Talk:Keys: Difference between revisions

From Vita Developer wiki
Jump to navigation Jump to search
Line 89: Line 89:
</pre>
</pre>
Checked in Syscon only.
Checked in Syscon only.
=== SNVS Keys ===
==== Prototype SNVS Keys (min FW < 0.996) ====
Maybe also eMMC Keys.
These constant keys are used instead of per-console keys stored in Bigmac keyslots 0x502-0x504.
===== AES XTS Tweak Key =====
<pre>
E122F9C47E1C94F082536A1F244B9A9C
E08DA5E8E122F9C47E1C94F082536A1F
</pre>
===== AES XTS Decryption Key =====
<pre>
244B9A9CE08DA5E8E122F9C47E1C94F0
82536A1F244B9A9CE08DA5E8E122F9C4
</pre>
===== HMAC-SHA256 Key =====
<pre>
EDF481EF0AFF55CD1A643E8A7AF50911
36A7749CEDF481EF0AFF55CD1A643E8A
</pre>


= IdStorage Related (224 bit) =
= IdStorage Related (224 bit) =

Revision as of 17:52, 8 June 2020

Ernie HandShake Keys (Not in Ernie)

Keyset 4

Step 2 AES128ECB key: 

A6CD383341CB9B0D69FD4A243E30F4B1

Initial key to encrypt step 2 packet.

Step 3 AES128ECB key: 

D3EFEDE608691946CB77E14F8DEC69FA

Intermediate key used to decrypt Syscon step 3 response.

Ernie communication session key AES128ECB master key: 

15C7B32429F8603216F4F3E081D7C86D

Master key to generate Ernie communication session key (stored in Bigmac keyslot 0x511) by encrypting step 2 data.

Step 2 passphrase: 

9ABD1B275C7537F7E62AB93AB3EB76F9

Checked by Syscon only.

Step 4-5 passphrase: 

DC454ED5F6E8A2B1B24D34A82215B2A5

Checked by both Syscon (step 4) and cMeP (step 5) to ensure packet authenticity.

Keyset 6

Step 2 AES128ECB key: 

1053143BEAECC59FCFF1A195F8F5AFB0

Initial key to encrypt step 2 packet.

Step 3 AES128ECB key: 

F90CDCBF009BA8367F841B25E8B10306

Intermediate key used to decrypt Syscon step 3 response.

Ernie communication session key AES128ECB master key: 

6F6374FD1A41A75269EE15832451DEBF

Master key to generate Ernie communication session key (stored in Bigmac keyslot 0x511) by encrypting step 2 data.

Step 2 passphrase: 

B6806F9F58706D72B0E03717197D430C

Checked by Syscon only.

Step 4-5 passphrase: 

0E08A20C8718BD3B158E2E6992202DE7

Checked by both Syscon (step 4) and cMeP (step 5) to ensure packet authenticity.

Keyset 0xC (AuthEtoI, similar to command 0xA0)

Step 2 AES128ECB key: 

3CF54027DAE2F45C929B76927DFFD269

Initial key to encrypt step 2 packet.

Step 3 AES128ECB key: 

39AF55239062D2F3F6CBB401EDC54C09

Intermediate key used to decrypt Syscon step 3 response.

Ernie communication session key AES128ECB master key: 

00000000000000000000000000000000

Unused with command AuthEtoI.

Step 2 passphrase: 

4231FFB14B941DBFEB44DFF97E64EC7D

Checked in Syscon only.

SNVS Keys

Prototype SNVS Keys (min FW < 0.996)

Maybe also eMMC Keys.

These constant keys are used instead of per-console keys stored in Bigmac keyslots 0x502-0x504.

AES XTS Tweak Key
E122F9C47E1C94F082536A1F244B9A9C
E08DA5E8E122F9C47E1C94F082536A1F
AES XTS Decryption Key
244B9A9CE08DA5E8E122F9C47E1C94F0
82536A1F244B9A9CE08DA5E8E122F9C4
HMAC-SHA256 Key
EDF481EF0AFF55CD1A643E8A7AF50911
36A7749CEDF481EF0AFF55CD1A643E8A

IdStorage Related (224 bit)

1A9146C3AB04FBA1C32027C47C7906947CC2AB1E247AF59A8D714AF44CA559E78A2C164A77DAD5A878F516E4D905D810C73C39E70EA93198 Sec.0(vita?)
A17772FD3E86091EAE2B246D5E05CE80A8E24A03C6764D26CD2443AE3DD656F919A10F87C67CB2AE280D0751E15ECD3C4FDFC9D71D7F067C Sec.1(vita?)
056891AE27047A7D5DE88C57612E1A7D0A7CCD369E8CF2F8F374FEA34155B20B613236C2BDFFE8187AC09C7EDF194D81A440BEB91DC6F257 Sec.2(vita?)
6B0AB6A5570334E8B559CC06BA811618ADD2A1EC587A98D35A04E8B98B1D5903711469EE3049B06E1EC81EEB72A9E181D5920B453CF2C21F Sec.3(vita?)
1C1816019AE3F8955021892257535F0E92D988E11EA45C2E908E2E208C10F3D7F3ED189EEFC027C8A91B6770A727402423CE976A3435FF8A Sec.4(vita?)
108464CCDB76611475AEA911FBD1D476FF41F1C70D811031C552DB9B85E9941A3FD79644B717E0FEE48C4CF7387CF10E900BDBC2D7A35F5D Sec.5(vita?)
  • note : Qx/Qy combined public keys of the 224bit part of idstorage (vita?)

