Certified File: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
(Created page with "Certified Files are the most common encrypted files on SCE PlayStation devices since PSP. == Certified File types == {| class="wikitable sortable" ! Value !! Type !! Name !!...")
 
No edit summary
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Certified Files are the most common encrypted files on SCE PlayStation devices since PSP.
Certified Files are the most common encrypted files on SCE PlayStation devices since PSP.


== Certified File types ==
= Introduction =
 
Not only ELF/PRX files can be signed with this format, other known Certified Files are:
* revoke list (e.g. RL_FOR_PACKAGE.img/RL_FOR_PROGRAM.img, pkg.srvk/prog.srvk, slb2:prog_rvk.srvk)
* policy profiles (e.g. default.spp)
* system software package (e.g. .pkg, .spkg_hdr.X)
 
It is important to notice that PS3 use big endian whilst PSVita use little endian.
 
== Header ==
 
<source lang="C">
typedef struct { // Size is 0x20 for v2, 0x30 for v3
  uint32_t magic;
  uint32_t version;
  uint16_t attribute;
  uint16_t category;
  uint32_t ext_header_size;
  uint64_t file_offset;
  uint64_t file_size;
  union {
      uint64_t cf_file_size;
      uint64_t unknown;
  };
} __attribute__((packed)) cf_header;
</source>
 
=== Table ===
 
{| class="wikitable"
! field !! offset !! type !! notes
|-
| Magic || 0x0 || u32 || Must be "SCE\0".
|-
| Version || 0x4 || u32 || 2 for PS3, 3 for PSVita.
|-
| Attribute || 0x8  || u16|| Corresponds to the revision of the enc/dec key. See [https://www.psdevwiki.com/ps3/Revision_versus_Version Attributes].
|-
| Category || 0xA || u16 || See [[Certified_File#Category|Category]].
|-
| Extended Header size || 0xC || u32 || For SELF category only, set to 0 for other categories. See Extended Header.
|-
| File offset || 0x10  || u64 || Offset to encapsulated data.
|-
| File size || 0x18 || u64 || Size of the encapsulated data.
|-
| CF file size || 0x20 || u64 || Size of the CF file. Present on version 3 only.
|-
| unknown || 0x28 || u64 || Maybe padding. Set to 0. Present on version 3 only.
|}
 
== Category ==


{| class="wikitable sortable"
{| class="wikitable sortable"
Line 8: Line 59:
| 1  || SELF || signed-elf || Used for storing ELF and PRX
| 1  || SELF || signed-elf || Used for storing ELF and PRX
|-
|-
| 2  || SRVK || signed-revoke-list || Used for signing [[Revokation]]
| 2  || SRVK || signed-revoke-list || Used for [[Revokation]]
|-
|-
| 3  || SPKG || signed-package || Used for [[PKG_files#Firmware_Packages|System Software Packages]]
| 3  || SPKG || signed-package || Used for [[PKG_files#Firmware_Packages|System Software Packages]]
Line 15: Line 66:
|}
|}


== Decryption ==
= Decryption =


SELF, SPRX, SRVK and Update Packages are all encrypted using the exact same algorithm, while SELF are hashed and signed (signature is RSA based at the very least since firmware 0.940). This section only focuses on the encryption layer itself.
Certified Files are all encrypted using the exact same algorithm. SELF are hashed and signed (signature is RSA based at the very least since firmware 0.940). This section only focuses on the encryption layer itself.


* Step 1
* Step 1: Get SELF metadata decryption key and IV


The first step uses a static key and IV contained within a relevant Secure Module; for example Update Package keys are located in update_service_sm.self while kernel PRX keys are located in kprx_auth_sm.self (or, for secure module (SM) themselves as well as kernel_boot_loader.self, inside secure_kernel.enp).
Get a static key and IV contained within the relevant Secure Module. For example Update Package keys are located in update_service_sm.self, kernel PRX keys are located in kprx_auth_sm.self, Secure Modules (SM) as well as kernel_boot_loader.self, are located in secure_kernel.enp).


The initial step decrypts the first 0x40 bytes of the self metadata using AES256CBC, this results into the key and IV used in step 2
Decrypt the first 0x40 bytes of the SELF metadata using AES256CBC.


* Step 2
This results into the key and IV used in step 2


The second step uses the key and iv decrypted from the first 0x40 bytes of the metadata to decrypt the rest of the metadata using AES128-CBC.
* Step 2: Get plain SELF metadata


* Step 3
Use the key and IV decrypted from the first 0x40 bytes of the SELF metadata to decrypt the rest of the SELF metadata using AES128-CBC.
 
* Step 3: Parse SELF metadata


The SELF metadata is typically stored in this format (below is the metadata example for a 4 sections self):
The SELF metadata is typically stored in this format (below is the metadata example for a 4 sections self):
Update packages metadata follows the same principles but is slightly different (different MAGIC/Header).
The SPKG metadata follows the same principles but is slightly different (different MAGIC/Header).


