Certified File: Difference between revisions
CelesteBlue (talk | contribs) No edit summary |
No edit summary |
||
(11 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
Certified Files are the most common encrypted files on SCE PlayStation devices since PSP. | Certified Files are the most common encrypted files on SCE PlayStation devices since PSP. | ||
= Introduction = | |||
Not only ELF/PRX files can be signed with this format, other known Certified Files are: | |||
* revoke list (e.g. RL_FOR_PACKAGE.img/RL_FOR_PROGRAM.img, pkg.srvk/prog.srvk, slb2:prog_rvk.srvk) | |||
* policy profiles (e.g. default.spp) | |||
* system software package (e.g. .pkg, .spkg_hdr.X) | |||
It is important to notice that PS3 use big endian whilst PSVita use little endian. | |||
== Header == | == Header == | ||
<source lang="C"> | <source lang="C"> | ||
typedef struct { // Size is 0x20 for v2, 0x30 for v3 | |||
uint32_t magic; | uint32_t magic; | ||
uint32_t version; | uint32_t version; | ||
uint16_t attribute; | uint16_t attribute; | ||
uint16_t category; | uint16_t category; | ||
uint32_t ext_header_size; | uint32_t ext_header_size; | ||
uint64_t file_offset; | uint64_t file_offset; | ||
uint64_t file_size; | uint64_t file_size; | ||
union { | |||
uint64_t cf_file_size; | |||
uint64_t unknown; | |||
}; | |||
} __attribute__((packed)) cf_header; | |||
</source> | </source> | ||
=== Table === | |||
{| class="wikitable" | |||
! field !! offset !! type !! notes | |||
|- | |||
| Magic || 0x0 || u32 || Must be "SCE\0". | |||
|- | |||
| Version || 0x4 || u32 || 2 for PS3, 3 for PSVita. | |||
|- | |||
| Attribute || 0x8 || u16|| Corresponds to the revision of the enc/dec key. See [https://www.psdevwiki.com/ps3/Revision_versus_Version Attributes]. | |||
|- | |||
| Category || 0xA || u16 || See [[Certified_File#Category|Category]]. | |||
|- | |||
| Extended Header size || 0xC || u32 || For SELF category only, set to 0 for other categories. See Extended Header. | |||
|- | |||
| File offset || 0x10 || u64 || Offset to encapsulated data. | |||
|- | |||
| File size || 0x18 || u64 || Size of the encapsulated data. | |||
|- | |||
| CF file size || 0x20 || u64 || Size of the CF file. Present on version 3 only. | |||
|- | |||
| unknown || 0x28 || u64 || Maybe padding. Set to 0. Present on version 3 only. | |||
|} | |||
== Category == | == Category == | ||
Line 29: | Line 66: | ||
|} | |} | ||
= Decryption = | |||
Certified Files are all encrypted using the exact same algorithm. SELF are hashed and signed (signature is RSA based at the very least since firmware 0.940). This section only focuses on the encryption layer itself. | Certified Files are all encrypted using the exact same algorithm. SELF are hashed and signed (signature is RSA based at the very least since firmware 0.940). This section only focuses on the encryption layer itself. | ||
Line 187: | Line 224: | ||
Sections can be compressed. This is reported in the header. | Sections can be compressed. This is reported in the header. | ||
[[Category:Formats]] |
Latest revision as of 22:09, 1 May 2023
Certified Files are the most common encrypted files on SCE PlayStation devices since PSP.
Introduction
Not only ELF/PRX files can be signed with this format, other known Certified Files are:
- revoke list (e.g. RL_FOR_PACKAGE.img/RL_FOR_PROGRAM.img, pkg.srvk/prog.srvk, slb2:prog_rvk.srvk)
- policy profiles (e.g. default.spp)
- system software package (e.g. .pkg, .spkg_hdr.X)
It is important to notice that PS3 use big endian whilst PSVita use little endian.
