Editing Kirk

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 46: Line 46:
</pre>
</pre>


These commands allow to do operations with any public key. For the latest [[iplloader]] version which adds an additional ECDSA verification of the XOR of the block hashes, the public key which is hardcoded in the iplloader is (0xBC660611A70BD7F2D140A48215C096D11D2D4112, 0xF0E9379AC4E0D387C542D091349DD15169DD5A87).
These commands allow to do operations with any public key. For the latest Pre-IPL version which adds an additional ECDSA verification of the XOR of the block hashes, the public key which is hardcoded in the Pre-IPL is (0xBC660611A70BD7F2D140A48215C096D11D2D4112, 0xF0E9379AC4E0D387C542D091349DD15169DD5A87).


== Code sample ==
== Code sample ==
Line 146: Line 146:
|}
|}


= PSP Individual Keys =
= Per-console keys =


Kirk commands 2, 3, 5, 6, 8, 9, 0x10 and 0x12 use individual (per-console) seeds to generate individual keys. The base per-console seed is the Fuse ID (6 bytes), which is transformed into a 0x30-byte buffer named unofficially "individual key mesh". The PSP individual key mesh is used to generate various final individual keys depending on a seed parameter.
Some Kirk commands like commands 16 and 18 use individual (per-console) seeds. The base per-console seed is the Fuse ID (6 bytes), which is transformed into a 0x30 bytes buffer ("key mesh"). This buffer is used to generate different keys depending on a seed.


== PSP Individual Key Mesh ==
{| class="wikitable"
 
|+
=== Structure ===
!Seed
!Usage
|-
|0
|Kirk commands 2 (encryption) & 3 (decryption) (the real encryption & CMAC keys are random, but this per-console key is used to encrypt them)
|-
|1
|Kirk command 5 (encryption) & 8 (decryption)
|-
|2
|Kirk command 6 (encryption) & 9 (decryption)
|-
|3
|Kirk command 16
|-
|4
|Kirk command 18
|-
|5
|Unused
|-
|6
|RNG buffer reseeding
|}


<source lang="c">
<source lang="c">
typedef struct ScePspIndividualKeyMesh { // size is 0x30
typedef struct ScePspKeyMesh { // size is 0x30
     SceUInt8 derivation_seed_0[0x10]; // a seed used to derive final keys with derivation_key
     SceUInt8 aes128cbc_key_1[0x10]; // used by Kirk commands 5 & 8 and 16
     SceUInt8 derivation_seed_1[0x10]; // a seed used to derive final keys with derivation_key
     SceUInt8 aes128cbc_key_2[0x10]; // used by Kirk command 2 & 3, 6 & 9 and 18
     SceUInt8 derivation_key[0x10]; // AES128 key used to derive final keys from seed_0 and seed_1
     SceUInt8 derivation_key[0x10]; // used to derive the 2 other keys
} ScePspIndividualKeyMesh;
} ScePspKeyMesh;
</source>
</source>


=== Algorithm ===
To generate the key mesh of a PSP, provided the Fuse ID (0xBC100090 and 0xBC100094 hardware registers), execute the following code.
 
To generate the individual key mesh of a specific PSP, provided its [[Fuse ID]], execute the following code.


<source lang="c">
<source lang="c">
void gen_psp_individual_key_mesh(ScePspIndividualKeyMesh *key_mesh) {
void gen_psp_individual_seed() {  
   int i, k;
   int i, k;
  ScePspKeyMesh seed;
   u8 subkey_1[0x10], subkey_2[0x10];
   u8 subkey_1[0x10], subkey_2[0x10];
   rijndael_ctx aes_ctx;
   rijndael_ctx aes_ctx;
   u8 fuse_id[8];
   u8 fuseid[8];
    
