Editing Talk:Seeds

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
= SYSCON KeySlot Keys =
= Further Help on finding the crypto ocurrences in N's twitter (and other ones aswell)=


* Some keys.
It is necessary to do some investigation, and these things might help:
* [https://pastebin.com/7s9VnjK3 Source (from zecoxao and the PS3 Syscon hackers)]


<pre>
* unselfing every self possible and seek for hardcoded data inside the elf
0x000: A46BA2B83D4E7EE559F239E0087A3808  //0x00 Key
0x010: 5794BC8C2131B1E3E7EC61EF14C32EB5  //EID1 FLASH/CMAC KEY
0x020: 88228B0F92C4C36AF097F1FE948D27CE  //EID1 EEPROM/CMAC KEY
0x030: A09631B4F8AFC77780CB6C9EEB0870FC  //Used for SNVS
0x040: 48FF6BFA9C172C6E14AE444419CAF676  //Used for INIT (Used to obtain keys for 0x2A0 0x2B0 0x2C0 and 0x2D0) (encrypt 0x00 keyseed at eid1 with this key once for first, twice for second, thrice for third, and four times for last)
0x050: 9F1DF816BB4A4A0129D031CFB0AD9B30  //lv0::secure_com_lib_internal_key::session_key_create_key_0x00
0x060: D302FDE17578FBDBA1058449BA5C1BEA  //lv0::secure_com_lib_internal_key::session_key_create_key_0x01
0x070: 0E6B7480E5CEB2562A3347BB41012455  //lv0::secure_com_lib_internal_key::session_key_create_key_0x02
0x080: 7910AC5D2AD16001F6A2783979096103  //lv0::secure_com_lib_internal_key::session_key_create_key_0x03
0x090: E3052804B7D2836F2879A1751BB40D48  //lv0::secure_com_lib_internal_key::session_key_create_key_0x04
0x0A0: EF586F9D599170676850590BA67D4BC7  //lv0::secure_com_lib_internal_key::session_key_create_key_0x05
0x0B0: 5D9598637AF25F8023623B1268B5131A  //lv0::secure_com_lib_internal_key::session_key_create_key_0x06
0x0C0: 0EAA32140A2861D8659626F6CE2286DB  //lv0::secure_com_lib_internal_key::session_key_create_key_0x07
0x0D0: 5EC26719DD05CF73E36358DEEC6EF10E  //Used to encrypt keyseed 0x110 and forge time key 0x00 for second layer or keyseed 0x150 for first layer
0x0E0: 85BFE5F04826819F754F4B735438105B  //Used to encrypt keyseed 0x120 and forge time key 0x01 for second layer or keyseed 0x150 for first layer
0x0F0: 767A0AA40672D75C2C57665243466FE0  //Used to encrypt keyseed 0x130 and forge time key 0x02 for second layer or keyseed 0x150 for first layer
0x100: 8D904F16239C6C56D20C3AAE424B6FDF  //Used to encrypt keyseed 0x140 and forge time key 0x03 for second layer or keyseed 0x150 for first layer