Header
typedef struct { // Size is 0x20 for v2, 0x30 for v3 uint32_t magic; uint32_t version; uint16_t attribute; uint16_t category; uint32_t ext_header_size; uint64_t file_offset; uint64_t file_size; union { uint64_t cf_file_size; uint64_t unknown; }; } __attribute__((packed)) cf_header;
Table
field | offset | type | notes |
---|---|---|---|
Magic | 0x0 | u32 | Must be "SCE\0". |
Version | 0x4 | u32 | 2 for PS3, 3 for PSVita. |
Attribute | 0x8 | u16 | Corresponds to the revision of the enc/dec key. See Attributes. |
Category | 0xA | u16 | See Category. |
Extended Header size | 0xC | u32 | For SELF category only, set to 0 for other categories. See Extended Header. |
File offset | 0x10 | u64 | Offset to encapsulated data. |
File size | 0x18 | u64 | Size of the encapsulated data. |
CF file size | 0x20 | u64 | Size of the CF file. Present on version 3 only. |
unknown | 0x28 | u64 | Maybe padding. Set to 0. Present on version 3 only. |
Category
Value | Type | Name | Remark |
---|---|---|---|
1 | SELF | signed-elf | Used for storing ELF and PRX |
2 | SRVK | signed-revoke-list | Used for Revokation |
3 | SPKG | signed-package | Used for System Software Packages |
4 | SPP | security-policy-profile | The only file of this category is Default.spp on PS3 |
Decryption
Certified Files are all encrypted using the exact same algorithm. SELF are hashed and signed (signature is RSA based at the very least since firmware 0.940). This section only focuses on the encryption layer itself.
- Step 1: Get SELF metadata decryption key and IV
Get a static key and IV contained within the relevant Secure Module. For example Update Package keys are located in update_service_sm.self, kernel PRX keys are located in kprx_auth_sm.self, Secure Modules (SM) as well as kernel_boot_loader.self, are located in secure_kernel.enp).
Decrypt the first 0x40 bytes of the SELF metadata using AES256CBC.
This results into the key and IV used in step 2
- Step 2: Get plain SELF metadata
Use the key and IV decrypted from the first 0x40 bytes of the SELF metadata to decrypt the rest of the SELF metadata using AES128-CBC.
- Step 3: Parse SELF metadata
The SELF metadata is typically stored in this format (below is the metadata example for a 4 sections self): The SPKG metadata follows the same principles but is slightly different (different MAGIC/Header).
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 F0 07 00 00 00 00 00 00 05 00 00 00 04 00 00 00 ð............... <<< Metadata header (0x20 long) ; metasize (u64), signature type (u32) number of sections (u32) // Sig type 5 = RSA 00000010 18 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 ....p........... 00000020 00 0A 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 ........À....... <<< First section address 00000030 02 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 ................ 00000040 03 00 00 00 04 00 00 00 05 00 00 00 01 00 00 00 ................ 00000050 00 0B 00 00 00 00 00 00 FC B4 07 00 00 00 00 00 ........ü´...... <<< First section address 00000060 02 00 00 00 02 00 00 00 06 00 00 00 06 00 00 00 ................ 00000070 03 00 00 00 0A 00 00 00 0B 00 00 00 01 00 00 00 ................ 00000080 00 C0 07 00 00 00 00 00 98 1E 00 00 00 00 00 00 .À......˜....... <<< First section address 00000090 02 00 00 00 03 00 00 00 06 00 00 00 0C 00 00 00 ................ 000000A0 03 00 00 00 10 00 00 00 11 00 00 00 01 00 00 00 ................ 000000B0 00 DF 07 00 00 00 00 00 9D BA 02 00 00 00 00 00 .ß.......º...... <<< Fourth section address 000000C0 02 00 00 00 04 00 00 00 06 00 00 00 12 00 00 00 ................ 000000D0 03 00 00 00 16 00 00 00 17 00 00 00 01 00 00 00 ................ 000000E0 AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ªªªªªªªªªªªªªªªª <<< First Section Hash 000000F0 AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ªªªªªªªªªªªªªªªª <<< First Section Hash 00000100 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00000110 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00000120 EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE îîîîîîîîîîîîîîîî <<< First Section random key 00000130 EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE îîîîîîîîîîîîîîîî <<< First Section random IV 00000140 BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB »»»»»»»»»»»»»»»» <<< Second Section Hash 00000150 BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB »»»»»»»»»»»»»»»» <<< Second Section Hash 00000160 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< HMAC key 00000170 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< HMAC key 00000180 EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE îîîîîîîîîîîîîîîî <<< Second Section random key 00000190 EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE îîîîîîîîîîîîîîîî <<< Second Section random IV 000001A0 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ <<< Third Section Hash 000001B0 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ <<< Third Section Hash 000001C0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< HMAC key 000001D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< HMAC key 000001E0 EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE îîîîîîîîîîîîîîîî <<< Third Section random key 000001F0 EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE îîîîîîîîîîîîîîîî <<< Third Section random IV 00000200 DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝ <<< Fourth Section Hash 00000210 DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝ <<< Fourth Section Hash 00000220 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< HMAC key 00000230 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< HMAC key 00000240 EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE îîîîîîîîîîîîîîîî <<< Fourth Section random key 00000250 EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE îîîîîîîîîîîîîîîî <<< Fourth Section random IV 00000260 01 00 00 00 30 00 00 00 01 00 00 00 00 00 00 00 ....0........... <<< type (u32), section size (u32), isMoreSections (u32) 00000270 80 00 00 00 C0 00 F0 00 00 00 00 00 FF FF FF FF €...