Editing HDD Encryption

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
[[Category:Software]]
=Introduction=
=Introduction=


* The following information was reverse engineered from LV1, Storage Manager in LPAR1 and sb_iso_spu_module.self.
* The following information was reverse engineered from LV1, Storage Manager in LPAR1 and sb_iso_spu_module.self.
* I'm able to decrypt/encrypt my PS3 HDD and VFLASH on PC now.
* I'm able to decrypt/encrypt my PS3 HDD and VFLASH on PC now.
* See also [[Mounting HDD on PC]]


=HDD Encryption=
=HDD Encryption=
==Slim Consoles==


* XTS-AES-128 is used to encrypt all data on PS3 HDD.
* XTS-AES-128 is used to encrypt all data on PS3 HDD.
* XTS is NOT CBC!!! It's AES-ECB with tweak XORing. AES-CBC is impractical for HDD encryption. Each sector can be encrypted/decrypted independently from other HDD sectors.
* XTS is NOT CBC!!! It's AES-ECB with tweak XORing. AES-CBC is impractical for HDD encryption. Each sector can be encrypted/decrypted independantly from other HDD sectors.
* Good paper about XTS-AES:  http://ntnu.diva-portal.org/smash/get/diva2:347753/FULLTEXT01
* Good paper about XTS-AES:  http://ntnu.diva-portal.org/smash/get/diva2:347753/FULLTEXT01
* VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys.
* VFLASH is encrypted twice. First with ENCDEC keys and then with ATA keys.
* Tweak and data XTS keys are of size 32 bytes but only the first 16 bytes are used.
* Tweak and data XTS keys are of size 32 bytes but only the first 16 bytes are used.
* '''You can set and clear ATA keys with my Linux ps3encdec device driver which I use to test HDD/VFLASH encryption. But be careful, never set/clear ATA keys while some HDD regions/partitions are mounted !!! You will corrupt your data on your HDD !!!'''
* '''You can set and clear ATA keys with my Linux ps3encdec device driver which i use to test HDD/VFLASH encryption. But be careful, never set/clear ATA keys while some HDD regions/partitions are mounted !!! You will corrupt your data on your HDD !!!'''
 
==Phat Consoles==
 
* On the PHAT consoles with NAND flash AES-CBC-192 is used for HDD encryption and AES-CBC-128 for VFLASH encryption.
* So no tweak and tweak key here. Each sector is encrypted with the same '''zeroed''' IV.
* VFLASH is encrypted '''once''' with ENCDEC key and zeroed IV!
* PHAT consoles are susceptible to the TLS CBC IV attack
* On the PHAT consoles with NOR flash AES-CBC-192 is used for HDD encryption(as on FAT consoles with NAND) and XTS-AES-128 for VFLASH encryption(as on slim consoles).
* Data key is of size 32 bytes but only the first 24 bytes are used for HDD and 16 bytes for VFLASH.
* See also http://www.multiupload.nl/6PIFV4GKSH (contains scripts of ENCDEC emulator for both types of consoles).


=Dumping ATA Keys=
=Dumping ATA Keys=
Line 31: Line 19:
* ATA keys are passed as parameters to sb_iso_spu_module.self.
* ATA keys are passed as parameters to sb_iso_spu_module.self.
* dump_ata_keys.tar.gz: http://www.multiupload.nl/GUNWPZ0A3P
* dump_ata_keys.tar.gz: http://www.multiupload.nl/GUNWPZ0A3P
* See also http://www.ps3devwiki.com/wiki/Making_Isolated_SPU_Modules_and_Loaders


==Program==
==Program==
Line 217: Line 204:


* Use the dumped ENCDEC IV and key to encrypt these seeds and you will get your ENCDEC keys for VFLASH.
* Use the dumped ENCDEC IV and key to encrypt these seeds and you will get your ENCDEC keys for VFLASH.
* You can find these seeds in [http://pastie.org/4558824 lv1ldr].
* You can find these seeds in lv1ldr.


Data key seed:
Data key seed:
Line 431: Line 418:
00000200
00000200
</pre>
</pre>
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude>
Please note that all contributions to PS3 Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PS3 Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)