    
   // Byte-reverse the Fuse ID
   // Byte-reverse the Fuse ID
   u32 g_fuse90 = *(u32 *)0xBC100090;
   u32 g_fuse90 = *(u32 *)0xBC100090;
   u32 g_fuse94 = *(u32 *)0xBC100094;
   u32 g_fuse94 = *(u32 *)0xBC100094;
   fuse_id[7] = g_fuse90 &0xFF;
   fuseid[7] = g_fuse90 &0xFF;
   fuse_id[6] = (g_fuse90>>8) &0xFF;
   fuseid[6] = (g_fuse90>>8) &0xFF;
   fuse_id[5] = (g_fuse90>>16) &0xFF;
   fuseid[5] = (g_fuse90>>16) &0xFF;
   fuse_id[4] = (g_fuse90>>24) &0xFF;
   fuseid[4] = (g_fuse90>>24) &0xFF;
   fuse_id[3] = g_fuse94 &0xFF;
   fuseid[3] = g_fuse94 &0xFF;
   fuse_id[2] = (g_fuse94>>8) &0xFF;
   fuseid[2] = (g_fuse94>>8) &0xFF;
   fuse_id[1] = (g_fuse94>>16) &0xFF;
   fuseid[1] = (g_fuse94>>16) &0xFF;
   fuse_id[0] = (g_fuse94>>24) &0xFF;
   fuseid[0] = (g_fuse94>>24) &0xFF;
   
   
   rijndael_set_key(&aes_ctx, ids_master_key, 128); // set ids_master_key as AES key
   rijndael_set_key(&aes_ctx, ids_master_key, 128); // set ids_master_key as AES key
    
    
   for (i = 0; i < 0x10; i++) // initialize the subkeys using the Fuse ID
   for (i = 0; i < 0x10; i++) // initialize the subkeys using the Fuse ID
     subkey_2[i] = subkey_1[i] = fuse_id[i % 8];
     subkey_2[i] = subkey_1[i] = fuseid[i % 8];


   for (i = 0; i < 3; i++) { // encrypt first subkey three times, and decrypt second subkey three times
   for (i = 0; i < 3; i++) { // encrypt first subkey three times, and decrypt second subkey three times
Line 197: Line 219:
   rijndael_set_key(&aes_ctx, subkey_1, 128); // set subkey_1 as AES key
   rijndael_set_key(&aes_ctx, subkey_1, 128); // set subkey_1 as AES key


   for (i = 0; i < 3; i++) { // encrypt 3, 6 and 9 times subkey_2 to obtain the final key mesh
   for (i = 0; i < 3; i++) { // encrypt 3, 6 and 9 times the subkey_2 to obtain the final keymesh
     for (k = 0; k < 3; k++)
     for (k = 0; k < 3; k++)
       rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);
       rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);
     memcpy(key_mesh[i * 0x10], subkey_2, 0x10);
     memcpy(&seed[i * 0x10], subkey_2, 0x10);
   }
   }
}
}
 
</source>The key mesh can then be used along with a seed to generate a key using the following algorithm:<syntaxhighlight lang="c">
typedef struct {
void make_perconsole_key(u8 output[16], int seed, ScePspKeyMesh keymesh)
unsigned char buf1[8]; // 0
{
unsigned char buf2[8]; // 8
     if (seed & 1) {
unsigned char buf3[8]; // 0x10
         memcpy(output, keymesh.aes128cbc_key_2, 16);
} SomeStructure;
     } else {
 
         memcpy(output, keymesh.aes128cbc_key_1, 16);
void gen_psp_individual_key_mesh_official_implementation(SomeStructure *ss, ScePspIndividualKeyMesh *key_mesh) {
    }
  byte bVar1;
     // Encrypt the result several times depending on the seed
  byte *dst;
     rijndael_set_key(&aes_ctx, keymesh.aes128cbc_derivation_key);
  int idx;
     seed = (seed / 2) + 1;
  int j;
     while ((seed--) >= 0) {
  byte *src;
  byte subkey_2[16];
  byte subkey_1[16];
  uint ctx[64];
  uint ctx2[64];
 
  AES_set_encrypt_key_2(g_ids_master_key, 128, ctx); // set g_ids_master_key as AES key
  AES_set_decrypt_key_2(g_ids_master_key, 128, ctx2); // set g_ids_master_key as AES key
 
  idx = 0; // initialize the subkeys using the Fuse ID
  do {
    bVar1 = ss[idx + ((int)(idx + ((uint)(idx >> 0x1f) >> 0x1d)) >> 3) * -8];
    src = subkey_2 + idx;
    dst = subkey_1 + idx;
    idx = idx + 1;
    *src = bVar1;
    *dst = bVar1;
  } while (idx < 0x10);
 
  idx = 2; // encrypt first subkey three times, and decrypt second subkey three times
  do {
    AES_encrypt_2(subkey_1, subkey_1, ctx);
    idx = idx - 1;
    AES_decrypt_2(subkey_2, subkey_2, ctx2);
  } while (-1 < idx);
 