À.ð.....ÿÿÿÿ 00000270 80 00 00 00 C0 00 F0 00 00 00 00 00 FF FF FF FF €...À.ð.....ÿÿÿÿ 00000280 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000290 02 00 00 00 10 01 00 00 01 00 00 00 00 00 00 00 ................ <<< type (u32), section size (u32), isMoreSections (u32) 000002A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000002B0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000002C0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000002D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000002E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000002F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000300 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000370 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000380 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000003A0 03 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00 ....0........... <<< type (u32), section size (u32), isMoreSections (u32) 000003B0 80 09 80 03 00 00 C3 00 00 00 80 09 80 00 00 00 €.€...Ã...€.€... 000003C0 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF ............ÿÿÿÿ 000003D0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000003E0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000003F0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000400 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000410 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000420 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000430 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000440 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000450 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000460 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000470 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000480 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000490 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000004A0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000004B0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000004C0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000004D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ <<< Metadata end
Following the same principles, an update package metadata would look like this:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00000000 00 02 00 00 00 00 00 00 05 00 00 00 03 00 00 00 ................ <<< Metadata header (0x20 long) ; metasize (u64), signature type (u32) number of sections (u32) // Sig type 5 = RSA 00000010 0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00000020 00 03 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ........@....... 00000030 01 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 ................ 00000040 01 00 00 00 FF FF FF FF FF FF FF FF 01 00 00 00 ....ÿÿÿÿÿÿÿÿ.... 00000050 40 03 00 00 00 00 00 00 40 00 00 00 00 00 00 00 @.......@....... 00000060 02 00 00 00 02 00 00 00 06 00 00 00 04 00 00 00 ................ 00000070 01 00 00 00 FF FF FF FF FF FF FF FF 01 00 00 00 ....ÿÿÿÿÿÿÿÿ.... 00000080 80 03 00 00 00 00 00 00 00 00 80 00 00 00 00 00 €.........€..... 00000090 03 00 00 00 03 00 00 00 06 00 00 00 08 00 00 00 ................ 000000A0 03 00 00 00 0C 00 00 00 0D 00 00 00 01 00 00 00 ................ 000000B0 AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ªªªªªªªªªªªªªªªª <<< Hash 000000C0 AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA ªªªªªªªªªªªªªªªª <<< Hash 000000D0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 000000E0 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 000000F0 BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB »»»»»»»»»»»»»»»» <<< Hash 00000100 BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB »»»»»»»»»»»»»»»» <<< Hash 00000110 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00000120 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ 00000130 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ <<< Hash 00000140 CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ <<< Hash 00000150 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< Random key 00000160 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< Random IV 00000170 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< Random key 00000180 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ <<< Random IV 00000190 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000001A0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000001B0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000001C0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000001D0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000001E0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 000001F0 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000200 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000210 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000220 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000230 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000240 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000250 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000260 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG 00000270 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 ................ <<< RSA SIG
- Step 4: Get plain SELF sections
Use the keys and IVs from the metadata to decrypt their respective sections using AES128-CTR.
- Step 5: Uncompress sections if needed
Sections can be compressed. This is reported in the header.