Keystone: Difference between revisions
(Created page with "=== File Structure === {| class="wikitable" |- ! Offset !! Size !! Description |- | 0x0 || 0x8 || magic "keystone" |- | 0x8 || 0x2 || Type (always 2) |- | 0xA || 0x2 || Versi...") |
CelesteBlue (talk | contribs) |
||
| Line 1: | Line 1: | ||
keystone file is located in sce_sys folder of apps/patches/addcont/savedatas/trophies. It is PFS encrypted. | |||
It embeds a key called keystone that is used to verify that : | |||
1) somebody who wants to extract/verify PKG is the owner of the product | |||
2) a patch data is published by the creator of the app data | |||
Keystone is generated from [[Passcode]]. | |||
== File Structure == | |||
{| class="wikitable" | {| class="wikitable" | ||
| Line 5: | Line 15: | ||
! Offset !! Size !! Description | ! Offset !! Size !! Description | ||
|- | |- | ||
| 0x0 || 0x8 || | | 0x0 || 0x8 || Magic "keystone" | ||
|- | |- | ||
| 0x8 || 0x2 || Type (always 2) | | 0x8 || 0x2 || Type (always 2) | ||
| Line 11: | Line 21: | ||
| 0xA || 0x2 || Version (always 1) | | 0xA || 0x2 || Version (always 1) | ||
|- | |- | ||
| 0xC || 0x14 || | | 0xC || 0x14 || Padding | ||
|- | |- | ||
| 0x20 || 0x10 || IV for encrypted key | | 0x20 || 0x10 || IV for encrypted key | ||
| Line 20: | Line 30: | ||
|- | |- | ||
|} | |} | ||
== Generation == | |||
SCE provides in official SDK a tool called pc2ks that converts passcode to keystone. | |||
== Decryption == | |||
The first step is to check the HMAC of the file. The process is to use the HMAC key from the [[Keys#PFS_Secret_Keys]] page to check the HMAC at position 0x40 in the file. If it is correct, it proceeds to use another key to decrypt the value at 0x30 using the value at 0x20 as the IV. | The first step is to check the HMAC of the file. The process is to use the HMAC key from the [[Keys#PFS_Secret_Keys]] page to check the HMAC at position 0x40 in the file. If it is correct, it proceeds to use another key to decrypt the value at 0x30 using the value at 0x20 as the IV. | ||
Latest revision as of 21:44, 26 April 2018
keystone file is located in sce_sys folder of apps/patches/addcont/savedatas/trophies. It is PFS encrypted.
It embeds a key called keystone that is used to verify that :
1) somebody who wants to extract/verify PKG is the owner of the product
2) a patch data is published by the creator of the app data
Keystone is generated from Passcode.
File Structure[edit | edit source]
| Offset | Size | Description |
|---|---|---|
| 0x0 | 0x8 | Magic "keystone" |
| 0x8 | 0x2 | Type (always 2) |
| 0xA | 0x2 | Version (always 1) |
| 0xC | 0x14 | Padding |
| 0x20 | 0x10 | IV for encrypted key |
| 0x30 | 0x10 | Encrypted key |
| 0x40 | 0x20 | HMAC Value |
Generation[edit | edit source]
SCE provides in official SDK a tool called pc2ks that converts passcode to keystone.
Decryption[edit | edit source]
The first step is to check the HMAC of the file. The process is to use the HMAC key from the Keys#PFS_Secret_Keys page to check the HMAC at position 0x40 in the file. If it is correct, it proceeds to use another key to decrypt the value at 0x30 using the value at 0x20 as the IV.