Editing Talk:ReDRM / Piracy dongles
Jump to navigation
Jump to search
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
I kinda figured how it works already</br> | |||
they patched lv1 and lv2 | |||
and they have lv2 to check if the self keyset is 0x10 or higher | |||
if so it's sent to lv1 through a separate hypercall than hvsc99 | |||
which sends the self or part of it to the usb hw | |||
which performs some crypto | |||
I could do me to send their dongle | |||
and returns a decrypted result to lv1 | |||
at least that's what I got out of a few minutes of debugging | |||
I am pretty sure the keys are on the dongle | |||
3.60+ app keys | |||
the ones you play games with | |||
<> // do crypt | |||
<> unsigned char sector_key[16]; | |||
<> memset(sector_key, 0, 16); | |||
<> sector_key[12] = (sector_num & 0xFF000000)>>24; | |||
<> sector_key[13] = (sector_num & 0x00FF0000)>>16; | |||
<> sector_key[14] = (sector_num & 0x0000FF00)>> 8; | |||
<> sector_key[15] = (sector_num & 0x000000FF)>> 0; | |||
<> | |||
<> // encrypt sector | |||
<> aes_context aes_ctx; | |||
<> aes_setkey_enc(&aes_ctx, G_DEBUG_KEY, 128); | |||
<> aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, aligned_size, sector_key, buff, buff); | |||
<> | |||
<> // decrypt | |||
<> aes_context aes_ctx; | |||
<> aes_setkey_dec(&aes_ctx, G_DEBUG_KEY, 128); | |||
<> aes_crypt_cbc(&aes_ctx, AES_DECRYPT, aligned_size, sector_key, buff, buff); | |||
that's the algo for masterdiscs | |||
ps3gen dll has the static keys for masterdiscs | |||
you can also get it from sv_iso | |||
the crappy sdk tool that generates masterdisc images for dex | |||
that's the algo for masterdiscs | |||
ps3gen dll has the static keys for masterdiscs | |||
you can also get it from sv_iso | |||
the crappy sdk tool that generates masterdisc images for dex | |||