Talk:ReDRM / Piracy dongles
Jump to navigation
Jump to search
I kinda figured how it works already
they patched lv1 and lv2
and they have lv2 to check if the self keyset is 0x10 or higher
if so it's sent to lv1 through a separate hypercall than hvsc99
which sends the self or part of it to the usb hw
which performs some crypto
and returns a decrypted result to lv1
at least that's what I got out of a few minutes of debugging
I am pretty sure the keys are on the dongle
the ones you play games with
// do crypt unsigned char sector_key[16]; memset(sector_key, 0, 16); sector_key[12] = (sector_num & 0xFF000000)>>24; sector_key[13] = (sector_num & 0x00FF0000)>>16; sector_key[14] = (sector_num & 0x0000FF00)>> 8; sector_key[15] = (sector_num & 0x000000FF)>> 0; // encrypt sector aes_context aes_ctx; aes_setkey_enc(&aes_ctx, G_DEBUG_KEY, 128); aes_crypt_cbc(&aes_ctx, AES_ENCRYPT, aligned_size, sector_key, buff, buff); // decrypt aes_context aes_ctx; aes_setkey_dec(&aes_ctx, G_DEBUG_KEY, 128); aes_crypt_cbc(&aes_ctx, AES_DECRYPT, aligned_size, sector_key, buff, buff);
that's the algo for masterdiscs
ps3gen dll has the static keys for masterdiscs
you can also get it from sv_iso
the crappy sdk tool that generates masterdisc images for dex