Editing Talk:Seeds

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
= SYSCON KeySlot Keys =
* some keys
 
* https://pastebin.com/7s9VnjK3
* Some keys.
* [https://pastebin.com/7s9VnjK3 Source (from zecoxao and the PS3 Syscon hackers)]


<pre>
<pre>
Line 9: Line 7:
0x020: 88228B0F92C4C36AF097F1FE948D27CE  //EID1 EEPROM/CMAC KEY
0x020: 88228B0F92C4C36AF097F1FE948D27CE  //EID1 EEPROM/CMAC KEY
0x030: A09631B4F8AFC77780CB6C9EEB0870FC  //Used for SNVS
0x030: A09631B4F8AFC77780CB6C9EEB0870FC  //Used for SNVS
0x040: 48FF6BFA9C172C6E14AE444419CAF676  //Used for INIT (Used to obtain keys for 0x2A0 0x2B0 0x2C0 and 0x2D0) (encrypt 0x00 keyseed at eid1 with this key once for first, twice for second, thrice for third, and four times for last)
0x040: 48FF6BFA9C172C6E14AE444419CAF676  //Used for INIT
0x050: 9F1DF816BB4A4A0129D031CFB0AD9B30  //lv0::secure_com_lib_internal_key::session_key_create_key_0x00
0x050: 9F1DF816BB4A4A0129D031CFB0AD9B30  //lv0::secure_com_lib_internal_key::session_key_create_key_0x00
0x060: D302FDE17578FBDBA1058449BA5C1BEA  //lv0::secure_com_lib_internal_key::session_key_create_key_0x01
0x060: D302FDE17578FBDBA1058449BA5C1BEA  //lv0::secure_com_lib_internal_key::session_key_create_key_0x01
Line 26: Line 24:
0x130: 1762C80CA86683B7E76FE3853CCFE5DB  //AUTH related
0x130: 1762C80CA86683B7E76FE3853CCFE5DB  //AUTH related
0x140: 0B3C10FF47FC9D3437CA80952CAE9170  //binary_patch_xorkey1
0x140: 0B3C10FF47FC9D3437CA80952CAE9170  //binary_patch_xorkey1
0x150: 8CD72FD3E1E537CB51D6F1FEEEB5CE4C //Archaic/Fallback key for encrypting 0x170 used to decrypt 0x2700
0x150: 8CD72FD3E1E537CB51D6F1FEEEB5CE4C
0x160: DED8B76BF948E396BDCF74F1DE1C64E4  //0x2710 Key
0x160: DED8B76BF948E396BDCF74F1DE1C64E4  //0x2710 Key
0x170: 7AB230EAD7DD151695878AEBB20812BC  //0x2760 Key
0x170: 7AB230EAD7DD151695878AEBB20812BC  //0x2760 Key
Line 71: Line 69:
</pre>
</pre>


= EID Structure =
= Time Constants =


EID is made of 6 "partitions" from EID0 to EID5.
<pre>
358B2E4BDA394A185D4F5407594C20E4
08A4FD2A2A8D6DA788F9AB9626B3A991


== EID0 ==
E01B01CF9C7FBC7D79D670086DAF497F
9BD3A5D5178DDE1D825344AE398113DD


EID0 embeds 11 sections.
FF525D8BF4422CC76B13AA47FA2CC369
83A720CD45D18FB3D4112888187E3040


=== EID0 Section (PSP) ===
702B91D8E6ACEEC4B801315F357E1EE3
 
2DA1081408D72C41AFC1B61AE7C9882D
* Size: 0xB8 bytes.
 
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Data || 0x10 || contains the actual data of the file (either idps or psid)
|-
| plaintext public key || 0x28 || contains the section's public key (without padding)
|-
| R || 0x14 || part of the ecdsa signature pair (r,s)
|-
| S || 0x14 || part of the ecdsa signature pair (r,s)
|-
| public key || 0x28 || ecdsa public key (can be used to verify ecdsa signature RS)
|-
| encrypted private key || 0x20 || encrypted blob that contains the section's KIRK 0xC private key (with zero byte padding)
|-
| cmac || 0x10 || cmac of the previous section (0xA8 bytes)
|-
|}
 
=== EID0 Section (PS3) ===
 
* Size: 0xC0 bytes.
 
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Data || 0x10 || contains the actual data of the file (either idps or psid)
|-
| plaintext public key || 0x28 || contains the section's public key (without padding)
|-
| R || 0x14 || part of the ecdsa signature pair (r,s)
|-
| S || 0x14 || part of the ecdsa signature pair (r,s)
|-
| public key || 0x28 || ecdsa public key (can be used to verify ecdsa signature RS)
|-
| encrypted private key || 0x20 || encrypted blob that contains the section's private key (with zero byte padding)
|-
| cmac || 0x10 || hash of the previous information in CMAC mode
|-
| padding || 0x8 || zero byte padding for AES 128 bits encryption
|}
 
=== EID0 Section (Vita) ===
 
* Size: 0xE0 bytes.
 
