þ°&v.ÿ{È[
CURVE:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  0062ED80  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062ED90  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062EDA0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062EDB0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062EDC0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062EDD0  00 00 00 00 00 00 00 00 FF FF FF FE 00 00 00 00  ........ÿÿÿþ....
  0062EDE0  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FE  ............ÿÿÿþ
  0062EDF0  00 00 00 00 00 00 00 03 9A 2E B7 73 FC A6 1D CB  ........š.·sü¦.Ë
  0062EE00  52 36 A4 2C 6F 7F EB 42 6E 5A DA 06 00 00 00 00  R6¤,o.ëBnZÚ.....
  0062EE10  00 00 00 00 FF FE 4A 39 E8 0D 6F 15 1E 24 52 70  ....ÿþJ9è.o..$Rp
  0062EE20  DD A6 53 11 EA B7 63 4F 69 57 7D 0F 51 E3 06 02  ݦS.ê·cOiW}.Qã..
  0062EE30  71 1A 07 05 9F BC A7 BA 92 F5 E3 4D 6F 72 16 F0  q...Ÿ¼§º’õãMor.ð
  0062EE40  D8 28 A3 7D 41 3E F7 3F 00 00 00 00 00 00 00 00  Ø(£}A>÷?........
  0062EE50  FF FF FF FE 00 00 00 00 00 00 00 00 00 00 00 00  ÿÿÿþ............
  0062EE60  00 00 00 00 FF FF FF FE 00 00 00 00 00 00 00 03  ....ÿÿÿþ........
  0062EE70  59 74 12 3C CB E7 FD 63 E2 C3 1C C4 65 CD E0 33  Yt.<ËçýcâÃ.ÄeÍà3
  0062EE80  44 61 F0 F4 00 00 00 00 00 00 00 01 00 00 4A 51  Daðô..........JQ
  0062EE90  C3 AD C1 9C 6B B0 DE D8 ED 71 3B DA 9B 78 02 70  íÁœk°ÞØíq;Ú›x.p
  0062EEA0  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81  ›.¼„?^.*P!Ó¦§ª.
  0062EEB0  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ
3.55:
PUB:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0067F370  62 27 B0 0A 02 85 6F B0 41 08 87 67 19 E0 A0 18  b'°..…o°A.‡g.à .
  0067F380  32 91 EE B9 6E 73 6A BF 81 F7 0E E9 16 1B 0D DE  2‘î¹nsj¿.÷.é...Þ
  0067F390  B0 26 76 1A FF 7B C8 5B                          °&v.ÿ{È[
CURVE:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0063B410  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B420  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B430  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B440  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B450  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B460  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B470  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B480  00 00 00 00 00 00 00 00 FF FF FF FE 00 00 00 00  ........ÿÿÿþ....
  0063B490  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FE  ............ÿÿÿþ
  0063B4A0  00 00 00 00 00 00 00 03 9A 2E B7 73 FC A6 1D CB  ........š.·sü¦.Ë
  0063B4B0  52 36 A4 2C 6F 7F EB 42 6E 5A DA 06 00 00 00 00  R6¤,o.ëBnZÚ.....
  0063B4C0  00 00 00 00 FF FE 4A 39 E8 0D 6F 15 1E 24 52 70  ....ÿþJ9è.o..$Rp
  0063B4D0  DD A6 53 11 EA B7 63 4F 69 57 7D 0F 51 E3 06 02  ݦS.ê·cOiW}.Qã..
  0063B4E0  71 1A 07 05 9F BC A7 BA 92 F5 E3 4D 6F 72 16 F0  q...Ÿ¼§º’õãMor.ð
  0063B4F0  D8 28 A3 7D 41 3E F7 3F 00 00 00 00 00 00 00 00  Ø(£}A>÷?........
  0063B500  FF FF FF FE 00 00 00 00 00 00 00 00 00 00 00 00  ÿÿÿþ............
  0063B510  00 00 00 00 FF FF FF FE 00 00 00 00 00 00 00 03  ....ÿÿÿþ........
  0063B520  59 74 12 3C CB E7 FD 63 E2 C3 1C C4 65 CD E0 33  Yt.<ËçýcâÃ.ÄeÍà3
  0063B530  44 61 F0 F4 00 00 00 00 00 00 00 01 00 00 4A 51  Daðô..........JQ
  0063B540  C3 AD C1 9C 6B B0 DE D8 ED 71 3B DA 9B 78 02 70  íÁœk°ÞØíq;Ú›x.p
  0063B550  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81  ›.¼„?^.*P!Ó¦§ª.
  0063B560  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ


