Editing Sealedkey / pfsSKKey
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
This key can be found on different places and will be used for eg. SaveGame or Trophy Data decryption and encryption. | |||
==== Paths ==== | |||
= | |||
== | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! Kind !! Path | ! Kind !! Path | ||
|- | |- | ||
| | | Trophys || /user/home/[[User ID|user Id]]/trophy/data/[[sce_trop]]/sealedkey | ||
|- | |- | ||
| | | SaveGames || /user/home/[[User ID|user Id]]/[[NP Title ID|title Id]]/[[save data directory]]/[[sce_sys]]/ | ||
|} | |} | ||
= Structure = | == Structure == | ||
- size always 96 bytes | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! | ! From !! To !! Description | ||
|- | |- | ||
| | | 00 || 07 || Magic ("pfsSKKey") (?playstation file system sealed key key?) | ||
|- | |- | ||
| | | 08 || 0F || Version (game=1 or version ?) | ||
|- | |- | ||
| | | 10 || 1F || IV (16 bytes) | ||
|- | |- | ||
| | | 20 || 3F || Sealed Key (32 bytes) | ||
|- | |- | ||
| | | 40 || 5F || SHA-256 (32 bytes) | ||
|- | |||
|} | |} | ||
'''C''' | |||
<source lang="c"> | <source lang="c"> | ||
typedef struct { | |||
const char magic[8]; | |||
unsigned long version; | |||
unsigned char iv[16]; | |||
unsigned char key[32]; | |||
unsigned char digest[32]; | |||
} sealed_key; | |||
</source> | </source> | ||
== | == De/En -Crypting == | ||
Can be decrypted by asking the OS to do it for you. You will need kernel rights to be able to ask the PS4 for it. | |||
<source lang="c"> | |||
/* Decryption */ | |||
#define USER1 10000000 | |||
#define usb0 "/mnt/usb0/" | |||
#define usb1 "/mnt/usb1/" | |||
#define pfs "decrypted_pfsSKKey.key" | |||
typedef unsigned char byte; /* byte defination for c/c++ */ | |||
char usb_error = "[-] ERROR: Can't access usb0 nor usb1!\n[-] Will return now to caller.\n" | |||
char usb0path, usb1path; | |||
byte pfsSKKey[96]; | |||
/* Get's the encrypted sealed key based on user id */ | |||
byte get_pfsSKKey(char userID) { | |||
FILE *pfskey = fopen("/user/home/" + userID + "/trophy/data/sce_trop/sealedkey", "rb"); | |||
| | if (pfskey == NULL) return 0; | ||
|- | |||
byte pfsSKKey[96]; | |||
fread(pfsSKKey, 96, 1, pfskey); | |||
fclose(pfskey); | |||
return pfsSKKey; | |||
} | |||
/* Dump the sealedkey. Send over tcp and save to file */ | |||
int dumpDecryptedSealedKey(int to) { | |||
if (to != 0 || to != 1) return -2; | |||
== | |||
byte pfsSKKey; | |||
if (sizeof((pfsSKKey = get_pfsSKKey(USER1))) != 96) { | |||
* | knet_printf("[-] Can not load the sealed key!\n"); | ||
kernel.printf("[-] Can not load the sealed key!\n"); | |||
return -1; | |||
} | |||
/* Now decrpyt the key */ | |||
byte decyrpted_pfsSKKey[16]; | |||
int i = kernel.sceSblSsDecryptSealedKey(pfsSKKey, decrpyted_pfsSKKey); | |||
knet_printf("[+] sceSblSsDecryptSealedKey returned %d\n", i); | |||
kernel.printf("[+] sceSblSsDecryptSealedKey returned %d\n", i); | |||
/* Sending over tcp */ | |||
if (i) { | |||
if (to == 0) { | |||
knet_printf("[+] Your decrypted sealedkey = "); | |||
kernel.printf("[+] Your decrypted sealedkey = "); | |||
for(int x =0; x < 0x10; x++) { | |||
knet_printf("%02X", dec_pfsSKKey[x]); | |||
kernel.printf("%02X", dec_pfsSKKey[x]); | |||
} | |||
knet_printf("\n"); | |||
kernel.printf("\n"); | |||
return 1; | |||
} /* Saving to file */ | |||
else { | |||
knet_printf("[+] Will try to save to file..."); | |||
kernel.printf("[+] Will try to save to file..."); | |||
usb0path = usb0 + pfs; | |||
usb1path = usb1 + pfs; | |||
FILE *dump = fopen(usb0path, "wb"); | |||
if (dump == NULL) { | |||
dump = fopen(usb1path, "wb"); | |||
if (dump == NULL) { | |||
knet_printf("fail!\n" + usb_error); | |||
kernel.printf("fail!\n" + usb_error); | |||
return -3; | |||
} | |||
} | |||
fwrite(dec_pfsSKKey, 16, 1, dump); | |||
knet_printf("done!\n"); | |||
kernel.printf("done!\n"); | |||
fclose(dump); | |||
return 1; | |||
} | |||
} | |||
else { | |||
knet_printf("[+] Error!\n"); | |||
kernel.printf("[+] Error!\n"); | |||
} | |||
return -1; | |||
} | |||
</source> |