Talk:Seeds: Difference between revisions
Jump to navigation
Jump to search
Line 81: | Line 81: | ||
=== EID0 Section (PSP) === | === EID0 Section (PSP) === | ||
* Size: | * Size: 0xB8 bytes. | ||
{|class="wikitable" | {|class="wikitable" |
Revision as of 02:08, 14 May 2022
SYSCON KeySlot Keys
0x000: A46BA2B83D4E7EE559F239E0087A3808 //0x00 Key 0x010: 5794BC8C2131B1E3E7EC61EF14C32EB5 //EID1 FLASH/CMAC KEY 0x020: 88228B0F92C4C36AF097F1FE948D27CE //EID1 EEPROM/CMAC KEY 0x030: A09631B4F8AFC77780CB6C9EEB0870FC //Used for SNVS 0x040: 48FF6BFA9C172C6E14AE444419CAF676 //Used for INIT (Used to obtain keys for 0x2A0 0x2B0 0x2C0 and 0x2D0) (encrypt 0x00 keyseed at eid1 with this key once for first, twice for second, thrice for third, and four times for last) 0x050: 9F1DF816BB4A4A0129D031CFB0AD9B30 //lv0::secure_com_lib_internal_key::session_key_create_key_0x00 0x060: D302FDE17578FBDBA1058449BA5C1BEA //lv0::secure_com_lib_internal_key::session_key_create_key_0x01 0x070: 0E6B7480E5CEB2562A3347BB41012455 //lv0::secure_com_lib_internal_key::session_key_create_key_0x02 0x080: 7910AC5D2AD16001F6A2783979096103 //lv0::secure_com_lib_internal_key::session_key_create_key_0x03 0x090: E3052804B7D2836F2879A1751BB40D48 //lv0::secure_com_lib_internal_key::session_key_create_key_0x04 0x0A0: EF586F9D599170676850590BA67D4BC7 //lv0::secure_com_lib_internal_key::session_key_create_key_0x05 0x0B0: 5D9598637AF25F8023623B1268B5131A //lv0::secure_com_lib_internal_key::session_key_create_key_0x06 0x0C0: 0EAA32140A2861D8659626F6CE2286DB //lv0::secure_com_lib_internal_key::session_key_create_key_0x07 0x0D0: 5EC26719DD05CF73E36358DEEC6EF10E //Used to encrypt keyseed 0x110 and forge time key 0x00 for second layer or keyseed 0x150 for first layer 0x0E0: 85BFE5F04826819F754F4B735438105B //Used to encrypt keyseed 0x120 and forge time key 0x01 for second layer or keyseed 0x150 for first layer 0x0F0: 767A0AA40672D75C2C57665243466FE0 //Used to encrypt keyseed 0x130 and forge time key 0x02 for second layer or keyseed 0x150 for first layer 0x100: 8D904F16239C6C56D20C3AAE424B6FDF //Used to encrypt keyseed 0x140 and forge time key 0x03 for second layer or keyseed 0x150 for first layer 0x110: A3ADB99A21E47ADFF3FD7FC3173981CA //lv0::secure_com_lib_internal_key::BE_SC_PayloadKey 0x120: 6933CEE7A518E5B8CBE1FC14B261B765 //lv0::secure_com_lib_internal_key::SC_BE_PayloadKey 0x130: 1762C80CA86683B7E76FE3853CCFE5DB //AUTH related 0x140: 0B3C10FF47FC9D3437CA80952CAE9170 //binary_patch_xorkey1 0x150: 8CD72FD3E1E537CB51D6F1FEEEB5CE4C //Archaic/Fallback key for encrypting 0x170 used to decrypt 0x2700 0x160: DED8B76BF948E396BDCF74F1DE1C64E4 //0x2710 Key 0x170: 7AB230EAD7DD151695878AEBB20812BC //0x2760 Key 0x180: 210623DCA298994DFE87F840FC481CBF //0x2790 Key 0x190: 7073147F753089CC7256D37113032E3C //0x26B0 0x26E0 0x26F0 key 0x1A0: A8DF3DBB4D0B526A0EAE3039C6A04F90 //0x26C0 Key 0x1B0: 