0x110: A3ADB99A21E47ADFF3FD7FC3173981CA  //lv0::secure_com_lib_internal_key::BE_SC_PayloadKey
0x120: 6933CEE7A518E5B8CBE1FC14B261B765  //lv0::secure_com_lib_internal_key::SC_BE_PayloadKey
0x130: 1762C80CA86683B7E76FE3853CCFE5DB  //AUTH related
0x140: 0B3C10FF47FC9D3437CA80952CAE9170  //binary_patch_xorkey1
0x150: 8CD72FD3E1E537CB51D6F1FEEEB5CE4C  //Archaic/Fallback key for encrypting 0x170 used to decrypt 0x2700
0x160: DED8B76BF948E396BDCF74F1DE1C64E4  //0x2710 Key
0x170: 7AB230EAD7DD151695878AEBB20812BC  //0x2760 Key
0x180: 210623DCA298994DFE87F840FC481CBF  //0x2790 Key
0x190: 7073147F753089CC7256D37113032E3C  //0x26B0 0x26E0 0x26F0 key
0x1A0: A8DF3DBB4D0B526A0EAE3039C6A04F90  //0x26C0 Key
0x1B0: 259A8A939591C7D11CBA8682EEC7D50E  //0x26D0 key
0x1C0: 0DC5F3557D30FE5DA4C2025FC6539AC2
0x1D0: 179C503127A8E8F594437B1C108357A7  //0x2700 Key
0x1E0: 9DABE2F04000E6B1F50AB83D40D0557C 
0x1F0: 0935CC5123B33E6F10B63FE9DF2DC45F
0x200: 95C1751D2E8DACD240601CCD574E0719
0x210: 1D73B463CDB1F83569F06E50A642D855
0x220: 55A8E40D2AB591023B73227F2EAFE64C
0x230: 96ADD8F0A5244ABE9510F8EAB49972C4
0x240: A4DF5DE17AC739EB4E8099C2E46B2307
0x250: C1B18434EB022E09C729F15A09DFDF14
0x260: EF20E99282934F9AF14104B0F898DC11
0x270: 0678B72470078E1A0E0277CCB88B0F83
0x280: CFFDCA6FEA3C081FF1AF7AD00469BBAC
0x290: 3064E15DC05DC9A980DE02D9D49DCD18
0x2A0: 2113A661B89C1997A184036B9E17E085
0x2B0: 3EA37A4BF626183B5FF0A68D38CAFBF3
0x2C0: 0F342375B23EC2D02E6D2C4B97718E17
0x2D0: A867E44E51F394E281D9D6CBE6CB060A
0x2E0: 1ABB99A51544067BBA2BFB3812BA665E
0x2F0: F6FBA159EA3E2E060697E7A6BB57962F
0x300: 56833AFFCD666B2F8C9C8F77CABE72E5
0x310: C07F2D5DD66F5A423C3961B1C1727344
0x320: 0AC71FD7342CE320CEB86FA00472028F
0x330: 8D09452C7AD83C78AD1CE8D5B4249EBB
0x340: B37850A33DCF902EF9E419555279731B
0x350: EB224C1515FB354C5D766E8194F07433
0x360: F37150D7DB408521CDBB46C251970A1B
0x370: 23DD68A9764D598BE27BCFDDDAA1BD31
0x380: 3D2F75AF278184B146EB713DC689C46E
0x390: 4FD28840E70F2AA0C57130BED1B24E62
0x3A0: C1AFAD346B096A6E614386246A5788AA
0x3B0: 00B4467C2C6077B9A3A51B11B3034E7E
0x3C0: B265C5457B066F7E5037C6B0524A72E8
0x3D0: 2B826B3100E6A649F7D80F30C812EF77
0x3E0: CABE72E5634DFD185FCEBDFF3FAE5DF8
0x3F0: B2A7421C8757427FC46F2C29DB9E76ED
</pre>


