Category PS4 Jailbreaking       Thread starter PSXHAX       Start date Apr 23, 2017 at 6:11 AM       14,428       7            
Following his PS4 PFS Protection Bypass Guide, initial GameArchives PFS Support, GameArchives Updates and MakePFS utility this weekend @zecoxao dropped a hint on Twitter of a retail PS4 Sealedkey / pfsSKKey and is seeking someone with a PlayStation 4 DevKit / TestKit to decrypt it... noting that both the PS4 retail and development Sealedkey / pfsSKKey should be the same. ;)

According to the PSDevWiki the Sealedkey / pfsSKKey can be obtained in different places and is used for SaveGame or Trophy Data decryption and encryption reminiscent of the PS4 Retail / Debug Game Transfusion Tutorial where savegames and trophies were confirmed as working. (y)

To quote: Sealedkey / pfsSKKey

This key can be found on different places and will be used for eg. SaveGame or Trophy Data decryption and encryption.

Paths



Kind
Path

Trophys
/user/home/user Id/trophy/data/sce_trop/sealedkey


SaveGames
/user/home/user Id/title Id/save data directory/sce_sys/

Structure - size always 96 bytes



From
To
Description

00
07
MAGIC ("pfsSKKey") (?playstation file system sealed key key?)


08
0F
Category (game=1 or version ?)


10
1F
IV (16 bytes)


20
3F
Encrypted key (32 bytes)


40
5F
SHA-256 (32 bytes)

C
Code:
 typedef struct sealedkey_t {
     const unsigned char MAGIC[8];
     const unsigned char CAT[8];
     const unsigned char IV[16];
     const unsigned char KEY[32];
     const unsigned char SHA256[32];
 } PfsSKKey;
CSharp
Code:
 protected internal struct sealedkey {
     internal static byte[] MAGIC = new byte[8];
     internal static byte[] CAT = new byte[8];
     internal static byte[] IV = new byte[16];
     internal static byte[] KEY = new byte[32];
     internal static byte[] SHA256 = new byte[32];
 }
Note: You can't use a const byte[] defination in C#. It need to be a static byte[].

De/En -Crypting

Can be decrypted by frindly asking the OS to do it for you. You will need kernel rights to be able to ask the PS4 for it.
Code:
 /* Decryption */
 #define foreach(item, array) \
     for (int keep = 1, \
              count = 0, \
              size = sizeof(array) / sizeof*(array); \
          keep && count != size; \
          keep = !keep, count++) \
         for (item = (array) + count; keep; keep = !keep)
 
 typedef unsigned char byte;              /* byte defination for c/c++ */
 byte PFSK_IDENT[8] = "pfsSKKey";
 byte VERSION[8] = "\x01\x00\x00\x00\x00\x00\x00\x00"
 const char USER1 = "10000000";
 const char usb0 = "/mnt/usb0/";
 const char usb1 = "/mnt/usb1/";
 const char pfs = "dec_pfsSK.Key";
 const char home = "/user/home/";
 const char tropkey = "/trophy/data/sce_trop/sealedkey";
 char usb_error = "[-] ERROR: Can't access usb0 nor usb1!\n[-] Will return now to caller.\n"
 char usb0path[(strlen(usb0) + strlen(pfs))];
 char usb1path[strlen(usb0path)];
 
 /* Get's the encrypted sealed key based on user id */
 int get_pfsSKKey(byte *buffer, const char *userID, char path) {
     char toOpen[(strlen(home) + strlen(userID) + strlen(path))];
 
     sprintf(toOpen, home, userID, path)
 
     FILE *pfskey = fopen(toOpen, "r");
 
     if (!pfskey) return NULL;
 
     fread(buffer, 96, 1, pfskey);
     fclose(pfskey);
     return 1;
 }
 
 /* Dump the sealedkey. Send over tcp and save to file */
 int dumpDecryptedSealedKey(int to) {
     if (to < 0 || to > 1) return -2;
 
     /* First load the sealedkey into a buffer */
     PfsSKKEy enc;
     if (!get_pfsSKKey(&enc, USER1, tropkey)) {
         printf("[-] Can not load the sealed key!\n");
         return -1;
     }
 
