Editing Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[Category:Software]]
[[Category:Software]]<noinclude>[[Category:Main]]</noinclude>
<noinclude>
[[Category:Main]]
</noinclude>


= Useful Information =
= Useful Information =
Line 20: Line 17:
* pub file (public): %s-pub-%s
* pub file (public): %s-pub-%s
* priv file (private): %s-priv-%s
* priv file (private): %s-priv-%s
= Per-console keys =
See [https://www.psdevwiki.com/psp/Kirk#Individual_Seed Kirk documentation] for usage of PSP-related individual seeds.
== Cmep Keyring 0x600 - Visible ID (Test Subject 9 PS Vita) ==
<pre>
00 00 01 01 AC 72 45 00 F5 68 96 03 80 57 C8 1A
25 99 21 A1 73 A4 89 F2 E9 96 23 E9 86 0F 74 2D
</pre>
* Contains the console's [https://wiki.henkaku.xyz/vita/VisibleId Visible ID].
== Cmep Keyring 0x601 - ScePspIndividualKeyMeshCert first half (Test Subject 9 PS Vita) ==
* Contains the first half (0x20 bytes) of of the console's [https://www.psdevwiki.com/psp/Kirk#PSP_Individual_Key_Mesh_Certificate ScePspIndividualKeyMeshCert].
* Warning: the dump presented here is byte-swapped.
<pre>
B9 18 4E 22 83 8B 91 6D 19 86 72 D5 FB 10 FD A3 <- byte-swapped key_mesh.derivation_seed_1
4A 4E 72 CB 02 6E 96 E9 96 B2 C3 23 B9 CF 36 A4 <- byte-swapped key_mesh.derivation_seed_0
</pre>
== Cmep Keyring 0x602 - ScePspIndividualKeyMeshCert second half (Test Subject 9 PS Vita) ==
* Contains the second half (0x20 bytes) of the console's [https://www.psdevwiki.com/psp/Kirk#PSP_Individual_Key_Mesh_Certificate ScePspIndividualKeyMeshCert].
* Warning: the dump presented here is byte-swapped.
<pre>
85 4B 14 AB 00 00 00 00 00 45 72 AC 01 01 08 10 <- byte-swapped hash, byte-swapped reserved, byte-swapped fuse_id
FF 9A 3E E5 A2 B9 F5 25 32 4D E0 2A 8F B1 8F B9 <- byte-swapped key_mesh.derivation_key
</pre>
== ScePspIndividualKeyMeshCert (Test Subject 9 PS Vita) ==
* By byte-swapping keyrings 0x601 and 0x602 or by taking Fuse ID only and running the ScePspIndividualKeyMeshCert generation algorithm (see PSP Jig Kick flashData.prx), we can obtain ScePspIndividualKeyMeshCert.
<pre>
A4 36 CF B9 23 C3 B2 96 E9 96 6E 02 CB 72 4E 4A <- key_mesh.derivation_seed_0
A3 FD 10 FB D5 72 86 19 6D 91 8B 83 22 4E 18 B9 <- key_mesh.derivation_seed_1
B9 8F B1 8F 2A E0 4D 32 25 F5 B9 A2 E5 3E 9A FF <- key_mesh.derivation_key
10 08 01 01 AC 72 45 00 00 00 00 00 AB 14 4B 85 <- fuse_id, reserved, hash
</pre>


= SUPER KEYS (Dumped by SDBoot glitching) =
= SUPER KEYS (Dumped by SDBoot glitching) =
Line 160: Line 114:
</pre>
</pre>


== Perconsole Keyslot 0x607 (Test Subject 8) ==
== Perconsole Keyslot 0x607 (Test Subject 7) ==


<pre>
<pre>
Line 911: Line 865:
* Used with other possible keys besides AA key (5 possibilities)
* Used with other possible keys besides AA key (5 possibilities)
* Never seen used
* Never seen used


== Second Loader ==
== Second Loader ==
Line 942: Line 898:
1C7FD39E8D63AA32D386413EE6A01C15C4876BF614CA954E36C1602DD7871C4F KEY
1C7FD39E8D63AA32D386413EE6A01C15C4876BF614CA954E36C1602DD7871C4F KEY
051DFE9D9BEA8087F66EB8F631010D88 IV
051DFE9D9BEA8087F66EB8F631010D88 IV
</pre>
=== Unknown GCAUTHMGR Key and IV ===
<pre>
821C5714415E9804D6AAE324EB3DDDFE7BB73E8EC0F9E04D3D6D60BCD0CF4EE9
</pre>
<pre>
CEC36FCD7DB3102A80E9C2AA65734FC1
</pre>
</pre>


