Keys: Difference between revisions

From PS4 Developer wiki
Jump to navigation Jump to search
(→‎SNVS: - removing snvs keys until they are actually used once)
Line 276: Line 276:


Used to generate the AES-CMAC-128 at the start of decrypted 40000001, 40000002 and 40000003, by digesting the remainder of the decrypted data
Used to generate the AES-CMAC-128 at the start of decrypted 40000001, 40000002 and 40000003, by digesting the remainder of the decrypted data
=== SNVS ===
AES-CBC-128
<pre>
Key = 82D4EEE9E7F68EFBC43C3D2747E4139F
IV =  00000000000000000000000000000000
</pre>
Used for:
* SNVS (Devkit)
<br>
AES-CMAC-128
<pre>
Key = 4C49DC8DF6A20E1592F9E9F7442B4261
</pre>
Used to generate the AES-CMAC-128 at the start of decrypted SNVS(Devkit), by digesting the remainder of the decrypted data
<br>
AES-CBC-128
<pre>
Key = DB603053A4D3119149996D0BA84434E2
IV =  00000000000000000000000000000000
</pre>
Used for:
* SNVS(Devkit #2)
<br>
AES-CMAC-128
<pre>
Key = B3A8CB797D1406658372A92B6CFB3490
</pre>
Used to generate the AES-CMAC-128 at the start of decrypted SNVS(Devkit #2), by digesting the remainder of the decrypted data


== Retail/Testkit ==
== Retail/Testkit ==

Revision as of 02:56, 22 August 2021

Companion App Protocol RSA Public Key

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxfAO/MDk5ovZpp7xlG9J
JKc4Sg4ztAz+BbOt6Gbhub02tF9bryklpTIyzM0v817pwQ3TCoigpxEcWdTykhDL
cGhAbcp6E7Xh8aHEsqgtQ/c+wY1zIl3fU//uddlB1XuipXthDv6emXsyyU/tJWqc
zy9HCJncLJeYo7MJvf2TE9nnlVm1x4flmD0k1zrvb3MONqoZbKb/TQVuVhBv7SM+
U5PSi3diXIx1Nnj4vQ8clRNUJ5X1tT9XfVmKQS1J513XNZ0uYHYRDzQYujpLWucu
ob7v50wCpUm3iKP1fYCixMP6xFm0jPYz1YQaMV35VkYwc40qgk3av0PDS+1G0dCm
swIDAQAB
-----END PUBLIC KEY-----

SMU Keys

AMD System Management Unit (SMU) is a thermal and electric management unit found in modern AMD x86 processors. See this video.

SMU HMAC Key

4D7E73210B677A832B9F293B496E7C3E

EMC Keys

Aeolia EMC Cipher Key

5F74FE7790127FECF82CC6E6D91FA2D1
  • iv is all zeroes
  • algorithm is AES128CBC
  • Aeolia exists since at least proto firmware 0.910.040
  • EMC is codenamed C0000001
  • index is 0xD (13_ if you use Zer0xFF's tools)

Aeolia EMC Hasher Key

73FE06F3906B05ECB506DFB8691F9F54
  • Algorithm is HMAC-SHA1
  • It hashes the header (0x6C) of EMC

Belize EMC Cipher Key

1A4B4DC4179114F0A6B0266ACFC81193
  • iv is all zeroes
  • algorithm is AES128CBC
  • Belize was introduced in firmware 2.00
  • EMC is codenamed C0000001
  • index is 0x20 (32_ if you use Zer0xFF's tools)

EAP Keys

EAP Aeolia Cipher Key

581A75D7E9C01F3C1BD7473DBD443B98
  • iv is all zeroes
  • algorithm is AES128CBC
  • Aeolia exists since at least 0.91.040 proto
  • EAP is codenamed C0010001
  • index is 0xE (14_ if you use Zer0xFF's tools)

EAP Aeolia Hasher Key

824D9BB4DBA3209294C93976221249E4
  • Algorithm is HMAC-SHA1
  • It hashes the header (size 0x6C) of EAP

