[svenmullet]

Originally Posted by Octopus The new key is 0x10 from 800000000035E104 xored with 67 EE E4 B3 6D DE EC 0E 70 08 8E F6 D2 D4 97 CC

You forgot to post the "0x10 from 800000000035E104" part. Please do so

[mirkie]

Originally Posted by svenmullet You forgot to post the "0x10 from 800000000035E104" part. Please do so

I thought you said they were random

ontopic:

Great job my friend. Nobody came this far.

[svenmullet]

Originally Posted by mirkie I thought you said they were random ontopic: Great job my friend. Nobody came this far.

Oh FFS, not this again. You have no idea what you're talking about, so please stfu. The value I asked for is a static value in the lv2. The random value I was talking about previously is the challenge/response dialog with the dongle to authenticate. Please stick to what you know, like... I dunno, lego or maybe coloring books.

[mirkie]

Originally Posted by svenmullet Oh FFS, not this again. You have no idea what you're talking about, so please stfu. The value I asked for is a static value in the lv2. The random value I was talking about previously is the challenge/response dialog with the dongle to authenticate. Please stick to what you know, like... I dunno, lego or maybe coloring books.

No I mean you said the encryption was random.

[svenmullet]

Originally Posted by mirkie No I mean you said the encryption was random.

Oh did I? Please quote me.

[edit] I'm not going to wait around for you to quote me, because I never said that, but anyway, I'm not letting trollskie derail this thread. <ignore on>

[mirkie]

Originally Posted by svenmullet Oh did I? Please quote me. [edit] I'm not going to wait around for you to quote me, because I never said that, but anyway, I'm not letting trollskie derail this thread. <ignore on>

First off, I think you have it backwards: the PS3 sends a plaintext string (which is random) and because it knows the algo/key, it expects the dongle to return the same string in encrypted form. Secondly, if you could spoof the entire authentication routine by carefully studying a protocol analyzer dump and send it, for instance "00000000" as the plaintext and it returns "*j63hj*9" as the response, can you deduce the algo/key from that? The algo could be something involving byte-reversal, substitution, shifting, anything under the sun. *Then* encrypted with a key. It's mathematically impossible to figure out, in other words. People have been trying to dump the rom on it and reverse that, but the MCU they used has so much security on-die that even a dump of it's contents is impossible to reverse, as the rom itself is encrypted (the MCU decodes it's own rom in realtime). They used ProASIC for a reason. If you could, over the course of a very long time, send it every possible combination of plaintext and log all it's responses, you might eventually figure out what the algo/key is, but that's not gonna happen. And for the last time: dongle=red herring. If you don't know what a red herring is, please refer to this page.

I loved the red herring part, since the TS told that the dongle is the important thing. Anyway we all make mistakes.


I don't want to ruin this thread so I will stop with this.

[mcmrc1]

can someone explain in a noob language what this all means ? is it helpfull or just another useless finding ?

[mirkie]

Originally Posted by mcmrc1 can someone explain in a noob language what this all means ? is it helpfull or just another useless finding ?

It is very helpful. This leads us to the right direction and not like one guy said that the TB dongle is a "red herring". The TB dongle is the thing that needs to be decrypted with the keys in the TB CFW if I am understanding the TS correctly.

[svenmullet]

Don't listen to mirkie, he's a clueless troll. I firmly believe he posts on any TB-related thread for the sole purpose of derailing it/getting it closed. Someone ban this fool already. See his quote above, where I supposedly said "the encryption is random". (I said the challenge is random, and besides, that concerns the initial authentication of the dongle, nothing whatsoever to do with lv2 encryption)

[mirkie]

Originally Posted by svenmullet Don't listen to mirkie, he's a clueless troll. I firmly believe he posts on any TB-related thread for the sole purpose of derailing it/getting it closed. Someone ban this fool already. See his quote above, where I supposedly said "the encryption is random". (I said the challenge is random, and besides, that concerns the initial authentication of the dongle, nothing whatsoever to do with lv2 encryption)

You are right about the encryption part. But the funny thing is you say you can't decrypt it and in the end you say you could try it with blabla.

Also remember what you said, "TB dongle is a red herring"

And go on with your conspiracy theories. Maybe you think I am the creator of TB. But okay I won't respond at you anymore. I was fun trolling you with your own words.