Line 967: Line 932:
=== SMI (Slot 0x213) ===
=== SMI (Slot 0x213) ===
<pre>
<pre>
AB7097356FDD49D83878540167F0C4AD85537C5A56BD15DF0EB5F7F0D9E276E6 Seed First Derivation SMI
310D20077AF3BF121F21D9ADAF389CDA IV First Derivation SMI  
310D20077AF3BF121F21D9ADAF389CDA IV First Derivation SMI  


Line 1,003: Line 966:
</pre>
</pre>


== GcAuthMgr ==
== factTest ==
=== Master Key Seeds ===
As part of gc authentication, some keys are derived using these key seeds
& 0x345 and 0x348 bbmac.
different key seeds are used depending on the key id used by the gamecart.
 
==== KeyID 0x1 ====
KEYSEED:
<pre>
7f1fd065dd2f40b3e26579a6390b616d
</pre>
IV:
<pre>
8b14c8a1e96f30a7f101a96a3033c55b
</pre>
==== KeyID 0x8001 ====
KEYSEED:
<pre>
6f2285ed463a6e57c5f3550ddcc81feb
</pre>
==== KeyID 0x8002 ====
KEYSEED:
<pre>
da9608b528825d6d13a7af1446b8ec08
</pre>
==== KeyID 0x8003 ====
KEYSEED:
<pre>
368b2eb5437a821862a6c95596d8c135
</pre>
=== Unknown GcAuthMgr Key and IV ===
<pre>
821C5714415E9804D6AAE324EB3DDDFE7BB73E8EC0F9E04D3D6D60BCD0CF4EE9
</pre>
 
<pre>
CEC36FCD7DB3102A80E9C2AA65734FC1
</pre>
 


== KPRX_AUTH ==
== idstorage signature verification key ==
keys part of kprx_auth_sm


=== Bind Data HMAC Key ===
used for ksceSblAuthMgrDecBindData
<pre>
<pre>
901a84fb13a744a378c5018a60f58c22
D5 79 00 33 BF 70 59 AA FD 6C 8B 70 85 8D 7A 4B
5F C2 45 73 6F 74 85 52 B8 82 AD 5B 2A 85 7F 5A
07 34 E7 9C C0 00 B3 BC FE 59 46 8F 90 CA E9 D6
A3 E1 B3 95 E8 23 CD E5 35 FD 86 EF 47 0E C3 69
F9 42 D8 12 B4 8A 29 1A D7 94 9C C3 B4 99 34 60
32 6F B6 61 79 AC 6B 9C 9F F3 0D CF 83 DA AD 6D
29 6F 9D 14 76 83 AB A4 4D 5A 16 07 AD ED 82 EF
C2 B6 EF 35 E6 F8 6E 3D 3D 2F C0 BC BD B4 8B 37
1E 6F F6 E9 5E 8D C2 D5 F0 AE A5 8C 01 11 AE 4C
7F 2C E6 9E 7B CD 8B 23 C1 58 1D 0F D5 10 D3 5C
EE E5 2E A1 BA 0F D9 EC CC 11 03 7C B3 2B CB F7
DC 00 57 73 0C A3 6B BF 86 E3 9A 57 48 6A 9F D0
50 75 10 4A 42 D8 8E 92 9C DF 67 71 14 93 55 F7
E4 8E 00 49 4C 9C 47 57 48 F7 70 BB 0E 9C DC B1
53 63 81 52 AB A4 59 BA BC FE 5D 5C 65 65 CD 99
3E AF 5D 15 44 65 80 5E 4A ED D1 F8 8E F0 18 E9
</pre>
</pre>
HMAC-SHA256 using this key
result is the key to aes-cbc-decrypt bind data
first 0x10 is key, last 0x10 is iv.