EMC/EAP/KERNEL shared keys

portability_seed_key

E973A44C578757A73492625D2CE2D76B

portability_seed

DF0C2552DFC7F4F089B9D52DAA0E572A

eap_hdd_key_blob_key1_seed

7A49D928D2243C9C4D6E1EA8F5B4E229
317E0DCAD2ABE5C56D2540572FB4B6E3

eap_hdd_key_blob_key2_seed

921CE9C8184C5DD476F4B5D3981F7E2F
468193ED071E19FFFD66B693534689D6

use_new_blob = Y

  • enc
CFFDCB6ECAE612B7A30A9EDBD8F77E26
1D629DE5E6CA3F22F439211AC033884F
4B5D7D16D0A6F65D3173A2586CF819C7
C6F437444C1D9499F6EBC4145E0BBAAB
C1DE7C63ED1F5A1E1946358C7F181B1F
AB6DAB31195D8E611A1CB81B9ACF8B38
FF21029FAB568C7A1BCC3E2FBEB25B13
F1AFD6A3599EEF09EAEBE32684FDDA29
  • sig
4798B78DD422601F26A32A1FEC5CAB8B
256E50958E0B11A31D77DEE201D4D00E
  • iv
462500ECC487F0A8C2F39511E020CC59

use_new_blob = N

  • enc
E073B691E177D39642DF2E1D583D0E9A
5A49EDF72BE9412E2B433E51490CE973
234B84F49E949F03727331D5456F4598
F2EDE6D0C11483B84CE3283243D0DE9D
C379E915301A805DFAEB292B30374C9B
F1C59041509BF11D215C35D5C08E3330
807C8229C930FAB88672C4CF7DACA881
C323D72346CA07921DB806FC242A2ED1
  • sig
ED4F32C095847C6D3143EFFD61E7582F
75F24465855C4E94DAF34885D8D03463
  • iv
3286EA97F3E92C434E1DC170C9289003

EAP_HDD_KEY_BLOB

5343455F4541505F4844445F5F4B4559
BB6CD66DDC671FAC3664F7BF5049BAA8
C4687904BC31CF4F2F4E9F89FA458793
811745E7C7E80D460FAF2326550BD7E4
D2A0A0D9729DE5D2117D70676F1D5574
8DC17CDF29C86A855F2AE9A1AD3E915F
00000000000000000000000000000000
00000000000000000000000000000000

Syscon Keys

Common

Security ID

3A4E6F743A557365643A (:Not:Used:)

Checksum for RL78: 3A+4E+6F+74+3A+55+73+65+64+3A = 0x370 && 0xFF = 0x70 - 1 = 0x6F 
Same Checksum for 78K0R

Used to access more privileged commands, such as the write command

AUTH #1/#2

RSA-2048 

Modulus = C1653D76057907FBD28AFBC559C23C58
          03A0CD505613C5878E91D90BB6B4CBA4
          513F54A0F52140B0A38C15C24DCC59EB
          605618D020B4A21A34C99915DA5A589D
          793F58CB6EA82666D272145B62F203ED
          87840C844842CA773EDFC581BCAABFFB
          4AA4EEED08F6695CAA2C13EC30FA1CE3
          9FCDCDCBA7CDD9C68BA1329D18F89842
          46228A1F1EB57D08E5A52DE51CC3E3D2
          FF96AE61BE0F9E8F996CCDA8C76D66A9
          5DCE0C18FBF86BC27050DB6565F681AA
          6670D8F4E626192DEB591E57E99B3325
          297146188EDB6D654ED7F61B5A11532D
          87AE562A76EEC16FEC4B1E92977F730D
          3D44DB9FB11A4FF07281456D0CFEB30A
          123995FE7C72FB5FCC249FB095704ECB

Exponent = 0x10001

Used for UART communications

Unknown #1

RSA-2048 

Modulus = 7BB325CEDD2FE9C1F8C987E0BC175D5F
          F99FEBBB45E96793AFBF5727E276F234
          91D82CAD483FA77E917C5DD589D28049
          6D24A0BEBBCBF10D6BB75EC621272886
          EFDA5C481DCBC8A9AD6AD776E7D6DFE6
          A06ACD1BC0D6704455D10D363DBD2497
          E6723F94A98AC31FF7DD7AE72CA75427
          CF7A1E55D145E4E331D7CEDCC27DCEF9

Exponent = 0x10001

Used for UART communications

Unknown #2

RSA-2048 

Modulus = 23C4F66168B060AB37DCBEB26012D3C5
          B1932E9E7DCB4BC7C4E566BE5DC1F5CA
          B185F63280ED4FB078111C186DC52F00
          82502D3D37F366C61A2B92BE2630049D
          F8ECC33BDD6A21380E53505E3E564389
          FA8EE23812463E1BA0F6A073778E853E
          FE263157D33F409ACEA6BCF0C4C87F1E
          FFB449A6C05C06BC115465357992C8BC

Exponent = 0x10001

Used for UART communications

Devkit

Full Firmware

AES-CBC-128 

Key = 5301C28824B57137A819C042FC119E3F

IV =  00000000000000000000000000000000

Used for:

