Editing Kirk
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 46: | Line 46: | ||
</pre> | </pre> | ||
These commands allow to do operations with any public key. For the latest | These commands allow to do operations with any public key. For the latest Pre-IPL version which adds an additional ECDSA verification of the XOR of the block hashes, the public key which is hardcoded in the Pre-IPL is (0xBC660611A70BD7F2D140A48215C096D11D2D4112, 0xF0E9379AC4E0D387C542D091349DD15169DD5A87). | ||
== Code sample == | == Code sample == | ||
Line 146: | Line 146: | ||
|} | |} | ||
= | = Per-console keys = | ||
Kirk commands | Some Kirk commands like commands 16 and 18 use individual (per-console) seeds. The base per-console seed is the Fuse ID (6 bytes), which is transformed into a 0x30 bytes buffer ("key mesh"). This buffer is used to generate different keys depending on a seed. | ||
= | {| class="wikitable" | ||
|+ | |||
!Seed | |||
!Usage | |||
|- | |||
|0 | |||
|Kirk commands 2 (encryption) & 3 (decryption) (the real encryption & CMAC keys are random, but this per-console key is used to encrypt them) | |||
|- | |||
|1 | |||
|Kirk command 5 (encryption) & 8 (decryption) | |||
|- | |||
|2 | |||
|Kirk command 6 (encryption) & 9 (decryption) | |||
|- | |||
|3 | |||
|Kirk command 16 | |||
|- | |||
|4 | |||
|Kirk command 18 | |||
|- | |||
|5 | |||
|Unused | |||
|- | |||
|6 | |||
|RNG buffer reseeding | |||
|} | |||
<source lang="c"> | <source lang="c"> | ||
typedef struct | typedef struct ScePspKeyMesh { // size is 0x30 | ||
SceUInt8 | SceUInt8 aes128cbc_key_1[0x10]; // used by Kirk commands 5 & 8 and 16 | ||
SceUInt8 | SceUInt8 aes128cbc_key_2[0x10]; // used by Kirk command 2 & 3, 6 & 9 and 18 | ||
SceUInt8 derivation_key[0x10]; // | SceUInt8 derivation_key[0x10]; // used to derive the 2 other keys | ||
} | } ScePspKeyMesh; | ||
</source> | </source> | ||
To generate the key mesh of a PSP, provided the Fuse ID (0xBC100090 and 0xBC100094 hardware registers), execute the following code. | |||
To generate the | |||
<source lang="c"> | <source lang="c"> | ||
void | void gen_psp_individual_seed() { | ||
int i, k; | int i, k; | ||
ScePspKeyMesh seed; | |||
u8 subkey_1[0x10], subkey_2[0x10]; | u8 subkey_1[0x10], subkey_2[0x10]; | ||
rijndael_ctx aes_ctx; | rijndael_ctx aes_ctx; | ||
u8 | u8 fuseid[8]; | ||
// Byte-reverse the Fuse ID | // Byte-reverse the Fuse ID | ||
u32 g_fuse90 = *(u32 *)0xBC100090; | u32 g_fuse90 = *(u32 *)0xBC100090; | ||
u32 g_fuse94 = *(u32 *)0xBC100094; | u32 g_fuse94 = *(u32 *)0xBC100094; | ||
fuseid[7] = g_fuse90 &0xFF; | |||
fuseid[6] = (g_fuse90>>8) &0xFF; | |||
fuseid[5] = (g_fuse90>>16) &0xFF; | |||
fuseid[4] = (g_fuse90>>24) &0xFF; | |||
fuseid[3] = g_fuse94 &0xFF; | |||
fuseid[2] = (g_fuse94>>8) &0xFF; | |||
fuseid[1] = (g_fuse94>>16) &0xFF; | |||
fuseid[0] = (g_fuse94>>24) &0xFF; | |||
rijndael_set_key(&aes_ctx, ids_master_key, 128); // set ids_master_key as AES key | rijndael_set_key(&aes_ctx, ids_master_key, 128); // set ids_master_key as AES key | ||
for (i = 0; i < 0x10; i++) // initialize the subkeys using the Fuse ID | for (i = 0; i < 0x10; i++) // initialize the subkeys using the Fuse ID | ||
subkey_2[i] = subkey_1[i] = | subkey_2[i] = subkey_1[i] = fuseid[i % 8]; | ||
for (i = 0; i < 3; i++) { // encrypt first subkey three times, and decrypt second subkey three times | for (i = 0; i < 3; i++) { // encrypt first subkey three times, and decrypt second subkey three times | ||
Line 197: | Line 219: | ||
rijndael_set_key(&aes_ctx, subkey_1, 128); // set subkey_1 as AES key | rijndael_set_key(&aes_ctx, subkey_1, 128); // set subkey_1 as AES key | ||
for (i = 0; i < 3; i++) { // encrypt 3, 6 and 9 times subkey_2 to obtain the final | for (i = 0; i < 3; i++) { // encrypt 3, 6 and 9 times the subkey_2 to obtain the final keymesh | ||
