Editing Kirk
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
The PSP KIRK Crypto Engine is a security hardware device that is embedded into the TACHYON main IC chip. It is a bus master and can DMA to/from main DDR RAM memory, operating independantly of the CPU. It is | The PSP KIRK Crypto Engine is a security hardware device that is embedded into the TACHYON main IC chip. It is a bus master and can DMA to/from main DDR RAM memory, operating independantly of the CPU. It is intefaced via memory mapped registers at base of 0xBDE00000 ([SPOCK Crypto Engine] on the other hand is mapped to 0xBDF00000). It is capable of performing AES encryption, decryption, SHA1 Hash, pseudo random number generation, and signature checks (OMAC and ECDSA). | ||
= Commands = | = Commands = | ||
On PSP there are | On PSP there are 18 KIRK commands. On PSVita, there are these 18 commands plus some new commands to support bigger keys (192 bits for example). See [https://wiki.henkaku.xyz/vita/F00D_Commands#gcauthmgr_sm.self F00D commands]. | ||
== Table == | == Table == | ||
Line 505: | Line 14: | ||
! scope="col"| Input size | ! scope="col"| Input size | ||
! scope="col"| Output size | ! scope="col"| Output size | ||
! scope="col"| Result | |||
! scope="col"| Used in | ! scope="col"| Used in | ||
|- | |- | ||
| 1 | | 1 | ||
| | | | ||
| Super-Duper decryption (no inverse) | | Super-Duper decryption (no inverse) | ||
| buf_size+ | | buf_size+0x40 | ||
| buf_size | | buf_size | ||
| memlmd, mesg_led | | | ||
| memlmd, mesg_led | |||
|- | |- | ||
| 2 | | 2 | ||
| | | | ||
| Encrypt Operation | | Encrypt Operation (inverse of cmd 3) | ||
| | | | ||
| | | | ||
| | | | ||
| | | | ||
|- | |- | ||
| 3 | | 3 | ||
| | | | ||
| Decrypt Operation | | Decrypt Operation (inverse of cmd 2) | ||
| | | | ||
| | | | ||
| | | | ||
| | | | ||
|- | |- | ||
| 4 | | 4 | ||
| | | | ||
| Encrypt Operation (inverse of | | Encrypt Operation (inverse of cmd 7) (IV=0) | ||
| buf_size+0x14 | | buf_size+0x14 | ||
| buf_size+0x14 | | buf_size+0x14 | ||
| chnnlsv, memab | | | ||
| chnnlsv, memab | |||
|- | |- | ||
| 5 | | 5 | ||
| | | | ||
| Encrypt Operation (inverse of | | Encrypt Operation (inverse of cmd 8) (IV=FuseID) | ||
| buf_size+0x14 | | buf_size+0x14 | ||
| buf_size+0x14 | | buf_size+0x14 | ||
| | | | ||
| | | chnnlsv | ||
|- | |- | ||
| 6 | | 6 | ||
| | | | ||
| Encrypt Operation (inverse of | | Encrypt Operation (inverse of cmd 9) (IV=UserDefined) | ||
| | | | ||
| | | | ||
| | | | ||
| | |||
| | |||
|- | |- | ||
| 7 | | 7 | ||
| | | | ||
| Decrypt Operation (inverse of | | Decrypt Operation (inverse of cmd 4) (IV=0) | ||
| buf_size+0x14 | | buf_size+0x14 | ||
| buf_size+0x14 | | buf_size+0x14 | ||
| memlmd, mesg_led,chnnlsv, memab | | | ||
| memlmd, mesg_led,chnnlsv, memab | |||
|- | |- | ||
| 8 | | 8 | ||
| | | | ||
| Decrypt Operation (inverse of | | Decrypt Operation (inverse of cmd 5) (IV=FuseID) | ||
| buf_size+0x14 | | buf_size+0x14 | ||
| buf_size+0x14 | | buf_size+0x14 | ||
| | | | ||
| | | chnnlsv | ||
|- | |- | ||
| 9 | | 9 | ||
| | | | ||
| Decrypt Operation (inverse of | | Decrypt Operation (inverse of cmd 6) (IV=UserDefined) | ||
| | | | ||
| | |||
| | | | ||
| | | | ||
| | |||
|- | |- | ||