  AES_set_encrypt_key_2(subkey_1, 128, ctx); // set subkey_1 as AES key
 
  idx = 0; // encrypt three times each one of the three first blocks
  do {
    j = 2;
    do {
      j = j - 1;
      AES_encrypt_2(subkey_2, subkey_2, ctx);
    } while (-1 < j);
    dst = key_mesh + idx * 0x10;
    j = 0;
    do {
      src = subkey_2 + j;
      j = j + 1;
      *dst = *src;
      dst = dst + 1;
    } while (j < 0x10);
    idx = idx + 1;
  } while (idx < 3);
}
</source>
 
== Final PSP Individual Keys ==
 
=== Algorithm ===
 
In some Kirk commands, the individual key mesh is used along with a seed parameter to generate a final individual key using the following algorithm.
 
<syntaxhighlight lang="c">
void make_perconsole_key(u8 output[16], int seed_param, ScePspIndividualKeyMesh *key_mesh) {
     if (seed_param & 1)
         memcpy(output, key_mesh->derivation_seed_1, 16);
     else
         memcpy(output, key_mesh->derivation_seed_0, 16);
 
     // Encrypt the result several times depending on the seed parameter
     rijndael_set_key(&aes_ctx, key_mesh->derivation_key);
     seed_param = (seed_param / 2) + 1;
     while ((seed_param--) >= 0) {
         rijndael_encrypt(&aes_ctx, output);
         rijndael_encrypt(&aes_ctx, output);
     }
     }
Line 285: Line 242:
</syntaxhighlight>
</syntaxhighlight>


=== Seed Parameter Per Command ===
== ScePspIndividualSeed ==


{| class="wikitable"
There is a 0x40-byte buffer, named here <code>ScePspIndividualSeed</code>, used in both PSP flashData.prx and in PS Vita cmep keyrings 0x601 and 0x602 (in endian swapped fashion). It is slightly different from the mesh buffer described above. Indeed, it is before applying the derivation_key.
|+
!Seed parameter
!Usage
|-
|0
|Kirk commands 2 (encryption) & 3 (decryption) (the real encryption and CMAC keys are random, but this per-console key is used to encrypt them)
|-
|1
|Kirk command 5 (encryption) & 8 (decryption)
|-
|2
|Kirk command 6 (encryption) & 9 (decryption)
|-
|3
|Kirk command 16
|-
|4
|Kirk command 18
|-
|5
|Unused
|-
|6
|RNG buffer reseeding
|}
 
== PSP Individual Key Mesh Certificate ==


There exists a PSP Individual Key Mesh Certificate stored in both PSP flashData.prx and in PS Vita cmep keyrings 0x601 and 0x602 (in endian-swapped fashion). It contains the individual key mesh followed by the Fuse ID from which it was generated and ends with a hash.
Some Kirk commands like commands 16 and 18 use individual (per-console) seeds. The base per-console seed is the Fuse ID (6 bytes), which is transformed into <code>ScePspIndividualSeed</code>.
 
=== Structure ===


<source lang="C">
<source lang="C">
typedef struct ScePspIndividualKeyMeshCert { // size is 0x40
typedef struct ScePspIndividualSeed { // size is 0x40
     ScePspIndividualKeyMesh key_mesh;
     SceUInt8 derivation_seed_0[0x10]; // a seed used to derive final keys with derivation_key
    SceUInt8 derivation_seed_1[0x10]; // a seed used to derive final keys with derivation_key
    SceUInt8 derivation_key[0x10]; // key used to derive final keys from seed_0 and seed_1
     SceUInt8 fuse_id[8]; // endianness to precise
     SceUInt8 fuse_id[8]; // endianness to precise
     SceUInt8 reserved[4]; // could be arbitrary but in practice always zeroed
     SceUInt8 reserved[4]; // could be arbitrary but in practice always zeroed
     SceUInt32 hash; // the hash algorithm is in PSP Jig Kick flashData.prx
     SceUInt32 hash; // the hash algorithm is in PSP Jig Kick flashData.prx
} ScePspIndividualKeyMeshCert;
} ScePspIndividualSeed;
</source>
</source>


=== Algorithm ===
To generate ScePspIndividualSeed, execute the following code.
 
To generate the ScePspIndividualKeyMeshCert of a specific PSP, provided its [[Fuse ID]], execute the following code.


