Talk:ReDRM / Piracy dongles: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
(previous talks with experts)
No edit summary
Line 34: Line 34:
  kinda lame <br/>
  kinda lame <br/>
  very lame<br/>
  very lame<br/>
npdrm encrypted but labeled as fself<br/>
npdrm encrypted but labeled as fself<br/>
it's a fself but I dunno what it does<br/>
it's a fself but I dunno what it does<br/>
I never looked at it<br/>
I never looked at it<br/>
I don't really care on doing more<br/>
I don't really care on doing more<br/>
if you use the masterdisc algo I provided<br/>
if you use the masterdisc algo I provided<br/>
and the proper key<br/>
and the proper key<br/>
which I am not supplying<br/>
which I am not supplying<br/>
you can decrypt all the psjb2 disc images<br/>
you can decrypt all the psjb2 disc images<br/>
right on pc<br/>
right on pc<br/>
grab the fself<br/>
grab the fself<br/>
and use them to run them on a regular 3.55 fw <br/>
and use them to run them on a regular 3.55 fw <br/>
ye oldnews :)<br/>
ye oldnews :)<br/>
basically security == LAME<br/>
basically security == LAME<br/>
still interesting to see how they patched the firmware to allow masterdiscs<br/>
still interesting to see how they patched the firmware to allow masterdiscs<br/>
they also do some auth with the dongle<br/>
they also do some auth with the dongle<br/>
which involves crypto<br/>
which involves crypto<br/>  
to make sure the firmware does not load without i<br/>t
to make sure the firmware does not load without i<br/>t
but if you don't need the firmware to load the games...<br/>
but if you don't need the firmware to load the games...<br/>
they could have added some extra keys in appldr and encrypted the damn eboots at least <br/>
they could have added some extra keys in appldr and encrypted the damn eboots at least <br/>
I guess they didn't have enough time or enough spu skills<br/>
I guess they didn't have enough time or enough spu skills<br/>

Revision as of 23:10, 24 October 2011

It seems the ps3jb2 loads masterdiscs with fself, with the algo provided and the right key (which is not provided) you can decrypt said masterdiscs images right on pc and grab the fself files.


   // do crypt
   unsigned char sector_key[16];
   memset(sector_key, 0, 16);
   sector_key[12] = (sector_num & 0xFF000000)>>24;
   sector_key[13] = (sector_num & 0x00FF0000)>>16;
   sector_key[14] = (sector_num & 0x0000FF00)>> 8;
   sector_key[15] = (sector_num & 0x000000FF)>> 0;
   
   // encrypt sector
   aes_context aes_ctx;
   aes_setkey_enc(&aes_ctx, G_DEBUG_KEY, 128);
   aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, aligned_size, sector_key, buff, buff);
   
   // decrypt
   aes_context aes_ctx;
   aes_setkey_dec(&aes_ctx, G_DEBUG_KEY, 128);
   aes_crypt_cbc(&aes_ctx, AES_DECRYPT, aligned_size, sector_key, buff, buff);

that's the algo for masterdiscs
ps3gen dll has the static keys for masterdiscs
you can also get it from sv_iso
the crappy sdk tool that generates masterdisc images for dex


more talk:

folks
I looked a little more
and it seems the psjb2 just runs masterdiscs
with fself
kinda lame
very lame
npdrm encrypted but labeled as fself
it's a fself but I dunno what it does
I never looked at it
I don't really care on doing more
if you use the masterdisc algo I provided
and the proper key
which I am not supplying
you can decrypt all the psjb2 disc images
right on pc
grab the fself
and use them to run them on a regular 3.55 fw
ye oldnews :)
basically security == LAME
still interesting to see how they patched the firmware to allow masterdiscs
they also do some auth with the dongle
which involves crypto
to make sure the firmware does not load without i
t but if you don't need the firmware to load the games...
they could have added some extra keys in appldr and encrypted the damn eboots at least
I guess they didn't have enough time or enough spu skills