Sealedkey / pfsSKKey: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
(→‎De/En -Crypting: forgot about that c don't know 'string + string')
Line 55: Line 55:
Can be decrypted by frindly asking the OS to do it for you. You will need kernel rights to be able to ask the PS4 for it.
Can be decrypted by frindly asking the OS to do it for you. You will need kernel rights to be able to ask the PS4 for it.
<source lang="c">
<source lang="c">
  /* Decryption */
  /* Decryption */  
#define USER1 10000000
#define usb0  "/mnt/usb0/"
#define usb1  "/mnt/usb1/"
#define pfs  "decrypted_pfsSKKey.key"
  #define foreach(item, array) \
  #define foreach(item, array) \
     for (int keep = 1, \
     for (int keep = 1, \
Line 70: Line 65:
   
   
  typedef unsigned char byte;              /* byte defination for c/c++ */
  typedef unsigned char byte;              /* byte defination for c/c++ */
const char USER1 = "10000000";
const cahr usb0 = "/mnt/usb0/";
const char usb1 = "/mnt/usb1/";
const char pfs = "dec_pfsSK.Key";
const char home = "/user/home/";
const char tropkey = "/trophy/data/sce_trop/sealedkey";
  char usb_error = "[-] ERROR: Can't access usb0 nor usb1!\n[-] Will return now to caller.\n"
  char usb_error = "[-] ERROR: Can't access usb0 nor usb1!\n[-] Will return now to caller.\n"
  char usb0path, usb1path;
  char usb0path[(sizeof(usb0) + sizeof(pfs))];
char usb1path[sizeof(usb0path)];
  byte pfsSKKey[96];
  byte pfsSKKey[96];
   
   
  /* Get's the encrypted sealed key based on user id */
  /* Get's the encrypted sealed key based on user id */
  byte get_pfsSKKey(char userID) {
  byte get_pfsSKKey(const char *userID, const char path) {
     FILE *pfskey = fopen("/user/home/" + userID + "/trophy/data/sce_trop/sealedkey", "rb");  
    char toOpen[(sizeof(home) + sizeof(userID) + sizeof(path))];
     FILE *pfskey = fopen(snprintf(toOpen, sizeof(toOpen), %s%s%s, home, userID, path), "rb");  
     if (!pfskey) return NULL;
     if (!pfskey) return NULL;
    
    
Line 89: Line 92:
     if (to != 0 || to != 1) return -2;
     if (to != 0 || to != 1) return -2;
   
   
     byte pfsSKKey;
     byte enc_pfsSKKey;
     if (sizeof((pfsSKKey = get_pfsSKKey(USER1))) != 96) {
     if (sizeof((enc_pfsSKKey = get_pfsSKKey(USER1, tropkey))) != 96) {
         knet_printf("[-] Can not load the sealed key!\n");
         printf("[-] Can not load the sealed key!\n");
        kernel.printf("[-] Can not load the sealed key!\n");
         return -1;
         return -1;
     }
     }
   
   
     /* Now decrpyt the key */
     /* Now decrpyt the key */
     byte decyrpted_pfsSKKey[16];
     byte dec_pfsSKKey[16];
     int i = kernel.sceSblSsDecryptSealedKey(pfsSKKey, decrpyted_pfsSKKey);
     int i = kernel.sceSblSsDecryptSealedKey(enc_pfsSKKey, dec_pfsSKKey);
     knet_printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);
     printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);  
    kernel.printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);
   
   
     /* Sending over tcp */
     /* Sending over tcp */
     if (i) {
     if (i) {
         if (!to) {
         if (!to) {
             knet_printf("[+] Your decrypted sealedkey = ");
             printf("[+] Your decrypted sealedkey = ");
            kernel.printf("[+] Your decrypted sealedkey = ");
   
   
             foreach(byte *val, dec_pfsSKKey) {
             foreach(byte *val, dec_pfsSKKey) {
                 knet_printf("%02X", *val);
                 printf("%02X", *val);
        kernel.printf("%02X", *val);
             }
             }
             knet_printf("\n");
             printf("\n");
            kernel.printf("\n");
             return 1;
             return 1;
         }
         }
         else { /* Saving to file */
         else { /* Saving to file */
             knet_printf("[+] Will try to save to file...");
             printf("[+] Will try to save to file...");
            kernel.printf("[+] Will try to save to file...");
     
     
             usb0path = usb0 + pfs;
             snprintf(usb0path, sizeof(usb0path), %s%s, usb0, pfs);
             usb1path = usb1 + pfs;
             snprintf(usb1path, sizeof(usb1path), %s%s, usb1, pfs);
             FILE *dump = fopen(usb0path, "wb");
             FILE *dump = fopen(usb0path, "wb");
   
   
Line 127: Line 124:
                 dump = fopen(usb1path, "wb");
                 dump = fopen(usb1path, "wb");
                 if (!dump) {
                 if (!dump) {
                     knet_printf("fail!\n" + usb_error);
                     printf("fail!\n" + usb_error);
                    kernel.printf("fail!\n" + usb_error);
                     return -3;
                     return -3;
                 }
                 }
             }
             }
             fwrite(dec_pfsSKKey, 16, 1, dump);
             fwrite(dec_pfsSKKey, 16, 1, dump);
             knet_printf("done!\n");
             printf("done!\n");
            kernel.printf("done!\n");
             fclose(dump);
             fclose(dump);
             return 1;
             return 1;
         }
         }
     }
     }
     else {
     else printf("[+] Error!\n");
        knet_printf("[+] Error!\n");
        kernel.printf("[+] Error!\n");
    }
     return -1;
     return -1;
  }
  }
</source>
</source>

Revision as of 06:20, 14 October 2016

This key can be found on different places and will be used for eg. SaveGame or Trophy Data decryption and encryption.

