PS3 Crypto Keys

From EurAsiaWiki

Main Page | Recent changes | View source | Page history | Log in / create account |

Special pages Double redirects Broken redirects Disambiguation pages Log in / create account Preferences My watchlist Recent changes Upload file File list Gallery of new files User list Statistics Random page Orphaned pages Uncategorized pages Uncategorized categories Uncategorized files Uncategorized templates Unused categories Unused files Wanted pages Wanted categories Most linked to pages Most linked to categories Most linked-to templates Pages with the most categories Most linked to files Pages with the most revisions Pages with the fewest revisions Short pages Long pages New pages Oldest pages Dead-end pages Protected pages Protected titles All pages Prefix index List of blocked IP addresses and usernames User contributions What links here Book sources Categories Export pages Version System messages Logs MIME search List redirects Unused templates Random redirect Pages without language links File path Popular pages Search

Printable version | Disclaimers | Privacy policy
Category: PS3

---

Contents 1 Lv2ldr keys 2 metldr keys 3 Application loader keys 4 sha1 hashes for some keys 5 USB Dongle Master Key 6 PKG keys 7 lv2ldr curve list 8 root key 9 isoldr keys 10 appldr v3.55 keys 11 appldr key for v3.50 and v3.41 11.1 3.50 11.2 3.41 12 sign application SELFs 13 Keys for 3.60 and 3.61 14 External links to keys

Lv2ldr keys

Mathieulh @ http://www.twitlonger.com/show/7rtjgt

erk: 94303F69513572AB5AE17C8C2A1839D2C24C28F65389D3BBB11894CE23E0798F

riv: 9769BFD187B90990AE5FEA4E110B9CF5

Decrypts all the External lv2 versions from pre 1.00 to anything below 3.40. Use the algorithm available here: https://ps3wiki.lan.st/index.php/Self_Crypto and here: https://ps3wiki.lan.st/index.php/SELF_File_Format_and_Decryption

To perform the decryption.

Credits:

Mathieulh, RichDevX, Graf_Chokolo, N_D_T, TitanMKD. (all from a brand new, yet unnamed team.)

---

metldr keys

geohot @ http://psx-scene.com/forums/642537-post117.html

GG SONY!!!!!

I'm in your console borrowing your metldr keys

3.41 kernel keys as semi proof, more to come

erk(12AB0): 57 5B 0A 6C 4B 4F 27 60 A0 3F E4 18 9E BA F4 D9 47 27 9F D9 82 B1 40 70 34 90 98 B0 8F F9 2C 10

riv(12AD0): 41 1C B1 8F 46 0C E5 0C AF 2C 42 6D 8F 0D 93 C8

---

Application loader keys

Mathieulh @ http://www.twitlonger.com/show/7s32qa

erk-315 79481839C406A632BDB4AC093D73D99AE1587F24CE7E69192C1CD0010274A8AB
riv-315 6F0F25E1C8C4B7AE70DF968B04521DDA

erk 4F89BE98DDD43CAD343F5BA6B1A133B0A971566F770484AAC20B5DD1DC9FA06A
riv 90C127A9B43BA9D8E89FE6529E25206F

erk AAC20B5DD1DC9FA06A90C127A9B43BA9D8E89FE6529E25206F8CA6905F46148D
riv 7D8D84D2AFCEAE61B41E6750FC22EA43

erk-080 95F50019E7A68E341FA72EFDF4D60ED376E25CF46BB48DFDD1F080259DC93F04
riv-080 4A0955D946DB70D691A640BB7FAECC4C

erk D91166973979EA8694476B011AC62C7E9F37DA26DE1E5C2EE3D66E42B8517085
riv DC01280A6E46BC674B81A7E8801EBE6E

erk F9EDD0301F770FABBA8863D9897F0FEA6551B09431F61312654E28F43533EA6B
riv A551CCB4A42C37A734A2B4F9657D5540

Enjoy !

(P.S. I have't had time to figure out all the versions keys xD)

