Crypto / DRM
Update: AES Content Keys
AES Content Keys
84 41 07 03 DA A8 4E 86 AC D4 F4 DF A2 44 1F 37
Boot Signature
/BOOT/SESS/STRT/bsig=DL_GameDev-0012345-Exampl-Devel-Test1&vers=PG&edtn=0
(Not posting actual bsig of games or apps to stop this from being fixed before its useful)
First 2 bytes of the sig "0012345" are dev specific and dont change when an update or patch is issued.
3rd Byte is predictable based on prior update for the application.
/BOOT/SESS/HRDW/mntd=1&knct=0
(Extra Auth/Boot Signature ID)
Retail BootSigID Update 1: e9b803
dbf4c9a69f7cc46952e9b803
Retail BootSigID Update 2: f3df56
dbf4c9a69f7cc46952f3df56
/BSID/STR0/TLM3/data=dbf4c9a6 (8 Bytes)
/BSID/STR1/TLM3/data=9f7cc469 (8 Bytes)
/BSID/STR2/TLM3/data=52UPDATE (8 Bytes)
Last 6 bytes of /STR2/ change every time a new update or patch is issued. Others stay constant and are app specific.
/BSID/STR0/STR1/bsid=dbf4c9a69f7cc46952UPDATE (24 Bytes)
Updates for certain apps and games can be skipped by making the BootSig and the BootSigID match the most recent patch when the check is done.
Note: Some apps also check "minRequiredAppVersion".
Compression & Encryption
Some games are packaging game updates/script files with lzma. After you decompress the lzma the files you get have an additional layer of encryption.
Registry
HardwareId= getRegistry().hardwareId
Manufacturing Id= getRegistry().hardwareId:sub(1, 4)
Model Id= getRegistry().hardwareId:sub(1, 8)
registerStateType(default, cancel, reset)
PseudoRandom Number Generator
math.randomseed(Time)
The Randomseed for software based PRNG is just time, allowing you to predict the seed due to low entropy
- ↑ The choice of a good random seed is crucial in the field of computer security. When a secret encryption key is pseudo-randomly generated, having the seed will allow one to obtain the key.
Video DRM
PlayReady
PlayReady DRM (used by PS4/PS3 Netflix e.g.) - note: 4K is not supported as that would require PlayReady 3.0
Edit: Netflix and Hulu are supporting 4K on the PS4 Pro apparently without Playready 3 using the same APP with the PS4 Pro in PS4 GPU mode. The PS4 Intellectual notice does mention Playready and states that the device can be disabled which is embedded Playready greater than 2.5. Playready 2.5 and lower is in the APP not in a TEE on the PS4.
Apparently all Commercial apps are currently using a 2008 PC Vista model which uses the APU's GPU for codecs. http://www.anandtech.com/show/2622/2
A fail overflow programmer states that Display Port Video exits the APU over a PCIe4 bus to the Custom Panasonic HDMI chip where it is converted to HDMI. In the 2008 Vista PC model, Video is encrypted on the PCIe bus and HDCP takes place in the GPU not the HDMI chip; this would be necessary for 4K video leaving the GPU
Sony calls all PS4s UHD Capable here http://efficientgaming.eu/fileadmin/user_upload/SONY__PCR_2016_CUH1116A.pdf What that means may only be HD + HDR for Games which takes the negotiation of a HDMI 2.0a port. Or it can also support HD + HDR for commercial media or full UHD. This would require a TEE with embedded Playready 3 and my guess optimally happens in Southbridge with a path using PCIe4 from Southbridge to HDMI and with full screen video the APU would be off with GDDR5 in Self refresh. Any need for UI would turn on the APU's GPU. Games would continue using the APU to HDMI PCIe4 path as that has the least latency.
Marlin
Marlin DRM (used by PS4/PS3/PSP)
Advanced Access Content System (AACS)
AACS (used by BluRay Video / BD]
AES encrypted video
AES-128 (used for Live Streaming?)
AMD64 has AES-NI support
Key selection vector (KSV)
Content Scramble System (CSS)
CSS (used by DVD-Video)
Cinavia - in short terms, PS4 has Cinavia built-in the System Firmware. Message Code 3 = CE-37960-5
| |||||||||||||||||||||||||||||||||||||
