Talk:050.003: Difference between revisions
Jump to navigation
Jump to search
(29 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
= Metadata Mapping = | |||
== Lv0 (clean) == | |||
<pre> | |||
00 00 00 00 00 00 05 30 │ 00 00 00 01 00 00 00 02 | |||
00 00 00 08 00 00 00 30 │ 00 00 00 00 00 00 00 00 | |||
00 00 00 00 00 01 05 80 │ 00 00 00 00 00 00 03 68 | |||
00 00 00 02 00 00 00 00 │ 00 00 00 02 00 00 00 00 | |||
00 00 00 03 00 00 00 02 │ 00 00 00 03 00 00 00 01 | |||
00 00 00 00 00 02 07 A0 │ 00 00 00 00 00 03 4A F0 | |||
00 00 00 02 00 00 00 01 │ 00 00 00 02 00 00 00 04 | |||
00 00 00 03 00 00 00 06 │ 00 00 00 07 00 00 00 01 | |||
60 16 B2 9B 20 D7 09 84 │ 7B 2A 97 60 5F A3 56 AA | |||
CE 10 25 50 00 00 00 00 │ 00 00 00 00 00 00 00 00 | |||
</pre> | |||
= Metadata similarities = | = Metadata similarities = | ||
Line 136: | Line 153: | ||
== Lv1 == | == Lv1 == | ||
<pre> | <pre> | ||
key: | key: F4 41 B3 8B 7E 0B A8 27 D3 76 DC 93 0F 42 9A 5C | ||
iv: | iv: 31 A2 E8 10 75 A9 6D A9 64 26 F1 44 EF 7C CE BF | ||
</pre> | </pre> | ||
Line 145: | Line 161: | ||
== Lv0/Updater == | == Lv0/Updater == | ||
<pre> | <pre> | ||
key: | key: 80 7D DE FF ED A1 27 81 20 B4 F0 D8 3D 5D 00 D3 | ||
iv: | iv: B5 EA 43 1C 82 85 54 C4 E5 1D 4E 93 AF 98 EB 67 | ||
</pre> | </pre> | ||
Line 163: | Line 179: | ||
* xoring lv0 partial hash 2 with lv1 key returns delta of | * xoring lv0 partial hash 2 with lv1 key returns delta of | ||
13 4B 2E 18 | 13 4B 2E 18 | ||
* Signatures always start with 00 | |||
* Sizes of sections can be found at the self header. in the case of two section selfs, offsets 0xEC and 0x11C will tell you the sizes. | |||
* You can double check the first section hash of lv0! just go to the plaintext after the first encrypted section, select the decrypted one with size X bytes (0xEC) and calculate sha1sum | |||
== Lv2 == | == Lv2 == | ||
<pre> | <pre> | ||
key: BE 56 02 | key: BE 56 02 4D 8C 05 1D 07 54 FC BF 10 11 EA 7F 9C | ||
iv: | iv: 46 0A AA 74 9A E2 C5 20 D0 C0 86 2A 28 D3 B5 3C | ||
</pre> | </pre> | ||
== Sys init selfs == | == Sys init selfs == | ||
Same as for LV2. | |||
= Possible Hashes (Meta) = | = Possible Hashes (Meta) = | ||
Line 182: | Line 200: | ||
* hash 1 | * hash 1 | ||
<pre> | <pre>6016b29b20da2e777b2a97605faa1e6bce102550</pre> | ||
* hash 2 | |||
</pre> | |||
<pre>d43303bc90861ca3704ab17a54f592b5671346e9</pre> | |||
== lv1 (clean) == | == lv1 (clean) == | ||
Line 192: | Line 211: | ||
<pre> | <pre> | ||
XX XX XX XX | XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX | ||
3F XX XX XX | 3F XX XX XX | ||
</pre> | </pre> | ||
Line 199: | Line 218: | ||
<pre> | <pre> | ||
XX XX XX XX XX XX XX XX XX XX BF EF 95 60 18 90 | |||
AF D8 07 09 | AF D8 07 09 | ||
</pre> | </pre> | ||
Line 218: | Line 237: | ||
S: 00 52 A7 31 DD 2E EF 04 25 51 97 08 0B 36 DB 4A 56 B3 17 5D D9 | S: 00 52 A7 31 DD 2E EF 04 25 51 97 08 0B 36 DB 4A 56 B3 17 5D D9 | ||
</pre> | </pre> | ||
== lv2_kernel.self == | |||
<pre> | |||
R: 00 2F 84 BC 4B AF D9 D7 27 3A FC 7B B2 9A 61 F2 BB A5 B3 30 B9 | |||
S: 00 13 A2 F5 3C 28 29 03 F4 EC 46 XX XX XX XX XX XX XX XX XX XX | |||
</pre> | |||
== lv1.self == | |||
<pre> | |||
R: 00 6C 57 C0 A7 5A A4 A7 EE 33 77 54 09 72 10 F2 29 C4 BB DA C9 | |||
S1: 00 7A AD 2A E3 7E BC BC 55 52 E7 0E 60 0C 15 13 B8 69 29 C9 D0 | |||
S2: 00 81 C8 DD 03 19 A2 8B 8E 30 F9 F0 64 AB 98 50 8E D3 63 FE 42 | |||
</pre> | |||
== lv0 == | |||
same R as lv1 | |||
= Meta List = | |||
Note: Some Metas are corrupt. Most lv1 and lv0 metas are perfect however. Contains extra metas | |||
https://dl.dropboxusercontent.com/u/35197530/coolstuff/meta.zip |
Latest revision as of 02:21, 7 December 2014
