Editing Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[Category:Software]]
[[Category:Software]]<noinclude>[[Category:Main]]</noinclude>
<noinclude>
[[Category:Main]]
</noinclude>


= Useful Information =
= Useful Information =
Line 20: Line 17:
* pub file (public): %s-pub-%s
* pub file (public): %s-pub-%s
* priv file (private): %s-priv-%s
* priv file (private): %s-priv-%s
= Per-console keys =
See [https://www.psdevwiki.com/psp/Kirk#Individual_Seed Kirk documentation] for usage of PSP-related individual seeds.
== Cmep Keyring 0x600 - Visible ID (Test Subject 9 PS Vita) ==
<pre>
00 00 01 01 AC 72 45 00 F5 68 96 03 80 57 C8 1A
25 99 21 A1 73 A4 89 F2 E9 96 23 E9 86 0F 74 2D
</pre>
* Contains the console's [https://wiki.henkaku.xyz/vita/VisibleId Visible ID].
== Cmep Keyring 0x601 - ScePspIndividualKeyMeshCert first half (Test Subject 9 PS Vita) ==
* Contains the first half (0x20 bytes) of of the console's [https://www.psdevwiki.com/psp/Kirk#PSP_Individual_Key_Mesh_Certificate ScePspIndividualKeyMeshCert].
* Warning: the dump presented here is byte-swapped.
<pre>
B9 18 4E 22 83 8B 91 6D 19 86 72 D5 FB 10 FD A3 <- byte-swapped key_mesh.derivation_seed_1
4A 4E 72 CB 02 6E 96 E9 96 B2 C3 23 B9 CF 36 A4 <- byte-swapped key_mesh.derivation_seed_0
</pre>
== Cmep Keyring 0x602 - ScePspIndividualKeyMeshCert second half (Test Subject 9 PS Vita) ==
* Contains the second half (0x20 bytes) of the console's [https://www.psdevwiki.com/psp/Kirk#PSP_Individual_Key_Mesh_Certificate ScePspIndividualKeyMeshCert].
* Warning: the dump presented here is byte-swapped.
<pre>
85 4B 14 AB 00 00 00 00 00 45 72 AC 01 01 08 10 <- byte-swapped hash, byte-swapped reserved, byte-swapped fuse_id
FF 9A 3E E5 A2 B9 F5 25 32 4D E0 2A 8F B1 8F B9 <- byte-swapped key_mesh.derivation_key
</pre>
== ScePspIndividualKeyMeshCert (Test Subject 9 PS Vita) ==
* By byte-swapping keyrings 0x601 and 0x602 or by taking Fuse ID only and running the ScePspIndividualKeyMeshCert generation algorithm (see PSP Jig Kick flashData.prx), we can obtain ScePspIndividualKeyMeshCert.
<pre>
A4 36 CF B9 23 C3 B2 96 E9 96 6E 02 CB 72 4E 4A <- key_mesh.derivation_seed_0
A3 FD 10 FB D5 72 86 19 6D 91 8B 83 22 4E 18 B9 <- key_mesh.derivation_seed_1
B9 8F B1 8F 2A E0 4D 32 25 F5 B9 A2 E5 3E 9A FF <- key_mesh.derivation_key
10 08 01 01 AC 72 45 00 00 00 00 00 AB 14 4B 85 <- fuse_id, reserved, hash
</pre>


= SUPER KEYS (Dumped by SDBoot glitching) =
= SUPER KEYS (Dumped by SDBoot glitching) =
Line 160: Line 114:
</pre>
</pre>


== Perconsole Keyslot 0x607 (Test Subject 8) ==
== Perconsole Keyslot 0x607 (Test Subject 7) ==


<pre>
<pre>
Line 911: Line 865:
* Used with other possible keys besides AA key (5 possibilities)
* Used with other possible keys besides AA key (5 possibilities)
* Never seen used
* Never seen used


