PS4 Backup And Restore (BAR) Keys & Envelope Files Documented

While many are patiently awaiting further details on the PS4 6.20 Kxploit in development, today PlayStation 4 scene developers @RedEyeX32 via @zecoxao shared Cipher and Hasher PS4 Backup And Restore (BAR) Kernel Keys while 3226:2143 (aka IDC) documented containers referred to as Envelope Files used in encrypting and signing messages.

Based on the current findings, they were likely introduced around PS4 Firmware FW 3.00 (>2.56 <=3.50), noting that the messages are encrypted using AES128 in CBC mode and signed using a public key.

Download: BAR-master.zip / GIT / PS4 Env Decryptor

Those interested in learning more about the encryption and public keys can check out the related documentation via PSDevWiki.com.
Backup And Restore Keys (BAR)

*Cipher:

79 c8 cc c8 89 a1 54 0d 4f 2e 27 bb 61 4f d6 53

*Hasher:

cd a1 33 a1 0e c8 f5 25  98 22 23 f5 86 1f 02 00

And from the README.md: BAR

backup and restore decrypt (and encrypt?) utility

Credits

• RedEye32 (for the structs)
• Zer0xFF (for some improvement in code)
• PixelButts (for testing)
• idc (for the hasher key correct size)
• and to anonymous (for everything you did and have done in the past)

Usage

compile it and simply place it near the archives and run it. it'll produce some blobs. support for bigger blobs is in process...
decrypt the backups made with the backup utility
very similar to what Kakaroto has done on ps3 with his tool
yes. on fpkg backups it'll also backup the licenses associated with them, because they are considered "free" licenses by the system
honestly, none besides grabbing the licenses from demo and beta games
webbrowser_xutil:

CA 4A 06 AD 3C 09 8D AB 6B 30 97 2C BC 49 00 BD

jsnex_netflixdeckeys: (netfliXDecryptionKeys?)

51 AE 12 B0 CB D8 EF D3 59 8B C5 11 8D E1 A3 0C

party_config:

9C 4E E3 E6 DC 82 A1 8A A2 12 33 D5 35 B1 08 EC

Cheers to @HydrogenNGU for the heads-up via Twitter earlier on!

 

[AkramJuvdibala]

What is new?
I have ps4 (5.55)
Where is their new Jailbreak ?

 

[hyndrid]

6.20 PS4 Kxploit good joke

 

[Sanchant]

Making a fool .. at least if you are going to release something ...keep exciting news coming ...we will cheer for you man

 

[Kraken]

If I understand this correctly, these keys are used to encrypt/decrypt data (such as log files or remote commands) that are sent from the PS4 to Sony's servers.

Analyzing the logs could show new attack vectors or see what data Sony is collecting from the system. If messages could be encrypted and sent in a way that the PS4 thinks is from Sony, then that could be a new attack vector as well.

There could be interesting homebrew around this too like scripts to turn on the PS4 remotely without PSN.

 

[Chumdiddy1]

@Kraken
That's the idea I got but not completely sure as I have to tap out once talk turns to keys. I know what keys are and what SAMU keys are but this isn't that.

Still, welcome stuff I'm sure.

 

[Backporter]

@Kraken [decrypt the backups made with the backup utility]

 

[mrrafat]

very useful. thanks.

 

[AMIX1972]

I hope it arrives

 

[chrisrlink]

going off on what @Kraken said i maybe going off on a limb here but if one day current cfw/kexploit exist and we keep getting the changed env keys couldn't we program a plugin that dumps the system reports sent (Like atmosphere on the switch does) and then send fake reports to sony which will mitigate ps4 bans?

 

[chhacha38]

Nice