= SYSCON KeySlot Keys Prototype =
* read the metadata of the self using readself(2) and encoded print_hash function


<pre>
**print_hash accepts two parameters (offset,length) where offset is where you want to localize the position and length is the lenght printed in bytes
C1 9A 12 39 17 D2 3D 0F 57 66 FD 38 70 C3 39 2C //0x00 Key
18 38 0D 1F 34 A4 28 74 B0 97 BB 3B 77 D7 FA BD //0x10 Key EID1 SECOND LAYER KEY
C4 87 6E BD DE 11 2F D3 F4 EB 40 2C 30 A9 29 91 //0x20 Key EID1 FIRST LAYER KEY
9B 7F D3 84 3D C2 53 39 E7 F6 C0 2D 86 73 57 1E //0x30 Key SNVS KEY
C5 ED 68 E0 72 FC 70 74 74 B5 D7 0C 3B C0 8B 24 //0x40 Key INIT KEY
5C 87 6C F7 E8 3C 30 6B 2D E3 47 AB 8D DA 2D E8 //0x50 Key lv0::secure_com_lib_internal_key::session_key_create_key_0x00
0B EE C5 7F 6D 58 93 FE D1 3E AA 94 06 53 6A A5 //0x60 Key lv0::secure_com_lib_internal_key::session_key_create_key_0x01
95 D6 74 D7 11 CA 3C 59 ED 03 6C E6 7A 00 E9 0E //0x70 Key lv0::secure_com_lib_internal_key::session_key_create_key_0x02
81 D0 00 4B 51 2B B4 BD D0 39 E5 84 B8 EA 68 49 //0x80 Key lv0::secure_com_lib_internal_key::session_key_create_key_0x03
3D 42 3D A8 C0 1F 75 0E 64 64 0C CF D5 E8 B6 25 //0x90 Key lv0::secure_com_lib_internal_key::session_key_create_key_0x04
C8 C4 3F C5 49 44 EE 9F 13 4E 5D DC 2D CA 47 B2 //0xA0 Key lv0::secure_com_lib_internal_key::session_key_create_key_0x05
F5 5E C0 64 F0 F3 9B 5C 15 BF 2A 63 FC 7B 7B C6 //0xB0 Key lv0::secure_com_lib_internal_key::session_key_create_key_0x06
44 D1 82 C2 1B 1A 68 3D 46 D8 06 CF AE A7 9D 62 //0xC0 Key lv0::secure_com_lib_internal_key::session_key_create_key_0x07
FF 6A 33 0E A1 F6 F1 35 EC D3 DA 24 8A 1C DC 8B //0xD0 Key Used to encrypt keyseed 0x110 and forge time key 0x00 for second layer or keyseed 0x150 for first layer
C3 B2 81 46 87 CD B9 10 20 CF B0 89 5B DC FD 7C //0xE0 Key Used to encrypt keyseed 0x120 and forge time key 0x01 for second layer or keyseed 0x150 for first layer
B2 92 43 49 1C D1 3D 21 FE 76 15 EA CA 83 68 20 //0xF0 Key Used to encrypt keyseed 0x130 and forge time key 0x02 for second layer or keyseed 0x150 for first layer
EE FB C2 A9 55 F0 82 3E B7 70 3A FB 9B A0 BA B6 //0x100 Key Used to encrypt keyseed 0x140 and forge time key 0x03 for second layer or keyseed 0x150 for first layer
A3 AD B9 9A 21 E4 7A DF F3 FD 7F C3 17 39 81 CA //0x110 Key BE2SC KEY
69 33 CE E7 A5 18 E5 B8 CB E1 FC 14 B2 61 B7 65 //0x120 Key SC2BE KEY
5A A0 66 58 23 A4 1E 1B 56 AD 52 12 62 91 A0 E6 //0x130 Key BE2SC SC2BE XOR KEY
10 A6 65 12 05 46 C3 FD DC 81 E2 04 50 05 8C 90 //0x140 Key BINARY PATCH XOR KEY 1
8C D7 2F D3 E1 E5 37 CB 51 D6 F1 FE EE B5 CE 4C //0x150 Key Fallback Key for 0x2700
91 88 02 92 BB 64 92 7C 31 66 9E 26 BD 15 93 2A //0x160 Key 0x2710 KEY
1C E7 FF AF 48 9E 76 2A 99 72 7C F1 B1 E8 C1 B9 //0x170 Key 0x2760 KEY
F7 2D 0F 14 DA 2A 0B CC CD 32 14 97 3C C5 63 19 //0x180 Key 0x2790 KEY
70 49 28 15 8B D3 1D 17 18 54 F1 F6 CD A5 32 A1 //0x190 Key 0x26B0 0x26E0 0x26F0 KEY
39 8E 7F 80 B4 ED 6C F1 36 08 4F E9 C4 6F 94 35 //0x1A0 Key 0x26C0 KEY
83 A8 8D 67 81 20 E7 B6 85 E5 7C CA B3 58 6B 9E //0x1B0 Key 0x26D0 KEY
9A F6 7D F5 D0 14 6C 3B C4 7E E9 00 27 B1 A3 A2 //0x1C0 Key
44 F4 D2 FC E1 1C E9 B6 F1 4D 77 C0 8E AA 7E BF //0x1D0 Key 0x2700 KEY
</pre>