  • 40000001 (BLNK)
  • 40000002 (BASE)
  • 40000003 (SYST)


AES-CMAC-128 

Key = 8F215691AC7EF6510239DD32CC6A2394

Used to generate the AES-CMAC-128 at the start of decrypted 40000001, 40000002 and 40000003, by digesting the remainder of the decrypted data

Retail/Testkit

Patch Firmware Key and CMAC

AES-CBC-128 

Key = EF90B21B31452379068E3041AAD8281E

IV =  00000000000000000000000000000000

Used for:

  • 40010001 (Patch #1)
  • 40010002 (Patch #2)


AES-CMAC-128 

Key = 95B1AAF20C16D46FC816DF32551DE032

Used to generate the AES-CMAC-128 at the start of decrypted 40010001 and 40010002, by digesting the remainder of the decrypted data

SNVS Key and CMAC

AES-CBC-128 

Key = 8BF074CCA3D9C398142256D7DD1A1259

IV =  00000000000000000000000000000000


AES-CMAC-128 

Key = 4065918EB339184DAACCD61B30B5FB59

Kernel Keys

Backup And Restore Keys (BAR)

Cipher

79C8CCC889A1540D4F2E27BB614FD653

Hasher

1F18C970D000AC7E6FCC1A8CDD89B4FECDA133A10EC8F525982223F5861F0200

default_suffix

Key = 518D64A635DED8C1E6B039B1C3E55230

Used as suffix to symbol names when hashing with SHA1 to create a NID.

Crash Dump KeySeed

kd, kc
KEYS = [
    ['',''],
    [b'8F86DDEDCBF24A44EB6C30607AA26F76', b'4125715AAB8B78E569F512E65CA62DD3'], # 1.01-3.15
    [b'63AEF79DC49969FD8997B2F60DB65F81', b'1800A5DE2D0F0652FA5602FFADD440AA'], # 3.50-3.70
    [b'05205507B7A154E08A7A38B1897563FB', b'AD334D142EAF8B9438DB00D1D0BFF357'], # 4.00-4.05
    [b'04C1A0961BBB0CB2140361B0956AAABA', b'052D2FF3014FB38CAAF6898CB899982A'], # 4.06-4.07 (to test)
]

