I can not promise I will be correct but for a bit of elaboration.
kirk keys seems to be the name for the master keys for the psp, why they were on the PS3 I am not sure (everything I know about such crypto says you keep the master/private keys locked down tight not distributed to X million potentially hostile types)- it is not the same the PS3 stuff that allowed private keys to be derived but that the PSP keys were stored in full on the PSP (presumably for allowing the PS3 to act as a server for PSP code- why they did it that way I am not sure but it is not the first time something has fallen to such silliness (I recall an itunes hack along similar lines some years back)).
All of what follows pretty much comes from kizafool's post
http://gbatemp.net/t272666-psp-keys-dumped...t&p=3371333
Code:
Want kirk keys?
1. Go to /dev_flash/pspemu/release/emulator_drm.sprx
/dev_flash/ is unix ish naming/filesystem talk- it means rock up to your PS3 onboard flash memory (dev stands for device- flash means flash).
There is a file system on there as there is with most larger memory spaces.
In the pspemu/release/emulator directory (maybe give or take some version numbers) there is a file called emulator_drm.sprx -prx is a plugin format (sprx is a minor tweak on it) and this is what houses the keys.
The sprx will be encrypted but we have decryption tools now available for various things PS3. There are also IDA modules for them to allow disassembly and presumably a measure of cleanup (IDA is very powerful).
You might be able to sidestep this step given current events and pull it from a PS3 firmware update (assuming it comes with firmware and is not a download).
"get spu_handler.isoself"
Not sure if this is an API or a module for the emulator_drm.sprx module. Simply put though it is likely the code bit of code that handles signing for the PSP stuff.
"decrypt it" seems to imply that it would not have been decrypted in your initial decrypting of the emulator_drm.sprx module. I believe there are SPU/SPE emulators and keys these days if nothing else.
grab keys
If they are not plain text (the starting values that were given being more than enough to tell) or embedded/referenced in an instruction/call now you have decrypted this spu_handler.isoself code you can probably poke a few things (feed a 00000...000h file or something to generate them if you have to- remember encryption is mathematics and signing long lengths of 00s and/or FF's- one or the other at least tends to spit out exact keys) to grab the keys.
Profit- you have the keys but
Code:
Keep in mind that keys are useless without their algorithms, so go reverse that (it's also in spu_handler.isoself)
Looking at the PS3 SELF stuff and assuming the ideas carry across if not the implementation- the header is encrypted which leads to another set of hashes which are signed and stuff like that each with different keys and initialisation vectors (which you now have). The trouble will be figuring out what order each key gets applied in and what sections it gets applied to (and if you are good at this what each section does). Fortunately the emulator_drm.sprx or indeed the spu_handler.isoself also handle this for the PS3 so by stepping through (or emulating) the program/calls you can figure out what order, locations and methods are used at each step and there is no end of sample code to test it out on.
By replicating these steps (presumably as a PC program but in a pinch you might be able to get the PS3 to do your dirty work by hacking the code to do it all) you get to sign code- in and of itself that might not be that useful right away as different formats available to a stock PSP for use and hardware level restrictions will likely crop up which you will need to sort- thinking that despite being readily able to write to PSP3000, unhackable 2000s and PSP GO flash memory you still have the various things to sort as per
http://img371.imageshack.us/img371/6698/cpus.png (thanks to others in this post for reminding me of that picture). Nothing terribly difficult to sort given the existing amount of code that does it but not quite a magic bullet.
In conclusion- nothing terribly difficult, can probably be replicated by anyone with basic assembly level hacking skills (it is essentially a play by play) and a beer/nod in the direction of Mathieulh.