     /* Let's check the pfsSKKEy */
     if (enc->MAGIC == PFSK_IDENT && enc->CAT == VERSION) {
         printf("[+] Magic and version ok!\n[+] sk IV = ");
         foreach(byte *val, &enc->IV) printf("%02X", *val);
 
         printf("\n[+] sk KEY = ");
         foreach(byte *val, enc->KEY) printf("%02X", *val);
 
         printf("\n[+] sk Key-SHA256 = ");
         foreach(byte *val, sk->SHA256) printf("%02X", *val);
         printf("\n");
 
     }
     else return -4;
 
     /* Now decrypt it */
     byte dec[16];
 
     int i;
     if (!(i = kernel.sceSblSsDecryptSealedKey(&enc, &dec))) {
         printf("[-] Error!\n[-] sceSblSsDecryptSealedKey returned %d\n", i);
         return -1;
     }
     printf("[+] sceSblSsDecryptSealedKey returned %d\n", i);
 
     if (!to) { /* Print it out */
         printf("[+] Your decrypted sealedkey = ");
 
         foreach(byte *val, &dec) printf("%02X", *val);
 
         printf("\n");
         return 1;
     }
     else { /* Saving to file */
         printf("[+] Will try to save to file...");
 
         sprintf(usb0path, usb0, pfs);
         sprintf(usb1path, usb1, pfs);
 
         FILE *dump = fopen(usb0path, "w");
 
         if (!dump) {
             dump = fopen(usb1path, "w");
             if (!dump) {
                 printf("fail!\n%s", usb_error);
                 return -3;
             }
         }
 
         fwrite(&dec, 16, 1, dump);
         printf("done!\n");
         fclose(dump);
         return 1;
     }
 }
From PSDevWiki.com: Portable Keys Dumps