| 10 (0xA) | | 10 (0xA) | ||
| | | | ||
| | | Private Signature Check (checks for private SCE sig) | ||
| | | | ||
| | |||
| | |||
| | |||
|- | |- | ||
| 11 (0xB) | | 11 (0xB) | ||
| | | | ||
| SHA1 Hash | | SHA1 Hash | ||
| buf_size >= 0x14 | | buf_size >= 0x14 | ||
| | | ?buf_size? | ||
| memlmd, mesg_led, memab | | | ||
| memlmd, mesg_led, memab | |||
|- | |- | ||
| 12 (0xC) | | 12 (0xC) | ||
| | | | ||
| | | Mul1 | ||
| 0 | | 0 | ||
| 0x3C | | 0x3C | ||
| | | | ||
| | | memab | ||
|- | |- | ||
| 13 (0xD) | | 13 (0xD) | ||
| | | | ||
| | | Mul2 | ||
| 0x3C | | 0x3C | ||
| 0x3C | | 0x3C | ||
| | | | ||
| | | | ||
|- | |- | ||
| 14 (0xE) | | 14 (0xE) | ||
| | | | ||
| Pseudo Random Number Generation | | Pseudo Random Number Generation | ||
| 0 | | 0 | ||
| 0x14 | | 0x14 | ||
| mesg_led, chnnlsv, memab, semawm | | | ||
| mesg_led, chnnlsv, memab, semawm | |||
|- | |- | ||
| 15 (0xF) | | 15 (0xF) | ||
| | | | ||
| | | (absolutely no idea – could be KIRK initialization) | ||
| | |||
| | | | ||
| | | | ||
| | | | ||
| | |||
|- | |- | ||
| 16 (0x10) | | 16 (0x10) | ||
| | | | ||
| | | Signature Generation | ||
| 0x34 | |||
| 0x34 | | 0x34 | ||
| | | | ||
| memab | | memab | ||
|- | |- | ||
| 17 (0x11) | | 17 (0x11) | ||
| | | | ||
| | | Signature Check (checks for generated sigs) | ||
| 0x64 | | 0x64 | ||
| 0 | | 0 | ||
| | | | ||
| | | memab | ||
|- | |- | ||
| 18 (0x12) | | 18 (0x12) | ||
| | | | ||
| Certificate | | Certificate Check (IDStorage certificates signatures and digests) | ||
| 0xB8 | | 0xB8 | ||
| 0 | | 0 | ||
| openpsid, memab | | | ||
| openpsid, memab | |||
|} | |} | ||
== Command | == Command 1 == | ||
=== Usages === | |||
== | === Algorithm === | ||
== | |||
=== | === Vulnerabilities === | ||
== Command 2 == | |||
== Command 3 == | |||
== Command 4 == | |||
== Command 5 == | |||
== | == Command 6 == | ||
== Command 7 == | |||
== | == Command 8 == | ||
== Command 9 == | |||
=== | == Command 10 == | ||
== Command 11 == | |||
== Command 12 == | |||
== Command 13 == | |||
== Command 14 == | |||
== Command 15 == | |||
== | == Command 16 == | ||
== Command 17 == | |||
== Command 18 == | |||
= Library = | |||
== Calling commands using KIRK registers == | |||
== | |||
= | |||
* [https://github.com/DaveeFTW/iplsdk/tree/master/src/kirk] | * [https://github.com/DaveeFTW/iplsdk/tree/master/src/kirk] | ||
Line 1,022: | Line 216: | ||
* [http://uofw.github.io/upspd/docs/SilverSpring_Blog/my.malloc.us/silverspring/kirk-crypto-engine/index.html] | * [http://uofw.github.io/upspd/docs/SilverSpring_Blog/my.malloc.us/silverspring/kirk-crypto-engine/index.html] | ||
= | = Notes = | ||
In 2008 SilverSpring wrote: | |||
<pre> | |||
Currently what is known about the cipher is that it is: | |||
a block cipher operating in CBC mode | |||
an all zero 128-bit initialization vector | |||
128-bit block and key sizes | |||
cmd4/7 uses a static key that is identical in all PSP’s | |||
cmd5/8 uses a key based off the fuseID making all operations unique per PSP | |||
cmd6/9 uses a user-defined 128-bit key | |||
cmd1/2/3 uses the block cipher but also signature algorithms | |||
the remaining KIRK cmd’s do not use the block cipher (sig, hash, & prng algo’s) | |||
</source> |