Talk:Keys: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
 
(48 intermediate revisions by 6 users not shown)
Line 1: Line 1:
== aim_key , aim_iv and aim_compare ==
== Superslim DEX Serial 1 Signature ==


can anyone explain to me what is the purpose and funcionality of these keys? i've never seen them in "action" before...
<pre>
R:00 78 8C AE B0 E7 0C 3C D5 32 11 CC 0E 16 C2 A1 6E 9B F6 E6 80
S:00 82 03 7E 33 00 DE 68 DA 8A DD 87 E5 A8 E3 64 2F B7 55 3D D6
</pre>
 
== Superslim DEX Serial 1 Token ==
 
<pre>
2F 4A F9 92 92 F3 01 FD 40 31 53 AB 8F 4A 17 15
2F EA D8 C3 0D E5 F5 5F C8 6E 8B 19 EC BE 22 D2
82 F6 30 29 D2 CD 03 44 0B 55 06 84 0D 4E 83 0B
39 7C 4D 35 6A D8 B2 27 4C A5 74 35 95 C3 23 B4
4E 32 3B 39 5A 85 4B E4 FA E3 1B 0B 74 11 AF C9
</pre>


== 2.36 vs 3.30 appldr key 79481839C4... ==
== 2.36 vs 3.30 appldr key 79481839C4... ==
Stop editing 79481839C4... as a 3.30 appldr key, unless you can disprove the absence of it since after 2.36 as seen here: http://pastebin.com/biWXJrst


i see it there on offset 18C30 in the pastebin ....
Stop editing 79481839C4... as a PS3 FW 3.30 appldr key, unless you can disprove the absence of it since after PS3 FW 2.36 as seen here: http://pastebin.com/biWXJrst.
 
I see it there at offset 0x18C30 in the pastebin....


Here is an appldr keys: [http://www.sendspace.com/file/ou1ln1 .xls] & I doubt about the versions and revisions because of ^^
Here are some appldr keys: [http://www.sendspace.com/file/ou1ln1 .xls (dead link)] and I doubt about the versions and revisions because of ^^


Please edit & add it to the Page.
Please edit and add it to the Page.
 
Disproving the absence: [https://www.sendspace.com/file/m0j3c1 (dead link)]
 
This archive contains files from PS3 FW 3.31 DECR (appldr, decrypted appldr and emer_init.self)
 
The key 79481839C4... is inside the decrypted appldr and used to decrypt emer_init.self.


== sv_iso_spu_module 1.02-3.55 ==
== sv_iso_spu_module 1.02-3.55 ==
<pre>
<pre>
key_0:  EF4F6A107742E8448BC1F9D8F2481B31 //key_0 is an aes_cfb128 iv
key_0:  EF4F6A107742E8448BC1F9D8F2481B31 // key_0 is an aes_cfb128 iv


iv_0:    2226928D44032F436AFD267E748B2393
iv_0:    2226928D44032F436AFD267E748B2393
key_0_0: 126C6B5945370EEECA68262D02DD12D2 //key_0_0 is used with iv_0 to generate gen_key_0
key_0_0: 126C6B5945370EEECA68262D02DD12D2 // key_0_0 is used with iv_0 to generate gen_key_0
key_0_1: D9A20A79666C27D11032ACCF0D7FB501 //key_0_1 is used with iv_0 to generate gen_key_1
key_0_1: D9A20A79666C27D11032ACCF0D7FB501 // key_0_1 is used with iv_0 to generate gen_key_1


key_1:  7CDD0E02076EFE4599B1B82C359919B3 //key_1 is used with iv_0
key_1:  7CDD0E02076EFE4599B1B82C359919B3 // key_1 is used with iv_0


iv_1:    3BD624020BD3F865E80B3F0CD6566DD0 //iv_1 is used with gen_key_0 and gen_key_1
iv_1:    3BD624020BD3F865E80B3F0CD6566DD0 // iv_1 is used with gen_key_0 and gen_key_1


key_2:  380BCF0B53455B3C7817AB4FA3BA90ED //key_2 + iv_2 are used to generate something from the disk name (id?)
key_2:  380BCF0B53455B3C7817AB4FA3BA90ED // key_2 + iv_2 are used to generate something from the disk name (id?)
iv_2:    69474772AF6FDAB342743AEFAA186287
iv_2:    69474772AF6FDAB342743AEFAA186287


debug_disc_fallback: 67C0758CF4996FEF7E88F90CC6959D66 //this fallback is used if the disk name (id?) is 'PS3_L_DEBUG_DISC'
debug_disc_fallback: 67C0758CF4996FEF7E88F90CC6959D66 // this fallback is used if the disk name (id?) is 'PS3_L_DEBUG_DISC'
</pre>
</pre>


===Observations===
=== Observations ===
<pre>genelib.dll (Build 1.20.2662.20880):
 
<pre>
genelib.dll (Build 1.20.2662.20880):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 53: Line 76:
    
    
00072E80                                      67 C0 75 8C              gÀuŒ
00072E80                                      67 C0 75 8C              gÀuŒ
00072E90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f</pre>
00072E90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f
</pre>


== sc_iso module 1.00-4.00 ==
== sc_iso module 1.00-4.00 ==
<pre>
<pre>
0x0                                     
0x0                                     
Line 66: Line 91:


=== Observations ===
=== Observations ===
<pre> 1.00:
<pre> 1.00:
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 96: Line 122:
   ********  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x2
   ********  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.  key rev 0x2
</pre>
</pre>
== aim_spu_module Keys Usage ==
See [[Keys#aim_spu_module_Keys]], especially aim_key, aim_iv and aim_compare.
Can anyone explain to me what is the purpose and functionality of these keys? I have never seen them in "action" before...


== spu_token_processor ==
== spu_token_processor ==
<pre> spu_token_processor 1.00-3.56
 
<pre>spu_token_processor 1.00-3.56
   token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A
   token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A
   token-key:  341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED
   token-key:  341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED
   token-iv:  E8663A69CD1A5C454A761E728C7C254E</pre>
   token-iv:  E8663A69CD1A5C454A761E728C7C254E</pre>
===Observations===
 
=== Observations ===
 
<pre>1.00:
<pre>1.00:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 175: Line 210:
</pre>
</pre>


== aim_spu_module ==
== appldr rev 0x01 ==
  aim_ks_4 : 30B0395DC5835AAA3A7986B44AFAE684
  aim_ks_1 : 2ED7CE8D1D55454585BF6A3281CD03AF
  aim_iv  : 51F78B72A64711CF5C72323FB8607A00
  aim_key  : 922B198CDF0C07DCCE848B69882D804CC23F19C2EAE1244F35AF176F7FD37851
http://pastie.org/2547291 (ks version depends on the first four bytes of the eid)
(from main page)


===Observations===
<pre>  aim_spu_module.self.elf 1.00 :
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  00008670  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J¦;,.DâEðtÚçx*  <- compare  (1.00-3.42)
  00008680  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6..Žâ.kßo.Š<Á{ã.  <- compare  (1.00-3.42)
  00008690  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  êHµqôÒmí........  <- compare  (1.00-3.42)
  000086A0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  Q÷‹r¦G.Ï\r2?¸`z.  <- IV    (1.00-3.42 but not found in 3.50++)
  000086B0  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  ’+.Œß..Ü΄‹iˆ-€L  <- KEY  (1.00-3.42 but not found in 3.50++)
  000086C0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  Â?.Âêá$O5¯.o.ÓxQ  <- KEY  (1.00-3.42 but not found in 3.50++)
  000086D0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯  <- KS 1  (1.00-3.56)
  000086E0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„  <- KS 4  (1.00-3.56)
</pre>
<pre>  aim_spu_module.self.elf 3.42:
 
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
 
  00003070  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„  <- KS 4  (1.00-3.56)
  00003080  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯  <- KS 1  (1.00-3.56)
  00003090  92 2B 19 8C DF 0C 07 DC CE 84 8B 69 88 2D 80 4C  ’+.Œß..Ü΄‹iˆ-€L  <- KEY  (1.00-3.42 but not found in 3.50++)
  000030A0  C2 3F 19 C2 EA E1 24 4F 35 AF 17 6F 7F D3 78 51  Â?.Âêá$O5¯.o.ÓxQ  <- KEY  (1.00-3.42 but not found in 3.50++)
  000030B0  51 F7 8B 72 A6 47 11 CF 5C 72 32 3F B8 60 7A 00  Q÷‹r¦G.Ï\r2?¸`z.  <- IV    (1.00-3.42 but not found in 3.50++)
  000030C0  40 1C 4A A6 3B 2C 8D 44 E2 45 F0 74 DA E7 78 2A  @.J¦;,.DâEðtÚçx*  <- compare  (1.00-3.42)
  000030D0  36 0D 1E 8E E2 11 6B DF 6F 0D 8A 3C C1 7B E3 8F  6..Žâ.kßo.Š<Á{ã.  <- compare  (1.00-3.42)
  000030E0  EA 48 B5 71 F4 D2 6D ED 00 00 00 00 00 00 00 00  êHµqôÒmí........  <- compare  (1.00-3.42)
</pre>
----
== appldr rev0x01 ==
  appold_R  :  B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D        # ps3publictools/include/keys.h
  appold_R  :  B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D        # ps3publictools/include/keys.h
  appold_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
  appold_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
Line 224: Line 221:
  appold_keypair_d :  3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000        # ps3publictools/include/oddkeys.h
  appold_keypair_d :  3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000        # ps3publictools/include/oddkeys.h


== npdrm rev0x01 ==
== npdrm rev 0x01 ==
 
  npdrm_R  :  A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D        # ps3publictools/include/keys.h
  npdrm_R  :  A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D        # ps3publictools/include/keys.h
  npdrm_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
  npdrm_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
Line 230: Line 228:
  npdrm_Da :  040AB47509BED04BD96521AD1B365B86BF620A98        # ...
  npdrm_Da :  040AB47509BED04BD96521AD1B365B86BF620A98        # ...
        
        
  npdrm_omac_key1 :  72F990788F9CFF745725F08E4C128387        # ps3publictools/include/oddkeys.h
  klic_ps3_free :  72F990788F9CFF745725F08E4C128387        # ps3publictools/include/oddkeys.h
  npdrm_omac_key2 :  6BA52976EFDA16EF3C339FB2971E256B        # ...
  npd_header_hash_xor_key :  6BA52976EFDA16EF3C339FB2971E256B        # ...
  npdrm_omac_key3 :  9B515FEACF75064981AA604D91A54E97        # ...
  npd_cid_fn_hash_aes_cmac_key :  9B515FEACF75064981AA604D91A54E97        # ...
        
        
  npdrm_keypair_e  :  A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0        # ps3publictools/include/oddkeys.h
  npdrm_keypair_e  :  A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0        # ps3publictools/include/oddkeys.h
Line 240: Line 238:
----
----


=== Using VSH ECDSA in Python ===
<pre>#!/usr/bin/env python
### Python 2 future-compatible workarounds: (see: http://python-future.org/compatible_idioms.html)
## prevent interpreting print(a,b) as a tuple plus support print(a, file=sys.stderr)
from __future__ import print_function
## interpret long as int, support int.from_bytes()
from builtins import int
## support bytes()
from builtins import bytes
import hashlib
import binascii
CONST_VSH_ECDSA = {
    "P": { "INT": 0xFFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF, "DESC": "VSH P", },
    "A": { "INT": 0xFFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFC, "DESC": "VSH A", },
    "B": { "INT": 0xA68BEDC33418029C1D3CE33B9A321FCCBB9E0F0B, "DESC": "VSH B", },
    "N": { "INT": 0xFFFFFFFFFFFFFFFEFFFFB5AE3C523E63944F2127, "DESC": "VSH Order N/Q", },
    "GX": { "INT": 0x128EC4256487FD8FDF64E2437BC0A1F6D5AFDE2C, "DESC": "VSH Gx", },
    "GY": { "INT": 0x5958557EB1DB001260425524DBC379D5AC5F4ADF, "DESC": "VSH Gy", },
    "PUBX": { "INT": 0x6227B00A02856FB04108876719E0A0183291EEB9, "DESC": "VSH PubKey X", },
    "PUBY": { "INT": 0x6E736ABF81F70EE9161B0DDEB026761AFF7BC85B, "DESC": "VSH PubKey Y", },
}
Data = bytes.fromhex("fcf66ca605a05f5274552f6df523050d98cf249bb06fdce5a0cc0db82503446cc9c00c57f7d7017368844a5f4dc25335b3d4af51238dde5b939d1d271c4922bd05017aa28d22b175165a49941ead92081044f5dd1e3f49d7b0f31a767425e702b75131fac432adfb2e24f62553cde74a8d03e1267893674b52693fbd20e801becd85fef37ccd7c735121a4f5910cf807")
print("Data:", binascii.hexlify(Data))
Sha1 = hashlib.sha1(Data).digest()  ## 0ac2caf8d2a7489be95673c7ab4d75c6a448c5f4
print("Sha1:", binascii.hexlify(Sha1))
Signature_R = 0x008288896404ecb6447a93bdc5606bda076ea0e6a1
Signature_S = 0x00846c7b4596e63808ca85b3e975b4673c2c84c711
print("----------")</pre>
A) With starkbank-ecdsa (faster) from https ://pypi.org/project/starkbank-ecdsa/<br>
Install via: pip install starkbank-ecdsa
<pre>import ellipticcurve.curve
import ellipticcurve.ecdsa
import ellipticcurve.point
import ellipticcurve.publicKey
import ellipticcurve.signature
Vsh_Curve = ellipticcurve.curve.CurveFp(CONST_VSH_ECDSA["A"]["INT"], CONST_VSH_ECDSA["B"]["INT"], CONST_VSH_ECDSA["P"]["INT"], CONST_VSH_ECDSA["N"]["INT"], CONST_VSH_ECDSA["GX"]["INT"], CONST_VSH_ECDSA["GY"]["INT"], "VSH Curve", oid=(1, 2, 3, 4))
#
Vsh_PubKey_Point = ellipticcurve.point.Point(CONST_VSH_ECDSA["PUBX"]["INT"], CONST_VSH_ECDSA["PUBY"]["INT"])
Vsh_PubKey = ellipticcurve.publicKey.PublicKey(Vsh_PubKey_Point, Vsh_Curve)
#
Signature = ellipticcurve.signature.Signature(Signature_R, Signature_S)
#
Data_String = Data.decode("latin-1")
Result = ellipticcurve.ecdsa.Ecdsa.verify(Data_String, Signature, Vsh_PubKey, hashfunc=hashlib.sha1)
print("Verify with module starkbank-ecdsa:", Result)
print("----------")</pre>
B) With ecdsa (slower) from https ://pypi.org/project/ecdsa/<br>
Install via: pip install ecdsa
<pre>import ecdsa.curves
import ecdsa.ecdsa
import ecdsa.ellipticcurve
import ecdsa.keys
Vsh_Curve = ecdsa.ellipticcurve.CurveFp(CONST_VSH_ECDSA["P"]["INT"], CONST_VSH_ECDSA["A"]["INT"], CONST_VSH_ECDSA["B"]["INT"])
Vsh_Generator = ecdsa.ellipticcurve.PointJacobi(Vsh_Curve, CONST_VSH_ECDSA["GX"]["INT"], CONST_VSH_ECDSA["GY"]["INT"], 1, order=CONST_VSH_ECDSA["N"]["INT"], generator=True)
#
Vsh_PubKey_Point = ecdsa.ellipticcurve.Point(Vsh_Curve, CONST_VSH_ECDSA["PUBX"]["INT"], CONST_VSH_ECDSA["PUBY"]["INT"], order=CONST_VSH_ECDSA["N"]["INT"])
Vsh_PubKey = ecdsa.ecdsa.Public_key(Vsh_Generator, Vsh_PubKey_Point, verify=True)
#
Signature = ecdsa.ecdsa.Signature(Signature_R, Signature_S)
#
Sha1_Int = int.from_bytes(Sha1, byteorder="big")
print("Sha1 Int:", Sha1_Int)
Result = Vsh_PubKey.verifies(Sha1_Int, Signature)
print("Verify with module ecdsa:", Result)
print("----------")</pre>