Metadata Mapping[edit source]
Lv0 (clean)[edit source]
00 00 00 00 00 00 05 30 │ 00 00 00 01 00 00 00 02 00 00 00 08 00 00 00 30 │ 00 00 00 00 00 00 00 00 00 00 00 00 00 01 05 80 │ 00 00 00 00 00 00 03 68 00 00 00 02 00 00 00 00 │ 00 00 00 02 00 00 00 00 00 00 00 03 00 00 00 02 │ 00 00 00 03 00 00 00 01 00 00 00 00 00 02 07 A0 │ 00 00 00 00 00 03 4A F0 00 00 00 02 00 00 00 01 │ 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 06 │ 00 00 00 07 00 00 00 01 60 16 B2 9B 20 D7 09 84 │ 7B 2A 97 60 5F A3 56 AA CE 10 25 50 00 00 00 00 │ 00 00 00 00 00 00 00 00
Metadata similarities[edit source]
Between lv1[edit source]
0000000 0000 0000 0000 0000 0000 0000 0000 0000 * 00000f0 6868 6868 6868 6868 6868 6868 6868 6868 <- hash 1 0000100 6868 6868 0000 0000 0000 0000 0000 0000 0000110 0000 0000 0000 0000 0000 0000 0000 0000 * 0000130 6868 6868 6868 6868 6868 6868 6868 6868 <- hash 2 0000140 6868 6868 0000 0000 0000 0000 0000 0000 0000150 0000 0000 0000 0000 0000 0000 0000 0000 * 0000170 6868 6868 6868 6868 6868 6868 6868 6868 <- hash 3 0000180 6868 6868 0000 0000 0000 0000 0000 0000 0000190 0000 0000 0000 0000 0000 0000 0000 0000 * 00001b0 7272 7272 7272 7272 7272 7272 7272 7272 00001c0 7272 7272 7372 7373 7373 7373 7373 7373 00001d0 7373 7373 7373 7373 7373 0000 0000 0000 00001e0 0000 0000 0000 0000 0000 0000 0000 0000 * 0000220
Between lv0/updater[edit source]
0000000 XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX * 00000c0 HHHH HHHH HHHH HHHH HHHH HHHH HHHH HHHH <- Hash 1 00000d0 HHHH HHHH XXXX XXXX XXXX XXXX XXXX XXXX 00000e0 XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX * 0000100 HHHH HHHH HHHH HHHH HHHH HHHH HHHH HHHH <- Hash 2 0000110 HHHH HHHH XXXX XXXX XXXX XXXX XXXX XXXX 0000120 XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX * 0000140 RRRR RRRR RRRR RRRR RRRR RRRR RRRR RRRR <- R point 0000150 RRRR RRRR RRSS SSSS SSSS SSSS SSSS SSSS <- S point 0000160 SSSS SSSS SSSS SSSS SSSS XXXX XXXX XXXX 0000170 XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXXX * 0000190
Between lv2[edit source]
0000000 0000 0000 0000 0000 0000 0000 0000 0000 * 0000090 6868 6868 6868 6868 6868 6868 6868 6868 <- hash 1 00000a0 6868 6868 0000 0000 0000 0000 0000 0000 00000b0 0000 0000 0000 0000 0000 0000 0000 0000 * 00000d0 6868 6868 6868 6868 6868 6868 6868 6868 <- hash 2 00000e0 6868 6868 0000 0000 0000 0000 0000 0000 00000f0 0000 0000 0000 0000 0000 0000 0000 0000 * 0000110 7272 7272 7272 7272 7272 7272 7272 7272 <- r 0000120 7272 7272 7372 7373 7373 7373 7373 7373 <- s 0000130 7373 7373 7373 7373 7373 0000 0000 0000 0000140 0000 0000 0000 0000 0000 0000 0000 0000 * 00001b0
Between sys_init selfs[edit source]
0000000 0000 0000 0000 0000 0000 0000 0000 0000 * 00000c0 6868 6868 6868 6868 6868 6868 6868 6868 <- hash 1 00000d0 6868 6868 0000 0000 0000 0000 0000 0000 00000e0 0000 0000 0000 0000 0000 0000 0000 0000 * 0000100 6868 6868 6868 6868 6868 6868 6868 6868 <- hash 2 0000110 6868 6868 0000 0000 0000 0000 0000 0000 0000120 0000 0000 0000 0000 0000 0000 0000 0000 * 0000140 6868 6868 6868 6868 6868 6868 6868 6868 <- hash 3 0000150 6868 6868 0000 0000 0000 0000 0000 0000 0000160 0000 0000 0000 0000 0000 0000 0000 0000 * 0000180 7272 7272 7272 7272 7272 7272 7272 7272 <- r 0000190 7272 7272 7372 7373 7373 7373 7373 7373 <- s 00001a0 7373 7373 7373 7373 7373 0000 0000 0000 00001b0 0000 0000 0000 0000 0000 0000 0000 0000 * 0000200
Between lv0/updater and lv1[edit source]
After proper cleanup it'll be put here
Structure (from first hash until signature)[edit source]
Size | Description |
---|---|
0x14 | Hash of Section |
0x0C | Padding? |
0x10 | Key? |
0x10 | Iv? |
This repeats until signature which has the following structure...
