Register / Log in
06
July

KIRK 0×10 Private Key

Written by Davee. 52 comments Posted in: PlayStation Portable Development

The private key for the KIRK 0×10 functionality is known to be stored in a encrypted buffer of 0×20 bytes. Proxima discovered that the KIRK 0×10 operates as this:

Kirk 0x10 - ECDSA Sign hash
Invocation:
u8 buffer[0x34]
u8 encryptedprivatekey[0x20] - the private key returned by KIRK 0xC must be AES encrypted somehow
u8 SHA1hashofmessagetosign[0x14]
memcpy(buffer,encryptedprivatekey,0x20)
memcpy(buffer+0x20,SHA1hashofmessagetosign,0x14)
sceUtilsBufferCopyWithRange(newsig,0x28,buffer,0x34,0x10);
 
newsig will have the r and s values for an ECDSA signature
 
This isn't that useful since it is not clear how to encrypt the private key to sign the message. There are some examples in IDStorage where a pre-encrypted private key and public key pair can be used, but no general cases yet.


With a bit more reading and working with Proxima, we have discovered how to encrypt and decrypt these keys! Below is code:

typedef struct
{
	u8 fuseid[8];	//0
	u8 mesh[0x40];	//0x8
} keygen_data; //0x48
 
u8 g_idstorage_dA_key[] =
{
	0x47, 0x5E, 0x09, 0xF4, 0xA2, 0x37, 0xDA, 0x9B, 
	0xEF, 0xFF, 0x3B, 0xC0, 0x77, 0x14, 0x3D, 0x8A
};
 
void decrypt_kirk10_private(u8 *dA_out, u8 *dA_enc)
{
	int i, k;
	keygen_data keydata;
	u8 subkey_1[0x10], subkey_2[0x10];
	rijndael_ctx aes_ctx;
 
	/* get the fuse id */
	for (i = 0; i < 4; i++)
	{
		keydata.fuseid[3 - i] = ((u8 *)0xBC100090)[i+4];
		keydata.fuseid[7 - i] = ((u8 *)0xBC100090)[i];
	}
 
	/* set encryption key */
	rijndael_set_key(&aes_ctx, g_idstorage_dA_key, 128);
 
	/* set the subkeys */
	for (i = 0; i < 0x10; i++)
	{
		/* set to the fuseid */
		subkey_2[i] = subkey_1[i] = keydata.fuseid[i % 8];
	}
 
	/* do aes crypto */
	for (i = 0; i < 3; i++)
	{
		/* encrypt + decrypt */
		rijndael_encrypt(&aes_ctx, subkey_1, subkey_1);
		rijndael_decrypt(&aes_ctx, subkey_2, subkey_2);
	}
 
	/* set new key */
	rijndael_set_key(&aes_ctx, subkey_1, 128);
 
	/* now lets make the key mesh */
	for (i = 0; i < 3; i++)
	{
		/* do encryption in group of 3 */
		for (k = 0; k < 3; k++)
		{
			/* crypto */
			rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);
		}
 
		/* copy to out block */
		memcpy(&keydata.mesh[i * 0x10], subkey_2, 0x10);
	}
 
	/* set the key to the mesh */
	rijndael_set_key(&aes_ctx, &keydata.mesh[0x20], 128);
 
	/* do the encryption routines for the aes key */
	for (i = 0; i < 2; i++)
	{
		/* encrypt the data */
		rijndael_encrypt(&aes_ctx, &keydata.mesh[0x10], &keydata.mesh[0x10]);
	}
 
	/* set the key to that mesh shit */
	rijndael_set_key(&aes_ctx, &keydata.mesh[0x10], 128);
 
	/* cbc decrypt the dA */
	aes_cbc_decrypt(&aes_ctx, dA_enc, dA_out, 0x20, NULL);
}
 
void encrypt_kirk10_private(u8 *dA_out, u8 *dA_dec)
{
	int i, k;
	keygen_data keydata;
	u8 subkey_1[0x10], subkey_2[0x10];
	rijndael_ctx aes_ctx;
 
	/* get the fuse id */
	for (i = 0; i < 4; i++)
	{
		keydata.fuseid[3 - i] = ((u8 *)0xBC100090)[i+4];
		keydata.fuseid[7 - i] = ((u8 *)0xBC100090)[i];
	}
 
	/* set encryption key */
	rijndael_set_key(&aes_ctx, g_idstorage_dA_key, 128);
 
	/* set the subkeys */
	for (i = 0; i < 0x10; i++)
	{
		/* set to the fuseid */
		subkey_2[i] = subkey_1[i] = keydata.fuseid[i % 8];
	}
 
	/* do aes crypto */
	for (i = 0; i < 3; i++)
	{
		/* encrypt + decrypt */
		rijndael_encrypt(&aes_ctx, subkey_1, subkey_1);
		rijndael_decrypt(&aes_ctx, subkey_2, subkey_2);
	}
 