Credits: Graf_Chokolo, RichDevX, Mathieulh, N_D_T, TitanMKD

---

sha1 hashes for some keys

Private Pastie <-- sha1 hashes for some keys

a3d8fbcf120177844c848c72afe8bf7e5fa29ab4  iso-ctype-315
287e056ab77c7a10ec73108e63f12b811ff0f888  iso-iv-315
161e5c4ca0064bddf445c19d89f703384e504f41  iso-key-315
9739847f294d869b4c73fc8115be3f60cf660c4c  iso-priv-315
755d0f717cf0af17f60ef0810a45009245869b5c  lv2-ctype-315
1160bc28c9547067c7b5d3661b822290a1474d9f  lv2-iv-315
9aa78cc3d63be7858a875819717f3965527dd046  lv2-key-315
73340c5b90402552b333331e9b4189c1cae6e9ba  lv2-priv-315
94fba8ed9675ee9d55dc6dc220b26bb162eb6ccc  spp-ctype-315
8ba0748dc57f79ce508bda47633c01897175008b  spp-iv-315
160d0eac80f0750c3afcfdde3070e75fa5fff864  spp-key-315
87fef0cbf46e06c4fa592d6e4f3f1bf4c9f7fca1  spp-priv-315
b5ab517f7f92cc8604f9e08ebf09e545a06c454d  pkg-ctype-315
ff6b278b7993cccd82837abe8f46a228a93931f4  pkg-iv-315
78624dbfa916a34655678e2eb41ab232156a4acf  pkg-key-315
70e4aa4864197ad39d9226d4c55ea345aa2de287  pkg-priv-315
e1fbd73372cbd3708c1cbe8f95aa2eedeee70406  rvk-ctype-315
3003dcb2385cc8a60fa3566a2cc0e7a76fde680a  rvk-iv-315
e1468a087ecc12af0393b811f826a1bfe23cc891  rvk-key-315
bd20f3764db0d29898f3cb72bababbe73b4b3332  rvk-priv-315

---

USB Dongle Master Key

Graf Chokolo @ http://ps3wiki.lan.st/index.php?title=Hypervisor_Reverse_Engineering#USB_Dongle_Master_Key

• USB Dongle Master Key is stored encrypted in Process 6
• The encrypted key is 64 bytes large
• The decrypted key is 20 bytes large
• The USB Dongle Master Key is decrypted first time the service 0x24002 is used
• The USB Dongle Master Key is decrypted by using the service 0x200E (Decrypt Master) of Vitual TRM Manager
• The decrypted USB Dongle Master Key is stored in Process 6 in clear text (after first usage of this service)
• When decryption of USB Dongle Master Key fails then a dummy key is used
• Unfortunately, in the HV dump 3.15 the USB Dongle Master Key was not decrypted at the moment of dumping
• The first 12 bytes of decrypted USB Dongle Master Key is a magic value: _USB_DONGLE_. After these 12 bytes follows the real USB Dongle Master Key of size 20 bytes. So, if after decryption of USB Dongle Master Key, you see this magic value then the decryption was successfull.

Here is the encrypted USB Dongle Master Key from HV 3.15:

0x22 0xD5 0xD1 0x8C 0xFF 0xE2 0x4F 0xAC 0xEC 0x72 0xA2 0x42 0xA7 0x18 0x98 0x10
0x25 0x33 0xE0 0x96 0xF2 0xC1 0x91 0x0D 0x15 0x23 0xD3 0x07 0x74 0xE7 0x2B 0x72
0xDF 0xA6 0xDD 0xE9 0x68 0x8B 0x76 0x2A 0x6A 0x87 0x51 0x7F 0x85 0x39 0x0B 0xD4
0x20 0x3F 0x46 0x89 0x04 0x82 0xB7 0x30 0x84 0x89 0x4B 0xCC 0x9D 0xB1 0x24 0x7C

This is the decrypted dongle master key:

0x46 0xDC 0xEA 0xD3 0x17 0xFE 0x45 0xD8 0x09 0x23
0xEB 0x97 0xE4 0x95 0x64 0x10 0xD4 0xCD 0xB2 0xC2

This is the decrypted dongle key for dongle ID 0xAAAA which works up to 3.55:

0x04 0x4E 0x61 0x1B 0xA6 0xA6 0xE3 0x9A 0x98 0xCF
0x35 0x81 0x2C 0x80 0x68 0xC7 0xFC 0x5F 0x7A 0xE8

Here is the USB Dongle Master Dummy Key from HV 3.15:

0xD1 0xFC 0x57 0x55 0xBF 0x20 0xFA 0xB2 0xD4 0xA5 0x4A 0x0A 0x0C 0x5D 0x52 0x8E
0xDF 0x66 0xCD 0x74

---

PKG keys

geohot @ http://pastie.org/1419148

u8 pkg_riv[] = {0x4A,0xCE,0xF0,0x12,0x24,0xFB,0xEE,0xDF,0x82,0x45,0xF8,0xFF,0x10,0x21,0x1E,0x6E};

u8 pkg_erk[] = {0xA9,0x78,0x18,0xBD,0x19,0x3A,0x67,0xA1,0x6F,0xE8,0x3A,0x85,0x5E,0x1B,0xE9,0xFB,0x56,0x40,0x93,0x8D,0x4D,0xBC,0xB2,0xCB,0x52,0xC5,0xA2,0xF8,0xB0,0x2B,0x10,0x31};

---

lv2ldr curve list

Mathieulh @ http://www.twitlonger.com/show/7s1ouu

1.00 lv2ldr curve list, this will come handy to calculate your private key.

