ENCDEC Device Reverse Engineering: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
Line 12: Line 12:
* First host and ENCDEC device exchange random numbers.
* First host and ENCDEC device exchange random numbers.
* From the exchanged random numbers host and ENCDEC device compute the session key.
* From the exchanged random numbers host and ENCDEC device compute the session key.
* ENCDEC commands, e.g. to set ATA keys, are encrypted with the session key.
* ENCDEC commands, e.g. to set ATA keys, are encrypted with the session key and AES-CBC-192.
* Before a secure communication channel is established, host and ENCDEC device use static AES-CBC-192 keys to encrypt communication data. The static keys can be found e.g. in sb_iso_spu_module.self or sv_iso_spu_module.self.
* During the communication, host and ENCDEC device use random IVs which are sent unencrypted together with encrypted payload.


=Set ATA Keys=
=Set ATA Keys=


=Set ENCDEC Keys=
=Set ENCDEC Keys=

Revision as of 22:27, 15 August 2012

Introduction

  • The following information was reverse engineered from LV1, Storage Manager in LPAR1, sb_iso_spu_module.self and sv_iso_spu_module.self.

Linux Driver ps3encdec

  • I'm using this driver to set/clear my ATA and VFLASH keys.
  • Tested on Linux 3.5.1.

Establish Secure Communication Channel

  • First host and ENCDEC device exchange random numbers.
  • From the exchanged random numbers host and ENCDEC device compute the session key.
  • ENCDEC commands, e.g. to set ATA keys, are encrypted with the session key and AES-CBC-192.
  • Before a secure communication channel is established, host and ENCDEC device use static AES-CBC-192 keys to encrypt communication data. The static keys can be found e.g. in sb_iso_spu_module.self or sv_iso_spu_module.self.
  • During the communication, host and ENCDEC device use random IVs which are sent unencrypted together with encrypted payload.

Set ATA Keys

Set ENCDEC Keys