Keystone

From Vita Developer wiki
Revision as of 21:44, 26 April 2018 by CelesteBlue (talk | contribs) (→‎File Structure)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

keystone file is located in sce_sys folder of apps/patches/addcont/savedatas/trophies. It is PFS encrypted.

It embeds a key called keystone that is used to verify that :

1) somebody who wants to extract/verify PKG is the owner of the product

2) a patch data is published by the creator of the app data

Keystone is generated from Passcode.

File Structure

Offset Size Description
0x0 0x8 Magic "keystone"
0x8 0x2 Type (always 2)
0xA 0x2 Version (always 1)
0xC 0x14 Padding
0x20 0x10 IV for encrypted key
0x30 0x10 Encrypted key
0x40 0x20 HMAC Value

Generation

SCE provides in official SDK a tool called pc2ks that converts passcode to keystone.

Decryption

The first step is to check the HMAC of the file. The process is to use the HMAC key from the Keys#PFS_Secret_Keys page to check the HMAC at position 0x40 in the file. If it is correct, it proceeds to use another key to decrypt the value at 0x30 using the value at 0x20 as the IV.