User talk:Zer0Tolerance: Difference between revisions

From PS3 Developer wiki
Jump to navigation Jump to search
m (→‎Syscon pinouts and schematics: cleaned up old notes)
mNo edit summary
Line 1: Line 1:
thanks :) [[User:Euss|Euss]]
thanks :) [[User:Euss|Euss]]
[[User:Zer0Tolerance]] under observation because of posting strong [http://www.psdevwiki.com/ps3/index.php?limit=500&tagfilter=&title=Special%3AContributions&contribs=user&target=Zer0Tolerance&namespace=0&topOnly=1&year=2015&month=12 SEX]ual content ;) - ([[User:Roxanne]] 17th December 2015 / 16:19 GMT+1)


===About eid2 des iv===
===About eid2 des iv===

Revision as of 17:19, 17 December 2015

thanks :) Euss

User:Zer0Tolerance under observation because of posting strong SEXual content ;) - (User:Roxanne 17th December 2015 / 16:19 GMT+1)

About eid2 des iv

just a quick heads up. both eid2 des ivs (the zeroed one and the other one) are valid to use. in a way, both glevand (zero iv) and naehrwert (fixed iv) are correct. make sure you consult with naehrwert for more info.

zecoxao

@zecoxao Just use openssl des-cbc -d -in pblock.desenc -out pblock.dec -nosalt -K 6CCAB35405FA562C -iv 989A955EFDE7A748 -p -nopad and openssl des-cbc -d -in pblock.desenc -out pblock.dec -nosalt -K 6CCAB35405FA562C -iv 0 -p -nopad Only the second one vector is valid. Thank You.

@Zer0Tolerance

it's very rare to see naehrwert wrong. maybe the algorithm is handled differently in libeeid(polarssl) than in openssl? i'll talk to him when i have a chance ;) either way, thanks :)

@zecoxao

Im sorry, but iv must be zero. :(

@ZeroTolerance

I'm almost sure i was able to decrypt default.spp

please check all 3.15 key combinations possible.

Thanks :)

@zecoxao

Im checked it and could not decrypt metainfo into default spp, please provide me the decrypted metainfo as proof.

@ZeroTolerance

Unfortunately i don't have it anymore. but i'll try to decrypt it anyways :)

@zecoxao

Please recheck (retry) it if possible. Im sure that we needed another key(set) to decrypt default.spp for ceb.

@ZeroTolerance

yes, you're correct. just tested other combinations and none of them work.

About EID0_0_UNK1

@ZeroTolerance

Pretty sure it's z1 and z2 (2 hashes). looks like it's a metadata of sorts :)

@Zecoxao

Maybe, maybe not. hash algorithm is unknown yet.

@ZeroTolerance

Have you tried checking if it's a pub from another curve?

@Zecoxao

Pub is a point with X and Y. One Pub for one Priv. These "hashes" are not constants. So this is not a Pub. It can be two hmac-sha1 or something. IDK what is this.

EEPROM Syscon Probing

  • some useful links:

http://dangerousprototypes.com/docs/Bus_Pirate_101_tutorial (bus pirate)
https://www.saleae.com/downloads (logic analyzer)

  • Analyzer settings:

http://pastie.org/private/khwaczthr5j2td9jmdfihq

  • Bus pirate settings:

http://pastie.org/private/mqycmj8ynxj5mdzttrgpca

  • More info:

http://pastie.org/private/f7siriweadsnrpq6dilq

  • Write Unlock command:

0xA3 0x00 0x00

  • Write command:

0xA4 0xXX 0xXX (XX XX is block id)

  • Read command:

0xA8 0xXX 0xXX (XX XX is block id)

  • Check Status command:

0xA9 0x00 0x00 0x00

  • Some proof

https://mega.co.nz/#!hssQHZhI!bNMS3MgWx21iUrfLGBSoB2bA3Mfe3DVL23y_SENzDUw
https://mega.co.nz/#!wl8wSCKK!ZZkgeKd8hdRCMRpA2oWrrV5lirjupF_4k9boJkBpBfM

you need https://www.saleae.com/downloads

dump of eeprom with above data

Retrieved from "http://www.psdevwiki.com/ps3/index.php?title=User_talk:Zer0Tolerance&oldid=40540"