AF AF 5E 96 AF 39 6C BB 69 07 10 82 C4 6A 8F 34 A0 30 E8 ED B7 99 E0 A7 BE 00 AA 26 4D FF 3A EB F7 92 39 20 D5 59 40 4D

---

root key

http://geohot.com/

erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
  R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
  n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
  K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
 Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70

~geohot

props to fail0verflow for the asymmetric half
no donate link, just use this info wisely
i do not condone piracy

if you want your next console to be secure, get in touch with me. any of you 3.
it'd be fun to be on the other side.

---

isoldr keys

Mathieulh @ http://www.twitlonger.com/show/7sr4vd

Here for the sake of it, isoldr keys:

1.00-3.30:
erk: 8860D0CFF4D0DC688D3223321B96B59A777E6914961488E07048DAECB020ECA4
riv: C82D015D46CF152F1DD0C16F18B5B1E5

3.55: erk: BDB74AA6E3BA2DC10B1BD7F17198399A158DBE1FA0BEA68C90FCACBE4D04BE37
riv:0207A479B1574F8E7F697528F05D5435

Not like those keys are hard to get anymore, yesterday we still had to exploit loaders to get them eh ?

---

appldr v3.55 keys

Bryan @ http://www.twitlonger.com/show/7sq0av

PS3 Keys: extracted from appldr v3.55

erk-000: 95F50019E7A68E341FA72EFDF4D60ED376E25CF46BB48DFDD1F080259DC93F04
iv-000: 4A0955D946DB70D691A640BB7FAECC4C
erk-001: 79481839C406A632BDB4AC093D73D99AE1587F24CE7E69192C1CD0010274A8AB
iv-001: 6F0F25E1C8C4B7AE70DF968B04521DDA
erk-002: 4F89BE98DDD43CAD343F5BA6B1A133B0A971566F770484AAC20B5DD1DC9FA06A
iv-002: 90C127A9B43BA9D8E89FE6529E25206F
erk-003: C1E6A351FCED6A0636BFCB6801A0942DB7C28BDFC5E0A053A3F52F52FCE9754E
iv-003: E0908163F457576440466ACAA443AE7C
erk-004: 838F5860CF97CDAD75B399CA44F4C214CDF951AC795298D71DF3C3B7E93AAEDA
iv-004: 7FDBB2E924D182BB0D69844ADC4ECA5B
erk-005: C109AB56593DE5BE8BA190578E7D8109346E86A11088B42C727E2B793FD64BDC
iv-005: 15D3F191295C94B09B71EBDE088A187A
erk-006: 6DFD7AFB470D2B2C955AB22264B1FF3C67F180983B26C01615DE9F2ECCBE7F41
iv-006: 24BD1C19D2A8286B8ACE39E4A37801C2
erk-007: 945B99C0E69CAF0558C588B95FF41B232660ECB017741F3218C12F9DFDEEDE55
iv-007: 1D5EFBE7C5D34AD60F9FBC46A5977FCE
erk-008: 2C9E8969EC44DFB6A8771DC7F7FDFBCCAF329EC3EC070900CABB23742A9A6E13
iv-008: 5A4CEFD5A9C3C093D0B9352376D19405
erk-009: F69E4A2934F114D89F386CE766388366CDD210F1D8913E3B973257F1201D632B
iv-009: F4D535069301EE888CC2A852DB654461
erk-010: 29805302E7C92F204009161CA93F776A072141A8C46A108E571C46D473A176A3
iv-010: 5D1FAB844107676ABCDFC25EAEBCB633
erk-011: A4C97402CC8A71BC7748661FE9CE7DF44DCE95D0D58938A59F47B9E9DBA7BFC3
iv-011: E4792F2B9DB30CB8D1596077A13FB3B5
erk-012: 9814EFFF67B7074D1B263BF85BDC8576CE9DEC914123971B169472A1BC2387FA
iv-012: D43B1FA8BE15714B3078C23908BB2BCA
erk-013: 95F50019E7A68E341FA72EFDF4D60ED376E25CF46BB48DFDD1F080259DC93F04
iv-013: 4A0955D946DB70D691A640BB7FAECC4C
erk-014: 79481839C406A632BDB4AC093D73D99AE1587F24CE7E69192C1CD0010274A8AB
iv-014: 6F0F25E1C8C4B7AE70DF968B04521DDA
erk-015: 4F89BE98DDD43CAD343F5BA6B1A133B0A971566F770484AAC20B5DD1DC9FA06A
iv-015: 90C127A9B43BA9D8E89FE6529E25206F
erk-016: C1E6A351FCED6A0636BFCB6801A0942DB7C28BDFC5E0A053A3F52F52FCE9754E
iv-016: E0908163F457576440466ACAA443AE7C
erk-017: 838F5860CF97CDAD75B399CA44F4C214CDF951AC795298D71DF3C3B7E93AAEDA
iv-017: 7FDBB2E924D182BB0D69844ADC4ECA5B
erk-018: C109AB56593DE5BE8BA190578E7D8109346E86A11088B42C727E2B793FD64BDC
iv-018: 15D3F191295C94B09B71EBDE088A187A
erk-019: 6DFD7AFB470D2B2C955AB22264B1FF3C67F180983B26C01615DE9F2ECCBE7F41
iv-019: 24BD1C19D2A8286B8ACE39E4A37801C2
erk-020: 945B99C0E69CAF0558C588B95FF41B232660ECB017741F3218C12F9DFDEEDE55
iv-020: 1D5EFBE7C5D34AD60F9FBC46A5977FCE
erk-021: 2C9E8969EC44DFB6A8771DC7F7FDFBCCAF329EC3EC070900CABB23742A9A6E13
iv-021: 5A4CEFD5A9C3C093D0B9352376D19405
erk-022: F69E4A2934F114D89F386CE766388366CDD210F1D8913E3B973257F1201D632B
iv-022: F4D535069301EE888CC2A852DB654461
erk-023: 29805302E7C92F204009161CA93F776A072141A8C46A108E571C46D473A176A3
iv-023: 5D1FAB844107676ABCDFC25EAEBCB633
erk-024: A4C97402CC8A71BC7748661FE9CE7DF44DCE95D0D58938A59F47B9E9DBA7BFC3
iv-024: E4792F2B9DB30CB8D1596077A13FB3B5
erk-025: 9814EFFF67B7074D1B263BF85BDC8576CE9DEC914123971B169472A1BC2387FA
iv-025: D43B1FA8BE15714B3078C23908BB2BCA
erk-026: BB31DF9A6F62C0DF853075FAA65134D9CE2240306C1731D1F7DA9B5329BD699F
iv-026: 263057225873F83940A65C8C926AC3E4
erk-027: 8E737230C80E66AD0162EDDD32F1F774EE5E4E187449F19079437A508FCF9C86
iv-027: 7AAECC60AD12AED90C348D8C11D2BED5
erk-028: F9EDD0301F770FABBA8863D9897F0FEA6551B09431F61312654E28F43533EA6B
iv-028: A551CCB4A42C37A734A2B4F9657D5540