259A8A939591C7D11CBA8682EEC7D50E //0x26D0 key 0x1C0: 0DC5F3557D30FE5DA4C2025FC6539AC2 0x1D0: 179C503127A8E8F594437B1C108357A7 //0x2700 Key 0x1E0: 9DABE2F04000E6B1F50AB83D40D0557C 0x1F0: 0935CC5123B33E6F10B63FE9DF2DC45F 0x200: 95C1751D2E8DACD240601CCD574E0719 0x210: 1D73B463CDB1F83569F06E50A642D855 0x220: 55A8E40D2AB591023B73227F2EAFE64C 0x230: 96ADD8F0A5244ABE9510F8EAB49972C4 0x240: A4DF5DE17AC739EB4E8099C2E46B2307 0x250: C1B18434EB022E09C729F15A09DFDF14 0x260: EF20E99282934F9AF14104B0F898DC11 0x270: 0678B72470078E1A0E0277CCB88B0F83 0x280: CFFDCA6FEA3C081FF1AF7AD00469BBAC 0x290: 3064E15DC05DC9A980DE02D9D49DCD18 0x2A0: 2113A661B89C1997A184036B9E17E085 0x2B0: 3EA37A4BF626183B5FF0A68D38CAFBF3 0x2C0: 0F342375B23EC2D02E6D2C4B97718E17 0x2D0: A867E44E51F394E281D9D6CBE6CB060A 0x2E0: 1ABB99A51544067BBA2BFB3812BA665E 0x2F0: F6FBA159EA3E2E060697E7A6BB57962F 0x300: 56833AFFCD666B2F8C9C8F77CABE72E5 0x310: C07F2D5DD66F5A423C3961B1C1727344 0x320: 0AC71FD7342CE320CEB86FA00472028F 0x330: 8D09452C7AD83C78AD1CE8D5B4249EBB 0x340: B37850A33DCF902EF9E419555279731B 0x350: EB224C1515FB354C5D766E8194F07433 0x360: F37150D7DB408521CDBB46C251970A1B 0x370: 23DD68A9764D598BE27BCFDDDAA1BD31 0x380: 3D2F75AF278184B146EB713DC689C46E 0x390: 4FD28840E70F2AA0C57130BED1B24E62 0x3A0: C1AFAD346B096A6E614386246A5788AA 0x3B0: 00B4467C2C6077B9A3A51B11B3034E7E 0x3C0: B265C5457B066F7E5037C6B0524A72E8 0x3D0: 2B826B3100E6A649F7D80F30C812EF77 0x3E0: CABE72E5634DFD185FCEBDFF3FAE5DF8 0x3F0: B2A7421C8757427FC46F2C29DB9E76ED
EID Structure
EID is made of 6 "partitions" from EID0 to EID5.
EID0
EID0 embeds 11 sections.
EID0 Section (PSP)
- Size: 0xB8 bytes.
Description | Length | Note |
---|---|---|
Data | 0x10 | contains the actual data of the file (either idps or psid) |
plaintext public key | 0x28 | contains the section's public key (without padding) |
R | 0x14 | part of the ecdsa signature pair (r,s) |
S | 0x14 | part of the ecdsa signature pair (r,s) |
public key | 0x28 | ecdsa public key (can be used to verify ecdsa signature RS) |
encrypted private key | 0x20 | encrypted blob that contains the section's KIRK 0xC private key (with random padding) |
cmac | 0x10 | cmac of the previous section (0xA8 bytes) |
EID0 Section (PS3)
- Size: 0xC0 bytes.
Description | Length | Note |
---|---|---|
Data | 0x10 | contains the actual data of the file (either idps or psid) |
plaintext public key | 0x28 | contains the section's public key (without padding) |
R | 0x14 | part of the ecdsa signature pair (r,s) |
S | 0x14 | part of the ecdsa signature pair (r,s) |
public key | 0x28 | ecdsa public key (can be used to verify ecdsa signature RS) |
encrypted private key | 0x20 | encrypted blob that contains the section's private key (with padding) |
cmac | 0x10 | hash of the previous information in CMAC mode |
padding | 0x8 | zero byte padding for AES 128 bits encryption |
EID0 Section (Vita)
- Size: 0xE0 bytes.