<source lang="C">
<source lang="C">
void gen_psp_individual_key_mesh_certificate_hash(ScePspIndividualKeyMeshCert *cert) {
void gen_psp_individual_seed_hash(ScePspIndividualSeed *individual_seed) {
   byte bVar1;
   byte bVar1;
   uint uVar2;
   uint uVar2;
Line 360: Line 288:
   offset = 0;
   offset = 0;
   do {
   do {
     pbVar4 = cert + offset;
     pbVar4 = individual_seed + offset;
     pbVar7 = local_60 + offset;
     pbVar7 = local_60 + offset;
     offset = offset + 1;
     offset = offset + 1;
Line 416: Line 344:
   do {
   do {
     pbVar11 = local_60 + offset;
     pbVar11 = local_60 + offset;
     pbVar7 = cert + offset;
     pbVar7 = individual_seed + offset;
     offset = offset + 1;
     offset = offset + 1;
     *pbVar7 = *pbVar11;
     *pbVar7 = *pbVar11;
Line 425: Line 353:
}
}


void gen_psp_individual_key_mesh_certificate(SomeStructure *ss, byte *data_for_0x38, ScePspIndividualKeyMeshCert *cert) {   
typedef struct {
   gen_psp_key_mesh(cert->key_mesh);
unsigned char buf1[8]; // 0
unsigned char buf2[8]; // 8
unsigned char buf3[8]; // 0x10
} SomeStructure;
 
uint gen_psp_individual_seed(SomeStructure *ss, byte *data_for_0x38, ScePspIndividualSeed *individual_seed) {
  byte bVar1;
  byte *dst;
  int idx;
  int j;
  byte *src;
  byte subkey_2[16];
  byte subkey_1[16];
  uint ctx[64];
  uint ctx2[64];
 
  AES_set_encrypt_key_2(g_ids_master_key, 128, ctx); // set g_ids_master_key as AES key
   AES_set_decrypt_key_2(g_ids_master_key, 128, ctx2); // set g_ids_master_key as AES key
 
   idx = 0; // initialize the subkeys using the Fuse ID
  do {
    bVar1 = ss[idx + ((int)(idx + ((uint)(idx >> 0x1f) >> 0x1d)) >> 3) * -8];
    src = subkey_2 + idx;
    dst = subkey_1 + idx;
    idx = idx + 1;
    *src = bVar1;
    *dst = bVar1;
  } while (idx < 0x10);
 
  idx = 2; // encrypt first subkey three times, and decrypt second subkey three times
  do {
    AES_encrypt_2(subkey_1, subkey_1, ctx);
    idx = idx - 1;
    AES_decrypt_2(subkey_2, subkey_2, ctx2);
  } while (-1 < idx);
 
  AES_set_encrypt_key_2(subkey_1, 128, ctx); // set subkey_1 as AES key
 
  idx = 0; // encrypt three times each one of the three first blocks
  do {
    j = 2;
    do {
      j = j - 1;
      AES_encrypt_2(subkey_2, subkey_2, ctx);
    } while (-1 < j);
    dst = individual_seed + idx * 0x10;
    j = 0;
    do {
      src = subkey_2 + j;
      j = j + 1;
      *dst = *src;
      dst = dst + 1;
    } while (j < 0x10);
    idx = idx + 1;
  } while (idx < 3);


   for (int idx = 0; idx < 8; idx++)
   idx = 0;
     cert->fuse_id[idx] = ss[idx];
  do {
    j = idx + 1;
     individual_seed.fuse_id[idx] = ss[idx];
    idx = j;
  } while (j < 8);


   for (int idx = 0; idx < 4; idx++)
   idx = 0;
     cert->reserved[idx] = data_for_0x38[idx];
  do {
    j = idx + 1;
     individual_seed.reserved[idx] = data_for_0x38[idx];
    idx = j;
  } while (j < 4);


   gen_psp_individual_key_mesh_certificate_hash(cert);
   gen_psp_individual_seed_hash(individual_seed);


   return 0;
   return 0;
Line 464: Line 454:
}
}


uint gen_psp_individual_seed_helper(ScePspIndividualKeyMeshCert *cert) {
uint gen_psp_individual_seed_helper(ScePspIndividualSeed *individual_seed) {
   SomeStructure ss;
   SomeStructure ss;
   CreateSomeStructure(&ss);
   CreateSomeStructure(&ss);
   int data_for_0x38 = 0;
   int data_for_0x38 = 0;
   gen_psp_individual_key_mesh_certificate(&ss, &data_for_0x38, cert)
   ScePspIndividualSeed individual_seed;
  gen_psp_individual_seed(&ss, &data_for_0x38, individual_seed)
   return 0;
   return 0;
}
}
</source>
</source>