----
----


== Raw key list ==
==RAW key list==
 
Some insight in how the AES routines and SHA1 hashes relate to offsets in appldr:
* [http://pastie.org/private/fdabkjhmd3hwowi6dgsbw AES routines 3.15]
* [http://pastie.org/private/unpbjffn6zgy3vldefvivq sha1 hashes 3.15]
 
=== Primary Table ===
 
(C/P is from PS3 FW 3.56 Fix)


=== Primairy Table ===
(C/P is from 3.56 Fix)
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 573: Line 247:
   0001A3B0  B2 C0 CD 24 92 B0 B5 A1 00 00 00 3A 00 00 00 00  ²ÀÍ$’°µ¡...:....  PUB - Curve
   0001A3B0  B2 C0 CD 24 92 B0 B5 A1 00 00 00 3A 00 00 00 00  ²ÀÍ$’°µ¡...:....  PUB - Curve


=== Secondary Tables ===
=== Secondairy Tables ===


==== 1.00 ====
====1.00====
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 599: Line 273:
   000150B0  B4 57 8A 4C 61 C5 D6 BF 00 00 00 11 00 00 00 00  ´WŠLaÅÖ¿........  PUB - Curve
   000150B0  B4 57 8A 4C 61 C5 D6 BF 00 00 00 11 00 00 00 00  ´WŠLaÅÖ¿........  PUB - Curve


==== 2.40 ====
====2.40====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 610: Line 283:
   00018EF0  C7 46 05 E7 B8 CB 73 2D 00 00 00 08 00 00 00 00  ÇF.ç¸Ës-........  PUB - Curve
   00018EF0  C7 46 05 E7 B8 CB 73 2D 00 00 00 08 00 00 00 00  ÇF.ç¸Ës-........  PUB - Curve


==== 3.40 ====
====3.40====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 635: Line 307:
   000194E0  08 F6 A0 36 58 F2 97 0E 00 00 00 29 00 00 00 00  .ö 6Xò—....)....  PUB - Curve
   000194E0  08 F6 A0 36 58 F2 97 0E 00 00 00 29 00 00 00 00  .ö 6Xò—....)....  PUB - Curve


==== 3.50 ====
====3.50====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 660: Line 331:
   000197D0  27 CE 9E 47 88 9A 45 D0 00 00 00 2A 00 00 00 00  'ΞGˆšEÐ...*....  PUB - Curve
   000197D0  27 CE 9E 47 88 9A 45 D0 00 00 00 2A 00 00 00 00  'ΞGˆšEÐ...*....  PUB - Curve


==== 3.55 ====
====3.55====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 685: Line 355:
   0001A710  FA 3B E8 32 9E 01 5E 57 00 00 00 3A 00 00 00 00  ú;è2ž.^W...:....  PUB - Curve
   0001A710  FA 3B E8 32 9E 01 5E 57 00 00 00 3A 00 00 00 00  ú;è2ž.^W...:....  PUB - Curve


==== 3.56 ====
====3.56====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 709: Line 378:
   00020650  F2 E5 6B 3D AA 5F 7F AF 53 A4 94 4A A9 B8 41 F7  òåk=ª_.¯S¤”J©¸A÷  PUB
   00020650  F2 E5 6B 3D AA 5F 7F AF 53 A4 94 4A A9 B8 41 F7  òåk=ª_.¯S¤”J©¸A÷  PUB
   00020660  6A B0 91 E1 6B 23 14 33 00 00 00 3B 00 00 00 00  j°‘ák#.3...;....  PUB - Curve
   00020660  6A B0 91 E1 6B 23 14 33 00 00 00 3B 00 00 00 00  j°‘ák#.3...;....  PUB - Curve
 