= EID Structure =
* reverse engineering (whoever is capable of this and wants to give it a try is welcome to do so)


EID is made of 6 "partitions" from EID0 to EID5.
If i wasn't dumb to look for this, then certainly you, whomever you are, are not, and you're welcome to give it a shot at this :)


== EID0 ==
Good Luck


EID0 embeds 11 sections.
= Theory about EID1 and EID4 =


=== EID0 Section (PSP) ===
* EID4 shows the omac of the decrypted values in plain form when in encrypted state


* Size: 0xB8 bytes.
example:


{|class="wikitable"
ENCRYPTED
|-
<pre>
! Description !! Length !! Note
AA F3 F9 3F CB 2C 10 97 C1 24 6A C7 1B 72 79 0B
|-
88 B1 00 0E 9B 0D 95 A3 D7 3E 3E 9C 6F 40 32 D0
| Data || 0x10 || contains the actual data of the file (either idps or psid)
04 33 3E 57 7E 1C ED 87 FA 92 56 09 28 48 34 31
|-
</pre>
| plaintext public key || 0x28 || contains the section's public key (without padding)
|-
| R || 0x14 || part of the ecdsa signature pair (r,s)
|-
| S || 0x14 || part of the ecdsa signature pair (r,s)
|-
| public key || 0x28 || ecdsa public key (can be used to verify ecdsa signature RS)
|-
| encrypted private key || 0x20 || encrypted blob that contains the section's KIRK 0xC private key (with zero byte padding)
|-
| cmac || 0x10 || cmac of the previous section (0xA8 bytes)
|-
|}


=== EID0 Section (PS3) ===
DECRYPTED
<pre>
02 0F 2A 40 2F 6B 0F 38 47 CB AC 2A B2 E1 5B D9
C1 BC 45 64 6D C5 E7 DB 51 3A 4C B7 FF 7B 4E F3
</pre>


* Size: 0xC0 bytes.
the 3rd 16 byte value in the encrypted section is the hash in cmac-mode of the decrypted 32 bytes


{|class="wikitable"
* the same happens in EID1
|-
! Description !! Length !! Note
|-
| Data || 0x10 || contains the actual data of the file (either idps or psid)
|-
| plaintext public key || 0x28 || contains the section's public key (without padding)
|-
| R || 0x14 || part of the ecdsa signature pair (r,s)
|-
| S || 0x14 || part of the ecdsa signature pair (r,s)
|-
| public key || 0x28 || ecdsa public key (can be used to verify ecdsa signature RS)
|-
| encrypted private key || 0x20 || encrypted blob that contains the section's private key (with zero byte padding)
|-
| cmac || 0x10 || hash of the previous information in CMAC mode
|-
| padding || 0x8 || zero byte padding for AES 128 bits encryption
|}


=== EID0 Section (Vita) ===
assuming this, are we safe to say eid1 is ALREADY decrypted OR does it contain aditional crypto layers?
if it IS decrypted, what is inside it? they're exactly 640 bytes. that'd give room to 40 16 byte keys or 10 64 byte seeds.


* Size: 0xE0 bytes.
= Other undocumented crypto stuff =


{|class="wikitable"
== sc_iso ==
|-
! Description !! Length !! Note
|-
| Data || 0x10 || contains the actual data of the file (either idps or psid)
|-
| plaintext public key || 0x38 || contains the section's public key (without padding)
|-
| R || 0x1C || part of the ecdsa signature pair (r,s)
|-
| S || 0x1C || part of the ecdsa signature pair (r,s)
|-
| public key || 0x38 || ecdsa public key (can be used to verify ecdsa signature RS)
|-
| encrypted private key || 0x20 || encrypted blob that contains the section's private key (with zero byte padding)
|-
| cmac || 0x20 || hash of the previous information in CMAC mode
|-
| padding || 0x8 || zero byte padding for AES 128 bits encryption
|}


* [https://web.archive.org/web/20141118233713/http://pastie.org/6169158 naehrwert's EID0 section 0 ECDSA verification]
k1: 3B050A7CA2961582228EE8029E4159D5
 
k2: C367A9AA6A166128B794883E61588B48
== EID1 ==
  pub: 97A66090C2B61AC166162FBD85652EF3D3C040A81A9F7BD51006DD1D3F3E2E2B726F985014577D4B
 
* Size: 0x2A0 bytes.
 
