Talk:HDD Encryption: Difference between revisions
m (→HDD's end) |
m (→HDD's end: waiting for other players...) |
||
Line 38: | Line 38: | ||
! Chunk !! Offset !! Length !! Example !! Description !! Notes | ! Chunk !! Offset !! Length !! Example !! Description !! Notes | ||
|- | |- | ||
| rowspan="6" | 1 || 0x0 || 0x10 || A2A0D0EBE5B9334487C068B6B72699C7 || || ''' | | rowspan="6" | 1 || 0x0 || 0x10 || A2A0D0EBE5B9334487C068B6B72699C7 || || '''partitions common key''' ? | ||
|- | |- | ||
| 0x10 || 0x10 || DA7BD0E6BE941449B84EDE147F9705BA || || '''partition1 | | 0x10 || 0x10 || DA7BD0E6BE941449B84EDE147F9705BA || || '''partition1 key''' ? | ||
|- | |- | ||
| 0x20 || 0x8 || 2200000000000000 || '''partition1 start sector''' || in big endian: 22 | | 0x20 || 0x8 || 2200000000000000 || '''partition1 start sector''' || in big endian: 22 | ||
Line 50: | Line 50: | ||
| 0x38 || 0x48 || p r i m a r y || '''partition type''' || ''identifyer'' ? | | 0x38 || 0x48 || p r i m a r y || '''partition type''' || ''identifyer'' ? | ||
|- | |- | ||
| rowspan="6" | 2 || 0x80 || 0x10 || A2A0D0EBE5B9334487C068B6B72699C7 || || ''' | | rowspan="6" | 2 || 0x80 || 0x10 || A2A0D0EBE5B9334487C068B6B72699C7 || || '''partitions common key''' ? | ||
|- | |- | ||
| 0x90 || 0x10 || FB2718C324FC9947907A18267C30F0FE || || '''partition2 | | 0x90 || 0x10 || FB2718C324FC9947907A18267C30F0FE || || '''partition2 key''' ? | ||
|- | |- | ||
| 0xA0 || 0x8 || 00583C0000000000 || '''partition2 start sector''' || in big endian: 3C5800 | | 0xA0 || 0x8 || 00583C0000000000 || '''partition2 start sector''' || in big endian: 3C5800 |
Revision as of 05:06, 16 September 2013
Getting keys the easier way
First you need to get the sb_iso_spu_module.self individuals seed that can be found in the metadata header:
D9 2D 65 DB 05 7D 49 E1 A6 6F 22 74 B8 BA C5 08 83 84 4E D7 56 CA 79 51 63 62 EA 8A DA C6 03 26 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 C3 B3 B5 AA CC 74 CD 6A 48 EF AB F4 4D CD F1 6E 37 9F 55 F5 77 7D 09 FB EE DE 07 05 8E 94 BE 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
also found in lv1ldr
Using your console specific eid_root_key/iv (e.g. from metldr dump) and libeeid you can then generate the keys directly by calling
u8 indivs[0x100]; u8 chunk1[0x40] = {0xD9, 0x2D, /*...*/, 0x00}; u8 chunk2[0x40] = {0xC3, 0xB3, /*...*/, 0x00}; indiv_gen(chunk1, chunk2, NULL, NULL, indivs);
Now you have your console specific ATA data key in indivs[0x00-0x20] and the ATA tweak key in indivs[0x40-0x60] :)
About "ENCDEC IV and key"
This key/iv pair set by metldr is your eid_root_key, it's not just used for one purpose. (-> https://nwert.wordpress.com/2012/07/11/eeid-cryptography/)
HDD's end
This was found at the end of an HDD backup, 41 sectors from the end, 33 sectors in size, followed by zero bytes (8 sectors) It's very uncanny how this is formed after decryption. Maybe there's a new layer of encryption at the end of the disc?
https://dl.dropboxusercontent.com/u/35197530/hddend.bin
Chunk | Offset | Length | Example | Description | Notes |
---|---|---|---|---|---|
1 | 0x0 | 0x10 | A2A0D0EBE5B9334487C068B6B72699C7 | partitions common key ? | |
0x10 | 0x10 | DA7BD0E6BE941449B84EDE147F9705BA | partition1 key ? | ||
0x20 | 0x8 | 2200000000000000 | partition1 start sector | in big endian: 22 | |
0x28 | 0x8 | E5513C0000000000 | partition1 end sector | in big endian: 3C51E5 | |
0x30 | 0x8 | 0000000000000000 | not used | ||
0x38 | 0x48 | p r i m a r y | partition type | identifyer ? | |
2 | 0x80 | 0x10 | A2A0D0EBE5B9334487C068B6B72699C7 | partitions common key ? | |
0x90 | 0x10 | FB2718C324FC9947907A18267C30F0FE | partition2 key ? | ||
0xA0 | 0x8 | 00583C0000000000 | partition2 start sector | in big endian: 3C5800 | |
0xA8 | 0x8 | FF37B60000000000 | partition2 end sector | in big endian: B637FF | |
0xB0 | 0x8 | 0000000000000000 | not used | ||
0xB8 | 0x48 | p r i m a r y | partition type | identifyer ? | |
3 | 0x100 | 0x80 | not used | filled with zeroes | |
4 | 0x180 | 0x80 | not used | filled with zeroes |
- Notes
- divided in 4 chunks of 0x80 each
- values in the column "offsets" in the table are relative to the sector start
- partition start and end sectors are stored in little endian