  00020C10  13 5C 09 8C BE 6A 3E 03 7E BE 9F 2B B9 B3 02 18  .\.Œ¾j>.~¾Ÿ+¹³..  ERK          unknown  3.56++
  00020C20  DD E8 D6 82 17 34 6F 9A D3 32 03 35 2F BB 32 91  ÝèÖ‚.4ošÓ2.5/»2‘  ERK
  00020C30  40 70 C8 98 C2 EA AD 16 34 A2 88 AA 54 7A 35 A8  @pȘÂê­.4¢ˆªTz5¨    RIV
  00020C40  BB D7 CC CB 55 6C 2E F0 F9 08 DC 78 10 FA FC 37  »×ÌËUl.ðù.Üx.úü7  PUB
  00020C50  F2 E5 6B 3D AA 5F 7F AF 53 A4 94 4A A9 B8 41 F7  òåk=ª_.¯S¤”J©¸A÷  PUB
  00020C60  6A B0 91 E1 6B 23 14 33 00 00 00 3B 00 00 00 00  j°‘ák#.3...;....  PUB - Curve


* [http://pastebin.com/2btt19gh] <!--//Older pastie: http://pastebin.com/uWUqGXwx / http://pastie.org/private/enolspz7cyhvlg8rxhqwqg//-->
 
http://pastebin.com/2btt19gh
<!--//Older pastie: http://pastebin.com/uWUqGXwx / http://pastie.org/private/enolspz7cyhvlg8rxhqwqg//-->


=== Other ===
=== Other ===
some pasties mention parts of these, for completeness listed too.
some pasties mention parts of these, for completeness listed too.


==== Revokelist ====
==== 1.00 ====
 
(seen in =>1.00 <= 3.55)
Seen in: appldr, isoldr, lv2ldr, spu_pkg_rvk_verifier.self
 
===== 1.00-3.55 RVK =====
 
(seen in => 1.00 <= 3.55)
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
   0001AC00  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  .¯.ý.æÚ6cah,ßYùp     ERK - rvklist 0.80-3.55
   0001AC00  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  .¯.ý.æÚ6cah,ßYùp       RVK
   0001AC10  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ‹]xvô.ž.šÂ²/Q¶.ß     ERK - rvklist 0.80-3.55
   0001AC10  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ‹]xvô.ž.šÂ²/Q¶.ß
   0001AC20  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ‹]xvô.ž.šÂ²/Q¶.ß     RIV - rvklist 0.80-3.55
   0001AC20  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ‹]xvô.ž.šÂ²/Q¶.ß
   0001AC30  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  šÞx0ët$^ÃWÎOd.c>     PUB - rvklist 0.80-3.55
   0001AC30  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  šÞx0ët$^ÃWÎOd.c>
   0001AC40  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  Z€Hý†_...‘‰SZ7b>     PUB - rvklist 0.80-3.55
   0001AC40  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  Z€Hý†_...‘‰SZ7b>
   0001AC50  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!Btc§T÷........     PUB - rvklist 0.80-3.55
   0001AC50  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!Btc§T÷........


===== 3.56 RVK =====
==== 3.56 ====
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
   00020C70  22 62 8A 9E C4 C4 14 D5 B3 2F 2B 4B A4 92 60 89  "bŠžÄÄ.Õ³/+K¤’`‰     ERK - rvklist 3.56
   00020C70  22 62 8A 9E C4 C4 14 D5 B3 2F 2B 4B A4 92 60 89  "bŠžÄÄ.Õ³/+K¤’`‰
   00020C80  DE 9A 46 1B 19 0F B3 E4 39 2D 05 7C 52 55 35 DE  ÞšF...³ä9-.|RU5Þ     ERK - rvklist 3.56
   00020C80  DE 9A 46 1B 19 0F B3 E4 39 2D 05 7C 52 55 35 DE  ÞšF...³ä9-.|RU5Þ
   00020C90  D5 D4 B8 ED 62 B6 CC A0 24 9A 79 77 6E 13 69 75  ÕÔ¸íb¶Ì $šywn.iu     RIV - rvklist 3.56
   00020C90  D5 D4 B8 ED 62 B6 CC A0 24 9A 79 77 6E 13 69 75  ÕÔ¸íb¶Ì $šywn.iu
   00020CA0  51 75 1B 9F 1D A5 86 38 D2 D9 9F 67 E2 0A 1D 4A  Qu.Ÿ.¥†8ÒÙŸgâ..J     PUB - rvklist 3.56
   00020CA0  51 75 1B 9F 1D A5 86 38 D2 D9 9F 67 E2 0A 1D 4A  Qu.Ÿ.¥†8ÒÙŸgâ..J
   00020CB0  45 4C 5B 04 2C D1 D0 A4 49 A2 98 98 08 00 2B A6  EL[.,ÑФI¢˜˜..+¦     PUB - rvklist 3.56
   00020CB0  45 4C 5B 04 2C D1 D0 A4 49 A2 98 98 08 00 2B A6  EL[.,ÑФI¢˜˜..+¦
   00020CC0  8F B5 B7 F4 B5 B4 E6 3B 00 00 00 00 00 00 00 00  .µ·ôµ´æ;........     PUB - rvklist 3.56
   00020CC0  8F B5 B7 F4 B5 B4 E6 3B 00 00 00 00 00 00 00 00  .µ·ôµ´æ;........


