Keystone: Difference between revisions
CelesteBlue (talk | contribs) |
|||
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
This file is generated on app package generation based on the passcode provided. It is then included in every | This file is generated on app package generation based on the passcode provided. It is then included in every savedata and trophy created by the application. | ||
It is used to prevent applications from mounting savedata of other applications, as you need to know at least the fingerprint to do it. | |||
The | See also [https://wiki.henkaku.xyz/vita/Keystone PS Vita Keystone]. | ||
= PS4 = | |||
== Location == | |||
The keystone file is located in the sce_sys folder of every applications/patches/additional contents/savedata/trophies. It is PFS encrypted. | |||
<save data directory>:/sce_sys/keystone | |||
== Structure == | == Structure == | ||
Size is always 96 | Size is always 96 bytes. | ||
{| class="wikitable" | {| class="wikitable" | ||
! Offset !! Size !! Description !! | ! Offset !! Size !! Description !! Notes | ||
|- | |- | ||
| 0x0 || | | 0x0 || 0x8 || Magic || "keystone" | ||
|- | |- | ||
| | | 0x8 || 0x2 || Type || always 2 | ||
|- | |- | ||
| 0x40 || 0x20 || HMAC-SHA256 | | 0xA || 0x2 || Version || always 1 | ||
|- | |||
| 0xC || 0x14 || Padding || always zeroed | |||
|- | |||
| 0x20 || 0x20 || Passcode Digest || HMAC-SHA256 digest made with keystone_passcode_secret as key | |||
|- | |||
| 0x40 || 0x20 || Keystone Digest || HMAC-SHA256 digest made with keystone_ks_secret as key | |||
|} | |} | ||
== | == Usage == | ||
'''CSharp''' | |||
=== Generation === | |||
SCE provides in official PS4 SDK a tool called pc2ks that converts a passcode to a keystone. | |||
Below is a simple reimplementation of PS4 pc2ks in '''python3''' by SocraticBliss. | |||
<source lang="python3"> | |||
from binascii import unhexlify as uhx | |||
import hashlib | |||
import hmac | |||
import sys | |||
keystone_passcode_secret = uhx('C74405F67424BA342BC1276251BBC2F555F16025B6A1B6714780DBAEC852FA2F') | |||
keystone_ks_secret = uhx('783D6F3AE91C0E0712FCAAB7950BDE06855CF7A22DCDBDE127E9BFCBAD0FF0FE') | |||
keystone = '6B657973746F6E65020001000000000000000000000000000000000000000000' | |||
def main(argc, argv): | |||
passcode = '00000000000000000000000000000000' | |||
if argc == 2: | |||
if len(argv[1]) == 32: | |||
passcode = argv[1] | |||
else: | |||
print('\nERROR: Passcode Must Be 32 Digits!') | |||
sys.exit(1) | |||
print('\npasscode = %s' % passcode) | |||
fingerprint = hmac.new(keystone_passcode_secret, passcode.encode(encoding = 'UTF-8'), hashlib.sha256).hexdigest().upper() | |||
print('fingerprint = %s' % fingerprint) | |||
sha256hmac = hmac.new(keystone_ks_secret, uhx(keystone + fingerprint), hashlib.sha256).hexdigest().upper() | |||
print('sha256hmac = %s' % sha256hmac) | |||
print('\nkeystone\n%s\n%s\n%s' % (keystone, fingerprint, sha256hmac)) | |||
if __name__=='__main__': | |||
sys.exit(main(len(sys.argv), sys.argv)) | |||
</source> | |||
Below is a simple reimplementation of PS4 pc2ks in '''CSharp'''. | |||
<source lang="csharp"> | <source lang="csharp"> | ||
public static byte [] GenerateKeystoneFile (string passcode) | public static byte [] GenerateKeystoneFile (string passcode) | ||
Line 49: | Line 102: | ||
