[rek1n]

The ps3 binary/disc authentification procedure explained.
Disclaimer: Please remember that this REMAINS SPECULATIVE and that I may have a few things wrong (if so and you find out about it, please correct me) here is how I believe (after a bit of investigation) the authentification process is being held:



Whenever you insert a disc (bluray one that is) the ps3 drive will look at a special area of the disc called BD ROM-Mark.

The ROM-Mark contains a certificate/key (signed by sony) which can be read by any drives but the data from it wont leave the usual bluray drives' ram space. This area is part of the official bluray specifications from the Bluray Disc Association (BDA) and is also use by bluray movies to authentificate a genuine movie disc and needs to be signed by whoever is credited to author bluray discs and produce them (only a few companies are as far as I am aware of), although I suspect the key for the blu-ray games to be unique so only sony can sign the ROM-Mark content on BD-ROM games.

P.S. Please do not mistake this for AACS or BD+ which are totally unrelated protections.

So let's continue with my explanation:


Once it checks the BD ROM-Mark it uses it as a key in order to perform decryption of the BD-ROM data which is physically encrypted. (it may not be the full key though I suspect another part of it or perhaps a key for an aditional encryption layer is stored in the playstation 3 (possibly in idstorage))

Once both the ROM-Mark signature is fully authentificated as genuine and the disc TOC is properly decrypted, the kernel authenticates the disc as a genuine BD-ROM disc.
Once done, it will load param.sfo (which also prevents disc swapping, although disc swapping should not be possible as the BD ROM-Mark in each BD-ROM games is different, it may even be unique per discs) and it will load icon1.png and other required files to be displayed on the ps3 vsh.

Once done whenever the user choses to run his game, the ps3 kernel will ask the hypervisor to check EBOOT.BIN's (which is a self file (or more specifically a SPU ELF binary)) signature.

Once the EBOOT.BIN's signature has been validated (in fact EBOOT.BIN's signature would not be needed if it wasn't because some discs may be from burnable iso distributed by SCE since the retail discs themselves are signed thanks to the BD ROM-Mark and so are the pkgs.), it checks for the media flags still in EBOOT.BIN, and except in very special cases or if sony screws up, an EBOOT.BIN will either have media flags set as secure media (game bd-rom) or pkg (which are also signed).

So the EBOOT.BIN signature may seem obsolete since usually wherever it is stored, the container is signed and cannot be altered but it provides an additional protection later that prevents you from toying with an existing EBOOT.BIN (or any other .self/.sprx file) and alter the media flags to run it off a dvd-r.

P.S. Again if I am mistaken with anything explained here, feel free to correct me.
Reply With Quote


source : The ps3 binary/disc authentification procedure explained. - LAN.ST

[jaasumbra]

This has already been explained on the forum by Mathieulh.

Here: http://www.ps3hax.net/hacks-exploits...explained.html

[rek1n]

Ah...Hm..I'm sorry

[SamS]

Thread Locked because:
Already posted, use link by jaaSUmbra.