Originally Posted by svenmullet
First off, I think you have it backwards: the PS3 sends a plaintext string (which is random) and because it knows the algo/key, it expects the dongle to return the same string in encrypted form. Secondly, if you could spoof the entire authentication routine by carefully studying a protocol analyzer dump and send it, for instance "00000000" as the plaintext and it returns "*j63hj*9" as the response, can you deduce the algo/key from that? The algo could be something involving byte-reversal, substitution, shifting, anything under the sun. *Then* encrypted with a key. It's mathematically impossible to figure out, in other words. People have been trying to dump the rom on it and reverse that, but the MCU they used has so much security on-die that even a dump of it's contents is impossible to reverse, as the rom itself is encrypted (the MCU decodes it's own rom in realtime). They used ProASIC for a reason. If you could, over the course of a very long time, send it every possible combination of plaintext and log all it's responses, you might eventually figure out what the algo/key is, but that's not gonna happen.
And for the last time: dongle=red herring. If you don't know what a red herring is, please refer to this page.
Tell me, where did you get this information from? I hope it's not from your fantasy world, because you can't know that without seeing the source or packetlogging the data.
Also if your theory was right, we still could decrypt it. If we send all characters possible to the dongle, it will send the encrypted version of it. This could be done with something called a... computer
And the big If is, IF you were right.