// 6. Concat the constant bytes from point 1, the fingerprint from point 3 and the hmac from point 5 | // 6. Concat the constant bytes from point 1, the fingerprint from point 3 and the hmac from point 5 | ||
keystone = keystone.Concat(sha256hmac).ToArray(); | keystone = keystone.Concat(sha256hmac).ToArray(); | ||
return keystone; | return keystone; | ||
} | } | ||
</source> | </source> | ||
== | === Verification === | ||
The first step is to check the Digest of the keystone file (using VerifyKeystone). The process is to use the <code>keystone_ks_secret</code> to check the <code>keystone Digest</code> at position 0x40 in the file. | |||
If it is correct, it proceeds to check the passcode Digest, ?which is not present on retail units?. Use <code>keystone_passcode_secret</code> to calculate the digest of the <code>passcode</code> stored at offset 0x20. | |||
Sample keystone file created when provided a passcode consisting of all zeros "00000000000000000000000000000000": | = Sample keystone file = | ||
Below is a sample keystone file created when provided a passcode consisting of all zeros "00000000000000000000000000000000": | |||
<pre> | <pre> | ||
The first 32 are constant: | The first 32 are constant: | ||
00000000 6b 65 79 73 74 6f 6e | 00000000 6b 65 79 73 74 6f 6e 65 02 00 01 00 00 00 00 00 |keystone........| | ||
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| | 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| | ||
Fingerprint of the passcode: | Fingerprint of the passcode: | ||
00000020 29 4a 5e | 00000020 29 4a 5e d0 6d b1 70 61 8f 2e ed 8c 42 4b 9d 82 |)J^.m.pa....BK..| | ||
00000030 88 79 c0 80 cc 66 fb c4 86 4f 69 e9 74 de b8 56 |.y...f...Oi.t..V| | 00000030 88 79 c0 80 cc 66 fb c4 86 4f 69 e9 74 de b8 56 |.y...f...Oi.t..V| | ||
SHA256Hmac of the first 64 bytes of the file: | SHA256Hmac of the first 64 bytes of the file: | ||
00000040 fa 0d 0c 2e bd 6a 00 80 63 71 3d e8 81 0d 7e 10 |.....j..cq=...~.| | 00000040 fa 0d 0c 2e bd 6a 00 80 63 71 3d e8 81 0d 7e 10 |.....j..cq=...~.| | ||
00000050 b7 | 00000050 b7 32 14 3b 91 cd 2e 4f ea 2d 20 53 10 6e b7 5d |.2.;...O.- S.n.]| | ||
</pre> | </pre> | ||
{{File Formats}} | |||
<noinclude>[[Category:Main]]</noinclude> |
Latest revision as of 00:22, 15 December 2024
This file is generated on app package generation based on the passcode provided. It is then included in every savedata and trophy created by the application.
It is used to prevent applications from mounting savedata of other applications, as you need to know at least the fingerprint to do it.
See also PS Vita Keystone.
PS4[edit | edit source]
Location[edit | edit source]
The keystone file is located in the sce_sys folder of every applications/patches/additional contents/savedata/trophies. It is PFS encrypted.
<save data directory>:/sce_sys/keystone
Structure[edit | edit source]
Size is always 96 bytes.
Offset | Size | Description | Notes |
---|---|---|---|
0x0 | 0x8 | Magic | "keystone" |
0x8 | 0x2 | Type | always 2 |
0xA | 0x2 | Version | always 1 |
0xC | 0x14 | Padding | always zeroed |
0x20 | 0x20 | Passcode Digest | HMAC-SHA256 digest made with keystone_passcode_secret as key |
0x40 | 0x20 | Keystone Digest | HMAC-SHA256 digest made with keystone_ks_secret as key |
Usage[edit | edit source]
Generation[edit | edit source]
SCE provides in official PS4 SDK a tool called pc2ks that converts a passcode to a keystone.