Sealed Key Values or (PFS_EncKey and sealedkey_retail_key) Values

Keyset 1

AES-CBC-128 

Key = B5DAEFFF39E6D90ECA7DC5B029A8153E


SHA-256-HMAC 

Hash = 8707960A53468D6C843B3DC9624E22AF

Keyset 2

AES-CBC-128 

Key = EC0D347E2A7657471F1FC33E9E916FD4


SHA-256-HMAC 

Hash = A6D6583D3217E87D9BE9BCFC4436BE4F

Keyset 3

AES-CBC-128 

Key = 51D8BFB4E387FB4120F081FE33E4BE9A


SHA-256-HMAC 

Hash = FFF9BDEA803B14824C61850EBB084EE9

Keyset 4

AES-CBC-128 

Key = 346B5D231332AC428A44A708B1138F6D


SHA-256-HMAC 

Hash = 5DC6B8D1A3A0741852A7D44268714824

Dumped with getSealedKeySecret on 5.05

Keyset 5

AES-CBC-128 

20 D0 43 85 25 30 C4 04 D1 68 69 E0 79 08 D5 E6

SHA-256-HMAC 

2D E8 DE 4D E6 62 8B B6 2D D5 C1 70 F5 65 B6 2C


Keyset 6

AES-CBC-128 

93 B7 27 0D F0 D3 73 10 60 07 90 66 65 5D 8D 07

SHA-256-HMAC 

FD 44 A3 2D 8B C8 AC 18 9C 1B D0 96 40 29 66 CF

Keyset 7

AES-CBC-128 

4C 78 44 83 69 37 50 8B 92 33 DF 7C D7 D6 51 65

SHA-256-HMAC 

BC 4C 9F 0F E5 D3 56 A0 57 52 02 4C BD EE C8 E4

Keyset 8

AES-CBC-128 

3A 32 EE CF 74 99 39 87 1C 3D 7B F8 C0 1C 7D 1F

SHA-256-HMAC 

F6 F9 D8 21 82 CC C2 22 7B 7D 33 A3 B7 1E AD E3

Keyset 9

AES-CBC-128 

EB 35 64 04 7D 60 24 7F 55 73 CD E5 7E 0C DE 1C

SHA-256-HMAC 

29 8B 4F 59 1E F0 4E 52 17 3E EC 59 C5 A4 78 33

Keyset 0xA

AES-CBC-128 

8A D4 92 CC 5B 27 B5 C3 60 11 A5 85 8B 90 93 80

SHA-256-HMAC 

00 6A 34 41 82 B6 1B E5 6A 6C D6 B9 46 6F 03 45

AuthCode

KeySet 1

2B CF 69 8E 79 CF DD FA C2 4D 4C 25 BF 35 1E 62

Vtrm Cipher Init Keys

hmac_key_seed

Key = 87FB19BBF3D4D6B1B0ED226E39CC621A
      37FA4ED2B6618B59B34F770FBB92947B

IV = 00112233445566778899AABBCCDDEEFF

aes_key_seed

B0ED226E39CC621A37FA4ED2B6618B59

Keystone Keys

keystone_passcode_secret or passcode_hmac_secret

C74405F67424BA342BC1276251BBC2F5
55F16025B6A1B6714780DBAEC852FA2F

keystone_ks_secret or keystone_hmac_secret

783D6F3AE91C0E0712FCAAB7950BDE06
855CF7A22DCDBDE127E9BFCBAD0FF0FE

ShellCore Keys

Devkit/Testkit

Trophy Key

Key = 02CCD346B459CB83505E8E760A44D457

Retail

Trophy Key

Key = 21F41A6BAD8A1D3ECA7AD586C101B7A9

RSA PKG Meta

P

F967AD9912310C56A22E161C46B34D5B
43BE42A2F686968042C3C73FC342F587
49339F075D6E2C04FDE3E1B2AE0A0CF0
C7A61CA16350C8099C5124526C5E5EBD
1E2706BBBC9E94E135D46DB3CB3C68DD
68B3FE6CCB8D8220762363B7E9681001
4EDCBA275D01C12D805E2BAF826BD884
B6105286A7898EAE9AE289C6F7D587FB

Q

D7A10F9A8BF2C91195329A8CF0D94047
F568A00DBDC1FC432F65F9C3610F2577
54ADD758AC8440608D3FF3658975B5C6
2C511A2F1F22E4431154BEC9B4C7B51B
050BBC569ACD4AD973685E5CFB92B78B
0DFFF507CAB4C89B963C079E3E6B2A11
F28AB18AD72E1BA5532406ED50B89067
B1E241C69201EE10F061BBFBB27D4A73

Modulus

 
D212FC335F6DDB831609628B03562737
82D477853529392D526B8C4C8CFB06C1
845BE7D4F7BCD24E6245CD2ABBD77776
453655273FB3F5F98EDA4BEFAA59AEB3
9BEA5498D206326A58312AE0D44F90B5
0A7DECF43A9C52672D99318E0C43E682
FE0746E12E50D41F2D2F7ED908BA06B3
BF2E203F4E3FFE44FFAA504357916994
49158282E40F4C8D9D2CC95B1D64BF88
8BD4C594E76547841EE57910FB989347
B97D8512A640982CF792BC951932EDE8
90560D65C1AA78C62E54FD5F54A1F67E
E5E05F61C120B4B9B4330870E4DF8956
ED012946775F8CB8A9F51E2EB3B9BFE0
09B78D28D4A6C3B81E1F07EBB4120B95
B88530FDDC3913D07CDC8FEDF9C9A3C1

Private Key

32D903908FBDB08F572B285E0B8DB3EA
5CD17EA890888CDD6A80BBB1DFC1F70D
AA32F0B77CCB88800E8B64B0BE4CD60E
9B8C1E2A64E1F35CD77601415E935C94
FEDD4662C31B5AE2A0BC2DEBC3980AA7
B7856970682B644AB31FCC7DDC7C26F4
77F65CF2AE5A442DD3AB16620419BAFB
90FFE23050896ECB56B2EBC09116925E
308EAEC7945DFD35E120F8AD3EBC08BF
C036749FD5BB5208FD0666F37AB304F4
75295DE95FAA1030B20F5A1AC12AB3FE
CB21AD80EC8F20091CDBC55894C29CC6
CE82653E5790BCA98B06B4F072F677DF
9864F1ECFE372DBCAE8C08811FC3C989
1AC742824B2EDC8E8D73CEB1CC01D908
70873C4408EC498F815AE240FF77FC0D

DP

52CC2DA09C9E75E728EE3DDEE345D14F
941CCCC88729453B8D6EAB6E2AA7C715
43A3048F905FEBF3384A77FA36B71576
B6011A8E258782F155D8C6432AC0E598
C932D1946FD901BA0681E06D88F2242A
2501645CBFF2D999673EF672EEE4E233
5CF80040E32A9AF43D2286443CFB0AA5
7C3FCCF5F116C4AC88B4DE6294926A13