<source lang = "C">
<source lang = "C">
Line 164: Line 217:
</source>
</source>


* Step 4
* Step 4: Get plain SELF sections
 
Use the keys and IVs from the metadata to decrypt their respective sections using AES128-CTR.
 
* Step 5: Uncompress sections if needed
 
Sections can be compressed. This is reported in the header.


The last step uses the keys and ivs extracted from the metadata to decrypt their respective sections using AES128-CTR.
[[Category:Formats]]

Latest revision as of 22:09, 1 May 2023

Certified Files are the most common encrypted files on SCE PlayStation devices since PSP.

Introduction

Not only ELF/PRX files can be signed with this format, other known Certified Files are:

  • revoke list (e.g. RL_FOR_PACKAGE.img/RL_FOR_PROGRAM.img, pkg.srvk/prog.srvk, slb2:prog_rvk.srvk)
  • policy profiles (e.g. default.spp)
  • system software package (e.g. .pkg, .spkg_hdr.X)

It is important to notice that PS3 use big endian whilst PSVita use little endian.

Header

typedef struct { // Size is 0x20 for v2, 0x30 for v3
  uint32_t magic;
  uint32_t version;
  uint16_t attribute;
  uint16_t category;
  uint32_t ext_header_size;
  uint64_t file_offset;
  uint64_t file_size;
  union {
      uint64_t cf_file_size;
      uint64_t unknown;
  };
} __attribute__((packed)) cf_header;

Table

field offset type notes
Magic 0x0 u32 Must be "SCE\0".
Version 0x4 u32 2 for PS3, 3 for PSVita.
Attribute 0x8 u16 Corresponds to the revision of the enc/dec key. See Attributes.
Category 0xA u16 See Category.
Extended Header size 0xC u32 For SELF category only, set to 0 for other categories. See Extended Header.
File offset 0x10 u64 Offset to encapsulated data.
File size 0x18 u64 Size of the encapsulated data.
CF file size 0x20 u64 Size of the CF file. Present on version 3 only.
unknown 0x28 u64 Maybe padding. Set to 0. Present on version 3 only.

Category

Value Type Name Remark
1 SELF signed-elf Used for storing ELF and PRX
2 SRVK signed-revoke-list Used for Revokation
3 SPKG signed-package Used for System Software Packages
4 SPP security-policy-profile The only file of this category is Default.spp on PS3

Decryption

Certified Files are all encrypted using the exact same algorithm. SELF are hashed and signed (signature is RSA based at the very least since firmware 0.940). This section only focuses on the encryption layer itself.

  • Step 1: Get SELF metadata decryption key and IV

Get a static key and IV contained within the relevant Secure Module. For example Update Package keys are located in update_service_sm.self, kernel PRX keys are located in kprx_auth_sm.self, Secure Modules (SM) as well as kernel_boot_loader.self, are located in secure_kernel.enp).

Decrypt the first 0x40 bytes of the SELF metadata using AES256CBC.

This results into the key and IV used in step 2

  • Step 2: Get plain SELF metadata

Use the key and IV decrypted from the first 0x40 bytes of the SELF metadata to decrypt the rest of the SELF metadata using AES128-CBC.

  • Step 3: Parse SELF metadata

The SELF metadata is typically stored in this format (below is the metadata example for a 4 sections self): The SPKG metadata follows the same principles but is slightly different (different MAGIC/Header).