Below is a simple reimplementation of PS4 pc2ks in python3 by SocraticBliss.
from binascii import unhexlify as uhx
import hashlib
import hmac
import sys
keystone_passcode_secret = uhx('C74405F67424BA342BC1276251BBC2F555F16025B6A1B6714780DBAEC852FA2F')
keystone_ks_secret = uhx('783D6F3AE91C0E0712FCAAB7950BDE06855CF7A22DCDBDE127E9BFCBAD0FF0FE')
keystone = '6B657973746F6E65020001000000000000000000000000000000000000000000'
def main(argc, argv):
passcode = '00000000000000000000000000000000'
if argc == 2:
if len(argv[1]) == 32:
passcode = argv[1]
else:
print('\nERROR: Passcode Must Be 32 Digits!')
sys.exit(1)
print('\npasscode = %s' % passcode)
fingerprint = hmac.new(keystone_passcode_secret, passcode.encode(encoding = 'UTF-8'), hashlib.sha256).hexdigest().upper()
print('fingerprint = %s' % fingerprint)
sha256hmac = hmac.new(keystone_ks_secret, uhx(keystone + fingerprint), hashlib.sha256).hexdigest().upper()
print('sha256hmac = %s' % sha256hmac)
print('\nkeystone\n%s\n%s\n%s' % (keystone, fingerprint, sha256hmac))
if __name__=='__main__':
sys.exit(main(len(sys.argv), sys.argv))
Below is a simple reimplementation of PS4 pc2ks in CSharp.
public static byte [] GenerateKeystoneFile (string passcode)
{
// 1. The first 32 bytes are constant
byte[] keystone = {
0x6B, 0x65, 0x79, 0x73, 0x74, 0x6F, 0x6E, 0x65, 0x02, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
// 2. Convert the 32 characters of the passcode to a byte array
byte[] passcodeInHEX = Encoding.ASCII.GetBytes(passcode);
// 3. Calculate the fingerprint of the passcode
HMACSHA256 hmac = new HMACSHA256();
hmac.Key = keystone_passcode_secret;
byte[] fingerprint = hmac.ComputeHash(passcodeInHEX);
// 4. Concat the 32 bytes from point 1 and the 32 bytes from point 3
keystone = keystone.Concat(fingerprint).ToArray();
// 5. Calculate the SHA256Hmac of the 64 bytes from point 4
hmac.Key = keystone_ks_secret;
byte[] sha256hmac = hmac.ComputeHash(keystone);
// 6. Concat the constant bytes from point 1, the fingerprint from point 3 and the hmac from point 5
keystone = keystone.Concat(sha256hmac).ToArray();
return keystone;
}
Verification[edit | edit source]
The first step is to check the Digest of the keystone file (using VerifyKeystone). The process is to use the keystone_ks_secret
to check the keystone Digest
at position 0x40 in the file.
If it is correct, it proceeds to check the passcode Digest, ?which is not present on retail units?. Use keystone_passcode_secret
to calculate the digest of the passcode
stored at offset 0x20.
Sample keystone file[edit | edit source]
Below is a sample keystone file created when provided a passcode consisting of all zeros "00000000000000000000000000000000":
The first 32 are constant: 00000000 6b 65 79 73 74 6f 6e 65 02 00 01 00 00 00 00 00 |keystone........| 00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| Fingerprint of the passcode: 00000020 29 4a 5e d0 6d b1 70 61 8f 2e ed 8c 42 4b 9d 82 |)J^.m.pa....BK..| 00000030 88 79 c0 80 cc 66 fb c4 86 4f 69 e9 74 de b8 56 |.y...f...Oi.t..V| SHA256Hmac of the first 64 bytes of the file: 00000040 fa 0d 0c 2e bd 6a 00 80 63 71 3d e8 81 0d 7e 10 |.....j..cq=...~.| 00000050 b7 32 14 3b 91 cd 2e 4f ea 2d 20 53 10 6e b7 5d |.2.;...O.- S.n.]|