== vsh pub + curvetable ==
=== Observations ===
<pre>  pub    :  6227B00A02856FB04108876719E0A0183291EEB96E736ABF81F70EE9161B0DDEB026761AFF7BC85B
  curves :  000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
              000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
              0000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFE000000
              00000000000000000000000000FFFFFFFE00000000000000039A2EB773FCA61DCB5236A42C6F7FEB426E5ADA06
              0000000000000000FFFE4A39E80D6F151E245270DDA65311EAB7634F69577D0F51E30602711A07059FBCA7BA92
              F5E34D6F7216F0D828A37D413EF73F0000000000000000FFFFFFFE00000000000000000000000000000000FFFF
              FFFE00000000000000035974123CCBE7FD63E2C31CC465CDE0334461F0F4000000000000000100004A51C3ADC1
              9C6BB0DED8ED713BDA9B780270209B1DBC843F5E092A5021D3A6A7AA814E24FFED9FBDAADB243C862A53A0B520</pre>
vsh-pub-curves.rar (367 Bytes):
* <span style="text-decoration: line-through;">http://www.multiupload.com/A19Q0HV7OW</span>
* http://www.rapidspread.com/file.jsp?id=ew2wexn74o
* http://www.mirrorcreator.com/files/1XFSXLGU/vsh-pub-curves.rar_links


===Observations===
3.10:
3.10:
  PUB:
  PUB:
Line 354: Line 412:
   0062EEA0  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81  ›.¼„?^.*P!Ó¦§ª.
   0062EEA0  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81  ›.¼„?^.*P!Ó¦§ª.
   0062EEB0  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ  
   0062EEB0  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ  


3.55:
3.55:
Line 392: Line 449:
----
----


==RAW key list==
== Raw key list ==
Some insight in how the AES routines and SHA1 hashes relate to offsets in appldr : [http://pastie.org/private/fdabkjhmd3hwowi6dgsbw aes 3.15] [http://pastie.org/private/unpbjffn6zgy3vldefvivq sha1 3.15]
 
Some insight in how the AES routines and SHA1 hashes relate to offsets in appldr:
* [http://pastie.org/private/fdabkjhmd3hwowi6dgsbw AES routines 3.15]
* [http://pastie.org/private/unpbjffn6zgy3vldefvivq sha1 hashes 3.15]
 
=== Primary Table ===
 
(C/P is from PS3 FW 3.56 Fix)


=== Primairy Table ===
(C/P is from 3.56 Fix)
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 511: Line 573:
   0001A3B0  B2 C0 CD 24 92 B0 B5 A1 00 00 00 3A 00 00 00 00  ²ÀÍ$’°µ¡...:....  PUB - Curve
   0001A3B0  B2 C0 CD 24 92 B0 B5 A1 00 00 00 3A 00 00 00 00  ²ÀÍ$’°µ¡...:....  PUB - Curve


=== Secondairy Tables ===
=== Secondary Tables ===


====1.00====
==== 1.00 ====
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 537: Line 599:
   000150B0  B4 57 8A 4C 61 C5 D6 BF 00 00 00 11 00 00 00 00  ´WŠLaÅÖ¿........  PUB - Curve
   000150B0  B4 57 8A 4C 61 C5 D6 BF 00 00 00 11 00 00 00 00  ´WŠLaÅÖ¿........  PUB - Curve


====2.40====
==== 2.40 ====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 547: Line 610:
   00018EF0  C7 46 05 E7 B8 CB 73 2D 00 00 00 08 00 00 00 00  ÇF.ç¸Ës-........  PUB - Curve
   00018EF0  C7 46 05 E7 B8 CB 73 2D 00 00 00 08 00 00 00 00  ÇF.ç¸Ës-........  PUB - Curve


====3.40====
==== 3.40 ====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 571: Line 635:
   000194E0  08 F6 A0 36 58 F2 97 0E 00 00 00 29 00 00 00 00  .ö 6Xò—....)....  PUB - Curve
   000194E0  08 F6 A0 36 58 F2 97 0E 00 00 00 29 00 00 00 00  .ö 6Xò—....)....  PUB - Curve


====3.50====
==== 3.50 ====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 595: Line 660:
   000197D0  27 CE 9E 47 88 9A 45 D0 00 00 00 2A 00 00 00 00  'ΞGˆšEÐ...*....  PUB - Curve
   000197D0  27 CE 9E 47 88 9A 45 D0 00 00 00 2A 00 00 00 00  'ΞGˆšEÐ...*....  PUB - Curve


====3.55====
==== 3.55 ====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
    
    
Line 619: Line 685:
   0001A710  FA 3B E8 32 9E 01 5E 57 00 00 00 3A 00 00 00 00  ú;è2ž.^W...:....  PUB - Curve
   0001A710  FA 3B E8 32 9E 01 5E 57 00 00 00 3A 00 00 00 00  ú;è2ž.^W...:....  PUB - Curve


====3.56====
==== 3.56 ====
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 643: Line 710:
   00020660  6A B0 91 E1 6B 23 14 33 00 00 00 3B 00 00 00 00  j°‘ák#.3...;....  PUB - Curve
   00020660  6A B0 91 E1 6B 23 14 33 00 00 00 3B 00 00 00 00  j°‘ák#.3...;....  PUB - Curve


* [http://pastebin.com/2btt19gh] <!--//Older pastie: http://pastebin.com/uWUqGXwx / http://pastie.org/private/enolspz7cyhvlg8rxhqwqg//-->


http://pastebin.com/2btt19gh
=== Other ===
<!--//Older pastie: http://pastebin.com/uWUqGXwx / http://pastie.org/private/enolspz7cyhvlg8rxhqwqg//-->


=== Other ===
some pasties mention parts of these, for completeness listed too.
some pasties mention parts of these, for completeness listed too.


==== Revokelist ====
==== Revokelist ====
Seen in: appldr, isoldr, lv2ldr, spu_pkg_rvk_verifier.self
Seen in: appldr, isoldr, lv2ldr, spu_pkg_rvk_verifier.self


===== 1.00-3.55 RVK =====
===== 1.00-3.55 RVK =====
(seen in =>1.00 <= 3.55)
 
(seen in => 1.00 <= 3.55)
 
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 663: Line 732:
   0001AC40  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  Z€Hý†_...‘‰SZ7b>    PUB - rvklist 0.80-3.55
   0001AC40  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  Z€Hý†_...‘‰SZ7b>    PUB - rvklist 0.80-3.55
   0001AC50  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!Btc§T÷........    PUB - rvklist 0.80-3.55
   0001AC50  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!Btc§T÷........    PUB - rvklist 0.80-3.55
===== 3.56 RVK =====
===== 3.56 RVK =====
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 673: Line 743:
   00020CC0  8F B5 B7 F4 B5 B4 E6 3B 00 00 00 00 00 00 00 00  .µ·ôµ´æ;........    PUB - rvklist 3.56
   00020CC0  8F B5 B7 F4 B5 B4 E6 3B 00 00 00 00 00 00 00 00  .µ·ôµ´æ;........    PUB - rvklist 3.56


==== 1.00++ ====
==== 1.00+ ====
(seen in =>1.00 <=3.56)
 
(seen in => 1.00 <=3.56)
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
        
        
Line 709: Line 780:


<!--//http://pastie.org/private/dhdhplnph3pondohxnrlnw checked, all are listed above or not curve e.g.: 03 af 06 fd 1c e6 da 36 //-->
<!--//http://pastie.org/private/dhdhplnph3pondohxnrlnw checked, all are listed above or not curve e.g.: 03 af 06 fd 1c e6 da 36 //-->
----
http://pastie.org/private/qwndjafrtkvhe9cikbxhg << [http://pastebin.com/wHSRj9gW some eid0 related stuff].


== Fake keys ==
== Fake keys ==
Line 723: Line 790:
|-
|-
|}
|}
silk.sprx DES key: <code>8E3E1E46FFEE0309</code>
silk.sprx DES key: <code>8E3E1E46FFEE0309</code>


== Colors ==
== Colors ==


===HMAC===
=== HMAC ===
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#f491ad" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#f491ad" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 754: Line 822:


=== ldr key (inside decrypted metldr/asecure_loader) ===
=== ldr key (inside decrypted metldr/asecure_loader) ===
<pre>erk: C0CEFE 84C227 F75BD0 7A7EB8 46509F 93B238 E770DA CB9FF4 A388F8 12482B E21B
 
<pre>
erk: C0CEFE 84C227 F75BD0 7A7EB8 46509F 93B238 E770DA CB9FF4 A388F8 12482B E21B
riv: 47EE74 54E477 4CC9B8 960C7B 59F4C1 4D
riv: 47EE74 54E477 4CC9B8 960C7B 59F4C1 4D
pub: C2D4AA F31935 5019AF 99D44E 2B58CA 29252C 89123D 11D621 8F40B1 38CAB2 9B7101 F3AEB7 2A9750 19
pub: C2D4AA F31935 5019AF 99D44E 2B58CA 29252C 89123D 11D621 8F40B1 38CAB2 9B7101 F3AEB7 2A9750 19
Line 762: Line 832:
Da: C5B2BF A1A413 DD16F2 6D31C0 F2ED47 20DCFB 067000
Da: C5B2BF A1A413 DD16F2 6D31C0 F2ED47 20DCFB 067000
Priv: 00C5B2 BFA1A4 13DD16 F26D31 C0F2ED 4720DC FB0670
Priv: 00C5B2 BFA1A4 13DD16 F26D31 C0F2ED 4720DC FB0670
Curvetype: 0x20</pre>
Curvetype: 0x20
====erk====
</pre>
 
==== erk ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C0CEFE" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C0CEFE" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 778: Line 851:
|}
|}


====riv====
==== riv ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#47EE74" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#47EE74" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 788: Line 862:
|}
|}


====pub====
==== pub ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C2D4AA" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C2D4AA" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 806: Line 881:
|}
|}


====R====
==== R ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#806E07" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#806E07" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 817: Line 893:
|}
|}


====n====
==== n ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#E13A7E" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#E13A7E" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 828: Line 905:
|}
|}


====K====
==== K ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#BA9055" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#BA9055" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 839: Line 917:
|}
|}


====Da====
==== Da ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#C5B2BF" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#C5B2BF" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 849: Line 928:
|align="center" colspan="1" style="background:#067000" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#067000" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
|}
:


====Priv====
==== Priv ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#00C5B2" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#00C5B2" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Line 861: Line 940:
|align="center" colspan="1" style="background:#FB0670" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#FB0670" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
|}
:


====Curve====
==== Curve ====
 
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
{| class="wikitable" border="0" cellspacing="1" cellpadding="1"
|align="center" colspan="1" style="background:#000020" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|align="center" colspan="1" style="background:#000020" | &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
|}
|}
:


==Non PS3 specific Keys==
== Non PS3 specific Keys ==


=== Kirk (PSP) ===
=== Kirk (PSP) ===
not to be found in the PS3, but reference is here: http://wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715


== Unknown value in syscon eeprom ==
Not to be found in the PS3, but reference is here: http://wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715
this value is used at least 3 times and it's (conveniently?) positioned at the start of SYSCON EEPROM, followed by another unknown block with the same size of EID1
 
== Unknown value in Syscon eeprom ==
 
This value is used at least 3 times and it is (conveniently?) positioned at the start of SYSCON EEPROM, followed by another unknown block with the same size of EID1.


<pre>
<pre>
Line 881: Line 961:
</pre>
</pre>


==Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61)==
== Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61) ==


from LV1LDR.ELF FW3.61
from LV1LDR.ELF FW 3.61


   offset 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   offset 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
Line 895: Line 975:
   1A3F0  60 01 0B 71 06 31 E4 35 A7 D9 15 E8 2A E8 8E DE < pub
   1A3F0  60 01 0B 71 06 31 E4 35 A7 D9 15 E8 2A E8 8E DE < pub
   1A400  66 72 64 65 6C B7 06 2E 00 00 00 00 00 00 00 00 < pub
   1A400  66 72 64 65 6C B7 06 2E 00 00 00 00 00 00 00 00 < pub
   1A410  84 4F 80 F3 C5 7C 45 5C 7F 09 00 00 00 00 00 00 < root_scramlbe_key
   1A410  84 4F 80 F3 C5 7C 45 5C 7F 09 00 00 00 00 00 00 < root_scramble_key
    
    
   1D140  F9 2C 86 66 EF FB AC 7E B5 83 E5 4A 25 7F 7C 05 < sk1_key
   1D140  F9 2C 86 66 EF FB AC 7E B5 83 E5 4A 25 7F 7C 05 < sk1_key
Line 914: Line 994:
   1DE20  9B 32 B2 0F A7 72 80 F1 09 5E A1 3F 1C 2D 5C 99 < riv_obf
   1DE20  9B 32 B2 0F A7 72 80 F1 09 5E A1 3F 1C 2D 5C 99 < riv_obf


Unscrambling script: key_unscrambler.py


Unscrambling script: key_unscrambler.py
<syntaxhighlight lang="python" enclose="div">
<syntaxhighlight lang="python" enclose="div">
   from CryptoPlus.Cipher import AES
   from CryptoPlus.Cipher import AES
Line 954: Line 1,034:
   print 'riv_dec:', riv_dec.encode('hex')
   print 'riv_dec:', riv_dec.encode('hex')
</syntaxhighlight>
</syntaxhighlight>
Scrambling script: key_scrambler.py
Scrambling script: key_scrambler.py
<syntaxhighlight lang="python" enclose="div">
<syntaxhighlight lang="python" enclose="div">
   from CryptoPlus.Cipher import AES
   from CryptoPlus.Cipher import AES
Line 993: Line 1,075:
   print 'riv_obf:', riv_obf.encode('hex')</code>
   print 'riv_obf:', riv_obf.encode('hex')</code>
</syntaxhighlight>
</syntaxhighlight>
source: [http://www.ps3news.com/forums/ps3-hacks-jailbreak/ps3-lv0-keys-leaked-4-21-4-25-4-30-cfw-updates-incoming-124532-24.html]
 
* Source: [http://www.ps3news.com/forums/ps3-hacks-jailbreak/ps3-lv0-keys-leaked-4-21-4-25-4-30-cfw-updates-incoming-124532-24.html]


= SPU Status Codes =
= SPU Status Codes =
Line 1,002: Line 1,085:
00 00 01 03 00 00 00 00  00 00 00 00 00 00 00 00 <- INTERNAL ERROR
00 00 01 03 00 00 00 00  00 00 00 00 00 00 00 00 <- INTERNAL ERROR
00 00 01 04 00 00 00 00  00 00 00 00 00 00 00 00 <- VERIFICATION FAILURE
00 00 01 04 00 00 00 00  00 00 00 00 00 00 00 00 <- VERIFICATION FAILURE
00 00 01 0B 00 00 00 00  00 00 00 00 00 00 00 00 <- ??? (in sv_iso, when auth_mode = 0x46 && auth_drive_super() failed)
</pre>
</pre>


= Private Key verifier (Anti-Troll)=
= Private Key verifier (Anti-Troll) =
http://pastie.org/private/yfmid0zejc8fp5x0ogzj5g
 
* Source: [https://web.archive.org/web/20141119122516/http://pastie.org/private/yfmid0zejc8fp5x0ogzj5g here]
 
<syntaxhighlight lang="python" enclose="div">
<syntaxhighlight lang="python" enclose="div">
#!python2
#!python2
Line 1,084: Line 1,170:
= Lv0 Passwords =
= Lv0 Passwords =


Lv0 sends this value to SPU when it loads lv1.self<br>
Lv0 sends this value to SPU when it loads lv1.self. Check is inside lv1ldr.
Check is inside lv1ldr.