==== 1.00+ ====
==== 1.00 ====
 
(seen in =>1.00 <=3.56)
(seen in => 1.00 <=3.56)
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 767: Line 437:
----
----


Params: 0C08000E090504040D010F000406020209060D03
==Other lists==
KeygenV4: 6B1ACEA246B745FD8F93763B920594CD53483B82
Fallback key: D1C1E10B9C547E689B805DCD9710CE8D
 
<!--//Other lists//-->


<!--//http://pastie.org/private/zgfqskjthrphpmcho99hg checked, all are listed above//-->
<!--//http://pastie.org/private/zgfqskjthrphpmcho99hg checked, all are listed above//-->
Line 779: Line 445:
<!--//http://www.pastie.org/1836314 not a keylist, but readself output//-->
<!--//http://www.pastie.org/1836314 not a keylist, but readself output//-->


<!--//http://pastie.org/private/dhdhplnph3pondohxnrlnw checked, all are listed above or not curve e.g.: 03 af 06 fd 1c e6 da 36 //-->
http://pastie.org/private/dhdhplnph3pondohxnrlnw
 
 
----


== Fake keys ==
== Fake keys ==
Line 791: Line 460:
|}
|}


silk.sprx DES key: <code>8E3E1E46FFEE0309</code>
 


== Colors ==
== Colors ==


=== HMAC ===
===HMAC===
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| {{table}} border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#f491ad" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#f491ad" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#94c681" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#94c681" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 821: Line 490:
|}
|}


=== ldr key (inside decrypted metldr/asecure_loader) ===
===3.55===
 
====erk====
<pre>
{| {{table}} border="0" cellspacing="1" cellpadding="1"
erk: C0CEFE 84C227 F75BD0 7A7EB8 46509F 93B238 E770DA CB9FF4 A388F8 12482B E21B
riv: 47EE74 54E477 4CC9B8 960C7B 59F4C1 4D
pub: C2D4AA F31935 5019AF 99D44E 2B58CA 29252C 89123D 11D621 8F40B1 38CAB2 9B7101 F3AEB7 2A9750 19
R: 806E07 8FA152 9790CE 1AAE02 BADD6F AAA6AF 741700
n: E13A7E BC3ACC EB1CB5 6CC860 FCABDB 6A048C 55E100
K: BA9055 916861 B977ED CBED92 005092 F66C7A 3D8D00
Da: C5B2BF A1A413 DD16F2 6D31C0 F2ED47 20DCFB 067000
Priv: 00C5B2 BFA1A4 13DD16 F26D31 C0F2ED 4720DC FB0670
Curvetype: 0x20
</pre>
 
==== erk ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C0CEFE" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C0CEFE" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#84C227" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#84C227" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 851: Line 506:
|}
|}


==== riv ====
====riv====
 
{| {{table}} border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#47EE74" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#47EE74" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#54E477" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#54E477" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 862: Line 516:
|}
|}


==== pub ====
====pub====
 
{| {{table}} border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C2D4AA" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C2D4AA" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#F31935" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#F31935" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 881: Line 534:
|}
|}


==== R ====
====R====
 
{| {{table}} border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#806E07" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#806E07" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#8FA152" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#8FA152" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 893: Line 545:
|}
|}


==== n ====
====n====
 
{| {{table}} border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#E13A7E" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#E13A7E" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#BC3ACC" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#BC3ACC" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 905: Line 556:
|}
|}


==== K ====
====K====
 
{| {{table}} border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#BA9055" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#BA9055" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#916861" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#916861" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 917: Line 567:
|}
|}


==== Da ====
====Da====
 
{| {{table}} border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C5B2BF" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C5B2BF" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#A1A413" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#A1A413" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 928: Line 577:
|align="center" colspan="1" style="background:#067000" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#067000" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
|}
:


