|
|
10-27-2012
|
#461 | |
|
Hired Gun
 
Join Date: May 2011
Posts: 6,710
Likes: 2,528
Liked 3,262 Times in 1,807 Posts
Mentioned: 971 Post(s)
Tagged: 1 Thread(s)
|
__________________
Check Blacklist of FAKE devs
Check Whitelist of TRUSTED devs Tutorial : DEX conversion (TEST-DEBUG) One thread with all DEX information published so far. One thread with PS3 LV0 keys, CFW'S and many more. PS3devwiki your number 1 source. Check it. Console ID's Market Warning thread PS3 Ban, CFW, Unban. How to avoid it. |
|
|
|
|
10-27-2012
|
#462 | |
|
Member
 
Join Date: Aug 2012
Posts: 116
Likes: 15
Liked 19 Times in 14 Posts
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
|
It's similar... |
|
|
|
|
|
10-27-2012
|
#463 |
|
Member
 
Join Date: May 2011
Posts: 64
Likes: 0
Liked 6 Times in 3 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
hwat can we use this algo key for?
|
|
|
|
|
10-27-2012
|
#464 | ||
|
Member
 Join Date: Dec 2011
Posts: 360
Likes: 235
Liked 857 Times in 185 Posts
Mentioned: 188 Post(s)
Tagged: 0 Thread(s)
|
I have been looking at the pastie too. and translate the pastie into an openssl command
test command Code:
Zadow ~/ssl $ openssl aes-128-cbc -d -in all.bin -out decall.bin -nosalt -K ( TEST ERK) -iv (TEST IV ) -p -nopad key=8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B iv =ACA5B101EC4B9497691632917E555472 Code:
Zadow @zadow -PC ~/ssl $ openssl aes-128-cbc -d -in all.bin -out decall.bin -nosalt -K 8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B -iv ACA5B101EC4B9497691632917E555472 -p -nopad key=8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B iv =ACA5B101EC4B9497691632917E555472 that is the 48 hex bytes of the erk+riv (the scrampled one) then in the command -K 8EACAB1950A79147DB391A88FCF9DE1B097C5667DBB6F6E1FEAA4980AB4E7E1B -iv ACA5B101EC4B9497691632917E555472 is where you put you test erk and iv if it decrypts right the decall.bin would match the one you put in the all.bin its an little time comsuming to insert all the hex. and dont know but got an hunch that it could be DEADBEEF @evilsperm ************* [ - Post Merged - ] ************* @ redcfw
Code:
000365E0 AA F6 5A 91 EC 37 2C 69 09 69 09 0F 59 E5 3C 3E ¬÷Zæý7,i.i..YÕ<> 000365F0 66 BC B4 17 D1 4A 2B 59 26 40 80 1C 11 B7 B4 9B f+¦.ÐJ+Y&@Ç..À¦ø 00036600 A5 79 8C 25 43 13 BC 54 16 95 1E 24 EA D3 C9 85 Ñyî%C.+T.ò.$ÛË+à 00036610 2F F2 36 15 2A 47 76 DA D3 9B 50 92 44 E8 F5 C2 /=6.*Gv+ËøPÆDÞ§- 00036620 FF FF FF FF 00 00 00 00 00 00 00 01 00 00 00 01 ****............ 00036630 FF FF FF FF 00 00 00 07 00 00 00 06 00 00 00 02 ****............ 00036640 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00036650 FF FF FF FF 00 00 00 30 00 00 00 20 00 00 00 20 ****...0... ... 00036660 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00036670 00 00 00 00 FF FF FF F0 00 00 00 00 00 00 00 00 ....****........ 00036680 62 7C B1 80 8A B9 38 E3 2C 8C 09 17 08 72 6A 57 b|¦Çè¦8Ò,î...rjW 00036690 9E 25 86 E4 00 00 00 00 00 00 00 00 00 00 00 00 ×%åõ............ Code:
00036680 62 7C B1 80 8A B9 38 E3 2C 8C 09 17 08 72 6A 57 b|¦Çè¦8Ò,î...rjW 00036690 9E 25 86 E4 00 00 00 00 00 00 00 00 00 00 00 00 ×%åõ............ that is some off the metadata that is in every signed file by sony eboots etc. but not in the appldr from 3.55- infact it shouldent be in any decrypted file. so got some thing with the keys.
buy the way i allready tried these keys myself, didnt work you have to reverse it longer back. Thats why i use the openssl to test.
__________________
 Last edited by zadow28; 10-27-2012 at 08:48 AM. |
||
|
|
|
|
Likes: (3) |
|
10-27-2012
|
#465 |
|
Apprentice
 Join Date: Oct 2012
Location: Switzerland
Posts: 13
Likes: 4
Liked 11 Times in 5 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
redcfw, have you tested it? I tested with lv2ldr and it didn't seem to work.
|
|
|
|
|
10-27-2012
|
#466 | |
 Join Date: Oct 2011
Posts: 21
Likes: 22
Liked 8 Times in 5 Posts
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
|
ive found the same thing, the 1st and the 3rd key seems like it decrypts the erks, the 2nd and 4th keys decrypt the rivs im still trying to confirm its aes, and also the CypherMode, now if that is a sha1 hash in redcfw's post, im inclined to think its aesctr, for instance retail pkg's use aesctr  ************* [ - Post Merged - ] ************* now that i look at more at redcfw's post, is ch73 the resulting hmac?, looks good recfw, thank you Last edited by BuC-ShoTz; 10-27-2012 at 11:22 AM. |
|
|
|
|
|
10-27-2012
|
#467 | |
|
Apprentice
Join Date: Oct 2012
Location: Switzerland
Posts: 13
Likes: 4
Liked 11 Times in 5 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
According to recfw's code, hmac is in ch73 (which was [u8 ch73[] = { 0x40, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; //?? i dont get it yet] before he edited his post) and result stored in u8 ch73shErk[0x10] and ch73shIv[0x10]; Tried with lv2ldr, result is 3da56b9b349048917aa86511f9651f122ac5a6756b6899fc828b305b5cd0ddda88d4d3a54efaa744e2fee5de543da0d7 |
|
|
|
|
|
10-27-2012
|
#468 |
|
Member
Join Date: Aug 2012
Posts: 116
Likes: 15
Liked 19 Times in 14 Posts
Mentioned: 2 Post(s)
Tagged: 0 Thread(s)
|
So... where are the keys? :P I'm not good on coding but I think that we can try the algo and see if we get keys.. or not?
|
|
|
|
|
10-27-2012
|
#469 |
|
Apprentice
Join Date: Apr 2012
Posts: 19
Likes: 0
Liked 7 Times in 3 Posts
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
|
I'm trying to compile the code from naehwert, but I keep getting the following error:
/usr/include/sys/types.h:9:27: sys/sys_types.h: No such file or directory Do we have to use a certain Sony SDK? |
|
|
|
|
10-27-2012
|
#470 |
|
Member
Join Date: Dec 2011
Posts: 360
Likes: 235
Liked 857 Times in 185 Posts
Mentioned: 188 Post(s)
Tagged: 0 Thread(s)
|
use my ssl command it does exactly the same thing as the pastie.
__________________
|
|
|
|
 |
| Bookmarks |
| Thread Tools | |
|
|
