Sealedkey / pfsSKKey: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 37: Line 37:
     unsigned char digest[32];
     unsigned char digest[32];
  } sealed_key;
  } sealed_key;
</source>
'''CSharp'''
<source lang="csharp">
private struct sealed_key {
    public string magic;
    public ulong version;
    public byte[] iv; // 16 bytes
    public byte[] key; // 32 bytes
    public byte[] digest; // 32 bytes
}
</source>
</source>



Revision as of 06:34, 7 October 2016

This key can be found on different places and will be used for eg. SaveGame or Trophy Data decryption and encryption.

Paths

Kind Path
Trophys /user/home/user Id/trophy/data/sce_trop/sealedkey
SaveGames /user/home/user Id/title Id/save data directory/sce_sys/

Structure

- size always 96 bytes

From To Description
00 07 Magic ("pfsSKKey") (?playstation file system sealed key key?)
08 0F Version (game=1 or version ?)
10 1F IV (16 bytes)
20 3F Sealed Key (32 bytes)
40 5F SHA-256 (32 bytes)

C

 typedef struct {
     const char magic;
     unsigned long version;
     unsigned char iv[16];
     unsigned char key[32];
     unsigned char digest[32];
 } sealed_key;

Note: You can't use a const byte[] defination in C#. It need to be a static byte[].

De/En -Crypting

Can be decrypted by frindly asking the OS to do it for you. You will need kernel rights to be able to ask the PS4 for it.

 /* Decryption */
 #define USER1 10000000
 #define usb0  "/mnt/usb0/"
 #define usb1  "/mnt/usb1/"
 #define pfs   "decrypted_pfsSKKey.key"
 
 char usb_error = "[-] ERROR: Can't access usb0 nor usb1!\n[-] Will return now to caller.\n"
 char usb0path, usb1path;
 unsigned char pfsSKKey[96];
 
 // Get's the encrypted sealed key based on user id.
 int get_pfsSKKey(int userID)
 {
   FILE *pfskey = fopen("host0:/user/home/" + userID + "/trophy/data/sce_trop/sealedkey", "r");
 
   if (pfskey == NULL)
     return 0;
  
   fread(pfsSKKey, 96, 1, pfskey);
   fclose(pfskey);
   return 1;
 }
 
 // Dump the sealedkey. Send over tcp and save to file.
 void dumpDecryptedSealedKey(int to)
 {
   int y = get_pfsSKKey(user1);                                              // First load the key into a buffer.
   if (!y) {
     knet_printf("[-] Can not load the sealed key!\n");
     kernel.printf("[-] Can not load the sealed key!\n");
     return -1;
   }
 
   unsigned char decyrpted_pfsSKKey[16];
   int i = kernel.sceSblSsDecryptSealedKey(pfsSKKey, decrpyted_pfsSKKey);    // Now decrpyt the key.
   knet_printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);
   kernel.printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);  
  
   if (i) {                                                                  // Sending over tcp.
     knet_printf("[+] Your save game key = ");
     kernel.printf("[+] Your save game key = ");  
 
     for(int x =0; x < 0x10; x++) {
	     knet_printf("%02X", dec_pfsSKKey[x]);
	     kernel.printf("%02X", dec_pfsSKKey[x]);
     }
     knet_printf("\n");
     kernel.printf("\n");
	
	  
     if (to == 1) {                                                          // Saving to file.
       knet_printf("[+] Will try to save to file...");
       kernel.printf("[+] Will try to save to file...");
	    
       usb0path = usb0 + pfs;
       usb1path = usb1 + pfs;
       FILE *dump = fopen(usb0path, "w");
	  
       if (dump == NULL) {
         dump = fopen(usb1path, "w");
           if (dump == NULL) {
             knet_printf("fail!\n" + usb_error);
             kernel.printf("fail!\n" + usb_error);
             return -1;
           }
       }
       fwrite(dec_pfsSKKey, 0x10, 1, dump);
       knet_printf("done!\n");
       kernel.printf("done!\n");
       fclose(dump);
     }
   }
   else {
     knet_printf("[+] Error!\n");
     kernel.printf("[+] Error!\n");
   }
 }