Paths

Kind Path
Trophys /user/home/user Id/trophy/data/sce_trop/sealedkey
SaveGames /user/home/user Id/title Id/save data directory/sce_sys/

Structure

- size always 96 bytes

From To Description
00 07 MAGIC ("pfsSKKey") (?playstation file system sealed key key?)
08 0F Category (game=1 or version ?)
10 1F IV (16 bytes)
20 3F Encrypted key (32 bytes)
40 5F SHA-256 (32 bytes)

C

 typedef struct sealedkey {
     const unsigned char MAGIC[8];
     const unsigned char CAT[8];
     const unsigned char IV[16];
     const unsigned char KEY[32];
     const unsigned char SHA256[32];
 } selaedkey;

CSharp

 protected internal struct sealedkey {
     internal static byte[] MAGIC = new byte[8];
     internal static byte[] CAT = new byte[8];
     internal static byte[] IV = new byte[16];
     internal static byte[] KEY = new byte[32];
     internal static byte[] SHA256 = new byte[32];
 }

Note: You can't use a const byte[] defination in C#. It need to be a static byte[].

De/En -Crypting

Can be decrypted by frindly asking the OS to do it for you. You will need kernel rights to be able to ask the PS4 for it.

 /* Decryption */ 
 #define foreach(item, array) \
     for (int keep = 1, \
              count = 0, \
              size = sizeof(array) / sizeof(*array); \
          keep && count != size; \
          keep = !keep, count++) \
         for (item = (array) + count; keep; keep = !keep)
 
 typedef unsigned char byte;              /* byte defination for c/c++ */
 const char USER1 = "10000000";
 const cahr usb0 = "/mnt/usb0/";
 const char usb1 = "/mnt/usb1/";
 const char pfs = "dec_pfsSK.Key";
 const char home = "/user/home/";
 const char tropkey = "/trophy/data/sce_trop/sealedkey";
 char usb_error = "[-] ERROR: Can't access usb0 nor usb1!\n[-] Will return now to caller.\n"
 char usb0path[(sizeof(usb0) + sizeof(pfs))];
 char usb1path[sizeof(usb0path)];
 byte pfsSKKey[96];
 
 /* Get's the encrypted sealed key based on user id */
 byte get_pfsSKKey(const char *userID, const char path) {
     char toOpen[(sizeof(home) + sizeof(userID) + sizeof(path))];
     FILE *pfskey = fopen(snprintf(toOpen, sizeof(toOpen), %s%s%s, home, userID, path), "rb"); 
     if (!pfskey) return NULL;
  
     byte pfsSKKey[96];
     fread(pfsSKKey, 96, 1, pfskey);
     fclose(pfskey);
     return pfsSKKey;
 }
 
 /* Dump the sealedkey. Send over tcp and save to file */
 int dumpDecryptedSealedKey(int to) {
     if (to != 0 || to != 1) return -2;
 
     byte enc_pfsSKKey;
     if (sizeof((enc_pfsSKKey = get_pfsSKKey(USER1, tropkey))) != 96) {
         printf("[-] Can not load the sealed key!\n");
         return -1;
     }
 
     /* Now decrpyt the key */
     byte dec_pfsSKKey[16];
     int i = kernel.sceSblSsDecryptSealedKey(enc_pfsSKKey, dec_pfsSKKey);
     printf("[+] sceSblSsDecryptSealedKey returned %d\n", i); 
 
     /* Sending over tcp */
     if (i) {
         if (!to) {
             printf("[+] Your decrypted sealedkey = ");
 
             foreach(byte *val, dec_pfsSKKey) {
                 printf("%02X", *val);
             }
             printf("\n");
             return 1;
         }
         else { /* Saving to file */
             printf("[+] Will try to save to file...");
	    
             snprintf(usb0path, sizeof(usb0path), %s%s, usb0, pfs);
             snprintf(usb1path, sizeof(usb1path), %s%s, usb1, pfs);
             FILE *dump = fopen(usb0path, "wb");
	  
             if (!dump) {
                 dump = fopen(usb1path, "wb");
                 if (!dump) {
                     printf("fail!\n" + usb_error);
                     return -3;
                 }
             }
             fwrite(dec_pfsSKKey, 16, 1, dump);
             printf("done!\n");
             fclose(dump);
             return 1;
         }
     }
     else printf("[+] Error!\n");
     return -1;
 }