Talk:ReDRM / Piracy dongles: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
I kinda figured how it works already</br>
I kinda figured how it works already</br>
they patched lv1 and lv2
they patched lv1 and lv2</br>
and they have lv2 to check if the self keyset is 0x10 or higher
and they have lv2 to check if the self keyset is 0x10 or higher</br>
if so it's sent to lv1 through a separate hypercall than hvsc99
if so it's sent to lv1 through a separate hypercall than hvsc99</br>
which sends the self or part of it to the usb hw
which sends the self or part of it to the usb hw</br>
which performs some crypto  
which performs some crypto </br>
I could do me to send their dongle
I could do me to send their dongle</br>
and returns a decrypted result to lv1
and returns a decrypted result to lv1</br>
at least that's what I got out of a few minutes of debugging
at least that's what I got out of a few minutes of debugging</br>
I am pretty sure the keys are on the dongle
I am pretty sure the keys are on the dongle</br>
3.60+ app keys
3.60+ app keys</br>
the ones you play games with
the ones you play games with</br>


<>  // do crypt
<>  // do crypt</br>
<>  unsigned char sector_key[16];
<>  unsigned char sector_key[16];</br>
<>  memset(sector_key, 0, 16);
<>  memset(sector_key, 0, 16);</br>
<>  sector_key[12] = (sector_num & 0xFF000000)>>24;
<>  sector_key[12] = (sector_num & 0xFF000000)>>24;</br>
<>  sector_key[13] = (sector_num & 0x00FF0000)>>16;
<>  sector_key[13] = (sector_num & 0x00FF0000)>>16;</br>
<>  sector_key[14] = (sector_num & 0x0000FF00)>> 8;
<>  sector_key[14] = (sector_num & 0x0000FF00)>> 8;</br>
<>  sector_key[15] = (sector_num & 0x000000FF)>> 0;
<>  sector_key[15] = (sector_num & 0x000000FF)>> 0;</br>
<>   
<>   
<>  // encrypt sector
<>  // encrypt sector</br>
<>  aes_context aes_ctx;
<>  aes_context aes_ctx;</br>
<>  aes_setkey_enc(&aes_ctx, G_DEBUG_KEY, 128);
<>  aes_setkey_enc(&aes_ctx, G_DEBUG_KEY, 128);</br>
<>  aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, aligned_size, sector_key, buff, buff);
<>  aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, aligned_size, sector_key, buff, buff);</br>
<>   
<>   
<>  // decrypt
<>  // decrypt</br>
<>  aes_context aes_ctx;
<>  aes_context aes_ctx;</br>
<>  aes_setkey_dec(&aes_ctx, G_DEBUG_KEY, 128);
<>  aes_setkey_dec(&aes_ctx, G_DEBUG_KEY, 128);</br>
<>  aes_crypt_cbc(&aes_ctx, AES_DECRYPT, aligned_size, sector_key, buff, buff);
<>  aes_crypt_cbc(&aes_ctx, AES_DECRYPT, aligned_size, sector_key, buff, buff);</br>


that's the algo for masterdiscs
that's the algo for masterdiscs</br>
ps3gen dll has the static keys for masterdiscs
ps3gen dll has the static keys for masterdiscs</br>
you can also get it from sv_iso
you can also get it from sv_iso</br>
the crappy sdk tool that generates masterdisc images for dex
the crappy sdk tool that generates masterdisc images for dex</br>

Revision as of 21:58, 23 October 2011

I kinda figured how it works already
they patched lv1 and lv2
and they have lv2 to check if the self keyset is 0x10 or higher
if so it's sent to lv1 through a separate hypercall than hvsc99
which sends the self or part of it to the usb hw
which performs some crypto
I could do me to send their dongle
and returns a decrypted result to lv1
at least that's what I got out of a few minutes of debugging
I am pretty sure the keys are on the dongle
3.60+ app keys
the ones you play games with

<> // do crypt
<> unsigned char sector_key[16];
<> memset(sector_key, 0, 16);
<> sector_key[12] = (sector_num & 0xFF000000)>>24;
<> sector_key[13] = (sector_num & 0x00FF0000)>>16;
<> sector_key[14] = (sector_num & 0x0000FF00)>> 8;
<> sector_key[15] = (sector_num & 0x000000FF)>> 0;
<> <> // encrypt sector
<> aes_context aes_ctx;
<> aes_setkey_enc(&aes_ctx, G_DEBUG_KEY, 128);
<> aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, aligned_size, sector_key, buff, buff);
<> <> // decrypt
<> aes_context aes_ctx;
<> aes_setkey_dec(&aes_ctx, G_DEBUG_KEY, 128);
<> aes_crypt_cbc(&aes_ctx, AES_DECRYPT, aligned_size, sector_key, buff, buff);

that's the algo for masterdiscs
ps3gen dll has the static keys for masterdiscs
you can also get it from sv_iso
the crappy sdk tool that generates masterdisc images for dex