{| class="wikitable sortable"
{| class="wikitable sortable"
Line 1,091: Line 1,176:
! version !! password
! version !! password
|-
|-
| 3.41 || <code>9CD17AA7DBBFDE9B38F443F1F422B96E</code>
| 3.40 - 3.42 || <code>9CD17AA7DBBFDE9B38F443F1F422B96E</code>
|-
| 3.50 || <code>C11BBA042177DA40E26C9A2CFB03978C</code>
|-
|-
| 3.55 || <code>87746DC81CAE22812C44FC0E4F95338C</code>
| 3.55 || <code>87746DC81CAE22812C44FC0E4F95338C</code>
|-
|-
| 3.56 || <code>62E3F39DB055BDB16CBE68F79206FCC9</code>
|-
| 3.60 - 3.61 || <code>24D584F6452DD2AFF51A274A315CEC28</code>
|-
| 3.65 - 3.66 || <code>6B7CD8A6E714F28DAF10254303A25ED1</code>
|-
| 3.70 - 3.74 || <code>70D9A205D09B1D26AD00CA0213CC0B8D</code>
|-
| 4.00 - 4.11 || <code>8005ADF19082F027E19E947DC5A51A05</code>
|-
| 4.20 - {{latestPS3}} || <code>25EFE04B1D920B48CFFDCE7D43F438F1</code>
|}
|}
= RSA Source Example =
* [https://paste.ubuntu.com/24678348/ (to mirror because needs account)]
* Uses Trophy Public Modulus and Exponent for Signature verification
* Adapted from [https://rosettacode.org/wiki/RSA_code#C Rosetta Code]
= Unknown Triple_DES key? =
Key = F1660C455AB510B98B42660B8FB0476402C503052DB2AC87
IV  = 6991982C9598E77C
* Location: explore_plugin.sprx
= SacModule =
Key = 01A325C749EB6DF8E9C7AF856D432B10
IV  = D23785A490CBE1860F1D249CE56F73AB
Data.enc = 5745E719A338CD681D02D7089A40FBF6D1E4206780ED0922E049B5BF69959DA3
Data.dec = 6794C8666FB90DF0B6350B1816D5C8F010101010101010101010101010101010
First 0x10 bytes only used from the decrypted data.
Key2 = 10CC98B53A7C4462B8700923E613FA39
IV2  = B07985E490BCB8520F1D639CE56F73AB
Data2.enc = E172AC67EFD5FB5EC97EC180592D17F2 .... 5A79457925B6678D3866ADC53C4658EE
Data2.dec = 00A09853C2AF506F5F8876AB4543233C .... 4334097D2FDD1C090909090909090909
There are 2 blobs inside:
* 1) offset = 0, size = 0xAF.
* 2) offset 0xB7, size = 0x240.
Second part contains RSA-1024 Private keyset, used to sign some data.
rsa sig pub: BF4F654ED270FE7EA234B0503EA6428CC65496E652380F308FA74165F2A4571CBCA16D7A7FF381E1D92F93AFD465D671C2C1478F58D5D48CB45624A528F69603
              6C21746224A4956D625087139679064961139227C9D001769D8250CA3E54FCDBDE311DA0B2B1EF13BDA3241E11C8FFB8BAB71879FB022730830612EC8F972305
rsa sig priv:4E6790A27436A0E66F3DDEC0945C794BCE809E737860C740E4AEEC6B86BCF982AA80122931453006CA86E825188C400DD17E7B0071ACF8F64D763C807FC0478C
              1B0DA0B18179DE1301D2BFE4B5D68682BEF06F532D331C026DE7BCE1E2F64F9D850A48602D4E1DE9358D7A4EDEF91388382439CE9F25B350ED511F4ED7E83545
rsa sig P:  F6B73A560471BB8DF71474F8682F7DF63FDC9F263CA9B76C43FB8090ADCF59D22BE2405C2D454A678D0B58942B47100CA4E3E9F03C4B5AB3B95ED77AF8168B4B
rsa sig Q:  C68268F30C242D5E234DF91ED0954D7C56AEEAA90EE554EB845473C6777182C92504C3AE6F7FEC44AF7C4C7963BD3E91B241D714A9D8D97B6B3041D2095A48EF
rsa sig DP:  BB5E3423978478983C8980BC1703DA79E5CE3BDFE23A525F1AD22AB5B60ABF806A6B8DCD73642839B458659141BCDA677FE2C78BF77E9307E3443009E7D7D739
rsa sig DQ:  39A67C0641FB6BB590393FE5441C68317917398D39873EBF5B620F718F14C72FD57169C70A18B3AC4AEEA56307A5593B84F27C1D432A7816D0CD660032B926BF
rsa sig QP:  71D9D08479685B74B35F318137865935E6DD4400888C97C24C08A0CD7B860809E361FE252E8638264D2E098D6303ADD1021B80AF4ACF210F0C4334097D2FDD1C
rsa enc pub: BE95A0C43EDEAADE777A54521F5B9836D8C1FA17071F12DDF1B30289CC9FB24200508B875E6F155F9AB8D8B808DB752682B20CAC56F8EA2276DB52D81E3195FE
              A31A539F9AB9E68232CC523735E18CEC41112AADF8A66DA782BA297AAC60CEA323B067D357B3410FCB84253159CAD55B6664FD888F196BB78EB2BE85EBEBDD1F
= Unity Keys =
<pre>
PS3:      I3-DDQR-F4PJ-5D8E-G4TT-DQS2
Vita:        I3-B2DJ-BSR5-HKTE-2HHH-9QR2
PS4:            I3-9HBF-CRK9-TDEA-422V-KDB5
Vita/PS4:    I3-M7AD-279S-X79U-FPTT-854R
PS3/Vita:    I3-CH9J-73FU-F25C-NVPU-7Q43
PS3/PS4:    I3-ZHZG-JS75-VJ5T-GJD4-EDTX
</pre>
= Fail Keys =
Sony's Hall of Shame, see [[Fail_Keys]]

Latest revision as of 18:35, 13 May 2024

Superslim DEX Serial 1 Signature[edit source]

R:00 78 8C AE B0 E7 0C 3C D5 32 11 CC 0E 16 C2 A1 6E 9B F6 E6 80
S:00 82 03 7E 33 00 DE 68 DA 8A DD 87 E5 A8 E3 64 2F B7 55 3D D6

Superslim DEX Serial 1 Token[edit source]

2F 4A F9 92 92 F3 01 FD 40 31 53 AB 8F 4A 17 15 
2F EA D8 C3 0D E5 F5 5F C8 6E 8B 19 EC BE 22 D2 
82 F6 30 29 D2 CD 03 44 0B 55 06 84 0D 4E 83 0B 
39 7C 4D 35 6A D8 B2 27 4C A5 74 35 95 C3 23 B4 
4E 32 3B 39 5A 85 4B E4 FA E3 1B 0B 74 11 AF C9

2.36 vs 3.30 appldr key 79481839C4...[edit source]

Stop editing 79481839C4... as a PS3 FW 3.30 appldr key, unless you can disprove the absence of it since after PS3 FW 2.36 as seen here: http://pastebin.com/biWXJrst.

I see it there at offset 0x18C30 in the pastebin....

Here are some appldr keys: .xls (dead link) and I doubt about the versions and revisions because of ^^

Please edit and add it to the Page.

Disproving the absence: (dead link)

This archive contains files from PS3 FW 3.31 DECR (appldr, decrypted appldr and emer_init.self)

The key 79481839C4... is inside the decrypted appldr and used to decrypt emer_init.self.

sv_iso_spu_module 1.02-3.55[edit source]

key_0:   EF4F6A107742E8448BC1F9D8F2481B31 // key_0 is an aes_cfb128 iv

iv_0:    2226928D44032F436AFD267E748B2393
key_0_0: 126C6B5945370EEECA68262D02DD12D2 // key_0_0 is used with iv_0 to generate gen_key_0
key_0_1: D9A20A79666C27D11032ACCF0D7FB501 // key_0_1 is used with iv_0 to generate gen_key_1

key_1:   7CDD0E02076EFE4599B1B82C359919B3 // key_1 is used with iv_0

iv_1:    3BD624020BD3F865E80B3F0CD6566DD0 // iv_1 is used with gen_key_0 and gen_key_1

key_2:   380BCF0B53455B3C7817AB4FA3BA90ED // key_2 + iv_2 are used to generate something from the disk name (id?)
iv_2:    69474772AF6FDAB342743AEFAA186287

debug_disc_fallback: 67C0758CF4996FEF7E88F90CC6959D66 // this fallback is used if the disk name (id?) is 'PS3_L_DEBUG_DISC'

Observations[edit source]

genelib.dll (Build 1.20.2662.20880):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
00034C80                                      67 C0 75 8C              gÀuŒ
00034C90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f
genelib.dll (Build 2.50.3551.37780):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
00063E80                                      67 C0 75 8C              gÀuŒ
00063E90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f
genelib.dll (Build 3.12.4159.28611):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
0006BE80                                      67 C0 75 8C              gÀuŒ
0006BE90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f
genelib.dll (Build 3.30.4566.37262):
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
00072E80                                      67 C0 75 8C              gÀuŒ
00072E90  F4 99 6F EF 7E 88 F9 0C C6 95 9D 66              ô™oï~ˆù.Æ•.f

sc_iso module 1.00-4.00[edit source]

0x0                                     
0x1                                     
0x2     D413B89663E1FE9F75143D3BB4565274
0x3     FA72CEEF59B4D2989F111913287F51C7
0x4     DAA4B9F2BC70B280A7B340FA0D04BA14
0x5                                     

Observations[edit source]

 1.00:
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   00020210  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.   key rev 0x4
   00020220  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ   key rev 0x3
   00020230  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt   key rev 0x2
 3.15:
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   00014110  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt   key rev 0x4
   00014120  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ   key rev 0x3
   00014130  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.   key rev 0x2
 3.41:
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   00014110  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt   key rev 0x4
   00014120  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ   key rev 0x3
   00014130  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.   key rev 0x2
 3.55:
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   00014110  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt   key rev 0x4
   00014120  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ   key rev 0x3
   00014130  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.   key rev 0x2
 4.00:
   Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   ********  D4 13 B8 96 63 E1 FE 9F 75 14 3D 3B B4 56 52 74  Ô.¸–cáþŸu.=;´VRt   key rev 0x4
   ********  FA 72 CE EF 59 B4 D2 98 9F 11 19 13 28 7F 51 C7  úrÎïY´Ò˜Ÿ...(.QÇ   key rev 0x3
   ********  DA A4 B9 F2 BC 70 B2 80 A7 B3 40 FA 0D 04 BA 14  Ú¤¹ò¼p²€§³@ú..º.   key rev 0x2

aim_spu_module Keys Usage[edit source]

See Keys#aim_spu_module_Keys, especially aim_key, aim_iv and aim_compare.

Can anyone explain to me what is the purpose and functionality of these keys? I have never seen them in "action" before...

spu_token_processor[edit source]

spu_token_processor 1.00-3.56
  token-hmac: CC30C4229113DB25733553AFD06E8762B3729D9EFAA6D5F35A6F58BF38FF8B5F58A25BD9C9B50B01D1AB4028676968EAC7F88833B662935D7506A6B5E0F9D97A
  token-key:  341812376291371C8BC756FFFC611525403F95A8EF9D0C996482EEC216B562ED
  token-iv:   E8663A69CD1A5C454A761E728C7C254E

Observations[edit source]

1.00:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
0000A330  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  Ì0Ä"‘.Û%s5S¯Ðn‡b    <-- token-hmac
0000A340  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  ³r.žú¦ÕóZoX¿8ÿ‹_    <-- token-hmac
0000A350  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
0000A360  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
0000A370  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b‘7.‹ÇVÿüa.%    <-- token-key
0000A380  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?•¨ï..™d‚îÂ.µbí    <-- token-key
   
0000A480  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯    <-- eid0_iv_sd_1
0000A490  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„    <-- aim_ks_4
   
0000AA20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
3.30-3.41 FIX:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
00004840  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b‘7.‹ÇVÿüa.%    <-- token-key
00004850  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?•¨ï..™d‚îÂ.µbí    <-- token-key
00004860  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  Ì0Ä"‘.Û%s5S¯Ðn‡b    <-- token-hmac
00004870  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  ³r.žú¦ÕóZoX¿8ÿ‹_    <-- token-hmac
00004880  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004890  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
000048A0  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„    <-- aim_ks_4
000048B0  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯    <-- eid0_iv_sd_1
   
00004F20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
3.50:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
   
00004700  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b‘7.‹ÇVÿüa.%    <-- token-key
00004710  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?•¨ï..™d‚îÂ.µbí    <-- token-key
00004720  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  Ì0Ä"‘.Û%s5S¯Ðn‡b    <-- token-hmac
00004730  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  ³r.žú¦ÕóZoX¿8ÿ‹_    <-- token-hmac
00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„    <-- aim_ks_4
00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯    <-- eid0_iv_sd_1
   
00004D20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
3.55:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00004700  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b‘7.‹ÇVÿüa.%    <-- token-key
00004710  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?•¨ï..™d‚îÂ.µbí    <-- token-key
00004720  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  Ì0Ä"‘.Û%s5S¯Ðn‡b    <-- token-hmac
00004730  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  ³r.žú¦ÕóZoX¿8ÿ‹_    <-- token-hmac
00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„    <-- aim_ks_4
00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯    <-- eid0_iv_sd_1
   