Description | Length | Note |
---|---|---|
Data | 0x10 | contains the actual data of the file (either idps or psid) |
plaintext public key | 0x38 | contains the section's public key (without padding) |
R | 0x1C | part of the ecdsa signature pair (r,s) |
S | 0x1C | part of the ecdsa signature pair (r,s) |
public key | 0x38 | ecdsa public key (can be used to verify ecdsa signature RS) |
encrypted private key | 0x20 | encrypted blob that contains the section's private key (with padding) |
cmac | 0x20 | hash of the previous information in CMAC mode |
padding | 0x8 | zero byte padding for AES 128 bits encryption |
EID1
- Size: 0x2A0 bytes.
Offset | Length | Description |
---|---|---|
0 | 0x10 | INIT Seed |
0x10 | 0x80 | AUTH1 Reencrypted Keyseeds |
0x90 | 0x80 | AUTH2 Reencrypted Keyseeds |
0x110 | 0x40 | Keyseeds (Time Service Purpose) |
0x150 | 0x10 | KeySeed (SNVS/Time Related) |
0x160 | 0x120 | Padding (Zeroes) |
0x280 | 0x10 | CMAC of Encrypted Data Using Master Key 0x20 if on EEPROM to CMAC (and encrypt/decrypt) or Master Key 0x10 if on FLASH |
0x290 | 0x10 | CMAC of Encrypted FLASH Data Using Perconsole Key encrypted using root key and EID1 Seeds |
EID2
- Size: 0x730 bytes.
Related to BD drive. See Hypervisor_Reverse_Engineering#Remarrying.
Description | Length | Note |
---|---|---|
Header | 0x20 | |
P(rimary) block | 0x80 | contains bd drive info, including encrypted drive-auth keys |
S(econdary) block | 0x690 | contains bd drive info |
EID3
- Size: 0x100 bytes.
Related to Communicatio. See Hypervisor_Reverse_Engineering#Communication.
Offset | Description | Length | Note |
---|---|---|---|
0x00 | Header | 0x20 | contains ckp_management_id, size of cprm keys + sha1 digest + padding and nonce |
0x20 | cprm player keys | 0xB8 | |
0xD8 | sha1 digest | 0x14 | sha1 digest of previous section |
0xEC | padding | 0x4 | |
0xF0 | omac1 digest | 0x10 | omac1 digest of whole eid3 |
EID4
- Size: 0x30 bytes.
Description | Length | Note |
---|---|---|
Drive Key 1 | 0x10 | Encrypts data sent from host to bd drive |
Drive Key 2 | 0x10 | Decrypts data sent from bd drive to host |
CMAC/OMAC1 | 0x10 | Hash of the previous bytes in CMAC/OMAC1 mode |
EID5
- Size: 0xA00 bytes.
The largest and quite possibly the most important EID of all 6. It's unknown what is inside this specific EID. We'll probably never know what's inside it without analyzing every possible clue about the PS3. And even then, it might be impossible to find its real use. Its size is similar to EID0, but it has an additional 0x1A0 bytes.
Time Constants
358B2E4BDA394A185D4F5407594C20E4 (FFs encrypted with garbage key 79 times) 08A4FD2A2A8D6DA788F9AB9626B3A991 (FFs encrypted with garbage key 80 times) E01B01CF9C7FBC7D79D670086DAF497F (FFs encrypted with garbage key 81 times) 9BD3A5D5178DDE1D825344AE398113DD (FFs encrypted with garbage key 82 times) FF525D8BF4422CC76B13AA47FA2CC369 (FFs encrypted with garbage key 83 times) 83A720CD45D18FB3D4112888187E3040 (FFs encrypted with garbage key 84 times) 702B91D8E6ACEEC4B801315F357E1EE3 (FFs encrypted with garbage key 85 times) 2DA1081408D72C41AFC1B61AE7C9882D (FFs encrypted with garbage key 86 times)