Advertising (This ad goes away for registered users. You can Login or Register)

Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functions

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Post Reply
Proxima
Guru
Posts: 47
Joined: Mon Jan 03, 2011 2:38 pm

Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functions

Post by Proxima » Wed Jun 22, 2011 6:06 pm

The curve used for KIRK function 0xC, 0xD, 0x10, and 0x11
y^2 = x^3 +ax +b mod p

p = FFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF
N= FFFFFFFFFFFFFFFEFFFFB5AE3C523E63944F2127
a= -3
b= A68BEDC33418029C1D3CE33B9A321FCCBB9E0F0B
Gx= 128EC4256487FD8FDF64E2437BC0A1F6D5AFDE2C
Gy= 5958557EB1DB001260425524DBC379D5AC5F4ADF


Kirk 0xC - Generate new private/public key set
Invocation:
u8 keypair[0x3c]
sceUtilsBufferCopyWithRange(keypair,0x3c,0,0,0xC);

This returns the following into the keypair buffer (each value is 0x14 bytes long):
0x00 - randomly generated private key
0x14 - Public Key point x value
0x28 - Public Key point y value

Basically function 0xC generates a random number < N and multiplies it to the base point G to get the new public key.

Kirk 0xD - point multiplication
Invocation:
u8 buffer[0x3C]
u8 newpoint[0x28]
memcpy(buffer, multiplier, 0x14);
memcpy(buffer+0x14, pointx, 0x14);
memcpy(buffer+0x28, pointy, 0x14);
sceUtilsBufferCopyWithRange(newpoint,0x28,buffer,0x3c,0xD);

The result is a new point(x and y are each 0x14 bytes long).

To test this, you can call 0xC service and copy the first 0x14 bytes to a new buffer, then copy the Gx and Gy values after that.
Calling 0xD with the new buffer will return the values of x and y that were generated by the 0xC call.

Kirk 0x10 - ECDSA Sign hash
Invocation:
u8 buffer[0x34]
u8 encryptedprivatekey[0x20] - the private key returned by KIRK 0xC must be AES encrypted somehow
u8 SHA1hashofmessagetosign[0x14]
memcpy(buffer,encryptedprivatekey,0x20)
memcpy(buffer+0x20,SHA1hashofmessagetosign,0x14)
sceUtilsBufferCopyWithRange(newsig,0x28,buffer,0x34,0x10);

newsig will have the r and s values for an ECDSA signature

This isn't that useful since it is not clear how to encrypt the private key to sign the message. There are some examples in IDStorage where a pre-encrypted private key and public key pair can be used, but no general cases yet.

Kirk 0x11 - ECDSA Verify Signature
Invocation:
u8 buffer[0x64]
memcpy(buffer,publickey,0x28)
memcpy(buffer+0x28,SHA1hashofmessagetosign,0x14)
memcpy(buffer+0x3C,newsig,0x28)
sceUtilsBufferCopyWithRange(0,0,buffer,0x64,0x11);

This returns 0 (good) or not 0 (bad) based on if the signature is successfully verify.


These functions seem secure. The random number generation they use seems to be strong and they do not have any of the gaps that the PS3 or KIRK1 have around re-use of random numbers.
Advertising

User avatar
m0skit0
Guru
Posts: 3817
Joined: Mon Sep 27, 2010 6:01 pm

Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

Post by m0skit0 » Wed Jun 22, 2011 9:11 pm

Excellent post, and thank you very much for sharing your findings :D
Advertising
I wanna lots of mov al,0xb
Image
"just not into this RA stuffz"

coyotebean
Guru
Posts: 96
Joined: Mon Sep 27, 2010 3:22 pm

Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

Post by coyotebean » Thu Jun 23, 2011 5:17 am

Excellent findings.

I think Cmd 0x10 & 0x12 uses a key related to the PSP / region. IIRC, the idstroage cert will fail the Cmd 0x10+0x11 & 0x12 validation on different PSP / region.

kael2404
Posts: 37
Joined: Thu Dec 09, 2010 3:00 pm

Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

Post by kael2404 » Thu Jun 23, 2011 3:53 pm

What does it mean?
I'm getting back 1st March

User avatar
fidelcastro
Posts: 215
Joined: Sat Oct 02, 2010 1:34 pm

Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

Post by fidelcastro » Thu Jun 23, 2011 5:04 pm

leave the post open to developers, great job proxima

Proxima
Guru
Posts: 47
Joined: Mon Jan 03, 2011 2:38 pm

Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

Post by Proxima » Fri Jul 01, 2011 6:32 pm

coyotebean wrote:Excellent findings.

I think Cmd 0x10 & 0x12 uses a key related to the PSP / region. IIRC, the idstroage cert will fail the Cmd 0x10+0x11 & 0x12 validation on different PSP / region.

I haven't looked at 0x12 in depth yet, but you are correct. 0x10 is PSP specific. The 0x20 bytes are the encrypted private key and the decryption is PSP specific. So far I have confirmed it is not KIRK 8 or 5, nor KIRK 8 or 5 and any combination of KIRK 7. There are a few other permutations to try, but so far I've not found how the actual private key is encrypted in the 0x20 bytes for KIRK 0x10.

Davee
Guru
Posts: 278
Joined: Mon Jan 10, 2011 1:24 am

Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

Post by Davee » Wed Jul 06, 2011 3:29 pm

http://lolhax.org/2011/07/06/kirk-0x10- ... y/#more-81

How to encrypt/decrypt the KIRK 0x10 ;)
Follow me on twitter: @DaveeFTW

Post Reply

Return to “Programming and Security”