Sealedkey / pfsSKKey: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 26: Line 26:
{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Description !! Value
! Offset !! Size !! Description !! Notes
|-
|-
| 0 || 8 || Magic || "pfsSKKey" meaning PFS sealedkey key
| 0 || 8 || Magic || "pfsSKKey" standing for PFS SealedKey Key
|-
|-
| 0x8 || 2 || [[#Keyset]] ||
| 0x8 || 2 || [[#Keyset]] ||
Line 34: Line 34:
| 0xA || 6 || Padding || Zeroed
| 0xA || 6 || Padding || Zeroed
|-
|-
| 0x10 || 16 || IV ||
| 0x10 || 16 || IV || AES-128-CBC IV for use with the pfsSKKey__EncKey Key
|-
|-
| 0x20 || 32 || Encrypted Sealed Key ||
| 0x20 || 32 || Encrypted Sealed Key ||
|-
|-
| 0x40 || 32 || Digest || HMAC-SHA-256 ||
| 0x40 || 32 || Digest || HMAC-SHA256 digest for use with the pfsSKKey__Secret Key
|}
|}


Line 62: Line 62:
| 2 || 4.55 ||  
| 2 || 4.55 ||  
|-
|-
| 3 || ?5.05? ||  
| 3 || ?4.70? ||
|-
| 4 || 5.05 ||
|-
| 5 || ? ||
|-
| 6 || ? ||
|-
| 7 || ? ||
|-
| 8 || ? ||
|-
| 9 || ? ||  
|-
|-
| 10 || 12.00 ||  
| 10 || 12.00 ||  
|}
|}


For example, in PS4 4.55 kernel, the function '''sceSblSsDecryptSealedKey''' checks that keyset is less or equal 2 before calling '''sceSblSsDecryptWithPortability'''.
For example, in PS4 4.55 kernel, the function '''sceSblSsDecryptSealedKey''' checks that the keyset is less or equal 2 before calling '''sceSblSsDecryptWithPortability'''.


== Usage ==
== Usage ==


With code execution in PS4 kernel, the sealed key can be decrypted by asking the PS4 kernel.
With code execution in PS4 kernel, the sealed key can be decrypted by asking the PS4 kernel:
* with '''sceSblSsDecryptSealedKey''' (see Talk page),
* or with '''sceSblSsDecryptWithPortability''' (reimplement '''sceSblSsDecryptSealedKey''' by reversing Kernel),
* or with portability master keys (see [[Vulnerabilities#%3C=_?7.55?_-_Missing_HMAC_key_length_check_in_Secure_Kernel_leading_to_Partial_SAMU_KeyRings_bruteforce]]).




{{File Formats}}
{{File Formats}}
<noinclude>[[Category:Main]]</noinclude>
<noinclude>[[Category:Main]]</noinclude>

Revision as of 03:38, 14 December 2024

The Sealed Key is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modification and extraction. It can be found on different places in the filesystem and is used for Save Data and Trophy Data decryption and encryption.

See also PS Vita Sealedkey.

PS4

Location

The sealedkey file is located in the folder of every savedata/trophies. It is not PFS encrypted.

Kind Path
Trophy /user/home/User Id/trophy/data/sce_trop/sealedkey
Save Data (internal HDD) /user/home/User Id/Title ID/save data directory/sce_sys/
Save Data (USB Storage) /PS4/SAVEDATA/User Id/Title ID/<sealed_filename>.bin

Structure

  • Size is always 96 bytes.
Offset Size Description Notes
0 8 Magic "pfsSKKey" standing for PFS SealedKey Key
0x8 2 #Keyset
0xA 6 Padding Zeroed
0x10 16 IV AES-128-CBC IV for use with the pfsSKKey__EncKey Key
0x20 32 Encrypted Sealed Key
0x40 32 Digest HMAC-SHA256 digest for use with the pfsSKKey__Secret Key 
  typedef struct {
      const char magic[8];
      unsigned short keyset;
      unsigned char reserved[6];
      unsigned char iv[16];
      unsigned char encrypted_sealedkey[32];
      unsigned char digest[32];
  } sealed_key;

Keyset

Keyset System Software version Notes
1 1.01-1.73
2 4.55
3 ?4.70?
4 5.05
5 ?
6 ?
7 ?
8 ?
9 ?
10 12.00

For example, in PS4 4.55 kernel, the function sceSblSsDecryptSealedKey checks that the keyset is less or equal 2 before calling sceSblSsDecryptWithPortability.

Usage

With code execution in PS4 kernel, the sealed key can be decrypted by asking the PS4 kernel:


Files
Other
IDs + labels
Retrieved from "http://www.psdevwiki.com/ps4/index.php?title=Sealedkey_/_pfsSKKey&oldid=294390"