Well its been done the ps3 master key has been decrypted via 3.41 firmware and no not by GRAF_CHOKOLO but by another member known as Estx. However he has not yet made his findings public as of today as he is still waiting for graf_chokolo to decrypt the master key but he has also informed that if graf has not yet decrypted the master key by tomorrow he will be making his findings public tomorrow. SO NOW ALL WE HAVE TO DO IS WAIT………
Originally Posted by Estx
December 4, 2010 at 1:34 pm
I’ve found the Masterkey from bruteforcing dumps from my system.
Took 27 minutes, over 8,100,000 possible keys. Lol – could’ve waited but ah well.
If anyone is interested in doing the same, you can find it on 3.41.
for(int i = 0; i < list.length; i++)
if(HMAC-SHA-1(key[i]).ComputeHash(encryptChallengeBody) == matchResponseBody)
Challenge and response I took from the dumps reported on PSX-Scene.
If graf doesn't find it by tomorrow – I'll release the key.
Only reason I'm holding it back – is because no one helped me when I asked for it. (;
It’s just psuedo code. Actual code has a few more lines than this.
Inclusive of byte conversion, list generating from binary dumps and other trivial functions.
I have no way to dump the data between my at90usb192 and PS3 so I can’t post any challenge/response logs.
And it’s not a magic key – it is the master key.
I have tried it so far from 3.41 and 3.50 on my slim and fat.
That’s the actual loop there: #1346409 – Pastie
Prior to this is generation of the list etcetera.Originally Posted by phiren
December 4, 2010 at 3:55 pm
I’m thinking more of the code which does an SHA1-HMAC between the master key and the dongle ID to generate the device key which is finally SHA1-HMACed with the challenge.
A single device key will work on all firmware versions, which makes it just as useful as the master key for our purposes.
It just means that Sony can revoke that single device and you can’t possibly generate another device key. But since Sony will probably revoke every single device and start again with a new master key with the next firmware version, having the master key isn’t that useful.Originally Posted by Estx
December 4, 2010 at 4:02 pm
@phiren: That’s what I was thinking as I was learning how to generate the correct response before constructing a quick loop. The expected response is 20 bytes of what you suggested above.
I’ve found no other use of the master key yet.. so you’re quite right.
Mind you, I’m not as talented as some of the other developers here, I’m still playing around with new things I’m finding in the firmware’s. And thank’s to graf’s work – there’s even more to play around with.