= Mapping Structure =
Or the following simplified reimplementation.
<pre>
 
0xBDE00000 = Kirk Signature
<source lang="C">
0xBDE00004 = Kirk Version
void gen_psp_individual_seed(ScePspIndividualSeed *individual_seed) { 
0xBDE00008 = Kirk Error
  int i, k;
0xBDE0000C = Kirk Proc Phase
  u8 subkey_1[0x10], subkey_2[0x10];
0xBDE00010 = Kirk CMD Number
  rijndael_ctx aes_ctx;
0xBDE00014 = Kirk Result
  u8 fuse_id[8];
0xBDE00018 = Unknown?
 
0xBDE0001C = Kirk Status
  // Byte-reverse the Fuse ID
0xBDE00020 = Kirk Status Asynchronous
  u32 g_fuse90 = *(u32 *)0xBC100090;
0xBDE00024 = Kirk Status Asynchronous End
  u32 g_fuse94 = *(u32 *)0xBC100094;
0xBDE00028 = Kirk Status End
  fuse_id[7] = g_fuse90 &0xFF;
0xBDE0002C = Kirk Source Address
  fuse_id[6] = (g_fuse90>>8) &0xFF;
0xBDE00030 = Kirk Destination Address
  fuse_id[5] = (g_fuse90>>16) &0xFF;
</pre>
  fuse_id[4] = (g_fuse90>>24) &0xFF;
  fuse_id[3] = g_fuse94 &0xFF;
  fuse_id[2] = (g_fuse94>>8) &0xFF;
  fuse_id[1] = (g_fuse94>>16) &0xFF;
  fuse_id[0] = (g_fuse94>>24) &0xFF;
  rijndael_set_key(&aes_ctx, g_ids_master_key, 128); // set g_ids_master_key as AES key
 
  for (i = 0; i < 0x10; i++) // initialize the subkeys using the Fuse ID
    subkey_2[i] = subkey_1[i] = fuse_id[i % 8];
 
  for (i = 0; i < 3; i++) { // encrypt first subkey three times, and decrypt second subkey three times
    rijndael_encrypt(&aes_ctx, subkey_1, subkey_1);
    rijndael_decrypt(&aes_ctx, subkey_2, subkey_2);
  }
 
  rijndael_set_key(&aes_ctx, subkey_1, 128); // set subkey_1 as AES key
 
  for (i = 0; i < 3; i++) { // encrypt three times each one of the three first blocks
    for (k = 0; k < 3; k++)
      rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);
    memcpy(&individual_seed[i * 0x10], subkey_2, 0x10);
  }
 
  for (int idx = 0; idx < 8; idx++)
    individual_seed.fuse_id[idx] = ss[idx];
 
  for (int idx = 0; idx < 4; idx++)
    individual_seed.reserved[idx] = data_for_0x38[idx];
 
  gen_psp_individual_seed_hash(individual_seed);
 
  return 0;
}
</source>


= Commands =
= Commands =
Line 970: Line 995:
== Command 0x11: ECDSA signature verification ==
== Command 0x11: ECDSA signature verification ==


This command verifies an ECDSA signature. It is used to verify IdStorage IDPS certificates.
This command verifies an ECDSA signature.


It takes no output, and takes as an input:
It takes no output, and takes as an input:
Line 981: Line 1,006:


== Command 0x12: verify certificate ==
== Command 0x12: verify certificate ==
This command verifies an AES-CBC-MAC (OMAC1) signature. It is used to verify [[IDStorage#IDStorage_certified_sections|ID Storage certificates]].


This command has no output.
This command has no output.


It takes as input an [[IDStorage#IDStorage_certified_sections|ID Storage certificate]] read from [[IDStorage]].
It takes as an input a 0xB8-long buffer:
 
*0x00: certificate data (either ConsoleID or OpenPSID) and ECDSA signature etc. (unused here)
<source lang="C">
*0xA8: AES-CMAC hash of the rest of the header.
typedef struct kirk_command_0x12_input{
It verifies the AES CMAC of the header using per-console key with seed 4.
ids_cert_psp certificate;
} kirk_command_0x12_input;
</source>
 
It uses per-console key with seed 4.


= Error codes =
= Error codes =
Please note that all contributions to PSP Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PSP Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)