## Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functions

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Proxima
Guru
Posts: 47
Joined: Mon Jan 03, 2011 2:38 pm

### Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functions

The curve used for KIRK function 0xC, 0xD, 0x10, and 0x11
y^2 = x^3 +ax +b mod p

p = FFFFFFFFFFFFFFFF00000001FFFFFFFFFFFFFFFF
N= FFFFFFFFFFFFFFFEFFFFB5AE3C523E63944F2127
a= -3
b= A68BEDC33418029C1D3CE33B9A321FCCBB9E0F0B
Gx= 128EC4256487FD8FDF64E2437BC0A1F6D5AFDE2C

Kirk 0xC - Generate new private/public key set
Invocation:
u8 keypair[0x3c]
sceUtilsBufferCopyWithRange(keypair,0x3c,0,0,0xC);

This returns the following into the keypair buffer (each value is 0x14 bytes long):
0x00 - randomly generated private key
0x14 - Public Key point x value
0x28 - Public Key point y value

Basically function 0xC generates a random number < N and multiplies it to the base point G to get the new public key.

Kirk 0xD - point multiplication
Invocation:
u8 buffer[0x3C]
u8 newpoint[0x28]
memcpy(buffer, multiplier, 0x14);
memcpy(buffer+0x14, pointx, 0x14);
memcpy(buffer+0x28, pointy, 0x14);
sceUtilsBufferCopyWithRange(newpoint,0x28,buffer,0x3c,0xD);

The result is a new point(x and y are each 0x14 bytes long).

To test this, you can call 0xC service and copy the first 0x14 bytes to a new buffer, then copy the Gx and Gy values after that.
Calling 0xD with the new buffer will return the values of x and y that were generated by the 0xC call.

Kirk 0x10 - ECDSA Sign hash
Invocation:
u8 buffer[0x34]
u8 encryptedprivatekey[0x20] - the private key returned by KIRK 0xC must be AES encrypted somehow
u8 SHA1hashofmessagetosign[0x14]
memcpy(buffer,encryptedprivatekey,0x20)
memcpy(buffer+0x20,SHA1hashofmessagetosign,0x14)
sceUtilsBufferCopyWithRange(newsig,0x28,buffer,0x34,0x10);

newsig will have the r and s values for an ECDSA signature

This isn't that useful since it is not clear how to encrypt the private key to sign the message. There are some examples in IDStorage where a pre-encrypted private key and public key pair can be used, but no general cases yet.

Kirk 0x11 - ECDSA Verify Signature
Invocation:
u8 buffer[0x64]
memcpy(buffer,publickey,0x28)
memcpy(buffer+0x28,SHA1hashofmessagetosign,0x14)
memcpy(buffer+0x3C,newsig,0x28)
sceUtilsBufferCopyWithRange(0,0,buffer,0x64,0x11);

This returns 0 (good) or not 0 (bad) based on if the signature is successfully verify.

These functions seem secure. The random number generation they use seems to be strong and they do not have any of the gaps that the PS3 or KIRK1 have around re-use of random numbers.

m0skit0
Guru
Posts: 3817
Joined: Mon Sep 27, 2010 6:01 pm

### Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

Excellent post, and thank you very much for sharing your findings
I wanna lots of mov al,0xb

"just not into this RA stuffz"

coyotebean
Guru
Posts: 96
Joined: Mon Sep 27, 2010 3:22 pm

### Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

Excellent findings.

I think Cmd 0x10 & 0x12 uses a key related to the PSP / region. IIRC, the idstroage cert will fail the Cmd 0x10+0x11 & 0x12 validation on different PSP / region.

kael2404
Posts: 37
Joined: Thu Dec 09, 2010 3:00 pm

### Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

What does it mean?
I'm getting back 1st March

fidelcastro
Posts: 215
Joined: Sat Oct 02, 2010 1:34 pm

### Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

leave the post open to developers, great job proxima

Proxima
Guru
Posts: 47
Joined: Mon Jan 03, 2011 2:38 pm

### Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

coyotebean wrote:Excellent findings.

I think Cmd 0x10 & 0x12 uses a key related to the PSP / region. IIRC, the idstroage cert will fail the Cmd 0x10+0x11 & 0x12 validation on different PSP / region.

I haven't looked at 0x12 in depth yet, but you are correct. 0x10 is PSP specific. The 0x20 bytes are the encrypted private key and the decryption is PSP specific. So far I have confirmed it is not KIRK 8 or 5, nor KIRK 8 or 5 and any combination of KIRK 7. There are a few other permutations to try, but so far I've not found how the actual private key is encrypted in the 0x20 bytes for KIRK 0x10.

Davee
Guru
Posts: 278
Joined: Mon Jan 10, 2011 1:24 am

### Re: Interesting info on KIRK 0xC, 0xD, 0x10, and 0x11 functi

http://lolhax.org/2011/07/06/kirk-0x10- ... y/#more-81

How to encrypt/decrypt the KIRK 0x10