00004D20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv
3.56:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
00004700  34 18 12 37 62 91 37 1C 8B C7 56 FF FC 61 15 25  4..7b‘7.‹ÇVÿüa.%    <-- token-key
00004710  40 3F 95 A8 EF 9D 0C 99 64 82 EE C2 16 B5 62 ED  @?•¨ï..™d‚îÂ.µbí    <-- token-key
00004720  CC 30 C4 22 91 13 DB 25 73 35 53 AF D0 6E 87 62  Ì0Ä"‘.Û%s5S¯Ðn‡b    <-- token-hmac
00004730  B3 72 9D 9E FA A6 D5 F3 5A 6F 58 BF 38 FF 8B 5F  ³r.žú¦ÕóZoX¿8ÿ‹_    <-- token-hmac
00004740  58 A2 5B D9 C9 B5 0B 01 D1 AB 40 28 67 69 68 EA  X¢[Ùɵ..Ñ«@(gihê    <-- token-hmac
00004750  C7 F8 88 33 B6 62 93 5D 75 06 A6 B5 E0 F9 D9 7A  Çøˆ3¶b“]u.¦µàùÙz    <-- token-hmac
00004760  30 B0 39 5D C5 83 5A AA 3A 79 86 B4 4A FA E6 84  0°9]ŃZª:y†´Júæ„    <-- aim_ks_4
00004770  2E D7 CE 8D 1D 55 45 45 85 BF 6A 32 81 CD 03 AF  .×Î..UEE…¿j2.Í.¯    <-- eid0_iv_sd_1
     
00004D20  E8 66 3A 69 CD 1A 5C 45 4A 76 1E 72 8C 7C 25 4E  èf:iÍ.\EJv.rŒ|%N    <-- token-iv

appldr rev 0x01[edit source]

appold_R  :  B0CD2FDF15C9A79A2C28415B2B5385ED7E91D38D        # ps3publictools/include/keys.h
appold_n  :  B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
appold_K  :  897FC3B145E10D828B8A86570F9DF9409F75CBB0        # ...
appold_Da :  3DE80167D2F0E9D30F2145144A558D1174F5410C        # ...
     
appold_keypair_e :   28958D9BE4184A1201FAD52BEC4490DB90F4452DB311A22401FB17AF4D873641B53508708072524DABE52F59987DFE1CD7C49093BD45707CCEC81A47583FD94E        # ps3publictools/include/oddkeys.h
     
appold_keypair_d :   3DEA9F72E7BED979EF787BA96930C01D00000000000000000000000000000000B227D4B47C5321D4FDE97B04EAF9C7F400000000000000000000000000000000        # ps3publictools/include/oddkeys.h

npdrm rev 0x01[edit source]

npdrm_R  :   A38BCB3E4E7309904AEFDFC5047D0FDF06E35C0D        # ps3publictools/include/keys.h
npdrm_n  :   B0E7CAFFC8DEEE8A55A3050D809ADFE38FA01DAB        # ...
npdrm_K  :   974E906279705E58D9DAB4BFDA8BDA93135117E2        # ...
npdrm_Da :   040AB47509BED04BD96521AD1B365B86BF620A98        # ...
     
klic_ps3_free  :   72F990788F9CFF745725F08E4C128387        # ps3publictools/include/oddkeys.h
npd_header_hash_xor_key  :   6BA52976EFDA16EF3C339FB2971E256B        # ...
npd_cid_fn_hash_aes_cmac_key  :   9B515FEACF75064981AA604D91A54E97        # ...
     
npdrm_keypair_e  :   A1C013ABCE98A7E3DC69923B07C0285F7554C512B0B0A96F245240F2FD433AF23F4EFEC6C183EA378D1BECB09D88DB328F2C8637B7AC72059B1556B0D95B5BE0        # ps3publictools/include/oddkeys.h
     
npdrm_keypair_d  :   87C74FFE66930BAAA16F864091C566FB000000000000000000000000000000000828B58FACF9DEC8D70DFEF0F37663AE00000000000000000000000000000000        # ps3publictools/include/oddkeys.h

Using VSH ECDSA in Python[edit source]

#!/usr/bin/env python

### Python 2 future-compatible workarounds: (see: http://python-future.org/compatible_idioms.html)
## prevent interpreting print(a,b) as a tuple plus support print(a, file=sys.stderr)
from __future__ import print_function
## interpret long as int, support int.from_bytes()
from builtins import int
## support bytes()
from builtins import bytes

import hashlib
import binascii

CONST_VSH_ECDSA = {
    "P": { "INT": 0xFFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF, "DESC": "VSH P", },
    "A": { "INT": 0xFFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFC, "DESC": "VSH A", },
    "B": { "INT": 0xA68BEDC33418029C1D3CE33B9A321FCCBB9E0F0B, "DESC": "VSH B", },
    "N": { "INT": 0xFFFFFFFFFFFFFFFEFFFFB5AE3C523E63944F2127, "DESC": "VSH Order N/Q", },
    "GX": { "INT": 0x128EC4256487FD8FDF64E2437BC0A1F6D5AFDE2C, "DESC": "VSH Gx", },
    "GY": { "INT": 0x5958557EB1DB001260425524DBC379D5AC5F4ADF, "DESC": "VSH Gy", },
    "PUBX": { "INT": 0x6227B00A02856FB04108876719E0A0183291EEB9, "DESC": "VSH PubKey X", },
    "PUBY": { "INT": 0x6E736ABF81F70EE9161B0DDEB026761AFF7BC85B, "DESC": "VSH PubKey Y", },
}
Data = bytes.fromhex("fcf66ca605a05f5274552f6df523050d98cf249bb06fdce5a0cc0db82503446cc9c00c57f7d7017368844a5f4dc25335b3d4af51238dde5b939d1d271c4922bd05017aa28d22b175165a49941ead92081044f5dd1e3f49d7b0f31a767425e702b75131fac432adfb2e24f62553cde74a8d03e1267893674b52693fbd20e801becd85fef37ccd7c735121a4f5910cf807")
print("Data:", binascii.hexlify(Data))
Sha1 = hashlib.sha1(Data).digest()  ## 0ac2caf8d2a7489be95673c7ab4d75c6a448c5f4
print("Sha1:", binascii.hexlify(Sha1))

Signature_R = 0x008288896404ecb6447a93bdc5606bda076ea0e6a1
Signature_S = 0x00846c7b4596e63808ca85b3e975b4673c2c84c711

print("----------")

A) With starkbank-ecdsa (faster) from https ://pypi.org/project/starkbank-ecdsa/
Install via: pip install starkbank-ecdsa

import ellipticcurve.curve
import ellipticcurve.ecdsa
import ellipticcurve.point
import ellipticcurve.publicKey
import ellipticcurve.signature

Vsh_Curve = ellipticcurve.curve.CurveFp(CONST_VSH_ECDSA["A"]["INT"], CONST_VSH_ECDSA["B"]["INT"], CONST_VSH_ECDSA["P"]["INT"], CONST_VSH_ECDSA["N"]["INT"], CONST_VSH_ECDSA["GX"]["INT"], CONST_VSH_ECDSA["GY"]["INT"], "VSH Curve", oid=(1, 2, 3, 4))
#
Vsh_PubKey_Point = ellipticcurve.point.Point(CONST_VSH_ECDSA["PUBX"]["INT"], CONST_VSH_ECDSA["PUBY"]["INT"])
Vsh_PubKey = ellipticcurve.publicKey.PublicKey(Vsh_PubKey_Point, Vsh_Curve)
#
Signature = ellipticcurve.signature.Signature(Signature_R, Signature_S)
#
Data_String = Data.decode("latin-1")
Result = ellipticcurve.ecdsa.Ecdsa.verify(Data_String, Signature, Vsh_PubKey, hashfunc=hashlib.sha1)
print("Verify with module starkbank-ecdsa:", Result)
print("----------")

B) With ecdsa (slower) from https ://pypi.org/project/ecdsa/
Install via: pip install ecdsa

import ecdsa.curves
import ecdsa.ecdsa
import ecdsa.ellipticcurve
import ecdsa.keys

Vsh_Curve = ecdsa.ellipticcurve.CurveFp(CONST_VSH_ECDSA["P"]["INT"], CONST_VSH_ECDSA["A"]["INT"], CONST_VSH_ECDSA["B"]["INT"])
Vsh_Generator = ecdsa.ellipticcurve.PointJacobi(Vsh_Curve, CONST_VSH_ECDSA["GX"]["INT"], CONST_VSH_ECDSA["GY"]["INT"], 1, order=CONST_VSH_ECDSA["N"]["INT"], generator=True)
#
Vsh_PubKey_Point = ecdsa.ellipticcurve.Point(Vsh_Curve, CONST_VSH_ECDSA["PUBX"]["INT"], CONST_VSH_ECDSA["PUBY"]["INT"], order=CONST_VSH_ECDSA["N"]["INT"])
Vsh_PubKey = ecdsa.ecdsa.Public_key(Vsh_Generator, Vsh_PubKey_Point, verify=True)
#
Signature = ecdsa.ecdsa.Signature(Signature_R, Signature_S)
#
Sha1_Int = int.from_bytes(Sha1, byteorder="big")
print("Sha1 Int:", Sha1_Int)
Result = Vsh_PubKey.verifies(Sha1_Int, Signature)
print("Verify with module ecdsa:", Result)
print("----------")

Observations[edit source]

3.10:

PUB:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0065ECC0  62 27 B0 0A 02 85 6F B0 41 08 87 67 19 E0 A0 18  b'°..…o°A.‡g.à .
  0065ECD0  32 91 EE B9 6E 73 6A BF 81 F7 0E E9 16 1B 0D DE  2‘î¹nsj¿.÷.é...Þ
  0065ECE0  B0 26 76 1A FF 7B C8 5B                          °&v.ÿ{È[
CURVE:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0061CF60  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CF70  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CF80  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CF90  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CFA0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061CFB0  00 00 00 00 00 00 00 00 FF FF FF FE 00 00 00 00  ........ÿÿÿþ....
  0061CFC0  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FE  ............ÿÿÿþ
  0061CFD0  00 00 00 00 00 00 00 03 9A 2E B7 73 FC A6 1D CB  ........š.·sü¦.Ë
  0061CFE0  52 36 A4 2C 6F 7F EB 42 6E 5A DA 06 00 00 00 00  R6¤,o.ëBnZÚ.....
  0061CFF0  00 00 00 00 FF FE 4A 39 E8 0D 6F 15 1E 24 52 70  ....ÿþJ9è.o..$Rp
  0061D000  DD A6 53 11 EA B7 63 4F 69 57 7D 0F 51 E3 06 02  ݦS.ê·cOiW}.Qã..
  0061D010  71 1A 07 05 9F BC A7 BA 92 F5 E3 4D 6F 72 16 F0  q...Ÿ¼§º’õãMor.ð
  0061D020  D8 28 A3 7D 41 3E F7 3F 00 00 00 00 00 00 00 00  Ø(£}A>÷?........
  0061D030  FF FF FF FE 00 00 00 00 00 00 00 00 00 00 00 00  ÿÿÿþ............
  0061D040  00 00 00 00 FF FF FF FE 00 00 00 00 00 00 00 03  ....ÿÿÿþ........
  0061D050  59 74 12 3C CB E7 FD 63 E2 C3 1C C4 65 CD E0 33  Yt.<ËçýcâÃ.ÄeÍà3
  0061D060  44 61 F0 F4 00 00 00 00 00 00 00 01 00 00 4A 51  Daðô..........JQ
  0061D070  C3 AD C1 9C 6B B0 DE D8 ED 71 3B DA 9B 78 02 70  íÁœk°ÞØíq;Ú›x.p
  0061D080  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81   ›.¼„?^.*P!Ó¦§ª.
  0061D090  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ 


3.15:

PUB:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  0065FAF0                          62 27 B0 0A 02 85 6F B0          b'°..…o°
  0065FB00  41 08 87 67 19 E0 A0 18 32 91 EE B9 6E 73 6A BF  A.‡g.à .2‘î¹nsj¿
  0065FB10  81 F7 0E E9 16 1B 0D DE B0 26 76 1A FF 7B C8 5B  .÷.é...Þ°&v.ÿ{È[
CURVE:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  0061DDE0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DDF0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DE00  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DE10  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DE20  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0061DE30  00 00 00 00 00 00 00 00 FF FF FF FE 00 00 00 00  ........ÿÿÿþ....
  0061DE40  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FE  ............ÿÿÿþ
  0061DE50  00 00 00 00 00 00 00 03 9A 2E B7 73 FC A6 1D CB  ........š.·sü¦.Ë
  0061DE60  52 36 A4 2C 6F 7F EB 42 6E 5A DA 06 00 00 00 00  R6¤,o.ëBnZÚ.....
  0061DE70  00 00 00 00 FF FE 4A 39 E8 0D 6F 15 1E 24 52 70  ....ÿþJ9è.o..$Rp
  0061DE80  DD A6 53 11 EA B7 63 4F 69 57 7D 0F 51 E3 06 02  ݦS.ê·cOiW}.Qã..
  0061DE90  71 1A 07 05 9F BC A7 BA 92 F5 E3 4D 6F 72 16 F0  q...Ÿ¼§º’õãMor.ð
  0061DEA0  D8 28 A3 7D 41 3E F7 3F 00 00 00 00 00 00 00 00  Ø(£}A>÷?........
  0061DEB0  FF FF FF FE 00 00 00 00 00 00 00 00 00 00 00 00  ÿÿÿþ............
  0061DEC0  00 00 00 00 FF FF FF FE 00 00 00 00 00 00 00 03  ....ÿÿÿþ........
  0061DED0  59 74 12 3C CB E7 FD 63 E2 C3 1C C4 65 CD E0 33  Yt.<ËçýcâÃ.ÄeÍà3
  0061DEE0  44 61 F0 F4 00 00 00 00 00 00 00 01 00 00 4A 51  Daðô..........JQ
  0061DEF0  C3 AD C1 9C 6B B0 DE D8 ED 71 3B DA 9B 78 02 70  íÁœk°ÞØíq;Ú›x.p
  0061DF00  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81   ›.¼„?^.*P!Ó¦§ª.
  0061DF10  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ 


3.41:

PUB:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  00671640                          62 27 B0 0A 02 85 6F B0          b'°..…o°
  00671650  41 08 87 67 19 E0 A0 18 32 91 EE B9 6E 73 6A BF  A.‡g.à .2‘î¹nsj¿
  00671660  81 F7 0E E9 16 1B 0D DE B0 26 76 1A FF 7B C8 5B  .÷.é...Þ°&v.ÿ{È[
CURVE:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  0062ED80  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062ED90  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062EDA0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062EDB0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062EDC0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0062EDD0  00 00 00 00 00 00 00 00 FF FF FF FE 00 00 00 00  ........ÿÿÿþ....
  0062EDE0  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FE  ............ÿÿÿþ
  0062EDF0  00 00 00 00 00 00 00 03 9A 2E B7 73 FC A6 1D CB  ........š.·sü¦.Ë
  0062EE00  52 36 A4 2C 6F 7F EB 42 6E 5A DA 06 00 00 00 00  R6¤,o.ëBnZÚ.....
  0062EE10  00 00 00 00 FF FE 4A 39 E8 0D 6F 15 1E 24 52 70  ....ÿþJ9è.o..$Rp
  0062EE20  DD A6 53 11 EA B7 63 4F 69 57 7D 0F 51 E3 06 02  ݦS.ê·cOiW}.Qã..
  0062EE30  71 1A 07 05 9F BC A7 BA 92 F5 E3 4D 6F 72 16 F0  q...Ÿ¼§º’õãMor.ð
  0062EE40  D8 28 A3 7D 41 3E F7 3F 00 00 00 00 00 00 00 00  Ø(£}A>÷?........
  0062EE50  FF FF FF FE 00 00 00 00 00 00 00 00 00 00 00 00  ÿÿÿþ............
  0062EE60  00 00 00 00 FF FF FF FE 00 00 00 00 00 00 00 03  ....ÿÿÿþ........
  0062EE70  59 74 12 3C CB E7 FD 63 E2 C3 1C C4 65 CD E0 33  Yt.<ËçýcâÃ.ÄeÍà3
  0062EE80  44 61 F0 F4 00 00 00 00 00 00 00 01 00 00 4A 51  Daðô..........JQ
  0062EE90  C3 AD C1 9C 6B B0 DE D8 ED 71 3B DA 9B 78 02 70  íÁœk°ÞØíq;Ú›x.p
  0062EEA0  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81   ›.¼„?^.*P!Ó¦§ª.
  0062EEB0  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ 