{|class="wikitable"
|-
! Offset !! Length !! Description
|-
| 0 || 0x10 || INIT Seed
|-
| 0x10 || 0x80 || AUTH1 Reencrypted Keyseeds
|-
| 0x90 || 0x80 || AUTH2 Reencrypted Keyseeds
|-
| 0x110 || 0x40 || Keyseeds (Time Service Purpose)
|-
| 0x150 || 0x10 ||  KeySeed (SNVS/Time Related)
|-
| 0x160 || 0x120 || Padding (Zeroes)
|-
| 0x280 || 0x10  || CMAC of Encrypted Data Using Master Key 0x20 if on EEPROM to CMAC (and encrypt/decrypt) or Master Key 0x10 if on FLASH
|-
| 0x290 || 0x10 || CMAC of Encrypted FLASH Data Using Perconsole Key encrypted using root key and EID1 Seeds
|}
 
== EID2 ==
 
* Size: 0x730 bytes.
 
Related to BD drive. See [[Hypervisor_Reverse_Engineering#Remarrying]].
 
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Header || 0x20 ||
|-
| P(rimary) block || 0x80 || contains bd drive info, including encrypted drive-auth keys
|-
| S(econdary) block || 0x690 || contains bd drive info
|}
 
== EID3 ==
 
* Size: 0x100 bytes.
 
Related to Communicatio. See [[Hypervisor_Reverse_Engineering#Communication]].
 
{|class="wikitable"
|-
! Offset !! Description !! Length !! Note
|-
| 0x00 || Header || 0x20 || contains ckp_management_id, size of cprm keys + sha1 digest + padding and nonce
|-
| 0x20 || cprm player keys || 0xB8 ||
|-
| 0xD8 || sha1 digest || 0x14 || sha1 digest of previous section
|-
| 0xEC || padding || 0x4 ||
|-
| 0xF0 || omac1 digest || 0x10 || omac1 digest of whole eid3
|}
 
== EID4 ==
 
* Size: 0x30 bytes.
 
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Drive Key 1 || 0x10 || Encrypts data sent from host to bd drive
|-
| Drive Key 2 || 0x10 || Decrypts data sent from bd drive to host
|-
| CMAC/OMAC1 || 0x10 || Hash of the previous bytes in CMAC/OMAC1 mode
|}
 
== EID5 ==
 
* Size: 0xA00 bytes.
 
The largest and quite possibly the most important EID of all 6. It's unknown what is inside this specific EID. We'll probably never know what's inside it without analyzing every possible clue about the PS3. And even then, it might be impossible to find its real use. Its size is similar to EID0, but it has an additional 0x1A0 bytes.
 
= Time Constants =
 
<pre>
358B2E4BDA394A185D4F5407594C20E4 (FFs encrypted with garbage key 79 times)
08A4FD2A2A8D6DA788F9AB9626B3A991 (FFs encrypted with garbage key 80 times)
E01B01CF9C7FBC7D79D670086DAF497F (FFs encrypted with garbage key 81 times)
9BD3A5D5178DDE1D825344AE398113DD (FFs encrypted with garbage key 82 times)
FF525D8BF4422CC76B13AA47FA2CC369 (FFs encrypted with garbage key 83 times)
83A720CD45D18FB3D4112888187E3040 (FFs encrypted with garbage key 84 times)
702B91D8E6ACEEC4B801315F357E1EE3 (FFs encrypted with garbage key 85 times)
2DA1081408D72C41AFC1B61AE7C9882D (FFs encrypted with garbage key 86 times)
</pre>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/ps3/Talk:Seeds"