Structure (signature)[edit source]
Size | Description |
---|---|
0x15 | R(Starts with 00, when xored in same position returns 00 due to crypto fail) |
0x15 | S(Starts with 00) |
Remaining | Padding? |
- Note: If the hashes of a section match (which usually happens with the data section between small revision changes) you'll see 00 in the xor
Possible Keys and IVs (Meta)[edit source]
Lv1[edit source]
key: F4 41 B3 8B 7E 0B A8 27 D3 76 DC 93 0F 42 9A 5C iv: 31 A2 E8 10 75 A9 6D A9 64 26 F1 44 EF 7C CE BF
Lv0/Updater[edit source]
key: 80 7D DE FF ED A1 27 81 20 B4 F0 D8 3D 5D 00 D3 iv: B5 EA 43 1C 82 85 54 C4 E5 1D 4E 93 AF 98 EB 67
Notes:
- xoring lv0 key with lv1 key will return delta of
74 3C 6D 74 93 AA 8F A6 F3 C2 2C 4B 32 1F 9A 8F
- xoring lv0 iv with lv1 iv will return delta of
84 48 AB 0C F7 2C 39 6D 81 3B BF D7 40 E4 25 D8
- xoring lv0 key with lv1 iv will return delta of
B1 DF 36 EF 98 08 4A 28 44 92 01 9C D2 21 CE 6C
- xoring 00 00 00 00 00 00 00 00 00 00 00 00 with lv1 key returns
7E 0B A8 27 D3 76 DC 93 0F 42 9A 5C
- xoring lv0 partial hash 2 with lv1 key returns delta of
13 4B 2E 18
- Signatures always start with 00
- Sizes of sections can be found at the self header. in the case of two section selfs, offsets 0xEC and 0x11C will tell you the sizes.
- You can double check the first section hash of lv0! just go to the plaintext after the first encrypted section, select the decrypted one with size X bytes (0xEC) and calculate sha1sum
Lv2[edit source]
key: BE 56 02 4D 8C 05 1D 07 54 FC BF 10 11 EA 7F 9C iv: 46 0A AA 74 9A E2 C5 20 D0 C0 86 2A 28 D3 B5 3C
Sys init selfs[edit source]
Same as for LV2.
Possible Hashes (Meta)[edit source]
lv0 (clean)[edit source]
- hash 1
6016b29b20da2e777b2a97605faa1e6bce102550
- hash 2
d43303bc90861ca3704ab17a54f592b5671346e9
lv1 (clean)[edit source]
- hash 2
XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX 3F XX XX XX
- hash 3
XX XX XX XX XX XX XX XX XX XX BF EF 95 60 18 90 AF D8 07 09
Possible Signatures (Meta)[edit source]
sys_init_app.self (clean)[edit source]
R: 00 2F 84 BC 4B AF D9 D7 27 3A FC 7B B2 9A 61 F2 BB A5 B3 30 B9 S: 00 6C FB 58 A7 61 89 2A 67 BB 51 D5 55 84 DB B3 41 75 6D 89 47
sys_init_ios.self (clean)[edit source]
R: 00 2F 84 BC 4B AF D9 D7 27 3A FC 7B B2 9A 61 F2 BB A5 B3 30 B9 S: 00 52 A7 31 DD 2E EF 04 25 51 97 08 0B 36 DB 4A 56 B3 17 5D D9
lv2_kernel.self[edit source]
R: 00 2F 84 BC 4B AF D9 D7 27 3A FC 7B B2 9A 61 F2 BB A5 B3 30 B9 S: 00 13 A2 F5 3C 28 29 03 F4 EC 46 XX XX XX XX XX XX XX XX XX XX
lv1.self[edit source]
R: 00 6C 57 C0 A7 5A A4 A7 EE 33 77 54 09 72 10 F2 29 C4 BB DA C9 S1: 00 7A AD 2A E3 7E BC BC 55 52 E7 0E 60 0C 15 13 B8 69 29 C9 D0 S2: 00 81 C8 DD 03 19 A2 8B 8E 30 F9 F0 64 AB 98 50 8E D3 63 FE 42
lv0[edit source]
same R as lv1
Meta List[edit source]
Note: Some Metas are corrupt. Most lv1 and lv0 metas are perfect however. Contains extra metas
https://dl.dropboxusercontent.com/u/35197530/coolstuff/meta.zip