User talk:Zer0Tolerance: Difference between revisions
mNo edit summary |
|||
Line 114: | Line 114: | ||
dump of eeprom with above data | dump of eeprom with above data | ||
=Syscon pinouts and schematics= | |||
<div style="float:right">[[File:SYSCON_SWx_JTP-001_JSD-001_HSW-001_CN101.jpg|300px|thumb|left|PS3 Power control and switches schematic for CECH-25xx series<br> | |||
Motherboards JTP-001 or JSD-001, SYSCON SW-x series, Switches board HSW-001, and 4 pins PSU connector (CN101) for PSU models APS-270 or EADP-200DB]]</div> | |||
This was made time ago based on several schematics made by mr.dutch, i joined all them together and added some corrections to the HSW-001 board circuit and a retracing for better placement and custom conectors made in kicad | |||
It was not uploaded to wiki before because im not so sure if the same schematics is used in all the syscon SWx series, or if is dependant of the motherboard, etc... | |||
I noticed you are looking at syscon pinouts so im uploading it now in case is handy |
Revision as of 03:16, 8 June 2015
thanks :) Euss
About eid2 des iv
just a quick heads up. both eid2 des ivs (the zeroed one and the other one) are valid to use. in a way, both glevand (zero iv) and naehrwert (fixed iv) are correct. make sure you consult with naehrwert for more info.
@zecoxao Just use openssl des-cbc -d -in pblock.desenc -out pblock.dec -nosalt -K 6CCAB35405FA562C -iv 989A955EFDE7A748 -p -nopad and openssl des-cbc -d -in pblock.desenc -out pblock.dec -nosalt -K 6CCAB35405FA562C -iv 0 -p -nopad Only the second one vector is valid. Thank You.
@Zer0Tolerance
it's very rare to see naehrwert wrong. maybe the algorithm is handled differently in libeeid(polarssl) than in openssl? i'll talk to him when i have a chance ;) either way, thanks :)
@zecoxao
Im sorry, but iv must be zero. :(
@ZeroTolerance
I'm almost sure i was able to decrypt default.spp
please check all 3.15 key combinations possible.
Thanks :)
@zecoxao
Im checked it and could not decrypt metainfo into default spp, please provide me the decrypted metainfo as proof.
@ZeroTolerance
Unfortunately i don't have it anymore. but i'll try to decrypt it anyways :)
@zecoxao
Please recheck (retry) it if possible. Im sure that we needed another key(set) to decrypt default.spp for ceb.
@ZeroTolerance
yes, you're correct. just tested other combinations and none of them work.
About EID0_0_UNK1
@ZeroTolerance
Pretty sure it's z1 and z2 (2 hashes). looks like it's a metadata of sorts :)
@Zecoxao
Maybe, maybe not. hash algorithm is unknown yet.
@ZeroTolerance
Have you tried checking if it's a pub from another curve?
@Zecoxao
Pub is a point with X and Y. One Pub for one Priv. These "hashes" are not constants. So this is not a Pub. It can be two hmac-sha1 or something. IDK what is this.
EEPROM Syscon Probing
- some useful links:
http://dangerousprototypes.com/docs/Bus_Pirate_101_tutorial (bus pirate)
https://www.saleae.com/downloads (logic analyzer)
- Analyzer settings:
http://pastie.org/private/khwaczthr5j2td9jmdfihq
- Bus pirate settings:
http://pastie.org/private/mqycmj8ynxj5mdzttrgpca
- More info:
http://pastie.org/private/f7siriweadsnrpq6dilq
- Write Unlock command:
0xA3 0x00 0x00
- Write command:
0xA4 0xXX 0xXX (XX XX is block id)
- Read command:
0xA8 0xXX 0xXX (XX XX is block id)
- Check Status command:
0xA9 0x00 0x00 0x00
- Some proof
https://mega.co.nz/#!hssQHZhI!bNMS3MgWx21iUrfLGBSoB2bA3Mfe3DVL23y_SENzDUw
https://mega.co.nz/#!wl8wSCKK!ZZkgeKd8hdRCMRpA2oWrrV5lirjupF_4k9boJkBpBfM
you need https://www.saleae.com/downloads
- https://mega.co.nz/#!UltlyCTL!TAooXpYEWU3DmYlnHbY1FX4IX8WwdZlLeSOXh9mh3nM
- https://mega.co.nz/#!MwEXmQwI!iWQ6Z6-5GhnX0-9r1FBPw9cpOBfKJCna-0dT2GSUj9E
dump of eeprom with above data
Syscon pinouts and schematics
This was made time ago based on several schematics made by mr.dutch, i joined all them together and added some corrections to the HSW-001 board circuit and a retracing for better placement and custom conectors made in kicad
It was not uploaded to wiki before because im not so sure if the same schematics is used in all the syscon SWx series, or if is dependant of the motherboard, etc...
I noticed you are looking at syscon pinouts so im uploading it now in case is handy