Talk:Graf's PSGroove Payload: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
mNo edit summary
mNo edit summary
Line 19: Line 19:
* HMAC-SHA1
* HMAC-SHA1
* AES 256 CBC - Advanced Encryption Standard Cipher-block chaining; fixed block size 128 bit, key size 256 bit - with 4x4 byte matrices
* AES 256 CBC - Advanced Encryption Standard Cipher-block chaining; fixed block size 128 bit, key size 256 bit - with 4x4 byte matrices
<pre>
erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED
iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E
hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5, 0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B, 0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69, 0x68, 0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06, 0xA6, 0xB5, 0xE0, 0xF9, 0xD9, 0x7A
</pre>

Revision as of 18:34, 28 May 2011

<Slynk> Hmm had a thought : / You know how the token and token seed are made at the same time? That means the token seed isn't passed into the processor... what is? It can't be just your idps right? Unless sony doesn't use the HV to make their tokens. There must be other info passed in that determines whether you receive a dummy token or the full one. ... Just a thought. ^^;

<rms> i can make my own tokens from a nor/nand dump. just like hypervisor

<kevin6548> so what does that mean when a sedd is created it passes something to proccessor . nit the whole seed but a by product of creating it . is that theroy

<rms> seed is calculated from eid which allows token to be calculated. its more of a byproduct/intermediate product. if you do the math, its simple: v+s+f+h=t

  • the seed value is made from your EID (from a NAND/NOR dump, either software with payload, or hardware)
  • updater manager calls spu_token_processor
  • sent out of spu_token_processor
  • IBM Cell Simulator with SE Linux (not the ancient Sony SPU Simulator from old pre 0.9x SDKs)
  • seed : 80 bytes, only the first 20 are populated
  • combo > 3 < 10 buttons

there are two algorithms used (one's an alternative of a hashing algorithm / one's a block cipher):

  • HMAC-SHA1
  • AES 256 CBC - Advanced Encryption Standard Cipher-block chaining; fixed block size 128 bit, key size 256 bit - with 4x4 byte matrices
erk: 0x34, 0x18, 0x12, 0x37, 0x62, 0x91, 0x37, 0x1C, 0x8B, 0xC7, 0x56, 0xFF, 0xFC, 0x61, 0x15, 0x25, 0x40, 0x3F, 0x95, 0xA8, 0xEF, 0x9D, 0x0C, 0x99, 0x64, 0x82, 0xEE, 0xC2, 0x16, 0xB5, 0x62, 0xED

iv: 0xE8, 0x66, 0x3A, 0x69, 0xCD, 0x1A, 0x5C, 0x45, 0x4A, 0x76, 0x1E, 0x72, 0x8C, 0x7C, 0x25, 0x4E

hmac: 0xCC, 0x30, 0xC4, 0x22, 0x91, 0x13, 0xDB, 0x25, 0x73, 0x35, 0x53, 0xAF, 0xD0, 0x6E, 0x87, 0x62, 0xB3, 0x72, 0x9D, 0x9E, 0xFA, 0xA6, 0xD5, 0xF3, 0x5A, 0x6F, 0x58, 0xBF, 0x38, 0xFF, 0x8B, 0x5F,0x58, 0xA2, 0x5B, 0xD9, 0xC9, 0xB5, 0x0B, 0x01, 0xD1, 0xAB, 0x40, 0x28, 0x67, 0x69, 0x68, 0xEA, 0xC7, 0xF8, 0x88, 0x33, 0xB6, 0x62, 0x93, 0x5D, 0x75, 0x06, 0xA6, 0xB5, 0xE0, 0xF9, 0xD9, 0x7A