	/* set new key */
	rijndael_set_key(&aes_ctx, subkey_1, 128);
 
	/* now lets make the key mesh */
	for (i = 0; i < 3; i++)
	{
		/* do encryption in group of 3 */
		for (k = 0; k < 3; k++)
		{
			/* crypto */
			rijndael_encrypt(&aes_ctx, subkey_2, subkey_2);
		}
 
		/* copy to out block */
		memcpy(&keydata.mesh[i * 0x10], subkey_2, 0x10);
	}
 
	/* set the key to the mesh */
	rijndael_set_key(&aes_ctx, &keydata.mesh[0x20], 128);
 
	/* do the encryption routines for the aes key */
	for (i = 0; i < 2; i++)
	{
		/* encrypt the data */
		rijndael_encrypt(&aes_ctx, &keydata.mesh[0x10], &keydata.mesh[0x10]);
	}
 
	/* set the key to that mesh shit */
	rijndael_set_key(&aes_ctx, &keydata.mesh[0x10], 128);
 
	/* cbc encrypt the dA */
	aes_cbc_encrypt(&aes_ctx, dA_dec, dA_out, 0x20, NULL);
}

As you can see, there is common key generation code, you could make it into it’s own subroutine but I’ve laid out the code for clarity.
-Davee

52 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. jigsaw

    Hi Davee,

    Stupid question:
    Is this piece of code reversed from emulator in PS3, or by pure trial-and-error?

    And same question for pre-IPL (your previous blog), is it too hidden in the emulator?

    rgds,
    -jigsaw

    Thu 14th July, 2011 at 22:43 BST
  2. Davee

    This piece of code is reversed from the ID-Storage regeneration tool.

    The bootrom information is gained through statistical attacks on the service mode on a TA-88v3. The hash information is gained from previous knowledge and common sense.

    -Davee

    Fri 15th July, 2011 at 00:56 BST
  3. jigsaw

    I’d thought every bit of DA’s work has been reversed.
    Thanks Davee.

    -jigsaw

    Fri 15th July, 2011 at 11:07 BST
  4. Destrey

    I really apprecaite free, succinct, reliable data like this.

    Wed 7th September, 2011 at 07:19 BST
  5. amymxruo

    n5uHAW gqnfuvhlwvto

    Wed 7th September, 2011 at 14:42 BST
  6. qjnkdnj

    v8RGyo , [url=http://tkudginkljok.com/]tkudginkljok[/url], [link=http://zljunnshsxnu.com/]zljunnshsxnu[/link], http://yjnmpwaxdaxi.com/

    Wed 7th September, 2011 at 18:44 BST
  7. sjxxisi

    h9HtyZ cwizzrzbmogp

    Fri 9th September, 2011 at 09:39 BST
  8. abercrombie and fitch uk

    This is my first time i go to here. I identified a lot of entertaining things in your blog site, especially its discussion. Through the tons of comments in your articles, I guess I am not the only one having every one of the enjoyment here! hold up the great perform.

    Thu 22nd September, 2011 at 10:12 BST
  9. moncler jacken

    moncler jacken online shop

    Fri 23rd December, 2011 at 07:01 BST
  10. abercrombie and fitch

    abercrombie and fitch uk sale

    Fri 23rd December, 2011 at 07:03 BST

Continuing the Discussion

  1. affiliate

    Best Links 2011…

    Wonderful work! This is the type of info that should be shared around the web. Shame on Google for not positioning this post higher! Come on over and visit my site . Thanks =)…

    Mon 5th September, 201112:47 BST
  2. air conditioning repair connecticut

    Best Links 2011…

    I’ve recently started a blog, the information you provide on this web site has helped me greatly. Thank you for all of your time & work….

    Mon 5th September, 201114:00 BST
  3. lloyds internet banking

    a small question…

    Howdy, I want to ask you one thing. Is this site a wordpress blog site? We’re planning on changing my weblog from Blogger to wordpress, you think that is practical? Additionally did you create this template by yourself some how? Cheers for the help!…

    Mon 5th September, 201114:20 BST
  4. internet marketing tips

    Best Links 2011…

    I’ve read a few good stuff here. Certainly worth bookmarking for revisiting. I surprise how much effort you put to make such a excellent informative web site….

    Mon 5th September, 201115:01 BST
  5. Rokko

    I’ve a WordPress blog with Arras theme. This site strangely shows different on different computers. On some computers, I see all 3 columsn, on other PC, I see only 1. On other PCs, some wiered things. Please somebody help me…..