for (k = 0; k < 3; k++) | for (k = 0; k < 3; k++) | ||
rijndael_encrypt(&aes_ctx, subkey_2, subkey_2); | rijndael_encrypt(&aes_ctx, subkey_2, subkey_2); | ||
memcpy( | memcpy(&seed[i * 0x10], subkey_2, 0x10); | ||
} | } | ||
} | } | ||
</source>The key mesh can then be used along with a seed to generate a key using the following algorithm:<syntaxhighlight lang="c"> | |||
void make_perconsole_key(u8 output[16], int seed, ScePspKeyMesh keymesh) | |||
{ | |||
if (seed & 1) { | |||
memcpy(output, keymesh.aes128cbc_key_2, 16); | |||
} else { | |||
memcpy(output, keymesh.aes128cbc_key_1, 16); | |||
} | |||
// Encrypt the result several times depending on the seed | |||
rijndael_set_key(&aes_ctx, keymesh.aes128cbc_derivation_key); | |||
seed = (seed / 2) + 1; | |||
while ((seed--) >= 0) { | |||
</source> | |||
<syntaxhighlight lang="c"> | |||
void make_perconsole_key(u8 output[16], int | |||
if ( | |||
memcpy(output, | |||
else | |||
memcpy(output, | |||
// Encrypt the result several times depending on the seed | |||
rijndael_set_key(&aes_ctx, | |||
while (( | |||
rijndael_encrypt(&aes_ctx, output); | rijndael_encrypt(&aes_ctx, output); | ||
} | } | ||
Line 285: | Line 242: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== | == ScePspIndividualSeed == | ||
There | There is a 0x40-byte buffer, named here <code>ScePspIndividualSeed</code>, used in both PSP flashData.prx and in PS Vita cmep keyrings 0x601 and 0x602 (in endian swapped fashion). It is slightly different from the mesh buffer described above. Indeed, it is before applying the derivation_key. | ||
Some Kirk commands like commands 16 and 18 use individual (per-console) seeds. The base per-console seed is the Fuse ID (6 bytes), which is transformed into <code>ScePspIndividualSeed</code>. | |||
<source lang="C"> | <source lang="C"> | ||
typedef struct | typedef struct ScePspIndividualSeed { // size is 0x40 | ||
SceUInt8 derivation_seed_0[0x10]; // a seed used to derive final keys with derivation_key | |||
SceUInt8 derivation_seed_1[0x10]; // a seed used to derive final keys with derivation_key | |||
SceUInt8 derivation_key[0x10]; // key used to derive final keys from seed_0 and seed_1 | |||
SceUInt8 fuse_id[8]; // endianness to precise | SceUInt8 fuse_id[8]; // endianness to precise | ||
SceUInt8 reserved[4]; // could be arbitrary but in practice always zeroed | SceUInt8 reserved[4]; // could be arbitrary but in practice always zeroed | ||
SceUInt32 hash; // the hash algorithm is in PSP Jig Kick flashData.prx | SceUInt32 hash; // the hash algorithm is in PSP Jig Kick flashData.prx | ||
} | } ScePspIndividualSeed; | ||
</source> | </source> | ||
To generate ScePspIndividualSeed, execute the following code. | |||
To generate | |||
<source lang="C"> | <source lang="C"> | ||
void | void gen_psp_individual_seed_hash(ScePspIndividualSeed *individual_seed) { | ||
byte bVar1; | byte bVar1; | ||
uint uVar2; | uint uVar2; | ||
Line 360: | Line 288: | ||
offset = 0; | offset = 0; | ||
do { | do { | ||
pbVar4 = | pbVar4 = individual_seed + offset; | ||
pbVar7 = local_60 + offset; | pbVar7 = local_60 + offset; | ||
offset = offset + 1; | offset = offset + 1; | ||
Line 416: | Line 344: | ||
do { | do { | ||
pbVar11 = local_60 + offset; | pbVar11 = local_60 + offset; | ||
pbVar7 = | pbVar7 = individual_seed + offset; | ||
offset = offset + 1; | offset = offset + 1; | ||
*pbVar7 = *pbVar11; | *pbVar7 = *pbVar11; | ||
Line 425: | Line 353: | ||
} | } | ||
typedef struct { | |||
unsigned char buf1[8]; // 0 | |||
unsigned char buf2[8]; // 8 | |||
unsigned char buf3[8]; // 0x10 | |||
} SomeStructure; | |||
uint gen_psp_individual_seed(SomeStructure *ss, byte *data_for_0x38, ScePspIndividualSeed *individual_seed) { | |||
byte bVar1; | |||
byte *dst; | |||
int idx; | |||
int j; | |||
byte *src; | |||
byte subkey_2[16]; | |||
byte subkey_1[16]; | |||
uint ctx[64]; | |||
