First of all, I want to leave clear that I'm a regular programmer, not a godly hacker or something like that xD LOL. but I have some ideas to share with you, devs who actually have more knowledge in the ps3keys area. Please read it all before losing faith on the theory, thanks =).
Getting the Idea
Recently while working on my own builds of the fail0verfl0w ps3tools with a new window interface an all, I reached the testing point of having to unpack retail PKGs. Then I started to look at the ps3keys and wondering this:
- Would it be possible for 'one person' to use a brute force attack using different key combinations until he hit the correct one? (for unknown keys, as FW 3.56+)
Then I thought, well in theory, yeah, it is possible BUT since ps3keys are so long it would take an "insanely" amount of time to try different keys combinations until we hit the correct one.
The Idea of: The World Vs PS3 Keys
The idea came with the next following question that I asked myself:
- Would it be possible for an 'undefined amount of people' from different parts of the world to unite their PC / devices power to do a brute force attack using different key combinations until we hit the correct one?
Again, my theory is that this should be possible IF the proper needed software is made or could be made.
An application that work like a torrent client in a way. A torrent client basically let users connect to a server and share different pieces of data so others can download a complete set of files. The united brute force attack application could be something like that.
The brute force attack client Application
If a module could be coded to evaluate provided 'keys' against a specific 'encrypted' file and see if it is the correct one, then in theory this application could do this:
- Users somehow obtain the valid 'encrypted' file that will be brute force attacked by 'The World' xD
- Users download a 'text' based file with server connection details, etc
- The application parse the 'text' based file to connect to 'X' server
- A check is made to see what 'range of keys' have already been tried
- The application assigns an 'unverified range of keys' to be tested against the 'encrypted' file.
- The application start the brute force attack loop until the assigned 'unverified range of keys' has been actually verified.
- On each loop finish, the application checks the server for new 'unverified range of keys' and continue the brute force attack
Some other features of such an application could be:
- Check various 'encrypted' files for different FW versions (Ex. 3.60, 4.21, etc)
- Minimized in the tray for silent brute force attack effort.
- On each test of a unverified set of keys, the application properly update its online database of tested keys
- All possible candidates of correct keys are stored on 'X' server for later verification
- Multi-threaded brute force attack method, if PC / device supports it to speed things up.
If an application like this could be done, then the chances of a successful brute force attack are more realistic than a single user trying to brute force attack by himself.
I invite any PS3 developer with motivation to crack the PS3 wide open once and for all to please consider something like this.
The end-user could help so much without having to know anything of hacking, just know how to use the brute force attack client application.
Thanks for reading, and hope to read constructive feedback soon!
PS: Maybe more technical details could be implemented in this whole theory, but I decided to make it as simple as possible for better understanding.