Editing Keystone

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
This file is generated on app package generation based on the passcode provided. It is then included in every savedata and trophy created by the application.
This file is generated on app package generation based on the passcode provided. It is then included in every savegame created by the app.
It is used to prevent apps from mounting savedata of other apps, as you need to know at least the fingerprint to do it.


It is used to prevent applications from mounting savedata of other applications, as you need to know at least the fingerprint to do it.
== Passcode ==


See also [https://wiki.henkaku.xyz/vita/Keystone PS Vita Keystone].
The passcode is a 32 character string used on package generation to create the keystone file.
 
= PS4 =
 
== Location ==
 
The keystone file is located in the sce_sys folder of every applications/patches/additional contents/savedata/trophies. It is PFS encrypted.
 
<save data directory>:/sce_sys/keystone


== Structure ==
== Structure ==


Size is always 96 bytes.
Size is always 96 (0x60) bytes for both PS4 and PSVita.


{| class="wikitable"
{| class="wikitable"
! Offset !! Size !! Description !! Notes
! Offset !! Size !! Description !! Example
|-
| 0x0 || 0x8 || Magic || "keystone"
|-
| 0x8 || 0x2 || Type || always 2
|-
| 0xA || 0x2 || Version || always 1
|-
|-
| 0xC || 0x14 || Padding || always zeroed
| 0x0 || 0x20 || MAGIC ("keystone") and some constant bytes || 6b 65 79 73 74 6f 6e 65 02 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|-
|-
| 0x20 || 0x20 || Passcode Digest || HMAC-SHA256 digest made with keystone_passcode_secret as key
| 0x20 || 0x20 || HMAC-SHA256 (32 bytes) of the bytes of the passcode using keystone_passcode_secret as key ||
|-
|-
| 0x40 || 0x20 || Keystone Digest || HMAC-SHA256 digest made with keystone_ks_secret as key
| 0x40 || 0x20 || HMAC-SHA256 (32 bytes) of the previous two sections using keystone_ks_secret as key ||
|}
|}


== Usage ==
== Sample keystone file generation ==
 
'''CSharp'''
=== Generation ===
 
SCE provides in official PS4 SDK a tool called pc2ks that converts a passcode to a keystone.
 
Below is a simple reimplementation of PS4 pc2ks in '''python3''' by SocraticBliss.
<source lang="python3">
from binascii import unhexlify as uhx
import hashlib
import hmac
import sys
 
keystone_passcode_secret = uhx('C74405F67424BA342BC1276251BBC2F555F16025B6A1B6714780DBAEC852FA2F')
keystone_ks_secret = uhx('783D6F3AE91C0E0712FCAAB7950BDE06855CF7A22DCDBDE127E9BFCBAD0FF0FE')
 
keystone = '6B657973746F6E65020001000000000000000000000000000000000000000000'
 
def main(argc, argv):
    passcode = '00000000000000000000000000000000'
 
    if argc == 2:
        if len(argv[1]) == 32:
            passcode = argv[1]
        else:
            print('\nERROR: Passcode Must Be 32 Digits!')
            sys.exit(1)
 
    print('\npasscode = %s' % passcode)
    fingerprint = hmac.new(keystone_passcode_secret, passcode.encode(encoding = 'UTF-8'), hashlib.sha256).hexdigest().upper()
    print('fingerprint = %s' % fingerprint)
    sha256hmac  = hmac.new(keystone_ks_secret, uhx(keystone + fingerprint), hashlib.sha256).hexdigest().upper()
    print('sha256hmac  = %s' % sha256hmac)
 
    print('\nkeystone\n%s\n%s\n%s' % (keystone, fingerprint, sha256hmac))
 
if __name__=='__main__':
    sys.exit(main(len(sys.argv), sys.argv))
</source>
 
Below is a simple reimplementation of PS4 pc2ks in '''CSharp'''.
<source lang="csharp">
<source lang="csharp">
public static byte [] GenerateKeystoneFile (string passcode)
public static byte [] GenerateKeystoneFile (string passcode)
Line 102: Line 49:
     // 6. Concat the constant bytes from point 1, the fingerprint from point 3 and the hmac from point 5
     // 6. Concat the constant bytes from point 1, the fingerprint from point 3 and the hmac from point 5
     keystone = keystone.Concat(sha256hmac).ToArray();
     keystone = keystone.Concat(sha256hmac).ToArray();


     return keystone;
     return keystone;
}
}
</source>
</source>


=== Verification ===
== Sample keystone file ==
 
The first step is to check the Digest of the keystone file (using VerifyKeystone). The process is to use the <code>keystone_ks_secret</code> to check the <code>keystone Digest</code> at position 0x40 in the file.
 
If it is correct, it proceeds to check the passcode Digest, ?which is not present on retail units?. Use <code>keystone_passcode_secret</code> to calculate the digest of the <code>passcode</code> stored at offset 0x20.
 
= Sample keystone file =


Below is a sample keystone file created when provided a passcode consisting of all zeros "00000000000000000000000000000000":
Sample keystone file created when provided a passcode consisting of all zeros "00000000000000000000000000000000":
<pre>
<pre>
The first 32 are constant:
The first 32 are constant:
Please note that all contributions to PS4 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS4 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)