==== Priv ====


{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
==Non PS3 specific Keys==
|align="center" colspan="1" style="background:#00C5B2" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#BFA1A4" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#13DD16" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#F26D31" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C0F2ED" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#4720DC" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#FB0670" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
 
==== Curve ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#000020" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
 
== Non PS3 specific Keys ==


=== Kirk (PSP) ===
=== Kirk (PSP) ===
 
not to be found in the PS3, but reference is here: http://wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715
Not to be found in the PS3, but reference is here: http://wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715
 
== Unknown value in Syscon eeprom ==
 
This value is used at least 3 times and it is (conveniently?) positioned at the start of SYSCON EEPROM, followed by another unknown block with the same size of EID1.
 
<pre>
99 D9 66 2B B3 D7 61 54 6B 9C 3F 9E D1 40 ED B0
</pre>
 
== Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61) ==
 
from LV1LDR.ELF FW 3.61
 
  offset 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  1A390  00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 < curve_type
  1A3A0  00 00 00 00 00 00 00 00 00 01 2E 08 00 01 2D C0
  1A3B0  00 01 8A 90 00 01 8A D0 00 00 00 00 00 00 00 00
  1A3C0  00 00 00 00 00 00 00 00 00 01 2D 90 00 01 2D 78
  1A3D0  00 01 66 28 00 01 66 28 00 00 00 00 00 00 00 00
  1A3E0  1C DA BE 30 83 38 23 F4 61 CA 53 41 04 11 5F FF < pub
  1A3F0  60 01 0B 71 06 31 E4 35 A7 D9 15 E8 2A E8 8E DE < pub
  1A400  66 72 64 65 6C B7 06 2E 00 00 00 00 00 00 00 00 < pub
  1A410  84 4F 80 F3 C5 7C 45 5C 7F 09 00 00 00 00 00 00 < root_scramble_key
 
  1D140  F9 2C 86 66 EF FB AC 7E B5 83 E5 4A 25 7F 7C 05 < sk1_key
  1D150  DD F6 A5 B1 43 C1 14 1F EE D0 1C DA 71 97 05 C3 < sk2_key
  1D160  F2 E7 0B C4 BA C1 0C 3D 8D DB B7 DC 23 05 3F 9A < sk1_iv
  1D170  01 8E 69 5C 3A 29 AF 6E 74 6A 73 CB F7 3D BD FD < sk2_iv
  1D180  FF FF FF FF 00 00 00 00 00 00 00 01 00 00 00 01
  1D190  FF FF FF FF 00 00 00 07 00 00 00 06 00 00 00 02
  1D1A0  00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00
  1D1B0  FF FF FF FF 00 00 00 30 00 00 00 20 00 00 00 20
  1D1C0  00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00
  1D1D0  00 00 00 00 FF FF FF F0 00 00 00 00 00 00 00 00
  1D1E0  62 7C B1 80 8A B9 38 E3 2C 8C 09 17 08 72 6A 57
  1D1F0  9E 25 86 E4 00 00 00 00 00 00 00 00 00 00 00 00
 
  1DE00  18 09 79 66 C3 DE 8A 0D 82 BF 95 6C B3 9F AF 78 < erk_obf
  1DE10  22 95 C6 CA 7F 1E 54 7A B3 0E DF D7 EE 5C B8 12 < erk_obf
  1DE20  9B 32 B2 0F A7 72 80 F1 09 5E A1 3F 1C 2D 5C 99 < riv_obf
 
Unscrambling script: key_unscrambler.py
 
<syntaxhighlight lang="python" enclose="div">
  from CryptoPlus.Cipher import AES
  import hashlib, hmac
 
  def sha1_hmac(key, data):
    return hmac.new(key=key, msg=data, digestmod=hashlib.sha1).digest()
 
  def aes_decrypt_cbc(key, iv, data):
    crypto = AES.new(key, AES.MODE_CBC, iv)
    return crypto.decrypt(data)
   
  def unscramble(key, iv, data):
    key = sha1_hmac(root_scramble_key, key)
    return aes_decrypt_cbc(key[:16], iv, data)
 
  def unscramble_1(key):
    return unscramble(sk1_key, sk1_iv, key)
 
  def unscramble_2(key):
    return unscramble(sk2_key, sk2_iv, key)
 