DQ

7C9DAD39E0D560149448197F8895D58B
80AD858A4B773785D077BBBF89714A72
CB726838EC02C67DC6440633511CC0FF
958F0D75DC25BB0B7391A96D42D803B7
68D41E7562A37035797800C8F5EF15B9
FC4E475AC870705B5298C0C2584A7096
CCB810E12F788B2BA17FF9ACDEF0BB2B
E266E3229231215792C4B8F23E762037

QP

459755D422085EF35CB4057AFDAA4242
AD9A8CA06CBB1D6854546E3E32E35373
76F13E01EAD3CFEBEB233EC0BECEEC2C
895FA8273A4CB7E674BC454C26C825FF
34632537E14810C193A6AFEBBAE3A2F1
3DEF63D8F4FDD3EEE25DE933CCADBA75
5C85AFCEA93DD1A217F3F698B3508E5E
F6EB028EA162A7D62CEC91FF1540D2E3

Index.dat Key (Portability)

Key = EED5A4FFE8A3C910DC1BFD6AAF1382250B380DBAE5045D230569473F46B07B1F

IV = 3ACB38C1EC12119D56929F49F70415FF

flag is 8

HMAC-SHA256 Patch Pkg URL Key

Key = AD62E37F905E06BC19593142281C112CEC0E7EC3E97EFDCAEFCDBAAFA6378D84

RSA-2048 HID Config Service Signature Verification Public Key

Key = EF276915B7822ADF5D8EA7DF9094AD0EF2C72BB9C08FFAC58FEA3A07505A4B2D610EEE589DBAC967D08B96FBC05AC8111F38886DA99409940B786491FECF0EA6
4C7F0F1E419B5BA4D6701F2E0069A0E0FFCB4884339827D44A78CDC59E287A40ABB2A3D26BAF99693F8E2376A309CFC52D2F1167F8CD1204C66C94DC54C09332
82B12D0362A993BFE995D477611BB7B26FB34AC4ED47C3EFC62D8A93B3561255307DFAA1DCA95EBA612468F3471CEF854868DC035C74442F21F7374AA62CEEAE
5B9DD5C1049ADC70B7F3678B37340CD5F8BCC57B1C343D171C510740AD792C5C5C72167EE295F73ED237F9C9D2D06ED66F502F6434FEAD5B64B10623C3E7E27B

Dualshock 4 Keys

Jedi "MASTER" Key

9B03D4FB5FEC1A2373462C45E4BC72A6
  • decrypts dualshock4 firmwares. algo is aes-128-cbc. zeroed iv

Common

Bootloader Key

39FF1A672B4F99A6A1CA65C299D6270C
7D4E1AF91036AD6C8D20EAD1FF33D903
94FD4415B54072D9C83B94994304FD49

App 0 Key

3E5C05C6AFAFAB02203B3D181733DDCB
A965400FD53A6F501731F38655B20808
CFB8E6181CC91D64C4993B040BECC7B5
ED18A5683A95A338F3CA325528A96FCB

App 1 Key

7F81488F32024C6BF5D999928798AEC0
785FC3E61BAF32DFA5833F434964CD53
37525239B10BF838EF29B37EBD73D951
1EC4DFFB9725A1E9D2678990A03C2832

Certificate Authority Modulus

8ED7F9E4AA5CC5D23196F0DE797DFEAC
F63EDE7BC96716F13CF52ADEF8DACFA8
E233DC655717347D4C8C826EAB903616
FF9FB8F9733617FBD44EC81078AD6E24
B062619F5A17EE2F5572B427C034A949
363E86D3B213351F8904A499F862401F
4E60AC2131CD4BB9FDDFD590C8E22B7D
F96D015A41C549F3EA0DEDFC32CEC32D
72C534934AEF3DD12B58DB357DD04D9A
9311A3833FF8557A0B85B454CD21DAB9
0D714AEA2DEC42E6F4EF20453CF6DBF3
954E73A87691CFA03F4759455C8B96F1
D0B69DD3DD6262E9438DCC2696CFE64B
930C6E7D4E0151F6D1B15D1A4BE2E60F
0B36118C60F253FDBCE227A8A4C9CDF2
260858584AB8D71C629CD421EC666059

Exponent = 0x10001
Retrieved from "http://www.psdevwiki.com/ps4/index.php?title=Keys&oldid=283410"