Editing Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 3,163: Line 3,163:
== Crash Dump KeySeed ==
== Crash Dump KeySeed ==


Crash Dump Master keys (kd, kc):
<pre>
<pre>
kd, kc
KEYS = [
KEYS = [
     ['',''],
     ['',''],
Line 3,173: Line 3,173:
]
]
</pre>
</pre>
* Crash Dump AES-256-CBC-CFB IV = b'0000000000000000'
* Remark: kd and kc names may have been wrongly assigned in fail0verflow's writeup because kd should stand for Digest Key and kc for Cipher Key.
=== Usage for generation and unpacking ===
For generation, the kd key is used to encrypt the OpenPSID that will be stored in the header:
* OPENPSID_ENC = aes_ecb_encrypt(kd, OpenPSID)
For both generation and decryption, from the kc key and the encrypted OpenPSID are derived 2 keys:
* Crash Dump AES-256-CBC-CFB Key = hmac_sha256(kc, OPENPSID_ENC)[:0x10]
* Crash Dump HMAC-SHA256 Key = hmac_sha256(kc, OPENPSID_ENC)[0x10:]
For data encryption:
* Encrypted Data = AES.new(Crash Dump AES-256-CBC-CFB Key, AES.MODE_CBC, Crash Dump AES-256-CBC-CFB IV).encrypt(DATA)
* Remark: The algorithm should actually be AesCbcCfb128Encrypt but it is always block-size multiple in crashdump usage.
For signature generation:
* Digest in Final Header = hmac_sha256(Crash Dump HMAC-SHA256 Key, secure_header (aligned to 0x80) + DATA_ENC (without final_header))
* Remark: 0x80 bytes of secure_header are hashed for the data_hmac but only 0x14 bytes (actual used bytes) are actually written to disk.
For decryption, the kd key is used to decrypt the OpenPSID provided in the header:
* OpenPSID = aes_ecb_decrypt(kd, OPENPSID_ENC)
* Remark: for decryption the user does not have to know the OpenPSID as the encrypted OpenPSID is embedded in the Crash Dump header.
For signature verification:
* Digest in Final Header = hmac_sha256(Crash Dump HMAC-SHA256 Key, secure_header (aligned to 0x80) + DATA_ENC (without final_header))
* Remark: 0x80 bytes of secure_header are hashed for the data_hmac but only 0x14 bytes (actual used bytes) are actually written to disk.
For data decryption:
* Decrypted Data = AES.new(Crash Dump AES-256-CBC-CFB Key, AES.MODE_CBC, Crash Dump AES-256-CBC-CFB IV).decrypt(DATA_ENC)
* Remark: The algorithm should actually be AesCbcCfb128Decrypt but it is always block-size multiple in crashdump usage.
See also:
* Crash Dump decryption and verification implemented in: https://github.com/TeamFAPS/PS4-RE-tools/tree/master/ps4-crash-dump-decrypt
* Crash Dump analysis (parsing after decryption and verification) implemented in: https://fail0verflow.com/blog/2017/ps4-crashdump-dump


== PFS Keystone Keys ==
== PFS Keystone Keys ==
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)

Template used on this page:

Retrieved from "http://www.psdevwiki.com/ps4/Keys"