== Second Loader ==
== Second Loader ==
Line 942: Line 898:
1C7FD39E8D63AA32D386413EE6A01C15C4876BF614CA954E36C1602DD7871C4F KEY
1C7FD39E8D63AA32D386413EE6A01C15C4876BF614CA954E36C1602DD7871C4F KEY
051DFE9D9BEA8087F66EB8F631010D88 IV
051DFE9D9BEA8087F66EB8F631010D88 IV
</pre>
=== Unknown GCAUTHMGR Key and IV ===
<pre>
821C5714415E9804D6AAE324EB3DDDFE7BB73E8EC0F9E04D3D6D60BCD0CF4EE9
</pre>
<pre>
CEC36FCD7DB3102A80E9C2AA65734FC1
</pre>
</pre>


Line 967: Line 932:
=== SMI (Slot 0x213) ===
=== SMI (Slot 0x213) ===
<pre>
<pre>
AB7097356FDD49D83878540167F0C4AD85537C5A56BD15DF0EB5F7F0D9E276E6 Seed First Derivation SMI
310D20077AF3BF121F21D9ADAF389CDA IV First Derivation SMI  
310D20077AF3BF121F21D9ADAF389CDA IV First Derivation SMI  


Line 1,002: Line 965:
AC78EE86799148699B9CB3F5C6CAB73A6AC45EB11F44E9151232CF8F123C7D88
AC78EE86799148699B9CB3F5C6CAB73A6AC45EB11F44E9151232CF8F123C7D88
</pre>
</pre>
== GcAuthMgr ==
=== Master Key Seeds ===
As part of gc authentication, some keys are derived using these key seeds
& 0x345 and 0x348 bbmac.
different key seeds are used depending on the key id used by the gamecart.
==== KeyID 0x1 ====
KEYSEED:
<pre>
7f1fd065dd2f40b3e26579a6390b616d
</pre>
IV:
<pre>
8b14c8a1e96f30a7f101a96a3033c55b
</pre>
==== KeyID 0x8001 ====
KEYSEED:
<pre>
6f2285ed463a6e57c5f3550ddcc81feb
</pre>
==== KeyID 0x8002 ====
KEYSEED:
<pre>
da9608b528825d6d13a7af1446b8ec08
</pre>
==== KeyID 0x8003 ====
KEYSEED:
<pre>
368b2eb5437a821862a6c95596d8c135
</pre>
=== Unknown GcAuthMgr Key and IV ===
<pre>
821C5714415E9804D6AAE324EB3DDDFE7BB73E8EC0F9E04D3D6D60BCD0CF4EE9
</pre>
<pre>
CEC36FCD7DB3102A80E9C2AA65734FC1
</pre>
== KPRX_AUTH ==
keys part of kprx_auth_sm
=== Bind Data HMAC Key ===
used for ksceSblAuthMgrDecBindData
<pre>
901a84fb13a744a378c5018a60f58c22
</pre>
HMAC-SHA256 using this key
result is the key to aes-cbc-decrypt bind data
first 0x10 is key, last 0x10 is iv.