    How many blog post should i have before i start promoting it?…

    Mon 5th September, 201117:41 BST
  6. SEO PRESSOR REVIEW

    Best Links 2011…

    magnificent post, very informative. I wonder why the other experts of this sector do not notice this. You must continue your writing. I’m confident, you’ve a huge readers’ base already!…

    Mon 5th September, 201119:20 BST
  7. brandenburger tor

    brandenburger tor…

    [...]i This is very attention-grabbing, You’re a very professional writer. I’v bh[...]…

    Tue 6th September, 201108:51 BST
  8. Dandruff home remedy

    Links…

    Hey! Would you know if they make any plug ins to help with Search engine optimization? I’m trying to get my blog to rank for some targeted key words but I’m not seeing very great success. Once you discover of any please write about….

    Tue 6th September, 201113:17 BST
  9. Eric S Brown Parking

    Sites we Like……

    [...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……

    Tue 6th September, 201117:20 BST
  10. OP Schlauchmagen

    Best Links 2011…

    Great wordpress blog here.. It’s hard to find quality writing like yours these days. I really appreciate people like you! take care…

    Thu 8th September, 201112:32 BST
  11. electric cigarettes

    Best Links 2011…

    hey there and thank you for your info – I’ve definitely picked up something new from right here. I did however expertise some technical issues using this website, since I experienced to reload the site a lot of times previous to I could get it to load …

    Thu 8th September, 201112:58 BST
  12. What causes dandruff

    Read was interesting, stay in touch…

    Wonderful article and easy to fully understand explanation. How do I go about getting permission to publish part of the article in my future newsletter?…

    Thu 8th September, 201113:13 BST
  13. smokeless cigarette

    Best Links 2011…

    Everything is very open and very clear explanation of issues. was truly information. Your website is very useful. Thanks for sharing….

    Thu 8th September, 201113:21 BST
  14. Subliminal Advertising

    Best Links 2011…

    Good website! I really love how it is easy on my eyes and the data are well written. I’m wondering how I could be notified when a new post has been made. I’ve subscribed to your RSS which must do the trick! Have a great day!…

    Thu 8th September, 201120:38 BST
  15. Gumby Robbery

    Best Links 2011…

    Hello, i think that i saw you visited my site so i came to “return the favor”.I am trying to find things to improve my web site!I suppose its ok to use some of your ideas!!…

    Thu 8th September, 201120:55 BST
  16. best diet pill

    Best Links 2011…

    Somebody essentially help to make seriously posts I would state. This is the very first time I frequented your website page and thus far? I amazed with the research you made to create this particular publish incredible. Magnificent job!…

    Fri 9th September, 201114:19 BST
  17. hcg diet

    Best Links 2011…

    I appreciate, cause I found just what I was looking for. You’ve ended my four day long hunt! God Bless you man. Have a great day. Bye…

    Fri 9th September, 201114:41 BST
  18. forex signals

    Best Links 2011…

    Valuable information. Lucky me I found your web site by accident, and I’m shocked why this accident didn’t happened earlier! I bookmarked it….

    Fri 9th September, 201120:11 BST
  19. wedding speeches

    Best Links 2011…

    I’m not sure where you are getting your info, but good topic. I needs to spend some time learning much more or understanding more. Thanks for magnificent info I was looking for this information for my mission….

    Fri 9th September, 201120:14 BST
  20. Private Label Rights, PLR eBooks

    Best Links 2011…

    It’s really a great and helpful piece of info. I’m glad that you shared this helpful info with us. Please keep us informed like this. Thanks for sharing….

    Fri 9th September, 201120:53 BST
  21. You've Tried And Failed Before, Now Try A Program That Really Pays

    Best Links 2011…

    Undeniably believe that which you said. Your favorite justification seemed to be on the internet the simplest thing to be aware of. I say to you, I certainly get annoyed while people consider worries that they just don’t know about. You managed to hit…

    Fri 9th September, 201122:12 BST
  22. penny auction forums

    Best Links 2011…

    Greetings! Very helpful advice on this article! It is the little changes that make the biggest changes. Thanks a lot for sharing!”…

    Fri 9th September, 201123:19 BST
  23. {How to find yourself a nice flat screen tv for cheap|LCD Televisions Explained|Top 3: 3D LCD Televisions|Samsung LCD Televisions|Simple Steps to Install Your LCD Televisions|Selecting an LCD Television Mount|Cheap Flat Screen TV|Cheap Flat Screen|Cheap L

    {Interesting|Exciting|Significant|Fascinating|Appealing|Useful|Important|Intriguing|Unique|Helpful} {Post|Article|Blog post|Publish|Posting|Write-up|Place|Content|Submit|Put up}…

    You ought to consider this post, it might provide valuable information to add to all your site….