3.55:

PUB:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0067F370  62 27 B0 0A 02 85 6F B0 41 08 87 67 19 E0 A0 18  b'°..…o°A.‡g.à .
  0067F380  32 91 EE B9 6E 73 6A BF 81 F7 0E E9 16 1B 0D DE  2‘î¹nsj¿.÷.é...Þ
  0067F390  B0 26 76 1A FF 7B C8 5B                          °&v.ÿ{È[
CURVE:
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0063B410  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B420  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B430  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B440  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B450  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B460  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B470  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
  0063B480  00 00 00 00 00 00 00 00 FF FF FF FE 00 00 00 00  ........ÿÿÿþ....
  0063B490  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FE  ............ÿÿÿþ
  0063B4A0  00 00 00 00 00 00 00 03 9A 2E B7 73 FC A6 1D CB  ........š.·sü¦.Ë
  0063B4B0  52 36 A4 2C 6F 7F EB 42 6E 5A DA 06 00 00 00 00  R6¤,o.ëBnZÚ.....
  0063B4C0  00 00 00 00 FF FE 4A 39 E8 0D 6F 15 1E 24 52 70  ....ÿþJ9è.o..$Rp
  0063B4D0  DD A6 53 11 EA B7 63 4F 69 57 7D 0F 51 E3 06 02  ݦS.ê·cOiW}.Qã..
  0063B4E0  71 1A 07 05 9F BC A7 BA 92 F5 E3 4D 6F 72 16 F0  q...Ÿ¼§º’õãMor.ð
  0063B4F0  D8 28 A3 7D 41 3E F7 3F 00 00 00 00 00 00 00 00  Ø(£}A>÷?........
  0063B500  FF FF FF FE 00 00 00 00 00 00 00 00 00 00 00 00  ÿÿÿþ............
  0063B510  00 00 00 00 FF FF FF FE 00 00 00 00 00 00 00 03  ....ÿÿÿþ........
  0063B520  59 74 12 3C CB E7 FD 63 E2 C3 1C C4 65 CD E0 33  Yt.<ËçýcâÃ.ÄeÍà3
  0063B530  44 61 F0 F4 00 00 00 00 00 00 00 01 00 00 4A 51  Daðô..........JQ
  0063B540  C3 AD C1 9C 6B B0 DE D8 ED 71 3B DA 9B 78 02 70  íÁœk°ÞØíq;Ú›x.p
  0063B550  20 9B 1D BC 84 3F 5E 09 2A 50 21 D3 A6 A7 AA 81   ›.¼„?^.*P!Ó¦§ª.
  0063B560  4E 24 FF ED 9F BD AA DB 24 3C 86 2A 53 A0 B5 20  N$ÿ퟽ªÛ$<†*S µ 

Raw key list[edit source]

Some insight in how the AES routines and SHA1 hashes relate to offsets in appldr:

Primary Table[edit source]

(C/P is from PS3 FW 3.56 Fix)

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
      
  00019DC0  95 F5 00 19 E7 A6 8E 34 1F A7 2E FD F4 D6 0E D3  •õ..禎4.§.ýôÖ.Ó   ERK           1.00++  //  0.80 - 0.92 (rev 0x00) 
  00019DD0  76 E2 5C F4 6B B4 8D FD D1 F0 80 25 9D C9 3F 04  vâ\ôk´.ýÑð€%.É?.   ERK
  00019DE0  4A 09 55 D9 46 DB 70 D6 91 A6 40 BB 7F AE CC 4C  J.UÙFÛpÖ‘¦@».®ÌL   RIV
  00019DF0  6F 8D F8 EB D0 A1 D1 DB 08 B3 0D D3 A9 51 E3 F1  o.øëСÑÛ.³.Ó©Qãñ   PUB
  00019E00  F2 7E 34 03 0B 42 C7 29 C5 55 55 23 2D 61 B8 34  ò~4..BÇ)ÅUU#-a¸4   PUB
  00019E10  B8 BD FF B0 7E 54 B3 43 00 00 00 21 00 00 00 00  ¸½ÿ°~T³C...!....   PUB - Curve
  
  00019E20  79 48 18 39 C4 06 A6 32 BD B4 AC 09 3D 73 D9 9A  yH.9Ä.¦2½´¬.=sÙš   ERK           1.00++  //  0.92 - 3.31 (rev 0x01)
  00019E30  E1 58 7F 24 CE 7E 69 19 2C 1C D0 01 02 74 A8 AB  áX.$Î~i.,.Ð..t¨«   ERK
  00019E40  6F 0F 25 E1 C8 C4 B7 AE 70 DF 96 8B 04 52 1D DA  o.%áÈÄ·®pß–‹.R.Ú   RIV
  00019E50  94 D1 B7 37 8B AF F5 DF ED 26 92 40 A7 A3 64 ED  ”Ñ·7‹¯õßí&’@§£dí   PUB
  00019E60  68 44 67 41 62 2E 50 BC 60 79 B6 E6 06 A2 F8 E0  hDgAb.P¼`y¶æ.¢øà   PUB
  00019E70  A4 C5 6E 5C FF 83 65 26 00 00 00 11 00 00 00 00  ¤Ån\ÿƒe&........   PUB - Curve
  
  00019E80  4F 89 BE 98 DD D4 3C AD 34 3F 5B A6 B1 A1 33 B0  O‰¾˜ÝÔ<­4?[¦±¡3°    ERK           1.00++  //  0.92 - 3.31 (rev 0x02)
  00019E90  A9 71 56 6F 77 04 84 AA C2 0B 5D D1 DC 9F A0 6A  ©qVow.„ªÂ.]ÑÜŸ j   ERK
  00019EA0  90 C1 27 A9 B4 3B A9 D8 E8 9F E6 52 9E 25 20 6F  .Á'©´;©ØèŸæRž% o   RIV
  00019EB0  8C A6 90 5F 46 14 8D 7D 8D 84 D2 AF CE AE 61 B4  Œ¦._F..}.„үήa´   PUB
  00019EC0  1E 67 50 FC 22 EA 43 5D FA 61 FC E6 F4 F8 60 EE  .gPü"êC]úaüæôø`î   PUB
  00019ED0  4F 54 D9 19 6C A5 29 0E 00 00 00 13 00 00 00 00  OTÙ.l¥).........   PUB - Curve
  
  00019EE0  C1 E6 A3 51 FC ED 6A 06 36 BF CB 68 01 A0 94 2D  Áæ£Qüíj.6¿Ëh. ”-   ERK           2.40++  //  2.40 - 3.31 (rev 0x03)
  00019EF0  B7 C2 8B DF C5 E0 A0 53 A3 F5 2F 52 FC E9 75 4E  ·Â‹ßÅà S£õ/RüéuN   ERK
  00019F00  E0 90 81 63 F4 57 57 64 40 46 6A CA A4 43 AE 7C  à..côWWd@FjʤC®|   RIV
  00019F10  50 02 2D 5D 37 C9 79 05 F8 98 E7 8E 7A A1 4A 0B  P.-]7Éy.ø˜çŽz¡J.   PUB
  00019F20  5C AA D5 CE 81 90 AE 56 29 A1 0D 6F 0C F4 17 35  \ªÕÎ..®V)¡.o.ô.5   PUB
  00019F30  97 B3 7A 95 A7 54 5C 92 00 00 00 0B 00 00 00 00  —³z•§T\’........   PUB - Curve
  
  00019F40  83 8F 58 60 CF 97 CD AD 75 B3 99 CA 44 F4 C2 14  ƒ.X`Ï—Í­u³™ÊDôÂ.    ERK           3.40++  //  3.40 - 3.42 (rev 0x04)
  00019F50  CD F9 51 AC 79 52 98 D7 1D F3 C3 B7 E9 3A AE DA  ÍùQ¬yR˜×.ó÷é:®Ú   ERK
  00019F60  7F DB B2 E9 24 D1 82 BB 0D 69 84 4A DC 4E CA 5B  .Û²é$Ñ‚».i„JÜNÊ[   RIV
  00019F70  1F 14 0E 8E F8 87 DA B5 2F 07 9A 06 E6 91 5A 64  ...Žø‡Úµ/.š.æ‘Zd   PUB
  00019F80  60 B7 5C D2 56 83 4A 43 FA 7A F9 0C 23 06 7A F4  `·\ÒVƒJCúzù.#.zô   PUB
  00019F90  12 ED AF E2 C1 77 8D 69 00 00 00 14 00 00 00 00  .í¯âÁw.i........   PUB - Curve
  
  00019FA0  C1 09 AB 56 59 3D E5 BE 8B A1 90 57 8E 7D 81 09  Á.«VY=律¡.WŽ}..   ERK           3.40++  //  3.40 - 3.42 (rev 0x05)
  00019FB0  34 6E 86 A1 10 88 B4 2C 72 7E 2B 79 3F D6 4B DC  4n†¡.ˆ´,r~+y?ÖKÜ   ERK
  00019FC0  15 D3 F1 91 29 5C 94 B0 9B 71 EB DE 08 8A 18 7A  .Óñ‘)\”°›qëÞ.Š.z   RIV
  00019FD0  B6 BB 0A 84 C6 49 A9 0D 97 EB A5 5B 55 53 66 F5  ¶».„ÆI©.—ë¥[USfõ   PUB
  00019FE0  23 81 BB 38 A8 4C 8B B7 1D A5 A5 A0 94 90 43 C6  #.»8¨L‹·.¥¥ ”.CÆ   PUB
  00019FF0  DB 24 90 29 A4 31 56 F7 00 00 00 15 00 00 00 00  Û$.)¤1V÷........   PUB - Curve
  
  0001A000  6D FD 7A FB 47 0D 2B 2C 95 5A B2 22 64 B1 FF 3C  mýzûG.+,•Z²"d±ÿ<   ERK           3.40++  //  3.40 - 3.42 (rev 0x06)
  0001A010  67 F1 80 98 3B 26 C0 16 15 DE 9F 2E CC BE 7F 41  gñ€˜;&À..ÞŸ.̾.A   ERK
  0001A020  24 BD 1C 19 D2 A8 28 6B 8A CE 39 E4 A3 78 01 C2  $½..Ò¨(kŠÎ9ä£x.   RIV
  0001A030  71 F4 6A C3 3F F8 9D F5 89 A1 00 A7 FB 64 CE AC  qôjÃ?ø.õ‰¡.§ûdά   PUB
  0001A040  24 4C 9A 0C BB C1 FD CE 80 FB 4B F8 A0 D2 E6 62  $Lš.»Áý΀ûKø Òæb   PUB
  0001A050  93 30 9C B8 EE 8C FA 95 00 00 00 2C 00 00 00 00  “0œ¸îŒú•...,....   PUB - Curve
  
  0001A060  94 5B 99 C0 E6 9C AF 05 58 C5 88 B9 5F F4 1B 23  ”[™À术.Xň¹_ô.#   ERK           3.50++  //  3.50 (rev 0x07)
  0001A070  26 60 EC B0 17 74 1F 32 18 C1 2F 9D FD EE DE 55  &`ì°.t.2.Á/.ýîÞU   ERK
  0001A080  1D 5E FB E7 C5 D3 4A D6 0F 9F BC 46 A5 97 7F CE  .^ûçÅÓJÖ.Ÿ¼F¥—.Î   RIV
  0001A090  AB 28 4C A5 49 B2 DE 9A A5 C9 03 B7 56 52 F7 8D  «(L¥I²Þš¥É.·VR÷.   PUB
  0001A0A0  19 2F 8F 4A 8F 3C D9 92 09 41 5C 0A 84 C5 C9 FD  ./.J.<Ù’.A\.„ÅÉý   PUB
  0001A0B0  6B F3 09 5C 1C 18 FF CD 00 00 00 15 00 00 00 00  kó.\..ÿÍ........   PUB - Curve
  
  0001A0C0  2C 9E 89 69 EC 44 DF B6 A8 77 1D C7 F7 FD FB CC  ,ž‰iìD߶¨w.Ç÷ýûÌ   ERK           3.50++  //  3.50 (rev 0x08)
  0001A0D0  AF 32 9E C3 EC 07 09 00 CA BB 23 74 2A 9A 6E 13  ¯2žÃì...Ê»#t*šn.   ERK
  0001A0E0  5A 4C EF D5 A9 C3 C0 93 D0 B9 35 23 76 D1 94 05  ZLïÕ©ÃÀ“й5#vÑ”.   RIV
  0001A0F0  6E 82 F6 B5 4A 0E 9D EB E4 A8 B3 04 3E E3 B2 4C  n‚öµJ..ë䨳.>ã²L   PUB
  0001A100  D9 BB B6 2B 44 16 B0 48 25 82 E4 19 A2 55 2E 29  Ù»¶+D.°H%‚ä.¢U.)   PUB
  0001A110  AB 4B EA 0A 4D 7F A2 D5 00 00 00 16 00 00 00 00  «Kê.M.¢Õ........   PUB - Curve
  
  0001A120  F6 9E 4A 29 34 F1 14 D8 9F 38 6C E7 66 38 83 66  öžJ)4ñ.ØŸ8lçf8ƒf   ERK           3.50++  //  3.50 (rev 0x09)
  0001A130  CD D2 10 F1 D8 91 3E 3B 97 32 57 F1 20 1D 63 2B  ÍÒ.ñØ‘>;—2Wñ .c+   ERK
  0001A140  F4 D5 35 06 93 01 EE 88 8C C2 A8 52 DB 65 44 61  ôÕ5.“.¨RÛeDa   RIV
  0001A150  1D 7B 97 4D 10 E6 1C 2E D0 87 A0 98 15 35 90 46  .{—M.æ..Ї ˜.5.F   PUB
  0001A160  77 EC 07 E9 62 60 F8 95 65 FF 7E BD A4 EE 03 5C  wì.éb`ø•eÿ~½¤î.\   PUB
  0001A170  2A A9 BC BD D5 89 3F 99 00 00 00 2D 00 00 00 00  *©¼½Õ‰?™...-....   PUB - Curve
  