  root_scramble_key = '844F80F3C57C455C7F09'.decode('hex')
 
  sk1_key = 'F92C8666EFFBAC7EB583E54A257F7C05'.decode('hex')
  sk1_iv = 'F2E70BC4BAC10C3D8DDBB7DC23053F9A'.decode('hex')
 
  sk2_key = 'DDF6A5B143C1141FEED01CDA719705C3'.decode('hex')
  sk2_iv = '018E695C3A29AF6E746A73CBF73DBDFD'.decode('hex')
 
  erk_obf = '18097966C3DE8A0D82BF956CB39FAF782295C6CA7F1E547AB30EDFD7EE5CB812'.decode('hex')
  riv_obf = '9B32B20FA77280F1095EA13F1C2D5C99'.decode('hex')
 
  erk_dec = unscramble_1(erk_obf)
  riv_dec = unscramble_2(riv_obf)
 
  print 'erk_dec:', erk_dec.encode('hex')
  print 'riv_dec:', riv_dec.encode('hex')
</syntaxhighlight>
 
Scrambling script: key_scrambler.py
 
<syntaxhighlight lang="python" enclose="div">
  from CryptoPlus.Cipher import AES
  import hashlib, hmac
 
  def sha1_hmac(key, data):
    return hmac.new(key=key, msg=data, digestmod=hashlib.sha1).digest()
 
  def aes_encrypt_cbc(key, iv, data):
    crypto = AES.new(key, AES.MODE_CBC, iv)
    return crypto.encrypt(data)
   
  def scramble(key, iv, data):
    key = sha1_hmac(root_scramble_key, key)
    return aes_encrypt_cbc(key[:16], iv, data)
 
  def scramble_1(key):
    return scramble(sk1_key, sk1_iv, key)
 
  def scramble_2(key):
    return scramble(sk2_key, sk2_iv, key)
 
  root_scramble_key = '844F80F3C57C455C7F09'.decode('hex')
 
  sk1_key = 'F92C8666EFFBAC7EB583E54A257F7C05'.decode('hex')
  sk1_iv = 'F2E70BC4BAC10C3D8DDBB7DC23053F9A'.decode('hex')
 
  sk2_key = 'DDF6A5B143C1141FEED01CDA719705C3'.decode('hex')
  sk2_iv = '018E695C3A29AF6E746A73CBF73DBDFD'.decode('hex')
 
  erk_dec = '5FF17D836E2C4AD69476E2614F64BDD05B9115389A9A6D055B5B544B1C34E3D5'.decode('hex')
  riv_dec = 'DF0F50EC3C4743C5B17839D7B49F24A4'.decode('hex')
 
  erk_obf = scramble_1(erk_dec)
  riv_obf = scramble_2(riv_dec)
 
  print 'erk_obf:', erk_obf.encode('hex')
  print 'riv_obf:', riv_obf.encode('hex')</code>
</syntaxhighlight>
 
* Source: [http://www.ps3news.com/forums/ps3-hacks-jailbreak/ps3-lv0-keys-leaked-4-21-4-25-4-30-cfw-updates-incoming-124532-24.html]
 
= SPU Status Codes =
 
<pre>
00 00 01 00 00 00 00 00  00 00 00 00 00 00 00 00 <- SUCCESS
00 00 01 01 00 00 00 00  00 00 00 00 00 00 00 00 <- ILLEGAL PARAMETER
00 00 01 03 00 00 00 00  00 00 00 00 00 00 00 00 <- INTERNAL ERROR
00 00 01 04 00 00 00 00  00 00 00 00 00 00 00 00 <- VERIFICATION FAILURE
00 00 01 0B 00 00 00 00  00 00 00 00 00 00 00 00 <- ??? (in sv_iso, when auth_mode = 0x46 && auth_drive_super() failed)
</pre>
 
= Private Key verifier (Anti-Troll) =
 
* Source: [https://web.archive.org/web/20141119122516/http://pastie.org/private/yfmid0zejc8fp5x0ogzj5g here]
 