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  F0 07 00 00 00 00 00 00 05 00 00 00 04 00 00 00  ð............... <<< Metadata header (0x20 long) ;  metasize (u64), signature type (u32) number of sections (u32) // Sig type 5 = RSA
00000010  18 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00  ....p...........
00000020  00 0A 00 00 00 00 00 00 C0 00 00 00 00 00 00 00  ........À....... <<< First section address
00000030  02 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00  ................
00000040  03 00 00 00 04 00 00 00 05 00 00 00 01 00 00 00  ................
00000050  00 0B 00 00 00 00 00 00 FC B4 07 00 00 00 00 00  ........ü´...... <<< First section address
00000060  02 00 00 00 02 00 00 00 06 00 00 00 06 00 00 00  ................
00000070  03 00 00 00 0A 00 00 00 0B 00 00 00 01 00 00 00  ................
00000080  00 C0 07 00 00 00 00 00 98 1E 00 00 00 00 00 00  .À......˜....... <<< First section address
00000090  02 00 00 00 03 00 00 00 06 00 00 00 0C 00 00 00  ................
000000A0  03 00 00 00 10 00 00 00 11 00 00 00 01 00 00 00  ................
000000B0  00 DF 07 00 00 00 00 00 9D BA 02 00 00 00 00 00  .ß.......º...... <<< Fourth section address
000000C0  02 00 00 00 04 00 00 00 06 00 00 00 12 00 00 00  ................
000000D0  03 00 00 00 16 00 00 00 17 00 00 00 01 00 00 00  ................
000000E0  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA  ªªªªªªªªªªªªªªªª  <<< First Section Hash
000000F0  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA  ªªªªªªªªªªªªªªªª  <<< First Section Hash
00000100  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000110  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000120  EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE  îîîîîîîîîîîîîîîî  <<< First Section random key
00000130  EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE  îîîîîîîîîîîîîîîî  <<< First Section random IV
00000140  BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB  »»»»»»»»»»»»»»»»  <<< Second Section Hash
00000150  BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB  »»»»»»»»»»»»»»»»  <<< Second Section Hash
00000160  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< HMAC key
00000170  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< HMAC key
00000180  EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE  îîîîîîîîîîîîîîîî  <<< Second Section random key
00000190  EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE  îîîîîîîîîîîîîîîî  <<< Second Section random IV
000001A0  CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC  ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ  <<< Third Section Hash
000001B0  CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC  ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ  <<< Third Section Hash
000001C0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< HMAC key
000001D0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< HMAC key
000001E0  EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE  îîîîîîîîîîîîîîîî  <<< Third Section random key
000001F0  EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE  îîîîîîîîîîîîîîîî  <<< Third Section random IV
00000200  DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD  ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝ  <<< Fourth Section Hash
00000210  DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD DD  ÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝÝ  <<< Fourth Section Hash
00000220  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< HMAC key
00000230  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< HMAC key
00000240  EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE  îîîîîîîîîîîîîîîî  <<< Fourth Section random key
00000250  EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE EE  îîîîîîîîîîîîîîîî  <<< Fourth Section random IV
00000260  01 00 00 00 30 00 00 00 01 00 00 00 00 00 00 00  ....0...........  <<< type (u32), section size (u32), isMoreSections (u32)
00000270  80 00 00 00 C0 00 F0 00 00 00 00 00 FF FF FF FF  €...À.ð.....ÿÿÿÿ 
00000270  80 00 00 00 C0 00 F0 00 00 00 00 00 FF FF FF FF  €...À.ð.....ÿÿÿÿ
00000280  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000290  02 00 00 00 10 01 00 00 01 00 00 00 00 00 00 00  ................  <<< type (u32), section size (u32), isMoreSections (u32)
000002A0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000002B0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000002C0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000002D0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000002E0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000002F0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000300  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000310  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000320  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000330  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000340  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000350  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000360  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000370  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000380  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000390  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
000003A0  03 00 00 00 30 00 00 00 00 00 00 00 00 00 00 00  ....0...........  <<< type (u32), section size (u32), isMoreSections (u32)
000003B0  80 09 80 03 00 00 C3 00 00 00 80 09 80 00 00 00  €.€...Ã...€.€...
000003C0  00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF  ............ÿÿÿÿ
000003D0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000003E0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000003F0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000400  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000410  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000420  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000430  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000440  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000450  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000460  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000470  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000480  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000490  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000004A0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000004B0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000004C0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000004D0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................  <<< Metadata end

Following the same principles, an update package metadata would look like this:

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  00 02 00 00 00 00 00 00 05 00 00 00 03 00 00 00  ................ <<< Metadata header (0x20 long) ;  metasize (u64), signature type (u32) number of sections (u32) // Sig type 5 = RSA
00000010  0E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020  00 03 00 00 00 00 00 00 40 00 00 00 00 00 00 00  ........@.......
00000030  01 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00  ................
00000040  01 00 00 00 FF FF FF FF FF FF FF FF 01 00 00 00  ....ÿÿÿÿÿÿÿÿ....
00000050  40 03 00 00 00 00 00 00 40 00 00 00 00 00 00 00  @.......@.......
00000060  02 00 00 00 02 00 00 00 06 00 00 00 04 00 00 00  ................
00000070  01 00 00 00 FF FF FF FF FF FF FF FF 01 00 00 00  ....ÿÿÿÿÿÿÿÿ....
00000080  80 03 00 00 00 00 00 00 00 00 80 00 00 00 00 00  €.........€.....
00000090  03 00 00 00 03 00 00 00 06 00 00 00 08 00 00 00  ................
000000A0  03 00 00 00 0C 00 00 00 0D 00 00 00 01 00 00 00  ................
000000B0  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA  ªªªªªªªªªªªªªªªª  <<< Hash
000000C0  AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA AA  ªªªªªªªªªªªªªªªª  <<< Hash
000000D0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000000E0  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
000000F0  BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB  »»»»»»»»»»»»»»»»  <<< Hash
00000100  BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB BB  »»»»»»»»»»»»»»»»  <<< Hash
00000110  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000120  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ
00000130  CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC  ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ  <<< Hash
00000140  CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC CC  ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ  <<< Hash
00000150  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< Random key
00000160  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< Random IV
00000170  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< Random key
00000180  FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF  ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ  <<< Random IV
00000190  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000001A0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000001B0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000001C0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000001D0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000001E0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
000001F0  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000200  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000210  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000220  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000230  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000240  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000250  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000260  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
00000270  11 11 11 11 11 11 11 11 11 11 11 11 11 11 11 11  ................  <<< RSA SIG
  • Step 4: Get plain SELF sections

Use the keys and IVs from the metadata to decrypt their respective sections using AES128-CTR.

  • Step 5: Uncompress sections if needed

Sections can be compressed. This is reported in the header.