  0001A180  29 80 53 02 E7 C9 2F 20 40 09 16 1C A9 3F 77 6A  )€S.çÉ/ @...©?wj   ERK           3.55++  //  3.55 (rev 0x0a)
  0001A190  07 21 41 A8 C4 6A 10 8E 57 1C 46 D4 73 A1 76 A3  .!A¨Äj.ŽW.FÔs¡v£   ERK
  0001A1A0  5D 1F AB 84 41 07 67 6A BC DF C2 5E AE BC B6 33  ].«„A.gj¼ßÂ^®¼¶3   RIV
  0001A1B0  09 30 1B 64 36 C8 5B 53 CB 15 85 30 0A 3F 1A F9  .0.d6È[SË.…0.?.ù   PUB
  0001A1C0  FB 14 DB 7C 30 08 8C 46 42 AD 66 D5 C1 48 B8 99  û.Û|0.ŒFB­fÕÁH¸™    PUB
  0001A1D0  5B B1 A6 98 A8 C7 18 27 00 00 00 25 00 00 00 00  [±¦˜¨Ç.'...%....   PUB - Curve
  
  0001A1E0  A4 C9 74 02 CC 8A 71 BC 77 48 66 1F E9 CE 7D F4  ¤Ét.ÌŠq¼wHf.éÎ}ô   ERK           3.55++  //  3.55 (rev 0x0b)
  0001A1F0  4D CE 95 D0 D5 89 38 A5 9F 47 B9 E9 DB A7 BF C3  MΕÐÕ‰8¥ŸG¹éÛ§¿Ã   ERK
  0001A200  E4 79 2F 2B 9D B3 0C B8 D1 59 60 77 A1 3F B3 B5  äy/+.³.¸ÑY`w¡?³µ   RIV
  0001A210  27 33 C8 89 D2 89 55 0F E0 0E AA 5A 47 A3 4C EF  '3ȉ҉U.à.ªZG£Lï   PUB
  0001A220  0C 1A F1 87 61 0E B0 7B A3 5D 2C 09 BB 73 C8 0B  ..ñ‡a.°{£],.»sÈ.   PUB
  0001A230  24 4E B4 14 77 00 D1 BF 00 00 00 26 00 00 00 00  $N´.w.Ñ¿...&....   PUB - Curve
  
  0001A240  98 14 EF FF 67 B7 07 4D 1B 26 3B F8 5B DC 85 76  ˜.ïÿg·.M.&;ø[Ü…v   ERK           3.55++  //  3.55 (rev 0x0c)
  0001A250  CE 9D EC 91 41 23 97 1B 16 94 72 A1 BC 23 87 FA  Î.ì‘A#—..”r¡¼#‡ú   ERK
  0001A260  D4 3B 1F A8 BE 15 71 4B 30 78 C2 39 08 BB 2B CA  Ô;.¨¾.qK0xÂ9.»+Ê   RIV
  0001A270  7D 19 86 C6 BE E6 CE 1E 0C 58 93 BD 2D F2 03 88  }.†Æ¾æÎ..X“½-ò.ˆ   PUB
  0001A280  1F 40 D5 05 67 61 CC 3F 1F 2E 9D 9A 37 86 17 A2  .@Õ.gaÌ?...š7†.¢   PUB
  0001A290  DE 40 BA 5F 09 84 4C EB 00 00 00 3D 00 00 00 00  Þ@º_.„Lë...=....   PUB - Curve
  
  0001A2A0  03 B4 C4 21 E0 C0 DE 70 8C 0F 0B 71 C2 4E 3E E0  .´Ä!àÀÞpŒ..qÂN>à   ERK           3.56++  //  3.56 (rev 0x0d)
  0001A2B0  43 06 AE 73 83 D8 C5 62 13 94 CC B9 9F F7 A1 94  C.®sƒØÅb.”̹Ÿ÷¡”   ERK
  0001A2C0  5A DB 9E AF E8 97 B5 4C B1 06 0D 68 85 BE 22 CF  ZÛž¯è—µL±..h…¾"Ï   RIV
  0001A2D0  71 50 2A DB 57 83 58 3A B8 8B 2D 5F 23 F4 19 AF  qP*ÛWƒX:¸‹-_#ô.¯   PUB
  0001A2E0  01 C8 B1 E7 2F CA 1E 69 4A D4 9F E3 26 6F 1F 9C  .ȱç/Ê.iJÔŸã&o.œ   PUB
  0001A2F0  61 EF C6 F2 9B 35 11 42 00 00 00 12 00 00 00 00  aïÆò›5.B........   PUB - Curve
  
  0001A300  39 A8 70 17 3C 22 6E B8 A3 EE E9 CA 6F B6 75 E8  9¨p.<"n¸£îéÊo¶uè   ERK           3.56++  //  3.56 (rev 0x0e)
  0001A310  20 39 B2 D0 CC B2 26 53 BF CE 4D B0 13 BA EA 03   9²Ð̲&S¿ÎM°.ºê.   ERK
  0001A320  90 26 6C 98 CB AA 06 C1 BF 14 5F F7 60 EA 1B 45  .&l˜Ëª.Á¿._÷`ê.E   RIV
  0001A330  84 DE 56 92 80 98 48 E5 AC BE 25 BE 54 8F 69 81  „ÞV’€˜H嬾%¾T.i.   PUB
  0001A340  E3 DB 14 73 5A 5D DE 1A 0F D1 F4 75 86 65 32 B8  ãÛ.sZ]Þ..Ñôu†e2¸   PUB
  0001A350  62 B1 AB 6A 00 4B 72 55 00 00 00 27 00 00 00 00  b±«j.KrU...'....   PUB - Curve
  
  0001A360  FD 52 DF A7 C6 EE F5 67 96 28 D1 2E 26 7A A8 63  ýRߧÆîõg–(Ñ.&z¨c   ERK           3.56++  //  3.56 (rev 0x0f)
  0001A370  B9 36 5E 6D B9 54 70 94 9C FD 23 5B 3F CA 0F 3B  ¹6^m¹Tp”œý#[?Ê.;   ERK
  0001A380  64 F5 02 96 CF 8C F4 9C D7 C6 43 57 28 87 DA 0B  dõ.–ÏŒôœ×ÆCW(‡Ú.   RIV
  0001A390  06 96 D6 CC BD 7C F5 85 EF 5E 00 D5 47 50 3C 18  .–Ö̽|õ…ï^.ÕGP<.   PUB
  0001A3A0  5D 74 21 58 1B AD 19 6E 08 17 23 CD 0A 97 FA 40  ]t!X.­.n..#Í.—ú@    PUB
  0001A3B0  B2 C0 CD 24 92 B0 B5 A1 00 00 00 3A 00 00 00 00  ²ÀÍ$’°µ¡...:....   PUB - Curve

Secondary Tables[edit source]

1.00[edit source]

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  00014FA0  D9 11 66 97 39 79 EA 86 94 47 6B 01 1A C6 2C 7E  Ù.f—9yꆔGk..Æ,~   ERK           1.00++ <3.40 (seen in >1.00 <=3.30) aka "unknown3"
  00014FB0  9F 37 DA 26 DE 1E 5C 2E E3 D6 6E 42 B8 51 70 85  Ÿ7Ú&Þ.\.ãÖnB¸Qp…   ERK
  00014FC0  DC 01 28 0A 6E 46 BC 67 4B 81 A7 E8 80 1E BE 6E  Ü.(.nF¼gK.§è€.¾n   RIV
  00014FD0  A0 FC 44 10 82 36 14 1B F3 51 7A 66 2B 02 7A FC   üD.‚6..óQzf+.zü   PUB
  00014FE0  1A C5 13 A0 56 90 49 6C 75 4D EB 7D 43 BD C4 1B  .Å. V.IluMë}C½Ä.   PUB
  00014FF0  80 FD 75 C2 12 62 4E E4 00 00 00 11 00 00 00 00  €ýuÂ.bNä........   PUB - Curve
  
  00015000  8E 73 72 30 C8 0E 66 AD 01 62 ED DD 32 F1 F7 74  Žsr0È.f­.bíÝ2ñ÷t    ERK           1.00++ (seen in >1.00 <=3.56) aka "27"
  00015010  EE 5E 4E 18 74 49 F1 90 79 43 7A 50 8F CF 9C 86  î^N.tIñ.yCzP.Ïœ†   ERK
  00015020  7A AE CC 60 AD 12 AE D9 0C 34 8D 8C 11 D2 BE D5  z®Ì`­.®Ù.4.Œ.Ò¾Õ    RIV
  00015030  05 BF 09 CB 6F D7 80 50 C7 8D E6 9C C3 16 FF 27  .¿.Ëo×€PÇ.æœÃ.ÿ'   PUB
  00015040  C9 F1 ED 66 A4 5B FC E0 A1 E5 A6 74 9B 19 BD 54  Éñíf¤[üà¡å¦t›.½T   PUB
  00015050  6B BB 46 02 CF 37 34 40 00 00 00 0A 00 00 00 00  k»F.Ï74@........   PUB - Curve
  
  00015060  F9 ED D0 30 1F 77 0F AB BA 88 63 D9 89 7F 0F EA  ùíÐ0.w.«ºˆcÙ‰..ê   ERK           1.00++ (seen in >1.00 <=3.56) aka "unknown4"
  00015070  65 51 B0 94 31 F6 13 12 65 4E 28 F4 35 33 EA 6B  eQ°”1ö..eN(ô53êk   ERK
  00015080  A5 51 CC B4 A4 2C 37 A7 34 A2 B4 F9 65 7D 55 40  ¥QÌ´¤,7§4¢´ùe}U@   RIV
  00015090  B0 5F 9D A5 F9 12 1E E4 03 14 67 E7 4C 50 5C 29  °_.¥ù..ä..gçLP\)   PUB
  000150A0  A8 E2 9D 10 22 37 9E DF F0 50 0B 9A E4 80 B5 DA  ¨â.."7žßðP.šä€µÚ   PUB
  000150B0  B4 57 8A 4C 61 C5 D6 BF 00 00 00 11 00 00 00 00  ´WŠLaÅÖ¿........   PUB - Curve

2.40[edit source]

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  00018EA0  1B 71 5B 0C 3E 8D C4 C1 A5 77 2E BA 9C 5D 34 F7  .q[.>.ÄÁ¥w.ºœ]4÷   ERK           unknown   2.40++ (seen in >2.40 <=3.56) aka "29"
  00018EB0  CC FE 5B 82 02 5D 45 3F 31 67 56 64 97 23 96 64  Ìþ[‚.]E?1gVd—#–d   ERK
  00018EC0  E3 1E 20 6F BB 8A EA 27 FA B0 D9 A2 FF B6 B6 2F  ã. o»Šê'ú°Ù¢ÿ¶¶/   RIV
  00018ED0  3F 51 E5 9F C7 4D 66 18 D3 44 31 FA 67 98 7F A1  ?QåŸÇMf.ÓD1úg˜.¡   PUB
  00018EE0  1A BB FA CC 71 11 81 14 73 CD 99 88 FE 91 C4 3F  .»úÌq...sÍ™ˆþ‘Ä?   PUB
  00018EF0  C7 46 05 E7 B8 CB 73 2D 00 00 00 08 00 00 00 00  ÇF.ç¸Ës-........   PUB - Curve

3.40[edit source]

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  000191F0  B7 31 11 B0 B0 01 17 E4 8D E5 E2 EE 5E 53 4C 0F  ·1.°°..ä.åâî^SL.   ERK           unknown   3.40++ (seen in >3.40 <=3.42)
  00019200  0E FF A4 89 0B BB 8C AD 01 EE 0F 84 8F 91 58 3E  .ÿ¤‰.»Œ­.î.„.‘X>    ERK
  00019210  86 F5 6F 9E 5D E5 13 89 48 74 B8 BA 25 33 34 B1  †õož]å.‰Ht¸º%34±   RIV
  00019220  B0 BA 1A 1A B9 72 3B B4 E8 7C ED 96 37 BE 05 60  °º..¹r;´è|í–7¾.`   PUB
  00019230  66 BC 56 E1 65 72 D4 3D 02 10 A0 64 11 DB F8 FE  f¼VáerÔ=.. d.Ûøþ   PUB
  00019240  B8 88 5C D9 12 38 4A E5 00 00 00 12 00 00 00 00  ¸ˆ\Ù.8Jå........   PUB - Curve
  
  000193D0  BB 4D BF 66 B7 44 A3 39 34 17 2D 9F 83 79 A7 A5  »M¿f·D£94.-Ÿƒy§¥   ERK           unknown   3.40++ (seen in >3.40 <=3.56) aka "30"
  000193E0  EA 74 CB 0F 55 9B B9 5D 0E 7A EC E9 17 02 B7 06  êtË.U›¹].zìé..·.   ERK
  000193F0  AD F7 B2 07 A1 5A C6 01 11 0E 61 DD FC 21 0A F6  ­÷².¡ZÆ...aÝü!.ö    RIV
  00019400  9C 32 74 71 BA FF 1F 87 7A E4 FE 29 F4 50 1A F5  œ2tqºÿ.‡zäþ)ôP.õ   PUB
  00019410  AD 6A 2C 45 9F 86 22 69 7F 58 3E FC A2 CA 30 AB  ­j,EŸ†"i.X>ü¢Ê0«    PUB
  00019420  B5 CD 45 D1 13 1C AB 30 00 00 00 16 00 00 00 00  µÍEÑ..«0........   PUB - Curve
  
  00019490  8B 4C 52 84 97 65 D2 B5 FA 3D 56 28 AF B1 76 44  ‹LR„—eÒµú=V(¯±vD   ERK           unknown   3.40++ (seen in >3.40 <=3.56) aka "31"
  000194A0  D5 2B 9F FE E2 35 B4 C0 DB 72 A6 28 67 EA A0 20  Õ+Ÿþâ5´ÀÛr¦(gê     ERK
  000194B0  05 71 9D F1 B1 D0 30 6C 03 91 0A DD CE 4A F8 87  .q.ñ±Ð0l.‘.ÝÎJø‡   RIV
  000194C0  2A 5D 6C 69 08 CA 98 FC 47 40 D8 34 C6 40 0E 6D  *]li.ʘüG@Ø4Æ@.m   PUB
  000194D0  6A D7 4C F0 A7 12 CF 1E 7D AE 80 6E 98 60 5C C3  j×Lð§.Ï.}®€n˜`\à   PUB
  000194E0  08 F6 A0 36 58 F2 97 0E 00 00 00 29 00 00 00 00  .ö 6Xò—....)....   PUB - Curve

3.50[edit source]

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  000193C0  8E 94 42 67 C0 2E 69 A4 FE 47 4B 7F 5F CD 79 74  Ž”BgÀ.i¤þGK._Íyt   ERK           unknown   3.50 (seen only in 3.50)
  000193D0  A4 F9 36 FF 43 55 AE C4 F8 0E FA 12 38 58 D8 F6  ¤ù6ÿCU®Äø.ú.8XØö   ERK
  000193E0  90 8A 75 75 4E 52 1E AC 2F 5A 48 89 C6 D7 B7 2D  .ŠuuNR.¬/ZH‰Æ×·-   RIV
  000193F0  91 20 1D A7 D7 9E 8E E2 56 31 42 EC BD 64 6D A0  ‘ .§×žŽâV1Bì½dm    PUB
  00019400  26 C9 63 AC 09 E7 60 E5 39 0F FE 24 DA E6 86 43  &Éc¬.ç`å9.þ$Úæ†C   PUB
  00019410  10 AB E1 47 F8 20 4D 0B 00 00 00 13 00 00 00 00  .«áGø M.........   PUB - Curve
  