<syntaxhighlight lang="python" enclose="div">
#!python2
import ecdsa, random, struct
from random import SystemRandom
randrange = SystemRandom().randrange
def s2i(s):
result = 0L
for c in s:
  result = 256 * result + ord(c)
return result
def get_vsh_curves(file_path):
curves = []
curve_fmt = '>20s20s20s20s20s20s'
with open(file_path, 'rb') as in_file:
  file_data = in_file.read()
  file_size = len(file_data)
  num_curves = int(file_size / struct.calcsize(curve_fmt))
  for i in xrange(num_curves):
  data = file_data[i * struct.calcsize(curve_fmt):(i + 1) * struct.calcsize(curve_fmt)]
  inv_data = ''.join([chr((~ord(x)) & 0xff) for x in data])
  p, a, b, n, gx, gy = struct.unpack(curve_fmt, inv_data)
  curves.append({
    'p': s2i(p),
    'a': s2i(a),
    'b': s2i(b),
    'n': s2i(n),
    'gx': s2i(gx),
    'gy': s2i(gy)
  })
return curves
def get_loader_curves(file_path):
curves = []
curve_fmt = '>20s20s20s21s20s20s'
with open(file_path, 'rb') as in_file:
  file_data = in_file.read()
  file_size = len(file_data)
  num_curves = int(file_size / struct.calcsize(curve_fmt))
  for i in xrange(num_curves):
  data = file_data[i * struct.calcsize(curve_fmt):(i + 1) * struct.calcsize(curve_fmt)]
  inv_data = ''.join([chr((~ord(x)) & 0xff) for x in data])
  p, a, b, n, gx, gy = struct.unpack(curve_fmt, inv_data)
  curves.append({
    'p': s2i(p),
    'a': s2i(a),
    'b': s2i(b),
    'n': s2i(n),
    'gx': s2i(gx),
    'gy': s2i(gy)
  })
return curves
curves = get_loader_curves('ldr_curves') #SELECT TYPE OF CURVES HERE, LDR_CURVES USED AS DEFAULT
def get_curve_parameters(type):
params = curves[type]
return params['p'], params['a'], params['b'], params['n'], params['gx'], params['gy']
curve_type = 0x27 # SELECT CURVE TYPE HERE, SD CURVE TYPE AS DEFAULT
p, a, b, n, gx, gy = get_curve_parameters(curve_type) # parameters
c = ecdsa.ellipticcurve.CurveFp(p, a, b) # curve equation
g = ecdsa.ellipticcurve.Point(c, gx, gy, n) # generator point
q = ecdsa.ellipticcurve.Point(c, gx, gy) # public point
k = 0x000000000000000000000000000000000001000000L # TODO: PLACE PRIVATE KEY HERE , USED SD KEY AS DEFAULT
public_key = ecdsa.ecdsa.Public_key(g, g * k)
print 'Qx: {0:040X}'.format(public_key.point.x())
print 'Qy: {0:040X}'.format(public_key.point.y())
</syntaxhighlight>
 
= Lv0 Passwords =
 
Lv0 sends this value to SPU when it loads lv1.self. Check is inside lv1ldr.
 
{| class="wikitable sortable"
|-
! version !! password
|-
| 3.40 - 3.42 || <code>9CD17AA7DBBFDE9B38F443F1F422B96E</code>
|-
| 3.50 || <code>C11BBA042177DA40E26C9A2CFB03978C</code>
|-
| 3.55 || <code>87746DC81CAE22812C44FC0E4F95338C</code>
|-
| 3.56 || <code>62E3F39DB055BDB16CBE68F79206FCC9</code>
|-
| 3.60 - 3.61 || <code>24D584F6452DD2AFF51A274A315CEC28</code>
|-
| 3.65 - 3.66 || <code>6B7CD8A6E714F28DAF10254303A25ED1</code>
|-
| 3.70 - 3.74 || <code>70D9A205D09B1D26AD00CA0213CC0B8D</code>
|-
| 4.00 - 4.11 || <code>8005ADF19082F027E19E947DC5A51A05</code>
|-
| 4.20 - {{latestPS3}} || <code>25EFE04B1D920B48CFFDCE7D43F438F1</code>
|}
 
= RSA Source Example =
 
* [https://paste.ubuntu.com/24678348/ (to mirror because needs account)]
* Uses Trophy Public Modulus and Exponent for Signature verification
* Adapted from [https://rosettacode.org/wiki/RSA_code#C Rosetta Code]
 
= Unknown Triple_DES key? =
 
Key = F1660C455AB510B98B42660B8FB0476402C503052DB2AC87
IV  = 6991982C9598E77C
* Location: explore_plugin.sprx
 
= SacModule =
 
Key = 01A325C749EB6DF8E9C7AF856D432B10
IV  = D23785A490CBE1860F1D249CE56F73AB
Data.enc = 5745E719A338CD681D02D7089A40FBF6D1E4206780ED0922E049B5BF69959DA3
Data.dec = 6794C8666FB90DF0B6350B1816D5C8F010101010101010101010101010101010
 
First 0x10 bytes only used from the decrypted data.
 