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Data || 0x10 || contains the actual data of the file (either idps or psid)
|-
| plaintext public key || 0x38 || contains the section's public key (without padding)
|-
| R || 0x1C || part of the ecdsa signature pair (r,s)
|-
| S || 0x1C || part of the ecdsa signature pair (r,s)
|-
| public key || 0x38 || ecdsa public key (can be used to verify ecdsa signature RS)
|-
| encrypted private key || 0x20 || encrypted blob that contains the section's private key (with zero byte padding)
|-
| cmac || 0x20 || hash of the previous information in CMAC mode
|-
| padding || 0x8 || zero byte padding for AES 128 bits encryption
|}
 
* [https://web.archive.org/web/20141118233713/http://pastie.org/6169158 naehrwert's EID0 section 0 ECDSA verification]
 
== EID1 ==
 
* Size: 0x2A0 bytes.
 
{|class="wikitable"
|-
! Offset !! Length !! Description
|-
| 0 || 0x10 || INIT Seed
|-
| 0x10 || 0x80 || AUTH1 Reencrypted Keyseeds
|-
| 0x90 || 0x80 || AUTH2 Reencrypted Keyseeds
|-
| 0x110 || 0x40 || Keyseeds (Time Service Purpose)
|-
| 0x150 || 0x10 ||  KeySeed (SNVS/Time Related)
|-
| 0x160 || 0x120 || Padding (Zeroes)
|-
| 0x280 || 0x10  || CMAC of Encrypted Data Using Master Key 0x20 if on EEPROM to CMAC (and encrypt/decrypt) or Master Key 0x10 if on FLASH
|-
| 0x290 || 0x10  || CMAC of Encrypted FLASH Data Using Perconsole Key encrypted using root key and EID1 Seeds
|}
 
== EID2 ==
 
* Size: 0x730 bytes.
 
Related to BD drive. See [[Hypervisor_Reverse_Engineering#Remarrying]].
 
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Header || 0x20 ||
|-
| P(rimary) block || 0x80 || contains bd drive info, including encrypted drive-auth keys
|-
| S(econdary) block || 0x690 || contains bd drive info
|}
 
== EID3 ==
 
* Size: 0x100 bytes.
 
Related to Communicatio. See [[Hypervisor_Reverse_Engineering#Communication]].
 
{|class="wikitable"
|-
! Offset !! Description !! Length !! Note
|-
| 0x00 || Header || 0x20 || contains ckp_management_id, size of cprm keys + sha1 digest + padding and nonce
|-
| 0x20 || cprm player keys || 0xB8 ||
|-
| 0xD8 || sha1 digest || 0x14 || sha1 digest of previous section
|-
| 0xEC || padding || 0x4 ||
|-
| 0xF0 || omac1 digest || 0x10 || omac1 digest of whole eid3
|}
 
== EID4 ==
 
* Size: 0x30 bytes.
 
{|class="wikitable"
|-
! Description !! Length !! Note
|-
| Drive Key 1 || 0x10 || Encrypts data sent from host to bd drive
|-
| Drive Key 2 || 0x10 || Decrypts data sent from bd drive to host
|-
| CMAC/OMAC1 || 0x10 || Hash of the previous bytes in CMAC/OMAC1 mode
|}
 
== EID5 ==
 
* Size: 0xA00 bytes.
 
The largest and quite possibly the most important EID of all 6. It's unknown what is inside this specific EID. We'll probably never know what's inside it without analyzing every possible clue about the PS3. And even then, it might be impossible to find its real use. Its size is similar to EID0, but it has an additional 0x1A0 bytes.
 
= Time Constants =
 
<pre>
358B2E4BDA394A185D4F5407594C20E4 (FFs encrypted with garbage key 79 times)
08A4FD2A2A8D6DA788F9AB9626B3A991 (FFs encrypted with garbage key 80 times)
E01B01CF9C7FBC7D79D670086DAF497F (FFs encrypted with garbage key 81 times)
9BD3A5D5178DDE1D825344AE398113DD (FFs encrypted with garbage key 82 times)
FF525D8BF4422CC76B13AA47FA2CC369 (FFs encrypted with garbage key 83 times)
83A720CD45D18FB3D4112888187E3040 (FFs encrypted with garbage key 84 times)
702B91D8E6ACEEC4B801315F357E1EE3 (FFs encrypted with garbage key 85 times)
2DA1081408D72C41AFC1B61AE7C9882D (FFs encrypted with garbage key 86 times)
</pre>
</pre>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/ps3/Talk:Seeds"