  000196C0  39 46 DF AA 14 17 18 C7 BE 33 9A 0D 6C 26 30 1C  9Fߪ...Ǿ3š.l&0.   ERK           unknown   3.50++ (seen in >3.50 <=3.56) aka "32"
  000196D0  76 B5 68 AE BC 5C D5 26 52 F2 E2 E0 29 74 37 C3  vµh®¼\Õ&Ròâà)t7Ã   ERK
  000196E0  E4 89 7B E5 53 AE 02 5C DC BF 2B 15 D1 C9 23 4E  ä‰{åS®.\Ü¿+.ÑÉ#N   RIV
  000196F0  A1 3A FE 8B 63 F8 97 DA 2D 3D C3 98 7B 39 38 9D  ¡:þ‹cø—Ú-=Ø{98.   PUB
  00019700  C1 0B AD 99 DF B7 03 83 8C 4A 0B C4 E8 BB 44 65  Á.­™ß·.ƒŒJ.Äè»De    PUB
  00019710  9C 72 6C FD 0C E6 0D 0E 00 00 00 17 00 00 00 00  œrlý.æ..........   PUB - Curve
  
  00019780  07 86 F4 B0 CA 59 37 F5 15 BD CE 18 8F 56 9B 2E  .†ô°ÊY7õ.½Î..V›.   ERK           unknown   3.50++ (seen in >3.50 <=3.56) aka "33"+"36"
  00019790  F3 10 9A 4D A0 78 0A 7A A0 7B D8 9C 33 50 81 0A  ó.šM x.z {Øœ3P..   ERK
  000197A0  04 AD 3C 2F 12 2A 3B 35 E8 04 85 0C AD 14 2C 6D  .­</.*;5è.….­.,m     RIV
  000197B0  A1 FE 61 03 5D BB EA 5A 94 D1 20 D0 3C 00 0D 3B  ¡þa.]»êZ”Ñ Ð<..;   PUB
  000197C0  2F 08 4B 9F 4A FA 99 A2 D4 A5 88 DF 92 B8 F3 63  /.KŸJú™¢Ô¥ˆß’¸óc   PUB
  000197D0  27 CE 9E 47 88 9A 45 D0 00 00 00 2A 00 00 00 00  'ΞGˆšEÐ...*....   PUB - Curve

3.55[edit source]

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  0001A1E0  BB 31 DF 9A 6F 62 C0 DF 85 30 75 FA A6 51 34 D9  »1ßšobÀß…0uú¦Q4Ù   ERK           unknown   3.55 (seen only in 3.55) aka "26"
  0001A1F0  CE 22 40 30 6C 17 31 D1 F7 DA 9B 53 29 BD 69 9F  Î"@0l.1Ñ÷Ú›S)½iŸ   ERK
  0001A200  26 30 57 22 58 73 F8 39 40 A6 5C 8C 92 6A C3 E4  &0W"Xsø9@¦\Œ’jÃä   RIV
  0001A210  BC 3A 82 A4 F4 4C 43 A1 97 07 0C D2 36 FD C9 4F  ¼:‚¤ôLC¡—..Ò6ýÉO   PUB
  0001A220  CC 54 2D 69 A3 E8 03 E0 AF F7 8D 1F 3D A1 9A 79  ÌT-i£è.à¯÷..=¡šy   PUB
  0001A230  D2 F6 1F AB 5B 94 B4 37 00 00 00 23 00 00 00 00  Òö.«[”´7...#....   PUB - Curve
  
  0001A600  03 C2 1A D7 8F BB 6A 3D 42 5E 9A AB 12 98 F9 FD  .Â.×.»j=B^š«.˜ùý   ERK           unknown   3.55++ (seen in >3.55 <=3.56) aka "34"+"37"
  0001A610  70 E2 9F D4 E6 E3 A3 C1 51 20 5D A5 0C 41 3D E4  pâŸÔæã£ÁQ ]¥.A=ä   ERK
  0001A620  0A 99 D4 D4 F8 30 1A 88 05 2D 71 4A D2 FB 56 5E  .™ÔÔø0.ˆ.-qJÒûV^   RIV
  0001A630  39 95 C3 90 C9 F7 FB BA B1 24 A1 C1 4E 70 F9 74  9•Ã.É÷ûº±$¡ÁNpùt   PUB
  0001A640  1A 5E 6B DF 17 A6 05 D8 82 39 65 2C 8E A7 D5 FC  .^kß.¦.Ø‚9e,Ž§Õü   PUB
  0001A650  9F 24 B3 05 46 C1 E4 4B 00 00 00 27 00 00 00 00  Ÿ$³.FÁäK...'....   PUB - Curve
  
  0001A6C0  35 7E BB EA 26 5F AE C2 71 18 2D 57 1C 6C D2 F6  5~»ê&_®Âq.-W.lÒö   ERK           unknown   3.55++ (seen in >3.55 <=3.56) aka "35"
  0001A6D0  2C FA 04 D3 25 58 8F 21 3D B6 B2 E0 ED 16 6D 92  ,ú.Ó%X.!=¶²àí.m’   ERK
  0001A6E0  D2 6E 6D D2 B7 4C D7 8E 86 6E 74 2E 55 71 B8 4F  ÒnmÒ·L׎†nt.Uq¸O   RIV
  0001A6F0  00 DC F5 39 16 18 60 4A B4 2C 8C FF 3D C3 04 DF  .Üõ9..`J´,Œÿ=Ã.ß   PUB
  0001A700  45 34 1E BA 45 51 29 3E 9E 2B 68 FF E2 DF 52 7F  E4.ºEQ)>ž+hÿâßR.   PUB
  0001A710  FA 3B E8 32 9E 01 5E 57 00 00 00 3A 00 00 00 00  ú;è2ž.^W...:....   PUB - Curve

3.56[edit source]

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  00020010  71 AA 75 C7 0A 25 55 80 E4 AE 9B DA A0 B0 88 28  qªuÇ.%U€ä®›Ú °ˆ(   ERK           unknown   3.56++
  00020020  C5 3E AA 71 3C D0 71 37 97 F1 43 B2 84 C1 58 9B  Å>ªq<Ðq7—ñC²„ÁX›   ERK
  00020030  9D ED 87 8C B6 BA 07 12 1C 0F 50 E7 B1 72 A8 BF  .퇌¶º....Pç±r¨¿   RIV
  00020040  38 7F CD AE AF F1 B5 9C FA F7 9C E6 21 5A 06 5A  8.Í®¯ñµœú÷œæ!Z.Z   PUB
  00020050  CE AF FA F4 04 8A 4F 21 7E 1F F5 CE 67 C6 6E C3  ίúô.ŠO!~.õÎgÆnà   PUB
  00020060  F0 89 DB 23 5E 52 F9 D3 00 00 00 29 00 00 00 00  ð‰Û#^RùÓ...)....   PUB - Curve
  
  00020550  33 7A 51 41 61 05 B5 6E 40 D7 CA F1 B9 54 CD AF  3zQAa.µn@×Êñ¹Tͯ   ERK           unknown   3.56++
  00020560  4E 76 45 F2 83 79 90 4F 35 F2 7E 81 CA 7B 69 57  NvEòƒy.O5ò~.Ê{iW   ERK
  00020570  84 05 C8 8E 04 22 80 DB D7 94 EC 7E 22 B7 40 02  „.ÈŽ."€Û×”ì~"·@.   RIV
  00020580  9B FF 1C C7 11 8D 23 93 DE 50 D5 CF 44 90 98 60  ›ÿ.Ç..#“ÞPÕÏD.˜`   PUB
  00020590  68 34 11 A5 32 76 7B FD AC 78 62 2D B9 E5 45 67  h4.¥2v{ý¬xb-¹åEg   PUB
  000205A0  53 FE 42 2C BA FA 1D A1 00 00 00 18 00 00 00 00  SþB,ºú.¡........   PUB - Curve
  
  00020610  13 5C 09 8C BE 6A 3E 03 7E BE 9F 2B B9 B3 02 18  .\.Œ¾j>.~¾Ÿ+¹³..   ERK           unknown   3.56++
  00020620  DD E8 D6 82 17 34 6F 9A D3 32 03 35 2F BB 32 91  ÝèÖ‚.4ošÓ2.5/»2‘   ERK
  00020630  40 70 C8 98 C2 EA AD 16 34 A2 88 AA 54 7A 35 A8  @pȘÂê­.4¢ˆªTz5¨    RIV
  00020640  BB D7 CC CB 55 6C 2E F0 F9 08 DC 78 10 FA FC 37  »×ÌËUl.ðù.Üx.úü7   PUB
  00020650  F2 E5 6B 3D AA 5F 7F AF 53 A4 94 4A A9 B8 41 F7  òåk=ª_.¯S¤”J©¸A÷   PUB
  00020660  6A B0 91 E1 6B 23 14 33 00 00 00 3B 00 00 00 00  j°‘ák#.3...;....   PUB - Curve

Other[edit source]

some pasties mention parts of these, for completeness listed too.

Revokelist[edit source]

Seen in: appldr, isoldr, lv2ldr, spu_pkg_rvk_verifier.self

1.00-3.55 RVK[edit source]

(seen in => 1.00 <= 3.55)

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  0001AC00  03 AF 06 FD 1C E6 DA 36 63 61 68 2C DF 59 F9 70  .¯.ý.æÚ6cah,ßYùp     ERK - rvklist 0.80-3.55
  0001AC10  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ‹]xvô.ž.šÂ²/Q¶.ß     ERK - rvklist 0.80-3.55
  0001AC20  8B 5D 78 76 F4 0A 9E 1E 9A C2 B2 2F 51 B6 0B DF  ‹]xvô.ž.šÂ²/Q¶.ß     RIV - rvklist 0.80-3.55
  0001AC30  9A DE 78 30 EB 74 24 5E C3 57 CE 4F 64 01 63 3E  šÞx0ët$^ÃWÎOd.c>     PUB - rvklist 0.80-3.55
  0001AC40  5A 80 48 FD 86 5F 9D 8F 1A 91 89 53 5A 37 62 3E  Z€Hý†_...‘‰SZ7b>     PUB - rvklist 0.80-3.55
  0001AC50  29 21 42 74 63 A7 54 F7 00 00 00 00 00 00 00 00  )!Btc§T÷........     PUB - rvklist 0.80-3.55
3.56 RVK[edit source]
  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  00020C70  22 62 8A 9E C4 C4 14 D5 B3 2F 2B 4B A4 92 60 89  "bŠžÄÄ.Õ³/+K¤’`‰     ERK - rvklist 3.56
  00020C80  DE 9A 46 1B 19 0F B3 E4 39 2D 05 7C 52 55 35 DE  ÞšF...³ä9-.|RU5Þ     ERK - rvklist 3.56
  00020C90  D5 D4 B8 ED 62 B6 CC A0 24 9A 79 77 6E 13 69 75  ÕÔ¸íb¶Ì $šywn.iu     RIV - rvklist 3.56
  00020CA0  51 75 1B 9F 1D A5 86 38 D2 D9 9F 67 E2 0A 1D 4A  Qu.Ÿ.¥†8ÒÙŸgâ..J     PUB - rvklist 3.56
  00020CB0  45 4C 5B 04 2C D1 D0 A4 49 A2 98 98 08 00 2B A6  EL[.,ÑФI¢˜˜..+¦     PUB - rvklist 3.56
  00020CC0  8F B5 B7 F4 B5 B4 E6 3B 00 00 00 00 00 00 00 00  .µ·ôµ´æ;........     PUB - rvklist 3.56

1.00+[edit source]

(seen in => 1.00 <=3.56)

  Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
     
  00018F80  63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76  c|w{òkoÅ0.g+þ׫v
  00018F90  CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0  Ê‚É}úYGð­Ô¢¯œ¤rÀ
  00018FA0  B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15  ·ý“&6?÷Ì4¥åñqØ1.
  00018FB0  04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75  .Ç#Ã.–.š..€âë'²u
  00018FC0  09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84  .ƒ,..nZ R;Ö³)ã/„
  00018FD0  53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF  SÑ.í ü±[j˾9JLXÏ
  00018FE0  D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8  ÐïªûCM3…Eù..P<Ÿ¨
  00018FF0  51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2  Q£@.’.8õ¼¶Ú!.ÿóÒ
  00019000  CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73  Í..ì_—D.ħ~=d].s
  00019010  60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB  `.OÜ"*.ˆFî¸.Þ^.Û
  00019020  E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79  à2:.I.$\ÂÓ¬b‘•äy
  00019030  E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08  çÈ7m.ÕN©lVôêez®.
  00019040  BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A  ºx%..¦´ÆèÝt.K½‹Š
  00019050  70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E  p>µfH.ö.a5W¹†Á.ž
  00019060  E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF  áø˜.iÙŽ”›.‡éÎU(ß
  00019070  8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16  Œ¡‰.¿æBhA™-.°T».

Params: 0C08000E090504040D010F000406020209060D03 KeygenV4: 6B1ACEA246B745FD8F93763B920594CD53483B82 Fallback key: D1C1E10B9C547E689B805DCD9710CE8D




Fake keys[edit source]

Module Version ERK RIV PUBLIC PRIVATE CURVE_TYPE
lv1ldr 3.61 2de5bcdef90f4f805cf8fd506badd0df535e1e409e00ba1ecff6187b37e7eb25 b72ac496a654e6d393b5317d843afde1 4ccbab30940925dbf7bbd2ae7b361602af05fde73971e8794dadeecd7f28eaf779881f0befbb40c0 7a94ac8304fa0062e3521fff9e505124e764ad0254 0x13

silk.sprx DES key: 8E3E1E46FFEE0309

Colors[edit source]

HMAC[edit source]

                                                                                                                                                         

ldr key (inside decrypted metldr/asecure_loader)[edit source]

erk: C0CEFE 84C227 F75BD0 7A7EB8 46509F 93B238 E770DA CB9FF4 A388F8 12482B E21B
riv: 47EE74 54E477 4CC9B8 960C7B 59F4C1 4D
pub: C2D4AA F31935 5019AF 99D44E 2B58CA 29252C 89123D 11D621 8F40B1 38CAB2 9B7101 F3AEB7 2A9750 19
R: 806E07 8FA152 9790CE 1AAE02 BADD6F AAA6AF 741700
n: E13A7E BC3ACC EB1CB5 6CC860 FCABDB 6A048C 55E100
K: BA9055 916861 B977ED CBED92 005092 F66C7A 3D8D00
Da: C5B2BF A1A413 DD16F2 6D31C0 F2ED47 20DCFB 067000
Priv: 00C5B2 BFA1A4 13DD16 F26D31 C0F2ED 4720DC FB0670
Curvetype: 0x20

erk[edit source]

                                                                            

riv[edit source]

                                         

pub[edit source]

                                                                                                 

R[edit source]

                                                

n[edit source]

                                                

K[edit source]

                                                

Da[edit source]

                                                

Priv[edit source]

                                                

Curve[edit source]

      

Non PS3 specific Keys[edit source]

Kirk (PSP)[edit source]

Not to be found in the PS3, but reference is here: http://wololo.net/talk/viewtopic.php?f=5&t=1381&p=20720#p20715

Unknown value in Syscon eeprom[edit source]

This value is used at least 3 times and it is (conveniently?) positioned at the start of SYSCON EEPROM, followed by another unknown block with the same size of EID1.