    Fri 9th September, 201123:32 BST
  24. nutrition diet

    Best Links 2011…

    Hello, you used to write fantastic, but the last few posts have been kinda boring… I miss your super writings. Past few posts are just a little bit out of track! come on!…

    Fri 9th September, 201123:42 BST
  25. weight loss tip

    Best Links 2011…

    Nice read, I just passed this onto a friend who was doing a little research on that. And he actually bought me lunch since I found it for him smile Therefore let me rephrase that: Thank you for lunch!…

    Sat 10th September, 201100:39 BST
  26. hcg diet plans

    Best Links 2011…

    I truly appreciate this post. I have been looking all over for this! Thank goodness I found it on Bing. You’ve made my day! Thx again…

    Sat 10th September, 201101:30 BST
  27. {How to find yourself a nice flat screen tv for cheap|LCD Televisions Explained|Top 3: 3D LCD Televisions|Samsung LCD Televisions|Simple Steps to Install Your LCD Televisions|Selecting an LCD Television Mount|Cheap Flat Screen TV|Cheap Flat Screen|Cheap L

    {Interesting|Exciting|Significant|Fascinating|Appealing|Useful|Important|Intriguing|Unique|Helpful} {Post|Article|Blog post|Publish|Posting|Write-up|Place|Content|Submit|Put up}…

    You ought to have a look at this blog post, it may perhaps provide beneficial information so that you can add in your site….

    Sat 10th September, 201101:32 BST
  28. detox tips

    Best Links 2011…

    Excellent beat ! I wish to apprentice while you amend your website, how could i subscribe for a blog site? The account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast offered bright clear idea…

    Sat 10th September, 201101:56 BST
  29. make money online

    Best Links 2011…

    Someone essentially help to make seriously articles I would state. This is the first time I frequented your web page and thus far? I amazed with the research you made to create this particular publish amazing. Great job!…

    Sat 10th September, 201102:51 BST
  30. banking unusual

    Great Site…

    I observed this really good article today. Look at it….

    Sat 10th September, 201112:32 BST
  31. Eric S Brown and Ian D brown

    Links…

    [...]Sites of interest we have a link to[...]……

    Mon 12th September, 201104:37 BST
  32. babyphone video

    Related…

    I seriously really enjoy visiting your blog! your specific method to see things is what keeps me intrigued. Thank you so much!!!!…

    Mon 12th September, 201106:33 BST
  33. 365 crockpot

    Read was interesting, stay in touch…

    Superb content and easy to fully understand description. How do I go about getting permission to publish section of the article in my future newsletter?…

    Mon 12th September, 201117:35 BST
  34. crock pot

    Links…

    Hey! Do you know if they make any plug ins to help with Seo? I’m seeking to get my blog to rank for some targeted key phrases but I’m not seeing very good success. Once you discover of any please share….

    Mon 12th September, 201119:09 BST
  35. Asian Tiger Mosquito

    Best Links 2011…

    Greetings! Very helpful advice on this article! It is the little changes that make the biggest changes. Thanks a lot for sharing!”…

    Mon 12th September, 201123:30 BST
  36. Iron Deficiency Symptoms

    Best Links 2011…

    I truly appreciate this post. I have been looking all over for this! Thank goodness I found it on Bing. You have made my day! Thank you again…

    Tue 13th September, 201101:37 BST
  37. Subliminal Messages

    Best Links 2011…

    I’m really impressed with your writing skills and also with the layout on your weblog. Is this a paid theme or did you modify it yourself? Either way keep up the excellent quality writing, it is rare to see a nice blog like this one today…..

    Tue 13th September, 201104:15 BST
  38. cla for fat loss

    Gems form the internet…

    [...]very few websites that happen to be detailed below, from our point of view are undoubtedly well worth checking out[...]……

    Tue 13th September, 201118:48 BST
  39. money making

    Best Links 2011…

    Thanx for the effort, keep up the good work Great work, I am going to start a small Blog Engine course work using your site I hope you enjoy blogging with the popular BlogEngine.net.Thethoughts you express are really awesome. Hope you will right some m…

    Tue 13th September, 201121:46 BST
  40. used instruments

    Best Links 2011…

    I like what you guys are up too. Such smart work and reporting! Carry on the excellent works guys I have incorporated you guys to my blogroll. I think it will improve the value of my web site :)

    Tue 13th September, 201122:27 BST
  41. What Causes Heartburn

    Best Links 2011…

    My brother suggested I might like this website. He was entirely right. This post actually made my day. You can not imagine just how much time I had spent for this info! Thanks!…

    Tue 13th September, 201123:30 BST
  42. senior picture ideas

    Best Links 2011…

    Hiya, I am really glad I’ve found this information. Nowadays bloggers publish only about gossips and net and this is actually irritating. A good web site with interesting content, that is what I need. Thank you for keeping this web site, I will be vis…

    Thu 15th September, 201101:05 BST

Some HTML is OK

or, reply to this post via trackback.

« »