---

appldr key for v3.50 and v3.41

netkas @ http://psx-scene.com/forums/f6/v3-50-appldr-keys-released-gt5-playable-soon-74269/

thx to geohot metldr keys i was able to find 3.5 - appldr key

decrypted vsh.self and pne of 3.50 keys game with it, its real!

3.50

erk: 94 5b 99 c0 e6 9c af 05 58 c5 88 b9 5f f4 1b 23 26 60 ec b0 17 74 1f 32 18 c1 2f 9d fd ee de 55

riv: 1d 5e fb e7 c5 d3 4a d6 0f 9f bc 46 a5 97 7f ce

p.s. sry, hexdump messed byte order to little endian int16, fixed now

3.41

erk: 83 8f 58 60 cf 97 cd ad 75 b3 99 ca 44 f4 c2 14 cd f9 51 ac 79 52 98 d7 1d f3 c3 b7 e9 3a ae da

riv: 7f db b2 e9 24 d1 82 bb 0d 69 84 4a dc 4e ca 5b

---

sign application SELFs

AerialX @ http://twitter.com/AerialX/status/21928732608434176

So, who wants to sign application SELFs? app-priv-rev1: 003de80167d2f0e9d30f2145144a558d1174f5410c

---

---

Keys for 3.60 and 3.61

Slynk @ http://psx-scene.com/forums/826118-post518.html

erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED

iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E

hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5, 0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B, 0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69, 0x68, 0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06, 0xA6, 0xB5, 0xE0, 0xF9, 0xD9, 0x7A

---

External links to keys

bork
https://spreadsheets.google.com/pub?key=0AmWh9I5NKgNddE5NcnlxdHk3Nm9IYVR3djItTE9FT3c&hl=en_GB&output=html

bork
https://github.com/kakaroto/ps3keys

http://www.ps3devwiki.com/index.php?title=Keys

---

View source | Discuss this page | Page history | What links here | Related changes


This page has been accessed 13,870 times. This page was last modified 04:42, 2 January 2012.
Main Page | About EurAsiaWiki |

 

Check the EurAsia Online Shop for your hardware modding needs.