99 D9 66 2B B3 D7 61 54 6B 9C 3F 9E D1 40 ED B0

Scrambling and unscrambling obfuscated keys from loader (PS3 FW 3.60 - 3.61)[edit source]

from LV1LDR.ELF FW 3.61

  offset 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
  
  1A390  00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 < curve_type
  1A3A0  00 00 00 00 00 00 00 00 00 01 2E 08 00 01 2D C0
  1A3B0  00 01 8A 90 00 01 8A D0 00 00 00 00 00 00 00 00
  1A3C0  00 00 00 00 00 00 00 00 00 01 2D 90 00 01 2D 78
  1A3D0  00 01 66 28 00 01 66 28 00 00 00 00 00 00 00 00
  1A3E0  1C DA BE 30 83 38 23 F4 61 CA 53 41 04 11 5F FF < pub
  1A3F0  60 01 0B 71 06 31 E4 35 A7 D9 15 E8 2A E8 8E DE < pub
  1A400  66 72 64 65 6C B7 06 2E 00 00 00 00 00 00 00 00 < pub
  1A410  84 4F 80 F3 C5 7C 45 5C 7F 09 00 00 00 00 00 00 < root_scramble_key
  
  1D140  F9 2C 86 66 EF FB AC 7E B5 83 E5 4A 25 7F 7C 05 < sk1_key
  1D150  DD F6 A5 B1 43 C1 14 1F EE D0 1C DA 71 97 05 C3 < sk2_key
  1D160  F2 E7 0B C4 BA C1 0C 3D 8D DB B7 DC 23 05 3F 9A < sk1_iv
  1D170  01 8E 69 5C 3A 29 AF 6E 74 6A 73 CB F7 3D BD FD < sk2_iv
  1D180  FF FF FF FF 00 00 00 00 00 00 00 01 00 00 00 01
  1D190  FF FF FF FF 00 00 00 07 00 00 00 06 00 00 00 02
  1D1A0  00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00
  1D1B0  FF FF FF FF 00 00 00 30 00 00 00 20 00 00 00 20
  1D1C0  00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00
  1D1D0  00 00 00 00 FF FF FF F0 00 00 00 00 00 00 00 00
  1D1E0  62 7C B1 80 8A B9 38 E3 2C 8C 09 17 08 72 6A 57
  1D1F0  9E 25 86 E4 00 00 00 00 00 00 00 00 00 00 00 00
  
  1DE00  18 09 79 66 C3 DE 8A 0D 82 BF 95 6C B3 9F AF 78 < erk_obf
  1DE10  22 95 C6 CA 7F 1E 54 7A B3 0E DF D7 EE 5C B8 12 < erk_obf
  1DE20  9B 32 B2 0F A7 72 80 F1 09 5E A1 3F 1C 2D 5C 99 < riv_obf

Unscrambling script: key_unscrambler.py

   from CryptoPlus.Cipher import AES
   import hashlib, hmac
   
   def sha1_hmac(key, data):
    return hmac.new(key=key, msg=data, digestmod=hashlib.sha1).digest()
   
   def aes_decrypt_cbc(key, iv, data):
    crypto = AES.new(key, AES.MODE_CBC, iv)
    return crypto.decrypt(data)
    
   def unscramble(key, iv, data):
    key = sha1_hmac(root_scramble_key, key)
    return aes_decrypt_cbc(key[:16], iv, data)
   
   def unscramble_1(key):
    return unscramble(sk1_key, sk1_iv, key)
   
   def unscramble_2(key):
    return unscramble(sk2_key, sk2_iv, key)
   
   root_scramble_key = '844F80F3C57C455C7F09'.decode('hex')
   
   sk1_key = 'F92C8666EFFBAC7EB583E54A257F7C05'.decode('hex')
   sk1_iv = 'F2E70BC4BAC10C3D8DDBB7DC23053F9A'.decode('hex')
   
   sk2_key = 'DDF6A5B143C1141FEED01CDA719705C3'.decode('hex')
   sk2_iv = '018E695C3A29AF6E746A73CBF73DBDFD'.decode('hex')
   
   erk_obf = '18097966C3DE8A0D82BF956CB39FAF782295C6CA7F1E547AB30EDFD7EE5CB812'.decode('hex')
   riv_obf = '9B32B20FA77280F1095EA13F1C2D5C99'.decode('hex')
   
   erk_dec = unscramble_1(erk_obf)
   riv_dec = unscramble_2(riv_obf)
   
   print 'erk_dec:', erk_dec.encode('hex')
   print 'riv_dec:', riv_dec.encode('hex')

Scrambling script: key_scrambler.py

   from CryptoPlus.Cipher import AES
   import hashlib, hmac
   
   def sha1_hmac(key, data):
    return hmac.new(key=key, msg=data, digestmod=hashlib.sha1).digest()
   
   def aes_encrypt_cbc(key, iv, data):
    crypto = AES.new(key, AES.MODE_CBC, iv)
    return crypto.encrypt(data)
    
   def scramble(key, iv, data):
    key = sha1_hmac(root_scramble_key, key)
    return aes_encrypt_cbc(key[:16], iv, data)
   
   def scramble_1(key):
    return scramble(sk1_key, sk1_iv, key)
   
   def scramble_2(key):
    return scramble(sk2_key, sk2_iv, key)
   
   root_scramble_key = '844F80F3C57C455C7F09'.decode('hex')
   
   sk1_key = 'F92C8666EFFBAC7EB583E54A257F7C05'.decode('hex')
   sk1_iv = 'F2E70BC4BAC10C3D8DDBB7DC23053F9A'.decode('hex')
   
   sk2_key = 'DDF6A5B143C1141FEED01CDA719705C3'.decode('hex')
   sk2_iv = '018E695C3A29AF6E746A73CBF73DBDFD'.decode('hex')
   
   erk_dec = '5FF17D836E2C4AD69476E2614F64BDD05B9115389A9A6D055B5B544B1C34E3D5'.decode('hex')
   riv_dec = 'DF0F50EC3C4743C5B17839D7B49F24A4'.decode('hex')
   
   erk_obf = scramble_1(erk_dec)
   riv_obf = scramble_2(riv_dec)
   
   print 'erk_obf:', erk_obf.encode('hex')
   print 'riv_obf:', riv_obf.encode('hex')</code>

SPU Status Codes[edit source]

00 00 01 00 00 00 00 00  00 00 00 00 00 00 00 00 <- SUCCESS
00 00 01 01 00 00 00 00  00 00 00 00 00 00 00 00 <- ILLEGAL PARAMETER
00 00 01 03 00 00 00 00  00 00 00 00 00 00 00 00 <- INTERNAL ERROR
00 00 01 04 00 00 00 00  00 00 00 00 00 00 00 00 <- VERIFICATION FAILURE
00 00 01 0B 00 00 00 00  00 00 00 00 00 00 00 00 <- ??? (in sv_iso, when auth_mode = 0x46 && auth_drive_super() failed)

Private Key verifier (Anti-Troll)[edit source]

#!python2
 
import ecdsa, random, struct
from random import SystemRandom
 
 
randrange = SystemRandom().randrange
 
def s2i(s):
 result = 0L
 for c in s:
  result = 256 * result + ord(c)
 return result
 
def get_vsh_curves(file_path):
 curves = []
 curve_fmt = '>20s20s20s20s20s20s'
 with open(file_path, 'rb') as in_file:
  file_data = in_file.read()
  file_size = len(file_data)
  num_curves = int(file_size / struct.calcsize(curve_fmt))
  for i in xrange(num_curves):
   data = file_data[i * struct.calcsize(curve_fmt):(i + 1) * struct.calcsize(curve_fmt)]
   inv_data = ''.join([chr((~ord(x)) & 0xff) for x in data])
   p, a, b, n, gx, gy = struct.unpack(curve_fmt, inv_data)
   curves.append({
    'p': s2i(p),
    'a': s2i(a),
    'b': s2i(b),
    'n': s2i(n),
    'gx': s2i(gx),
    'gy': s2i(gy)
   })
 return curves
 
def get_loader_curves(file_path):
 curves = []
 curve_fmt = '>20s20s20s21s20s20s'
 with open(file_path, 'rb') as in_file:
  file_data = in_file.read()
  file_size = len(file_data)
  num_curves = int(file_size / struct.calcsize(curve_fmt))
  for i in xrange(num_curves):
   data = file_data[i * struct.calcsize(curve_fmt):(i + 1) * struct.calcsize(curve_fmt)]
   inv_data = ''.join([chr((~ord(x)) & 0xff) for x in data])
   p, a, b, n, gx, gy = struct.unpack(curve_fmt, inv_data)
   curves.append({
    'p': s2i(p),
    'a': s2i(a),
    'b': s2i(b),
    'n': s2i(n),
    'gx': s2i(gx),
    'gy': s2i(gy)
   })
 return curves
 
curves = get_loader_curves('ldr_curves') #SELECT TYPE OF CURVES HERE, LDR_CURVES USED AS DEFAULT
 
def get_curve_parameters(type):
 params = curves[type]
 return params['p'], params['a'], params['b'], params['n'], params['gx'], params['gy']
 
curve_type = 0x27 # SELECT CURVE TYPE HERE, SD CURVE TYPE AS DEFAULT
p, a, b, n, gx, gy = get_curve_parameters(curve_type) # parameters
c = ecdsa.ellipticcurve.CurveFp(p, a, b) # curve equation
g = ecdsa.ellipticcurve.Point(c, gx, gy, n) # generator point
q = ecdsa.ellipticcurve.Point(c, gx, gy) # public point
 
k = 0x000000000000000000000000000000000001000000L # TODO: PLACE PRIVATE KEY HERE , USED SD KEY AS DEFAULT
public_key = ecdsa.ecdsa.Public_key(g, g * k)
 
print 'Qx: {0:040X}'.format(public_key.point.x())
print 'Qy: {0:040X}'.format(public_key.point.y())

Lv0 Passwords[edit source]

Lv0 sends this value to SPU when it loads lv1.self. Check is inside lv1ldr.

version password
3.40 - 3.42 9CD17AA7DBBFDE9B38F443F1F422B96E
3.50 C11BBA042177DA40E26C9A2CFB03978C
3.55 87746DC81CAE22812C44FC0E4F95338C
3.56 62E3F39DB055BDB16CBE68F79206FCC9
3.60 - 3.61 24D584F6452DD2AFF51A274A315CEC28
3.65 - 3.66 6B7CD8A6E714F28DAF10254303A25ED1
3.70 - 3.74 70D9A205D09B1D26AD00CA0213CC0B8D
4.00 - 4.11 8005ADF19082F027E19E947DC5A51A05
4.20 - 4.91 25EFE04B1D920B48CFFDCE7D43F438F1

RSA Source Example[edit source]

Unknown Triple_DES key?[edit source]

Key = F1660C455AB510B98B42660B8FB0476402C503052DB2AC87
IV  = 6991982C9598E77C
  • Location: explore_plugin.sprx

SacModule[edit source]

Key = 01A325C749EB6DF8E9C7AF856D432B10
IV  = D23785A490CBE1860F1D249CE56F73AB
Data.enc = 5745E719A338CD681D02D7089A40FBF6D1E4206780ED0922E049B5BF69959DA3
Data.dec = 6794C8666FB90DF0B6350B1816D5C8F010101010101010101010101010101010

First 0x10 bytes only used from the decrypted data.

Key2 = 10CC98B53A7C4462B8700923E613FA39
IV2  = B07985E490BCB8520F1D639CE56F73AB
Data2.enc = E172AC67EFD5FB5EC97EC180592D17F2 .... 5A79457925B6678D3866ADC53C4658EE
Data2.dec = 00A09853C2AF506F5F8876AB4543233C .... 4334097D2FDD1C090909090909090909

There are 2 blobs inside:

  • 1) offset = 0, size = 0xAF.
  • 2) offset 0xB7, size = 0x240.

Second part contains RSA-1024 Private keyset, used to sign some data.

rsa sig pub: BF4F654ED270FE7EA234B0503EA6428CC65496E652380F308FA74165F2A4571CBCA16D7A7FF381E1D92F93AFD465D671C2C1478F58D5D48CB45624A528F69603
             6C21746224A4956D625087139679064961139227C9D001769D8250CA3E54FCDBDE311DA0B2B1EF13BDA3241E11C8FFB8BAB71879FB022730830612EC8F972305
rsa sig priv:4E6790A27436A0E66F3DDEC0945C794BCE809E737860C740E4AEEC6B86BCF982AA80122931453006CA86E825188C400DD17E7B0071ACF8F64D763C807FC0478C
             1B0DA0B18179DE1301D2BFE4B5D68682BEF06F532D331C026DE7BCE1E2F64F9D850A48602D4E1DE9358D7A4EDEF91388382439CE9F25B350ED511F4ED7E83545
rsa sig P:   F6B73A560471BB8DF71474F8682F7DF63FDC9F263CA9B76C43FB8090ADCF59D22BE2405C2D454A678D0B58942B47100CA4E3E9F03C4B5AB3B95ED77AF8168B4B
rsa sig Q:   C68268F30C242D5E234DF91ED0954D7C56AEEAA90EE554EB845473C6777182C92504C3AE6F7FEC44AF7C4C7963BD3E91B241D714A9D8D97B6B3041D2095A48EF
rsa sig DP:  BB5E3423978478983C8980BC1703DA79E5CE3BDFE23A525F1AD22AB5B60ABF806A6B8DCD73642839B458659141BCDA677FE2C78BF77E9307E3443009E7D7D739
rsa sig DQ:  39A67C0641FB6BB590393FE5441C68317917398D39873EBF5B620F718F14C72FD57169C70A18B3AC4AEEA56307A5593B84F27C1D432A7816D0CD660032B926BF
rsa sig QP:  71D9D08479685B74B35F318137865935E6DD4400888C97C24C08A0CD7B860809E361FE252E8638264D2E098D6303ADD1021B80AF4ACF210F0C4334097D2FDD1C
rsa enc pub: BE95A0C43EDEAADE777A54521F5B9836D8C1FA17071F12DDF1B30289CC9FB24200508B875E6F155F9AB8D8B808DB752682B20CAC56F8EA2276DB52D81E3195FE
             A31A539F9AB9E68232CC523735E18CEC41112AADF8A66DA782BA297AAC60CEA323B067D357B3410FCB84253159CAD55B6664FD888F196BB78EB2BE85EBEBDD1F

Unity Keys[edit source]

PS3:      I3-DDQR-F4PJ-5D8E-G4TT-DQS2
Vita:        I3-B2DJ-BSR5-HKTE-2HHH-9QR2

PS4:            I3-9HBF-CRK9-TDEA-422V-KDB5
Vita/PS4:    I3-M7AD-279S-X79U-FPTT-854R

PS3/Vita:    I3-CH9J-73FU-F25C-NVPU-7Q43
PS3/PS4:    I3-ZHZG-JS75-VJ5T-GJD4-EDTX

Fail Keys[edit source]

Sony's Hall of Shame, see Fail_Keys