pfsSKKey__SecKey (External)
Code:
00000000  70 66 73 53 4b 4b 65 79  5f 5f 53 65 63 4b 65 79  |pfsSKKey__SecKey|
00000010  b5 da ef ff 39 e6 d9 0e  ca 7d c5 b0 29 a8 15 3e  |....9....}..)..>|
00000020  87 07 96 0a 53 46 8d 6c  84 3b 3d c9 62 4e 22 af  |....SF.l.;=.bN".|
00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000080
SCE_EAP_HDD__KEY (External)
Code:
00000000  53 43 45 5f 45 41 50 5f  48 44 44 5f 5f 4b 45 59  |SCE_EAP_HDD__KEY|
00000010  bb 6c d6 6d dc 67 1f ac  36 64 f7 bf 50 49 ba a8  |.l.m.g..6d..PI..|
00000020  c4 68 79 04 bc 31 cf 4f  2f 4e 9f 89 fa 45 87 93  |.hy..1.O/N...E..|
00000030  81 17 45 e7 c7 e8 0d 46  0f af 23 26 55 0b d7 e4  |..E....F..#&U...|
00000040  d2 a0 a0 d9 72 9d e5 d2  11 7d 70 67 6f 1d 55 74  |....r....}pgo.Ut|
00000050  8d c1 7c df 29 c8 6a 85  5f 2a e9 a1 ad 3e 91 5f  |..|.).j._*...>._|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000080
CFK1 (External)
Code:
00000000  43 46 4b 31 00 00 00 00  00 00 00 00 00 00 00 00  |CFK1............|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  61 9a d0 db 62 cb 51 37  d8 aa 84 d0 28 b9 92 2d  |a...b.Q7....(..-|
00000030  74 46 01 4d 5a 20 67 31  af d2 ab 62 44 d1 f5 92  |tF.MZ g1...bD...|
00000040  de 9f 35 6c 99 1b 1c 04  3d 76 cd 9f b1 a7 03 57  |..5l....=v.....W|
00000050  89 73 d9 26 a1 60 ea 72  d8 e7 33 9f b0 52 f0 e2  |.s.&.`.r..3..R..|
00000060  06 80 47 c4 d7 7a fd fd  95 72 27 8d 97 ab f4 21  |..G..z...r'....!|
00000070  aa cd 9d 9d 2a a2 30 cc  0d 37 b8 69 47 d1 6a ac  |....*.0..7.iG.j.|
00000080
CFK1 (External-Extra)
Code:
00000000  40 83 63 f3 b4 d0 4b 54  09 ba f3 f4 27 41 13 c4  |@.c...KT....'A..|
00000010  ac 97 ae 26 3b 9b 26 1c  2d 87 50 35 80 a3 e0 34  |...&;.&.-.P5...4|
00000020  f9 97 e5 b9 8c 85 9d 90  33 68 04 32 81 1b 50 21  |........3h.2..P!|
00000030  1f a4 5d 36 63 a3 50 7b  cc 68 12 7c bf 9a aa 2d  |..]6c.P{.h.|...-|
00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000080
SCEROOTPARAM_KEY (External)
Code:
00000000  53 43 45 52 4f 4f 54 50  41 52 41 4d 5f 4b 45 59  |SCEROOTPARAM_KEY|
00000010  01 00 01 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000040  29 ed 9c 0a f8 d3 97 00  29 85 a9 df d0 f2 47 21  |).......).....G!|
00000050  03 ea a7 1e b1 10 c0 03  99 b1 1d ec b2 e5 df 08  |................|
00000060  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000080
SCEROOTPARAM_KEY (External-Extra1)
Code:
00000000  ab 75 84 e1 58 6e f3 38  66 3b 39 9b 09 40 49 54  |.u..Xn.8f;[email protected]|
00000010  6b ce b2 f0 9f 32 0a 1b  f8 de 0a a0 d1 5f 28 bd  |k....2......._(.|
00000020  7f f5 78 1d c5 4c 80 fb  e4 7a 3e 36 91 8d 19 3e  |..x..L...z>6...>|
00000030  09 67 ae 3d 61 4e b1 4f  7d 71 cf 20 e4 40 71 1f  |.g.=aN.O}q. [email protected]|
00000040  05 65 93 0d fd 2d a6 d1  21 3c ef f4 5a 00 97 cb  |.e...-..!<..Z...|
00000050  2f e9 ed b5 ce 07 bb d3  57 4e fa b1 ac a3 fe 80  |/.......WN......|
00000060  88 3f 0a 0e 75 9b 4f 2f  40 6a c6 ef 98 23 b9 e5  |.?..u.O/@j...#..|
00000070  ae bd 3b 75 b7 c6 e1 68  5f b3 90 c4 12 a0 4d 24  |..;u...h_.....M$|
00000080
SCEROOTPARAM_KEY (External-Extra2)
Code:
00000000  44 62 12 3c 06 10 f2 55  3c 01 d1 f8 50 eb 1e 88  |Db.<...U<...P...|
00000010  c0 34 61 40 04 19 80 9d  ab b4 63 f6 f3 6c e9 4d  |[email protected]|
00000020  39 6e 07 40 d9 8a d3 27  0c 27 e1 4a ad 0e b1 19  |[email protected]'.'.J....|
00000030  fe 79 df 09 7c 07 9b eb  ec f9 aa 64 f0 42 f6 4d  |.y..|......d.B.M|
00000040  58 45 0e 46 d9 e8 31 98  5d c5 10 ed 81 32 f5 c8  |XE.F..1.]....2..|
00000050  8a d2 48 5b cc 6f 7e 2d  38 b0 f4 3e 8f 2b 0c 63  |..H[.o~-8..>.+.c|
00000060  19 1d f8 5f 50 0b 77 f9  37 ec 7c 6b ea cd c9 15  |..._P.w.7.|k....|
00000070  ea e6 d8 e1 bf 80 28 a3  eb 3e 9a 9d 5c 00 48 ad  |......(..>..\.H.|
00000080
SCE_LwUtoken_Key (External)
Code:
00000000  53 43 45 5f 4c 77 55 74  6f 6b 65 6e 5f 4b 65 79  |SCE_LwUtoken_Key|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00000040  e4 03 52 c3 02 18 f1 a6  22 5a cf 4c a7 9e 54 eb  |..R....."Z.L..T.|
00000050  b2 7a bc be b7 1f b4 7a  5c d0 66 c7 9e 99 9f 2a  |.z.....z\.f....*|
00000060  66 4a b9 75 36 4c f3 0e  75 ee 24 15 9c 38 51 f3  |fJ.u6L..u.$..8Q.|
00000070  01 00 01 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000080
SCE_LwUtoken_Key (External-Extra1)
Code:
00000000  a3 c6 b1 40 de 3d d5 e9  44 8c 16 0a 18 54 75 6f  |[email protected]=..D....Tuo|
00000010  1c 51 87 64 cd 3d a4 6f  ce 72 a8 36 eb 61 f6 81  |.Q.d.=.o.r.6.a..|
00000020  5a 3f b5 c4 73 08 7e 87  a9 ff 8d a6 a7 27 60 22  |Z?..s.~......'`"|
00000030  fe 2f 64 64 ed 9c 97 fe  72 38 e4 d3 11 a9 b1 8b  |./dd....r8......|
00000040  35 32 29 d6 38 1e 7d 47  cc 09 0e 61 23 67 5f 00  |52).8.}G...a#g_.|
00000050  cc 11 f2 51 69 5d 51 64  1b 4f c1 47 62 bb c0 3b  |...Qi]Qd.O.Gb..;|
00000060  46 60 85 53 7c 41 78 76  39 5c 5a a3 fa 7e 40 17  |F`.S|Axv9\[email protected]|
00000070  34 6f 6c 2a 27 04 25 cc  7c ad 87 c4 6a eb f6 bf  |4ol*'.%.|...j...|
00000080
SCE_LwUtoken_Key (External-Extra2)
Code:
00000000  2c e9 d0 41 3b f5 29 aa  ad aa 0f 3b d6 18 44 7e  |,..A;.)....;..D~|
00000010  35 95 f6 9f af f0 03 92  1a cd 6e 59 22 54 c5 d9  |5.........nY"T..|
00000020  6b 9d c2 14 d6 3f ee bf  ef 07 58 af 96 1a ab 5d  |k....?....X....]|
00000030  77 09 27 96 2d fe a8 20  03 b4 e3 41 94 75 b2 49  |w.'.-.. ...A.u.I|
00000040  54 4f 08 e7 5d f4 dc 87  3a 34 5d 8e a8 10 67 22  |TO..]...:4]...g"|
00000050  e4 78 c4 70 d6 1b 9f 8c  5a b9 a9 d7 c9 17 83 30  |.x.p....Z......0|
00000060  35 0e 11 ba a2 27 46 82  f9 f1 88 31 ea af ec 75  |5....'F....1...u|
00000070  dc 5b 86 d7 70 90 c9 dc  76 c2 35 5c cd 9c 33 d4  |.[..p...v.5\..3.|
00000080
PS4 Sealedkey pfsSKKey for SaveGame & Trophy Data Decryption Encryption.jpg
 