IdStorage Related (160 bit)

4004C80BD9C8BA38221065923E324B5F0EC165ED6CFF7D9F2C420B84DFDA6E96C0AEE29927BCAF1E Sec.0 (psp) 
06485FD029853B552F7EFDD67A2DE7A1A4E25537B2459D8786426D5B27EFA5A9311CB8ABABFA0ECE Sec.1 (psp)
3F8C34F210AEC48E1520FF2A44899E054A0DA33DF8B9754B09C0EC7E61867A5126FE6926972196F5 Sec.2 (psp)
CCB3440DC4836DD519E13B2805B30870DCAEE462136B3888651A98E02B29FA0CD34F1616F1ED5786 Sec.3 (psp)
08B336925C2B445D03A9BE51B9AABF54E4CC142EA72A23BB8060B03B71CDE0772DE82AD8931648D6 Sec.4 (psp)
4F0A2BC9987640860E22EE5D86087C9692470BDF59DC4C1F2E38F92CE7B66875B59ED10C9D84FA6A Sec.5 (psp)
94D100BE6E24991D65D93F3DA938858CEC2D133051F47DB4287AC86631719B31573EF7CCE071CA8A Sec.0 (ps3?)
071984A1F27D1E91196410D57C828AF7115BF1A32071AA1EC25B7FBF4884F5322A26483C46D8B43C Sec.1 (ps3?)
1B6389CECD99843CA088E325C796F510A151C1545C5DE4E37A1D892D2504A8604C094F59063D589F Sec.2 (ps3?)
17BE639B87F138049D94398E8929DE535D1CB0DC5E7C04D720D2F3DE86F9B581DD1B6F7CDCF80DE4 Sec.4 (ps3?)
4B4F044420207907E3BC7D5423FF4D05E9DAA10B1F973327F7FEDEAE498BC656FF7C7459C9B993F4 Sec.5 (ps3?)
1F960A3BD61462553A0DC015AEC66C818CBAA8F62F733AC9F0C287D496F321058AC26669ECBED3DB Sec.6 (ps3?)
  • note : Qx/Qy combined public keys of the 160bit part of idstorage (psp) (ps3?)

PFS HMAC Usage (Vitashell Example)

  • input : echo -n '706673534b4b657902000000000000008cf037f28ea485a53610a0e2b0c57c4d704bfdae23f27bdb82be52bbcee7220f' | xxd -r -p | openssl dgst -sha256 -mac hmac -macopt hexkey:8c5d3a4b9d9bf4b453bce6cdc34331d8
  • output : dad6825c22e67e45ed29ea8d16d32b6bc16d513210007df4cb23e723e4494bca

PFS CBC Usage (Vitashell Example)

  • input : openssl aes-128-cbc -d -in encrypted_key.bin -out key.bin -nosalt -K 00298CDF4428E72C8785DAE0923C60BD -iv 8CF037F28EA485A53610A0E2B0C57C4D -p -nopad
  • output : 42B015D142B0F35F8251607A0AE87A0F

Portability Keysets

Enc Key 0 (SceShell)

  • 6AA3C1F8641C9142822BBC7A74CC9241A18CD5B1B9A4B89E472F21EBAA254072

Dec Key 0 (SceShell)

  • 454250564C34350A8C3AA565A6DD8F41F61F794D65B870D0D07A58D8420FC9EA
  • Starts With EBP Magic!

Keyset 3 (SceShell)

  • A9138DADE0F2C77DB24BF111ED8D16B9

Keyset 4 (SceShell)

  • 65848998426DD3E96636616436313035

Keyset 5 (SceShell)

  • 6DBA79D496009D32D47D8F89B815ECC38A8D1734B0912E3529A11DFC1E72AF32

PSN X-PassPhrase (SceShell)

  • 65848998426DD3E9663731616165323733656435653136303165326661383430
  • Magic 65 84 89 98 42 6D D3 E9

Keyset 7 (SceShell)

  • 30D3E17C0A295898690459CB5A42FE0AA16FFDB373FF2E55CA1A58D695762604

Keyset 8 (SceShell)

  • 0772879FED34D12910C53B8608C42755392B0E084A9568F5A5B16F4C50939E81

Keyset 9 (SceShell)

  • CD5BD9489D49E31E0D3F5989590BBEF4

Keyset 10 (SceShell)

  • 6F6A3466697168657379752B51346453
  • also read as ASCII: oj4fiqhesyu+Q4dS

Keyset 11 (SceShell)

  • 716D616B656C7A637A39696A6772654470666A7964297265736C396F6C624E64
  • also read as ASCII: qmakelzcz9ijgreDpfjyd)resl9olbNd

Keyset 12 (SceShell)

  • 616675746579712D426D687A6D676738793648616C75666574676661756D6661
  • also read as ASCII: afuteyq-Bmhzmgg8y6Halufetgfaumfa

Keyset 13 (PostSs) (Internal)

  • 985AB256F18C336A8CDE05F1FF08D73615A5710F62CA4DA9B4671F2CABAE4720

Keyset 14 (PostSs) (External)

  • 706673534B4B65795F5F456E634B657900298CDF4428E72C8785DAE0923C60BD
  • ASCII: pfsSKKey__EncKey followed by the key

Keyset 15 (PostSs) (External)

  • 706673534B4B65795F5F5365637265748C5D3A4B9D9BF4B453BCE6CDC34331D8
  • ASCII: pfsSKKey__Secret followed by the key

Keyset 16 (PostSs) (Internal)

  • 1A2F5EBC915D58983884751FB8193A8450F2FA50FA11A80298BFC32664BE37FE
Retrieved from "http://www.psdevwiki.com/vita/index.php?title=Talk:Keys&oldid=7104"