== AIMGR ==
== AIMGR ==
Line 1,910: Line 1,844:
kirk7_keyC3 = 1E5B17DAC321E6B8DFE7718CA2930370
kirk7_keyC3 = 1E5B17DAC321E6B8DFE7718CA2930370
</pre>
</pre>
== IdStorage Keys ==
=== PS Vita IdStorage leaves 0-0x7D RSA2048 Public Key ===
<pre>
E9 18 F0 8E F8 D1 ED 4A 5E 80 65 44 15 5D AF 3E
99 CD 65 65 5C 5D FE BC BA 59 A4 AB 52 81 63 53
B1 DC 9C 0E BB 70 F7 48 57 47 9C 4C 49 00 8E E4
F7 55 93 14 71 67 DF 9C 92 8E D8 42 4A 10 75 50
D0 9F 6A 48 57 9A E3 86 BF 6B A3 0C 73 57 00 DC
F7 CB 2B B3 7C 03 11 CC EC D9 0F BA A1 2E E5 EE
5C D3 10 D5 0F 1D 58 C1 23 8B CD 7B 9E E6 2C 7F
4C AE 11 01 8C A5 AE F0 D5 C2 8D 5E E9 F6 6F 1E
37 8B B4 BD BC C0 2F 3D 3D 6E F8 E6 35 EF B6 C2
EF 82 ED AD 07 16 5A 4D A4 AB 83 76 14 9D 6F 29
6D AD DA 83 CF 0D F3 9F 9C 6B AC 79 61 B6 6F 32
60 34 99 B4 C3 9C 94 D7 1A 29 8A B4 12 D8 42 F9
69 C3 0E 47 EF 86 FD 35 E5 CD 23 E8 95 B3 E1 A3
D6 E9 CA 90 8F 46 59 FE BC B3 00 C0 9C E7 34 07
5A 7F 85 2A 5B AD 82 B8 52 85 74 6F 73 45 C2 5F
4B 7A 8D 85 70 8B 6C FD AA 59 70 BF 33 00 79 D5
</pre>
* Exponent is 65537.
* Found in PS Vita factTest.self.
* Signature is stored in PS Vita IdStorage leaf 0x7E offset 0x60.
* PSP IdStorage does not have this signature.
* This signature does not seem to be checked on console boot. It might be used only during manufacturing/servicing to ensure that IdStorage leaves 0-0x7D have been written correctly. This implies that IdStorage leaves 0-0x7D are not meant to be edited after manufacturing, contrarly to some other leaves.


== IdStorage Certificate Keys ==
== IdStorage Certificate Keys ==
Line 3,316: Line 3,221:
! Type !! Version !! Modulus !! Usage || Notes
! Type !! Version !! Modulus !! Usage || Notes
|-
|-
| 0 and 1 || 1.00+ ||
| 0 and 1 || 1.00+ ||  
     9CCCE3A536FA641B2D1354EE98F093C2
     9CCCE3A536FA641B2D1354EE98F093C2
     68470F722C024B86CD60274E08E0067A
     68470F722C024B86CD60274E08E0067A
Line 3,400: Line 3,305:
! Type !! Version !! Modulus !! Usage || Notes
! Type !! Version !! Modulus !! Usage || Notes
|-
|-
| PSP || 1.00+ ||
| PSP || 1.00+ ||  
     BBDB6AA32E3B51A6D4708D5FC9899919
     BBDB6AA32E3B51A6D4708D5FC9899919
     395A2AAD83E98F4864C3BA43A5D6906F
     395A2AAD83E98F4864C3BA43A5D6906F
Line 3,472: Line 3,377:
== NID generation suffixes ==
== NID generation suffixes ==


* The algorithm is sha1(name + suffix).
* algo is sha1(name + suffix)


=== No suffix ===
=== No suffix ===
Line 3,478: Line 3,383:
For some PSP and PS Vita old NIDs, there was no suffix at all: algo was simply sha1(name).
For some PSP and PS Vita old NIDs, there was no suffix at all: algo was simply sha1(name).


=== PS3 NONAME suffix ===
=== PS3 NONAME default suffix ===


<pre>"0xbc5eba9e042504905b64274994d9c41f"</pre>
<pre>bc5eba9e042504905b64274994d9c41f</pre>


* Note that this ASCII string is used but not the hexadecimal value for it.
To check how to use this suffix (see: [https://www.psdevwiki.com/ps3/Keys#PS3_NONAME_NIDs_Salt]).


=== PS3 default suffix ===
=== PS3 default suffix ===
Line 3,488: Line 3,393:
<pre>6759659904250490566427499489741A</pre>
<pre>6759659904250490566427499489741A</pre>


* Note that this hexadecimal value is used but not the ASCII string for it.
=== PS Vita NONAME default suffix ===
 
=== PS Vita NONAME suffix ===


<pre>c1b886af5c31846467e7ba5e2cffd64a</pre>
<pre>c1b886af5c31846467e7ba5e2cffd64a</pre>
* Note that this hexadecimal value is used but not the ASCII string for it.


== SceKrm ==
== SceKrm ==
Please note that all contributions to Vita Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see Vita Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)