Editing HDD Encryption
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
=Introduction= | =Introduction= | ||
* The following information was reverse | * The following information was reverse enginered from LV1, Storage Manager in LPAR1 and sb_iso_spu_module.self. | ||
* I'm able to decrypt/encrypt my PS3 HDD and VFLASH on PC now. | * I'm able to decrypt/encrypt my PS3 HDD and VFLASH on PC now. | ||
=HDD Encryption= | =HDD Encryption= | ||
* XTS-AES-128 is used to encrypt all data on PS3 HDD. | * XTS-AES-128 is used to encrypt all data on PS3 HDD. | ||
* VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys. | * VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys. | ||
* Tweak and data XTS keys are of size 32 bytes but only the first 16 bytes are used. | * Tweak and data XTS keys are of size 32 bytes but only the first 16 bytes are used. | ||
=Dumping ATA Keys= | =Dumping ATA Keys= | ||
Line 30: | Line 14: | ||
* I modified sb_iso_spu_module.self to dump ATA keys. | * I modified sb_iso_spu_module.self to dump ATA keys. | ||
* ATA keys are passed as parameters to sb_iso_spu_module.self. | * ATA keys are passed as parameters to sb_iso_spu_module.self. | ||
==Program== | ==Program== | ||
Line 143: | Line 125: | ||
bi $lr | bi $lr | ||
</pre> | </pre> | ||
==Result== | ==Result== | ||
Line 161: | Line 142: | ||
Tweak key is at offset 0x40 (32 bytes) | Tweak key is at offset 0x40 (32 bytes) | ||
... | ... | ||
</pre> | </pre> | ||
Line 205: | Line 147: | ||
* VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys. | * VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys. | ||
* You cannot dump ENCDEC keys with sb_iso_spu_module.self. They are set in lv1ldr only | * You cannot dump ENCDEC keys with sb_iso_spu_module.self. They are set in lv1ldr only. | ||
* I used a modified lv1ldr with my Linux spuldrfs driver and dumped ENCDEC keys. | * I used a modified lv1ldr with my Linux spuldrfs driver and dumped ENCDEC keys. | ||
* XTS-AES-128 with 128bit tweak key and 128bit data key, just like ATA keys. | * XTS-AES-128 with 128bit tweak key and 128bit data key, just like ATA keys. | ||
* ENCDEC tweak and data keys are passed to lv1ldr NOT in clear text. | * ENCDEC tweak and data keys are passed to lv1ldr NOT in clear text. | ||
* ENCDEC keys are computed by lv1ldr with AES-CBC-256 by encrypting 32byte seeds. | * ENCDEC keys are computed by lv1ldr with AES-CBC-256 by encrypting 32byte seeds. | ||
* | * metldlr passes to lv1ldr AES-CBC-256 IV and key which are used to compute ENCDEC keys. | ||
==ENCDEC Key Seeds== | ==ENCDEC Key Seeds== | ||
Tweak key seed: | |||
<pre> | <pre> | ||
Line 228: | Line 165: | ||
</pre> | </pre> | ||
Data key seed: | |||
<pre> | <pre> | ||
Line 374: | Line 311: | ||
bi $lr | bi $lr | ||
</pre> | </pre> | ||
==Result== | ==Result== | ||
Line 396: | Line 332: | ||
... | ... | ||
</pre> | </pre> | ||