Keystone: Difference between revisions

From Vita Development Wiki
Jump to navigation Jump to search
No edit summary
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
=== File Structure ===
The Keystone is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modification and extraction. It can be found on different places in the filesystem and is used for Save Data, Trophy Data, Game Data and Additional Contents decryption and encryption.
 
The keystone is used to verify that:
* somebody who wants to extract/verify a PKG file is the owner of the product
* a patch data is published by the creator of the app data
 
The keystone is generated from a unique [[Passcode]] chosen by the developer when building a PKG file. The keystone is stored in a hashed file named keystone, stored in the sce_sys folder of the content and encrypted under the PFS layer, then packed into a PKG file.
 
See also [https://www.psdevwiki.com/ps4/Keystone PS4 Keystone].
 
= PS Vita =
 
== Location ==
 
The keystone file is located in the sce_sys folder of every applications/patches/additional contents/savedata/trophies. It is PFS encrypted.
 
<save data directory>:/sce_sys/keystone
 
== Structure ==
 
Size is always 96 bytes.


{| class="wikitable"
{| class="wikitable"
|-
|-
! Offset !! Size !! Description
! Offset !! Size !! Description !! Notes
|-
|-
| 0x0 || 0x8 || magic "keystone"
| 0x0 || 0x8 || Magic || "keystone"
|-
|-
| 0x8 || 0x2 || Type (always 2)
| 0x8 || 0x2 || Type || 2 on PS Vita and PS4, 3 on PS5
|-
|-
| 0xA || 0x2 || Version (always 1)
| 0xA || 0x2 || Version || 1 on PS Vita, PS4 and PS5
|-
|-
| 0xC || 0x14 || 00 Filler
| 0xC || 0x14 || Padding || Zeroed
|-
|-
| 0x20 || 0x20 || passcode HMAC
| 0x20 || 0x20 || Passcode Digest || HMAC-SHA256 digest made with keystone_passcode_secret as key
|-
| 0x40 || 0x20 || keystone HMAC
|-
|-
| 0x40 || 0x20 || Keystone Digest || HMAC-SHA256 digest made with keystone_ks_secret as key
|}
|}


The first step is to check the HMAC of the file. The process is to use the <code>Keystone HMAC Key</code> from the [[Keys#PFS_Secret_Keys]] page to check the <code>keystone HMAC</code> at position 0x40 in the file.  
== Usage ==
 
=== Generation ===
 
SCE provides in official PS Vita SDK a tool called pc2ks that converts a passcode to a keystone.
 
=== Verification ===
 
The first step is to check the Digest of the keystone file (using [[SceSblPostSsMgr#sceSblPostSsMgrVerifyKeystoneForDriver|sceSblPostSsMgrVerifyKeystoneForDriver]]). The process is to use the <code>Keystone HMAC Key</code> (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) to check the <code>keystone Digest</code> at position 0x40 in the file.
 
If it is correct, it proceeds to check the passcode Digest, ?which is not present on retail units?. Use <code>Passcode HMAC Key</code> (see [https://www.psdevwiki.com/vita/Keys#PFS_Keys]) to calculate the digest of the <code>passcode</code> stored at offset 0x20.
 
== Debug Usage ==
 
On TestKit/DevKit/internal PS Vita consoles, more functions are provided by the API to encrypt, verify and decrypt the keystones.
 
[[SceSblPostSsMgr#sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver|sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver]]
 
[[SceSblPostSsMgr#sceSblPostSsMgrDebugEncryptKeystoneForDriver|sceSblPostSsMgrDebugEncryptKeystoneForDriver]]


If it is correct, it proceeds to passcode HMAC check which is not present on retail units.
[[SceSblPostSsMgr#sceSblPostSsMgrDebugDecryptKeystoneForDriver|sceSblPostSsMgrDebugDecryptKeystoneForDriver]]


Use <code>Passcode HMAC Key</code> from the [[Keys#PFS_Secret_Keys]] to calculate HMAC of <code>passcode</code> and check passcode HMAC at offset 0x20. <code>passcode</code> is a string of 0x20 bytes long that should match [A-Za-z0-9\-_] regex.
[[Category:Formats]]

Latest revision as of 00:10, 1 January 2025

The Keystone is a an encrypted key used on PS Vita, PS4 and PS5 to prevent files modification and extraction. It can be found on different places in the filesystem and is used for Save Data, Trophy Data, Game Data and Additional Contents decryption and encryption.

The keystone is used to verify that:

  • somebody who wants to extract/verify a PKG file is the owner of the product
  • a patch data is published by the creator of the app data

The keystone is generated from a unique Passcode chosen by the developer when building a PKG file. The keystone is stored in a hashed file named keystone, stored in the sce_sys folder of the content and encrypted under the PFS layer, then packed into a PKG file.

See also PS4 Keystone.

PS Vita

Location

The keystone file is located in the sce_sys folder of every applications/patches/additional contents/savedata/trophies. It is PFS encrypted.

<save data directory>:/sce_sys/keystone

Structure

Size is always 96 bytes.

Offset Size Description Notes
0x0 0x8 Magic "keystone"
0x8 0x2 Type 2 on PS Vita and PS4, 3 on PS5
0xA 0x2 Version 1 on PS Vita, PS4 and PS5
0xC 0x14 Padding Zeroed
0x20 0x20 Passcode Digest HMAC-SHA256 digest made with keystone_passcode_secret as key
0x40 0x20 Keystone Digest HMAC-SHA256 digest made with keystone_ks_secret as key

Usage

Generation

SCE provides in official PS Vita SDK a tool called pc2ks that converts a passcode to a keystone.

Verification

The first step is to check the Digest of the keystone file (using sceSblPostSsMgrVerifyKeystoneForDriver). The process is to use the Keystone HMAC Key (see [1]) to check the keystone Digest at position 0x40 in the file.

If it is correct, it proceeds to check the passcode Digest, ?which is not present on retail units?. Use Passcode HMAC Key (see [2]) to calculate the digest of the passcode stored at offset 0x20.

Debug Usage

On TestKit/DevKit/internal PS Vita consoles, more functions are provided by the API to encrypt, verify and decrypt the keystones.

sceSblPostSsMgrVerifyKeystoneWithPasscodeForDriver

sceSblPostSsMgrDebugEncryptKeystoneForDriver

sceSblPostSsMgrDebugDecryptKeystoneForDriver

Retrieved from "http://wiki.henkaku.xyz/index.php?title=Keystone&oldid=21480"