Comments

PSXHAX

Staff Member
Moderator
Contributor
Verified
I like the sound of savegame and trophy data decryption and encryption... maybe it will slow down all the for-profit apps popping up for PS4 game saves and encourage free and open-source alternatives at some point. <3
 

SwordOfWar

Senior Member
Contributor
Verified
I'm not sure I like it. I don't care what people do with their trophies or saves, but if it means people unlocking extra content for multiplayer games I don't like it.
 

PSXHAX

Staff Member
Moderator
Contributor
Verified
We can always count on Sony to keep modders 'fun' to a minimum... especially on PSN, so hopefully it wouldn't completely ruin online gaming.
 

Mmkayu2

Member
Contributor
Anymore work being done by devs on save data. Would be great to see a free solution to save wizard like the bsd days. Especially since all the new 405/455 ps4 developments.
 
Recent Articles
PCSX-R Emulator PS4 Port Crash Bandicoot & Resident Evil PSOne Demos
Since the mGBA Emulator PS4 port and Yabause Sega Saturn Emulator PS4 port, PlayStation 4 homebrew developer Znullptr worked on a PCSXR (CodePlex Archive) PS4 port of the PlayStation emulator...
PS4 Puzzle Platformer Etherborn Shifts Onto PlayStation 4 Next Week
Last month we saw a MGS HD Remake made in Dreams on PlayStation 4, and in similar fashion comes an elegant leap in the gravity-puzzle genre... environmental puzzle platformer known as Etherborn...
Final Fantasy XIV (FFXIV) PS4 Screenshot Retimer Script by Skydeo
Following the Final Fantasy XIV: Stormblood and recent Final Fantasy XIV: Shadowbringers Final Fantasy XIV Online PS4 expansion pack comes a FFXIV PS4 Screenshot Retimer Python Script by Skydeo to...
Telefrag VR Blazes to PlayStation VR July 19th, PS4 Gameplay Trailer
Fans of Quake-style arena shooters will be pleased to hear that Telefrag VR by Anshar Studios is blazing onto PlayStation VR this July 19th featuring fast-paced PvP virtual reality game action in...
Top