== AIMGR ==
== AIMGR ==
Line 1,910: Line 1,821:
kirk7_keyC3 = 1E5B17DAC321E6B8DFE7718CA2930370
kirk7_keyC3 = 1E5B17DAC321E6B8DFE7718CA2930370
</pre>
</pre>
== IdStorage Keys ==
=== PS Vita IdStorage leaves 0-0x7D RSA2048 Public Key ===
<pre>
E9 18 F0 8E F8 D1 ED 4A 5E 80 65 44 15 5D AF 3E
99 CD 65 65 5C 5D FE BC BA 59 A4 AB 52 81 63 53
B1 DC 9C 0E BB 70 F7 48 57 47 9C 4C 49 00 8E E4
F7 55 93 14 71 67 DF 9C 92 8E D8 42 4A 10 75 50
D0 9F 6A 48 57 9A E3 86 BF 6B A3 0C 73 57 00 DC
F7 CB 2B B3 7C 03 11 CC EC D9 0F BA A1 2E E5 EE
5C D3 10 D5 0F 1D 58 C1 23 8B CD 7B 9E E6 2C 7F
4C AE 11 01 8C A5 AE F0 D5 C2 8D 5E E9 F6 6F 1E
37 8B B4 BD BC C0 2F 3D 3D 6E F8 E6 35 EF B6 C2
EF 82 ED AD 07 16 5A 4D A4 AB 83 76 14 9D 6F 29
6D AD DA 83 CF 0D F3 9F 9C 6B AC 79 61 B6 6F 32
60 34 99 B4 C3 9C 94 D7 1A 29 8A B4 12 D8 42 F9
69 C3 0E 47 EF 86 FD 35 E5 CD 23 E8 95 B3 E1 A3
D6 E9 CA 90 8F 46 59 FE BC B3 00 C0 9C E7 34 07
5A 7F 85 2A 5B AD 82 B8 52 85 74 6F 73 45 C2 5F
4B 7A 8D 85 70 8B 6C FD AA 59 70 BF 33 00 79 D5
</pre>
* Exponent is 65537.
* Found in PS Vita factTest.self.
* Signature is stored in PS Vita IdStorage leaf 0x7E offset 0x60.
* PSP IdStorage does not have this signature.
* This signature does not seem to be checked on console boot. It might be used only during manufacturing/servicing to ensure that IdStorage leaves 0-0x7D have been written correctly. This implies that IdStorage leaves 0-0x7D are not meant to be edited after manufacturing, contrarly to some other leaves.


== IdStorage Certificate Keys ==
== IdStorage Certificate Keys ==
Line 3,316: Line 3,198:
! Type !! Version !! Modulus !! Usage || Notes
! Type !! Version !! Modulus !! Usage || Notes
|-
|-
| 0 and 1 || 1.00+ ||
| 0 and 1 || 1.00+ ||  
     9CCCE3A536FA641B2D1354EE98F093C2
     9CCCE3A536FA641B2D1354EE98F093C2
     68470F722C024B86CD60274E08E0067A
     68470F722C024B86CD60274E08E0067A
Line 3,400: Line 3,282:
! Type !! Version !! Modulus !! Usage || Notes
! Type !! Version !! Modulus !! Usage || Notes
|-
|-
| PSP || 1.00+ ||
| PSP || 1.00+ ||  
     BBDB6AA32E3B51A6D4708D5FC9899919
     BBDB6AA32E3B51A6D4708D5FC9899919
     395A2AAD83E98F4864C3BA43A5D6906F
     395A2AAD83E98F4864C3BA43A5D6906F
Line 3,472: Line 3,354:
== NID generation suffixes ==
== NID generation suffixes ==


* The algorithm is sha1(name + suffix).
* algo is sha1(name + suffix)


=== No suffix ===
=== No suffix ===
Line 3,478: Line 3,360:
For some PSP and PS Vita old NIDs, there was no suffix at all: algo was simply sha1(name).
For some PSP and PS Vita old NIDs, there was no suffix at all: algo was simply sha1(name).


=== PS3 NONAME suffix ===
=== PS3 NONAME default suffix ===


<pre>"0xbc5eba9e042504905b64274994d9c41f"</pre>
<pre>bc5eba9e042504905b64274994d9c41f</pre>


* Note that this ASCII string is used but not the hexadecimal value for it.
To check how to use this suffix (see: [https://www.psdevwiki.com/ps3/Keys#PS3_NONAME_NIDs_Salt]).


=== PS3 default suffix ===
=== PS3 default suffix ===
Line 3,488: Line 3,370:
<pre>6759659904250490566427499489741A</pre>
<pre>6759659904250490566427499489741A</pre>


* Note that this hexadecimal value is used but not the ASCII string for it.
=== PS Vita NONAME default suffix ===
 
=== PS Vita NONAME suffix ===


<pre>c1b886af5c31846467e7ba5e2cffd64a</pre>
<pre>c1b886af5c31846467e7ba5e2cffd64a</pre>
* Note that this hexadecimal value is used but not the ASCII string for it.


== SceKrm ==
== SceKrm ==
Please note that all contributions to Vita Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see Vita Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)