Talk:ReDRM / Piracy dongles: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
No edit summary |
||
Line 53: | Line 53: | ||
they could have added some extra keys in appldr and encrypted the damn eboots at least | they could have added some extra keys in appldr and encrypted the damn eboots at least | ||
I guess they didn't have enough time or enough spu skills | I guess they didn't have enough time or enough spu skills | ||
Regarding FSELF from "RikuKH3": | |||
Real FSELFs are never encrypted. You can extract it with official unfself tool from SDK. | |||
But, in this FSELF I looked into (driver sf) ELF inside IS encrypted. You can say this because it's masterdisc fself, but I really doubt it. | |||
It doesn't look like a proper fself to me at all, in header it says that sections unecrypted, but it's not true. | |||
Another thing - Masterdisc Generator tool from Sony gives errors with this EBOOT (if it's a masterdisc eboot as stated, why?). | |||
Seems the above from mathieulh may be incorrect and the eboots ARE encrypted. So much for lame security, maybe this wont be so trivial? |
Revision as of 09:15, 26 October 2011
It seems the ps3jb2 loads masterdiscs with fself, with the algo provided and the right key (which is not provided) you can decrypt said masterdiscs images right on pc and grab the fself files.
// do crypt unsigned char sector_key[16]; memset(sector_key, 0, 16); sector_key[12] = (sector_num & 0xFF000000)>>24; sector_key[13] = (sector_num & 0x00FF0000)>>16; sector_key[14] = (sector_num & 0x0000FF00)>> 8; sector_key[15] = (sector_num & 0x000000FF)>> 0; // encrypt sector aes_context aes_ctx; aes_setkey_enc(&aes_ctx, G_DEBUG_KEY, 128); aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, aligned_size, sector_key, buff, buff); // decrypt aes_context aes_ctx; aes_setkey_dec(&aes_ctx, G_DEBUG_KEY, 128); aes_crypt_cbc(&aes_ctx, AES_DECRYPT, aligned_size, sector_key, buff, buff);
that's the algo for masterdiscs
ps3gen dll has the static keys for masterdiscs
you can also get it from sv_iso
the crappy sdk tool that generates masterdisc images for dex
more talk:
folks I looked a little more and it seems the psjb2 just runs masterdiscs with fself kinda lame very lame npdrm encrypted but labeled as fself it's a fself but I dunno what it does I never looked at it I don't really care on doing more if you use the masterdisc algo I provided and the proper key which I am not supplying you can decrypt all the psjb2 disc images right on pc grab the fself and use them to run them on a regular 3.55 fw basically security == LAME still interesting to see how they patched the firmware to allow masterdiscs they also do some auth with the dongle which involves crypto to make sure the firmware does not load without it but if you don't need the firmware to load the games... they could have added some extra keys in appldr and encrypted the damn eboots at least I guess they didn't have enough time or enough spu skills
Regarding FSELF from "RikuKH3":
Real FSELFs are never encrypted. You can extract it with official unfself tool from SDK. But, in this FSELF I looked into (driver sf) ELF inside IS encrypted. You can say this because it's masterdisc fself, but I really doubt it. It doesn't look like a proper fself to me at all, in header it says that sections unecrypted, but it's not true. Another thing - Masterdisc Generator tool from Sony gives errors with this EBOOT (if it's a masterdisc eboot as stated, why?).
Seems the above from mathieulh may be incorrect and the eboots ARE encrypted. So much for lame security, maybe this wont be so trivial?