uint ctx2[64]; | |||
AES_set_encrypt_key_2(g_ids_master_key, 128, ctx); // set g_ids_master_key as AES key | |||
AES_set_decrypt_key_2(g_ids_master_key, 128, ctx2); // set g_ids_master_key as AES key | |||
idx = 0; // initialize the subkeys using the Fuse ID | |||
do { | |||
bVar1 = ss[idx + ((int)(idx + ((uint)(idx >> 0x1f) >> 0x1d)) >> 3) * -8]; | |||
src = subkey_2 + idx; | |||
dst = subkey_1 + idx; | |||
idx = idx + 1; | |||
*src = bVar1; | |||
*dst = bVar1; | |||
} while (idx < 0x10); | |||
idx = 2; // encrypt first subkey three times, and decrypt second subkey three times | |||
do { | |||
AES_encrypt_2(subkey_1, subkey_1, ctx); | |||
idx = idx - 1; | |||
AES_decrypt_2(subkey_2, subkey_2, ctx2); | |||
} while (-1 < idx); | |||
AES_set_encrypt_key_2(subkey_1, 128, ctx); // set subkey_1 as AES key | |||
idx = 0; // encrypt three times each one of the three first blocks | |||
do { | |||
j = 2; | |||
do { | |||
j = j - 1; | |||
AES_encrypt_2(subkey_2, subkey_2, ctx); | |||
} while (-1 < j); | |||
dst = individual_seed + idx * 0x10; | |||
j = 0; | |||
do { | |||
src = subkey_2 + j; | |||
j = j + 1; | |||
*dst = *src; | |||
dst = dst + 1; | |||
} while (j < 0x10); | |||
idx = idx + 1; | |||
} while (idx < 3); | |||
idx = 0; | |||
do { | |||
j = idx + 1; | |||
individual_seed.fuse_id[idx] = ss[idx]; | |||
idx = j; | |||
} while (j < 8); | |||
idx = 0; | |||
do { | |||
j = idx + 1; | |||
individual_seed.reserved[idx] = data_for_0x38[idx]; | |||
idx = j; | |||
} while (j < 4); | |||
gen_psp_individual_seed_hash(individual_seed); | |||
return 0; | return 0; | ||
Line 464: | Line 454: | ||
} | } | ||
uint gen_psp_individual_seed_helper( | uint gen_psp_individual_seed_helper(ScePspIndividualSeed *individual_seed) { | ||
SomeStructure ss; | SomeStructure ss; | ||
CreateSomeStructure(&ss); | CreateSomeStructure(&ss); | ||
int data_for_0x38 = 0; | int data_for_0x38 = 0; | ||
ScePspIndividualSeed individual_seed; | |||
gen_psp_individual_seed(&ss, &data_for_0x38, individual_seed) | |||
return 0; | return 0; | ||
} | } | ||
</source> | </source> | ||
= | Or the following simplified reimplementation. | ||
<source lang="C"> | |||
void gen_psp_individual_seed(ScePspIndividualSeed *individual_seed) { | |||
int i, k; | |||
u8 subkey_1[0x10], subkey_2[0x10]; | |||
rijndael_ctx aes_ctx; | |||
u8 fuse_id[8]; | |||
// Byte-reverse the Fuse ID | |||
u32 g_fuse90 = *(u32 *)0xBC100090; | |||
u32 g_fuse94 = *(u32 *)0xBC100094; | |||
fuse_id[7] = g_fuse90 &0xFF; | |||
fuse_id[6] = (g_fuse90>>8) &0xFF; | |||
fuse_id[5] = (g_fuse90>>16) &0xFF; | |||
</ | fuse_id[4] = (g_fuse90>>24) &0xFF; | ||
fuse_id[3] = g_fuse94 &0xFF; | |||
fuse_id[2] = (g_fuse94>>8) &0xFF; | |||
fuse_id[1] = (g_fuse94>>16) &0xFF; | |||
fuse_id[0] = (g_fuse94>>24) &0xFF; | |||
rijndael_set_key(&aes_ctx, g_ids_master_key, 128); // set g_ids_master_key as AES key | |||
for (i = 0; i < 0x10; i++) // initialize the subkeys using the Fuse ID | |||
subkey_2[i] = subkey_1[i] = fuse_id[i % 8]; | |||
for (i = 0; i < 3; i++) { // encrypt first subkey three times, and decrypt second subkey three times | |||
rijndael_encrypt(&aes_ctx, subkey_1, subkey_1); | |||
rijndael_decrypt(&aes_ctx, subkey_2, subkey_2); | |||
} | |||
rijndael_set_key(&aes_ctx, subkey_1, 128); // set subkey_1 as AES key | |||
for (i = 0; i < 3; i++) { // encrypt three times each one of the three first blocks | |||
for (k = 0; k < 3; k++) | |||
rijndael_encrypt(&aes_ctx, subkey_2, subkey_2); | |||
memcpy(&individual_seed[i * 0x10], subkey_2, 0x10); | |||
} | |||
for (int idx = 0; idx < 8; idx++) | |||
individual_seed.fuse_id[idx] = ss[idx]; | |||
for (int idx = 0; idx < 4; idx++) | |||
individual_seed.reserved[idx] = data_for_0x38[idx]; | |||
gen_psp_individual_seed_hash(individual_seed); | |||
return 0; | |||
} | |||
</source> | |||
= Commands = | = Commands = |