[mirkie]

Originally Posted by svenmullet Oh did I? Please quote me. [edit] I'm not going to wait around for you to quote me, because I never said that, but anyway, I'm not letting trollskie derail this thread. <ignore on>

First off, I think you have it backwards: the PS3 sends a plaintext string (which is random) and because it knows the algo/key, it expects the dongle to return the same string in encrypted form. Secondly, if you could spoof the entire authentication routine by carefully studying a protocol analyzer dump and send it, for instance "00000000" as the plaintext and it returns "*j63hj*9" as the response, can you deduce the algo/key from that? The algo could be something involving byte-reversal, substitution, shifting, anything under the sun. *Then* encrypted with a key. It's mathematically impossible to figure out, in other words. People have been trying to dump the rom on it and reverse that, but the MCU they used has so much security on-die that even a dump of it's contents is impossible to reverse, as the rom itself is encrypted (the MCU decodes it's own rom in realtime). They used ProASIC for a reason. If you could, over the course of a very long time, send it every possible combination of plaintext and log all it's responses, you might eventually figure out what the algo/key is, but that's not gonna happen. And for the last time: dongle=red herring. If you don't know what a red herring is, please refer to this page.

I loved the red herring part, since the TS told that the dongle is the important thing. Anyway we all make mistakes.


I don't want to ruin this thread so I will stop with this.