Key2 = 10CC98B53A7C4462B8700923E613FA39
IV2  = B07985E490BCB8520F1D639CE56F73AB
Data2.enc = E172AC67EFD5FB5EC97EC180592D17F2 .... 5A79457925B6678D3866ADC53C4658EE
Data2.dec = 00A09853C2AF506F5F8876AB4543233C .... 4334097D2FDD1C090909090909090909
 
There are 2 blobs inside:
* 1) offset = 0, size = 0xAF.
* 2) offset 0xB7, size = 0x240.
 
Second part contains RSA-1024 Private keyset, used to sign some data.
 
rsa sig pub: BF4F654ED270FE7EA234B0503EA6428CC65496E652380F308FA74165F2A4571CBCA16D7A7FF381E1D92F93AFD465D671C2C1478F58D5D48CB45624A528F69603
              6C21746224A4956D625087139679064961139227C9D001769D8250CA3E54FCDBDE311DA0B2B1EF13BDA3241E11C8FFB8BAB71879FB022730830612EC8F972305
rsa sig priv:4E6790A27436A0E66F3DDEC0945C794BCE809E737860C740E4AEEC6B86BCF982AA80122931453006CA86E825188C400DD17E7B0071ACF8F64D763C807FC0478C
              1B0DA0B18179DE1301D2BFE4B5D68682BEF06F532D331C026DE7BCE1E2F64F9D850A48602D4E1DE9358D7A4EDEF91388382439CE9F25B350ED511F4ED7E83545
rsa sig P:  F6B73A560471BB8DF71474F8682F7DF63FDC9F263CA9B76C43FB8090ADCF59D22BE2405C2D454A678D0B58942B47100CA4E3E9F03C4B5AB3B95ED77AF8168B4B
rsa sig Q:  C68268F30C242D5E234DF91ED0954D7C56AEEAA90EE554EB845473C6777182C92504C3AE6F7FEC44AF7C4C7963BD3E91B241D714A9D8D97B6B3041D2095A48EF
rsa sig DP:  BB5E3423978478983C8980BC1703DA79E5CE3BDFE23A525F1AD22AB5B60ABF806A6B8DCD73642839B458659141BCDA677FE2C78BF77E9307E3443009E7D7D739
rsa sig DQ:  39A67C0641FB6BB590393FE5441C68317917398D39873EBF5B620F718F14C72FD57169C70A18B3AC4AEEA56307A5593B84F27C1D432A7816D0CD660032B926BF
rsa sig QP:  71D9D08479685B74B35F318137865935E6DD4400888C97C24C08A0CD7B860809E361FE252E8638264D2E098D6303ADD1021B80AF4ACF210F0C4334097D2FDD1C
 
rsa enc pub: BE95A0C43EDEAADE777A54521F5B9836D8C1FA17071F12DDF1B30289CC9FB24200508B875E6F155F9AB8D8B808DB752682B20CAC56F8EA2276DB52D81E3195FE
              A31A539F9AB9E68232CC523735E18CEC41112AADF8A66DA782BA297AAC60CEA323B067D357B3410FCB84253159CAD55B6664FD888F196BB78EB2BE85EBEBDD1F
 
= Unity Keys =
 
<pre>
PS3:      I3-DDQR-F4PJ-5D8E-G4TT-DQS2
Vita:        I3-B2DJ-BSR5-HKTE-2HHH-9QR2
 
PS4:            I3-9HBF-CRK9-TDEA-422V-KDB5
Vita/PS4:    I3-M7AD-279S-X79U-FPTT-854R
 
PS3/Vita:    I3-CH9J-73FU-F25C-NVPU-7Q43
PS3/PS4:    I3-ZHZG-JS75-VJ5T-GJD4-EDTX
</pre>
 
= Fail Keys =
 
Sony's Hall of Shame, see [[Fail_Keys]]
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Template used on this page: